2 use CGI::Fast qw/:cgi/;
3 use Digest::SHA qw/hmac_sha256_base64/;
12 open HMAC_KEY, "$ENV{BLERG_HOME}/etc/hmac_key"
13 or die "Could not open $ENV{BLERG_HOME}/etc/hmac_key";
14 read(HMAC_KEY, $hmac_key, 256);
18 print header(-type => 'text/html',
19 -status => '404 Not Found');
22 <h1>404 Not Found</h1>
27 print header(-type => 'text/html',
28 -status => '403 Forbidden');
31 <h1>403 Forbidden</h1>
36 sub generate_email_verify_url {
37 my ($username, $email) = @_;
39 # generate verification data
40 my $expiry = time + 900;
41 my $data = "$username;" . uri_escape($email) . ";$expiry";
44 my $hmac = hmac_sha256_base64($data, $hmac_key);
46 return Blerg::Database::BASEURL . "#/account/email-verify/$data;$hmac";
49 sub validate_email_data {
53 if ($data =~ /^(.*);([^;]+)$/) {
60 my $computed_hmac = hmac_sha256_base64($payload, $hmac_key);
61 if ($hmac ne $computed_hmac) {
65 my ($username, $email, $expiry) = split(';', $payload);
66 $email = uri_unescape($email);
71 return ($username, $email);
74 sub validate_authentication {
77 my $auth = $q->cookie('auth');
81 my ($username, $token) = split('/', $auth);
82 if (Blerg::Database::auth_check_token($username, $token)) {
90 while (my $q = new CGI::Fast) {
91 my (undef, $cmd, $args) = split '/', $ENV{PATH_INFO}, 3;
95 my $username = validate_authentication($q);
96 if (!defined $username) {
101 print header(-type => 'application/json');
102 my $email = $q->param('email');
103 if (!defined $email) {
104 say '{"status": "failure"}';
108 my $url = generate_email_verify_url($username, $email);
109 Mail::Message->build(
110 From => Mail::Address->new('BlergBot', 'noreply@blerg.cc'),
112 Subject => 'Blërg Email Verification',
113 Mail::Message::Field->new('Content-Type', 'text/plain', 'charset="utf8"'),
115 To verify this email address, please click or copy/paste the following link
116 into your web browser.
120 If you received this email by mistake, just ignore it.
126 say '{"status": "success"}';
129 print header(-type => 'application/json');
131 my ($username, $email) = validate_email_data($q->param('data'));
133 if (!defined $username) {
134 say '{"status": "failure"}';
138 my $email_conf_path = Blerg::Database::configuration->{data_path} . "/$username/email";
139 open CONF, '>', $email_conf_path;
143 say '{"status": "success"}';
146 my $username = validate_authentication($q);
147 if (!defined $username) {
153 my $email_conf_path = Blerg::Database::configuration->{data_path} . "/$username/email";
154 if (-f $email_conf_path) {
155 open CONF, $email_conf_path;
160 say header(-type => 'application/json'),
161 JSON->new->utf8->encode({email => $email});
164 my $username = validate_authentication($q);
165 if (!defined $username) {
170 print header(-type => 'application/json');
172 my $email_conf_path = Blerg::Database::configuration->{data_path} . "/$username/email";
173 if (unlink $email_conf_path) {
174 say '{"status": "success"}';
176 say '{"status": "failure"}';