-
Notifications
You must be signed in to change notification settings - Fork 0
/
pritory.rb
182 lines (156 loc) · 5.54 KB
/
pritory.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
# encoding: utf-8
require 'sinatra'
require 'sinatra/cache'
require 'sinatra/session'
require 'sinatra/partial'
require 'sinatra/flash'
require 'sinatra/sequel'
require 'fileutils'
require 'clockwork'
require 'bluecloth'
require 'mini_magick'
require 'haml'
require 'chartkick'
require 'openssl'
require 'redis'
require 'sidekiq'
require 'logger'
require 'i18n'
require 'i18n/backend/fallbacks'
require 'pony'
require 'sqlite3'
require_relative 'minify_resources'
require_relative 'mysecrets'
require_relative 'models/init'
require_relative 'routes/init'
require_relative 'helpers/init'
class Pritory < Sinatra::Base
# Logger implementation for Sinatra
::Logger.class_eval { alias :write :'<<' }
access_log = ::File.join(::File.dirname(::File.expand_path(__FILE__)),'log','access.log')
access_logger = ::Logger.new(access_log)
info_log = ::File.join(::File.dirname(::File.expand_path(__FILE__)),'log','info.log')
error_logger = ::File.new(::File.join(::File.dirname(::File.expand_path(__FILE__)),'log','error.log'),"a+")
error_logger.sync = true
configure do
register Sinatra::Cache
register Sinatra::Session
register Sinatra::Partial
register Sinatra::Flash
# Make object accessible through routes - not sure if it's thread-safe e.g. better than $squick!
set :squick, Skroutz::Query.new
set :log, Logger.new(info_log)
# Security measures for sessions
set :session_fail, '/login'
set :session_secret, MySecrets::SESSION_SECRET
# Setup environemnt
set :environment, MySecrets::ENVIR.to_sym
set :default_encoding, 'utf-8'
set :dump_errors, true
# Files and Folders
set :root, File.dirname(__FILE__)
set :public_dir, "#{File.dirname(__FILE__)}/public"
set :public_folder, 'public'
# Locale Load
# I18n::Backend::Simple.send(:include, I18n::Backend::Fallbacks)
I18n.load_path = Dir[File.join(settings.root, 'locales', '*.yml')]
# I18n.backend.load_translations
I18n.config.enforce_available_locales = true
I18n.default_locale = 'el'
end
configure :production do
# Setup 'cache'
set :cache_enabled, true
set :cache_output_dir, "#{File.dirname(__FILE__)}/cache"
set :cache_logging, true
set :haml, { ugly: true }
set :clean_trace, true
set :css_files, :blob
set :js_files, :blob
MinifyResources.minify_all
end
configure :development do
# Faraday won't check SSL for ssl in 'development mode'
# OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
set :cache_enabled, false
set :cache_output_dir, "#{File.dirname(__FILE__)}/cache"
set :cache_logging, false
set :css_files, MinifyResources::CSS_FILES
set :js_files, MinifyResources::JS_FILES
end
configure :test do
# Faraday won't check SSL for ssl in 'development mode'
# OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
set :cache_enabled, false
set :cache_output_dir, "#{File.dirname(__FILE__)}/cache"
set :cache_logging, false
set :css_files, MinifyResources::CSS_FILES
set :js_files, MinifyResources::JS_FILES
end
# set 'env' before every request and dump errors to error_logger
before { env["rack.errors"] = error_logger }
# Helpers magic!
helpers do
include Rack::Utils
alias_method :h, :escape_html
# Just a simple alias
def t(*args)
I18n.t(*args, locale: session[:locale])
end
# Load active users
def load_active_user
User.first(username: session['name'])
end
# Login required
# Halt [ 401, 'Not Authorized' ] unless session?
def protected
unless session?
flash[:error] = '401 - Not Authorized'
redirect '/'
end
end
# Are you logged in?
def protected?
session?
end
# Accessible source only by user who source belongs to
def protected_source(id)
begin
unless User.find(id: Source.find(id: id).product.user_id).username == session['name']
settings.log.error("[SECURITY]: user #{sesion['name']} tried to access foreign source with id: #{id}")
flash[:error] = 'ΠΡΟΣΟΧΗ: Η πηγή που ανήκει σε άλλο χρήστη!!!!'
redirect '/panel'
end
rescue NoMethodError => e
flash[:error] = 'Η πηγή που ψάχνετε δεν υπάρχει!'
settings.log.error("ERROR (protected_source - NoMethodError): #{e}")
redirect '/panel'
end
end
# Accessible product only by user who product belongs to
def protected_product(id)
begin
unless User.find(id: Product.find(id: id).user_id).username == session['name']
settings.log.error("[SECURITY]: user #{session['name']} tried to access foreign product with id: #{id}")
flash[:error] = 'ΠΡΟΣΟΧΗ: Το προϊόν ανήκει σε άλλο χρήστη!!!!'
redirect '/panel'
end
rescue NoMethodError => e
flash[:error] = 'Το προϊόν που ψάχνετε δεν υπάρχει!'
settings.log.error("ERROR (protected_product - NoMethodError): #{e}")
redirect '/panel'
end
end
# i18n - Locale setup in session
before do
session[:locale] = params[:locale] if params[:locale] # The r18n system will load it automatically
# session[:locale] = 'el' if params[:locale] == nil
load_active_user # Pull user from database or whatever based on session info.
session[:locale] = @active_user.locale if @active_user != nil && session[:locale] == nil
end
# When Page Not Found
not_found do
haml :not_found
end
end
end