Pear-Trading/Foodloop-Server
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Moved all API endpoints under /api, fixed all tests

Browse source
This commit is contained in:
Tom Bloor 2017-04-06 22:43:27 +01:00
parent dbc2c59461
commit f2f2a543fa
15 changed files with 215 additions and 215 deletions
Download patch file Download diff file Expand all files Collapse all files

215
lib/Pear/LocalLoop/Controller/Api/Admin.pm Normal file
View file

@ -0,0 +1,215 @@
package Pear::LocalLoop::Controller::Api::Admin;
use Mojo::Base 'Mojolicious::Controller';
use Data::Dumper;
sub post_admin_approve {
my $self = shift;
my $userId = $self->get_active_user_id();
if ( ! $self->is_admin($userId) ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'You are not an admin.',
},
status => 403,); #Forbidden request
}
my $json = $self->req->json;
if ( ! defined $json ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'JSON is missing.',
},
status => 400,); #Malformed request
}
my $unvalidatedOrganisationId = $json->{unvalidatedOrganisationId};
if ( ! defined $unvalidatedOrganisationId ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'unvalidatedOrganisationId is missing.',
},
status => 400,); #Malformed request
}
elsif (! Scalar::Util::looks_like_number($unvalidatedOrganisationId)){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'unvalidatedOrganisationId does not look like a number.',
},
status => 400,); #Malformed request
}
my ($id, $name, $fullAddress, $postcode) = $self->db->selectrow_array("SELECT PendingOrganisationId, Name, FullAddress, Postcode FROM PendingOrganisations WHERE PendingOrganisationId = ?", undef, ($unvalidatedOrganisationId));
#It does not exist.
if (! defined $id) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'the specified unvalidatedOrganisationId does not exist.',
},
status => 400,); #Malformed request
}
my $nameJson = $json->{name};
if (defined $nameJson) {
$name = $nameJson;
}
my $fullAddressJson = $json->{fullAddress};
if (defined $fullAddressJson) {
$fullAddress = $fullAddressJson;
}
my $postCodeJson = $json->{postCode};
if (defined $postCodeJson) {
$postcode = $postCodeJson;
}
#FIXME there may be race conditions here, so may get the wrong number, mutux is needed.
my $statementInsOrg = $self->db->prepare("INSERT INTO Organisations (Name, FullAddress, PostCode) VALUES (?, ?, ?)");
$statementInsOrg->execute($name, $fullAddress, $postcode);
my $organisationalId = $self->db->last_insert_id(undef,undef, "Organisations", "OrganisationalId");
#print "OrgId: " . $organisationalId . "\n";
my $statementSelectPendingTrans = $self->db->prepare("SELECT BuyerUserId_FK, ValueMicroCurrency, ProofImage, TimeDateSubmitted FROM PendingTransactions WHERE PendingSellerOrganisationId_FK = ?");
$statementSelectPendingTrans->execute($unvalidatedOrganisationId);
my $statementInsTrans = $self->db->prepare("INSERT INTO Transactions (BuyerUserId_FK, SellerOrganisationId_FK, ValueMicroCurrency, ProofImage, TimeDateSubmitted) VALUES (?, ?, ?, ?, ?)");
#Move all transactions from pending onto verified.
while (my ($buyerUserId, $value, $imgName, $timeDate) = $statementSelectPendingTrans->fetchrow_array()) {
$statementInsTrans->execute($buyerUserId, $organisationalId, $value, $imgName, $timeDate);
}
#Delete transactions first, so there is no dependancy when deleting the row from PendingOrganisations.
$self->db->prepare("DELETE FROM PendingTransactions WHERE PendingSellerOrganisationId_FK = ?")->execute($unvalidatedOrganisationId);
$self->db->prepare("DELETE FROM PendingOrganisations WHERE PendingOrganisationId = ?")->execute($unvalidatedOrganisationId);
$self->app->log->debug('Path Success: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->true,
validatedOrganisationId => $organisationalId,
},
status => 200,);
}
sub post_admin_merge {
my $self = shift;
my $userId = $self->get_active_user_id();
if ( ! $self->is_admin($userId) ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'You are not an admin.',
},
status => 403,); #Forbidden request
}
my $json = $self->req->json;
if ( ! defined $json ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'JSON is missing.',
},
status => 400,); #Malformed request
}
my $unvalidatedOrganisationId = $json->{unvalidatedOrganisationId};
if ( ! defined $unvalidatedOrganisationId ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'unvalidatedOrganisationId is missing.',
},
status => 400,); #Malformed request
}
elsif (! Scalar::Util::looks_like_number($unvalidatedOrganisationId)){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'unvalidatedOrganisationId does not look like a number.',
},
status => 400,); #Malformed request
}
my $validatedOrganisationId = $json->{validatedOrganisationId};
if ( ! defined $validatedOrganisationId ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'validatedOrganisationId is missing.',
},
status => 400,); #Malformed request
}
elsif (! Scalar::Util::looks_like_number($validatedOrganisationId)){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'validatedOrganisationId does not look like a number.',
},
status => 400,); #Malformed request
}
#FIXME This requires mutual exclusion.
my $doesUnvalidatedIdNotExist = ($self->db->selectrow_array("SELECT COUNT(*) FROM PendingOrganisations WHERE PendingOrganisationId = ?", undef, ($unvalidatedOrganisationId)) == 0);
if ($doesUnvalidatedIdNotExist) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'unvalidatedOrganisationId does not exist in the database.',
},
status => 400,); #Malformed request
}
my $doesValidatedIdNotExist = ($self->db->selectrow_array("SELECT COUNT(*) FROM Organisations WHERE OrganisationalId = ?", undef, ($validatedOrganisationId)) == 0);
if ($doesValidatedIdNotExist) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'validatedOrganisationId does not exist in the database.',
},
status => 400,); #Malformed request
}
#FIXME there may be race conditions here, so may get the wrong number, mutux is needed.
my $statementSelectPendingTrans = $self->db->prepare("SELECT BuyerUserId_FK, ValueMicroCurrency, ProofImage, TimeDateSubmitted FROM PendingTransactions WHERE PendingSellerOrganisationId_FK = ?");
$statementSelectPendingTrans->execute($unvalidatedOrganisationId);
my $statementInsTrans = $self->db->prepare("INSERT INTO Transactions (BuyerUserId_FK, SellerOrganisationId_FK, ValueMicroCurrency, ProofImage, TimeDateSubmitted) VALUES (?, ?, ?, ?, ?)");
#Move all transactions from pending onto verified.
while (my ($buyerUserId, $value, $imgName, $timeDate) = $statementSelectPendingTrans->fetchrow_array()) {
$statementInsTrans->execute($buyerUserId, $validatedOrganisationId, $value, $imgName, $timeDate);
}
#Delete transactions first, so there is no dependancy when deleting the row from PendingOrganisations.
$self->db->prepare("DELETE FROM PendingTransactions WHERE PendingSellerOrganisationId_FK = ?")->execute($unvalidatedOrganisationId);
$self->db->prepare("DELETE FROM PendingOrganisations WHERE PendingOrganisationId = ?")->execute($unvalidatedOrganisationId);
$self->app->log->debug('Path Success: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->true,
},
status => 200,);
}
1;

59
lib/Pear/LocalLoop/Controller/Api/Api.pm Normal file
View file

@ -0,0 +1,59 @@
package Pear::LocalLoop::Controller::Api::Api;
use Mojo::Base 'Mojolicious::Controller';
use Data::Dumper;
sub post_edit {
my $self = shift;
my $json = $self->req->json;
my $account = $self->get_account_by_username( $json->{username} );
unless ( defined $account ) {
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Username not recognised, has your token expired?',
});
# PLUG SECURITY HOLE
} elsif ( $account->{keyused} ne 't' ) {
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Token has not been used yet!',
});
}
my $insert = $self->db->prepare("UPDATE accounts SET fullname = ?, postcode = ?, age = ?, gender = ?, WHERE username = ?");
$insert->execute(
@{$json}{ qw/ fullname postcode age gender / }, $account->{username},
);
$self->render( json => { success => Mojo::JSON->true } );
}
sub post_fetchuser {
my $self = shift;
my $json = $self->req->json;
my $account = $self->get_account_by_username( $json->{username} );
unless ( defined $account ) {
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Username not recognised, has your token expired?',
});
# PLUG SECURITY HOLE
} elsif ( $account->{keyused} ne 't' ) {
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Token has not been used yet!',
});
}
# Add stuff to send back to user below here!
$self->render( json => {
success => Mojo::JSON->true,
});
}
1;

123
lib/Pear/LocalLoop/Controller/Api/Auth.pm Normal file
View file

@ -0,0 +1,123 @@
package Pear::LocalLoop::Controller::Api::Auth;
use Mojo::Base 'Mojolicious::Controller';
use Data::Dumper;
use Mojo::JSON;
#FIXME placeholders
#Because of "before_dispatch" this will never be accessed unless the user is not logged in.
sub get_login {
my $self = shift;
return $self->render( success => Mojo::JSON->true, text => 'This will be the login page.', status => 200 );
}
#TODO set session cookie and add it to the database.
#FIXME This suffers from replay attacks, consider a challenge response. Would TLS solve this, most likely.
#SessionToken
#Because of "before_dispatch" this will never be accessed unless the user is not logged in.
sub post_login {
my $self = shift;
my $json = $self->req->json;
$self->app->log->debug( "\n\nStart of login");
$self->app->log->debug( "JSON: " . Dumper $json );
if ( ! defined $json ){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'No json sent.',
},
status => 400,); #Malformed request
}
my $email = $json->{email};
if ( ! defined $email ){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'No email sent.',
},
status => 400,); #Malformed request
}
elsif ( ! $self->valid_email($email) ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'email is invalid.',
},
status => 400,); #Malformed request
}
my $password = $json->{password};
if ( ! defined $password ){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'No password sent.',
},
status => 400,); #Malformed request
}
#FIXME There is a timing attack here determining if an email exists or not.
if ($self->does_email_exist($email) && $self->check_password_email($email, $password)) {
#Match.
$self->app->log->debug('Path Success: file:' . __FILE__ . ', line: ' . __LINE__);
my $userId = $self->get_userid_foreign_key($email);
#Generates and stores
my $hash = $self->generate_session($userId);
$self->app->log->debug('session dump:' . Dumper ($hash));
return $self->render( json => {
success => Mojo::JSON->true,
$self->config->{sessionTokenJsonName} => $hash->{$self->config->{sessionTokenJsonName}},
$self->config->{sessionExpiresJsonName} => $hash->{$self->config->{sessionExpiresJsonName}},
});
}
else{
#Mismatch
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Email or password is invalid.',
},
status => 401,); #Unauthorized request
}
}
sub post_logout {
my $self = shift;
my $json = $self->req->json;
$self->app->log->debug( "\n\nStart of logout");
$self->app->log->debug( "JSON: " . Dumper $json );
#If the session token exists.
if ($self->expire_current_session()) {
$self->app->log->debug('Path Success: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->true,
message => 'you were successfully logged out.',
});
}
#Due to the "before_dispatch" hook, this most likely will not be called. i.e. race conditions.
#FIXME untested.
#An invalid token was presented, most likely because it has expired.
else {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'the session has expired or did not exist in the first place.',
},
status => 401,); #Unauthorized request
}
}
1;

241
lib/Pear/LocalLoop/Controller/Api/Register.pm Normal file
View file

@ -0,0 +1,241 @@
package Pear::LocalLoop::Controller::Api::Register;
use Mojo::Base 'Mojolicious::Controller';
use Data::Dumper;
sub post_register{
my $self = shift;
my $json = $self->req->json;
$self->app->log->debug( "\n\nStart of register");
$self->app->log->debug( "JSON: " . Dumper $json );
if ( ! defined $json ){
$self->app->log->debug('Path: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'No json sent.',
},
status => 400,); #Malformed request
}
my $token = $json->{token};
if ( ! defined $token ){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'No token sent.',
},
status => 400,); #Malformed request
}
elsif ( ! $self->is_token_unused($token) ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Token invalid or has been used.',
},
status => 401,); #Unauthorized
}
my $username = $json->{username};
if ( ! defined $username ){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'No username sent.',
},
status => 400,); #Malformed request
}
elsif ($username eq ''){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Username cannot be blank.',
},
status => 400,); #Malformed request
}
elsif ( ! ($self->valid_username($username))){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Username can only be A-Z, a-z and 0-9 characters.',
},
status => 400,); #Malformed request
}
elsif ( $self->does_username_exist($username) ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Username exists.',
},
status => 403,); #Forbidden
}
my $email = $json->{email};
if ( ! defined $email ){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'No email sent.',
},
status => 400,); #Malformed request
}
elsif ( ! $self->valid_email($email)){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Email is invalid.',
},
status => 400,); #Malformed request
}
elsif($self->does_email_exist($email)) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Email exists.',
},
status => 403,); #Forbidden
}
#TODO test to see if post code is valid.
my $postcode = $json->{postcode};
if ( ! defined $postcode ){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'No postcode sent.',
},
status => 400,); #Malformed request
}
#TODO should we enforce password requirements.
my $password = $json->{password};
if ( ! defined $password ){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'No password sent.',
},
status => 400,); #Malformed request
}
my $hashedPassword = $self->generate_hashed_password($password);
my $secondsTime = time();
my $date = ORM::Date->new_epoch($secondsTime)->mysql_date;
my $usertype = $json->{usertype};
if ( ! defined $usertype ){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'No usertype sent.',
},
status => 400,); #Malformed request
}
elsif ($usertype eq 'customer'){
$self->app->log->debug('Path: file:' . __FILE__ . ', line: ' . __LINE__);
my $age = $json->{age};
if ( ! defined $age ){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'No age sent.',
},
status => 400,); #Malformed request
}
my $ageForeignKey = $self->get_age_foreign_key($age);
if ( ! defined $ageForeignKey ){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Age range is invalid.',
},
status => 400,); #Malformed request
}
#TODO UNTESTED as it's hard to simulate.
#Token is no longer valid race condition.
if ( ! $self->set_token_as_used($token) ){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Token no longer is accepted.',
},
status => 500,); #Internal server error. Racecondition
}
my ($idToUse) = $self->db->selectrow_array("SELECT MAX(CustomerId) FROM Customers");
if (defined $idToUse){
$idToUse++;
}
else{
$idToUse = 1;
}
#TODO Race condition here.
my $insertCustomer = $self->db->prepare("INSERT INTO Customers (CustomerId, UserName, AgeRange_FK, PostCode) VALUES (?, ?, ?, ?)");
my $rowsInsertedCustomer = $insertCustomer->execute($idToUse, $username, $ageForeignKey, $postcode);
my $insertUser = $self->db->prepare("INSERT INTO Users (CustomerId_FK, Email, JoinDate, HashedPassword) VALUES (?, ?, ?, ?)");
my $rowsInsertedUser = $insertUser->execute($idToUse, $email, $date, $hashedPassword);
$self->app->log->debug('Path Success: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => { success => Mojo::JSON->true } );
}
elsif ($usertype eq 'organisation') {
$self->app->log->debug('Path: file:' . __FILE__ . ', line: ' . __LINE__);
#TODO validation on the address. Or perhaps add the organisation to a "to be inspected" list then manually check them.
my $fullAddress = $json->{fulladdress};
if ( ! defined $fullAddress ){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'No fulladdress sent.',
},
status => 400,); #Malformed request
}
#TODO UNTESTED as it's hard to simulate.
#Token is no longer valid race condition.
if ( ! $self->set_token_as_used($token) ){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'Token no longer is accepted.',
},
status => 500,); #Internal server error. Racecondition
}
my $idToUse = $self->db->selectrow_array("SELECT MAX(OrganisationalId) FROM Organisations");
if (defined $idToUse){
$idToUse++;
}
else{
$idToUse = 1;
}
#TODO Race condition here.
my $insertOrganisation = $self->db->prepare("INSERT INTO Organisations (OrganisationalId, Name, FullAddress, PostCode) VALUES (?, ?, ?, ?)");
my $rowsInsertedOrganisation = $insertOrganisation->execute($idToUse, $username, $fullAddress, $postcode);
my $insertUser = $self->db->prepare("INSERT INTO Users (OrganisationalId_FK, Email, JoinDate, HashedPassword) VALUES (?, ?, ?, ?)");
my $rowsInsertedUser = $insertUser->execute($idToUse, $email, $date, $hashedPassword);
$self->app->log->debug('Path Success: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => { success => Mojo::JSON->true } );
}
else{
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => '"usertype" is invalid.',
},
status => 400,); #Malformed request
}
}
1;

375
lib/Pear/LocalLoop/Controller/Api/Upload.pm Normal file
View file

@ -0,0 +1,375 @@
package Pear::LocalLoop::Controller::Api::Upload;
use Mojo::Base 'Mojolicious::Controller';
use Data::Dumper;
=head2 post_upload
Takes a file upload, with a file key of 'file2', and a json string under the
'json' key.
The json string should be an object, with the following keys:
=over
=item * microCurrencyValue
The value of the transaction
=item * transactionAdditionType
Is a value of 1, 2, or 3 - depending on the type of transaction.
=item * addValidatedId
An ID of a valid organisation. used when transactionAdditionType is 1.
=item * addUnvalidatedId
An ID of an unvalidated organisation. Used when transactionAdditionType is 2.
=item * organisationName
The name of an organisation. Used when transactionAdditionType is 3.
=back
=cut
sub post_upload {
my $self = shift;
my $userId = $self->get_active_user_id();
my $json = $self->param('json');
if ( ! defined $json ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'JSON is missing.',
},
status => 400,); #Malformed request
}
$json = Mojo::JSON::decode_json($json);
$self->app->log->debug( "JSON: " . Dumper $json );
my $microCurrencyValue = $json->{microCurrencyValue};
if ( ! defined $microCurrencyValue ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'microCurrencyValue is missing.',
},
status => 400,); #Malformed request
}
#Is valid number
elsif (! Scalar::Util::looks_like_number($microCurrencyValue)){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'microCurrencyValue does not look like a number.',
},
status => 400,); #Malformed request
}
#Is the number range valid.
elsif ($microCurrencyValue <= 0){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'microCurrencyValue cannot be equal to or less than zero.',
},
status => 400,); #Malformed request
}
my $transactionAdditionType = $json->{transactionAdditionType};
if ( ! defined $transactionAdditionType ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'transactionAdditionType is missing.',
},
status => 400,); #Malformed request
}
my $file = $self->req->upload('file2');
$self->app->log->debug( "file: " . Dumper $file );
if (! defined $file) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'no file uploaded.',
},
status => 400,); #Malformed request
}
my $ext = '.jpg';
my $uuid = Data::UUID->new->create_str;
my $filename = $uuid . $ext;
#TODO Check for valid image file.
# my $headers = $file->headers->content_type;
# $self->app->log->debug( "content type: " . Dumper $headers );
#Is content type wrong?
# if ($headers ne 'image/jpeg') {
# return $self->render( json => {
# success => Mojo::JSON->false,
# message => 'Wrong image extension!',
# }, status => 400);
# };
#Add validated organisation.
if ($transactionAdditionType == 1){
my $addValidatedId = $json->{addValidatedId};
if (! defined $addValidatedId){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'addValidatedId is missing.',
},
status => 400,); #Malformed request
}
if (! $self->does_organisational_id_exist($addValidatedId)){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'addValidatedId does not exist in the database.',
},
status => 400,); #Malformed request
}
my $time = time();
my $statement = $self->db->prepare("INSERT INTO Transactions (BuyerUserId_FK, SellerOrganisationId_FK, ValueMicroCurrency, ProofImage, TimeDateSubmitted) VALUES (?, ?, ?, ?, ?)");
my $rowsAdded = $statement->execute($userId, $addValidatedId, $microCurrencyValue, $filename, $time);
#It was successful.
if ($rowsAdded != 0) {
$file->move_to('images/' . $filename);
$self->app->log->debug('Path Success: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->true,
message => 'Added transaction for validated organisation.',
},
status => 200,);
}
#TODO Untested, not quite sure how to test it.
else {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'An unknown error occurred when adding the transaction.',
},
status => 500,);
}
}
#2 and 3 are similar by the adding of a transaction at the end.
elsif ($transactionAdditionType == 2 || $transactionAdditionType == 3){
my $unvalidatedOrganisationId = undef;
if ($transactionAdditionType == 2){
$self->app->log->debug('Path: file:' . __FILE__ . ', line: ' . __LINE__);
$unvalidatedOrganisationId = $json->{addUnvalidatedId};
if (! defined $unvalidatedOrganisationId){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'addUnvalidatedId is missing.',
},
status => 400,); #Malformed request
}
elsif (! Scalar::Util::looks_like_number($unvalidatedOrganisationId)){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'addUnvalidatedId does not look like a number.',
},
status => 400,); #Malformed request
}
my ($existsRef) = $self->db->selectrow_array("SELECT COUNT(PendingOrganisationId) FROM PendingOrganisations WHERE PendingOrganisationId = ? AND UserSubmitted_FK = ?",undef,($unvalidatedOrganisationId, $userId));
if ($existsRef == 0) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'addUnvalidatedId does not exist in the database for the user.',
},
status => 400,); #Malformed request
}
}
#type need to add a organisation for type 3.
else{ # ($transactionAdditionType == 3)
$self->app->log->debug('Path: file:' . __FILE__ . ', line: ' . __LINE__);
#TODO more validation.
my $organisationName = $json->{organisationName};
if (! defined $organisationName){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'organisationName is missing.',
},
status => 400,); #Malformed request
}
#TODO validation.
#TODO check which ones are present.
my $streetName = $json->{streetName};
my $town = $json->{town};
my $postcode = $json->{postcode};
($unvalidatedOrganisationId) = $self->db->selectrow_array("SELECT MAX(PendingOrganisationId) FROM PendingOrganisations",undef,());
if (defined $unvalidatedOrganisationId){
$unvalidatedOrganisationId++;
}
else{
$unvalidatedOrganisationId = 1;
}
my $fullAddress = "";
if ( defined $streetName && ! ($streetName =~ m/^\s*$/) ){
$fullAddress = $streetName;
}
if ( defined $town && ! ($town =~ m/^\s*$/) ){
if ($fullAddress eq ""){
$fullAddress = $town;
}
else{
$fullAddress = $fullAddress . ", " . $town;
}
}
my $statement = $self->db->prepare("INSERT INTO PendingOrganisations (PendingOrganisationId, UserSubmitted_FK, TimeDateSubmitted, Name, FullAddress, Postcode) VALUES (?, ?, ?, ?, ?, ?)");
my $rowsAdded = $statement->execute($unvalidatedOrganisationId,$userId,time(),$organisationName,$fullAddress,$postcode);
#TODO, untested. It could not be added for some reason. Most likely race conditions.
if ($rowsAdded == 0) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'An unknown error occurred when adding the transaction.',
},
status => 500,);
}
}
my $statement2 = $self->db->prepare("INSERT INTO PendingTransactions (BuyerUserId_FK, PendingSellerOrganisationId_FK, ValueMicroCurrency, ProofImage, TimeDateSubmitted) VALUES (?, ?, ?, ?, ?)");
my $rowsAdded2 = $statement2->execute($userId, $unvalidatedOrganisationId, $microCurrencyValue, $filename, time());
if ($rowsAdded2 != 0) {
$file->move_to('images/' . $filename);
$self->app->log->debug('Path Success: file:' . __FILE__ . ', line: ' . __LINE__);
my $returnedJson = {
success => Mojo::JSON->true,
message => 'Added transaction for unvalidated organisation.',
};
if ($transactionAdditionType == 3){
$returnedJson->{unvalidatedOrganisationId} = $unvalidatedOrganisationId;
}
return $self->render( json => $returnedJson,
status => 200,);
}
else {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'An unknown error occurred when adding the transaction.',
},
status => 500,);
}
}
else{
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'transactionAdditionType is not a valid value.',
},
status => 400,); #Malformed request
}
}
#TODO this should limit the number of responses returned, when location is implemented that would be the main way of filtering.
sub post_search {
my $self = shift;
my $userId = $self->get_active_user_id();
my $json = $self->req->json;
if ( ! defined $json ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'JSON is missing.',
},
status => 400,); #Malformed request
}
my $searchName = $json->{searchName};
if ( ! defined $searchName ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'searchName is missing.',
},
status => 400,); #Malformed request
}
#Is blank
elsif ( $searchName =~ m/^\s*$/) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'searchName is blank.',
},
status => 400,); #Malformed request
}
#Currently ignored
#TODO implement further.
my $searchLocation = $json->{searchLocation};
my @validatedOrgs = ();
{
my $statementValidated = $self->db->prepare("SELECT OrganisationalId, Name, FullAddress, PostCode FROM Organisations WHERE UPPER( Name ) LIKE ?");
$statementValidated->execute('%'. uc $searchName.'%');
while (my ($id, $name, $address, $postcode) = $statementValidated->fetchrow_array()) {
push(@validatedOrgs, $self->create_hash($id,$name,$address,$postcode));
}
}
$self->app->log->debug( "Orgs: " . Dumper @validatedOrgs );
my @unvalidatedOrgs = ();
{
my $statementUnvalidated = $self->db->prepare("SELECT PendingOrganisationId, Name, FullAddress, Postcode FROM PendingOrganisations WHERE UPPER( Name ) LIKE ? AND UserSubmitted_FK = ?");
$statementUnvalidated->execute('%'. uc $searchName.'%', $userId);
while (my ($id, $name, $fullAddress, $postcode) = $statementUnvalidated->fetchrow_array()) {
push(@unvalidatedOrgs, $self->create_hash($id, $name, $fullAddress, $postcode));
}
}
$self->app->log->debug( "Non Validated Orgs: " . Dumper @unvalidatedOrgs );
$self->app->log->debug('Path Success: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->true,
unvalidated => \@unvalidatedOrgs,
validated => \@validatedOrgs,
},
status => 200,);
}
1;

341
lib/Pear/LocalLoop/Controller/Api/User.pm Normal file
View file

@ -0,0 +1,341 @@
package Pear::LocalLoop::Controller::Api::User;
use Mojo::Base 'Mojolicious::Controller';
use Data::Dumper;
use Mojo::JSON;
use DateTime;
use DateTime::Duration;
use TryCatch;
sub post_user_history {
my $self = shift;
my $userId = $self->get_active_user_id();
my $json = $self->req->json;
if ( ! defined $json ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'JSON is missing.',
},
status => 400,); #Malformed request
}
my $retrieveType = $json->{retrieveType};
if ( ! defined $retrieveType ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'retrieveType is missing.',
},
status => 400,); #Malformed request
}
elsif (! Scalar::Util::looks_like_number($retrieveType)){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'retrieveType does not look like a number.',
},
status => 400,); #Malformed request
}
#Date time.
my $startDateTime;
my $endDateTime;
#One day
if ($retrieveType == 1){
my $startDayNumber = $json->{dayNumber};
if ( ! defined $startDayNumber ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'dayNumber is missing.',
},
status => 400,); #Malformed request
}
elsif (! Scalar::Util::looks_like_number($startDayNumber)){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'dayNumber does not look like a number.',
},
status => 400,); #Malformed request
}
my $startMonthNumber = $json->{monthNumber};
if ( ! defined $startMonthNumber ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'monthNumber is missing.',
},
status => 400,); #Malformed request
}
elsif (! Scalar::Util::looks_like_number($startMonthNumber)){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'monthNumber does not look like a number.',
},
status => 400,); #Malformed request
}
my $startYear = $json->{year};
if ( ! defined $startYear ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'year is missing.',
},
status => 400,); #Malformed request
}
elsif (! Scalar::Util::looks_like_number($startYear)){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'year does not look like a number.',
},
status => 400,); #Malformed request
}
try
{
$startDateTime = DateTime->new(
year => $startYear,
month => $startMonthNumber,
day => $startDayNumber,
);
}
catch
{
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'date is invalid.',
},
status => 400,); #Malformed request
};
$endDateTime = $startDateTime->clone();
}
elsif ($retrieveType == 2){
my $startDayNumber = $json->{startDayNumber};
if ( ! defined $startDayNumber ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'startDayNumber is missing.',
},
status => 400,); #Malformed request
}
elsif (! Scalar::Util::looks_like_number($startDayNumber)){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'startDayNumber does not look like a number.',
},
status => 400,); #Malformed request
}
my $startMonthNumber = $json->{startMonthNumber};
if ( ! defined $startMonthNumber ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'startMonthNumber is missing.',
},
status => 400,); #Malformed request
}
elsif (! Scalar::Util::looks_like_number($startMonthNumber)){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'startMonthNumber does not look like a number.',
},
status => 400,); #Malformed request
}
my $startYear = $json->{startYear};
if ( ! defined $startYear ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'startYear is missing.',
},
status => 400,); #Malformed request
}
elsif (! Scalar::Util::looks_like_number($startYear)){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'startYear does not look like a number.',
},
status => 400,); #Malformed request
}
try
{
$startDateTime = DateTime->new(
year => $startYear,
month => $startMonthNumber,
day => $startDayNumber,
);
}
catch
{
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'start date is invalid.',
},
status => 400,); #Malformed request
};
my $endDayNumber = $json->{endDayNumber};
if ( ! defined $endDayNumber ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'endDayNumber is missing.',
},
status => 400,); #Malformed request
}
elsif (! Scalar::Util::looks_like_number($endDayNumber)){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'endDayNumber does not look like a number.',
},
status => 400,); #Malformed request
}
my $endMonthNumber = $json->{endMonthNumber};
if ( ! defined $endMonthNumber ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'endMonthNumber is missing.',
},
status => 400,); #Malformed request
}
elsif (! Scalar::Util::looks_like_number($endMonthNumber)){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'endMonthNumber does not look like a number.',
},
status => 400,); #Malformed request
}
my $endYear = $json->{endYear};
if ( ! defined $endYear ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'endYear is missing.',
},
status => 400,); #Malformed request
}
elsif (! Scalar::Util::looks_like_number($endYear)){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'endYear does not look like a number.',
},
status => 400,); #Malformed request
}
try
{
$endDateTime = DateTime->new(
year => $endYear,
month => $endMonthNumber,
day => $endDayNumber,
);
}
catch
{
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'end date is invalid.',
},
status => 400,); #Malformed request
};
}
else{
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'retrieveType can only be 1 or 2.',
},
status => 400,); #Malformed request
}
$endDateTime->add(days => 1);
my $startEpoch = $startDateTime->epoch();
my $endEpoch = $endDateTime->epoch();
$self->app->log->debug( "startEpoch: " . Dumper($startEpoch));
$self->app->log->debug( "endEpoch: " . Dumper($endEpoch));
my $dataSpend = {};
my $statementSelectPendingTrans = $self->db->prepare("SELECT TimeDateSubmitted, ValueMicroCurrency FROM Transactions WHERE BuyerUserId_FK = ? AND ? <= TimeDateSubmitted AND TimeDateSubmitted < ? ORDER BY TimeDateSubmitted ASC");
$statementSelectPendingTrans->execute($userId, $startEpoch, $endEpoch);
#We assume "microCurrencySum" is always more than 0 due to database and input constraints in "/upload".
sub add_value_to_hash {
my ($self, $microCurrencySum, $dateTimePreviousState, $dataSpend) = @_;
#if ($microCurrencySum != 0) {
my $year = $dateTimePreviousState->year();
my $month = $dateTimePreviousState->month();
my $day = $dateTimePreviousState->day();
$dataSpend->{$year}{$month}{$day} = $microCurrencySum;
#}
}
if (my ($timeDateSubmitted, $valueMicroCurrency) = $statementSelectPendingTrans->fetchrow_array()) {
my $dateTimeTruncator = DateTime->from_epoch(epoch => $timeDateSubmitted);
$dateTimeTruncator->truncate( to => 'day');
#Set to 0 then add the current value like the else block.
my $microCurrencySum = $valueMicroCurrency;
#Set to the first row time
my $dateTimePreviousState = $dateTimeTruncator;
while (my ($timeDateSubmitted, $valueMicroCurrency) = $statementSelectPendingTrans->fetchrow_array()) {
$dateTimeTruncator = DateTime->from_epoch(epoch => $timeDateSubmitted);
$dateTimeTruncator->truncate( to => 'day');
if (DateTime->compare($dateTimePreviousState, $dateTimeTruncator) != 0 ){
add_value_to_hash($self, $microCurrencySum, $dateTimePreviousState, $dataSpend);
$microCurrencySum = $valueMicroCurrency; #Reset to 0 then add the current value like the else block.
$dateTimePreviousState = $dateTimeTruncator;
}
else{
$microCurrencySum += $valueMicroCurrency; #Same day to keep adding the values.
}
}
add_value_to_hash($self, $microCurrencySum, $dateTimePreviousState, $dataSpend);
}
$self->app->log->debug('Path Success: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
microCurencySpent => $dataSpend,
success => Mojo::JSON->true,
},
status => 200,);
}
1;