#!/usr/bin/env perl use Mojolicious::Lite; use Mojolicious::Plugin::Authentication; use Cache::File; use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); use DateTime; use DBI; use Encode qw(decode encode); use Email::Sender::Simple qw(try_to_sendmail); use Email::Simple; use Geo::Distance; use List::Util qw(first); use List::MoreUtils qw(after_incl before_incl); use UUID::Tiny qw(:std); use Travel::Status::DE::IRIS; use Travel::Status::DE::IRIS::Stations; our $VERSION = qx{git describe --dirty} || 'experimental'; my $cache_iris_main = Cache::File->new( cache_root => $ENV{TRAVELYNX_IRIS_CACHE} // '/tmp/dbf-iris-main', default_expires => '6 hours', lock_level => Cache::File::LOCK_LOCAL(), ); my $cache_iris_rt = Cache::File->new( cache_root => $ENV{TRAVELYNX_IRISRT_CACHE} // '/tmp/dbf-iris-realtime', default_expires => '70 seconds', lock_level => Cache::File::LOCK_LOCAL(), ); my $dbname = $ENV{TRAVELYNX_DB_FILE} // 'travelynx.sqlite'; my %action_type = ( checkin => 1, checkout => 2, undo => 3, ); my @action_types = (qw(checkin checkout undo)); my %token_type = ( status => 1, history => 2, action => 3, ); my @token_types = (qw(status history action)); app->plugin( authentication => { autoload_user => 1, fail_render => { template => 'login' }, load_user => sub { my ( $self, $uid ) = @_; return $self->get_user_data($uid); }, validate_user => sub { my ( $self, $username, $password, $extradata ) = @_; my $user_info = $self->get_user_password($username); if ( not $user_info ) { return undef; } if ( $user_info->{status} != 1 ) { return undef; } if ( check_password( $password, $user_info->{password_hash} ) ) { return $user_info->{id}; } return undef; }, } ); app->sessions->default_expiration( 60 * 60 * 24 * 180 ); app->defaults( layout => 'default' ); app->attr( add_station_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{ insert into stations (ds100, name) values (?, ?) } ); } ); app->attr( add_user_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{ insert into users ( name, status, public_level, email, token, password, registered_at, last_login ) values (?, 0, 0, ?, ?, ?, ?, ?); } ); } ); app->attr( set_email_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{ update users set email = ?, token = ? where id = ?; } ); } ); app->attr( set_password_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{ update users set password = ? where id = ?; } ); } ); app->attr( add_mail_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{ insert into pending_mails ( email, num_tries, last_try ) values (?, ?, ?); } ); } ); app->attr( set_status_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{ update users set status = ? where id = ?; } ); } ); app->attr( mark_for_deletion_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{ update users set deletion_requested = ? where id = ?; } ); } ); app->attr( checkin_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{ insert into user_actions ( user_id, action_id, station_id, action_time, train_type, train_line, train_no, train_id, sched_time, real_time, route, messages ) values ( ?, $action_type{checkin}, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) } ); }, ); app->attr( checkout_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{ insert into user_actions ( user_id, action_id, station_id, action_time, train_type, train_line, train_no, train_id, sched_time, real_time, route, messages ) values ( ?, $action_type{checkout}, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) } ); } ); app->attr( dbh => sub { my ($self) = @_; return DBI->connect( "dbi:SQLite:dbname=${dbname}", q{}, q{} ); } ); app->attr( get_all_actions_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{ select action_id, action_time, stations.ds100, stations.name, train_type, train_line, train_no, train_id, sched_time, real_time, route, messages from user_actions left outer join stations on station_id = stations.id where user_id = ? order by action_time desc } ); } ); app->attr( get_last_actions_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{ select action_id, action_time, stations.ds100, stations.name, train_type, train_line, train_no, train_id, sched_time, real_time, route, messages from user_actions left outer join stations on station_id = stations.id where user_id = ? order by action_time desc limit 10 } ); } ); app->attr( get_journey_actions_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{ select action_id, action_time, stations.ds100, stations.name, train_type, train_line, train_no, train_id, sched_time, real_time, route, messages from user_actions left outer join stations on station_id = stations.id where user_id = ? and (action_time = ? or action_time = ?) order by action_time desc limit 2 } ); } ); app->attr( get_userid_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{select id from users where name = ?}); } ); app->attr( get_pending_mails_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{select id from users where email = ? and status = 0;}); } ); app->attr( get_listed_mails_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{select * from pending_mails where email = ? and num_tries > 1;}); } ); app->attr( get_user_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{ select id, name, status, public_level, email, registered_at, last_login, deletion_requested from users where id = ? } ); } ); app->attr( get_api_tokens_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{ select type, token from tokens where user_id = ? } ); } ); app->attr( get_api_token_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{ select token from tokens where user_id = ? and type = ? } ); } ); app->attr( drop_api_token_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{ delete from tokens where user_id = ? and type = ? } ); } ); app->attr( set_api_token_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{ insert or replace into tokens (user_id, type, token) values (?, ?, ?) } ); } ); app->attr( get_password_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{ select id, name, status, password from users where name = ? } ); } ); app->attr( get_token_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{ select name, status, token from users where id = ? } ); } ); app->attr( get_stationid_by_ds100_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{select id from stations where ds100 = ?}); } ); app->attr( get_stationid_by_name_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{select id from stations where name = ?}); } ); app->attr( undo_query => sub { my ($self) = @_; return $self->app->dbh->prepare( qq{ insert into user_actions ( user_id, action_id, action_time ) values ( ?, $action_type{undo}, ? ) } ); }, ); sub hash_password { my ($password) = @_; my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); return bcrypt( $password, '$2a$12$' . $salt ); } sub check_password { my ( $password, $hash ) = @_; if ( bcrypt( $password, $hash ) eq $hash ) { return 1; } return 0; } sub make_token { return create_uuid_as_string(UUID_V4); } sub epoch_to_dt { my ($epoch) = @_; # Bugs (and user errors) may lead to undefined timestamps. Set them to # 1970-01-01 to avoid crashing and show obviously wrong data instead. $epoch //= 0; return DateTime->from_epoch( epoch => $epoch, time_zone => 'Europe/Berlin' ); } sub get_departures { my ( $station, $lookbehind ) = @_; $lookbehind //= 180; my @station_matches = Travel::Status::DE::IRIS::Stations::get_station($station); if ( @station_matches == 1 ) { $station = $station_matches[0][0]; my $status = Travel::Status::DE::IRIS->new( station => $station, main_cache => $cache_iris_main, realtime_cache => $cache_iris_rt, lookbehind => 20, datetime => DateTime->now( time_zone => 'Europe/Berlin' ) ->subtract( minutes => $lookbehind ), lookahead => $lookbehind + 10, ); return { results => [ $status->results ], errstr => $status->errstr, station_ds100 => ( $status->station ? $status->station->{ds100} : 'undef' ), station_name => ( $status->station ? $status->station->{name} : 'undef' ), }; } elsif ( @station_matches > 1 ) { return { results => [], errstr => 'Ambiguous station name', }; } else { return { results => [], errstr => 'Unknown station name', }; } } sub get_station { my ($station_name) = @_; my @candidates = Travel::Status::DE::IRIS::Stations::get_station($station_name); if ( @candidates == 1 ) { return $candidates[0]; } return undef; } helper 'checkin' => sub { my ( $self, $station, $train_id ) = @_; my $status = get_departures($station); if ( $status->{errstr} ) { return ( undef, $status->{errstr} ); } else { my ($train) = first { $_->train_id eq $train_id } @{ $status->{results} }; if ( not defined $train ) { return ( undef, "Train ${train_id} not found" ); } else { my $user = $self->get_user_status; if ( $user->{checked_in} ) { # If a user is already checked in, we assume that they forgot to # check out and do it for them. # XXX this is an ugly workaround for the UNIQUE constraint on # (user id, action timestamp): Ensure that checkout and re-checkin # work even if the previous checkin was less than a second ago. sleep(1); $self->checkout( $station, 1 ); # XXX same workaround: We can't checkin immediately after checkout. sleep(1); } my $success = $self->app->checkin_query->execute( $self->current_user->{id}, $self->get_station_id( ds100 => $status->{station_ds100}, name => $status->{station_name} ), DateTime->now( time_zone => 'Europe/Berlin' )->epoch, $train->type, $train->line_no, $train->train_no, $train->train_id, $train->sched_departure->epoch, $train->departure->epoch, join( '|', $train->route ), join( '|', map { ( $_->[0] ? $_->[0]->epoch : q{} ) . ':' . $_->[1] } $train->messages ) ); if ( defined $success ) { return ( $train, undef ); } else { return ( undef, 'INSERT failed' ); } } } }; helper 'undo' => sub { my ($self) = @_; my $uid = $self->current_user->{id}; $self->app->get_last_actions_query->execute($uid); my $rows = $self->app->get_last_actions_query->fetchall_arrayref; if ( @{$rows} and $rows->[0][0] == $action_type{undo} ) { return 'Nested undo (undoing an undo) is not supported'; } if ( @{$rows} > 1 and $rows->[1][0] == $action_type{undo} ) { return 'Repeated undo is not supported'; } my $success = $self->app->undo_query->execute( $self->current_user->{id}, DateTime->now( time_zone => 'Europe/Berlin' )->epoch, ); if ( defined $success ) { return; } else { return 'INSERT failed'; } }; helper 'checkout' => sub { my ( $self, $station, $force ) = @_; my $status = get_departures( $station, 180 ); my $user = $self->get_user_status; my $train_id = $user->{train_id}; if ( not $user->{checked_in} ) { return 'You are not checked into any train'; } if ( $status->{errstr} and not $force ) { return $status->{errstr}; } my ($train) = first { $_->train_id eq $train_id } @{ $status->{results} }; if ( not defined $train ) { if ($force) { my $success = $self->app->checkout_query->execute( $self->current_user->{id}, $self->get_station_id( ds100 => $status->{station_ds100}, name => $status->{station_name} ), DateTime->now( time_zone => 'Europe/Berlin' )->epoch, undef, undef, undef, undef, undef, undef, undef, undef ); if ( defined $success ) { return; } else { return 'INSERT failed'; } } else { return "Train ${train_id} not found"; } } else { my $success = $self->app->checkout_query->execute( $self->current_user->{id}, $self->get_station_id( ds100 => $status->{station_ds100}, name => $status->{station_name} ), DateTime->now( time_zone => 'Europe/Berlin' )->epoch, $train->type, $train->line_no, $train->train_no, $train->train_id, $train->sched_arrival ? $train->sched_arrival->epoch : undef, $train->arrival ? $train->arrival->epoch : undef, join( '|', $train->route ), join( '|', map { ( $_->[0] ? $_->[0]->epoch : q{} ) . ':' . $_->[1] } $train->messages ) ); if ( defined $success ) { return; } else { return 'INSERT failed'; } } }; helper 'get_station_id' => sub { my ( $self, %opt ) = @_; $self->app->get_stationid_by_ds100_query->execute( $opt{ds100} ); my $rows = $self->app->get_stationid_by_ds100_query->fetchall_arrayref; if ( @{$rows} ) { return $rows->[0][0]; } else { $self->app->add_station_query->execute( $opt{ds100}, $opt{name} ); $self->app->get_stationid_by_ds100_query->execute( $opt{ds100} ); my $rows = $self->app->get_stationid_by_ds100_query->fetchall_arrayref; return $rows->[0][0]; } }; helper 'get_user_token' => sub { my ( $self, $uid ) = @_; my $query = $self->app->get_token_query; $query->execute($uid); my $rows = $query->fetchall_arrayref; if ( @{$rows} ) { return @{ $rows->[0] }; } return; }; # This helper should only be called directly when also providing a user ID. # If you don't have one, use current_user() instead (get_user_data will # delegate to it anyways). helper 'get_user_data' => sub { my ( $self, $uid ) = @_; $uid //= $self->current_user->{id}; my $query = $self->app->get_user_query; $query->execute($uid); my $rows = $query->fetchall_arrayref; if ( @{$rows} ) { my @row = @{ $rows->[0] }; return { id => $row[0], name => $row[1], status => $row[2], is_public => $row[3], email => $row[4], registered_at => DateTime->from_epoch( epoch => $row[5], time_zone => 'Europe/Berlin' ), last_seen => DateTime->from_epoch( epoch => $row[6], time_zone => 'Europe/Berlin' ), deletion_requested => $row[7] ? DateTime->from_epoch( epoch => $row[7], time_zone => 'Europe/Berlin' ) : undef, }; } return undef; }; helper 'get_api_token' => sub { my ( $self, $uid ) = @_; $uid //= $self->current_user->{id}; $self->app->get_api_tokens_query->execute($uid); my $rows = $self->app->get_api_tokens_query->fetchall_arrayref; my $token = {}; for my $row ( @{$rows} ) { $token->{ $token_types[ $row->[0] - 1 ] } = $row->[1]; } return $token; }; helper 'get_user_password' => sub { my ( $self, $name ) = @_; my $query = $self->app->get_password_query; $query->execute($name); my $rows = $query->fetchall_arrayref; if ( @{$rows} ) { my @row = @{ $rows->[0] }; return { id => $row[0], name => $row[1], status => $row[2], password_hash => $row[3], }; } return; }; helper 'add_user' => sub { my ( $self, $user_name, $email, $token, $password ) = @_; $self->app->get_userid_query->execute($user_name); my $rows = $self->app->get_userid_query->fetchall_arrayref; if ( @{$rows} ) { my $id = $rows->[0][0]; # transition code for closed beta account -> normal account if ($email) { $self->app->set_email_query->execute( $email, $token, $id ); } if ($password) { $self->app->set_password_query->execute( $password, $id ); } return $id; } else { my $now = DateTime->now( time_zone => 'Europe/Berlin' )->epoch; $self->app->add_user_query->execute( $user_name, $email, $token, $password, $now, $now ); $self->app->get_userid_query->execute($user_name); $rows = $self->app->get_userid_query->fetchall_arrayref; return $rows->[0][0]; } }; helper 'check_if_user_name_exists' => sub { my ( $self, $user_name ) = @_; $self->app->get_userid_query->execute($user_name); my $rows = $self->app->get_userid_query->fetchall_arrayref; if ( @{$rows} ) { return 1; } return 0; }; helper 'check_if_mail_is_blacklisted' => sub { my ( $self, $mail ) = @_; $self->app->get_pending_mails_query->execute($mail); if ( @{ $self->app->get_pending_mails_query->fetchall_arrayref } ) { return 1; } $self->app->get_listed_mails_query->execute($mail); if ( @{ $self->app->get_listed_mails_query->fetchall_arrayref } ) { return 1; } return 0; }; helper 'get_user_travels' => sub { my ( $self, %opt ) = @_; my $uid = $self->current_user->{id}; my $query = $self->app->get_all_actions_query; if ( $opt{limit} ) { $query = $self->app->get_last_actions_query; } if ( $opt{uid} and $opt{checkin_epoch} and $opt{checkout_epoch} ) { $query = $self->app->get_journey_actions_query; $query->execute( $opt{uid}, $opt{checkin_epoch}, $opt{checkout_epoch} ); } else { $query->execute($uid); } my @travels; my $prev_action = 0; while ( my @row = $query->fetchrow_array ) { my ( $action, $raw_ts, $ds100, $name, $train_type, $train_line, $train_no, $train_id, $raw_sched_ts, $raw_real_ts, $raw_route, $raw_messages ) = @row; $name = decode( 'UTF-8', $name ); $raw_route = decode( 'UTF-8', $raw_route ); $raw_messages = decode( 'UTF-8', $raw_messages ); if ( $action == $action_type{checkout} ) { push( @travels, { to_name => $name, sched_arrival => epoch_to_dt($raw_sched_ts), rt_arrival => epoch_to_dt($raw_real_ts), checkout => epoch_to_dt($raw_ts), type => $train_type, line => $train_line, no => $train_no, messages => $raw_messages ? [ split( qr{[|]}, $raw_messages ) ] : undef, route => $raw_route ? [ split( qr{[|]}, $raw_route ) ] : undef, completed => 0, } ); } elsif ( $action == $action_type{checkin} and $prev_action == $action_type{checkout} ) { my $ref = $travels[-1]; $ref->{from_name} = $name; $ref->{completed} = 1; $ref->{sched_departure} = epoch_to_dt($raw_sched_ts); $ref->{rt_departure} = epoch_to_dt($raw_real_ts); $ref->{checkin} = epoch_to_dt($raw_ts); $ref->{type} //= $train_type; $ref->{line} //= $train_line; $ref->{no} //= $train_no; $ref->{messages} //= [ split( qr{[|]}, $raw_messages ) ]; $ref->{route} //= [ split( qr{[|]}, $raw_route ) ]; if ( $opt{verbose} ) { my @parsed_messages; for my $message ( @{ $ref->{messages} // [] } ) { my ( $ts, $msg ) = split( qr{:}, $message ); push( @parsed_messages, [ epoch_to_dt($ts), $msg ] ); } $ref->{messages} = [ reverse @parsed_messages ]; } } $prev_action = $action; } return @travels; }; helper 'get_user_status' => sub { my ( $self, $uid ) = @_; $uid //= $self->current_user->{id}; $self->app->get_last_actions_query->execute($uid); my $rows = $self->app->get_last_actions_query->fetchall_arrayref; if ( @{$rows} ) { my $now = DateTime->now( time_zone => 'Europe/Berlin' ); my @cols = @{ $rows->[0] }; if ( @{$rows} > 2 and $rows->[0][0] == $action_type{undo} ) { @cols = @{ $rows->[2] }; } my $action_ts = epoch_to_dt( $cols[1] ); my $sched_ts = epoch_to_dt( $cols[8] ); my $real_ts = epoch_to_dt( $cols[9] ); my $checkin_station_name = decode( 'UTF-8', $cols[3] ); my @route = split( qr{[|]}, decode( 'UTF-8', $cols[10] // q{} ) ); my @route_after; my $is_after = 0; for my $station (@route) { if ( $station eq $checkin_station_name ) { $is_after = 1; } if ($is_after) { push( @route_after, $station ); } } return { checked_in => ( $cols[0] == $action_type{checkin} ), timestamp => $action_ts, timestamp_delta => $now->epoch - $action_ts->epoch, sched_ts => $sched_ts, real_ts => $real_ts, station_ds100 => $cols[2], station_name => $checkin_station_name, train_type => $cols[4], train_line => $cols[5], train_no => $cols[6], train_id => $cols[7], route => \@route, route_after => \@route_after, }; } return { checked_in => 0, timestamp => epoch_to_dt(0), sched_ts => epoch_to_dt(0), real_ts => epoch_to_dt(0), }; }; helper 'get_travel_distance' => sub { my ( $self, $from, $to, $route_ref ) = @_; my $distance = 0; my $geo = Geo::Distance->new(); my @route = after_incl { $_ eq $from } @{$route_ref}; @route = before_incl { $_ eq $to } @route; if ( @route < 2 ) { # I AM ERROR return 0; } my $prev_station = get_station( shift @route ); if ( not $prev_station ) { return 0; } for my $station_name (@route) { if ( my $station = get_station($station_name) ) { $distance += $geo->distance( 'kilometer', $prev_station->[3], $prev_station->[4], $station->[3], $station->[4] ); $prev_station = $station; } } return $distance; }; helper 'navbar_class' => sub { my ( $self, $path ) = @_; if ( $self->req->url eq $self->url_for($path) ) { return 'active'; } return q{}; }; get '/' => sub { my ($self) = @_; if ( $self->is_user_authenticated ) { $self->render( 'landingpage', with_geolocation => 1 ); } else { $self->render( 'landingpage', intro => 1 ); } }; get '/about' => sub { my ($self) = @_; $self->render( 'about', version => $VERSION ); }; get '/impressum' => sub { my ($self) = @_; $self->render('imprint'); }; get '/imprint' => sub { my ($self) = @_; $self->render('imprint'); }; post '/geolocation' => sub { my ($self) = @_; my $lon = $self->param('lon'); my $lat = $self->param('lat'); if ( not $lon or not $lat ) { $self->render( json => { error => 'Invalid lon/lat received' } ); } else { my @candidates = map { { ds100 => $_->[0][0], name => $_->[0][1], eva => $_->[0][2], lon => $_->[0][3], lat => $_->[0][4], distance => $_->[1], } } Travel::Status::DE::IRIS::Stations::get_station_by_location( $lon, $lat, 5 ); $self->render( json => { candidates => [@candidates], } ); } }; post '/list_departures' => sub { my ($self) = @_; my $station = $self->param('station'); $self->redirect_to("/s/${station}"); }; get '/api/v0/:action/:token' => sub { my ($self) = @_; my $api_action = $self->stash('action'); my $api_token = $self->stash('token'); if ( $api_action !~ qr{ ^ (?: status | history | action ) $ }x ) { $self->render( json => { error => 'Invalid action', }, ); return; } if ( $api_token !~ qr{ ^ (? \d+ ) - (? .* ) $ }x ) { $self->render( json => { error => 'Malformed token', }, ); return; } my $uid = $+{id}; $api_token = $+{token}; my $token = $self->get_api_token($uid); if ( $api_token ne $token->{$api_action} ) { $self->render( json => { error => 'Invalid token', }, ); return; } if ( $api_action eq 'status' ) { my $status = $self->get_user_status($uid); $self->render( json => { checked_in => $status->{checked_in} ? \1 : \0, station_ds100 => $status->{station_ds100}, station_name => $status->{station_name}, train_type => $status->{train_type}, train_line => $status->{train_line}, train_no => $status->{train_no}, action_ts => $status->{timestamp}->epoch, sched_ts => $status->{sched_ts}->epoch, real_ts => $status->{real_ts}->epoch, }, ); } else { $self->render( json => { error => 'not implemented', }, ); } }; get '/login' => sub { my ($self) = @_; $self->render('login'); }; post '/login' => sub { my ($self) = @_; my $user = $self->req->param('user'); my $password = $self->req->param('password'); # Keep cookies for 6 months $self->session( expiration => 60 * 60 * 24 * 180 ); if ( $self->validation->csrf_protect->has_error('csrf_token') ) { $self->render( 'login', invalid => 'csrf', ); } else { if ( $self->authenticate( $user, $password ) ) { $self->redirect_to( $self->req->param('redirect_to') // '/' ); } else { my $data = $self->get_user_password($user); if ( $data and $data->{status} == 0 ) { $self->render( 'login', invalid => 'confirmation' ); } else { $self->render( 'login', invalid => 'credentials' ); } } } }; get '/register' => sub { my ($self) = @_; $self->render('register'); }; post '/register' => sub { my ($self) = @_; my $user = $self->req->param('user'); my $email = $self->req->param('email'); my $password = $self->req->param('password'); my $password2 = $self->req->param('password2'); my $ip = $self->req->headers->header('X-Forwarded-For'); my $ua = $self->req->headers->user_agent; my $date = DateTime->now( time_zone => 'Europe/Berlin' ) ->strftime('%d.%m.%Y %H:%M:%S %z'); # In case Mojolicious is not running behind a reverse proxy $ip //= sprintf( '%s:%s', $self->tx->remote_address, $self->tx->remote_port ); if ( $self->validation->csrf_protect->has_error('csrf_token') ) { $self->render( 'register', invalid => 'csrf', ); return; } if ( not length($user) ) { $self->render( 'register', invalid => 'user_empty' ); return; } if ( not length($email) ) { $self->render( 'register', invalid => 'mail_empty' ); return; } if ( $user !~ m{ ^ [0-9a-zA-Z_-]+ $ }x ) { $self->render( 'register', invalid => 'user_format' ); return; } if ( $self->check_if_user_name_exists($user) ) { $self->render( 'register', invalid => 'user_collision' ); return; } if ( $self->check_if_mail_is_blacklisted($email) ) { $self->render( 'register', invalid => 'mail_blacklisted' ); return; } if ( $password ne $password2 ) { $self->render( 'register', invalid => 'password_notequal' ); return; } if ( length($password) < 8 ) { $self->render( 'register', invalid => 'password_short' ); return; } my $token = make_token(); my $pw_hash = hash_password($password); $self->app->dbh->begin_work; my $user_id = $self->add_user( $user, $email, $token, $pw_hash ); my $reg_url = $self->url_for('reg')->to_abs->scheme('https'); my $imprint_url = $self->url_for('impressum')->to_abs->scheme('https'); my $body = "Hallo, ${user}!\n\n"; $body .= "Mit deiner E-Mail-Adresse (${email}) wurde ein Account bei\n"; $body .= "travelynx angelegt.\n\n"; $body .= "Falls die Registrierung von dir ausging, kannst du den Account unter\n"; $body .= "${reg_url}/${user_id}/${token}\n"; $body .= "freischalten.\n\n"; $body .= "Falls nicht, ignoriere diese Mail bitte. Nach etwa 48 Stunden wird deine\n"; $body .= "Mail-Adresse erneut zur Registrierung freigeschaltet. Falls auch diese fehlschlägt,\n"; $body .= "werden wir sie dauerhaft sperren und keine Mails mehr dorthin schicken.\n\n"; $body .= "Daten zur Registrierung:\n"; $body .= " * Datum: ${date}\n"; $body .= " * Verwendete IP: ${ip}\n"; $body .= " * Verwendeter Browser gemäß User Agent: ${ua}\n\n\n"; $body .= "Impressum: ${imprint_url}\n"; my $reg_mail = Email::Simple->create( header => [ To => $email, From => 'Travelynx ', Subject => 'Registrierung bei travelynx', 'Content-Type' => 'text/plain; charset=UTF-8', ], body => encode( 'utf-8', $body ), ); my $success = try_to_sendmail($reg_mail); if ($success) { $self->app->dbh->commit; $self->render( 'login', from => 'register' ); } else { $self->app->dbh->rollback; $self->render( 'register', invalid => 'sendmail' ); } }; get '/reg/:id/:token' => sub { my ($self) = @_; my $id = $self->stash('id'); my $token = $self->stash('token'); my @db_user = $self->get_user_token($id); if ( not @db_user ) { $self->render( 'register', invalid => 'token' ); return; } my ( $db_name, $db_status, $db_token ) = @db_user; if ( not $db_name or $token ne $db_token or $db_status != 0 ) { $self->render( 'register', invalid => 'token' ); return; } $self->app->set_status_query->execute( 1, $id ); $self->render( 'login', from => 'verification' ); }; post '/action' => sub { my ($self) = @_; my $params = $self->req->json; if ( not exists $params->{action} ) { $params = $self->req->params->to_hash; } if ( not $self->is_user_authenticated ) { # We deliberately do not set the HTTP status for these replies, as it # confuses jquery. $self->render( json => { success => 0, error => 'Session error, please login again', }, ); return; } if ( not $params->{action} ) { $self->render( json => { success => 0, error => 'Missing action value', }, ); return; } my $station = $params->{station}; if ( $params->{action} eq 'checkin' ) { my ( $train, $error ) = $self->checkin( $params->{station}, $params->{train}, ); if ($error) { $self->render( json => { success => 0, error => $error, }, ); } else { $self->render( json => { success => 1, }, ); } } elsif ( $params->{action} eq 'checkout' ) { my $error = $self->checkout( $params->{station}, $params->{force}, ); if ($error) { $self->render( json => { success => 0, error => $error, }, ); } else { $self->render( json => { success => 1, }, ); } } elsif ( $params->{action} eq 'undo' ) { my $error = $self->undo; if ($error) { $self->render( json => { success => 0, error => $error, }, ); } else { $self->render( json => { success => 1, }, ); } } else { $self->render( json => { success => 0, error => 'invalid action value', }, ); } }; under sub { my ($self) = @_; if ( $self->is_user_authenticated ) { return 1; } $self->render( 'login', redirect_to => $self->req->url ); return undef; }; get '/account' => sub { my ($self) = @_; $self->render('account'); }; get '/history' => sub { my ($self) = @_; $self->respond_to( json => { json => [ $self->get_user_travels ] }, any => { template => 'history' } ); }; get '/history.json' => sub { my ($self) = @_; $self->render( json => [ $self->get_user_travels ] ); }; get '/journey/:id' => sub { my ($self) = @_; my ( $uid, $checkin_ts, $checkout_ts ) = split( qr{-}, $self->stash('id') ); if ( $uid != $self->current_user->{id} ) { $self->render( 'journey', error => 'notfound', journey => {} ); return; } my @journeys = $self->get_user_travels( uid => $uid, checkin_epoch => $checkin_ts, checkout_epoch => $checkout_ts, verbose => 1, ); if ( @journeys == 0 ) { $self->render( 'journey', error => 'notfound', journey => {} ); return; } $self->render( 'journey', error => undef, journey => $journeys[0] ); }; get '/export.json' => sub { my ($self) = @_; my $uid = $self->current_user->{id}; my $query = $self->app->get_all_actions_query; $query->execute($uid); my @entries; while ( my @row = $query->fetchrow_array ) { my ( $action, $raw_ts, $ds100, $name, $train_type, $train_line, $train_no, $train_id, $raw_sched_ts, $raw_real_ts, $raw_route, $raw_messages ) = @row; $name = decode( 'UTF-8', $name ); $raw_route = decode( 'UTF-8', $raw_route ); $raw_messages = decode( 'UTF-8', $raw_messages ); push( @entries, { action => $action_types[ $action - 1 ], action_ts => $raw_ts, station_ds100 => $ds100, station_name => $name, train_type => $train_type, train_line => $train_line, train_no => $train_no, train_id => $train_id, scheduled_ts => $raw_sched_ts, realtime_ts => $raw_real_ts, messages => $raw_messages ? [ map { [ split(qr{:}) ] } split( qr{[|]}, $raw_messages ) ] : undef, route => $raw_route ? [ split( qr{[|]}, $raw_route ) ] : undef, } ); } $self->render( json => [@entries], ); }; post '/delete' => sub { my ($self) = @_; if ( $self->validation->csrf_protect->has_error('csrf_token') ) { $self->render( 'account', invalid => 'csrf' ); return; } my $now = DateTime->now( time_zone => 'Europe/Berlin' )->epoch; if ( $self->param('action') eq 'delete' ) { if (not $self->authenticate($self->current_user->{name}, $self->param('password'))) { $self->render( 'account', invalid => 'password' ); return; } $self->app->mark_for_deletion_query->execute( $now, $self->current_user->{id} ); } else { $self->app->mark_for_deletion_query->execute( undef, $self->current_user->{id} ); } $self->redirect_to('account'); }; post '/logout' => sub { my ($self) = @_; if ( $self->validation->csrf_protect->has_error('csrf_token') ) { $self->render( 'login', invalid => 'csrf' ); return; } $self->logout; $self->redirect_to('/login'); }; post '/set_token' => sub { my ($self) = @_; if ( $self->validation->csrf_protect->has_error('csrf_token') ) { $self->render( 'account', invalid => 'csrf' ); return; } my $token = make_token(); my $token_id = $token_type{ $self->param('token') }; if ( not $token_id ) { $self->redirect_to('account'); return; } if ( $self->param('action') eq 'delete' ) { $self->app->drop_api_token_query->execute( $self->current_user->{id}, $token_id ); } else { $self->app->set_api_token_query->execute( $self->current_user->{id}, $token_id, $token ); } $self->redirect_to('account'); }; get '/s/*station' => sub { my ($self) = @_; my $station = $self->stash('station'); my $train = $self->param('train'); my $status = get_departures($station); if ( $status->{errstr} ) { $self->render( 'landingpage', with_geolocation => 1, error => $status->{errstr} ); } else { # You can't check into a train which terminates here my @results = grep { $_->departure } @{ $status->{results} }; @results = map { $_->[0] } sort { $b->[1] <=> $a->[1] } map { [ $_, $_->departure->epoch // $_->sched_departure->epoch ] } @results; if ($train) { @results = grep { $_->type . ' ' . $_->train_no eq $train } @results; } $self->render( 'departures', ds100 => $status->{station_ds100}, results => \@results, station => $status->{station_name}, title => "travelynx: $status->{station_name}", ); } }; if ( $ENV{TRAVELYNX_SECRETS} ) { app->secrets( [ split( qr{:}, $ENV{TRAVELYNX_SECRETS} ) ] ); } app->defaults( layout => 'default' ); app->config( hypnotoad => { accepts => 40, listen => [ $ENV{TRAVELYNX_LISTEN} // 'http://*:8093' ], pid_file => '/tmp/travelynx.pid', workers => $ENV{TRAVELYNX_WORKERS} // 2, }, ); app->types->type( json => 'application/json; charset=utf-8' ); app->start;