added session handling for the admin panel

2011-06-28 10:29:44 +02:00 · 2011-06-28 10:29:44 +02:00 · 07ece721f3
parent 3b4f5447e1
commit 07ece721f3
3 changed files with 55 additions and 3 deletions
--- a/admin.rb
+++ b/admin.rb
@ -4,22 +4,61 @@ class Admin < Sinatra::Base
  use Rack::Flash, :accessorize => [:error, :warning, :notice]
  set :haml, :layout => :admin_layout

+  before %r{^(?!\/(login)?$)} do
+    if session_valid?
+      session[:last_updated] = Time.now
+      flash.notice = 'session is valid!'
+    else
+      flash.notice = 'something is wrong'
+      redirect '/admin'
+    end
+  end
+
  get '/' do
-    haml :admin_index
+    haml :admin_index_no_login
  end

  post '/login' do
    account = Account.authenticate(params['username'], params['password'])
    if account.nil?
      flash.warning = 'wrong username or password'
+      flash[:username] = params['username']
      redirect '/admin'
    else
      flash.notice = 'Login successful'
-      redirect '/admin'
+      session[:id] = account.id
+      session[:last_updated] = Time.now
+      redirect '/admin/index'
    end
  end

+  get '/index' do
+    haml :admin_index
+  end
+
+  get '/logout' do
+    session = nil
+    flash.notice = 'Logout complete'
+    redirect '/' 
+  end
+
  get '/stylesheet.css' do
    scss :admin_stylesheet
  end
+
+  helpers do
+    def session_valid?
+      if session.has_key?(:id) && session.has_key?(:last_updated)
+        account = Account.find(session[:id])
+        if account && Time.now - session[:last_updated] < 1800
+          @account = account
+          true
+        else
+          false
+        end
+      else
+        false
+      end
+    end
+  end
 end
--- a/views/admin_index.haml
+++ b/views/admin_index.haml
@ -1 +1,2 @@
-h1
+%a{:href => '/admin/logout'}="Logout"
+%h1="Index"
--- a/views/admin_index_no_login.haml
+++ b/views/admin_index_no_login.haml
@ -0,0 +1,12 @@
+%p="==> #{@path}"
+%h1="Login"
+%form{:action => '/admin/login', :method => 'post'}
+  .username
+    %label.block{:for => 'username'}='Username'
+    %input.block{:name => 'username', :placeholder => 'username', :value => flash[:username]}
+  .password
+    %label.block{:for => 'password'}='Password'
+    %input.block{:name => 'password', :placeholder => 'password', :type => :password}
+  .submit
+    %button{:type => 'submit'}="Login"
+    %button{:type => 'submit', :formmethod => :post, :formaction => '/'}="Back"