class PasswordsController

Public Instance Methods

create() click to toggle source

POST /passwords POST /passwords.json

# File app/controllers/passwords_controller.rb, line 57
def create
  if params[:password][:payload].blank? or params[:password][:payload] == PAYLOAD_INITIAL_TEXT
    redirect_to '/'
    return
  end

  if params[:password][:payload].length > 250
    redirect_to '/', :error => "That password is too long."
    return
  end

  @password = Password.new()

  @password.expire_after_days = params[:password][:expire_after_days]
  @password.expire_after_views = params[:password][:expire_after_views]

  if DELETABLE_BY_VIEWER_PASSWORDS && params[:password].key?(:deletable_by_viewer)
    @password.deletable_by_viewer = true
  else
    @password.deletable_by_viewer = false
  end

  @password.url_token = rand(36**16).to_s(36)
  @password.user_id = current_user.id if current_user

  # The first view on new passwords are free since we redirect
  # the passwd creator to the password itself (and don't burn up
  # a view).
  @password.first_view = true

  # Encrypt the passwords
  @key = EzCrypto::Key.with_password CRYPT_KEY, CRYPT_SALT
  @password.payload = @key.encrypt64(params[:password][:payload])

  @password.validate!

  respond_to do |format|
    if @password.save
      format.html { redirect_to @password, :notice => "The password has been pushed." }
      format.json { render :json => @password, :status => :created }
    else
      format.html { render :action => "new" }
      format.json { render :json => @password.errors, :status => :unprocessable_entity }
    end
  end
end
destroy() click to toggle source
# File app/controllers/passwords_controller.rb, line 104
def destroy
  if params.has_key?(:id)
    @password = Password.find_by_url_token!(params[:id])
  end

  # Redirect to root if we couldn't find password or
  # the found password wasn't market as deletable
  unless @password || @password.deletable_by_viewer
    redirect_to :root
    return
  end

  @password.expired = true
  @password.payload = nil
  @password.deleted = true

  respond_to do |format|
    if @password.save
      format.html { redirect_to @password, :notice => "The password has been deleted." }
      format.json { render :json => @password, :status => :destroyed }
    else
      format.html { render :action => "new" }
      format.json { render :json => @password.errors, :status => :unprocessable_entity }
    end
  end
end
new() click to toggle source

GET /passwords/new GET /passwords/new.json

# File app/controllers/passwords_controller.rb, line 44
def new
  @password = Password.new

  expires_in 3.hours, :public => true, 'max-stale' => 0

  respond_to do |format|
    format.html # new.html.erb
    format.json { render :json => @password }
  end
end
show() click to toggle source

GET /passwords/1 GET /passwords/1.json

# File app/controllers/passwords_controller.rb, line 4
def show
  if params.has_key?(:id)
    @password = Password.find_by_url_token!(params[:id])

    # If this is the first view, update record.  Otherwise, record
    # a view.
    @first_view = @password.first_view

    if @first_view
      @password.update_attribute(:first_view, false)
    else
      @password.views = View.where(:password_id => @password.id, :successful => true)
    end
  else
    redirect_to :root
    return
  end

  # This password may have expired since the last view.  Validate the password
  # expiration before doing anything.
  @password.validate!

  unless @password.expired
    # Decrypt the passwords
    @key = EzCrypto::Key.with_password CRYPT_KEY, CRYPT_SALT
    @payload = @key.decrypt64(@password.payload)
  end

  log_view(@password) unless @first_view

  expires_now()

  respond_to do |format|
    format.html # show.html.erb
    format.json { render :json => @password }
  end
end

Private Instance Methods

log_view(password) click to toggle source

log_view

Record that a view is being made for a password

# File app/controllers/passwords_controller.rb, line 138
def log_view(password)
  view = View.new
  view.password_id = password.id
  view.ip          = request.env["HTTP_X_FORWARDED_FOR"].nil? ? request.env["REMOTE_ADDR"] : request.env["HTTP_X_FORWARDED_FOR"]

  # Limit retrieved values to 256 characters
  view.user_agent  = request.env["HTTP_USER_AGENT"].to_s[0,255]
  view.referrer    = request.env["HTTP_REFERER"].to_s[0,255]

  view.successful  = password.expired ? false : true
  view.save

  password.views << view
  password
end