2 use CGI::Fast qw/:cgi/;
3 use Digest::SHA qw/hmac_sha256_base64/;
11 open HMAC_KEY, "$ENV{BLERG_HOME}/etc/hmac_key"
12 or die "Could not open $ENV{BLERG_HOME}/etc/hmac_key";
13 read(HMAC_KEY, $hmac_key, 256);
17 print header(-type => 'text/html',
18 -status => '404 Not Found');
21 <h1>404 Not Found</h1>
26 print header(-type => 'text/html',
27 -status => '403 Forbidden');
30 <h1>403 Forbidden</h1>
35 sub generate_email_verify_url {
36 my ($username, $email) = @_;
38 # generate verification data
39 my $expiry = time + 900;
40 my $data = "$username;" . uri_escape($email) . ";$expiry";
43 my $hmac = hmac_sha256_base64($data, $hmac_key);
45 return Blerg::Database::BASEURL . "#/account/email-verify/$data;$hmac";
48 sub validate_email_data {
52 if ($data =~ /^(.*);([^;]+)$/) {
59 my $computed_hmac = hmac_sha256_base64($payload, $hmac_key);
60 if ($hmac ne $computed_hmac) {
64 my ($username, $email, $expiry) = split(';', $payload);
65 $email = uri_unescape($email);
70 return ($username, $email);
73 sub validate_authentication {
76 my $auth = $q->cookie('auth');
80 my ($username, $token) = split('/', $auth);
81 if (Blerg::Database::auth_check_token($username, $token)) {
89 while (my $q = new CGI::Fast) {
90 my (undef, $cmd, $args) = split '/', $ENV{PATH_INFO}, 3;
94 my $username = validate_authentication($q);
95 if (!defined $username) {
100 print header(-type => 'application/json');
101 my $email = $q->param('email');
102 if (!defined $email) {
103 say '{"status": "failure"}';
107 my $url = generate_email_verify_url($username, $email);
108 Mail::Message->build(
109 From => Mail::Address->new('BlergBot', 'noreply@blerg.cc'),
111 Subject => 'Blërg Email Verification',
112 Mail::Message::Field->new('Content-Type', 'text/plain', 'charset="utf8"'),
114 To verify this email address, please click or copy/paste the following link
115 into your web browser.
119 If you received this email by mistake, just ignore it.
125 say '{"status": "success"}';
128 print header(-type => 'application/json');
130 my ($username, $email) = validate_email_data($q->param('data'));
132 if (!defined $username) {
133 say '{"status": "failure"}';
137 my $email_conf_path = Blerg::Database::configuration->{data_path} . "/$username/email";
138 open CONF, '>', $email_conf_path;
142 say '{"status": "success"}';
145 my $username = validate_authentication($q);
146 if (!defined $username) {
151 print header(-type => 'application/json');
153 my $email_conf_path = Blerg::Database::configuration->{data_path} . "/$username/email";
154 if (unlink $email_conf_path) {
155 say '{"status": "success"}';
157 say '{"status": "failure"}';