67 lines
1.9 KiB
Lua
67 lines
1.9 KiB
Lua
|
local sql = require("lsqlite3")
|
||
|
|
||
|
local pages = require("pages")
|
||
|
local db = require("db")
|
||
|
local queries = require("queries")
|
||
|
|
||
|
local stmnt_author_create
|
||
|
|
||
|
local oldconfigure = configure
|
||
|
function configure(...)
|
||
|
|
||
|
stmnt_author_create = assert(db.conn:prepare(queries.insert_author))
|
||
|
return oldconfigure(...)
|
||
|
end
|
||
|
|
||
|
local function claim_post(req)
|
||
|
--Actually claim a name
|
||
|
http_request_populate_post(req)
|
||
|
local name = assert(http_argument_get_string(req,"user"))
|
||
|
local text
|
||
|
--What in the world, Kore should be rejecting names that
|
||
|
--are not lower case & no symbols, but some still get through somehow.
|
||
|
if not name:match("^[a-z0-9]*$") then
|
||
|
print("Bad username:",name)
|
||
|
text = pages.claim{
|
||
|
err = "Usernames must match ^[a-z0-9]{1,30}$"
|
||
|
}
|
||
|
http_response(req,200,text)
|
||
|
return
|
||
|
end
|
||
|
local rngf = assert(io.open("/dev/urandom","rb"))
|
||
|
local passlength = string.byte(rngf:read(1)) + 64
|
||
|
local salt = rngf:read(64)
|
||
|
local password = rngf:read(passlength)
|
||
|
rngf:close()
|
||
|
local hash = sha3(salt .. password)
|
||
|
stmnt_author_create:bind_names{
|
||
|
name = name,
|
||
|
}
|
||
|
stmnt_author_create:bind_blob(2,salt)
|
||
|
stmnt_author_create:bind_blob(3,hash)
|
||
|
local err = do_sql(stmnt_author_create)
|
||
|
if err == sql.DONE then
|
||
|
--We sucessfully made athe new author
|
||
|
local id = stmnt_author_create:last_insert_rowid()
|
||
|
stmnt_author_create:reset()
|
||
|
--Give them a file back
|
||
|
http_response_header(req,"Content-Type","application/octet-stream")
|
||
|
http_response_header(req,"Content-Disposition","attachment; filename=\"" .. name .. "." .. domain .. ".passfile\"")
|
||
|
local session = start_session(id)
|
||
|
text = password
|
||
|
elseif err == sql.CONSTRAINT then
|
||
|
--If the creation failed, they probably just tried
|
||
|
--to use a name that was already taken
|
||
|
text = pages.claim {
|
||
|
err = "Failed to claim. That name may already be taken."
|
||
|
}
|
||
|
elseif err == sql.ERROR or err == sql.MISUSE then
|
||
|
--This is bad though
|
||
|
text = pages.claim {
|
||
|
err = "Failed to claim"
|
||
|
}
|
||
|
end
|
||
|
stmnt_author_create:reset()
|
||
|
end
|
||
|
return claim_post
|