82 lines
1.9 KiB
Lua
82 lines
1.9 KiB
Lua
local sql = require("lsqlite3")
|
|
|
|
local db = require("db")
|
|
local util = require("util")
|
|
local queries = require("queries")
|
|
|
|
local oldconfigure = configure
|
|
local stmnt_get_session, stmnt_insert_session, stmnt_delete_session
|
|
function configure(...)
|
|
stmnt_get_session = assert(db.conn:prepare(queries.select_valid_sessions))
|
|
stmnt_insert_session = assert(db.conn:prepare(queries.insert_session))
|
|
stmnt_delete_session = assert(db.conn:prepare(queries.delete_session))
|
|
return oldconfigure(...)
|
|
end
|
|
|
|
local session = {}
|
|
|
|
--[[
|
|
Retreive the name and authorid of the logged in person,
|
|
or nil+error message if not logged in
|
|
]]
|
|
function session.get(req)
|
|
http_populate_cookies(req)
|
|
local sessionid = http_request_cookie(req,"session")
|
|
if sessionid == nil then
|
|
return nil, "No session cookie passed by client"
|
|
end
|
|
stmnt_get_session:bind_names{
|
|
key = sessionid
|
|
}
|
|
local err = db.do_sql(stmnt_get_session)
|
|
if err ~= sql.ROW then
|
|
stmnt_get_session:reset()
|
|
return nil, "No such session by logged in users"
|
|
end
|
|
local data = stmnt_get_session:get_values()
|
|
stmnt_get_session:reset()
|
|
local author = data[1]
|
|
local authorid = data[2]
|
|
return author,authorid
|
|
end
|
|
|
|
--[[
|
|
Start a session for someone who logged in
|
|
]]
|
|
function session.start(who)
|
|
local rngf = assert(io.open("/dev/urandom","rb"))
|
|
local session_t = {}
|
|
for i = 1,64 do
|
|
local r = string.byte(rngf:read(1))
|
|
local s = string.char((r % 26) + 65)
|
|
table.insert(session_t,s)
|
|
end
|
|
local session = table.concat(session_t)
|
|
rngf:close()
|
|
stmnt_insert_session:bind_names{
|
|
sessionid = session,
|
|
authorid = who
|
|
}
|
|
local err = db.do_sql(stmnt_insert_session)
|
|
stmnt_insert_session:reset()
|
|
assert(err == sql.DONE)
|
|
return session
|
|
end
|
|
|
|
--[[
|
|
End a session, log someone out
|
|
]]
|
|
function session.finish(who,sessionid)
|
|
stmnt_delete_session:bind_names{
|
|
authorid = who,
|
|
sessionid = sessionid
|
|
}
|
|
local err = db.do_sql(stmnt_delete_session)
|
|
stmnt_delete_session:reset()
|
|
assert(err == sql.DONE)
|
|
return true
|
|
|
|
end
|
|
|
|
return session
|