diff options
| -rw-r--r--[-rwxr-xr-x] | index.pl | 1706 | ||||
| -rwxr-xr-x | lib/Travelynx.pm | 1189 | ||||
| -rwxr-xr-x | lib/Travelynx/Controller/Api.pm | 126 | ||||
| -rwxr-xr-x | lib/Travelynx/Controller/Login.pm | 230 | ||||
| -rwxr-xr-x | lib/Travelynx/Controller/Traveling.pm | 241 |
5 files changed, 1791 insertions, 1701 deletions
@@ -1,1705 +1,9 @@ #!/usr/bin/env perl -use Mojolicious::Lite; -use Mojolicious::Plugin::Authentication; -use Cache::File; -use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); -use DateTime; -use DBI; -use Encode qw(decode encode); -use Email::Sender::Simple qw(try_to_sendmail); -use Email::Simple; -use Geo::Distance; -use List::Util qw(first); -use List::MoreUtils qw(after_incl before_incl); -use UUID::Tiny qw(:std); -use Travel::Status::DE::IRIS; -use Travel::Status::DE::IRIS::Stations; +use strict; +use warnings; -our $VERSION = qx{git describe --dirty} || 'experimental'; +use lib 'lib'; +use Mojolicious::Commands; -my $cache_iris_main = Cache::File->new( - cache_root => $ENV{TRAVELYNX_IRIS_CACHE} // '/tmp/dbf-iris-main', - default_expires => '6 hours', - lock_level => Cache::File::LOCK_LOCAL(), -); - -my $cache_iris_rt = Cache::File->new( - cache_root => $ENV{TRAVELYNX_IRISRT_CACHE} // '/tmp/dbf-iris-realtime', - default_expires => '70 seconds', - lock_level => Cache::File::LOCK_LOCAL(), -); - -my $dbname = $ENV{TRAVELYNX_DB_FILE} // 'travelynx.sqlite'; - -my %action_type = ( - checkin => 1, - checkout => 2, - undo => 3, - cancelled_from => 4, - cancelled_to => 5, -); -my @action_types = (qw(checkin checkout undo cancelled_from cancelled_to)); -my %token_type = ( - status => 1, - history => 2, - action => 3, -); -my @token_types = (qw(status history action)); - -app->plugin( - authentication => { - autoload_user => 1, - fail_render => { template => 'login' }, - load_user => sub { - my ( $self, $uid ) = @_; - return $self->get_user_data($uid); - }, - validate_user => sub { - my ( $self, $username, $password, $extradata ) = @_; - my $user_info = $self->get_user_password($username); - if ( not $user_info ) { - return undef; - } - if ( $user_info->{status} != 1 ) { - return undef; - } - if ( check_password( $password, $user_info->{password_hash} ) ) { - return $user_info->{id}; - } - return undef; - }, - } -); -app->sessions->default_expiration( 60 * 60 * 24 * 180 ); - -app->defaults( layout => 'default' ); - -app->attr( - add_station_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{ - insert into stations (ds100, name) values (?, ?) - } - ); - } -); -app->attr( - add_user_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{ - insert into users ( - name, status, public_level, email, token, password, - registered_at, last_login - ) values (?, 0, 0, ?, ?, ?, ?, ?); - } - ); - } -); -app->attr( - set_email_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{ - update users set email = ?, token = ? where id = ?; - } - ); - } -); -app->attr( - set_password_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{ - update users set password = ? where id = ?; - } - ); - } -); -app->attr( - add_mail_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{ - insert into pending_mails ( - email, num_tries, last_try - ) values (?, ?, ?); - } - ); - } -); -app->attr( - set_status_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{ - update users set status = ? where id = ?; - } - ); - } -); -app->attr( - mark_for_deletion_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{ - update users set deletion_requested = ? where id = ?; - } - ); - } -); -app->attr( - action_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{ - insert into user_actions ( - user_id, action_id, station_id, action_time, - train_type, train_line, train_no, train_id, - sched_time, real_time, - route, messages - ) values ( - ?, ?, ?, ?, - ?, ?, ?, ?, - ?, ?, - ?, ? - ) - } - ); - }, -); -app->attr( - dbh => sub { - my ($self) = @_; - - return DBI->connect( "dbi:SQLite:dbname=${dbname}", q{}, q{} ); - } -); -app->attr( - get_all_actions_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{ - select action_id, action_time, stations.ds100, stations.name, - train_type, train_line, train_no, train_id, - sched_time, real_time, - route, messages - from user_actions - left outer join stations on station_id = stations.id - where user_id = ? - order by action_time desc - } - ); - } -); -app->attr( - get_last_actions_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{ - select action_id, action_time, stations.ds100, stations.name, - train_type, train_line, train_no, train_id, - sched_time, real_time, - route, messages - from user_actions - left outer join stations on station_id = stations.id - where user_id = ? - order by action_time desc - limit 10 - } - ); - } -); -app->attr( - get_journey_actions_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{ - select action_id, action_time, stations.ds100, stations.name, - train_type, train_line, train_no, train_id, - sched_time, real_time, - route, messages - from user_actions - left outer join stations on station_id = stations.id - where user_id = ? - and (action_time = ? or action_time = ?) - order by action_time desc - limit 2 - } - ); - } -); -app->attr( - get_userid_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{select id from users where name = ?}); - } -); -app->attr( - get_pending_mails_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{select id from users where email = ? and status = 0;}); - } -); -app->attr( - get_listed_mails_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{select * from pending_mails where email = ? and num_tries > 1;}); - } -); -app->attr( - get_user_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{ - select - id, name, status, public_level, email, - registered_at, last_login, deletion_requested - from users where id = ? - } - ); - } -); -app->attr( - get_api_tokens_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{ - select - type, token - from tokens where user_id = ? - } - ); - } -); -app->attr( - get_api_token_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{ - select - token - from tokens where user_id = ? and type = ? - } - ); - } -); -app->attr( - drop_api_token_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{ - delete from tokens where user_id = ? and type = ? - } - ); - } -); -app->attr( - set_api_token_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{ - insert or replace into tokens - (user_id, type, token) - values - (?, ?, ?) - } - ); - } -); -app->attr( - get_password_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{ - select - id, name, status, password - from users where name = ? - } - ); - } -); -app->attr( - get_token_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{ - select - name, status, token - from users where id = ? - } - ); - } -); -app->attr( - get_stationid_by_ds100_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{select id from stations where ds100 = ?}); - } -); -app->attr( - get_stationid_by_name_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{select id from stations where name = ?}); - } -); -app->attr( - undo_query => sub { - my ($self) = @_; - - return $self->app->dbh->prepare( - qq{ - insert into user_actions ( - user_id, action_id, action_time - ) values ( - ?, $action_type{undo}, ? - ) - } - ); - }, -); - -sub hash_password { - my ($password) = @_; - my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); - my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); - - return bcrypt( $password, '$2a$12$' . $salt ); -} - -sub check_password { - my ( $password, $hash ) = @_; - - if ( bcrypt( $password, $hash ) eq $hash ) { - return 1; - } - return 0; -} - -sub make_token { - return create_uuid_as_string(UUID_V4); -} - -sub epoch_to_dt { - my ($epoch) = @_; - - # Bugs (and user errors) may lead to undefined timestamps. Set them to - # 1970-01-01 to avoid crashing and show obviously wrong data instead. - $epoch //= 0; - - return DateTime->from_epoch( - epoch => $epoch, - time_zone => 'Europe/Berlin' - ); -} - -sub get_departures { - my ( $station, $lookbehind ) = @_; - - $lookbehind //= 180; - - my @station_matches - = Travel::Status::DE::IRIS::Stations::get_station($station); - - if ( @station_matches == 1 ) { - $station = $station_matches[0][0]; - my $status = Travel::Status::DE::IRIS->new( - station => $station, - main_cache => $cache_iris_main, - realtime_cache => $cache_iris_rt, - lookbehind => 20, - datetime => DateTime->now( time_zone => 'Europe/Berlin' ) - ->subtract( minutes => $lookbehind ), - lookahead => $lookbehind + 10, - ); - return { - results => [ $status->results ], - errstr => $status->errstr, - station_ds100 => - ( $status->station ? $status->station->{ds100} : 'undef' ), - station_name => - ( $status->station ? $status->station->{name} : 'undef' ), - }; - } - elsif ( @station_matches > 1 ) { - return { - results => [], - errstr => 'Ambiguous station name', - }; - } - else { - return { - results => [], - errstr => 'Unknown station name', - }; - } -} - -sub get_station { - my ($station_name) = @_; - - my @candidates - = Travel::Status::DE::IRIS::Stations::get_station($station_name); - - if ( @candidates == 1 ) { - return $candidates[0]; - } - return undef; -} - -helper 'checkin' => sub { - my ( $self, $station, $train_id, $action_id ) = @_; - - $action_id //= $action_type{checkin}; - - my $status = get_departures($station); - if ( $status->{errstr} ) { - return ( undef, $status->{errstr} ); - } - else { - my ($train) - = first { $_->train_id eq $train_id } @{ $status->{results} }; - if ( not defined $train ) { - return ( undef, "Train ${train_id} not found" ); - } - else { - - my $user = $self->get_user_status; - if ( $user->{checked_in} ) { - - # If a user is already checked in, we assume that they forgot to - # check out and do it for them. - # XXX this is an ugly workaround for the UNIQUE constraint on - # (user id, action timestamp): Ensure that checkout and re-checkin - # work even if the previous checkin was less than a second ago. - sleep(1); - $self->checkout( $station, 1 ); - - # XXX same workaround: We can't checkin immediately after checkout. - sleep(1); - } - elsif ( $user->{cancelled} ) { - - # Same - sleep(1); - $self->cancelled_to($station); - sleep(1); - } - - my $success = $self->app->action_query->execute( - $self->current_user->{id}, - $action_id, - $self->get_station_id( - ds100 => $status->{station_ds100}, - name => $status->{station_name} - ), - DateTime->now( time_zone => 'Europe/Berlin' )->epoch, - $train->type, - $train->line_no, - $train->train_no, - $train->train_id, - $train->sched_departure->epoch, - $train->departure->epoch, - join( '|', $train->route ), - join( '|', - map { ( $_->[0] ? $_->[0]->epoch : q{} ) . ':' . $_->[1] } - $train->messages ) - ); - if ( defined $success ) { - return ( $train, undef ); - } - else { - return ( undef, 'INSERT failed' ); - } - } - } -}; - -helper 'undo' => sub { - my ($self) = @_; - - my $uid = $self->current_user->{id}; - $self->app->get_last_actions_query->execute($uid); - my $rows = $self->app->get_last_actions_query->fetchall_arrayref; - - if ( @{$rows} and $rows->[0][0] == $action_type{undo} ) { - return 'Nested undo (undoing an undo) is not supported'; - } - - if ( @{$rows} > 1 and $rows->[1][0] == $action_type{undo} ) { - return 'Repeated undo is not supported'; - } - - my $success = $self->app->undo_query->execute( - $self->current_user->{id}, - DateTime->now( time_zone => 'Europe/Berlin' )->epoch, - ); - - if ( defined $success ) { - return; - } - else { - return 'INSERT failed'; - } -}; - -helper 'checkout' => sub { - my ( $self, $station, $force, $action_id ) = @_; - - $action_id //= $action_type{checkout}; - - my $status = get_departures( $station, 180 ); - my $user = $self->get_user_status; - my $train_id = $user->{train_id}; - - if ( not $user->{checked_in} and not $user->{cancelled} ) { - return 'You are not checked into any train'; - } - if ( $status->{errstr} and not $force ) { - return $status->{errstr}; - } - - my ($train) - = first { $_->train_id eq $train_id } @{ $status->{results} }; - if ( not defined $train ) { - if ($force) { - my $success = $self->app->action_query->execute( - $self->current_user->{id}, - $action_id, - $self->get_station_id( - ds100 => $status->{station_ds100}, - name => $status->{station_name} - ), - DateTime->now( time_zone => 'Europe/Berlin' )->epoch, - undef, undef, undef, undef, undef, undef, - undef, undef - ); - if ( defined $success ) { - return; - } - else { - return 'INSERT failed'; - } - } - else { - return "Train ${train_id} not found"; - } - } - else { - my $success = $self->app->action_query->execute( - $self->current_user->{id}, - $action_type{checkout}, - $self->get_station_id( - ds100 => $status->{station_ds100}, - name => $status->{station_name} - ), - DateTime->now( time_zone => 'Europe/Berlin' )->epoch, - $train->type, - $train->line_no, - $train->train_no, - $train->train_id, - $train->sched_arrival ? $train->sched_arrival->epoch : undef, - $train->arrival ? $train->arrival->epoch : undef, - join( '|', $train->route ), - join( '|', - map { ( $_->[0] ? $_->[0]->epoch : q{} ) . ':' . $_->[1] } - $train->messages ) - ); - if ( defined $success ) { - return; - } - else { - return 'INSERT failed'; - } - } -}; - -helper 'get_station_id' => sub { - my ( $self, %opt ) = @_; - - $self->app->get_stationid_by_ds100_query->execute( $opt{ds100} ); - my $rows = $self->app->get_stationid_by_ds100_query->fetchall_arrayref; - if ( @{$rows} ) { - return $rows->[0][0]; - } - else { - $self->app->add_station_query->execute( $opt{ds100}, $opt{name} ); - $self->app->get_stationid_by_ds100_query->execute( $opt{ds100} ); - my $rows = $self->app->get_stationid_by_ds100_query->fetchall_arrayref; - return $rows->[0][0]; - } -}; - -helper 'get_user_token' => sub { - my ( $self, $uid ) = @_; - - my $query = $self->app->get_token_query; - $query->execute($uid); - my $rows = $query->fetchall_arrayref; - if ( @{$rows} ) { - return @{ $rows->[0] }; - } - return; -}; - -# This helper should only be called directly when also providing a user ID. -# If you don't have one, use current_user() instead (get_user_data will -# delegate to it anyways). -helper 'get_user_data' => sub { - my ( $self, $uid ) = @_; - - $uid //= $self->current_user->{id}; - my $query = $self->app->get_user_query; - $query->execute($uid); - my $rows = $query->fetchall_arrayref; - if ( @{$rows} ) { - my @row = @{ $rows->[0] }; - return { - id => $row[0], - name => $row[1], - status => $row[2], - is_public => $row[3], - email => $row[4], - registered_at => DateTime->from_epoch( - epoch => $row[5], - time_zone => 'Europe/Berlin' - ), - last_seen => DateTime->from_epoch( - epoch => $row[6], - time_zone => 'Europe/Berlin' - ), - deletion_requested => $row[7] - ? DateTime->from_epoch( - epoch => $row[7], - time_zone => 'Europe/Berlin' - ) - : undef, - }; - } - return undef; -}; - -helper 'get_api_token' => sub { - my ( $self, $uid ) = @_; - $uid //= $self->current_user->{id}; - $self->app->get_api_tokens_query->execute($uid); - my $rows = $self->app->get_api_tokens_query->fetchall_arrayref; - my $token = {}; - for my $row ( @{$rows} ) { - $token->{ $token_types[ $row->[0] - 1 ] } = $row->[1]; - } - return $token; -}; - -helper 'get_user_password' => sub { - my ( $self, $name ) = @_; - my $query = $self->app->get_password_query; - $query->execute($name); - my $rows = $query->fetchall_arrayref; - if ( @{$rows} ) { - my @row = @{ $rows->[0] }; - return { - id => $row[0], - name => $row[1], - status => $row[2], - password_hash => $row[3], - }; - } - return; -}; - -helper 'add_user' => sub { - my ( $self, $user_name, $email, $token, $password ) = @_; - - $self->app->get_userid_query->execute($user_name); - my $rows = $self->app->get_userid_query->fetchall_arrayref; - - if ( @{$rows} ) { - my $id = $rows->[0][0]; - - # transition code for closed beta account -> normal account - if ($email) { - $self->app->set_email_query->execute( $email, $token, $id ); - } - if ($password) { - $self->app->set_password_query->execute( $password, $id ); - } - return $id; - } - else { - my $now = DateTime->now( time_zone => 'Europe/Berlin' )->epoch; - $self->app->add_user_query->execute( $user_name, $email, $token, - $password, $now, $now ); - $self->app->get_userid_query->execute($user_name); - $rows = $self->app->get_userid_query->fetchall_arrayref; - return $rows->[0][0]; - } -}; - -helper 'check_if_user_name_exists' => sub { - my ( $self, $user_name ) = @_; - - $self->app->get_userid_query->execute($user_name); - my $rows = $self->app->get_userid_query->fetchall_arrayref; - - if ( @{$rows} ) { - return 1; - } - return 0; -}; - -helper 'check_if_mail_is_blacklisted' => sub { - my ( $self, $mail ) = @_; - - $self->app->get_pending_mails_query->execute($mail); - if ( @{ $self->app->get_pending_mails_query->fetchall_arrayref } ) { - return 1; - } - $self->app->get_listed_mails_query->execute($mail); - if ( @{ $self->app->get_listed_mails_query->fetchall_arrayref } ) { - return 1; - } - return 0; -}; - -helper 'get_user_travels' => sub { - my ( $self, %opt ) = @_; - - my $uid = $self->current_user->{id}; - my $query = $self->app->get_all_actions_query; - if ( $opt{limit} ) { - $query = $self->app->get_last_actions_query; - } - - if ( $opt{uid} and $opt{checkin_epoch} and $opt{checkout_epoch} ) { - $query = $self->app->get_journey_actions_query; - $query->execute( $opt{uid}, $opt{checkin_epoch}, $opt{checkout_epoch} ); - } - else { - $query->execute($uid); - } - my @match_actions = ( $action_type{checkout}, $action_type{checkin} ); - if ( $opt{cancelled} ) { - @match_actions - = ( $action_type{cancelled_to}, $action_type{cancelled_from} ); - } - - my @travels; - my $prev_action = 0; - - while ( my @row = $query->fetchrow_array ) { - my ( - $action, $raw_ts, $ds100, $name, - $train_type, $train_line, $train_no, $train_id, - $raw_sched_ts, $raw_real_ts, $raw_route, $raw_messages - ) = @row; - - $name = decode( 'UTF-8', $name ); - $raw_route = decode( 'UTF-8', $raw_route ); - $raw_messages = decode( 'UTF-8', $raw_messages ); - - if ( $action == $match_actions[0] - or ( $opt{checkout_epoch} and $raw_ts == $opt{checkout_epoch} ) ) - { - push( - @travels, - { - to_name => $name, - sched_arrival => epoch_to_dt($raw_sched_ts), - rt_arrival => epoch_to_dt($raw_real_ts), - checkout => epoch_to_dt($raw_ts), - type => $train_type, - line => $train_line, - no => $train_no, - messages => $raw_messages - ? [ split( qr{[|]}, $raw_messages ) ] - : undef, - route => $raw_route ? [ split( qr{[|]}, $raw_route ) ] - : undef, - completed => 0, - } - ); - } - elsif ( - ( - $action == $match_actions[1] - and $prev_action == $match_actions[0] - ) - or ( $opt{checkin_epoch} and $raw_ts == $opt{checkin_epoch} ) - ) - { - my $ref = $travels[-1]; - $ref->{from_name} = $name; - $ref->{completed} = 1; - $ref->{sched_departure} = epoch_to_dt($raw_sched_ts); - $ref->{rt_departure} = epoch_to_dt($raw_real_ts); - $ref->{checkin} = epoch_to_dt($raw_ts); - $ref->{type} //= $train_type; - $ref->{line} //= $train_line; - $ref->{no} //= $train_no; - $ref->{messages} //= [ split( qr{[|]}, $raw_messages ) ]; - $ref->{route} //= [ split( qr{[|]}, $raw_route ) ]; - - if ( $opt{verbose} ) { - my @parsed_messages; - for my $message ( @{ $ref->{messages} // [] } ) { - my ( $ts, $msg ) = split( qr{:}, $message ); - push( @parsed_messages, [ epoch_to_dt($ts), $msg ] ); - } - $ref->{messages} = [ reverse @parsed_messages ]; - $ref->{sched_duration} - = $ref->{sched_arrival} - ? $ref->{sched_arrival}->epoch - - $ref->{sched_departure}->epoch - : undef; - $ref->{rt_duration} - = $ref->{rt_arrival} - ? $ref->{rt_arrival}->epoch - $ref->{rt_departure}->epoch - : undef; - $ref->{km_route} - = $self->get_travel_distance( $ref->{from_name}, - $ref->{to_name}, $ref->{route} ); - $ref->{km_beeline} - = $self->get_travel_distance( $ref->{from_name}, - $ref->{to_name}, [ $ref->{from_name}, $ref->{to_name} ] ); - $ref->{kmh_route} - = $ref->{km_route} - / ( - ( $ref->{rt_duration} // $ref->{sched_duration} // 999999 ) - / 3600 ); - $ref->{kmh_beeline} - = $ref->{km_beeline} - / ( - ( $ref->{rt_duration} // $ref->{sched_duration} // 999999 ) - / 3600 ); - } - if ( $opt{checkin_epoch} - and $action == $action_type{cancelled_from} ) - { - $ref->{cancelled} = 1; - } - } - $prev_action = $action; - } - - return @travels; -}; - -helper 'get_user_status' => sub { - my ( $self, $uid ) = @_; - - $uid //= $self->current_user->{id}; - $self->app->get_last_actions_query->execute($uid); - my $rows = $self->app->get_last_actions_query->fetchall_arrayref; - - if ( @{$rows} ) { - my $now = DateTime->now( time_zone => 'Europe/Berlin' ); - - my @cols = @{ $rows->[0] }; - if ( @{$rows} > 2 and $rows->[0][0] == $action_type{undo} ) { - @cols = @{ $rows->[2] }; - } - - my $action_ts = epoch_to_dt( $cols[1] ); - my $sched_ts = epoch_to_dt( $cols[8] ); - my $real_ts = epoch_to_dt( $cols[9] ); - my $checkin_station_name = decode( 'UTF-8', $cols[3] ); - my @route = split( qr{[|]}, decode( 'UTF-8', $cols[10] // q{} ) ); - my @route_after; - my $is_after = 0; - for my $station (@route) { - if ( $station eq $checkin_station_name ) { - $is_after = 1; - } - if ($is_after) { - push( @route_after, $station ); - } - } - return { - checked_in => ( $cols[0] == $action_type{checkin} ), - cancelled => ( $cols[0] == $action_type{cancelled_from} ), - timestamp => $action_ts, - timestamp_delta => $now->epoch - $action_ts->epoch, - sched_ts => $sched_ts, - real_ts => $real_ts, - station_ds100 => $cols[2], - station_name => $checkin_station_name, - train_type => $cols[4], - train_line => $cols[5], - train_no => $cols[6], - train_id => $cols[7], - route => \@route, - route_after => \@route_after, - }; - } - return { - checked_in => 0, - timestamp => epoch_to_dt(0), - sched_ts => epoch_to_dt(0), - real_ts => epoch_to_dt(0), - }; -}; - -helper 'get_travel_distance' => sub { - my ( $self, $from, $to, $route_ref ) = @_; - - my $distance = 0; - my $geo = Geo::Distance->new(); - my @route = after_incl { $_ eq $from } @{$route_ref}; - @route = before_incl { $_ eq $to } @route; - - if ( @route < 2 ) { - - # I AM ERROR - return 0; - } - - my $prev_station = get_station( shift @route ); - if ( not $prev_station ) { - return 0; - } - - for my $station_name (@route) { - if ( my $station = get_station($station_name) ) { - $distance += $geo->distance( 'kilometer', $prev_station->[3], - $prev_station->[4], $station->[3], $station->[4] ); - $prev_station = $station; - } - } - - return $distance; -}; - -helper 'navbar_class' => sub { - my ( $self, $path ) = @_; - - if ( $self->req->url eq $self->url_for($path) ) { - return 'active'; - } - return q{}; -}; - -get '/' => sub { - my ($self) = @_; - if ( $self->is_user_authenticated ) { - $self->render( 'landingpage', with_geolocation => 1 ); - } - else { - $self->render( 'landingpage', intro => 1 ); - } -}; - -get '/about' => sub { - my ($self) = @_; - - $self->render( 'about', version => $VERSION ); -}; - -get '/impressum' => sub { - my ($self) = @_; - - $self->render('imprint'); -}; - -get '/imprint' => sub { - my ($self) = @_; - - $self->render('imprint'); -}; - -post '/geolocation' => sub { - my ($self) = @_; - - my $lon = $self->param('lon'); - my $lat = $self->param('lat'); - - if ( not $lon or not $lat ) { - $self->render( json => { error => 'Invalid lon/lat received' } ); - } - else { - my @candidates = map { - { - ds100 => $_->[0][0], - name => $_->[0][1], - eva => $_->[0][2], - lon => $_->[0][3], - lat => $_->[0][4], - distance => $_->[1], - } - } Travel::Status::DE::IRIS::Stations::get_station_by_location( $lon, - $lat, 5 ); - $self->render( - json => { - candidates => [@candidates], - } - ); - } - -}; - -post '/list_departures' => sub { - my ($self) = @_; - my $station = $self->param('station'); - - $self->redirect_to("/s/${station}"); -}; - -get '/api/v0/:action/:token' => sub { - my ($self) = @_; - - my $api_action = $self->stash('action'); - my $api_token = $self->stash('token'); - if ( $api_action !~ qr{ ^ (?: status | history | action ) $ }x ) { - $self->render( - json => { - error => 'Invalid action', - }, - ); - return; - } - if ( $api_token !~ qr{ ^ (?<id> \d+ ) - (?<token> .* ) $ }x ) { - $self->render( - json => { - error => 'Malformed token', - }, - ); - return; - } - my $uid = $+{id}; - $api_token = $+{token}; - my $token = $self->get_api_token($uid); - if ( $api_token ne $token->{$api_action} ) { - $self->render( - json => { - error => 'Invalid token', - }, - ); - return; - } - if ( $api_action eq 'status' ) { - my $status = $self->get_user_status($uid); - - my @station_descriptions; - my $station_eva = undef; - my $station_lon = undef; - my $station_lat = undef; - - if ( $status->{station_ds100} ) { - @station_descriptions - = Travel::Status::DE::IRIS::Stations::get_station( - $status->{station_ds100} ); - } - if ( @station_descriptions == 1 ) { - ( undef, undef, $station_eva, $station_lon, $station_lat ) - = @{ $station_descriptions[0] }; - } - $self->render( - json => { - deprecated => \0, - checked_in => ( - $status->{checked_in} - or $status->{cancelled} - ) ? \1 : \0, - station => { - ds100 => $status->{station_ds100}, - name => $status->{station_name}, - uic => $station_eva, - longitude => $station_lon, - latitude => $station_lat, - }, - train => { - type => $status->{train_type}, - line => $status->{train_line}, - no => $status->{train_no}, - }, - actionTime => $status->{timestamp}->epoch, - scheduledTime => $status->{sched_ts}->epoch, - realTime => $status->{real_ts}->epoch, - }, - ); - } - else { - $self->render( - json => { - error => 'not implemented', - }, - ); - } -}; - -get '/login' => sub { - my ($self) = @_; - $self->render('login'); -}; - -post '/login' => sub { - my ($self) = @_; - my $user = $self->req->param('user'); - my $password = $self->req->param('password'); - - # Keep cookies for 6 months - $self->session( expiration => 60 * 60 * 24 * 180 ); - - if ( $self->validation->csrf_protect->has_error('csrf_token') ) { - $self->render( - 'login', - invalid => 'csrf', - ); - } - else { - if ( $self->authenticate( $user, $password ) ) { - $self->redirect_to( $self->req->param('redirect_to') // '/' ); - } - else { - my $data = $self->get_user_password($user); - if ( $data and $data->{status} == 0 ) { - $self->render( 'login', invalid => 'confirmation' ); - } - else { - $self->render( 'login', invalid => 'credentials' ); - } - } - } -}; - -get '/register' => sub { - my ($self) = @_; - $self->render('register'); -}; - -post '/register' => sub { - my ($self) = @_; - my $user = $self->req->param('user'); - my $email = $self->req->param('email'); - my $password = $self->req->param('password'); - my $password2 = $self->req->param('password2'); - my $ip = $self->req->headers->header('X-Forwarded-For'); - my $ua = $self->req->headers->user_agent; - my $date = DateTime->now( time_zone => 'Europe/Berlin' ) - ->strftime('%d.%m.%Y %H:%M:%S %z'); - - # In case Mojolicious is not running behind a reverse proxy - $ip - //= sprintf( '%s:%s', $self->tx->remote_address, $self->tx->remote_port ); - - if ( $self->validation->csrf_protect->has_error('csrf_token') ) { - $self->render( - 'register', - invalid => 'csrf', - ); - return; - } - - if ( not length($user) ) { - $self->render( 'register', invalid => 'user_empty' ); - return; - } - - if ( not length($email) ) { - $self->render( 'register', invalid => 'mail_empty' ); - return; - } - - if ( $user !~ m{ ^ [0-9a-zA-Z_-]+ $ }x ) { - $self->render( 'register', invalid => 'user_format' ); - return; - } - - if ( $self->check_if_user_name_exists($user) ) { - $self->render( 'register', invalid => 'user_collision' ); - return; - } - - if ( $self->check_if_mail_is_blacklisted($email) ) { - $self->render( 'register', invalid => 'mail_blacklisted' ); - return; - } - - if ( $password ne $password2 ) { - $self->render( 'register', invalid => 'password_notequal' ); - return; - } - - if ( length($password) < 8 ) { - $self->render( 'register', invalid => 'password_short' ); - return; - } - - my $token = make_token(); - my $pw_hash = hash_password($password); - $self->app->dbh->begin_work; - my $user_id = $self->add_user( $user, $email, $token, $pw_hash ); - my $reg_url = $self->url_for('reg')->to_abs->scheme('https'); - my $imprint_url = $self->url_for('impressum')->to_abs->scheme('https'); - - my $body = "Hallo, ${user}!\n\n"; - $body .= "Mit deiner E-Mail-Adresse (${email}) wurde ein Account bei\n"; - $body .= "travelynx angelegt.\n\n"; - $body - .= "Falls die Registrierung von dir ausging, kannst du den Account unter\n"; - $body .= "${reg_url}/${user_id}/${token}\n"; - $body .= "freischalten.\n\n"; - $body - .= "Falls nicht, ignoriere diese Mail bitte. Nach etwa 48 Stunden wird deine\n"; - $body - .= "Mail-Adresse erneut zur Registrierung freigeschaltet. Falls auch diese fehlschlägt,\n"; - $body - .= "werden wir sie dauerhaft sperren und keine Mails mehr dorthin schicken.\n\n"; - $body .= "Daten zur Registrierung:\n"; - $body .= " * Datum: ${date}\n"; - $body .= " * Verwendete IP: ${ip}\n"; - $body .= " * Verwendeter Browser gemäß User Agent: ${ua}\n\n\n"; - $body .= "Impressum: ${imprint_url}\n"; - - my $reg_mail = Email::Simple->create( - header => [ - To => $email, - From => 'Travelynx <travelynx@finalrewind.org>', - Subject => 'Registrierung bei travelynx', - 'Content-Type' => 'text/plain; charset=UTF-8', - ], - body => encode( 'utf-8', $body ), - ); - - my $success = try_to_sendmail($reg_mail); - if ($success) { - $self->app->dbh->commit; - $self->render( 'login', from => 'register' ); - } - else { - $self->app->dbh->rollback; - $self->render( 'register', invalid => 'sendmail' ); - } -}; - -get '/reg/:id/:token' => sub { - my ($self) = @_; - - my $id = $self->stash('id'); - my $token = $self->stash('token'); - - my @db_user = $self->get_user_token($id); - - if ( not @db_user ) { - $self->render( 'register', invalid => 'token' ); - return; - } - - my ( $db_name, $db_status, $db_token ) = @db_user; - - if ( not $db_name or $token ne $db_token or $db_status != 0 ) { - $self->render( 'register', invalid => 'token' ); - return; - } - $self->app->set_status_query->execute( 1, $id ); - $self->render( 'login', from => 'verification' ); -}; - -post '/action' => sub { - my ($self) = @_; - my $params = $self->req->json; - - if ( not exists $params->{action} ) { - $params = $self->req->params->to_hash; - } - - if ( not $self->is_user_authenticated ) { - - # We deliberately do not set the HTTP status for these replies, as it - # confuses jquery. - $self->render( - json => { - success => 0, - error => 'Session error, please login again', - }, - ); - return; - } - - if ( not $params->{action} ) { - $self->render( - json => { - success => 0, - error => 'Missing action value', - }, - ); - return; - } - - my $station = $params->{station}; - - if ( $params->{action} eq 'checkin' ) { - - my ( $train, $error ) - = $self->checkin( $params->{station}, $params->{train} ); - - if ($error) { - $self->render( - json => { - success => 0, - error => $error, - }, - ); - } - else { - $self->render( - json => { - success => 1, - }, - ); - } - } - elsif ( $params->{action} eq 'checkout' ) { - my $error = $self->checkout( $params->{station}, $params->{force} ); - - if ($error) { - $self->render( - json => { - success => 0, - error => $error, - }, - ); - } - else { - $self->render( - json => { - success => 1, - }, - ); - } - } - elsif ( $params->{action} eq 'undo' ) { - my $error = $self->undo; - if ($error) { - $self->render( - json => { - success => 0, - error => $error, - }, - ); - } - else { - $self->render( - json => { - success => 1, - }, - ); - } - } - elsif ( $params->{action} eq 'cancelled_from' ) { - my ( undef, $error ) - = $self->checkin( $params->{station}, $params->{train}, - $action_type{cancelled_from} ); - - if ($error) { - $self->render( - json => { - success => 0, - error => $error, - }, - ); - } - else { - $self->render( - json => { - success => 1, - }, - ); - } - } - elsif ( $params->{action} eq 'cancelled_to' ) { - my $error = $self->checkout( $params->{station}, 1, - $action_type{cancelled_to} ); - - if ($error) { - $self->render( - json => { - success => 0, - error => $error, - }, - ); - } - else { - $self->render( - json => { - success => 1, - }, - ); - } - } - else { - $self->render( - json => { - success => 0, - error => 'invalid action value', - }, - ); - } -}; - -under sub { - my ($self) = @_; - if ( $self->is_user_authenticated ) { - return 1; - } - $self->render( 'login', redirect_to => $self->req->url ); - return undef; -}; - -get '/account' => sub { - my ($self) = @_; - - $self->render('account'); -}; - -get '/history' => sub { - my ($self) = @_; - my $cancelled = $self->param('cancelled') ? 1 : 0; - - $self->respond_to( - json => - { json => [ $self->get_user_travels( cancelled => $cancelled ) ] }, - any => { template => 'history' } - ); -}; - -get '/history.json' => sub { - my ($self) = @_; - my $cancelled = $self->param('cancelled') ? 1 : 0; - - $self->render( - json => [ $self->get_user_travels( cancelled => $cancelled ) ] ); -}; - -get '/journey/:id' => sub { - my ($self) = @_; - my ( $uid, $checkin_ts, $checkout_ts ) = split( qr{-}, $self->stash('id') ); - - if ( $uid != $self->current_user->{id} ) { - $self->render( - 'journey', - error => 'notfound', - journey => {} - ); - return; - } - - my @journeys = $self->get_user_travels( - uid => $uid, - checkin_epoch => $checkin_ts, - checkout_epoch => $checkout_ts, - verbose => 1, - ); - if ( @journeys == 0 ) { - $self->render( - 'journey', - error => 'notfound', - journey => {} - ); - return; - } - - $self->render( - 'journey', - error => undef, - journey => $journeys[0] - ); -}; - -get '/export.json' => sub { - my ($self) = @_; - my $uid = $self->current_user->{id}; - my $query = $self->app->get_all_actions_query; - - $query->execute($uid); - - my @entries; - - while ( my @row = $query->fetchrow_array ) { - my ( - $action, $raw_ts, $ds100, $name, - $train_type, $train_line, $train_no, $train_id, - $raw_sched_ts, $raw_real_ts, $raw_route, $raw_messages - ) = @row; - - $name = decode( 'UTF-8', $name ); - $raw_route = decode( 'UTF-8', $raw_route ); - $raw_messages = decode( 'UTF-8', $raw_messages ); - push( - @entries, - { - action => $action_types[ $action - 1 ], - action_ts => $raw_ts, - station_ds100 => $ds100, - station_name => $name, - train_type => $train_type, - train_line => $train_line, - train_no => $train_no, - train_id => $train_id, - scheduled_ts => $raw_sched_ts, - realtime_ts => $raw_real_ts, - messages => $raw_messages - ? [ map { [ split(qr{:}) ] } split( qr{[|]}, $raw_messages ) ] - : undef, - route => $raw_route ? [ split( qr{[|]}, $raw_route ) ] - : undef, - } - ); - } - - $self->render( - json => [@entries], - ); -}; - -post '/delete' => sub { - my ($self) = @_; - if ( $self->validation->csrf_protect->has_error('csrf_token') ) { - $self->render( 'account', invalid => 'csrf' ); - return; - } - - my $now = DateTime->now( time_zone => 'Europe/Berlin' )->epoch; - - if ( $self->param('action') eq 'delete' ) { - if ( - not $self->authenticate( - $self->current_user->{name}, - $self->param('password') - ) - ) - { - $self->render( 'account', invalid => 'password' ); - return; - } - $self->app->mark_for_deletion_query->execute( $now, - $self->current_user->{id} ); - } - else { - $self->app->mark_for_deletion_query->execute( undef, - $self->current_user->{id} ); - } - $self->redirect_to('account'); -}; - -post '/logout' => sub { - my ($self) = @_; - if ( $self->validation->csrf_protect->has_error('csrf_token') ) { - $self->render( 'login', invalid => 'csrf' ); - return; - } - $self->logout; - $self->redirect_to('/login'); -}; - -post '/set_token' => sub { - my ($self) = @_; - if ( $self->validation->csrf_protect->has_error('csrf_token') ) { - $self->render( 'account', invalid => 'csrf' ); - return; - } - my $token = make_token(); - my $token_id = $token_type{ $self->param('token') }; - - if ( not $token_id ) { - $self->redirect_to('account'); - return; - } - - if ( $self->param('action') eq 'delete' ) { - $self->app->drop_api_token_query->execute( $self->current_user->{id}, - $token_id ); - } - else { - $self->app->set_api_token_query->execute( $self->current_user->{id}, - $token_id, $token ); - } - $self->redirect_to('account'); -}; - -get '/s/*station' => sub { - my ($self) = @_; - my $station = $self->stash('station'); - my $train = $self->param('train'); - - my $status = get_departures($station); - - if ( $status->{errstr} ) { - $self->render( - 'landingpage', - with_geolocation => 1, - error => $status->{errstr} - ); - } - else { - # You can't check into a train which terminates here - my @results = grep { $_->departure } @{ $status->{results} }; - - @results = map { $_->[0] } - sort { $b->[1] <=> $a->[1] } - map { [ $_, $_->departure->epoch // $_->sched_departure->epoch ] } - @results; - - if ($train) { - @results - = grep { $_->type . ' ' . $_->train_no eq $train } @results; - } - - $self->render( - 'departures', - ds100 => $status->{station_ds100}, - results => \@results, - station => $status->{station_name}, - title => "travelynx: $status->{station_name}", - ); - } -}; - -if ( $ENV{TRAVELYNX_SECRETS} ) { - app->secrets( [ split( qr{:}, $ENV{TRAVELYNX_SECRETS} ) ] ); -} - -app->defaults( layout => 'default' ); - -app->config( - hypnotoad => { - accepts => 40, - listen => [ $ENV{TRAVELYNX_LISTEN} // 'http://*:8093' ], - pid_file => '/tmp/travelynx.pid', - workers => $ENV{TRAVELYNX_WORKERS} // 2, - }, -); - -app->types->type( json => 'application/json; charset=utf-8' ); - -app->start; +Mojolicious::Commands->start_app('Travelynx'); diff --git a/lib/Travelynx.pm b/lib/Travelynx.pm new file mode 100755 index 0000000..05725f3 --- /dev/null +++ b/lib/Travelynx.pm @@ -0,0 +1,1189 @@ +package Travelynx; +use Mojo::Base 'Mojolicious'; + +use Mojolicious::Plugin::Authentication; +use Cache::File; +use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); +use DateTime; +use DBI; +use Encode qw(decode encode); +use Geo::Distance; +use List::Util qw(first); +use List::MoreUtils qw(after_incl before_incl); +use Travel::Status::DE::IRIS; +use Travel::Status::DE::IRIS::Stations; + +our $VERSION = qx{git describe --dirty} || 'experimental'; + +my $cache_iris_main = Cache::File->new( + cache_root => $ENV{TRAVELYNX_IRIS_CACHE} // '/tmp/dbf-iris-main', + default_expires => '6 hours', + lock_level => Cache::File::LOCK_LOCAL(), +); + +my $cache_iris_rt = Cache::File->new( + cache_root => $ENV{TRAVELYNX_IRISRT_CACHE} // '/tmp/dbf-iris-realtime', + default_expires => '70 seconds', + lock_level => Cache::File::LOCK_LOCAL(), +); + +my $dbname = $ENV{TRAVELYNX_DB_FILE} // 'travelynx.sqlite'; + +my %action_type = ( + checkin => 1, + checkout => 2, + undo => 3, + cancelled_from => 4, + cancelled_to => 5, +); +my @action_types = (qw(checkin checkout undo cancelled_from cancelled_to)); +my %token_type = ( + status => 1, + history => 2, + action => 3, +); +my @token_types = (qw(status history action)); + +sub hash_password { + my ($password) = @_; + my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); + my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); + + return bcrypt( $password, '$2a$12$' . $salt ); +} + +sub check_password { + my ( $password, $hash ) = @_; + + if ( bcrypt( $password, $hash ) eq $hash ) { + return 1; + } + return 0; +} + +sub epoch_to_dt { + my ($epoch) = @_; + + # Bugs (and user errors) may lead to undefined timestamps. Set them to + # 1970-01-01 to avoid crashing and show obviously wrong data instead. + $epoch //= 0; + + return DateTime->from_epoch( + epoch => $epoch, + time_zone => 'Europe/Berlin' + ); +} + + +sub get_station { + my ($station_name) = @_; + + my @candidates + = Travel::Status::DE::IRIS::Stations::get_station($station_name); + + if ( @candidates == 1 ) { + return $candidates[0]; + } + return undef; +} + +sub startup { + my ($self) = @_; + +if ( $ENV{TRAVELYNX_SECRETS} ) { + $self->secrets( [ split( qr{:}, $ENV{TRAVELYNX_SECRETS} ) ] ); +} + +$self->defaults( layout => 'default' ); + +$self->config( + hypnotoad => { + accepts => 40, + listen => [ $ENV{TRAVELYNX_LISTEN} // 'http://*:8093' ], + pid_file => '/tmp/travelynx.pid', + workers => $ENV{TRAVELYNX_WORKERS} // 2, + }, +); + +$self->types->type( json => 'application/json; charset=utf-8' ); + +$self->plugin( + authentication => { + autoload_user => 1, + fail_render => { template => 'login' }, + load_user => sub { + my ( $self, $uid ) = @_; + return $self->get_user_data($uid); + }, + validate_user => sub { + my ( $self, $username, $password, $extradata ) = @_; + my $user_info = $self->get_user_password($username); + if ( not $user_info ) { + return undef; + } + if ( $user_info->{status} != 1 ) { + return undef; + } + if ( check_password( $password, $user_info->{password_hash} ) ) { + return $user_info->{id}; + } + return undef; + }, + } +); +$self->sessions->default_expiration( 60 * 60 * 24 * 180 ); + +$self->defaults( layout => 'default' ); + +$self->attr( + add_station_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{ + insert into stations (ds100, name) values (?, ?) + } + ); + } +); +$self->attr( + add_user_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{ + insert into users ( + name, status, public_level, email, token, password, + registered_at, last_login + ) values (?, 0, 0, ?, ?, ?, ?, ?); + } + ); + } +); +$self->attr( + set_email_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{ + update users set email = ?, token = ? where id = ?; + } + ); + } +); +$self->attr( + set_password_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{ + update users set password = ? where id = ?; + } + ); + } +); +$self->attr( + add_mail_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{ + insert into pending_mails ( + email, num_tries, last_try + ) values (?, ?, ?); + } + ); + } +); +$self->attr( + set_status_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{ + update users set status = ? where id = ?; + } + ); + } +); +$self->attr( + mark_for_deletion_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{ + update users set deletion_requested = ? where id = ?; + } + ); + } +); +$self->attr( + action_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{ + insert into user_actions ( + user_id, action_id, station_id, action_time, + train_type, train_line, train_no, train_id, + sched_time, real_time, + route, messages + ) values ( + ?, ?, ?, ?, + ?, ?, ?, ?, + ?, ?, + ?, ? + ) + } + ); + }, +); +$self->attr( + dbh => sub { + my ($self) = @_; + + return DBI->connect( "dbi:SQLite:dbname=${dbname}", q{}, q{} ); + } +); +$self->attr( + get_all_actions_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{ + select action_id, action_time, stations.ds100, stations.name, + train_type, train_line, train_no, train_id, + sched_time, real_time, + route, messages + from user_actions + left outer join stations on station_id = stations.id + where user_id = ? + order by action_time desc + } + ); + } +); +$self->attr( + get_last_actions_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{ + select action_id, action_time, stations.ds100, stations.name, + train_type, train_line, train_no, train_id, + sched_time, real_time, + route, messages + from user_actions + left outer join stations on station_id = stations.id + where user_id = ? + order by action_time desc + limit 10 + } + ); + } +); +$self->attr( + get_journey_actions_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{ + select action_id, action_time, stations.ds100, stations.name, + train_type, train_line, train_no, train_id, + sched_time, real_time, + route, messages + from user_actions + left outer join stations on station_id = stations.id + where user_id = ? + and (action_time = ? or action_time = ?) + order by action_time desc + limit 2 + } + ); + } +); +$self->attr( + get_userid_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{select id from users where name = ?}); + } +); +$self->attr( + get_pending_mails_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{select id from users where email = ? and status = 0;}); + } +); +$self->attr( + get_listed_mails_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{select * from pending_mails where email = ? and num_tries > 1;}); + } +); +$self->attr( + get_user_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{ + select + id, name, status, public_level, email, + registered_at, last_login, deletion_requested + from users where id = ? + } + ); + } +); +$self->attr( + get_api_tokens_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{ + select + type, token + from tokens where user_id = ? + } + ); + } +); +$self->attr( + get_api_token_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{ + select + token + from tokens where user_id = ? and type = ? + } + ); + } +); +$self->attr( + drop_api_token_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{ + delete from tokens where user_id = ? and type = ? + } + ); + } +); +$self->attr( + set_api_token_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{ + insert or replace into tokens + (user_id, type, token) + values + (?, ?, ?) + } + ); + } +); +$self->attr( + get_password_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{ + select + id, name, status, password + from users where name = ? + } + ); + } +); +$self->attr( + get_token_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{ + select + name, status, token + from users where id = ? + } + ); + } +); +$self->attr( + get_stationid_by_ds100_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{select id from stations where ds100 = ?}); + } +); +$self->attr( + get_stationid_by_name_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{select id from stations where name = ?}); + } +); +$self->attr( + undo_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{ + insert into user_actions ( + user_id, action_id, action_time + ) values ( + ?, $action_type{undo}, ? + ) + } + ); + }, +); + +$self->helper('get_departures' => sub { + my ( $self, $station, $lookbehind ) = @_; + + $lookbehind //= 180; + + my @station_matches + = Travel::Status::DE::IRIS::Stations::get_station($station); + + if ( @station_matches == 1 ) { + $station = $station_matches[0][0]; + my $status = Travel::Status::DE::IRIS->new( + station => $station, + main_cache => $cache_iris_main, + realtime_cache => $cache_iris_rt, + lookbehind => 20, + datetime => DateTime->now( time_zone => 'Europe/Berlin' ) + ->subtract( minutes => $lookbehind ), + lookahead => $lookbehind + 10, + ); + return { + results => [ $status->results ], + errstr => $status->errstr, + station_ds100 => + ( $status->station ? $status->station->{ds100} : 'undef' ), + station_name => + ( $status->station ? $status->station->{name} : 'undef' ), + }; + } + elsif ( @station_matches > 1 ) { + return { + results => [], + errstr => 'Ambiguous station name', + }; + } + else { + return { + results => [], + errstr => 'Unknown station name', + }; + } +}); + +$self->helper('checkin' => sub { + my ( $self, $station, $train_id, $action_id ) = @_; + + $action_id //= $action_type{checkin}; + + my $status = $self->get_departures($station); + if ( $status->{errstr} ) { + return ( undef, $status->{errstr} ); + } + else { + my ($train) + = first { $_->train_id eq $train_id } @{ $status->{results} }; + if ( not defined $train ) { + return ( undef, "Train ${train_id} not found" ); + } + else { + + my $user = $self->get_user_status; + if ( $user->{checked_in} ) { + + # If a user is already checked in, we assume that they forgot to + # check out and do it for them. + # XXX this is an ugly workaround for the UNIQUE constraint on + # (user id, action timestamp): Ensure that checkout and re-checkin + # work even if the previous checkin was less than a second ago. + sleep(1); + $self->checkout( $station, 1 ); + + # XXX same workaround: We can't checkin immediately after checkout. + sleep(1); + } + elsif ( $user->{cancelled} ) { + + # Same + sleep(1); + $self->cancelled_to($station); + sleep(1); + } + + my $success = $self->app->action_query->execute( + $self->current_user->{id}, + $action_id, + $self->get_station_id( + ds100 => $status->{station_ds100}, + name => $status->{station_name} + ), + DateTime->now( time_zone => 'Europe/Berlin' )->epoch, + $train->type, + $train->line_no, + $train->train_no, + $train->train_id, + $train->sched_departure->epoch, + $train->departure->epoch, + join( '|', $train->route ), + join( '|', + map { ( $_->[0] ? $_->[0]->epoch : q{} ) . ':' . $_->[1] } + $train->messages ) + ); + if ( defined $success ) { + return ( $train, undef ); + } + else { + return ( undef, 'INSERT failed' ); + } + } + } +}); + +$self->helper('undo' => sub { + my ($self) = @_; + + my $uid = $self->current_user->{id}; + $self->app->get_last_actions_query->execute($uid); + my $rows = $self->app->get_last_actions_query->fetchall_arrayref; + + if ( @{$rows} and $rows->[0][0] == $action_type{undo} ) { + return 'Nested undo (undoing an undo) is not supported'; + } + + if ( @{$rows} > 1 and $rows->[1][0] == $action_type{undo} ) { + return 'Repeated undo is not supported'; + } + + my $success = $self->app->undo_query->execute( + $self->current_user->{id}, + DateTime->now( time_zone => 'Europe/Berlin' )->epoch, + ); + + if ( defined $success ) { + return; + } + else { + return 'INSERT failed'; + } +}); + +$self->helper('checkout' => sub { + my ( $self, $station, $force, $action_id ) = @_; + + $action_id //= $action_type{checkout}; + + my $status = $self->get_departures( $station, 180 ); + my $user = $self->get_user_status; + my $train_id = $user->{train_id}; + + if ( not $user->{checked_in} and not $user->{cancelled} ) { + return 'You are not checked into any train'; + } + if ( $status->{errstr} and not $force ) { + return $status->{errstr}; + } + + my ($train) + = first { $_->train_id eq $train_id } @{ $status->{results} }; + if ( not defined $train ) { + if ($force) { + my $success = $self->app->action_query->execute( + $self->current_user->{id}, + $action_id, + $self->get_station_id( + ds100 => $status->{station_ds100}, + name => $status->{station_name} + ), + DateTime->now( time_zone => 'Europe/Berlin' )->epoch, + undef, undef, undef, undef, undef, undef, + undef, undef + ); + if ( defined $success ) { + return; + } + else { + return 'INSERT failed'; + } + } + else { + return "Train ${train_id} not found"; + } + } + else { + my $success = $self->app->action_query->execute( + $self->current_user->{id}, + $action_type{checkout}, + $self->get_station_id( + ds100 => $status->{station_ds100}, + name => $status->{station_name} + ), + DateTime->now( time_zone => 'Europe/Berlin' )->epoch, + $train->type, + $train->line_no, + $train->train_no, + $train->train_id, + $train->sched_arrival ? $train->sched_arrival->epoch : undef, + $train->arrival ? $train->arrival->epoch : undef, + join( '|', $train->route ), + join( '|', + map { ( $_->[0] ? $_->[0]->epoch : q{} ) . ':' . $_->[1] } + $train->messages ) + ); + if ( defined $success ) { + return; + } + else { + return 'INSERT failed'; + } + } +}); + +$self->helper('get_station_id' => sub { + my ( $self, %opt ) = @_; + + $self->app->get_stationid_by_ds100_query->execute( $opt{ds100} ); + my $rows = $self->app->get_stationid_by_ds100_query->fetchall_arrayref; + if ( @{$rows} ) { + return $rows->[0][0]; + } + else { + $self->app->add_station_query->execute( $opt{ds100}, $opt{name} ); + $self->app->get_stationid_by_ds100_query->execute( $opt{ds100} ); + my $rows = $self->app->get_stationid_by_ds100_query->fetchall_arrayref; + return $rows->[0][0]; + } +}); + +$self->helper('get_user_token' => sub { + my ( $self, $uid ) = @_; + + my $query = $self->app->get_token_query; + $query->execute($uid); + my $rows = $query->fetchall_arrayref; + if ( @{$rows} ) { + return @{ $rows->[0] }; + } + return; +}); + +# This helper should only be called directly when also providing a user ID. +# If you don't have one, use current_user() instead (get_user_data will +# delegate to it anyways). +$self->helper('get_user_data' => sub { + my ( $self, $uid ) = @_; + + $uid //= $self->current_user->{id}; + my $query = $self->app->get_user_query; + $query->execute($uid); + my $rows = $query->fetchall_arrayref; + if ( @{$rows} ) { + my @row = @{ $rows->[0] }; + return { + id => $row[0], + name => $row[1], + status => $row[2], + is_public => $row[3], + email => $row[4], + registered_at => DateTime->from_epoch( + epoch => $row[5], + time_zone => 'Europe/Berlin' + ), + last_seen => DateTime->from_epoch( + epoch => $row[6], + time_zone => 'Europe/Berlin' + ), + deletion_requested => $row[7] + ? DateTime->from_epoch( + epoch => $row[7], + time_zone => 'Europe/Berlin' + ) + : undef, + }; + } + return undef; +}); + +$self->helper('get_api_token' => sub { + my ( $self, $uid ) = @_; + $uid //= $self->current_user->{id}; + $self->app->get_api_tokens_query->execute($uid); + my $rows = $self->app->get_api_tokens_query->fetchall_arrayref; + my $token = {}; + for my $row ( @{$rows} ) { + $token->{ $token_types[ $row->[0] - 1 ] } = $row->[1]; + } + return $token; +}); + +$self->helper('get_user_password' => sub { + my ( $self, $name ) = @_; + my $query = $self->app->get_password_query; + $query->execute($name); + my $rows = $query->fetchall_arrayref; + if ( @{$rows} ) { + my @row = @{ $rows->[0] }; + return { + id => $row[0], + name => $row[1], + status => $row[2], + password_hash => $row[3], + }; + } + return; +}); + +$self->helper('add_user' => sub { + my ( $self, $user_name, $email, $token, $password ) = @_; + + $self->app->get_userid_query->execute($user_name); + my $rows = $self->app->get_userid_query->fetchall_arrayref; + + if ( @{$rows} ) { + my $id = $rows->[0][0]; + + # transition code for closed beta account -> normal account + if ($email) { + $self->app->set_email_query->execute( $email, $token, $id ); + } + if ($password) { + $self->app->set_password_query->execute( $password, $id ); + } + return $id; + } + else { + my $now = DateTime->now( time_zone => 'Europe/Berlin' )->epoch; + $self->app->add_user_query->execute( $user_name, $email, $token, + $password, $now, $now ); + $self->app->get_userid_query->execute($user_name); + $rows = $self->app->get_userid_query->fetchall_arrayref; + return $rows->[0][0]; + } +}); + +$self->helper('check_if_user_name_exists' => sub { + my ( $self, $user_name ) = @_; + + $self->app->get_userid_query->execute($user_name); + my $rows = $self->app->get_userid_query->fetchall_arrayref; + + if ( @{$rows} ) { + return 1; + } + return 0; +}); + +$self->helper('check_if_mail_is_blacklisted' => sub { + my ( $self, $mail ) = @_; + + $self->app->get_pending_mails_query->execute($mail); + if ( @{ $self->app->get_pending_mails_query->fetchall_arrayref } ) { + return 1; + } + $self->app->get_listed_mails_query->execute($mail); + if ( @{ $self->app->get_listed_mails_query->fetchall_arrayref } ) { + return 1; + } + return 0; +}); + +$self->helper('get_user_travels' => sub { + my ( $self, %opt ) = @_; + + my $uid = $self->current_user->{id}; + my $query = $self->app->get_all_actions_query; + if ( $opt{limit} ) { + $query = $self->app->get_last_actions_query; + } + + if ( $opt{uid} and $opt{checkin_epoch} and $opt{checkout_epoch} ) { + $query = $self->app->get_journey_actions_query; + $query->execute( $opt{uid}, $opt{checkin_epoch}, $opt{checkout_epoch} ); + } + else { + $query->execute($uid); + } + my @match_actions = ( $action_type{checkout}, $action_type{checkin} ); + if ( $opt{cancelled} ) { + @match_actions + = ( $action_type{cancelled_to}, $action_type{cancelled_from} ); + } + + my @travels; + my $prev_action = 0; + + while ( my @row = $query->fetchrow_array ) { + my ( + $action, $raw_ts, $ds100, $name, + $train_type, $train_line, $train_no, $train_id, + $raw_sched_ts, $raw_real_ts, $raw_route, $raw_messages + ) = @row; + + $name = decode( 'UTF-8', $name ); + $raw_route = decode( 'UTF-8', $raw_route ); + $raw_messages = decode( 'UTF-8', $raw_messages ); + + if ( $action == $match_actions[0] + or ( $opt{checkout_epoch} and $raw_ts == $opt{checkout_epoch} ) ) + { + push( + @travels, + { + to_name => $name, + sched_arrival => epoch_to_dt($raw_sched_ts), + rt_arrival => epoch_to_dt($raw_real_ts), + checkout => epoch_to_dt($raw_ts), + type => $train_type, + line => $train_line, + no => $train_no, + messages => $raw_messages + ? [ split( qr{[|]}, $raw_messages ) ] + : undef, + route => $raw_route ? [ split( qr{[|]}, $raw_route ) ] + : undef, + completed => 0, + } + ); + } + elsif ( + ( + $action == $match_actions[1] + and $prev_action == $match_actions[0] + ) + or ( $opt{checkin_epoch} and $raw_ts == $opt{checkin_epoch} ) + ) + { + my $ref = $travels[-1]; + $ref->{from_name} = $name; + $ref->{completed} = 1; + $ref->{sched_departure} = epoch_to_dt($raw_sched_ts); + $ref->{rt_departure} = epoch_to_dt($raw_real_ts); + $ref->{checkin} = epoch_to_dt($raw_ts); + $ref->{type} //= $train_type; + $ref->{line} //= $train_line; + $ref->{no} //= $train_no; + $ref->{messages} //= [ split( qr{[|]}, $raw_messages ) ]; + $ref->{route} //= [ split( qr{[|]}, $raw_route ) ]; + + if ( $opt{verbose} ) { + my @parsed_messages; + for my $message ( @{ $ref->{messages} // [] } ) { + my ( $ts, $msg ) = split( qr{:}, $message ); + push( @parsed_messages, [ epoch_to_dt($ts), $msg ] ); + } + $ref->{messages} = [ reverse @parsed_messages ]; + $ref->{sched_duration} + = $ref->{sched_arrival} + ? $ref->{sched_arrival}->epoch + - $ref->{sched_departure}->epoch + : undef; + $ref->{rt_duration} + = $ref->{rt_arrival} + ? $ref->{rt_arrival}->epoch - $ref->{rt_departure}->epoch + : undef; + $ref->{km_route} + = $self->get_travel_distance( $ref->{from_name}, + $ref->{to_name}, $ref->{route} ); + $ref->{km_beeline} + = $self->get_travel_distance( $ref->{from_name}, + $ref->{to_name}, [ $ref->{from_name}, $ref->{to_name} ] ); + $ref->{kmh_route} + = $ref->{km_route} + / ( + ( $ref->{rt_duration} // $ref->{sched_duration} // 999999 ) + / 3600 ); + $ref->{kmh_beeline} + = $ref->{km_beeline} + / ( + ( $ref->{rt_duration} // $ref->{sched_duration} // 999999 ) + / 3600 ); + } + if ( $opt{checkin_epoch} + and $action == $action_type{cancelled_from} ) + { + $ref->{cancelled} = 1; + } + } + $prev_action = $action; + } + + return @travels; +}); + +$self->helper('get_user_status' => sub { + my ( $self, $uid ) = @_; + + $uid //= $self->current_user->{id}; + $self->app->get_last_actions_query->execute($uid); + my $rows = $self->app->get_last_actions_query->fetchall_arrayref; + + if ( @{$rows} ) { + my $now = DateTime->now( time_zone => 'Europe/Berlin' ); + + my @cols = @{ $rows->[0] }; + if ( @{$rows} > 2 and $rows->[0][0] == $action_type{undo} ) { + @cols = @{ $rows->[2] }; + } + + my $action_ts = epoch_to_dt( $cols[1] ); + my $sched_ts = epoch_to_dt( $cols[8] ); + my $real_ts = epoch_to_dt( $cols[9] ); + my $checkin_station_name = decode( 'UTF-8', $cols[3] ); + my @route = split( qr{[|]}, decode( 'UTF-8', $cols[10] // q{} ) ); + my @route_after; + my $is_after = 0; + for my $station (@route) { + if ( $station eq $checkin_station_name ) { + $is_after = 1; + } + if ($is_after) { + push( @route_after, $station ); + } + } + return { + checked_in => ( $cols[0] == $action_type{checkin} ), + cancelled => ( $cols[0] == $action_type{cancelled_from} ), + timestamp => $action_ts, + timestamp_delta => $now->epoch - $action_ts->epoch, + sched_ts => $sched_ts, + real_ts => $real_ts, + station_ds100 => $cols[2], + station_name => $checkin_station_name, + train_type => $cols[4], + train_line => $cols[5], + train_no => $cols[6], + train_id => $cols[7], + route => \@route, + route_after => \@route_after, + }; + } + return { + checked_in => 0, + timestamp => epoch_to_dt(0), + sched_ts => epoch_to_dt(0), + real_ts => epoch_to_dt(0), + }; +}); + +$self->helper('get_travel_distance' => sub { + my ( $self, $from, $to, $route_ref ) = @_; + + my $distance = 0; + my $geo = Geo::Distance->new(); + my @route = after_incl { $_ eq $from } @{$route_ref}; + @route = before_incl { $_ eq $to } @route; + + if ( @route < 2 ) { + + # I AM ERROR + return 0; + } + + my $prev_station = get_station( shift @route ); + if ( not $prev_station ) { + return 0; + } + + for my $station_name (@route) { + if ( my $station = get_station($station_name) ) { + $distance += $geo->distance( 'kilometer', $prev_station->[3], + $prev_station->[4], $station->[3], $station->[4] ); + $prev_station = $station; + } + } + + return $distance; +}); + +$self->helper('navbar_class' => sub { + my ( $self, $path ) = @_; + + if ( $self->req->url eq $self->url_for($path) ) { + return 'active'; + } + return q{}; +}); + +my $r = $self->routes; + +$r->get('/')->to('traveling#homepage'); + +$r->get('/about' => sub { + my ($self) = @_; + + $self->render( 'about', version => $VERSION ); +}); + +$r->get('/impressum' => sub { + my ($self) = @_; + + $self->render('imprint'); +}); + +$r->get('/imprint' => sub { + my ($self) = @_; + + $self->render('imprint'); +}); + +$r->post('/geolocation')->to('traveling#geolocation'); + +$r->post('/list_departures')->to('traveling#redirect_to_station'); + +$r->get('/api/v0/:user_action/:token')->to('api#get_v0'); + +$r->get('/login')->to('login#login_form'); +$r->post('/login')->to('login#do_login'); + +$r->get('/register')->to('login#registration_form'); +$r->post('/register')->to('login#register'); + +$r->get('/reg/:id/:token')->to('login#verify'); + +$r->post('/action')->to('traveling#log_action'); + +my $authed_r = $r->under(sub { + my ($self) = @_; + if ( $self->is_user_authenticated ) { + return 1; + } + $self->render( 'login', redirect_to => $self->req->url ); + return undef; +}); + +$authed_r->get('/account' => sub { + my ($self) = @_; + + $self->render('account'); +}); + +$authed_r->get('/history' => sub { + my ($self) = @_; + my $cancelled = $self->param('cancelled') ? 1 : 0; + + $self->respond_to( + json => + { json => [ $self->get_user_travels( cancelled => $cancelled ) ] }, + any => { template => 'history' } + ); +}); + +$authed_r->get('/history.json' => sub { + my ($self) = @_; + my $cancelled = $self->param('cancelled') ? 1 : 0; + + $self->render( + json => [ $self->get_user_travels( cancelled => $cancelled ) ] ); +}); + +$authed_r->get('/journey/:id' => sub { + my ($self) = @_; + my ( $uid, $checkin_ts, $checkout_ts ) = split( qr{-}, $self->stash('id') ); + + if ( $uid != $self->current_user->{id} ) { + $self->render( + 'journey', + error => 'notfound', + journey => {} + ); + return; + } + + my @journeys = $self->get_user_travels( + uid => $uid, + checkin_epoch => $checkin_ts, + checkout_epoch => $checkout_ts, + verbose => 1, + ); + if ( @journeys == 0 ) { + $self->render( + 'journey', + error => 'notfound', + journey => {} + ); + return; + } + + $self->render( + 'journey', + error => undef, + journey => $journeys[0] + ); +}); + +$authed_r->get('/export.json' => sub { + my ($self) = @_; + my $uid = $self->current_user->{id}; + my $query = $self->app->get_all_actions_query; + + $query->execute($uid); + + my @entries; + + while ( my @row = $query->fetchrow_array ) { + my ( + $action, $raw_ts, $ds100, $name, + $train_type, $train_line, $train_no, $train_id, + $raw_sched_ts, $raw_real_ts, $raw_route, $raw_messages + ) = @row; + + $name = decode( 'UTF-8', $name ); + $raw_route = decode( 'UTF-8', $raw_route ); + $raw_messages = decode( 'UTF-8', $raw_messages ); + push( + @entries, + { + action => $action_types[ $action - 1 ], + action_ts => $raw_ts, + station_ds100 => $ds100, + station_name => $name, + train_type => $train_type, + train_line => $train_line, + train_no => $train_no, + train_id => $train_id, + scheduled_ts => $raw_sched_ts, + realtime_ts => $raw_real_ts, + messages => $raw_messages + ? [ map { [ split(qr{:}) ] } split( qr{[|]}, $raw_messages ) ] + : undef, + route => $raw_route ? [ split( qr{[|]}, $raw_route ) ] + : undef, + } + ); + } + + $self->render( + json => [@entries], + ); +}); + +$authed_r->post('/delete')->to('login#delete'); + +$authed_r->post('/logout')->to('login#do_logout'); + +$authed_r->post('/set_token')->to('api#set_token'); + +$authed_r->get('/s/*station')->to('traveling#station'); + +} + +1; diff --git a/lib/Travelynx/Controller/Api.pm b/lib/Travelynx/Controller/Api.pm new file mode 100755 index 0000000..435c644 --- /dev/null +++ b/lib/Travelynx/Controller/Api.pm @@ -0,0 +1,126 @@ +package Travelynx::Controller::Api; +use Mojo::Base 'Mojolicious::Controller'; + +use Travel::Status::DE::IRIS::Stations; +use UUID::Tiny qw(:std); + +my %token_type = ( + status => 1, + history => 2, + action => 3, +); +my @token_types = (qw(status history action)); + +sub make_token { + return create_uuid_as_string(UUID_V4); +} + +sub get_v0 { + my ($self) = @_; + + my $api_action = $self->stash('user_action'); + my $api_token = $self->stash('token'); + if ( $api_action !~ qr{ ^ (?: status | history | action ) $ }x ) { + $self->render( + json => { + error => 'Invalid action', + }, + ); + return; + } + if ( $api_token !~ qr{ ^ (?<id> \d+ ) - (?<token> .* ) $ }x ) { + $self->render( + json => { + error => 'Malformed token', + }, + ); + return; + } + my $uid = $+{id}; + $api_token = $+{token}; + my $token = $self->get_api_token($uid); + if ( $api_token ne $token->{$api_action} ) { + $self->render( + json => { + error => 'Invalid token', + }, + ); + return; + } + if ( $api_action eq 'status' ) { + my $status = $self->get_user_status($uid); + + my @station_descriptions; + my $station_eva = undef; + my $station_lon = undef; + my $station_lat = undef; + + if ( $status->{station_ds100} ) { + @station_descriptions + = Travel::Status::DE::IRIS::Stations::get_station( + $status->{station_ds100} ); + } + if ( @station_descriptions == 1 ) { + ( undef, undef, $station_eva, $station_lon, $station_lat ) + = @{ $station_descriptions[0] }; + } + $self->render( + json => { + deprecated => \0, + checked_in => ( + $status->{checked_in} + or $status->{cancelled} + ) ? \1 : \0, + station => { + ds100 => $status->{station_ds100}, + name => $status->{station_name}, + uic => $station_eva, + longitude => $station_lon, + latitude => $station_lat, + }, + train => { + type => $status->{train_type}, + line => $status->{train_line}, + no => $status->{train_no}, + }, + actionTime => $status->{timestamp}->epoch, + scheduledTime => $status->{sched_ts}->epoch, + realTime => $status->{real_ts}->epoch, + }, + ); + } + else { + $self->render( + json => { + error => 'not implemented', + }, + ); + } +} + +sub set_token { + my ($self) = @_; + if ( $self->validation->csrf_protect->has_error('csrf_token') ) { + $self->render( 'account', invalid => 'csrf' ); + return; + } + my $token = make_token(); + my $token_id = $token_type{ $self->param('token') }; + + if ( not $token_id ) { + $self->redirect_to('account'); + return; + } + + if ( $self->param('action') eq 'delete' ) { + $self->app->drop_api_token_query->execute( $self->current_user->{id}, + $token_id ); + } + else { + $self->app->set_api_token_query->execute( $self->current_user->{id}, + $token_id, $token ); + } + $self->redirect_to('account'); +} + +1; diff --git a/lib/Travelynx/Controller/Login.pm b/lib/Travelynx/Controller/Login.pm new file mode 100755 index 0000000..9752414 --- /dev/null +++ b/lib/Travelynx/Controller/Login.pm @@ -0,0 +1,230 @@ +package Travelynx::Controller::Login; +use Mojo::Base 'Mojolicious::Controller'; + +use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); +use Encode qw(decode encode); +use Email::Sender::Simple qw(try_to_sendmail); +use Email::Simple; +use UUID::Tiny qw(:std); + +sub hash_password { + my ($password) = @_; + my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); + my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); + + return bcrypt( $password, '$2a$12$' . $salt ); +} + +sub make_token { + return create_uuid_as_string(UUID_V4); +} + +sub login_form { + my ($self) = @_; + $self->render('login'); +} + +sub do_login { + my ($self) = @_; + my $user = $self->req->param('user'); + my $password = $self->req->param('password'); + + # Keep cookies for 6 months + $self->session( expiration => 60 * 60 * 24 * 180 ); + + if ( $self->validation->csrf_protect->has_error('csrf_token') ) { + $self->render( + 'login', + invalid => 'csrf', + ); + } + else { + if ( $self->authenticate( $user, $password ) ) { + $self->redirect_to( $self->req->param('redirect_to') // '/' ); + } + else { + my $data = $self->get_user_password($user); + if ( $data and $data->{status} == 0 ) { + $self->render( 'login', invalid => 'confirmation' ); + } + else { + $self->render( 'login', invalid => 'credentials' ); + } + } + } +} + +sub registration_form { + my ($self) = @_; + $self->render('register'); +} + +sub register { + my ($self) = @_; + my $user = $self->req->param('user'); + my $email = $self->req->param('email'); + my $password = $self->req->param('password'); + my $password2 = $self->req->param('password2'); + my $ip = $self->req->headers->header('X-Forwarded-For'); + my $ua = $self->req->headers->user_agent; + my $date = DateTime->now( time_zone => 'Europe/Berlin' ) + ->strftime('%d.%m.%Y %H:%M:%S %z'); + + # In case Mojolicious is not running behind a reverse proxy + $ip + //= sprintf( '%s:%s', $self->tx->remote_address, $self->tx->remote_port ); + + if ( $self->validation->csrf_protect->has_error('csrf_token') ) { + $self->render( + 'register', + invalid => 'csrf', + ); + return; + } + + if ( not length($user) ) { + $self->render( 'register', invalid => 'user_empty' ); + return; + } + + if ( not length($email) ) { + $self->render( 'register', invalid => 'mail_empty' ); + return; + } + + if ( $user !~ m{ ^ [0-9a-zA-Z_-]+ $ }x ) { + $self->render( 'register', invalid => 'user_format' ); + return; + } + + if ( $self->check_if_user_name_exists($user) ) { + $self->render( 'register', invalid => 'user_collision' ); + return; + } + + if ( $self->check_if_mail_is_blacklisted($email) ) { + $self->render( 'register', invalid => 'mail_blacklisted' ); + return; + } + + if ( $password ne $password2 ) { + $self->render( 'register', invalid => 'password_notequal' ); + return; + } + + if ( length($password) < 8 ) { + $self->render( 'register', invalid => 'password_short' ); + return; + } + + my $token = make_token(); + my $pw_hash = hash_password($password); + $self->app->dbh->begin_work; + my $user_id = $self->add_user( $user, $email, $token, $pw_hash ); + my $reg_url = $self->url_for('reg')->to_abs->scheme('https'); + my $imprint_url = $self->url_for('impressum')->to_abs->scheme('https'); + + my $body = "Hallo, ${user}!\n\n"; + $body .= "Mit deiner E-Mail-Adresse (${email}) wurde ein Account bei\n"; + $body .= "travelynx angelegt.\n\n"; + $body + .= "Falls die Registrierung von dir ausging, kannst du den Account unter\n"; + $body .= "${reg_url}/${user_id}/${token}\n"; + $body .= "freischalten.\n\n"; + $body + .= "Falls nicht, ignoriere diese Mail bitte. Nach etwa 48 Stunden wird deine\n"; + $body + .= "Mail-Adresse erneut zur Registrierung freigeschaltet. Falls auch diese fehlschlägt,\n"; + $body + .= "werden wir sie dauerhaft sperren und keine Mails mehr dorthin schicken.\n\n"; + $body .= "Daten zur Registrierung:\n"; + $body .= " * Datum: ${date}\n"; + $body .= " * Verwendete IP: ${ip}\n"; + $body .= " * Verwendeter Browser gemäß User Agent: ${ua}\n\n\n"; + $body .= "Impressum: ${imprint_url}\n"; + + my $reg_mail = Email::Simple->create( + header => [ + To => $email, + From => 'Travelynx <travelynx@finalrewind.org>', + Subject => 'Registrierung bei travelynx', + 'Content-Type' => 'text/plain; charset=UTF-8', + ], + body => encode( 'utf-8', $body ), + ); + + my $success = try_to_sendmail($reg_mail); + if ($success) { + $self->app->dbh->commit; + $self->render( 'login', from => 'register' ); + } + else { + $self->app->dbh->rollback; + $self->render( 'register', invalid => 'sendmail' ); + } +} + +sub verify { + my ($self) = @_; + + my $id = $self->stash('id'); + my $token = $self->stash('token'); + + my @db_user = $self->get_user_token($id); + + if ( not @db_user ) { + $self->render( 'register', invalid => 'token' ); + return; + } + + my ( $db_name, $db_status, $db_token ) = @db_user; + + if ( not $db_name or $token ne $db_token or $db_status != 0 ) { + $self->render( 'register', invalid => 'token' ); + return; + } + $self->app->set_status_query->execute( 1, $id ); + $self->render( 'login', from => 'verification' ); +} + +sub delete { + my ($self) = @_; + if ( $self->validation->csrf_protect->has_error('csrf_token') ) { + $self->render( 'account', invalid => 'csrf' ); + return; + } + + my $now = DateTime->now( time_zone => 'Europe/Berlin' )->epoch; + + if ( $self->param('action') eq 'delete' ) { + if ( + not $self->authenticate( + $self->current_user->{name}, + $self->param('password') + ) + ) + { + $self->render( 'account', invalid => 'password' ); + return; + } + $self->app->mark_for_deletion_query->execute( $now, + $self->current_user->{id} ); + } + else { + $self->app->mark_for_deletion_query->execute( undef, + $self->current_user->{id} ); + } + $self->redirect_to('account'); +} + +sub do_logout { + my ($self) = @_; + if ( $self->validation->csrf_protect->has_error('csrf_token') ) { + $self->render( 'login', invalid => 'csrf' ); + return; + } + $self->logout; + $self->redirect_to('/login'); +} + +1; diff --git a/lib/Travelynx/Controller/Traveling.pm b/lib/Travelynx/Controller/Traveling.pm new file mode 100755 index 0000000..8d71d95 --- /dev/null +++ b/lib/Travelynx/Controller/Traveling.pm @@ -0,0 +1,241 @@ +package Travelynx::Controller::Traveling; +use Mojo::Base 'Mojolicious::Controller'; + +use Travel::Status::DE::IRIS::Stations; + +my %action_type = ( + checkin => 1, + checkout => 2, + undo => 3, + cancelled_from => 4, + cancelled_to => 5, +); +my @action_types = (qw(checkin checkout undo cancelled_from cancelled_to)); + +sub homepage { + my ($self) = @_; + if ( $self->is_user_authenticated ) { + $self->render( 'landingpage', with_geolocation => 1 ); + } + else { + $self->render( 'landingpage', intro => 1 ); + } +} + +sub geolocation { + my ($self) = @_; + + my $lon = $self->param('lon'); + my $lat = $self->param('lat'); + + if ( not $lon or not $lat ) { + $self->render( json => { error => 'Invalid lon/lat received' } ); + } + else { + my @candidates = map { + { + ds100 => $_->[0][0], + name => $_->[0][1], + eva => $_->[0][2], + lon => $_->[0][3], + lat => $_->[0][4], + distance => $_->[1], + } + } Travel::Status::DE::IRIS::Stations::get_station_by_location( $lon, + $lat, 5 ); + $self->render( + json => { + candidates => [@candidates], + } + ); + } +} + +sub log_action { + my ($self) = @_; + my $params = $self->req->json; + + if ( not exists $params->{action} ) { + $params = $self->req->params->to_hash; + } + + if ( not $self->is_user_authenticated ) { + + # We deliberately do not set the HTTP status for these replies, as it + # confuses jquery. + $self->render( + json => { + success => 0, + error => 'Session error, please login again', + }, + ); + return; + } + + if ( not $params->{action} ) { + $self->render( + json => { + success => 0, + error => 'Missing action value', + }, + ); + return; + } + + my $station = $params->{station}; + + if ( $params->{action} eq 'checkin' ) { + + my ( $train, $error ) + = $self->checkin( $params->{station}, $params->{train} ); + + if ($error) { + $self->render( + json => { + success => 0, + error => $error, + }, + ); + } + else { + $self->render( + json => { + success => 1, + }, + ); + } + } + elsif ( $params->{action} eq 'checkout' ) { + my $error = $self->checkout( $params->{station}, $params->{force} ); + + if ($error) { + $self->render( + json => { + success => 0, + error => $error, + }, + ); + } + else { + $self->render( + json => { + success => 1, + }, + ); + } + } + elsif ( $params->{action} eq 'undo' ) { + my $error = $self->undo; + if ($error) { + $self->render( + json => { + success => 0, + error => $error, + }, + ); + } + else { + $self->render( + json => { + success => 1, + }, + ); + } + } + elsif ( $params->{action} eq 'cancelled_from' ) { + my ( undef, $error ) + = $self->checkin( $params->{station}, $params->{train}, + $action_type{cancelled_from} ); + + if ($error) { + $self->render( + json => { + success => 0, + error => $error, + }, + ); + } + else { + $self->render( + json => { + success => 1, + }, + ); + } + } + elsif ( $params->{action} eq 'cancelled_to' ) { + my $error = $self->checkout( $params->{station}, 1, + $action_type{cancelled_to} ); + + if ($error) { + $self->render( + json => { + success => 0, + error => $error, + }, + ); + } + else { + $self->render( + json => { + success => 1, + }, + ); + } + } + else { + $self->render( + json => { + success => 0, + error => 'invalid action value', + }, + ); + } +} + +sub station { + my ($self) = @_; + my $station = $self->stash('station'); + my $train = $self->param('train'); + + my $status = $self->get_departures($station); + + if ( $status->{errstr} ) { + $self->render( + 'landingpage', + with_geolocation => 1, + error => $status->{errstr} + ); + } + else { + # You can't check into a train which terminates here + my @results = grep { $_->departure } @{ $status->{results} }; + + @results = map { $_->[0] } + sort { $b->[1] <=> $a->[1] } + map { [ $_, $_->departure->epoch // $_->sched_departure->epoch ] } + @results; + + if ($train) { + @results + = grep { $_->type . ' ' . $_->train_no eq $train } @results; + } + + $self->render( + 'departures', + ds100 => $status->{station_ds100}, + results => \@results, + station => $status->{station_name}, + title => "travelynx: $status->{station_name}", + ); + } +} + +sub redirect_to_station { + my ($self) = @_; + my $station = $self->param('station'); + + $self->redirect_to("/s/${station}"); +} + +1; |