aboutsummaryrefslogtreecommitdiffstats
path: root/app/misc
diff options
context:
space:
mode:
authorsadbeast <sadbeast@sadbeast.com>2024-01-31 17:47:56 -0800
committersadbeast <sadbeast@sadbeast.com>2024-01-31 17:47:56 -0800
commit332ec93366315fa1ed7b4acd7a3407c96e8ddfa7 (patch)
tree6ae553317f12a7a6a29c849c8805ffab96436dc2 /app/misc
downloadtd-332ec93366315fa1ed7b4acd7a3407c96e8ddfa7.tar.gz
td-332ec93366315fa1ed7b4acd7a3407c96e8ddfa7.tar.bz2
initial mistakeHEADmain
Diffstat (limited to 'app/misc')
-rw-r--r--app/misc/rodauth_app.rb25
-rw-r--r--app/misc/rodauth_main.rb182
2 files changed, 207 insertions, 0 deletions
diff --git a/app/misc/rodauth_app.rb b/app/misc/rodauth_app.rb
new file mode 100644
index 0000000..6372422
--- /dev/null
+++ b/app/misc/rodauth_app.rb
@@ -0,0 +1,25 @@
+class RodauthApp < Rodauth::Rails::App
+ # primary configuration
+ configure RodauthMain
+
+ # secondary configuration
+ # configure RodauthAdmin, :admin
+
+ route do |r|
+ rodauth.load_memory # autologin remembered users
+
+ r.rodauth # route rodauth requests
+
+ # ==> Authenticating requests
+ # Call `rodauth.require_account` for requests that you want to
+ # require authentication for. For example:
+ #
+ # # authenticate /dashboard/* and /account/* requests
+ # if r.path.start_with?("/dashboard") || r.path.start_with?("/account")
+ # rodauth.require_account
+ # end
+
+ # ==> Secondary configurations
+ # r.rodauth(:admin) # route admin rodauth requests
+ end
+end
diff --git a/app/misc/rodauth_main.rb b/app/misc/rodauth_main.rb
new file mode 100644
index 0000000..fb19c9a
--- /dev/null
+++ b/app/misc/rodauth_main.rb
@@ -0,0 +1,182 @@
+require "sequel/core"
+
+class RodauthMain < Rodauth::Rails::Auth
+ configure do
+ # List of authentication features that are loaded.
+ enable :create_account, :verify_account, :verify_account_grace_period,
+ :login, :logout, :remember,
+ :reset_password, :change_password, :change_password_notify,
+ :change_login, :verify_login_change, :close_account, :argon2
+
+ # See the Rodauth documentation for the list of available config options:
+ # http://rodauth.jeremyevans.net/documentation.html
+
+ # ==> General
+ # Initialize Sequel and have it reuse Active Record's database connection.
+ db Sequel.postgres(extensions: :activerecord_connection, keep_reference: false)
+
+ # Avoid DB query that checks accounts table schema at boot time.
+ convert_token_id_to_integer? true
+
+ # Change prefix of table and foreign key column names from default "account"
+ # accounts_table :users
+ # verify_account_table :user_verification_keys
+ # verify_login_change_table :user_login_change_keys
+ # reset_password_table :user_password_reset_keys
+ # remember_table :user_remember_keys
+
+ # The secret key used for hashing public-facing tokens for various features.
+ # Defaults to Rails `secret_key_base`, but you can use your own secret key.
+ # hmac_secret "43a2cc4e1fbca7754f14061ff7bbcdb56db757e84a89af87e9fe388f0d39aa6faf4ff347f07c50b95e4cff27a4fe15111960aeaf859ba559e4cb6bba94e38ad9"
+
+ # Use a rotatable password pepper when hashing passwords with Argon2.
+ # argon2_secret { hmac_secret }
+
+ # Since we're using argon2, prevent loading the bcrypt gem to save memory.
+ require_bcrypt? false
+
+ # Use path prefix for all routes.
+ # prefix "/auth"
+
+ # Specify the controller used for view rendering, CSRF, and callbacks.
+ rails_controller { RodauthController }
+
+ # Make built-in page titles accessible in your views via an instance variable.
+ title_instance_variable :@page_title
+
+ # Store account status in an integer column without foreign key constraint.
+ account_status_column :status
+
+ # Store password hash in a column instead of a separate table.
+ account_password_hash_column :password_hash
+
+ # Set password when creating account instead of when verifying.
+ verify_account_set_password? false
+
+ # Change some default param keys.
+ login_param "email"
+ login_confirm_param "email-confirm"
+ # password_confirm_param "confirm_password"
+
+ # Redirect back to originally requested location after authentication.
+ # login_return_to_requested_location? true
+ # two_factor_auth_return_to_requested_location? true # if using MFA
+
+ # Autologin the user after they have reset their password.
+ # reset_password_autologin? true
+
+ # Delete the account record when the user has closed their account.
+ # delete_account_on_close? true
+
+ # Redirect to the app from login and registration pages if already logged in.
+ # already_logged_in { redirect login_redirect }
+
+ # ==> Emails
+ # Use a custom mailer for delivering authentication emails.
+ create_reset_password_email do
+ RodauthMailer.reset_password(self.class.configuration_name, account_id, reset_password_key_value)
+ end
+ create_verify_account_email do
+ RodauthMailer.verify_account(self.class.configuration_name, account_id, verify_account_key_value)
+ end
+ create_verify_login_change_email do |_login|
+ RodauthMailer.verify_login_change(self.class.configuration_name, account_id, verify_login_change_key_value)
+ end
+ create_password_changed_email do
+ RodauthMailer.password_changed(self.class.configuration_name, account_id)
+ end
+ # create_reset_password_notify_email do
+ # RodauthMailer.reset_password_notify(self.class.configuration_name, account_id)
+ # end
+ # create_email_auth_email do
+ # RodauthMailer.email_auth(self.class.configuration_name, account_id, email_auth_key_value)
+ # end
+ # create_unlock_account_email do
+ # RodauthMailer.unlock_account(self.class.configuration_name, account_id, unlock_account_key_value)
+ # end
+ send_email do |email|
+ # queue email delivery on the mailer after the transaction commits
+ db.after_commit { email.deliver_later }
+ end
+
+ # ==> Flash
+ # Match flash keys with ones already used in the Rails app.
+ # flash_notice_key :success # default is :notice
+ # flash_error_key :error # default is :alert
+
+ # Override default flash messages.
+ # create_account_notice_flash "Your account has been created. Please verify your account by visiting the confirmation link sent to your email address."
+ # require_login_error_flash "Login is required for accessing this page"
+ # login_notice_flash nil
+
+ # ==> Validation
+ # Override default validation error messages.
+ # no_matching_login_message "user with this email address doesn't exist"
+ # already_an_account_with_this_login_message "user with this email address already exists"
+ # password_too_short_message { "needs to have at least #{password_minimum_length} characters" }
+ # login_does_not_meet_requirements_message { "invalid email#{", #{login_requirement_message}" if login_requirement_message}" }
+
+ # Passwords shorter than 8 characters are considered weak according to OWASP.
+ password_minimum_length 8
+ # Having a maximum password length set prevents long password DoS attacks.
+ password_maximum_length 64
+
+ # Custom password complexity requirements (alternative to password_complexity feature).
+ # password_meets_requirements? do |password|
+ # super(password) && password_complex_enough?(password)
+ # end
+ # auth_class_eval do
+ # def password_complex_enough?(password)
+ # return true if password.match?(/\d/) && password.match?(/[^a-zA-Z\d]/)
+ # set_password_requirement_error_message(:password_simple, "requires one number and one special character")
+ # false
+ # end
+ # end
+
+ # ==> Remember Feature
+ # Remember all logged in users.
+ after_login { remember_login }
+
+ # Or only remember users that have ticked a "Remember Me" checkbox on login.
+ # after_login { remember_login if param_or_nil("remember") }
+
+ # Extend user's remember period when remembered via a cookie
+ extend_remember_deadline? true
+
+ # ==> Hooks
+ # Validate custom fields in the create account form.
+ # before_create_account do
+ # throw_error_status(422, "name", "must be present") if param("name").empty?
+ # end
+
+ # Perform additional actions after the account is created.
+ # after_create_account do
+ # Profile.create!(account_id: account_id, name: param("name"))
+ # end
+
+ # Do additional cleanup after the account is closed.
+ # after_close_account do
+ # Profile.find_by!(account_id: account_id).destroy
+ # end
+
+ # ==> Redirects
+ # Redirect to home page after logout.
+ logout_redirect "/"
+
+ # Redirect to wherever login redirects to after account verification.
+ verify_account_redirect { login_redirect }
+
+ # Redirect to login page after password reset.
+ reset_password_redirect { login_path }
+
+ # Ensure requiring login follows login route changes.
+ require_login_redirect { login_path }
+
+ # ==> Deadlines
+ # Change default deadlines for some actions.
+ # verify_account_grace_period 3.days.to_i
+ # reset_password_deadline_interval Hash[hours: 6]
+ # verify_login_change_deadline_interval Hash[days: 2]
+ # remember_deadline_interval Hash[days: 30]
+ end
+end