app.psgi

# http://cycle.7kai.org/?signup=1
# アカウント作成
post '/butler/signup' => sub {
    my ($c) = @_;

    # リクエストパラメータ取得
    my $screen_name = $c->req->param('screen_name');
    my $password = $c->req->param('password');

    # 入力値のチェック
    if ($screen_name !~ m![a-zA-Z0-9\._-]{1,32}! ||
        $password    !~ m!.{1,}!
    ) {
        return $c->res_403();
    }
    my $dbh = $c->dbh;

    # 既にアカウントがあるかチェック
    my $butler = $dbh->selectrow_hashref(
        'SELECT * FROM butler WHERE screen_name = ?', undef, $screen_name);
    if ($butler) {
        return $c->render('index.tt', { signup => 1, double_screen_name => 1 });
    }

    # パスワードをソルト付きハッシュに変換
    $csh->add($password);
    my $password_saltedhash = $csh->generate;
    $dbh->do(
        'INSERT INTO butler(screen_name, password_saltedhash, created_on) VALUES(?, ?, now())',
        undef,
        $screen_name,
        $password_saltedhash);

    # IDは自動採番なのでDBから取得
    $butler = $dbh->selectrow_hashref(
        'SELECT id FROM butler WHERE screen_name = ?', undef, $screen_name);

    # セッションにIDを保存
    $c->session->set('butler_id', $butler->{id});

    # Session Fixation対策
    $c->req->session_options->{change_id}++;

    # リダイレクト
    return $c->redirect('/', { welcome => 1 });;
};

# ログイン
post '/butler/signin' => sub {
    my ($c) = @_;

    # リクエストパラメータ取得
    my $screen_name = $c->req->param('screen_name');
    my $password = $c->req->param('password');

    my $dbh = $c->dbh;

    # アカウント情報を取得
    my $butler = $dbh->selectrow_hashref(
        'SELECT * FROM butler WHERE screen_name = ?', undef, $screen_name);
    return $c->render('index.tt', { invalid_signin => 1 }) unless $butler;

    # パスワードの一致を確認
    return $c->render('index.tt', { invalid_signin => 1 })
        unless $csh->validate($butler->{password_saltedhash}, $password);

    # セッションにアカウントIDを保存
    $c->session->set('butler_id', $butler->{id});

    # Session Fixation対策
    $c->req->session_options->{change_id}++;

    # リダイレクト
    return $c->redirect('/');
};