package controllers; import play.*; import play.mvc.*; import views.html.*; import database.*; import org.codehaus.jackson.*; public class Auth extends Controller { private static final String AUTH_COOKIE = "rft_uid"; private static void setSessionCookie(String uid) { response().setCookie(AUTH_COOKIE, uid, 3600, "/api"); } public static Result restore() { Http.Cookie c = request().cookies().get(AUTH_COOKIE); if ( c != null ) { String uid = c.value(); // lookup c setSessionCookie(uid); } return unauthorized(); } public static Result register() { JsonNode json = request().body().asJson(); String email = json.findPath("email").getTextValue(); String password = json.findPath("password").getTextValue(); if ( json == null ) { return badRequest("Body expected."); } Model model = DB.getDefault().getModel(); boolean exists = userExists(model, email); if ( exists ) { return forbidden(); } else { UUID uid = UUID.generate(); double salt = rand(); model.createResource(DB.NS+uid) .addProperty(RDF.type,"rtr:User") .addProperty(DB.PREDICATES_NS+"email", email) .addProperty(DB.PREDICATES_NS+"passwordHash", sha1(password,salt)) .addProperty(DB.PREDICATES_NS+"passwordSalt", salt); setSessionCookie(uid); return created(); } } private boolean userExists(Model model, String email) { Query query = QueryFactory.create(DB.PREFIX+"ASK { ?user rtr:email \""+email+"\" . }") ; QueryExecution qexec = QueryExecutionFactory.create(query, model) ; boolean result = qexec.execAsk() ; qexec.close() ; return result; } public static Result login() { JsonNode json = request().body().asJson(); if ( json == null ) { return restore(); } else { String email = json.findPath("email").getTextValue(); String password = json.findPath("password").getTextValue(); // authenticate setSessionCookie("XYZ"); return ok(); } } }