liquid_feedback_frontend
view model/session.lua @ 1450:2fbf95bee380
Fixed missing closing end
| author | bsw |
|---|---|
| date | Thu Oct 18 17:17:32 2018 +0200 (2018-10-18) |
| parents | 32cc544d5a5b |
| children | 3e9b0f1adec3 |
line source
1 Session = mondelefant.new_class()
2 Session.table = 'session'
3 Session.primary_key = { 'ident' }
5 Session:add_reference{
6 mode = 'm1',
7 to = "Member",
8 this_key = 'member_id',
9 that_key = 'id',
10 ref = 'member',
11 }
13 Session:add_reference{
14 mode = 'm1',
15 to = "Member",
16 this_key = 'real_member_id',
17 that_key = 'id',
18 ref = 'real_member',
19 }
21 local secret_length = 24
22 local secret_alphabet = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
23 local secret_purposes = { "oauth", "csrf", "_other" }
24 for idx, purpose in ipairs(secret_purposes) do
25 secret_purposes[purpose] = idx
26 end
28 local function random_string(length_multiplier)
29 return multirand.string(
30 secret_length * (length_multiplier or 1),
31 secret_alphabet
32 )
33 end
35 function Session:new()
36 local session = self.prototype.new(self) -- super call
37 session.ident = random_string()
38 session.additional_secret = random_string(#secret_purposes)
39 session:save()
40 return session
41 end
43 function Session.object:additional_secret_for(purpose)
44 local use_hash = false
45 local idx = secret_purposes[purpose]
46 if not idx then
47 idx = assert(secret_purposes._other, "No other secrets supported")
48 use_hash = true
49 end
50 local from_pos = secret_length * (idx-1) + 1
51 local to_pos = from_pos + secret_length - 1
52 local secret = string.sub(self.additional_secret, from_pos, to_pos)
53 if #secret ~= secret_length then
54 self:destroy()
55 error("Session state invalid")
56 end
57 if use_hash then
58 local moonhash = require "moonhash" -- TODO: auto loader for libraries in WebMCP?
59 secret = moonhash.shake256(secret .. "\0" .. purpose, secret_length, secret_alphabet)
60 end
61 return secret
62 end
64 function Session:by_ident(ident)
65 local selector = self:new_selector()
66 selector:add_where{ 'ident = ?', ident }
67 selector:add_field{ 'authority_uid' }
68 selector:optional_object_mode()
69 return selector:exec()
70 end
72 function Session.object:has_access(level)
73 if level == "member" then
74 if app.session.member_id then
75 return true
76 else
77 return false
78 end
80 elseif level == "everything" then
81 if self:has_access("member") or config.public_access == "everything" then
82 return true
83 else
84 return false
85 end
87 elseif level == "all_pseudonymous" then
88 if self:has_access("everything") or config.public_access == "all_pseudonymous" then
89 return true
90 else
91 return false
92 end
94 elseif level == "authors_pseudonymous" then
95 if self:has_access("all_pseudonymous") or config.public_access == "authors_pseudonymous" then
96 return true
97 else
98 return false
99 end
101 elseif level == "anonymous" then
102 if self:has_access("authors_pseudonymous") or config.public_access == "anonymous" then
103 return true
104 else
105 return false
106 end
108 end
110 error("invalid access level")
111 end