|
|
|
@ -1323,7 +1323,10 @@ post "/signout" do |env|
|
|
|
|
|
sid = env.get? "sid"
|
|
|
|
|
referer = get_referer(env)
|
|
|
|
|
|
|
|
|
|
if user
|
|
|
|
|
if !user
|
|
|
|
|
next env.redirect referer
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
user = user.as(User)
|
|
|
|
|
sid = sid.as(String)
|
|
|
|
|
token = env.params.body["csrf_token"]?
|
|
|
|
@ -1342,7 +1345,6 @@ post "/signout" do |env|
|
|
|
|
|
cookie.expires = Time.utc(1990, 1, 1)
|
|
|
|
|
env.response.cookies << cookie
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
env.redirect referer
|
|
|
|
|
end
|
|
|
|
@ -1889,13 +1891,13 @@ get "/data_control" do |env|
|
|
|
|
|
user = env.get? "user"
|
|
|
|
|
referer = get_referer(env)
|
|
|
|
|
|
|
|
|
|
if user
|
|
|
|
|
if !user
|
|
|
|
|
next env.redirect referer
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
user = user.as(User)
|
|
|
|
|
|
|
|
|
|
templated "data_control"
|
|
|
|
|
else
|
|
|
|
|
env.redirect referer
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
post "/data_control" do |env|
|
|
|
|
@ -2048,15 +2050,15 @@ get "/change_password" do |env|
|
|
|
|
|
sid = env.get? "sid"
|
|
|
|
|
referer = get_referer(env)
|
|
|
|
|
|
|
|
|
|
if user
|
|
|
|
|
if !user
|
|
|
|
|
next env.redirect referer
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
user = user.as(User)
|
|
|
|
|
sid = sid.as(String)
|
|
|
|
|
csrf_token = generate_response(sid, {":change_password"}, HMAC_KEY, PG_DB)
|
|
|
|
|
|
|
|
|
|
templated "change_password"
|
|
|
|
|
else
|
|
|
|
|
env.redirect referer
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
post "/change_password" do |env|
|
|
|
|
@ -2066,7 +2068,10 @@ post "/change_password" do |env|
|
|
|
|
|
sid = env.get? "sid"
|
|
|
|
|
referer = get_referer(env)
|
|
|
|
|
|
|
|
|
|
if user
|
|
|
|
|
if !user
|
|
|
|
|
next env.redirect referer
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
user = user.as(User)
|
|
|
|
|
sid = sid.as(String)
|
|
|
|
|
token = env.params.body["csrf_token"]?
|
|
|
|
@ -2122,7 +2127,6 @@ post "/change_password" do |env|
|
|
|
|
|
|
|
|
|
|
new_password = Crypto::Bcrypt::Password.create(new_password, cost: 10)
|
|
|
|
|
PG_DB.exec("UPDATE users SET password = $1 WHERE email = $2", new_password.to_s, user.email)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
env.redirect referer
|
|
|
|
|
end
|
|
|
|
@ -2134,15 +2138,15 @@ get "/delete_account" do |env|
|
|
|
|
|
sid = env.get? "sid"
|
|
|
|
|
referer = get_referer(env)
|
|
|
|
|
|
|
|
|
|
if user
|
|
|
|
|
if !user
|
|
|
|
|
next env.redirect referer
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
user = user.as(User)
|
|
|
|
|
sid = sid.as(String)
|
|
|
|
|
csrf_token = generate_response(sid, {":delete_account"}, HMAC_KEY, PG_DB)
|
|
|
|
|
|
|
|
|
|
templated "delete_account"
|
|
|
|
|
else
|
|
|
|
|
env.redirect referer
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
post "/delete_account" do |env|
|
|
|
|
@ -2152,7 +2156,10 @@ post "/delete_account" do |env|
|
|
|
|
|
sid = env.get? "sid"
|
|
|
|
|
referer = get_referer(env)
|
|
|
|
|
|
|
|
|
|
if user
|
|
|
|
|
if !user
|
|
|
|
|
next env.redirect referer
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
user = user.as(User)
|
|
|
|
|
sid = sid.as(String)
|
|
|
|
|
token = env.params.body["csrf_token"]?
|
|
|
|
@ -2174,7 +2181,6 @@ post "/delete_account" do |env|
|
|
|
|
|
cookie.expires = Time.utc(1990, 1, 1)
|
|
|
|
|
env.response.cookies << cookie
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
env.redirect referer
|
|
|
|
|
end
|
|
|
|
@ -2186,15 +2192,15 @@ get "/clear_watch_history" do |env|
|
|
|
|
|
sid = env.get? "sid"
|
|
|
|
|
referer = get_referer(env)
|
|
|
|
|
|
|
|
|
|
if user
|
|
|
|
|
if !user
|
|
|
|
|
next env.redirect referer
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
user = user.as(User)
|
|
|
|
|
sid = sid.as(String)
|
|
|
|
|
csrf_token = generate_response(sid, {":clear_watch_history"}, HMAC_KEY, PG_DB)
|
|
|
|
|
|
|
|
|
|
templated "clear_watch_history"
|
|
|
|
|
else
|
|
|
|
|
env.redirect referer
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
post "/clear_watch_history" do |env|
|
|
|
|
@ -2204,7 +2210,10 @@ post "/clear_watch_history" do |env|
|
|
|
|
|
sid = env.get? "sid"
|
|
|
|
|
referer = get_referer(env)
|
|
|
|
|
|
|
|
|
|
if user
|
|
|
|
|
if !user
|
|
|
|
|
next env.redirect referer
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
user = user.as(User)
|
|
|
|
|
sid = sid.as(String)
|
|
|
|
|
token = env.params.body["csrf_token"]?
|
|
|
|
@ -2218,8 +2227,6 @@ post "/clear_watch_history" do |env|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
PG_DB.exec("UPDATE users SET watched = '{}' WHERE email = $1", user.email)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
env.redirect referer
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
@ -2230,7 +2237,10 @@ get "/authorize_token" do |env|
|
|
|
|
|
sid = env.get? "sid"
|
|
|
|
|
referer = get_referer(env)
|
|
|
|
|
|
|
|
|
|
if user
|
|
|
|
|
if !user
|
|
|
|
|
next env.redirect referer
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
user = user.as(User)
|
|
|
|
|
sid = sid.as(String)
|
|
|
|
|
csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY, PG_DB)
|
|
|
|
@ -2246,9 +2256,6 @@ get "/authorize_token" do |env|
|
|
|
|
|
expire = env.params.query["expire"]?.try &.to_i?
|
|
|
|
|
|
|
|
|
|
templated "authorize_token"
|
|
|
|
|
else
|
|
|
|
|
env.redirect referer
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
post "/authorize_token" do |env|
|
|
|
|
@ -2258,7 +2265,10 @@ post "/authorize_token" do |env|
|
|
|
|
|
sid = env.get? "sid"
|
|
|
|
|
referer = get_referer(env)
|
|
|
|
|
|
|
|
|
|
if user
|
|
|
|
|
if !user
|
|
|
|
|
next env.redirect referer
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
user = env.get("user").as(User)
|
|
|
|
|
sid = sid.as(String)
|
|
|
|
|
token = env.params.body["csrf_token"]?
|
|
|
|
@ -2296,7 +2306,6 @@ post "/authorize_token" do |env|
|
|
|
|
|
env.set "access_token", access_token
|
|
|
|
|
templated "authorize_token"
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
get "/token_manager" do |env|
|
|
|
|
|