#!/usr/bin/env lua

require 'luasql.postgres'
require 'md5'

require 'helper'
require 'token'
require 'config'

function fail(msg)
    print "Status: 423 Locked"
    print ""
    print("Error: " .. msg)
end

function is_bruteforce(con)
  now = os.time()
  host = md5.sumhexa(os.getenv('REMOTE_ADDR'))
  clean = "delete from lock where death<" .. now .. ";"
  check = "select count(*) from lock where host='" .. host .. "';"
  rn = tonumber(con:execute(clean .. check):fetch())

  if rn < config.lock then
    con:execute("insert into lock (death, host) values(" .. (now + config.lock_time) .. ", '".. host .."');")
    return false
  else
    return true
  end
end

print "Content-Type: text/plain"

token = os.getenv("QUERY_STRING")

env = luasql.postgres()
con = env:connect(config.db)

if token == nil or token == "" then
  fail("No token given")
else
  if token:sub(1, 2) == "t=" then
    token = token:sub(3)
  end

  if token:len() == config.key_len then
    if not is_bruteforce(con) then
      print ""
      b = check_token(con, token)
      token = set_prefix(token,generate_token())
      if b ~= false then
        add_token(con, token)
        qspawn("./openseamless")
      end
      print(token)
    else
      fail("Stop bruteforcing, this box is too slow")
    end
  else
    fail("Invalid token")
  end
end

con:close()
env:close()