diff options
Diffstat (limited to 'lib/Travelynx/Controller')
-rw-r--r-- | lib/Travelynx/Controller/Account.pm | 282 | ||||
-rwxr-xr-x | lib/Travelynx/Controller/Api.pm | 9 | ||||
-rw-r--r-- | lib/Travelynx/Controller/Static.pm | 18 | ||||
-rwxr-xr-x | lib/Travelynx/Controller/Traveling.pm | 67 |
4 files changed, 357 insertions, 19 deletions
diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm new file mode 100644 index 0000000..a832727 --- /dev/null +++ b/lib/Travelynx/Controller/Account.pm @@ -0,0 +1,282 @@ +package Travelynx::Controller::Account; +use Mojo::Base 'Mojolicious::Controller'; + +use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); +use Encode qw(decode); +use Email::Sender::Simple qw(try_to_sendmail); +use Email::Simple; +use UUID::Tiny qw(:std); + +sub hash_password { + my ($password) = @_; + my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); + my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); + + return bcrypt( $password, '$2a$12$' . $salt ); +} + +sub make_token { + return create_uuid_as_string(UUID_V4); +} + +sub login_form { + my ($self) = @_; + $self->render('login'); +} + +sub do_login { + my ($self) = @_; + my $user = $self->req->param('user'); + my $password = $self->req->param('password'); + + # Keep cookies for 6 months + $self->session( expiration => 60 * 60 * 24 * 180 ); + + if ( $self->validation->csrf_protect->has_error('csrf_token') ) { + $self->render( + 'login', + invalid => 'csrf', + ); + } + else { + if ( $self->authenticate( $user, $password ) ) { + $self->redirect_to( $self->req->param('redirect_to') // '/' ); + } + else { + my $data = $self->get_user_password($user); + if ( $data and $data->{status} == 0 ) { + $self->render( 'login', invalid => 'confirmation' ); + } + else { + $self->render( 'login', invalid => 'credentials' ); + } + } + } +} + +sub registration_form { + my ($self) = @_; + $self->render('register'); +} + +sub register { + my ($self) = @_; + my $user = $self->req->param('user'); + my $email = $self->req->param('email'); + my $password = $self->req->param('password'); + my $password2 = $self->req->param('password2'); + my $ip = $self->req->headers->header('X-Forwarded-For'); + my $ua = $self->req->headers->user_agent; + my $date = DateTime->now( time_zone => 'Europe/Berlin' ) + ->strftime('%d.%m.%Y %H:%M:%S %z'); + + # In case Mojolicious is not running behind a reverse proxy + $ip + //= sprintf( '%s:%s', $self->tx->remote_address, $self->tx->remote_port ); + + if ( $self->validation->csrf_protect->has_error('csrf_token') ) { + $self->render( + 'register', + invalid => 'csrf', + ); + return; + } + + if ( not length($user) ) { + $self->render( 'register', invalid => 'user_empty' ); + return; + } + + if ( not length($email) ) { + $self->render( 'register', invalid => 'mail_empty' ); + return; + } + + if ( $user !~ m{ ^ [0-9a-zA-Z_-]+ $ }x ) { + $self->render( 'register', invalid => 'user_format' ); + return; + } + + if ( $self->check_if_user_name_exists($user) ) { + $self->render( 'register', invalid => 'user_collision' ); + return; + } + + if ( $self->check_if_mail_is_blacklisted($email) ) { + $self->render( 'register', invalid => 'mail_blacklisted' ); + return; + } + + if ( $password ne $password2 ) { + $self->render( 'register', invalid => 'password_notequal' ); + return; + } + + if ( length($password) < 8 ) { + $self->render( 'register', invalid => 'password_short' ); + return; + } + + my $token = make_token(); + my $pw_hash = hash_password($password); + $self->app->dbh->begin_work; + my $user_id = $self->add_user( $user, $email, $token, $pw_hash ); + my $reg_url = $self->url_for('reg')->to_abs->scheme('https'); + my $imprint_url = $self->url_for('impressum')->to_abs->scheme('https'); + + my $body = "Hallo, ${user}!\n\n"; + $body .= "Mit deiner E-Mail-Adresse (${email}) wurde ein Account bei\n"; + $body .= "travelynx angelegt.\n\n"; + $body + .= "Falls die Registrierung von dir ausging, kannst du den Account unter\n"; + $body .= "${reg_url}/${user_id}/${token}\n"; + $body .= "freischalten.\n\n"; + $body + .= "Falls nicht, ignoriere diese Mail bitte. Nach etwa 48 Stunden wird deine\n"; + $body + .= "Mail-Adresse erneut zur Registrierung freigeschaltet. Falls auch diese fehlschlägt,\n"; + $body + .= "werden wir sie dauerhaft sperren und keine Mails mehr dorthin schicken.\n\n"; + $body .= "Daten zur Registrierung:\n"; + $body .= " * Datum: ${date}\n"; + $body .= " * Verwendete IP: ${ip}\n"; + $body .= " * Verwendeter Browser gemäß User Agent: ${ua}\n\n\n"; + $body .= "Impressum: ${imprint_url}\n"; + + my $reg_mail = Email::Simple->create( + header => [ + To => $email, + From => 'Travelynx <travelynx@finalrewind.org>', + Subject => 'Registrierung bei travelynx', + 'Content-Type' => 'text/plain; charset=UTF-8', + ], + body => encode( 'utf-8', $body ), + ); + + my $success = try_to_sendmail($reg_mail); + if ($success) { + $self->app->dbh->commit; + $self->render( 'login', from => 'register' ); + } + else { + $self->app->dbh->rollback; + $self->render( 'register', invalid => 'sendmail' ); + } +} + +sub verify { + my ($self) = @_; + + my $id = $self->stash('id'); + my $token = $self->stash('token'); + + my @db_user = $self->get_user_token($id); + + if ( not @db_user ) { + $self->render( 'register', invalid => 'token' ); + return; + } + + my ( $db_name, $db_status, $db_token ) = @db_user; + + if ( not $db_name or $token ne $db_token or $db_status != 0 ) { + $self->render( 'register', invalid => 'token' ); + return; + } + $self->app->set_status_query->execute( 1, $id ); + $self->render( 'login', from => 'verification' ); +} + +sub delete { + my ($self) = @_; + if ( $self->validation->csrf_protect->has_error('csrf_token') ) { + $self->render( 'account', invalid => 'csrf' ); + return; + } + + my $now = DateTime->now( time_zone => 'Europe/Berlin' )->epoch; + + if ( $self->param('action') eq 'delete' ) { + if ( + not $self->authenticate( + $self->current_user->{name}, + $self->param('password') + ) + ) + { + $self->render( 'account', invalid => 'password' ); + return; + } + $self->app->mark_for_deletion_query->execute( $now, + $self->current_user->{id} ); + } + else { + $self->app->mark_for_deletion_query->execute( undef, + $self->current_user->{id} ); + } + $self->redirect_to('account'); +} + +sub do_logout { + my ($self) = @_; + if ( $self->validation->csrf_protect->has_error('csrf_token') ) { + $self->render( 'login', invalid => 'csrf' ); + return; + } + $self->logout; + $self->redirect_to('/login'); +} + +sub account { + my ($self) = @_; + + $self->render('account'); +} + +sub json_export { + my ($self) = @_; + my $uid = $self->current_user->{id}; + my $query = $self->app->get_all_actions_query; + + $query->execute($uid); + + my @entries; + + while ( my @row = $query->fetchrow_array ) { + my ( + $action, $raw_ts, $ds100, $name, + $train_type, $train_line, $train_no, $train_id, + $raw_sched_ts, $raw_real_ts, $raw_route, $raw_messages + ) = @row; + + $name = decode( 'UTF-8', $name ); + $raw_route = decode( 'UTF-8', $raw_route ); + $raw_messages = decode( 'UTF-8', $raw_messages ); + push( + @entries, + { + action => $self->app->action_types->[ $action - 1 ], + action_ts => $raw_ts, + station_ds100 => $ds100, + station_name => $name, + train_type => $train_type, + train_line => $train_line, + train_no => $train_no, + train_id => $train_id, + scheduled_ts => $raw_sched_ts, + realtime_ts => $raw_real_ts, + messages => $raw_messages + ? [ map { [ split(qr{:}) ] } split( qr{[|]}, $raw_messages ) ] + : undef, + route => $raw_route ? [ split( qr{[|]}, $raw_route ) ] + : undef, + } + ); + } + + $self->render( + json => [@entries], + ); +} + +1; diff --git a/lib/Travelynx/Controller/Api.pm b/lib/Travelynx/Controller/Api.pm index 435c644..c3eccb8 100755 --- a/lib/Travelynx/Controller/Api.pm +++ b/lib/Travelynx/Controller/Api.pm @@ -4,13 +4,6 @@ use Mojo::Base 'Mojolicious::Controller'; use Travel::Status::DE::IRIS::Stations; use UUID::Tiny qw(:std); -my %token_type = ( - status => 1, - history => 2, - action => 3, -); -my @token_types = (qw(status history action)); - sub make_token { return create_uuid_as_string(UUID_V4); } @@ -105,7 +98,7 @@ sub set_token { return; } my $token = make_token(); - my $token_id = $token_type{ $self->param('token') }; + my $token_id = $self->app->token_type->{ $self->param('token') }; if ( not $token_id ) { $self->redirect_to('account'); diff --git a/lib/Travelynx/Controller/Static.pm b/lib/Travelynx/Controller/Static.pm new file mode 100644 index 0000000..aa3428e --- /dev/null +++ b/lib/Travelynx/Controller/Static.pm @@ -0,0 +1,18 @@ +package Travelynx::Controller::Static; +use Mojo::Base 'Mojolicious::Controller'; + +my $travelynx_version = qx{git describe --dirty} || 'experimental'; + +sub about { + my ($self) = @_; + + $self->render( 'about', version => $travelynx_version ); +} + +sub imprint { + my ($self) = @_; + + $self->render('imprint'); +} + +1; diff --git a/lib/Travelynx/Controller/Traveling.pm b/lib/Travelynx/Controller/Traveling.pm index 8d71d95..8c5c286 100755 --- a/lib/Travelynx/Controller/Traveling.pm +++ b/lib/Travelynx/Controller/Traveling.pm @@ -3,15 +3,6 @@ use Mojo::Base 'Mojolicious::Controller'; use Travel::Status::DE::IRIS::Stations; -my %action_type = ( - checkin => 1, - checkout => 2, - undo => 3, - cancelled_from => 4, - cancelled_to => 5, -); -my @action_types = (qw(checkin checkout undo cancelled_from cancelled_to)); - sub homepage { my ($self) = @_; if ( $self->is_user_authenticated ) { @@ -145,7 +136,7 @@ sub log_action { elsif ( $params->{action} eq 'cancelled_from' ) { my ( undef, $error ) = $self->checkin( $params->{station}, $params->{train}, - $action_type{cancelled_from} ); + $self->app->action_type->{cancelled_from} ); if ($error) { $self->render( @@ -165,7 +156,7 @@ sub log_action { } elsif ( $params->{action} eq 'cancelled_to' ) { my $error = $self->checkout( $params->{station}, 1, - $action_type{cancelled_to} ); + $self->app->action_type->{cancelled_to} ); if ($error) { $self->render( @@ -238,4 +229,58 @@ sub redirect_to_station { $self->redirect_to("/s/${station}"); } +sub history { + my ($self) = @_; + my $cancelled = $self->param('cancelled') ? 1 : 0; + + $self->respond_to( + json => + { json => [ $self->get_user_travels( cancelled => $cancelled ) ] }, + any => { template => 'history' } + ); +} + +sub json_history { + my ($self) = @_; + my $cancelled = $self->param('cancelled') ? 1 : 0; + + $self->render( + json => [ $self->get_user_travels( cancelled => $cancelled ) ] ); +} + +sub journey_details { + my ($self) = @_; + my ( $uid, $checkin_ts, $checkout_ts ) = split( qr{-}, $self->stash('id') ); + + if ( $uid != $self->current_user->{id} ) { + $self->render( + 'journey', + error => 'notfound', + journey => {} + ); + return; + } + + my @journeys = $self->get_user_travels( + uid => $uid, + checkin_epoch => $checkin_ts, + checkout_epoch => $checkout_ts, + verbose => 1, + ); + if ( @journeys == 0 ) { + $self->render( + 'journey', + error => 'notfound', + journey => {} + ); + return; + } + + $self->render( + 'journey', + error => undef, + journey => $journeys[0] + ); +} + 1; |