2016-09-05 15:52:13 +00:00
|
|
|
|
|
|
|
#!/usr/bin/env perl
|
|
|
|
# NOT READY FOR PRODUCTION
|
|
|
|
|
|
|
|
use Mojolicious::Lite;
|
|
|
|
use Data::UUID;
|
|
|
|
use Devel::Dwarn;
|
|
|
|
use Mojo::JSON;
|
2016-09-15 15:56:04 +00:00
|
|
|
use Data::Dumper;
|
2016-09-05 15:52:13 +00:00
|
|
|
|
|
|
|
# connect to database
|
|
|
|
use DBI;
|
|
|
|
|
|
|
|
my $config = plugin Config => {file => 'myapp.conf'};
|
|
|
|
my $dbh = DBI->connect($config->{dsn},$config->{user},$config->{pass}) or die "Could not connect";
|
|
|
|
Dwarn $config;
|
|
|
|
|
|
|
|
# shortcut for use in template
|
|
|
|
helper db => sub { $dbh };
|
|
|
|
|
|
|
|
any '/' => sub {
|
|
|
|
my $self = shift;
|
|
|
|
|
2016-09-19 11:51:22 +00:00
|
|
|
$self->render(text => 'If you are seeing this, then the server is running.');
|
2016-09-05 15:52:13 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
post '/upload' => sub {
|
|
|
|
my $self = shift;
|
|
|
|
# Fetch parameters to write to DB
|
2016-09-05 16:52:45 +00:00
|
|
|
my $key = $self->param('key');
|
2016-09-05 15:52:13 +00:00
|
|
|
# This will include an if function to see if key matches
|
2016-09-05 16:52:45 +00:00
|
|
|
unless ($key eq $config->{key}) {
|
|
|
|
return $self->render( json => { success => Mojo::JSON->false }, status => 403 );
|
|
|
|
}
|
2016-09-05 15:52:13 +00:00
|
|
|
my $username = $self->param('username');
|
|
|
|
my $company = $self->param('company');
|
|
|
|
my $currency = $self->param('currency');
|
|
|
|
my $file = $self->req->upload('file');
|
|
|
|
# Get image type and check extension
|
|
|
|
my $headers = $file->headers->content_type;
|
|
|
|
# Is content type wrong?
|
|
|
|
if ($headers ne 'image/jpeg') {
|
|
|
|
return $self->render( json => {
|
|
|
|
success => Mojo::JSON->false,
|
|
|
|
message => 'Wrong image extension!',
|
|
|
|
});
|
|
|
|
};
|
|
|
|
# Rewrite header data
|
|
|
|
my $ext = '.jpg';
|
|
|
|
my $uuid = Data::UUID->new->create_str;
|
|
|
|
my $filename = $uuid . $ext;
|
|
|
|
# send photo to image folder on server
|
|
|
|
$file->move_to('images/' . $filename);
|
|
|
|
# send data to foodloop db
|
|
|
|
my $insert = $self->db->prepare('INSERT INTO foodloop (username, company, currency, filename) VALUES (?,?,?,?)');
|
|
|
|
$insert->execute($username, $company, $currency, $filename);
|
2016-09-05 16:52:45 +00:00
|
|
|
$self->render( json => { success => Mojo::JSON->true } );
|
2016-09-05 15:52:13 +00:00
|
|
|
$self->render(text => 'It did not kaboom!');
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
post '/register' => sub {
|
|
|
|
my $self = shift;
|
|
|
|
|
|
|
|
my $json = $self->req->json;
|
|
|
|
|
|
|
|
my $account = $self->get_account_by_username( $json->{username} );
|
|
|
|
|
2016-09-15 17:08:33 +00:00
|
|
|
$self->app->log->debug( "Account: " . Dumper $account );
|
|
|
|
$self->app->log->debug( "JSON: " . Dumper $json );
|
|
|
|
|
2016-09-05 15:52:13 +00:00
|
|
|
unless ( defined $account ) {
|
|
|
|
return $self->render( json => {
|
|
|
|
success => Mojo::JSON->false,
|
|
|
|
message => 'Username not recognised, has your token expired?',
|
|
|
|
});
|
2016-09-15 17:08:33 +00:00
|
|
|
} elsif ( $account->{keyused} ) {
|
2016-09-05 15:52:13 +00:00
|
|
|
return $self->render( json => {
|
|
|
|
success => Mojo::JSON->false,
|
|
|
|
message => 'Token has already been used',
|
|
|
|
});
|
|
|
|
}
|
2016-09-26 16:36:52 +00:00
|
|
|
my $insert = $self->db->prepare("UPDATE accounts SET fullname = ?, email = ?, postcode = ?, age = ?, gender = ?, grouping = ?, password = ?, keyused = ? WHERE username = ?");
|
2016-09-05 15:52:13 +00:00
|
|
|
$insert->execute(
|
2016-09-26 16:36:52 +00:00
|
|
|
@{$json}{ qw/ fullname email postcode age gender grouping password / }, 'True', $account->{username},
|
2016-09-05 15:52:13 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
$self->render( json => { success => Mojo::JSON->true } );
|
|
|
|
};
|
|
|
|
|
|
|
|
post '/edit' => sub {
|
|
|
|
my $self = shift;
|
|
|
|
|
|
|
|
my $json = $self->req->json;
|
|
|
|
|
|
|
|
my $account = $self->get_account_by_username( $json->{username} );
|
|
|
|
|
|
|
|
unless ( defined $account ) {
|
|
|
|
return $self->render( json => {
|
|
|
|
success => Mojo::JSON->false,
|
|
|
|
message => 'Username not recognised, has your token expired?',
|
|
|
|
});
|
|
|
|
# PLUG SECURITY HOLE
|
|
|
|
} elsif ( $account->{keyused} ne 't' ) {
|
|
|
|
return $self->render( json => {
|
|
|
|
success => Mojo::JSON->false,
|
|
|
|
message => 'Token has not been used yet!',
|
|
|
|
});
|
|
|
|
}
|
2016-09-26 16:36:52 +00:00
|
|
|
my $insert = $self->db->prepare("UPDATE accounts SET fullname = ?, postcode = ?, age = ?, gender = ?, WHERE username = ?");
|
2016-09-05 15:52:13 +00:00
|
|
|
$insert->execute(
|
2016-09-26 16:36:52 +00:00
|
|
|
@{$json}{ qw/ fullname postcode age gender / }, $account->{username},
|
2016-09-05 15:52:13 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
$self->render( json => { success => Mojo::JSON->true } );
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
post '/token' => sub {
|
|
|
|
my $self = shift;
|
|
|
|
|
|
|
|
my $json = $self->req->json;
|
|
|
|
|
|
|
|
my $account = $self->get_account_by_token( $json->{token} );
|
|
|
|
|
2016-09-15 15:56:04 +00:00
|
|
|
$self->app->log->debug( "Account: " . Dumper $account );
|
|
|
|
|
2016-09-05 15:52:13 +00:00
|
|
|
# TODO change to proper boolean checks
|
2016-09-12 11:27:07 +00:00
|
|
|
if ( ! defined $account || $account->{keyused} ) {
|
2016-09-15 15:56:04 +00:00
|
|
|
$self->app->log->info("unrecognised or preused token: [" . $json->{token} . "]");
|
2016-09-05 15:52:13 +00:00
|
|
|
return $self->render( json => {
|
|
|
|
success => Mojo::JSON->false,
|
|
|
|
message => 'Token is invalid or has already been used',
|
|
|
|
});
|
|
|
|
}
|
|
|
|
return $self->render( json => {
|
|
|
|
username => $account->{username},
|
|
|
|
success => Mojo::JSON->true,
|
|
|
|
});
|
|
|
|
};
|
|
|
|
|
2016-10-31 16:19:58 +00:00
|
|
|
post '/fetchuser' => sub {
|
|
|
|
my $self = shift;
|
2016-09-05 15:52:13 +00:00
|
|
|
|
2016-10-31 16:19:58 +00:00
|
|
|
my $json = $self->req->json;
|
|
|
|
|
|
|
|
my $account = $self->get_account_by_username( $json->{username} );
|
|
|
|
|
|
|
|
unless ( defined $account ) {
|
|
|
|
return $self->render( json => {
|
|
|
|
success => Mojo::JSON->false,
|
|
|
|
message => 'Username not recognised, has your token expired?',
|
|
|
|
});
|
|
|
|
# PLUG SECURITY HOLE
|
|
|
|
} elsif ( $account->{keyused} ne 't' ) {
|
|
|
|
return $self->render( json => {
|
|
|
|
success => Mojo::JSON->false,
|
|
|
|
message => 'Token has not been used yet!',
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
# Add stuff to send back to user below here!
|
|
|
|
$self->render( json => {
|
|
|
|
success => Mojo::JSON->true,
|
|
|
|
});
|
2016-09-08 16:29:56 +00:00
|
|
|
};
|
2016-09-05 15:52:13 +00:00
|
|
|
|
2016-09-08 16:29:56 +00:00
|
|
|
helper get_account_by_username => sub {
|
2016-09-05 15:52:13 +00:00
|
|
|
my ( $self, $username ) = @_;
|
|
|
|
|
|
|
|
return $self->db->selectrow_hashref(
|
2016-09-12 11:27:07 +00:00
|
|
|
"SELECT keyused, username FROM accounts WHERE username = ?",
|
2016-09-05 15:52:13 +00:00
|
|
|
{},
|
|
|
|
$username,
|
|
|
|
);
|
2016-09-08 16:29:56 +00:00
|
|
|
};
|
2016-09-05 15:52:13 +00:00
|
|
|
|
|
|
|
app->start;
|