#!/usr/bin/env ruby

require 'openssl'
require 'securerandom'
require 'sinatra'

set :port, 4568

Service = "Mail"
ServicePassword = "{FvM<kgG}VpHxKJO;6Zo"

def decrypt(obj, key)
  ticket = [obj].pack("H*").unpack("C*").pack("c*")
  cipher = OpenSSL::Cipher::AES.new(256, :CBC).decrypt
  cipher.key = Digest::SHA2.digest(key)
  cipher.update(ticket) + cipher.final
end

post '/login' do
  request.body.rewind
  data = JSON.parse(request.body.read)
  next "Invalid request\n" unless data.keys.sort == %w(authenticator ticket username)
  sk, un, ws, sn, ls, ts = decrypt(data["ticket"], ServicePassword).split(?\0)
  ls = ls.to_i
  ts = ts.to_i
  next "Invalid ticket\n" unless sn == Service
  next "Invalid ticket\n" unless un == data["username"]
  next "Invalid ticket\n" unless ws == request.ip
  next "Invalid ticket\n" unless Time.now.to_i >= ts
  next "Ticket expired\n" unless Time.now.to_i < (ts + ls)

  begin
    aun, aws, als, ats = decrypt(data["authenticator"], sk).split(?,)
    als = als.to_i
    ats = ats.to_i
  rescue OpenSSL::Cipher::CipherError
    next "Invalid session key\n"
  end
  next "Invalid authenticator\n" unless aun == un
  next "Invalid authenticator\n" unless aws == ws
  next "Invalid authenticator\n" unless Time.now.to_i >= ats
  next "Authenticator expired\n" unless Time.now.to_i < (ats + als)

  "Login okay! You have no mail.\n"
end