use Authen::Passphrase::BlowfishCrypt instead of bcrypt plugin; implement Moderator model

2022-10-23 14:30:43 -04:00 · 2022-10-23 14:30:43 -04:00 · 835a790ba0
commit 835a790ba0
parent f51af35605
4 changed files with 33 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -32,6 +32,8 @@ Run the tests locally (against development environment):

 ## TODOs

+1. Need to pass `config` to the Moderator model for bcrypt cost
+1. Re-write bcrypt command to use Authen::Passphrase::BlowfishCrypt
 1. Some sort of admin/moderator login and view
 1. Implement tripcodes
 1. CSS
--- a/2
+++ b/2
@ -2,4 +2,4 @@ requires 'Mojolicious';
 requires 'Mojo::Pg';
 requires 'Mojolicious::Plugin::TagHelpers::Pagination';
 requires 'Mojolicious::Plugin::AssetPack';
-requires 'Mojolicious::Plugin::BcryptSecure';
+requires 'Authen::Passphrase::BlowfishCrypt';
--- a/lib/PostText.pm
+++ b/lib/PostText.pm
@ -6,12 +6,12 @@ use Mojo::Base 'Mojolicious', -signatures;
 use Mojo::Pg;
 use PostText::Model::Thread;
 use PostText::Model::Remark;
+use PostText::Model::Moderator;

 sub startup($self) {
    $self->plugin('Config');
    $self->plugin('TagHelpers::Pagination');
    $self->plugin(AssetPack => {pipes => [qw{Css Combine}]});
-    $self->plugin('BcryptSecure', {cost => $self->config->{'bcrypt_cost'}});

    # Helpers
    $self->helper(pg => sub ($c) {
@ -26,6 +26,10 @@ sub startup($self) {
        state $remark = PostText::Model::Remark->new(pg => $c->pg)
    });

+    $self->helper(moderator => sub ($c) {
+        state $moderator = PostText::Model::Moderator->new(pg => $c->pg)
+    });
+
    $self->helper(truncate_text => sub ($c, $input_text) {
        my $truncated_text = 500 < length($input_text)
            ? substr($input_text, 0, 500) . '...' : $input_text;
--- a/lib/PostText/Model/Moderator.pm
+++ b/lib/PostText/Model/Moderator.pm
@ -0,0 +1,25 @@
+package PostText::Model::Moderator;
+
+use Mojo::Base -base, -signatures;
+use Authen::Passphrase::BlowfishCrypt;
+use Data::Dumper;
+
+has 'pg';
+
+sub check_password($self, $email, $password) {
+    my $moderator =
+        $self->pg->db->query(<<~'END_SQL', $email)->hash;
+            SELECT moderator_id  AS id,
+                   password_hash
+              FROM moderators
+             WHERE email_addr = ?;
+           END_SQL
+
+    return undef unless $moderator->{'id'};
+
+    return Authen::Passphrase::BlowfishCrypt
+        ->from_crypt($moderator->{'password_hash'})
+        ->match($password);
+}
+
+1;