better notes, bugfixes

Dockerfile

@@ -1,4 +1,3 @@
 FROM guard13007/docker-lapis:latest
 
 RUN luarocks install bcrypt
-RUN luarocks install lapis-console

app.moon

@@ -1,32 +1,26 @@
 lapis = require "lapis"
-console = require "lapis.console"
 bcrypt = require "bcrypt"
-config = require("lapis.config").get!
 
 import Users from require "models"
 import api, abort, assert_model from require "helpers"
 
 class extends lapis.Application
-  [console: "/console/#{config.secret}"]: =>
+  -- finds user by name or id (or creates by name), and returns the user,
-    if Users\count! < 1 or @session.id == 1
+  --  unless a password is not specified (or incorrect), or the password is too weak
-      return console.make(env: "all")(@)
+  [authenticate: "/0/auth"]: respond_to {
-    else
+    POST: api( =>
-      return status: 401, "401 - Unauthorized"
-
-  [authenticate: "/0/auth"]: api {
-    POST: =>
       -- find user by name or id if specified
       local user
       if @params.name
         user = Users\find name: @params.name
       elseif @params.id
         user = Users\find id: @params.id
-        abort "No such user." unless user
+        abort "Incorrect user name, id, or password." unless user
 
       -- if a user by that name exists, see if the password is correct
       if user
         unless bcrypt.verify(@params.password, user.digest)
-          abort "Incorrect password."
+          abort "Incorrect user name, id, or password."
       -- else create a user
       elseif @params.password
         assert_valid(@params, {
@@ -34,8 +28,6 @@ class extends lapis.Application
           { "password", exists: true, min_length: 8, max_length: 255 }
         })
         -- TODO passwords should be checked against known breached passwords
-        -- TODO passwords should be required to follow a few other basic security checks
-        --  actually, these are invalidated just by checking against breached passwords I think
         user = assert_model Users\create {
           name: @params.name
           digest: bcrypt.digest(@params.password, config.digest_rounds)
@@ -45,12 +37,15 @@ class extends lapis.Application
         abort "Must specify name or id, and password."
 
       return name: user.name, id: user.id
+    )
   }
 
-  [name: "/0/:id[%d]"]: api {
+  -- finds user by id and returns their name
-    GET: =>
+  [name: "/0/:id[%d]"]: {
+    GET: api(=>
       if user = Users\find id: @params.id
         return name: user.name
       else
-        abort "No such user."
+        abort "Incorrect user id."
+    )
   }

helpers.moon

@@ -2,17 +2,17 @@ import json_params, capture_errors, yield_error, respond_to from require "lapis.
 import insert from table
 import max from math
 
-api = (tab) ->
+api = (fn) =>
   json_params capture_errors {
     =>
-      result = respond_to(tab)
+      result = fn(@)
-      return json: result,
+      return json: result
     on_error: =>
-      status = 400
+      status = 400 -- most likely a bad request
       errors = {}
       for err in *@errors
         if "table" == type err
-          status = max status, err[1]
+          status = max status, err[1] -- the worst error will have a higher status number
           insert errors, err[2]
         else
           insert errors, err