package Travelynx::Controller::Api; # Copyright (C) 2020-2023 Birte Kristina Friesel # # SPDX-License-Identifier: AGPL-3.0-or-later use Mojo::Base 'Mojolicious::Controller'; use DateTime; use List::Util; use UUID::Tiny qw(:std); # Internal Helpers sub make_token { return create_uuid_as_string(UUID_V4); } sub sanitize { my ( $type, $value ) = @_; if ( not defined $value ) { return undef; } if ( $type eq '' ) { return '' . $value; } if ( $value =~ m{ ^ [0-9.e]+ $ }x ) { return 0 + $value; } return 0; } # Contollers sub documentation { my ($self) = @_; if ( $self->is_user_authenticated ) { my $uid = $self->current_user->{id}; $self->render( 'api_documentation', uid => $uid, api_token => $self->users->get_api_token( uid => $uid ), ); } else { $self->render('api_documentation'); } } sub get_v1 { my ($self) = @_; my $api_action = $self->stash('user_action'); my $api_token = $self->stash('token'); if ( $api_action !~ qr{ ^ (?: status | history | action ) $ }x ) { $self->render( json => { error => 'Invalid action', }, ); return; } if ( $api_token !~ qr{ ^ (?<id> \d+ ) - (?<token> .* ) $ }x ) { $self->render( json => { error => 'Malformed token', }, ); return; } my $uid = $+{id}; $api_token = $+{token}; if ( $uid > 2147483647 ) { $self->render( json => { error => 'Malformed token', }, ); return; } my $token = $self->users->get_api_token( uid => $uid ); if ( not $api_token or not $token->{$api_action} or $api_token ne $token->{$api_action} ) { $self->render( json => { error => 'Invalid token', }, ); return; } if ( $api_action eq 'status' ) { $self->render( json => $self->get_user_status_json_v1( uid => $uid ) ); } else { $self->render( json => { error => 'not implemented', }, ); } } sub travel_v1 { my ($self) = @_; my $payload = $self->req->json; if ( not $payload or ref($payload) ne 'HASH' ) { $self->render( json => { success => \0, deprecated => \0, error => 'Malformed JSON', }, ); return; } my $api_token = $payload->{token} // ''; if ( $api_token !~ qr{ ^ (?<id> \d+ ) - (?<token> .* ) $ }x ) { $self->render( json => { success => \0, deprecated => \0, error => 'Malformed token', }, ); return; } my $uid = $+{id}; $api_token = $+{token}; if ( $uid > 2147483647 ) { $self->render( json => { success => \0, deprecated => \0, error => 'Malformed token', }, ); return; } my $token = $self->users->get_api_token( uid => $uid ); if ( not $token->{'travel'} or $api_token ne $token->{'travel'} ) { $self->render( json => { success => \0, deprecated => \0, error => 'Invalid token', }, ); return; } if ( not exists $payload->{action} or $payload->{action} !~ m{^(checkin|checkout|undo)$} ) { $self->render( json => { success => \0, deprecated => \0, error => 'Missing or invalid action', status => $self->get_user_status_json_v1( uid => $uid ) }, ); return; } if ( $payload->{action} eq 'checkin' ) { my $from_station = sanitize( q{}, $payload->{fromStation} ); my $to_station = sanitize( q{}, $payload->{toStation} ); my $train_id; if ( not( $from_station and ( ( $payload->{train}{type} and $payload->{train}{no} ) or $payload->{train}{id} ) ) ) { $self->render( json => { success => \0, deprecated => \0, error => 'Missing fromStation or train data', status => $self->get_user_status_json_v1( uid => $uid ) }, ); return; } if ( not $self->stations->search($from_station) ) { $self->render( json => { success => \0, deprecated => \0, error => 'Unknown fromStation', status => $self->get_user_status_json_v1( uid => $uid ) }, ); return; } if ( $to_station and not $self->stations->search($to_station) ) { $self->render( json => { success => \0, deprecated => \0, error => 'Unknown toStation', status => $self->get_user_status_json_v1( uid => $uid ) }, ); return; } my $train_p; if ( exists $payload->{train}{id} ) { $train_p = Mojo::Promise->resolve( sanitize( 0, $payload->{train}{id} ) ); } else { my $train_type = sanitize( q{}, $payload->{train}{type} ); my $train_no = sanitize( q{}, $payload->{train}{no} ); $train_p = $self->iris->get_departures_p( station => $from_station, lookbehind => 140, lookahead => 40 )->then( sub { my ($status) = @_; if ( $status->{errstr} ) { return Mojo::Promise->reject( 'Error requesting departures from fromStation: ' . $status->{errstr} ); } my ($train) = List::Util::first { $_->type eq $train_type and $_->train_no eq $train_no } @{ $status->{results} }; if ( not defined $train ) { return Mojo::Promise->reject( 'Train not found at fromStation'); } return Mojo::Promise->resolve( $train->train_id ); } ); } $self->render_later; $train_p->then( sub { my ($train_id) = @_; return $self->checkin_p( station => $from_station, train_id => $train_id, uid => $uid ); } )->then( sub { my ($train) = @_; if ( $payload->{comment} ) { $self->in_transit->update_user_data( uid => $uid, user_data => { comment => sanitize( q{}, $payload->{comment} ) } ); } if ($to_station) { # the user may not have provided the correct to_station, so # request related stations for checkout. my ( $train2, $error ) = $self->checkout( station => $to_station, force => 0, uid => $uid, with_related => 1, ); if ($error) { return Mojo::Promise->reject($error); } } $self->render( json => { success => \1, deprecated => \0, status => $self->get_user_status_json_v1( uid => $uid ) } ); } )->catch( sub { my ($error) = @_; $self->render( json => { success => \0, deprecated => \0, error => 'Checkin/Checkout error: ' . $error, status => $self->get_user_status_json_v1( uid => $uid ) } ); } )->wait; } elsif ( $payload->{action} eq 'checkout' ) { my $to_station = sanitize( q{}, $payload->{toStation} ); if ( not $to_station ) { $self->render( json => { success => \0, deprecated => \0, error => 'Missing toStation', status => $self->get_user_status_json_v1( uid => $uid ) }, ); return; } if ( $payload->{comment} ) { $self->in_transit->update_user_data( uid => $uid, user_data => { comment => sanitize( q{}, $payload->{comment} ) } ); } # the user may not have provided the correct to_station, so # request related stations for checkout. my ( $train, $error ) = $self->checkout( station => $to_station, force => $payload->{force} ? 1 : 0, uid => $uid, with_related => 1, ); if ($error) { $self->render( json => { success => \0, deprecated => \0, error => 'Checkout error: ' . $error, status => $self->get_user_status_json_v1( uid => $uid ) } ); } else { $self->render( json => { success => \1, deprecated => \0, status => $self->get_user_status_json_v1( uid => $uid ) } ); } } elsif ( $payload->{action} eq 'undo' ) { my $error = $self->undo( 'in_transit', $uid ); if ($error) { $self->render( json => { success => \0, deprecated => \0, error => $error, status => $self->get_user_status_json_v1( uid => $uid ) } ); } else { $self->render( json => { success => \1, deprecated => \0, status => $self->get_user_status_json_v1( uid => $uid ) } ); } } } sub import_v1 { my ($self) = @_; my $payload = $self->req->json; if ( not $payload or ref($payload) ne 'HASH' ) { $self->render( json => { success => \0, deprecated => \0, error => 'Malformed JSON', }, ); return; } my $api_token = $payload->{token} // ''; if ( $api_token !~ qr{ ^ (?<id> \d+ ) - (?<token> .* ) $ }x ) { $self->render( json => { success => \0, deprecated => \0, error => 'Malformed token', }, ); return; } my $uid = $+{id}; $api_token = $+{token}; if ( $uid > 2147483647 ) { $self->render( json => { success => \0, deprecated => \0, error => 'Malformed token', }, ); return; } my $token = $self->users->get_api_token( uid => $uid ); if ( not $token->{'import'} or $api_token ne $token->{'import'} ) { $self->render( json => { success => \0, deprecated => \0, error => 'Invalid token', }, ); return; } if ( not exists $payload->{fromStation} or not exists $payload->{toStation} ) { $self->render( json => { success => \0, deprecated => \0, error => 'missing fromStation or toStation', }, ); return; } my %opt; eval { if ( not $payload->{fromStation}{name} or not $payload->{toStation}{name} ) { die("Missing fromStation/toStation name\n"); } if ( not $payload->{train}{type} or not $payload->{train}{no} ) { die("Missing train data\n"); } if ( not $payload->{fromStation}{scheduledTime} or not $payload->{toStation}{scheduledTime} ) { die("Missing fromStation/toStation scheduledTime\n"); } %opt = ( uid => $uid, train_type => sanitize( q{}, $payload->{train}{type} ), train_no => sanitize( q{}, $payload->{train}{no} ), train_line => sanitize( q{}, $payload->{train}{line} ), cancelled => $payload->{cancelled} ? 1 : 0, dep_station => sanitize( q{}, $payload->{fromStation}{name} ), arr_station => sanitize( q{}, $payload->{toStation}{name} ), sched_departure => sanitize( 0, $payload->{fromStation}{scheduledTime} ), rt_departure => sanitize( 0, $payload->{fromStation}{realTime} // $payload->{fromStation}{scheduledTime} ), sched_arrival => sanitize( 0, $payload->{toStation}{scheduledTime} ), rt_arrival => sanitize( 0, $payload->{toStation}{realTime} // $payload->{toStation}{scheduledTime} ), comment => sanitize( q{}, $payload->{comment} ), lax => $payload->{lax} ? 1 : 0, ); if ( $payload->{intermediateStops} and ref( $payload->{intermediateStops} ) eq 'ARRAY' ) { $opt{route} = [ map { sanitize( q{}, $_ ) } @{ $payload->{intermediateStops} } ]; } for my $key (qw(sched_departure rt_departure sched_arrival rt_arrival)) { $opt{$key} = DateTime->from_epoch( time_zone => 'Europe/Berlin', epoch => $opt{$key} ); } }; if ($@) { my ($first_line) = split( qr{\n}, $@ ); $self->render( json => { success => \0, deprecated => \0, error => $first_line } ); return; } my $db = $self->pg->db; my $tx = $db->begin; $opt{db} = $db; my ( $journey_id, $error ) = $self->journeys->add(%opt); my $journey; if ( not $error ) { $journey = $self->journeys->get_single( uid => $uid, db => $db, journey_id => $journey_id, verbose => 1 ); $error = $self->journeys->sanity_check( $journey, $payload->{lax} ? 1 : 0 ); } if ($error) { $self->render( json => { success => \0, deprecated => \0, error => $error } ); } elsif ( $payload->{dryRun} ) { $self->render( json => { success => \1, deprecated => \0, id => $journey_id, result => $journey } ); } else { $self->journey_stats_cache->invalidate( ts => $opt{rt_departure}, db => $db, uid => $uid ); $tx->commit; $self->render( json => { success => \1, deprecated => \0, id => $journey_id, result => $journey } ); } } sub set_token { my ($self) = @_; if ( $self->validation->csrf_protect->has_error('csrf_token') ) { $self->render( 'bad_request', csrf => 1, status => 400 ); return; } my $token = make_token(); my $token_id = $self->users->get_token_id( $self->param('token') ); if ( not $token_id ) { $self->redirect_to('account'); return; } if ( $self->param('action') eq 'delete' ) { $self->pg->db->delete( 'tokens', { user_id => $self->current_user->{id}, type => $token_id } ); } else { $self->pg->db->insert( 'tokens', { user_id => $self->current_user->{id}, type => $token_id, token => $token }, { on_conflict => \ '(user_id, type) do update set token = EXCLUDED.token' }, ); } $self->redirect_to('account'); } 1;