summaryrefslogtreecommitdiff
path: root/index.pl
diff options
context:
space:
mode:
authorDaniel Friesel <derf@finalrewind.org>2019-03-07 18:36:11 +0100
committerDaniel Friesel <derf@finalrewind.org>2019-03-07 18:36:11 +0100
commitfd608391164ddc9e55e2f383620d395b43ae99b7 (patch)
treed7718f37e273918933d42f6d488fa70d78f0b1d6 /index.pl
parentba6b517e5b6986609996339eae109bb2c279ee5f (diff)
switch from HTTP Auth to Cookie Auth
Diffstat (limited to 'index.pl')
-rwxr-xr-xindex.pl446
1 files changed, 191 insertions, 255 deletions
diff --git a/index.pl b/index.pl
index 51eb158..69d1079 100755
--- a/index.pl
+++ b/index.pl
@@ -44,13 +44,10 @@ app->plugin(
authentication => {
autoload_user => 1,
session_key => 'foodor',
+ fail_render => { template => 'login' },
load_user => sub {
my ( $self, $uid ) = @_;
- my $data = $self->get_user_data($uid);
- if ($data) {
- return { name => $data->{name} };
- }
- return undef;
+ return $self->get_user_data($uid);
},
validate_user => sub {
my ( $self, $username, $password, $extradata ) = @_;
@@ -68,6 +65,7 @@ app->plugin(
},
}
);
+app->sessions->default_expiration( 60 * 60 * 24 * 180 );
app->defaults( layout => 'default' );
@@ -427,7 +425,7 @@ helper 'checkin' => sub {
}
my $success = $self->app->checkin_query->execute(
- $self->get_user_id,
+ $self->current_user->{id},
$self->get_station_id(
ds100 => $status->{station_ds100},
name => $status->{station_name}
@@ -457,7 +455,7 @@ helper 'checkin' => sub {
helper 'undo' => sub {
my ($self) = @_;
- my $uid = $self->get_user_id;
+ my $uid = $self->current_user->{id};
$self->app->get_last_actions_query->execute($uid);
my $rows = $self->app->get_last_actions_query->fetchall_arrayref;
@@ -469,10 +467,10 @@ helper 'undo' => sub {
return 'Repeated undo is not supported';
}
- my $success
- = $self->app->undo_query->execute( $self->get_user_id,
+ my $success = $self->app->undo_query->execute(
+ $self->current_user->{id},
DateTime->now( time_zone => 'Europe/Berlin' )->epoch,
- );
+ );
if ( defined $success ) {
return;
@@ -501,7 +499,7 @@ helper 'checkout' => sub {
if ( not defined $train ) {
if ($force) {
my $success = $self->app->checkout_query->execute(
- $self->get_user_id,
+ $self->current_user->{id},
$self->get_station_id(
ds100 => $status->{station_ds100},
name => $status->{station_name}
@@ -523,7 +521,7 @@ helper 'checkout' => sub {
}
else {
my $success = $self->app->checkout_query->execute(
- $self->get_user_id,
+ $self->current_user->{id},
$self->get_station_id(
ds100 => $status->{station_ds100},
name => $status->{station_name}
@@ -580,7 +578,7 @@ helper 'get_user_token' => sub {
helper 'get_user_data' => sub {
my ( $self, $uid ) = @_;
- $uid //= $self->get_user_id;
+ $uid //= $self->current_user->{id};
my $query = $self->app->get_user_query;
$query->execute($uid);
my $rows = $query->fetchall_arrayref;
@@ -603,7 +601,7 @@ helper 'get_user_data' => sub {
deletion_requested => $row[7]
};
}
- return;
+ return undef;
};
helper 'get_user_password' => sub {
@@ -623,80 +621,9 @@ helper 'get_user_password' => sub {
return;
};
-helper 'get_user_name' => sub {
- my ($self) = @_;
-
- my $user = $self->req->headers->header('X-Remote-User') // 'dev';
-
- return $user;
-};
-
-helper 'get_user_id' => sub {
+helper 'add_user' => sub {
my ( $self, $user_name, $email, $token, $password ) = @_;
- $user_name //= $self->get_user_name;
-
- if ( not -e $dbname ) {
- $self->app->dbh->begin_work;
- $self->app->dbh->do(
- qq{
- create table schema_version (
- version integer primary key
- );
- }
- );
- $self->app->dbh->do(
- qq{
- create table users (
- id integer primary key,
- name char(64) not null unique,
- status int not null,
- public_level bool not null,
- email char(256),
- token char(80),
- password text,
- registered_at datetime not null,
- last_login datetime not null,
- deletion_requested datetime
- )
- }
- );
- $self->app->dbh->do(
- qq{
- create table stations (
- id integer primary key,
- ds100 char(16) not null unique,
- name char(64) not null unique
- )
- }
- );
- $self->app->dbh->do(
- qq{
- create table user_actions (
- user_id int not null,
- action_id int not null,
- station_id int,
- action_time int not null,
- train_type char(16),
- train_line char(16),
- train_no char(16),
- train_id char(128),
- sched_time int,
- real_time int,
- route text,
- messages text,
- primary key (user_id, action_time)
- )
- }
- );
- $self->app->dbh->do(
- qq{
- insert into schema_version (version) values (1);
- }
- );
- $self->app->dbh->commit;
- }
-
$self->app->get_userid_query->execute($user_name);
my $rows = $self->app->get_userid_query->fetchall_arrayref;
@@ -737,7 +664,7 @@ helper 'check_if_user_name_exists' => sub {
helper 'get_user_travels' => sub {
my ( $self, $limit ) = @_;
- my $uid = $self->get_user_id;
+ my $uid = $self->current_user->{id};
my $query = $self->app->get_all_actions_query;
if ($limit) {
$query = $self->app->get_last_actions_query;
@@ -800,7 +727,7 @@ helper 'get_user_travels' => sub {
helper 'get_user_status' => sub {
my ($self) = @_;
- my $uid = $self->get_user_id;
+ my $uid = $self->current_user->{id};
$self->app->get_last_actions_query->execute($uid);
my $rows = $self->app->get_last_actions_query->fetchall_arrayref;
@@ -886,176 +813,33 @@ helper 'navbar_class' => sub {
get '/' => sub {
my ($self) = @_;
- $self->render( 'landingpage', with_geolocation => 1 );
-};
-
-post '/action' => sub {
- my ($self) = @_;
- my $params = $self->req->json;
-
- if ( not exists $params->{action} ) {
- $params = $self->req->params->to_hash;
- }
-
- if ( not $params->{action} ) {
- $self->render(
- json => {
- success => 0,
- error => 'Missing action value',
- },
- status => 400,
- );
- return;
- }
-
- my $station = $params->{station};
-
- if ( $params->{action} eq 'checkin' ) {
-
- my ( $train, $error )
- = $self->checkin( $params->{station}, $params->{train}, );
-
- if ($error) {
- $self->render(
- json => {
- success => 0,
- error => $error,
- },
- );
- }
- else {
- $self->render(
- json => {
- success => 1,
- },
- );
- }
- }
- elsif ( $params->{action} eq 'checkout' ) {
- my $error = $self->checkout( $params->{station}, $params->{force}, );
-
- if ($error) {
- $self->render(
- json => {
- success => 0,
- error => $error,
- },
- );
- }
- else {
- $self->render(
- json => {
- success => 1,
- },
- );
- }
- }
- elsif ( $params->{action} eq 'undo' ) {
- my $error = $self->undo;
- if ($error) {
- $self->render(
- json => {
- success => 0,
- error => $error,
- },
- );
- }
- else {
- $self->render(
- json => {
- success => 1,
- },
- );
- }
+ if ( $self->is_user_authenticated ) {
+ $self->render( 'landingpage', with_geolocation => 1 );
}
else {
- $self->render(
- json => {
- success => 0,
- error => 'invalid action value',
- },
- status => 400,
- );
- }
-};
-
-get '/a/account' => sub {
- my ($self) = @_;
-
- $self->render('account');
-};
-
-get '/a/export.json' => sub {
- my ($self) = @_;
- my $uid = $self->get_user_id;
- my $query = $self->app->get_all_actions_query;
-
- $query->execute($uid);
-
- my @entries;
-
- while ( my @row = $query->fetchrow_array ) {
- my (
- $action, $raw_ts, $ds100, $name,
- $train_type, $train_line, $train_no, $train_id,
- $raw_sched_ts, $raw_real_ts, $raw_route, $raw_messages
- ) = @row;
-
- $name = decode( 'UTF-8', $name );
- $raw_route = decode( 'UTF-8', $raw_route );
- $raw_messages = decode( 'UTF-8', $raw_messages );
- push(
- @entries,
- {
- action => $action_types[ $action - 1 ],
- action_ts => $raw_ts,
- station_ds100 => $ds100,
- station_name => $name,
- train_type => $train_type,
- train_line => $train_line,
- train_no => $train_no,
- train_id => $train_id,
- scheduled_ts => $raw_sched_ts,
- realtime_ts => $raw_real_ts,
- messages => $raw_messages
- ? [ map { [ split(qr{:}) ] } split( qr{[|]}, $raw_messages ) ]
- : undef,
- route => $raw_route ? [ split( qr{[|]}, $raw_route ) ]
- : undef,
- }
- );
+ $self->render( 'landingpage', intro => 1 );
}
-
- $self->render(
- json => [@entries],
- );
};
-get '/a/history' => sub {
- my ($self) = @_;
-
- $self->render('history');
-};
-
-get '/x/about' => sub {
+get '/about' => sub {
my ($self) = @_;
$self->render( 'about', version => $VERSION );
};
-get '/x/impressum' => sub {
+get '/impressum' => sub {
my ($self) = @_;
$self->render('imprint');
};
-get '/x/imprint' => sub {
+get '/imprint' => sub {
my ($self) = @_;
$self->render('imprint');
};
-post '/x/geolocation' => sub {
+post '/geolocation' => sub {
my ($self) = @_;
my $lon = $self->param('lon');
@@ -1085,12 +869,12 @@ post '/x/geolocation' => sub {
};
-get '/x/login' => sub {
+get '/login' => sub {
my ($self) = @_;
$self->render('login');
};
-post '/x/login' => sub {
+post '/login' => sub {
my ($self) = @_;
my $user = $self->req->param('user');
my $password = $self->req->param('password');
@@ -1114,18 +898,12 @@ post '/x/login' => sub {
}
};
-get '/x/logout' => sub {
- my ($self) = @_;
- $self->logout;
- $self->redirect_to('/x/login');
-};
-
-get '/x/register' => sub {
+get '/register' => sub {
my ($self) = @_;
$self->render('register');
};
-post '/x/register' => sub {
+post '/register' => sub {
my ($self) = @_;
my $user = $self->req->param('user');
my $email = $self->req->param('email');
@@ -1163,8 +941,7 @@ post '/x/register' => sub {
return;
}
- #if ( $self->check_if_user_name_exists($user) or $user eq 'dev' ) {
- if ( $user ne $self->get_user_name ) {
+ if ( $self->check_if_user_name_exists($user) ) {
$self->render( 'register', invalid => 'user_collision' );
return;
}
@@ -1181,14 +958,14 @@ post '/x/register' => sub {
my $token = make_token();
my $pw_hash = hash_password($password);
- my $user_id = $self->get_user_id( $user, $email, $token, $pw_hash );
+ my $user_id = $self->add_user( $user, $email, $token, $pw_hash );
my $body = "Hallo, ${user}!\n\n";
$body .= "Mit deiner E-Mail-Adresse (${email}) wurde ein Account auf\n";
$body .= "travelynx.finalrewind.org angelegt.\n\n";
$body
.= "Falls die Registrierung von dir ausging, kannst du den Account unter\n";
- $body .= "https://travelynx.finalrewind.org/x/reg/${user_id}/${token}\n";
+ $body .= "https://travelynx.finalrewind.org/reg/${user_id}/${token}\n";
$body .= "freischalten.\n\n";
$body
.= "Falls nicht, ignoriere diese Mail bitte. Nach 48 Stunden wird deine\n";
@@ -1200,7 +977,7 @@ post '/x/register' => sub {
$body .= " * Datum: ${date}\n";
$body .= " * Verwendete IP: ${ip}\n";
$body .= " * Verwendeter Browser gemäß User Agent: ${ua}\n\n\n";
- $body .= "Impressum: https://travelynx.finalrewind.org/x/impressum\n";
+ $body .= "Impressum: https://travelynx.finalrewind.org/impressum\n";
my $reg_mail = Email::Simple->create(
header => [
@@ -1221,7 +998,7 @@ post '/x/register' => sub {
}
};
-get '/x/reg/:id/:token' => sub {
+get '/reg/:id/:token' => sub {
my ($self) = @_;
my $id = $self->stash('id');
@@ -1244,7 +1021,166 @@ get '/x/reg/:id/:token' => sub {
$self->render( 'login', from => 'verification' );
};
-get '/*station' => sub {
+under sub {
+ my ($self) = @_;
+ return $self->is_user_authenticated;
+};
+
+post '/action' => sub {
+ my ($self) = @_;
+ my $params = $self->req->json;
+
+ if ( not exists $params->{action} ) {
+ $params = $self->req->params->to_hash;
+ }
+
+ if ( not $params->{action} ) {
+ $self->render(
+ json => {
+ success => 0,
+ error => 'Missing action value',
+ },
+ status => 400,
+ );
+ return;
+ }
+
+ my $station = $params->{station};
+
+ if ( $params->{action} eq 'checkin' ) {
+
+ my ( $train, $error )
+ = $self->checkin( $params->{station}, $params->{train}, );
+
+ if ($error) {
+ $self->render(
+ json => {
+ success => 0,
+ error => $error,
+ },
+ );
+ }
+ else {
+ $self->render(
+ json => {
+ success => 1,
+ },
+ );
+ }
+ }
+ elsif ( $params->{action} eq 'checkout' ) {
+ my $error = $self->checkout( $params->{station}, $params->{force}, );
+
+ if ($error) {
+ $self->render(
+ json => {
+ success => 0,
+ error => $error,
+ },
+ );
+ }
+ else {
+ $self->render(
+ json => {
+ success => 1,
+ },
+ );
+ }
+ }
+ elsif ( $params->{action} eq 'undo' ) {
+ my $error = $self->undo;
+ if ($error) {
+ $self->render(
+ json => {
+ success => 0,
+ error => $error,
+ },
+ );
+ }
+ else {
+ $self->render(
+ json => {
+ success => 1,
+ },
+ );
+ }
+ }
+ else {
+ $self->render(
+ json => {
+ success => 0,
+ error => 'invalid action value',
+ },
+ status => 400,
+ );
+ }
+};
+
+get '/account' => sub {
+ my ($self) = @_;
+
+ $self->render('account');
+};
+
+get '/history' => sub {
+ my ($self) = @_;
+
+ $self->render('history');
+};
+
+get '/export.json' => sub {
+ my ($self) = @_;
+ my $uid = $self->current_user->{id};
+ my $query = $self->app->get_all_actions_query;
+
+ $query->execute($uid);
+
+ my @entries;
+
+ while ( my @row = $query->fetchrow_array ) {
+ my (
+ $action, $raw_ts, $ds100, $name,
+ $train_type, $train_line, $train_no, $train_id,
+ $raw_sched_ts, $raw_real_ts, $raw_route, $raw_messages
+ ) = @row;
+
+ $name = decode( 'UTF-8', $name );
+ $raw_route = decode( 'UTF-8', $raw_route );
+ $raw_messages = decode( 'UTF-8', $raw_messages );
+ push(
+ @entries,
+ {
+ action => $action_types[ $action - 1 ],
+ action_ts => $raw_ts,
+ station_ds100 => $ds100,
+ station_name => $name,
+ train_type => $train_type,
+ train_line => $train_line,
+ train_no => $train_no,
+ train_id => $train_id,
+ scheduled_ts => $raw_sched_ts,
+ realtime_ts => $raw_real_ts,
+ messages => $raw_messages
+ ? [ map { [ split(qr{:}) ] } split( qr{[|]}, $raw_messages ) ]
+ : undef,
+ route => $raw_route ? [ split( qr{[|]}, $raw_route ) ]
+ : undef,
+ }
+ );
+ }
+
+ $self->render(
+ json => [@entries],
+ );
+};
+
+post '/logout' => sub {
+ my ($self) = @_;
+ $self->logout;
+ $self->redirect_to('/login');
+};
+
+get '/s/*station' => sub {
my ($self) = @_;
my $station = $self->stash('station');