lukas/shadowrun-server
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

added better database get api

Browse Source
This commit is contained in:
Lukas Forsberg
2025-10-19 15:14:06 +02:00
parent bdd7a8e2e2
commit ac6e47d906
4 changed files with 37 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/login/login.cpp
View File

@@ -41,21 +41,6 @@ std::string hashPassword(const std::string& password)
return hash;
}
std::string generate_session_id(size_t bytes = 32) {
std::vector<unsigned char> buf(bytes);
randombytes_buf(buf.data(), buf.size());
// Convert to hex
std::string hex;
hex.reserve(bytes * 2);
static const char *hexmap = "0123456789abcdef";
for (unsigned char b : buf) {
hex.push_back(hexmap[b >> 4]);
hex.push_back(hexmap[b & 0xF]);
}
return hex;
}
std::string get_session_id(const crow::request& req) {
auto cookie_header = req.get_header_value("Cookie");
std::string prefix = "session_id=";
@@ -103,15 +88,15 @@ auto login_required = [](auto handler){
bool loginUser(const std::string& username, const std::string& password)
{
auto sql = "SELECT id, password_hash FROM users WHERE username = '?' LIMIT 1;";
auto sql = "SELECT id password_hash FROM users WHERE username = '?' LIMIT 1;";
auto db = Database();
if (!db.open())
return false;
auto str = db.getStr(sql, {username});
if (!str.empty()) {
return verifyHashWithPassword(str, password);
auto opt_str = db.get<std::string>(sql, {username});
if (opt_str.has_value()) {
return verifyHashWithPassword(opt_str.value(), password);
} else {
return false;
}
@@ -170,21 +155,31 @@ bool initLogin(crow::SimpleApp& app)
CROW_ROUTE(app, "/login").methods("POST"_method)
([](const crow::request& req){
auto cookie_it = req.get_header_value("Cookie").find("session_id=");
if (cookie_it == std::string::npos)
return crow::response(401, "No session");
// extract session_id
std::string session_id = req.get_header_value("Cookie").substr(cookie_it + 11, 32);
auto it = sessions.find(session_id);
if (it == sessions.end()) return crow::response(401, "Invalid session");
auto session = it->second;
// parse form
auto body = crow::query_string(req.body);
std::string csrf_token = body.get("csrf_token");
std::string username = body.get("username");
std::string password = body.get("password");
if (csrf_token != csrf_token) return crow::response(403, "CSRF failed");
if (csrf_token != session.csrf_token) return crow::response(403, "CSRF failed");
bool ok = loginUser(username, password);
if (!ok) return crow::response(401, "Invalid credentials");
std::string session_id = generate_session_id();
// regenerate session, mark as logged in
sessions[session_id].user_id; // user ID
sessions[session_id].user_id = "123"; // user ID
crow::response res;
res.add_header("HX-Redirect", "/dashboard"); // htmx redirect