diff --git a/app.rb b/app.rb
index 8c1902b..0343cf6 100644
--- a/app.rb
+++ b/app.rb
@@ -4,6 +4,10 @@
require 'sinatra-websocket'
require 'active_support'
require 'active_support/core_ext'
+require 'sqlite3'
+require 'active_record'
+require 'json'
+require 'openssl'
require 'logger'
enable :sessions
@@ -17,6 +21,18 @@
logger = Logger.new(STDOUT)
+ActiveRecord::Base.establish_connection(
+ adapter: 'sqlite3',
+ database: './db/accounts.db'
+)
+
+after do
+ ActiveRecord::Base.connection.close
+end
+
+class User < ActiveRecord::Base
+end
+
get '/' do
if session[:team].blank? #チームがsetされていないときに選択画面に遷移する
erb :select
@@ -98,15 +114,54 @@
end
get '/controller' do #出題者が操作するページ
- session[:admin]=8804912
- pushed=Array.new
- settings.flags.sort_by{|key,value| value}.each do |key, value|
- if value==0
- next
+ if session[:admin].blank?
+ erb :login
+ elsif session[:admin]==8804912
+ pushed=Array.new
+ settings.flags.sort_by{|key,value| value}.each do |key, value|
+ if value==0
+ next
+ else
+ pushed.push("
チーム#{key}")
+ end
+ end
+ @pushed=pushed.join("\n")
+ erb :controller
+ end
+end
+
+post '/check' do
+ if params[:user_id]
+ user_id = params[:user_id]
+ session[:user_id] = user_id
+ user=User.find_by(user_id: user_id)
+ salt = [OpenSSL::Random.random_bytes(32)].pack("m").chomp!
+ session[:salt]=salt
+ logger.debug(salt)
+ if user.blank?
+ {nounce: user.salt, salt: salt}.to_json
else
- pushed.push("チーム#{key}")
+ salt_dummy = [OpenSSL::Random.random_bytes(32)].pack("m").chomp!
+ {nounce: salt_dummy, salt: salt}.to_json
+ end
+ elsif params[:password]
+ password = params[:password]
+ user=User.find_by(user_id: session[:user_id])
+ if user.blank?
+ return
+ end
+ payload = user.password_digest
+ hmac = OpenSSL::HMAC.hexdigest('sha256', session[:salt], payload)
+ logger.debug(hmac)
+ payload2 = hmac
+ logger.debug(params[:salt])
+ hmac2 = OpenSSL::HMAC.hexdigest('sha256', params[:salt], payload2)
+ logger.debug(hmac2)
+ if password == hmac2
+ session[:admin]=8804912
+ return
+ else
+ return
end
end
- @pushed=pushed.join("\n")
- erb :controller
end