liquid_feedback_frontend: model/session.lua annotate

liquid_feedback_frontend

annotate model/session.lua @ 1404:f99e7df399e6

Text case change

author	bsw
date	Mon Aug 13 19:52:00 2018 +0200 (2018-08-13)
parents	32cc544d5a5b
children	3e9b0f1adec3

rev	line source
bsw/jbe@0	1 Session = mondelefant.new_class()
bsw/jbe@0	2 Session.table = 'session'
bsw/jbe@0	3 Session.primary_key = { 'ident' }
bsw/jbe@0	4
bsw/jbe@0	5 Session:add_reference{
bsw/jbe@0	6 mode = 'm1',
bsw/jbe@0	7 to = "Member",
bsw/jbe@0	8 this_key = 'member_id',
bsw/jbe@0	9 that_key = 'id',
bsw/jbe@0	10 ref = 'member',
bsw/jbe@0	11 }
bsw/jbe@0	12
bsw/jbe@1309	13 Session:add_reference{
bsw/jbe@1309	14 mode = 'm1',
bsw/jbe@1309	15 to = "Member",
bsw/jbe@1309	16 this_key = 'real_member_id',
bsw/jbe@1309	17 that_key = 'id',
bsw/jbe@1309	18 ref = 'real_member',
bsw/jbe@1309	19 }
bsw/jbe@1309	20
bsw/jbe@1309	21 local secret_length = 24
bsw/jbe@1309	22 local secret_alphabet = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
bsw/jbe@1309	23 local secret_purposes = { "oauth", "csrf", "_other" }
bsw/jbe@1309	24 for idx, purpose in ipairs(secret_purposes) do
bsw/jbe@1309	25 secret_purposes[purpose] = idx
bsw/jbe@1309	26 end
bsw/jbe@1309	27
bsw/jbe@1309	28 local function random_string(length_multiplier)
bsw/jbe@0	29 return multirand.string(
bsw/jbe@1309	30 secret_length * (length_multiplier or 1),
bsw/jbe@1309	31 secret_alphabet
bsw/jbe@0	32 )
bsw/jbe@0	33 end
bsw/jbe@0	34
bsw/jbe@0	35 function Session:new()
bsw/jbe@0	36 local session = self.prototype.new(self) -- super call
bsw/jbe@0	37 session.ident = random_string()
bsw/jbe@1309	38 session.additional_secret = random_string(#secret_purposes)
bsw/jbe@1309	39 session:save()
bsw/jbe@0	40 return session
bsw/jbe@0	41 end
bsw/jbe@0	42
bsw/jbe@1309	43 function Session.object:additional_secret_for(purpose)
bsw/jbe@1309	44 local use_hash = false
bsw/jbe@1309	45 local idx = secret_purposes[purpose]
bsw/jbe@1309	46 if not idx then
bsw/jbe@1309	47 idx = assert(secret_purposes._other, "No other secrets supported")
bsw/jbe@1309	48 use_hash = true
bsw/jbe@1309	49 end
bsw/jbe@1309	50 local from_pos = secret_length * (idx-1) + 1
bsw/jbe@1309	51 local to_pos = from_pos + secret_length - 1
bsw/jbe@1309	52 local secret = string.sub(self.additional_secret, from_pos, to_pos)
bsw/jbe@1309	53 if #secret ~= secret_length then
bsw/jbe@1309	54 self:destroy()
bsw/jbe@1309	55 error("Session state invalid")
bsw/jbe@1309	56 end
bsw/jbe@1309	57 if use_hash then
bsw/jbe@1309	58 local moonhash = require "moonhash" -- TODO: auto loader for libraries in WebMCP?
bsw/jbe@1309	59 secret = moonhash.shake256(secret .. "\0" .. purpose, secret_length, secret_alphabet)
bsw/jbe@1309	60 end
bsw/jbe@1309	61 return secret
bsw/jbe@1309	62 end
bsw/jbe@1309	63
bsw/jbe@0	64 function Session:by_ident(ident)
bsw/jbe@0	65 local selector = self:new_selector()
bsw/jbe@0	66 selector:add_where{ 'ident = ?', ident }
bsw@1074	67 selector:add_field{ 'authority_uid' }
bsw/jbe@0	68 selector:optional_object_mode()
bsw/jbe@0	69 return selector:exec()
bsw/jbe@0	70 end
bsw@813	71
bsw@813	72 function Session.object:has_access(level)
bsw@813	73 if level == "member" then
bsw@813	74 if app.session.member_id then
bsw@813	75 return true
bsw@813	76 else
bsw@813	77 return false
bsw@813	78 end
bsw@813	79
bsw@813	80 elseif level == "everything" then
bsw@813	81 if self:has_access("member") or config.public_access == "everything" then
bsw@813	82 return true
bsw@813	83 else
bsw@813	84 return false
bsw@813	85 end
bsw@813	86
bsw@813	87 elseif level == "all_pseudonymous" then
bsw@813	88 if self:has_access("everything") or config.public_access == "all_pseudonymous" then
bsw@813	89 return true
bsw@813	90 else
bsw@813	91 return false
bsw@813	92 end
bsw@813	93
bsw@813	94 elseif level == "authors_pseudonymous" then
bsw@813	95 if self:has_access("all_pseudonymous") or config.public_access == "authors_pseudonymous" then
bsw@813	96 return true
bsw@813	97 else
bsw@813	98 return false
bsw@813	99 end
bsw@813	100
bsw@813	101 elseif level == "anonymous" then
bsw@813	102 if self:has_access("authors_pseudonymous") or config.public_access == "anonymous" then
bsw@813	103 return true
bsw@813	104 else
bsw@813	105 return false
bsw@813	106 end
bsw@813	107
bsw@813	108 end
bsw@813	109
bsw@813	110 error("invalid access level")
bsw@813	111 end