frontend: fix login, remove frontend_session in favor of twisted sessions

2023-03-03 21:31:23 -05:00
parent dc5e5c1440
commit 279f48dc0c
7 changed files with 88 additions and 71 deletions
--- a/core/data/schema/user.py
+++ b/core/data/schema/user.py
@ -9,6 +9,7 @@ from sqlalchemy.sql import func, select, Delete
 from uuid import uuid4
 from datetime import datetime, timedelta
 from sqlalchemy.engine import Row
+import bcrypt

 from core.data.schema.base import BaseData, metadata

@ -26,17 +27,6 @@ aime_user = Table(
    mysql_charset='utf8mb4'
 )

-frontend_session = Table(
-    "frontend_session",
-    metadata,
-    Column("id", Integer, primary_key=True, unique=True),
-    Column("user", ForeignKey("aime_user.id", ondelete="cascade", onupdate="cascade"), nullable=False),
-    Column("ip", String(15)),
-    Column('session_cookie', String(32), nullable=False, unique=True),
-    Column("expires", TIMESTAMP, nullable=False),
-    mysql_charset='utf8mb4'
-)
-
 class PermissionBits(Enum):
    PermUser = 1
    PermMod = 2
@ -74,50 +64,20 @@ class UserData(BaseData):
        if result is None: return None
        return result.lastrowid
    
-    def login(self, user_id: int, passwd: bytes = None, ip: str = "0.0.0.0") -> Optional[str]:
-        sql = select(aime_user).where(and_(aime_user.c.id == user_id, aime_user.c.password == passwd))
-
-        result = self.execute(sql)
-        if result is None: return None
-        
-        usr = result.fetchone()
-        if usr is None: return None
-
-        return self.create_session(user_id, ip)
-    
-    def check_session(self, cookie: str, ip: str = "0.0.0.0") -> Optional[Row]:
-        sql = select(frontend_session).where(
-            and_(
-                frontend_session.c.session_cookie == cookie,
-                frontend_session.c.ip == ip
-            )
-        )
-
-        result = self.execute(sql)
-        if result is None: return None        
-        return result.fetchone()
-    
-    def delete_session(self, session_id: int) -> bool:
-        sql = Delete(frontend_session).where(frontend_session.c.id == session_id)
-
+    def get_user(self, user_id: int) -> Optional[Row]:
+        sql = select(aime_user).where(aime_user.c.id == user_id)
        result = self.execute(sql)
        if result is None: return False
-        return True
+        return result.fetchone()
+    
+    def check_password(self, user_id: int, passwd: bytes = None) -> bool:
+        usr = self.get_user(user_id)
+        if usr is None: return False

-    def create_session(self, user_id: int, ip: str = "0.0.0.0", expires: datetime = datetime.now() + timedelta(days=1)) -> Optional[str]:
-        cookie = uuid4().hex
+        if usr['password'] is None:
+            return False

-        sql = insert(frontend_session).values(
-            user = user_id,
-            ip = ip,
-            session_cookie = cookie,
-            expires = expires
-        )
-
-        result = self.execute(sql)
-        if result is None:
-            return None
-        return cookie
+        return bcrypt.checkpw(passwd, usr['password'].encode())

    def reset_autoincrement(self, ai_value: int) -> None:
        # ALTER TABLE isn't in sqlalchemy so we do this the ugly way