Foodloop-Server/lib/Pear/LocalLoop.pm

package Pear::LocalLoop;

use Mojo::Base 'Mojolicious';
use Data::UUID;
use Devel::Dwarn;
use Mojo::JSON;
use Data::Dumper;
use Email::Valid;
use ORM::Date;
use Authen::Passphrase::BlowfishCrypt;
use Scalar::Util qw(looks_like_number);
use Pear::LocalLoop::Schema;


sub startup {
  my $self = shift;

  
$self->plugin( 'Config', {
  default => {
    sessionTimeSeconds => 60 * 60 * 24 * 7,
    sessionTokenJsonName => 'sessionToken',
    sessionExpiresJsonName => 'sessionExpires',
  },
});
my $config = $self->config;

my $schema = Pear::LocalLoop::Schema->connect($config->{dsn},$config->{user},$config->{pass}) or die "Could not connect";
my $dbh = $schema->storage->dbh;
$dbh->do("PRAGMA foreign_keys = ON");
$dbh->do("PRAGMA secure_delete = ON");

my $sessionTimeSeconds = 60 * 60 * 24 * 7; #1 week.
my $sessionTokenJsonName = 'sessionToken';
my $sessionExpiresJsonName = 'sessionExpires';

Dwarn $config;

# shortcut for use in template
$self->helper( db => sub { $dbh });
$self->helper( schema => sub { $schema });

my $r = $self->routes;

$r->post("/register")->to('register#post_register');

$r->post("/upload")->to('upload#post_upload');
$r->post("/search")->to('upload#post_search');

$r->post("/admin-approve")->to('admin#post_admin_approve');
$r->post("/admin-merge")->to('admin#post_admin_merge');

$r->get("/login")->to('auth#get_login');
$r->post("/login")->to('auth#post_login');
$r->post("/logout")->to('auth#post_logout');

$r->post("/edit")->to('api#post_edit');
$r->post("/fetchuser")->to('api#post_fetchuser');

$r->post("/user-history")->to('user#post_user_history');


$r->any( '/' => sub {
  my $self = shift;
  return $self->render(text => 'If you are seeing this, then the server is running.', success => Mojo::JSON->true);
});


$self->hook( before_dispatch => sub {
  my $self = shift;

  $self->remove_all_expired_sessions();

  #See if logged in.
  my $sessionToken = $self->get_session_token();
  #$self->app->log->debug( "sessionToken: " . $sessionToken);
  
  #0 = no session, npn-0 is has updated session
  my $hasBeenExtended = $self->extend_session($sessionToken);
  #$self->app->log->debug( "hasBeenExtended: " . $hasBeenExtended);

  my $path = $self->req->url->to_abs->path;

  $self->app->log->debug('Path: file:' . __FILE__ . ', line: ' . __LINE__);

  #Has valid session
  if ($hasBeenExtended) {
    $self->app->log->debug('Path: file:' . __FILE__ . ', line: ' . __LINE__);
    #If logged in and requestine the login page redirect to the main page.
    if ($path eq '/login') {
      $self->app->log->debug('Path: file:' . __FILE__ . ', line: ' . __LINE__);
      #Force expire and redirect.
      $self->res->code(303);
      $self->redirect_to('/');
    }
  }
  #Has expired or did not exist in the first place and the path is not login
  elsif ($path ne '/login' &&  $path ne '/register') {
    $self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
    $self->res->code(303);
    $self->redirect_to('/login');
  }
  $self->app->log->debug('Path: file:' . __FILE__ . ', line: ' . __LINE__);
});


$self->helper( is_admin => sub{
  my ($self, $userId) = @_;

  my ($rowCount) = $self->db->selectrow_array("SELECT COUNT(UserId) FROM Administrators WHERE UserId = ?", undef, ($userId));

  return $rowCount != 0;
});

$self->helper( create_hash => sub{
  my ($self, $id, $name, $fullAddress, $postcode) = @_;

  my $hash = {};
  $hash->{'id'} = $id;
  $hash->{'name'} = $name;
  $hash->{'fullAddress'} = $fullAddress . ", " . $postcode;
 
  return $hash;
});


$self->helper( valid_username => sub {
  my ($self, $username) = @_;
  return ($username =~ m/^[A-Za-z0-9]+$/);
});

$self->helper(valid_email => sub {
  my ($self, $email) = @_;
  return (Email::Valid->address($email));
});

$self->helper(get_active_user_id => sub {
  my $self = shift;

  my $token = $self->get_session_token(); 
  if (! defined $token){
    return undef;
  }

  my @out = $self->db->selectrow_array("SELECT UserIdAssignedTo_FK FROM SessionTokens WHERE SessionTokenName = ?",undef,($token));
  if (! @out){
    return undef;
  }
  else{
    return $out[0];
  }
});

$self->helper(get_session_token => sub {
  my $self = shift;

  #See if logged in.
  my $sessionToken = undef;

  my $json = $self->req->json;
  if (defined $json) {
    $sessionToken = $json->{$sessionTokenJsonName};
  }

  if ( ! defined $sessionToken || $sessionToken eq "" ) {
    $sessionToken = $self->session->{$sessionTokenJsonName};
  }

  if (defined $sessionToken && $sessionToken eq "" ) {
    $sessionToken = undef;
  }

  return $sessionToken;
});


#This assumes the user has no current session on that device.
$self->helper(generate_session => sub {
  my ($self, $userId) = @_;

  my $sessionToken = $self->generate_session_token();
  my $expireDateTime = $self->session_token_expiry_date_time();

  my $insertStatement = $self->db->prepare('INSERT INTO SessionTokens (SessionTokenName, UserIdAssignedTo_FK, ExpireDateTime) VALUES (?, ?, ?)');
  my $rowsAdded = $insertStatement->execute($sessionToken, $userId, $expireDateTime);

  $self->session(expires => $expireDateTime);
  $self->session->{$sessionTokenJsonName} = $sessionToken;
  
  return {$sessionTokenJsonName => $sessionToken, $sessionExpiresJsonName => $expireDateTime};
});

$self->helper(generate_session_token => sub {
  my $self = shift;
  return Data::UUID->new->create_str();
});

$self->helper(expire_all_sessions => sub {
  my $self = shift;
  
  my $rowsDeleted = $self->db->prepare("DELETE FROM SessionTokens")->execute();
  
  return $rowsDeleted;
});

$self->helper(session_token_expiry_date_time => sub {
  my $self = shift; 
  return time() + $sessionTimeSeconds;
});

$self->helper(remove_all_expired_sessions => sub {
  my $self = shift;

  my $timeDateNow = time();

  my $removeStatement = $self->db->prepare('DELETE FROM SessionTokens WHERE ExpireDateTime < ?');
  my $rowsRemoved = $removeStatement->execute($timeDateNow);  

  return $rowsRemoved;
});


#1 = session update, 0 = there was no session or it expired.
#We assume the token has a valid structure.
$self->helper(extend_session => sub {
  my ( $self, $sessionToken ) = @_;

  my $timeDateExpire = $self->session_token_expiry_date_time();

  my $updateStatement = $self->db->prepare('UPDATE SessionTokens SET ExpireDateTime = ? WHERE SessionTokenName = ?');
  my $rowsChanges = $updateStatement->execute($timeDateExpire, $sessionToken);  

  #Has been updated.
  if ($rowsChanges != 0) {
    $self->session(expires => $timeDateExpire);
    return 1;
  } 
  else {
    $self->session(expires => 1);
    return 0;
  }
});

$self->helper(get_session_expiry => sub {
  my ( $self, $sessionToken ) = @_;

  my ( $expireTime ) = $self->db->selectrow_array("SELECT ExpireDateTime FROM SessionTokens WHERE SessionTokenName = ?", undef, ($sessionToken));

  return $expireTime;

});

#True for session was expire, false there was no session to expire.
$self->helper(expire_current_session => sub {
  my $self = shift;

  my $sessionToken = $self->get_session_token();

  my $removeStatement = $self->db->prepare('DELETE FROM SessionTokens WHERE SessionTokenName = ?');
  my $rowsRemoved = $removeStatement->execute($sessionToken);  

  $self->session(expires => 1);
  $self->session->{$sessionTokenJsonName} = $sessionToken;

  return $rowsRemoved != 0;
});

#Return true if and only if the token exists and has not been used.
$self->helper(is_token_unused => sub {
  my ( $self, $token ) = @_;

  my ( $out ) = $self->db->selectrow_array("SELECT COUNT(AccountTokenId) FROM AccountTokens WHERE AccountTokenName = ? AND Used = 0", undef, ($token));

  return $out != 0;

});

#Return true if and only if the token exists and has not been used.
$self->helper(does_organisational_id_exist => sub {
  my ( $self, $organisationalId ) = @_;

  my ( $out ) = $self->db->selectrow_array("SELECT COUNT(OrganisationalId) FROM Organisations WHERE OrganisationalId = ?", undef, ($organisationalId));
  return $out != 0;
});

$self->helper(get_age_foreign_key => sub {
  my ( $self, $ageString ) = @_;

  my ($out) = $self->db->selectrow_array("SELECT AgeRangeId FROM AgeRanges WHERE AgeRangeString = ?", undef, ($ageString));
  return $out;
});

$self->helper(get_userid_foreign_key => sub {
  my ( $self, $email ) = @_;

  my ($out) = $self->db->selectrow_array("SELECT UserId FROM Users WHERE Email = ?", undef, ($email));
  return $out;
  
});


$self->helper(does_username_exist => sub {
  my ( $self, $username ) = @_;

  my ($out) = $self->db->selectrow_array("SELECT COUNT(UserName) FROM Customers WHERE UserName = ?", {}, ($username));
  return $out != 0;
});

$self->helper(does_email_exist => sub {
  my ( $self, $email ) = @_;

  my ($out) = $self->db->selectrow_array("SELECT COUNT(Email) FROM Users WHERE Email = ?", {}, ($email));
  return $out != 0;
});

$self->helper(set_token_as_used => sub {
  my ( $self, $token ) = @_;

  #Return true if and only if the token exists and has not been used.
  my $statement = $self->db->prepare("UPDATE AccountTokens SET Used = 1 WHERE AccountTokenName = ? AND Used = 0 ");
  my $rows = $statement->execute($token);

  #print '-set_token_as_used-'.(Dumper($rows))."-\n";

  return $rows != 0;
});

$self->helper(generate_hashed_password => sub {
  my ( $self, $password ) = @_;

  my $ppr = Authen::Passphrase::BlowfishCrypt->new(
    cost => 8, salt_random => 1,
    passphrase => $password);
  return $ppr->as_crypt;

});
 
# We assume the user already exists.
$self->helper(check_password_email => sub{
  my ( $self, $email, $password) = @_;

  my ($hashedPassword) = $self->db->selectrow_array("SELECT HashedPassword FROM Users WHERE Email = ?", undef, ($email));
  my $ppr = Authen::Passphrase::BlowfishCrypt->from_crypt($hashedPassword);

  return $ppr->match($password);
});

}

1;
Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00			`package Pear::LocalLoop;`

			`use Mojo::Base 'Mojolicious';`
			`use Data::UUID;`
			`use Devel::Dwarn;`
			`use Mojo::JSON;`
			`use Data::Dumper;`
			`use Email::Valid;`
			`use ORM::Date;`
			`use Authen::Passphrase::BlowfishCrypt;`
			`use Scalar::Util qw(looks_like_number);`
			`use Pear::LocalLoop::Schema;`


			`sub startup {`
			`my $self = shift;`


			`$self->plugin( 'Config', {`
			`default => {`
			`sessionTimeSeconds => 60 * 60 * 24 * 7,`
			`sessionTokenJsonName => 'sessionToken',`
			`sessionExpiresJsonName => 'sessionExpires',`
			`},`
			`});`
			`my $config = $self->config;`

			`my $schema = Pear::LocalLoop::Schema->connect($config->{dsn},$config->{user},$config->{pass}) or die "Could not connect";`
			`my $dbh = $schema->storage->dbh;`
			`$dbh->do("PRAGMA foreign_keys = ON");`
			`$dbh->do("PRAGMA secure_delete = ON");`

			`my $sessionTimeSeconds = 60 * 60 * 24 * 7; #1 week.`
			`my $sessionTokenJsonName = 'sessionToken';`
			`my $sessionExpiresJsonName = 'sessionExpires';`

			`Dwarn $config;`

			`# shortcut for use in template`
			`$self->helper( db => sub { $dbh });`
Code cleanup 2017-03-02 15:46:35 +00:00			`$self->helper( schema => sub { $schema });`
Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00
			`my $r = $self->routes;`

			`$r->post("/register")->to('register#post_register');`

			`$r->post("/upload")->to('upload#post_upload');`
			`$r->post("/search")->to('upload#post_search');`

			`$r->post("/admin-approve")->to('admin#post_admin_approve');`
Added admin-merge API and test. 2017-03-06 03:35:49 +00:00			`$r->post("/admin-merge")->to('admin#post_admin_merge');`
Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00
			`$r->get("/login")->to('auth#get_login');`
			`$r->post("/login")->to('auth#post_login');`
			`$r->post("/logout")->to('auth#post_logout');`

			`$r->post("/edit")->to('api#post_edit');`
			`$r->post("/fetchuser")->to('api#post_fetchuser');`

User history API for how much they have spent tested and implemented. 2017-03-08 18:50:25 +00:00			`$r->post("/user-history")->to('user#post_user_history');`

Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00
			`$r->any( '/' => sub {`
			`my $self = shift;`
			`return $self->render(text => 'If you are seeing this, then the server is running.', success => Mojo::JSON->true);`
			`});`




			`$self->hook( before_dispatch => sub {`
			`my $self = shift;`

			`$self->remove_all_expired_sessions();`

			`#See if logged in.`
			`my $sessionToken = $self->get_session_token();`
User history API for how much they have spent tested and implemented. 2017-03-08 18:50:25 +00:00			`#$self->app->log->debug( "sessionToken: " . $sessionToken);`
Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00
			`#0 = no session, npn-0 is has updated session`
			`my $hasBeenExtended = $self->extend_session($sessionToken);`
User history API for how much they have spent tested and implemented. 2017-03-08 18:50:25 +00:00			`#$self->app->log->debug( "hasBeenExtended: " . $hasBeenExtended);`
Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00
			`my $path = $self->req->url->to_abs->path;`

User history API for how much they have spent tested and implemented. 2017-03-08 18:50:25 +00:00			`$self->app->log->debug('Path: file:' . __FILE__ . ', line: ' . __LINE__);`

Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00			`#Has valid session`
			`if ($hasBeenExtended) {`
User history API for how much they have spent tested and implemented. 2017-03-08 18:50:25 +00:00			`$self->app->log->debug('Path: file:' . __FILE__ . ', line: ' . __LINE__);`
Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00			`#If logged in and requestine the login page redirect to the main page.`
			`if ($path eq '/login') {`
User history API for how much they have spent tested and implemented. 2017-03-08 18:50:25 +00:00			`$self->app->log->debug('Path: file:' . __FILE__ . ', line: ' . __LINE__);`
Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00			`#Force expire and redirect.`
			`$self->res->code(303);`
			`$self->redirect_to('/');`
			`}`
			`}`
			`#Has expired or did not exist in the first place and the path is not login`
			`elsif ($path ne '/login' && $path ne '/register') {`
User history API for how much they have spent tested and implemented. 2017-03-08 18:50:25 +00:00			`$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);`
Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00			`$self->res->code(303);`
			`$self->redirect_to('/login');`
			`}`
User history API for how much they have spent tested and implemented. 2017-03-08 18:50:25 +00:00			`$self->app->log->debug('Path: file:' . __FILE__ . ', line: ' . __LINE__);`
Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00			`});`


			`$self->helper( is_admin => sub{`
			`my ($self, $userId) = @_;`

			`my ($rowCount) = $self->db->selectrow_array("SELECT COUNT(UserId) FROM Administrators WHERE UserId = ?", undef, ($userId));`

			`return $rowCount != 0;`
			`});`

			`$self->helper( create_hash => sub{`
			`my ($self, $id, $name, $fullAddress, $postcode) = @_;`

			`my $hash = {};`
			`$hash->{'id'} = $id;`
			`$hash->{'name'} = $name;`
			`$hash->{'fullAddress'} = $fullAddress . ", " . $postcode;`

			`return $hash;`
			`});`



			`$self->helper( valid_username => sub {`
			`my ($self, $username) = @_;`
			`return ($username =~ m/^[A-Za-z0-9]+$/);`
			`});`

			`$self->helper(valid_email => sub {`
			`my ($self, $email) = @_;`
			`return (Email::Valid->address($email));`
			`});`

			`$self->helper(get_active_user_id => sub {`
			`my $self = shift;`

			`my $token = $self->get_session_token();`
			`if (! defined $token){`
			`return undef;`
			`}`

			`my @out = $self->db->selectrow_array("SELECT UserIdAssignedTo_FK FROM SessionTokens WHERE SessionTokenName = ?",undef,($token));`
			`if (! @out){`
			`return undef;`
			`}`
			`else{`
			`return $out[0];`
			`}`
			`});`

			`$self->helper(get_session_token => sub {`
			`my $self = shift;`

			`#See if logged in.`
			`my $sessionToken = undef;`

			`my $json = $self->req->json;`
			`if (defined $json) {`
			`$sessionToken = $json->{$sessionTokenJsonName};`
			`}`

			`if ( ! defined $sessionToken \|\| $sessionToken eq "" ) {`
			`$sessionToken = $self->session->{$sessionTokenJsonName};`
			`}`

			`if (defined $sessionToken && $sessionToken eq "" ) {`
			`$sessionToken = undef;`
			`}`

			`return $sessionToken;`
			`});`


			`#This assumes the user has no current session on that device.`
			`$self->helper(generate_session => sub {`
			`my ($self, $userId) = @_;`

			`my $sessionToken = $self->generate_session_token();`
			`my $expireDateTime = $self->session_token_expiry_date_time();`

			`my $insertStatement = $self->db->prepare('INSERT INTO SessionTokens (SessionTokenName, UserIdAssignedTo_FK, ExpireDateTime) VALUES (?, ?, ?)');`
			`my $rowsAdded = $insertStatement->execute($sessionToken, $userId, $expireDateTime);`

			`$self->session(expires => $expireDateTime);`
			`$self->session->{$sessionTokenJsonName} = $sessionToken;`

			`return {$sessionTokenJsonName => $sessionToken, $sessionExpiresJsonName => $expireDateTime};`
			`});`

			`$self->helper(generate_session_token => sub {`
			`my $self = shift;`
			`return Data::UUID->new->create_str();`
			`});`

			`$self->helper(expire_all_sessions => sub {`
			`my $self = shift;`

			`my $rowsDeleted = $self->db->prepare("DELETE FROM SessionTokens")->execute();`

			`return $rowsDeleted;`
			`});`

			`$self->helper(session_token_expiry_date_time => sub {`
			`my $self = shift;`
			`return time() + $sessionTimeSeconds;`
			`});`

			`$self->helper(remove_all_expired_sessions => sub {`
			`my $self = shift;`

			`my $timeDateNow = time();`

			`my $removeStatement = $self->db->prepare('DELETE FROM SessionTokens WHERE ExpireDateTime < ?');`
			`my $rowsRemoved = $removeStatement->execute($timeDateNow);`

			`return $rowsRemoved;`
			`});`


			`#1 = session update, 0 = there was no session or it expired.`
			`#We assume the token has a valid structure.`
			`$self->helper(extend_session => sub {`
			`my ( $self, $sessionToken ) = @_;`

			`my $timeDateExpire = $self->session_token_expiry_date_time();`

			`my $updateStatement = $self->db->prepare('UPDATE SessionTokens SET ExpireDateTime = ? WHERE SessionTokenName = ?');`
			`my $rowsChanges = $updateStatement->execute($timeDateExpire, $sessionToken);`

			`#Has been updated.`
			`if ($rowsChanges != 0) {`
			`$self->session(expires => $timeDateExpire);`
			`return 1;`
			`}`
			`else {`
			`$self->session(expires => 1);`
			`return 0;`
			`}`
			`});`

			`$self->helper(get_session_expiry => sub {`
			`my ( $self, $sessionToken ) = @_;`

			`my ( $expireTime ) = $self->db->selectrow_array("SELECT ExpireDateTime FROM SessionTokens WHERE SessionTokenName = ?", undef, ($sessionToken));`

			`return $expireTime;`

			`});`

			`#True for session was expire, false there was no session to expire.`
			`$self->helper(expire_current_session => sub {`
			`my $self = shift;`

			`my $sessionToken = $self->get_session_token();`

			`my $removeStatement = $self->db->prepare('DELETE FROM SessionTokens WHERE SessionTokenName = ?');`
			`my $rowsRemoved = $removeStatement->execute($sessionToken);`

			`$self->session(expires => 1);`
			`$self->session->{$sessionTokenJsonName} = $sessionToken;`

			`return $rowsRemoved != 0;`
			`});`

			`#Return true if and only if the token exists and has not been used.`
			`$self->helper(is_token_unused => sub {`
			`my ( $self, $token ) = @_;`

			`my ( $out ) = $self->db->selectrow_array("SELECT COUNT(AccountTokenId) FROM AccountTokens WHERE AccountTokenName = ? AND Used = 0", undef, ($token));`

			`return $out != 0;`

			`});`

			`#Return true if and only if the token exists and has not been used.`
			`$self->helper(does_organisational_id_exist => sub {`
			`my ( $self, $organisationalId ) = @_;`

			`my ( $out ) = $self->db->selectrow_array("SELECT COUNT(OrganisationalId) FROM Organisations WHERE OrganisationalId = ?", undef, ($organisationalId));`
			`return $out != 0;`
			`});`

			`$self->helper(get_age_foreign_key => sub {`
			`my ( $self, $ageString ) = @_;`

			`my ($out) = $self->db->selectrow_array("SELECT AgeRangeId FROM AgeRanges WHERE AgeRangeString = ?", undef, ($ageString));`
			`return $out;`
			`});`

			`$self->helper(get_userid_foreign_key => sub {`
			`my ( $self, $email ) = @_;`

			`my ($out) = $self->db->selectrow_array("SELECT UserId FROM Users WHERE Email = ?", undef, ($email));`
			`return $out;`

			`});`


			`$self->helper(does_username_exist => sub {`
			`my ( $self, $username ) = @_;`

			`my ($out) = $self->db->selectrow_array("SELECT COUNT(UserName) FROM Customers WHERE UserName = ?", {}, ($username));`
			`return $out != 0;`
			`});`

			`$self->helper(does_email_exist => sub {`
			`my ( $self, $email ) = @_;`

			`my ($out) = $self->db->selectrow_array("SELECT COUNT(Email) FROM Users WHERE Email = ?", {}, ($email));`
			`return $out != 0;`
			`});`

			`$self->helper(set_token_as_used => sub {`
			`my ( $self, $token ) = @_;`

			`#Return true if and only if the token exists and has not been used.`
			`my $statement = $self->db->prepare("UPDATE AccountTokens SET Used = 1 WHERE AccountTokenName = ? AND Used = 0 ");`
			`my $rows = $statement->execute($token);`

			`#print '-set_token_as_used-'.(Dumper($rows))."-\n";`

			`return $rows != 0;`
			`});`

			`$self->helper(generate_hashed_password => sub {`
			`my ( $self, $password ) = @_;`

			`my $ppr = Authen::Passphrase::BlowfishCrypt->new(`
			`cost => 8, salt_random => 1,`
			`passphrase => $password);`
			`return $ppr->as_crypt;`

			`});`

			`# We assume the user already exists.`
			`$self->helper(check_password_email => sub{`
			`my ( $self, $email, $password) = @_;`

			`my ($hashedPassword) = $self->db->selectrow_array("SELECT HashedPassword FROM Users WHERE Email = ?", undef, ($email));`
			`my $ppr = Authen::Passphrase::BlowfishCrypt->from_crypt($hashedPassword);`

			`return $ppr->match($password);`
			`});`

			`}`

			`1;`