From d6264b5ca8a0192c02bb3aff676fd8aebe87c29e Mon Sep 17 00:00:00 2001
From: Daniel Friesel <derf@finalrewind.org>
Date: Sat, 16 Mar 2019 13:56:56 +0100
Subject: Add JSON API

---
 index.pl | 170 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 163 insertions(+), 7 deletions(-)

(limited to 'index.pl')

diff --git a/index.pl b/index.pl
index 4ddb44e..066cf0b 100755
--- a/index.pl
+++ b/index.pl
@@ -37,8 +37,13 @@ my %action_type = (
 	checkout => 2,
 	undo     => 3,
 );
-
 my @action_types = (qw(checkin checkout undo));
+my %token_type   = (
+	status  => 1,
+	history => 2,
+	action  => 3,
+);
+my @token_types = (qw(status history action));
 
 app->plugin(
 	authentication => {
@@ -274,6 +279,57 @@ app->attr(
 		);
 	}
 );
+app->attr(
+	get_api_tokens_query => sub {
+		my ($self) = @_;
+
+		return $self->app->dbh->prepare(
+			qq{
+			select
+				type, token
+			from tokens where user_id = ?
+		}
+		);
+	}
+);
+app->attr(
+	get_api_token_query => sub {
+		my ($self) = @_;
+
+		return $self->app->dbh->prepare(
+			qq{
+			select
+				token
+			from tokens where user_id = ? and type = ?
+		}
+		);
+	}
+);
+app->attr(
+	drop_api_token_query => sub {
+		my ($self) = @_;
+
+		return $self->app->dbh->prepare(
+			qq{
+			delete from tokens where user_id = ? and type = ?
+		}
+		);
+	}
+);
+app->attr(
+	set_api_token_query => sub {
+		my ($self) = @_;
+
+		return $self->app->dbh->prepare(
+			qq{
+			insert or replace into tokens
+				(user_id, type, token)
+			values
+				(?, ?, ?)
+		}
+		);
+	}
+);
 app->attr(
 	get_password_query => sub {
 		my ($self) = @_;
@@ -635,6 +691,18 @@ helper 'get_user_data' => sub {
 	return undef;
 };
 
+helper 'get_api_token' => sub {
+	my ( $self, $uid ) = @_;
+	$uid //= $self->current_user->{id};
+	$self->app->get_api_tokens_query->execute($uid);
+	my $rows  = $self->app->get_api_tokens_query->fetchall_arrayref;
+	my $token = {};
+	for my $row ( @{$rows} ) {
+		$token->{ $token_types[ $row->[0] - 1 ] } = $row->[1];
+	}
+	return $token;
+};
+
 helper 'get_user_password' => sub {
 	my ( $self, $name ) = @_;
 	my $query = $self->app->get_password_query;
@@ -770,9 +838,9 @@ helper 'get_user_travels' => sub {
 };
 
 helper 'get_user_status' => sub {
-	my ($self) = @_;
+	my ( $self, $uid ) = @_;
 
-	my $uid = $self->current_user->{id};
+	$uid //= $self->current_user->{id};
 	$self->app->get_last_actions_query->execute($uid);
 	my $rows = $self->app->get_last_actions_query->fetchall_arrayref;
 
@@ -784,7 +852,9 @@ helper 'get_user_status' => sub {
 			@cols = @{ $rows->[2] };
 		}
 
-		my $ts = epoch_to_dt( $cols[1] );
+		my $action_ts            = epoch_to_dt( $cols[1] );
+		my $sched_ts             = epoch_to_dt( $cols[8] );
+		my $real_ts              = epoch_to_dt( $cols[9] );
 		my $checkin_station_name = decode( 'UTF-8', $cols[3] );
 		my @route = split( qr{[|]}, decode( 'UTF-8', $cols[10] // q{} ) );
 		my @route_after;
@@ -799,8 +869,10 @@ helper 'get_user_status' => sub {
 		}
 		return {
 			checked_in      => ( $cols[0] == $action_type{checkin} ),
-			timestamp       => $ts,
-			timestamp_delta => $now->epoch - $ts->epoch,
+			timestamp       => $action_ts,
+			timestamp_delta => $now->epoch - $action_ts->epoch,
+			sched_ts        => $sched_ts,
+			real_ts         => $real_ts,
 			station_ds100   => $cols[2],
 			station_name    => $checkin_station_name,
 			train_type      => $cols[4],
@@ -813,7 +885,9 @@ helper 'get_user_status' => sub {
 	}
 	return {
 		checked_in => 0,
-		timestamp  => 0
+		timestamp  => epoch_to_dt(0),
+		sched_ts   => epoch_to_dt(0),
+		real_ts    => epoch_to_dt(0),
 	};
 };
 
@@ -914,6 +988,63 @@ post '/geolocation' => sub {
 
 };
 
+get '/api/v0/:action/:token' => sub {
+	my ($self) = @_;
+
+	my $api_action = $self->stash('action');
+	my $api_token  = $self->stash('token');
+	if ( $api_action !~ qr{ ^ (?: status | history | action ) $ }x ) {
+		$self->render(
+			json => {
+				error => 'Invalid action',
+			},
+		);
+		return;
+	}
+	if ( $api_token !~ qr{ ^ (?<id> \d+ ) - (?<token> .* ) $ }x ) {
+		$self->render(
+			json => {
+				error => 'Malformed token',
+			},
+		);
+		return;
+	}
+	my $uid = $+{id};
+	$api_token = $+{token};
+	my $token = $self->get_api_token($uid);
+	if ( $api_token ne $token->{$api_action} ) {
+		$self->render(
+			json => {
+				error => 'Invalid token',
+			},
+		);
+		return;
+	}
+	if ( $api_action eq 'status' ) {
+		my $status = $self->get_user_status($uid);
+		$self->render(
+			json => {
+				checked_in    => $status->{checked_in} ? \1 : \0,
+				station_ds100 => $status->{station_ds100},
+				station_name  => $status->{station_name},
+				train_type    => $status->{train_type},
+				train_line    => $status->{train_line},
+				train_no      => $status->{train_no},
+				action_ts     => $status->{timestamp}->epoch,
+				sched_ts      => $status->{sched_ts}->epoch,
+				real_ts       => $status->{real_ts}->epoch,
+			},
+		);
+	}
+	else {
+		$self->render(
+			json => {
+				error => 'not implemented',
+			},
+		);
+	}
+};
+
 get '/login' => sub {
 	my ($self) = @_;
 	$self->render('login');
@@ -1287,6 +1418,31 @@ post '/logout' => sub {
 	$self->redirect_to('/login');
 };
 
+post '/set_token' => sub {
+	my ($self) = @_;
+	if ( $self->validation->csrf_protect->has_error('csrf_token') ) {
+		$self->render( 'account', invalid => 'csrf' );
+		return;
+	}
+	my $token    = make_token();
+	my $token_id = $token_type{ $self->param('token') };
+
+	if ( not $token_id ) {
+		$self->redirect_to('account');
+		return;
+	}
+
+	if ( $self->param('action') eq 'delete' ) {
+		$self->app->drop_api_token_query->execute( $self->current_user->{id},
+			$token_id );
+	}
+	else {
+		$self->app->set_api_token_query->execute( $self->current_user->{id},
+			$token_id, $token );
+	}
+	$self->redirect_to('account');
+};
+
 get '/s/*station' => sub {
 	my ($self)  = @_;
 	my $station = $self->stash('station');
-- 
cgit v1.2.3