diff --git a/foodloopserver.pl b/foodloopserver.pl new file mode 100644 index 0000000..d42f0e5 --- /dev/null +++ b/foodloopserver.pl @@ -0,0 +1,154 @@ + +#!/usr/bin/env perl +# NOT READY FOR PRODUCTION + +use Mojolicious::Lite; +use Data::UUID; +use Devel::Dwarn; +use Mojo::JSON; + +# connect to database +use DBI; + +my $config = plugin Config => {file => 'myapp.conf'}; +my $dbh = DBI->connect($config->{dsn},$config->{user},$config->{pass}) or die "Could not connect"; +Dwarn $config; + +# shortcut for use in template +helper db => sub { $dbh }; + +any '/' => sub { + my $self = shift; + + $self->render(text => 'It did not kaboom!'); +}; + +post '/upload' => sub { + my $self = shift; +# Fetch parameters to write to DB +# my $key = $self->param('key'); +# This will include an if function to see if key matches +# unless ($key eq $config->{key}) { +# return $self->render( json => { success => Mojo::JSON->false }, status => 403 ); +# } + my $username = $self->param('username'); + my $company = $self->param('company'); + my $currency = $self->param('currency'); + my $file = $self->req->upload('file'); +# Get image type and check extension + my $headers = $file->headers->content_type; +# Is content type wrong? + if ($headers ne 'image/jpeg') { + return $self->render( json => { + success => Mojo::JSON->false, + message => 'Wrong image extension!', + }); + }; +# Rewrite header data + my $ext = '.jpg'; + my $uuid = Data::UUID->new->create_str; + my $filename = $uuid . $ext; +# send photo to image folder on server + $file->move_to('images/' . $filename); +# send data to foodloop db + my $insert = $self->db->prepare('INSERT INTO foodloop (username, company, currency, filename) VALUES (?,?,?,?)'); + $insert->execute($username, $company, $currency, $filename); + $self->render(text => 'It did not kaboom!'); + +}; + +post '/register' => sub { + my $self = shift; + + my $json = $self->req->json; + + my $account = $self->get_account_by_username( $json->{username} ); + + unless ( defined $account ) { + return $self->render( json => { + success => Mojo::JSON->false, + message => 'Username not recognised, has your token expired?', + }); + } elsif ( $account->{keyused} eq 't' ) { + return $self->render( json => { + success => Mojo::JSON->false, + message => 'Token has already been used', + }); + } + my $insert = $self->db->prepare("UPDATE accounts SET 'name' = ?, email = ?, postcode = ?, age = ?, gender = ?, grouping = ?, password = ?, keyused = ? WHERE username = ?"); + $insert->execute( + @{$json}{ qw/ name email postcode age gender grouping password / }, 'True', $account->{username}, + ); + + $self->render( json => { success => Mojo::JSON->true } ); +}; + +post '/edit' => sub { + my $self = shift; + + my $json = $self->req->json; + + my $account = $self->get_account_by_username( $json->{username} ); + + unless ( defined $account ) { + return $self->render( json => { + success => Mojo::JSON->false, + message => 'Username not recognised, has your token expired?', + }); +# PLUG SECURITY HOLE + } elsif ( $account->{keyused} ne 't' ) { + return $self->render( json => { + success => Mojo::JSON->false, + message => 'Token has not been used yet!', + }); + } + my $insert = $self->db->prepare("UPDATE accounts SET 'name' = ?, postcode = ?, age = ?, gender = ?, WHERE username = ?"); + $insert->execute( + @{$json}{ qw/ name postcode age gender / }, $account->{username}, + ); + + $self->render( json => { success => Mojo::JSON->true } ); +}; + + +post '/token' => sub { + my $self = shift; + + my $json = $self->req->json; + + my $account = $self->get_account_by_token( $json->{token} ); + + # TODO change to proper boolean checks + if ( ! defined $account || $account->{keyused} eq 't' ) { + return $self->render( json => { + success => Mojo::JSON->false, + message => 'Token is invalid or has already been used', + }); + } + return $self->render( json => { + username => $account->{username}, + success => Mojo::JSON->true, + }); +}; + +sub get_account_by_token { + my ( $self, $token ) = @_; + + return $self->db->selectrow_hashref( + 'SELECT keyused, username FROM accounts WHERE idkey = ?', + {}, + $token, + ); +} + +sub get_account_by_username { + my ( $self, $username ) = @_; + + return $self->db->selectrow_hashref( + 'SELECT keyused, username FROM accounts WHERE username = ?', + {}, + $username, + ); +} + +app->start;