ishapi 0.1.8.129 → 0.1.8.134

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2c0b6b1aeabd082f27b34f7d4947428c1d0738ca7d4baf6fe1a65befa28992dc
-  data.tar.gz: 4ee33c1cc3e39c94089935ec2d428cf3b383c4203ac9a701624f6a7c3798e529
+  metadata.gz: a9055c8aee254cef203fa0ba8a7c82fd98d7c4b66870342d2286201ef7613dbd
+  data.tar.gz: eee54217f1e118989c390a1e7b73c49284f441504f661f1d4b189da385436720
 SHA512:
-  metadata.gz: a2bdc4fc9261d862f3f2a7f3490faa7cc371279d63d1f17224e580600670947ef5443597295f821d7fb3771090fb240ed2f02d46a3f555fab53fba004c8da265
-  data.tar.gz: 54ca700036230f0adc0070473b75d9d5761850285c1f07a78fd83ef8e91a6bdd6589e0bd83c6fd038dd0d7f09af99430a511dde64409ec60eb523036297458a3
+  metadata.gz: 38e5d8e9948fd4c50e4df5045e1a3e8c2e8789b45b6f8697cd7f8b6d966cf48f59869ea73399e596e75457eeca9ea351d0f488e0e8bb9ee6029f0001829e3ca9
+  data.tar.gz: 0e633543d607411b971a437d9ad7f28f603a54754ff667ded394ac046fa9b2b64e4bdb2c0b1a1ae2ff1a8f13f6dc53ee0c284cd8148f7dbe0ba6acae1170bdfb

data/app/controllers/ishapi/application_controller.rb

@@ -7,7 +7,7 @@ module Ishapi
 
     # before_action :check_profile, except: [ :test ]
     before_action :set_current_ability
-    
+
     check_authorization
     skip_before_action :verify_authenticity_token
 
@@ -22,13 +22,32 @@ module Ishapi
 
       params['domain'] = 'tgm.piousbox.com'
 
-      response = HTTParty.get "https://graph.facebook.com/v5.0/oauth/access_token?grant_type=fb_exchange_token&" +
+      response = ::HTTParty.get "https://graph.facebook.com/v5.0/oauth/access_token?grant_type=fb_exchange_token&" +
         "client_id=#{FB[params['domain']][:app]}&client_secret=#{FB[params['domain']][:secret]}&" +
         "fb_exchange_token=#{accessToken}"
       j = JSON.parse response.body
-      @long_term_token = j['access_token']
+      @long_term_token  = j['access_token']
+      @graph            = Koala::Facebook::API.new( accessToken )
+      @me               = @graph.get_object( 'me', :fields => 'email' )
+      @current_user     = User.where( :email => @me['email'] ).first
+
+      puts! @current_user, '#long_term_token @current_user'
+
+      # send the jwt to client
+      @jwt_token = encode(user_id: @current_user.id.to_s)
 
-      render json: { long_term_token: @long_term_token }
+      render json: {
+        email: @current_user.email,
+        jwt_token: @jwt_token,
+        long_term_token: @long_term_token,
+        n_unlocks: @current_user.profile.n_unlocks,
+      }
+    end
+
+    def home
+      authorize! :welcome_home, Ishapi
+      render :json => { :status => :ok, :message => 'Ishapi::ApiController.home',
+                        :n_reports => Report.count, :n_cities => City.count }
     end
 
     #
@@ -63,7 +82,6 @@ module Ishapi
     ## Does not crap out if accessToken is missing
     def soft_check_long_term_token
       check_long_term_token soft=true
-      # puts! @profile, 'soft_check_long_term_token() profile'
     end
 
     def check_multiprofile provider = 'google'
@@ -75,9 +93,9 @@ module Ishapi
         # puts! result, 'googleauth result'
 
         decoded_token = JWT.decode params[:idToken], nil, false
-        
+
         @current_user = User.find_by email: decoded_token[0]['email']
-        
+
       elsif 'facebook' == provider
         # accessToken ||= params[:fb_long_access_token]
 
@@ -101,7 +119,7 @@ module Ishapi
           @current_user     = User.where( :email => @me['email'] ).first
           @current_user   ||= User.create! email: @me['email'], password: SecureRandom.urlsafe_base64
 
-          @current_profile = @current_user.profile          
+          @current_profile = @current_user.profile
           if !@current_profile
             begin
               g = Gallery.find '5e1495e2d697f768ad0779eb'
@@ -120,25 +138,50 @@ module Ishapi
 
         puts! @current_user, 'current_user'
         puts! @current_profile, 'current_profile'
-        # byebug
+
+      elsif 'jwt' == provider
+        begin
+          decoded = decode(params[:jwt_token])
+        rescue JWT::ExpiredSignature
+          # @TODO: refactor [ref-5]
+          @current_user = User.new profile: Profile.new
+          sign_in @current_user, scope: :user
+          set_current_ability
+          return
+        end
+        @current_user = User.find decoded['user_id']
+
       else
         puts! 'check_multiprofile(): no access token'
+        raise "ww1 - not implemented"
       end
 
+      # @TODO: refactor [ref-5]
       sign_in @current_user, scope: :user
       set_current_ability
     end
 
+    # same as check_profile but doesn't error out when jwt_token is missing
+    def check_profile_optionally
+      if !params[:jwt_token]
+        @current_user = User.new profile: Profile.new
+      else
+        check_profile
+      end
+    end
+
     # this doesn't generate long-lived token, doesn't update user_profile
-    # this is only for facebook now
     def check_profile
+      puts! params, 'params'
+
       # return check_multiprofile 'google'
-      return check_multiprofile 'facebook'
+      # return check_multiprofile 'facebook'
+      return check_multiprofile 'jwt'
 
       # puts! params, 'params'
       # puts! current_user, 'current_user'
       # puts! @current_user, '@current_user'
-      
+
       accessToken   = request.headers[:accessToken]
       accessToken ||= params[:fb_long_access_token]
       accessToken ||= params[:accessToken]
@@ -201,7 +244,7 @@ module Ishapi
       @current_order   = @current_profile.current_order
       # orders.where( :submitted_at => nil ).first || ::CoTailors::Order.new( :profile_id => @current_profile.id )
     end
-    
+
     def get_long_token accessToken
       url = "https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&" +
             "client_id=#{FB[params['domain']][:app]}&client_secret=#{FB[params['domain']][:secret]}&fb_exchange_token=#{accessToken}"
@@ -221,5 +264,17 @@ module Ishapi
       puts a.inspect
     end
 
+    # jwt
+    def encode(payload, exp = 2.hours.from_now)
+      payload[:exp] = exp.to_i
+      JWT.encode(payload, Rails.application.secrets.secret_key_base.to_s)
+    end
+
+    # jwt
+    def decode(token)
+      decoded = JWT.decode(token, Rails.application.secrets.secret_key_base.to_s)[0]
+      HashWithIndifferentAccess.new decoded
+    end
+
   end
 end

data/app/controllers/ishapi/gameui_controller.rb

@@ -21,7 +21,7 @@ module Ishapi
         :amount => params[:amount],
         :currency => 'usd',
         :source => params[:stripeToken],
-        :destination => { 
+        :destination => {
           :account => acct,
         }
       )
@@ -46,7 +46,7 @@ module Ishapi
     def do_purchase
       authorize! :do_purchase, ::Gameui
       item = params[:className].constantize.find_by_slug( params[:slug] )
-      
+
       raise 'no such item'     if !item
       raise 'too little funds' if @profile.n_stars < item.premium_tier
 

data/app/controllers/ishapi/my/my_controller.rb

@@ -3,10 +3,28 @@ module Ishapi
   module My
     class MyController < Ishapi::ApplicationController
 
-      before_action :set_profile
+      # before_action :set_profile # this is DoS on FB - disabled
+      # before_action :do_login
+      before_action :check_profile
+
+      def account
+        puts! params, 'my account'
+
+        @profile = current_user.profile
+        authorize! :show, @profile
+      end
+
 
       private
 
+      def do_login
+        puts! params, 'params'
+
+        token = decode(params[:jwtToken])
+        puts! token, 'token'
+        @current_user = User.find(token["user_id"])
+      end
+
       def set_profile
         begin
           @graph   = Koala::Facebook::API.new( params[:accessToken] )

data/app/controllers/ishapi/my/videos_controller.rb

@@ -0,0 +1,14 @@
+
+module Ishapi
+  module My
+    class VideosController < Ishapi::My::MyController
+
+      def index
+        authorize! :my_index, Video
+        @videos = @current_user.profile.videos.unscoped.where( is_trash: false ).order_by( created_at: :desc ).limit(20)
+      end
+
+    end
+  end
+end
+

data/app/controllers/ishapi/payments_controller.rb

@@ -2,6 +2,12 @@ require_dependency "ishapi/application_controller"
 module Ishapi
   class PaymentsController < ApplicationController
 
+    before_action :check_profile, only: %i| create2 unlock |
+
+    ##
+    ## this is for invoices on wasya.co, isn't it?
+    ## 20200712
+    ##
     def create
       authorize! :open_permission, ::Ishapi
       begin
@@ -18,11 +24,10 @@ module Ishapi
           :amount => amount_cents,
           :currency => 'usd',
           :source => params[:token][:id],
-          :destination => { 
+          :destination => {
             :account => acct,
           }
         )
-        # puts! charge, 'charge'
 
         payment.charge = JSON.parse( charge.to_json )
         if payment.save
@@ -36,6 +41,73 @@ module Ishapi
       end
     end
 
+    ## This is for guyd _vp_ 20200721
+    def create2
+      authorize! :create, ::Ish::Payment
+
+      begin
+        amount_cents  = 503 # @TODO: change
+
+        ::Stripe.api_key = STRIPE_SK
+        intent = Stripe::PaymentIntent.create({
+          amount: amount_cents,
+          currency: 'usd',
+          metadata: { integration_check: "accept_a_payment" },
+        })
+
+        payment = Ish::Payment.create!(
+          client_secret: intent.client_secret,
+          email: @current_user.email,
+          payment_intent_id: intent.id,
+          profile_id: @current_user.profile.id )
+
+        render json: { client_secret: intent.client_secret }
+      rescue Mongoid::Errors::DocumentNotFound => e
+        puts! e, 'e'
+        render :status => 404, :json => e
+      end
+    end
+
+    ## webhook
+    def stripe_confirm
+      authorize! :open_permission, ::Ishapi
+      payload = request.body.read
+      event = nil
+      begin
+        event = Stripe::Event.construct_from(JSON.parse(payload, symbolize_names: true))
+      rescue StandardError => e
+        puts! e, 'e'
+        render status: 400, json: { status: :not_ok }
+        return
+      end
+
+      payment_intent = event.data.object
+
+      payment = Ish::Payment.where( payment_intent_id: payment_intent.id ).first
+      if payment && payment_intent['status'] == 'succeeded'
+        payment.update_attributes( status: :confirmed )
+        payment.profile.update_attributes!( n_unlocks: payment.profile.n_unlocks + 5 )
+      end
+
+      render status: 200, json: { status: :ok }
+    end
+
+    def unlock
+      authorize! :unlock, ::Ish::Payment
+      item = Object::const_get(params['kind']).find params['id']
+
+      existing = Purchase.where( user_profile: @current_user.profile, item: item ).first
+      if existing
+        render status: 200, json: { status: :ok, message: 'already purchased' }
+        return
+      end
+
+      @current_user.profile.update_attributes n_unlocks: @current_user.profile.n_unlocks - 1 # @TODO: the number is variable
+      purchase = ::Gameui::PremiumPurchase.create!( item: item, user_profile: @current_user.profile, )
+
+      render status: 200, json: { status: :ok }
+    end
+
   end
 end
 

data/app/controllers/ishapi/sites_controller.rb

@@ -3,6 +3,8 @@ require_dependency "ishapi/application_controller"
 module Ishapi
   class SitesController < ApplicationController
 
+    before_action :check_profile_optionally, only: %i| show |
+
     def index
       authorize! :index, ::Site
       @sites = ::Site.all
@@ -14,10 +16,9 @@ module Ishapi
       else
         domain = params[:domain]
       end
-      @site = ::Site.find_by :domain => domain, :lang => :en
+      @site = ::Site.find_by(domain: domain, lang: :en)
       authorize! :show, @site
 
-
       if @site.is_private
         if !params[:accessToken]
           render :json => { :status => :unauthorized}, :status => :unauthorized

data/app/controllers/ishapi/user_profiles_controller.rb

@@ -9,10 +9,5 @@ module Ishapi
       authorize! :show, @profile
     end
 
-    def my
-      @profile = current_user.profile
-      authorize! :show, @profile
-    end
-
   end
 end

data/app/models/ishapi/ability.rb

@@ -13,15 +13,17 @@ class Ishapi::Ability
         can :manage, :all
       end
 
+      can [ :update ], ::CoTailors::Address do |address|
+        puts [ user.inspect, address.inspect ], '+++ user in cancancan'
+        true
+      end
+
       can [ :show ], Gallery do |gallery|
         gallery.user_profile == user.profile
       end
       can [ :do_purchase ], ::Gameui
 
-      can [ :update ], ::CoTailors::Address do |address|
-        puts [ user.inspect, address.inspect ], '+++ user in cancancan'
-        true
-      end
+      can [ :create, :unlock ], ::Ish::Payment
 
       can [ :buy_stars ], ::IshModels::UserProfile
 
@@ -42,6 +44,11 @@ class Ishapi::Ability
 
     can [ :index, :show ], Event
 
+    #
+    # Ish::P
+    #
+
+
     #
     # G
     #
@@ -56,7 +63,7 @@ class Ishapi::Ability
     can [ :my_index, :show ], Report do |report|
       report.is_public
     end
-    
+
     can [ :fb_sign_in, :long_term_token, :open_permission, :welcome_home ], Ishapi
 
     can [ :index, :show ], Site
@@ -66,11 +73,14 @@ class Ishapi::Ability
       tag.is_public
     end
 
+    #
+    # V
+    #
     can [ :index ], Venue
     can [ :show ], Venue do |venue|
       venue.is_public
     end
-    can [ :index ], Video
+    can [ :index, :my_index ], Video
     can [ :show ], Video do |video|
       video.is_public
     end

data/app/views/ishapi/galleries/show.jbuilder

@@ -5,10 +5,8 @@
 this_key = [ @gallery, params.permit! ]
 json.cache! this_key do
   json.gallery do
-    json.partial! 'ishapi/galleries/show', gallery: @gallery   
-    json.partial! 'ishapi/photos/index', :photos => @gallery.photos 
-
     json.partial! 'ishapi/application/meta', item: @gallery
+    json.partial! 'ishapi/galleries/show', gallery: @gallery
   end
 end
 

data/app/views/ishapi/{user_profiles/my.jbuilder → my/my/account.jbuilder}

@@ -8,6 +8,8 @@ json.n_galleries @profile.galleries.count
 json.n_videos    @profile.videos.count
 json.n_stars     @profile.n_stars
 
+json.n_unlocks @profile.n_unlocks
+
 if @profile.current_city
   json.current_city @profile.current_city
 end

data/app/views/ishapi/my/videos/index.jbuilder

@@ -0,0 +1,9 @@
+
+json.videos(@videos) do |video|
+  json.created_at video.created_at
+  json.id         video.id.to_s
+  json.name       video.name
+  json.thumb_url  video.thumb
+  json.video_url  video.video
+end
+

data/app/views/ishapi/newsitems/_index.jbuilder

@@ -10,7 +10,7 @@ json.newsitems do
     json.name        item.name
     json.created_at  item.created_at
     json.updated_at  item.updated_at
-    
+
     if item.gallery
       json.item_type    'gallery'
       json.name         item.gallery.name
@@ -39,7 +39,7 @@ json.newsitems do
       json.username   item.report.user_profile.name if item.report.user_profile
 
       if item.report.photo
-        json.photo_s169_url item.report.photo.photo.url( :s169 ) 
+        json.photo_s169_url item.report.photo.photo.url( :s169 )
         json.photo_thumb2_url item.report.photo.photo.url( :thumb2 )
       end
 
@@ -51,7 +51,7 @@ json.newsitems do
         json.is_purchased current_user.profile.has_premium_purchase( item.report )
       end
     end
-    
+
     if item.video_id
       json.partial! 'ishapi/videos/show', :video => Video.unscoped.find( item.video_id )
     end
@@ -60,6 +60,6 @@ json.newsitems do
       json.item_type 'photo'
       json.partial! 'ishapi/photos/index', :photos => [ item.photo ]
     end
-    
+
   end
 end

data/app/views/ishapi/photos/_index.jbuilder

@@ -1,6 +1,7 @@
 
 #
 # ishapi / photos / _index
+# @deprecated, ishapi / galleries / _show is preferred
 #
 
 json.photos do

data/app/views/ishapi/sites/show.jbuilder

@@ -1,4 +1,4 @@
- 
+
 #
 # ishapi / sites / show
 #
@@ -22,7 +22,7 @@ json.cache! key do
   json.partial! 'ishapi/newsitems/index', :newsitems => @newsitems,     :resource => @site
   json.partial! 'ishapi/reports/index',   :reports   => @reports,       :resource => @site
   json.partial! 'ishapi/videos/index',    :videos    => @site.videos
-  
+
   json.feature_tags do
     json.array! @feature_tags do |feature_tag|
       json.partial! 'ishapi/tags/widget', :tag => feature_tag

data/config/routes.rb

@@ -1,13 +1,13 @@
 Ishapi::Engine.routes.draw do
-  root :to => 'api#home'
-  post 'home', :to => 'api#home'
+  root :to => 'application#home'
+  post 'home', :to => 'application#home'
 
   resources :addresses
 
   get 'cities',                :to => 'cities#index'
   get 'cities/view/:cityname', :to => 'cities#show'
   get 'cities/features',       :to => 'cities#features'
- 
+
   post 'co_tailors/orders',                 :to => 'orders#create'
   post 'co_tailors/order_items',            :to => 'order_items#create'
   post 'co_tailors/measurements',           :to => 'measurements#update'
@@ -15,8 +15,6 @@ Ishapi::Engine.routes.draw do
   namespace :co_tailors do
   end
 
-  post 'do_purchase', to: 'gameui#do_purchase'
-  
   get 'events/view/:eventname',      :to => 'events#show'
 
   get  'galleries',                   :to => 'galleries#index'
@@ -29,15 +27,20 @@ Ishapi::Engine.routes.draw do
   get 'maps', to: 'maps#index'
   get 'maps/view/:slug', to: 'maps#show'
   get 'markers/view/:slug', to: 'maps#show_marker'
-
-  get 'my/newsitems', to: 'newsitems#index'
-  get 'my/account',   to: 'user_profiles#my'
+  get "/my/account", to: "my/my#account"
   namespace :my do
-    # post 'reports', :to => 'reports#index'
-    get  'reports', :to => 'reports#index'
+    get 'newsitems', to: 'newsitems#index'
+    get  'reports',  to: 'reports#index'
+    get  'videos',   to: 'videos#index'
+    post 'videos',   to: 'videos#index'
   end
-  
+
+  post 'do_purchase', to: 'gameui#do_purchase' # @TODO: rename to just purchase, or destroy endpoint
   post 'payments', :to => 'payments#create'
+  post 'payments2', :to => 'payments#create2' # @TODO: change
+  get  'payments2', to: 'payments#create2'
+  post 'payments/unlock', to: 'payments#unlock' # do_purchase
+  post  'stripe_confirm', to: 'payments#stripe_confirm' # @TODO: test-drive
 
   get 'profiles/view/:username', :to => 'user_profiles#show'
 
@@ -64,7 +67,7 @@ Ishapi::Engine.routes.draw do
 
   get 'venues', :to => 'venues#index'
   get 'venues/view/:venuename', :to => 'venues#show'
- 
+
   resources :videos
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ishapi
 version: !ruby/object:Gem::Version
-  version: 0.1.8.129
+  version: 0.1.8.134
 platform: ruby
 authors:
 - piousbox
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-03-31 00:00:00.000000000 Z
+date: 2020-12-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -195,7 +195,6 @@ files:
 - app/assets/stylesheets/ishapi/articles.css
 - app/assets/stylesheets/scaffold.css
 - app/controllers/ishapi/addresses_controller.rb
-- app/controllers/ishapi/api_controller.rb
 - app/controllers/ishapi/application_controller.rb
 - app/controllers/ishapi/articles_controller.rb
 - app/controllers/ishapi/cities_controller.rb
@@ -207,6 +206,7 @@ files:
 - app/controllers/ishapi/measurements_controller.rb
 - app/controllers/ishapi/my/my_controller.rb
 - app/controllers/ishapi/my/reports_controller.rb
+- app/controllers/ishapi/my/videos_controller.rb
 - app/controllers/ishapi/newsitems_controller.rb
 - app/controllers/ishapi/order_items_controller.rb
 - app/controllers/ishapi/orders_controller.rb
@@ -248,6 +248,8 @@ files:
 - app/views/ishapi/maps/index.jbuilder
 - app/views/ishapi/maps/show.jbuilder
 - app/views/ishapi/measurements/_show.jbuilder
+- app/views/ishapi/my/my/account.jbuilder
+- app/views/ishapi/my/videos/index.jbuilder
 - app/views/ishapi/newsitems/_index.jbuilder
 - app/views/ishapi/newsitems/index.jbuilder
 - app/views/ishapi/orders/_item.jbuilder
@@ -263,7 +265,6 @@ files:
 - app/views/ishapi/tags/_widget.jbuilder
 - app/views/ishapi/tags/index.jbuilder
 - app/views/ishapi/tags/show.jbuilder
-- app/views/ishapi/user_profiles/my.jbuilder
 - app/views/ishapi/user_profiles/show.jbuilder
 - app/views/ishapi/users/_index.jbuilder
 - app/views/ishapi/users/show.jbuilder
@@ -282,7 +283,7 @@ homepage: http://wasya.co
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -298,7 +299,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.0.6
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Summary of Ishapi.
 test_files: []

data/app/controllers/ishapi/api_controller.rb

@@ -1,13 +0,0 @@
-require_dependency "ishapi/application_controller"
-
-module Ishapi
-  class ApiController < UnrestrictedController
-
-    def home
-      authorize! :welcome_home, Ishapi
-      render :json => { :status => :ok, :message => 'Ishapi::ApiController.home', 
-                        :n_reports => Report.count, :n_cities => City.count }
-    end
-
-  end
-end