Foodloop-Server/lib/Pear/LocalLoop/Controller/Api/Auth.pm

package Pear::LocalLoop::Controller::Api::Auth;
use Mojo::Base 'Mojolicious::Controller';
use Data::Dumper;
use Mojo::JSON qw/ decode_json /;

has error_messages => sub {
  return {
    email => {
      required => { message => 'No email sent.', status => 400 },
      email => { message => 'Email is invalid.', status => 400 },
    },
    password => {
      required => { message => 'No password sent.', status => 400 },
    },
  };
};

sub check_json {
  my $c = shift;

  # JSON object is either the whole request, or under a json param for upload
  my $json = $c->req->json || decode_json( $c->param('json') || '{}' );

  unless ( defined $json && ref $json eq 'HASH' && scalar( keys %$json ) > 0 ) {
    $c->render(
      json => {
        success => Mojo::JSON->false,
        message => 'JSON is missing.',
      },
      status => 400,
    );
    return 0;
  }

  $c->stash( api_json => $json );
  return 1;
}

sub auth {
  my $c = shift;

  my $session_key = $c->stash->{api_json}->{session_key};

  if ( defined $session_key ) {
    my $session_result = $c->schema->resultset('SessionToken')->find({ token => $session_key });

    if ( defined $session_result ) {
      $c->stash( api_user => $session_result->user );
      return 1;
    }
  }

  $c->render(
    json => {
      success => Mojo::JSON->false,
      message => 'Invalid Session',
    },
    status => 401,
  );
  return 0;
}

sub post_login {
  my $c = shift;

  my $validation = $c->validation;

  $validation->input( $c->stash->{api_json} );
  $validation->required('email')->email;
  $validation->required('password');

  return $c->api_validation_error if $validation->has_error;

  my $email = $validation->param('email');
  my $password = $validation->param('password');

  $c->app->log->debug( __PACKAGE__ . " login attempt for [" . $email . "]" );

  my $user_result = $c->schema->resultset('User')->find({ email => $email });

  if ( defined $user_result ) {
    if ( $user_result->check_password($password) ) {
      my $session_key = $user_result->generate_session;

      return $c->render( json => {
        success => Mojo::JSON->true,
        session_key => $session_key,
        display_name => $user_result->name,
        user_type => $user_result->type,
      });
    } else {
      $c->app->log->info( __PACKAGE__ . " failed login for [" . $email . "]" );
    }
  }
  return $c->render(
    json => {
      success => Mojo::JSON->false,
      message => 'Email or password is invalid.',
    },
    status => 401
  );
}

sub post_logout {
  my $c = shift;

  my $session_key = $c->req->json( '/session_key' );

  my $session_result = $c->schema->resultset('SessionToken')->find({ token => $session_key });

  if ( defined $session_result ) {
    $session_result->delete;
  }

  $c->render( json => {
    success => Mojo::JSON->true,
    message => 'Logged Out',
  });
}

1;
Moved all API endpoints under /api, fixed all tests 2017-04-06 21:43:27 +00:00			`package Pear::LocalLoop::Controller::Api::Auth;`
Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00			`use Mojo::Base 'Mojolicious::Controller';`
			`use Data::Dumper;`
Fixed upload test and controller after updates to session key usage 2017-04-18 22:43:49 +00:00			`use Mojo::JSON qw/ decode_json /;`
Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00
Reworked api login to just need a session_key for everything 2017-04-18 21:31:08 +00:00			`has error_messages => sub {`
			`return {`
			`email => {`
			`required => { message => 'No email sent.', status => 400 },`
			`email => { message => 'Email is invalid.', status => 400 },`
			`},`
			`password => {`
			`required => { message => 'No password sent.', status => 400 },`
			`},`
			`};`
			`};`

Refactored entire api auth code, and upload endpoint 2017-04-20 00:27:18 +00:00			`sub check_json {`
Reworked api login to just need a session_key for everything 2017-04-18 21:31:08 +00:00			`my $c = shift;`

Refactored entire api auth code, and upload endpoint 2017-04-20 00:27:18 +00:00			`# JSON object is either the whole request, or under a json param for upload`
			`my $json = $c->req->json \|\| decode_json( $c->param('json') \|\| '{}' );`
Reworked api login to just need a session_key for everything 2017-04-18 21:31:08 +00:00
Refactored entire api auth code, and upload endpoint 2017-04-20 00:27:18 +00:00			`unless ( defined $json && ref $json eq 'HASH' && scalar( keys %$json ) > 0 ) {`
			`$c->render(`
			`json => {`
			`success => Mojo::JSON->false,`
			`message => 'JSON is missing.',`
			`},`
			`status => 400,`
			`);`
			`return 0;`
Fixed upload test and controller after updates to session key usage 2017-04-18 22:43:49 +00:00			`}`

Refactored entire api auth code, and upload endpoint 2017-04-20 00:27:18 +00:00			`$c->stash( api_json => $json );`
			`return 1;`
			`}`
Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00
Refactored entire api auth code, and upload endpoint 2017-04-20 00:27:18 +00:00			`sub auth {`
			`my $c = shift;`

			`my $session_key = $c->stash->{api_json}->{session_key};`

			`if ( defined $session_key ) {`
Finish major rework of schema 2017-04-21 21:12:53 +00:00			`my $session_result = $c->schema->resultset('SessionToken')->find({ token => $session_key });`
Refactored entire api auth code, and upload endpoint 2017-04-20 00:27:18 +00:00
			`if ( defined $session_result ) {`
			`$c->stash( api_user => $session_result->user );`
			`return 1;`
			`}`
Reworked api login to just need a session_key for everything 2017-04-18 21:31:08 +00:00			`}`

			`$c->render(`
			`json => {`
			`success => Mojo::JSON->false,`
			`message => 'Invalid Session',`
			`},`
			`status => 401,`
			`);`
			`return 0;`
Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00			`}`

			`sub post_login {`
Reworked api login to just need a session_key for everything 2017-04-18 21:31:08 +00:00			`my $c = shift;`
Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00
Reworked api login to just need a session_key for everything 2017-04-18 21:31:08 +00:00			`my $validation = $c->validation;`

Refactored entire api auth code, and upload endpoint 2017-04-20 00:27:18 +00:00			`$validation->input( $c->stash->{api_json} );`
Reworked api login to just need a session_key for everything 2017-04-18 21:31:08 +00:00			`$validation->required('email')->email;`
			`$validation->required('password');`

Refactored entire api auth code, and upload endpoint 2017-04-20 00:27:18 +00:00			`return $c->api_validation_error if $validation->has_error;`

Reworked api login to just need a session_key for everything 2017-04-18 21:31:08 +00:00			`my $email = $validation->param('email');`
			`my $password = $validation->param('password');`

dded minor logging to API login endpoint 2017-11-21 10:40:22 +00:00			`$c->app->log->debug( __PACKAGE__ . " login attempt for [" . $email . "]" );`

Reworked api login to just need a session_key for everything 2017-04-18 21:31:08 +00:00			`my $user_result = $c->schema->resultset('User')->find({ email => $email });`
Added giving user info on login 2017-07-26 14:29:38 +00:00
Reworked api login to just need a session_key for everything 2017-04-18 21:31:08 +00:00			`if ( defined $user_result ) {`
			`if ( $user_result->check_password($password) ) {`
Finish major rework of schema 2017-04-21 21:12:53 +00:00			`my $session_key = $user_result->generate_session;`
Reworked api login to just need a session_key for everything 2017-04-18 21:31:08 +00:00
			`return $c->render( json => {`
			`success => Mojo::JSON->true,`
			`session_key => $session_key,`
Return user type on login 2017-08-25 13:59:15 +00:00			`display_name => $user_result->name,`
			`user_type => $user_result->type,`
Reworked api login to just need a session_key for everything 2017-04-18 21:31:08 +00:00			`});`
dded minor logging to API login endpoint 2017-11-21 10:40:22 +00:00			`} else {`
			`$c->app->log->info( __PACKAGE__ . " failed login for [" . $email . "]" );`
Reworked api login to just need a session_key for everything 2017-04-18 21:31:08 +00:00			`}`
Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00			`}`
Fix issue with login error fixes #9 2017-07-20 16:34:33 +00:00			`return $c->render(`
			`json => {`
			`success => Mojo::JSON->false,`
			`message => 'Email or password is invalid.',`
			`},`
			`status => 401`
			`);`
Reworked api login to just need a session_key for everything 2017-04-18 21:31:08 +00:00			`}`
Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00
Reworked api login to just need a session_key for everything 2017-04-18 21:31:08 +00:00			`sub post_logout {`
			`my $c = shift;`
Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00
Reworked api login to just need a session_key for everything 2017-04-18 21:31:08 +00:00			`my $session_key = $c->req->json( '/session_key' );`
Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00
Finish major rework of schema 2017-04-21 21:12:53 +00:00			`my $session_result = $c->schema->resultset('SessionToken')->find({ token => $session_key });`
Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00
Reworked api login to just need a session_key for everything 2017-04-18 21:31:08 +00:00			`if ( defined $session_result ) {`
			`$session_result->delete;`
Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00			`}`

Reworked api login to just need a session_key for everything 2017-04-18 21:31:08 +00:00			`$c->render( json => {`
			`success => Mojo::JSON->true,`
			`message => 'Logged Out',`
Added giving user info on login 2017-07-26 14:29:38 +00:00			`});`
Moved to full Mojolicious app. 2017-02-24 19:27:43 +00:00			`}`

			`1;`