forked from makersacademy/chitter-challenge
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapp.rb
155 lines (134 loc) · 4.49 KB
/
app.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
require_relative 'lib/database_connection'
require 'sinatra/base'
require 'sinatra/reloader'
require_relative 'lib/user_repository'
require_relative 'lib/peep_repository'
require 'bcrypt'
DatabaseConnection.connect
class Application < Sinatra::Base
enable :sessions # allows users sessions
# This allows the app code to refresh
# without having to restart the server.
configure :development do
register Sinatra::Reloader
also_reload 'lib/user_repository'
also_reload 'lib/peep_repository'
end
get '/' do
repo = PeepRepository.new
peeps = repo.all_with_names
@peep_info = peeps.map{ |peep| [peep.username, peep.time, peep.body, peep.tags, peep.name]}.reverse
return erb(:index)
end
get '/peeps' do
@user_id = session[:user_id]
return erb(:add_peep)
end
post '/peeps' do
@body, @tags, @user_id = params[:body], params[:tags],params[:user_id]
script_check([@body, @tags, @user_id], '/peeps')
validate_string(@body, "peep", '/peeps')
repo = PeepRepository.new
new_peep = Peep.new
new_peep.body = @body
new_peep.time = Time.now#.strftime("%Y-%m-%d %T")
new_peep.tags = @tags
new_peep.user_id = @user_id
repo.create(new_peep)
return redirect('/')
end
get '/register' do
return erb(:register)
end
post '/register' do
@name, @username, @email, @password = params[:name], params[:username], params[:email], params[:password]
script_check([@name, @username, @email, @password], '/register')
validate_string(@name, "name", '/register')
validate_string(@username, "username", '/register')
validate_email(@email)
username_email_unique(@username, @email)
validate_password(@password)
user_repo = UserRepository.new
new_user = User.new
new_user.name = @name
new_user.username = @username
new_user.email = @email
new_user.password = @password
user_repo.create(new_user)
user = user_repo.find_by_email(@email)
login_user(user)
return redirect('/')
end
get '/login' do
return erb(:login)
end
post '/login' do
@email = params[:email]
@password = params[:password]
script_check([@email, @password], '/login')
email_exists(@email)
user = UserRepository.new.find_by_email(@email)
email_password_match(user, @password)
return redirect('/')
end
get '/logout' do
session.clear
return redirect('/')
end
helpers do
def validate_string(name, field, redirect_path)
unless name.match?(/[a-zA-Z]/)
session[:error] = "Invalid #{field}: must contain one or more letters.\n"
return redirect(redirect_path)
end
end
def validate_email(email)
unless email =~ URI::MailTo::EMAIL_REGEXP
session[:error] = "Invalid email: please enter a valid email to register.\n"
return redirect('register')
end
end
def validate_password(password)
unless password.match(/^(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9]).{8,}$/)
session[:error] = "Invalid password: minimum eight characters and contain at least one lowercase letter, uppercase letter and digit.\n"
return redirect('register')
end
end
def username_email_unique(username, email)
if UserRepository.new.all_usernames.include?(username)
session[:error] = "That username is already taken.\n"
return redirect('register')
end
if UserRepository.new.all_emails.include?(email)
session[:error] = "That email is already registered to a user.\n"
return redirect('register')
end
end
def email_exists(email)
emails = UserRepository.new.all_emails
unless emails.include?(email)
session[:error] = "Email and password do not match any registered user.\n"
return redirect('login')
end
end
def email_password_match(user, entered_password)
stored_password = BCrypt::Password.new(user.password)
unless stored_password == entered_password # i.e. UNLESS <stored-password-hash> == <entered-password>
session[:user_id] = nil
session[:error] = "Email and password do not match any registered user.\n"
return redirect('/login')
end
login_user(user)
end
def login_user(user)
session[:username] = user.username
session[:user_id] = user.id
end
def script_check(inputs_array, redirect_path)
if inputs_array.join.match?(/[<>\/]/)
session[:error] = "'<', '>' and '/' are not permitted characters.\n"
return redirect(redirect_path)
end
end
end
end