ishapi 0.1.8.140 → 0.1.8.144
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/ishapi/application_controller.rb +15 -220
- data/app/controllers/ishapi/application_controller.rb-trash +275 -0
- data/app/controllers/ishapi/galleries_controller.rb +1 -1
- data/app/controllers/ishapi/maps_controller.rb +3 -2
- data/app/controllers/ishapi/payments_controller.rb +2 -0
- data/app/controllers/ishapi/sites_controller.rb +13 -5
- data/app/views/ishapi/galleries/show_premium_locked.jbuilder +2 -2
- data/app/views/ishapi/sites/show.jbuilder +2 -0
- data/config/routes.rb +2 -1
- metadata +7 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 78d87ab29d37b99e613e97cb9376043d53468c74ba0de032735b5a47cec00a4a
|
|
4
|
+
data.tar.gz: e07cf3e9131ce52984b65da5af9f5982a18df240f62a86ece8d2dd2f04189196
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0fbdb5a6e57abd62eb26a7d03926807fbe2409ccb4fcd2b7febc60de417418746d07dfc3b2403fdc7e9deb5d80033b0699395e6f62de84af6126e7276c0babbb
|
|
7
|
+
data.tar.gz: ff7c42db5da1b75a4dc75206f73d2a78353e3cb0bec30dbed328719c8874fa2f911621bb95c58bd4b905873fd4c79821ccd103041160cad124eb1bec7ff1ede3
|
|
@@ -1,16 +1,7 @@
|
|
|
1
1
|
module Ishapi
|
|
2
2
|
class ApplicationController < ActionController::Base
|
|
3
|
-
after_action :append_long_term_token, except: [ :long_term_token, :test ]
|
|
4
|
-
|
|
5
|
-
protect_from_forgery :prepend => true, :with => :exception
|
|
6
|
-
layout :false
|
|
7
|
-
|
|
8
|
-
check_authorization except: [ :long_term_token ]
|
|
9
|
-
skip_before_action :verify_authenticity_token
|
|
10
|
-
|
|
11
|
-
def test
|
|
12
|
-
end
|
|
13
3
|
|
|
4
|
+
## POST /api/users/long_term_token , a FB login flow
|
|
14
5
|
def long_term_token
|
|
15
6
|
accessToken = request.headers[:accessToken]
|
|
16
7
|
accessToken ||= params[:accessToken]
|
|
@@ -37,242 +28,46 @@ module Ishapi
|
|
|
37
28
|
}
|
|
38
29
|
end
|
|
39
30
|
|
|
40
|
-
def home
|
|
41
|
-
authorize! :welcome_home, Ishapi
|
|
42
|
-
render :json => { :status => :ok, :message => 'Ishapi::ApiController.home',
|
|
43
|
-
:n_reports => Report.count, :n_cities => City.count }
|
|
44
|
-
end
|
|
45
|
-
|
|
46
|
-
#
|
|
47
|
-
# private
|
|
48
|
-
#
|
|
49
31
|
private
|
|
50
32
|
|
|
51
|
-
def
|
|
52
|
-
|
|
53
|
-
response.body = JSON.parse(response.body).merge({ long_term_token: @long_term_token }).to_json
|
|
54
|
-
end
|
|
55
|
-
end
|
|
56
|
-
|
|
57
|
-
## Hard check by default; craps out if accessToken is missing
|
|
58
|
-
def check_long_term_token soft=false
|
|
59
|
-
accessToken = request.headers[:accessToken]
|
|
60
|
-
accessToken ||= params[:accessToken]
|
|
61
|
-
if accessToken
|
|
62
|
-
@graph = Koala::Facebook::API.new( accessToken )
|
|
63
|
-
@me = @graph.get_object( 'me', :fields => 'email' )
|
|
64
|
-
@current_user = User.where( :email => @me['email'] ).first
|
|
65
|
-
@profile = @current_user.profile
|
|
66
|
-
raise '98& - no profile' unless @profile
|
|
67
|
-
else
|
|
68
|
-
if soft
|
|
69
|
-
return
|
|
70
|
-
else
|
|
71
|
-
raise 'no access token'
|
|
72
|
-
end
|
|
73
|
-
end
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
## Does not crap out if accessToken is missing
|
|
77
|
-
def soft_check_long_term_token
|
|
78
|
-
check_long_term_token soft=true
|
|
79
|
-
end
|
|
80
|
-
|
|
81
|
-
def check_multiprofile provider = 'google'
|
|
82
|
-
if 'google' == provider
|
|
83
|
-
# client_secrets = ::Google::APIClient::ClientSecrets.load
|
|
84
|
-
# accessToken = params[:accessToken]
|
|
85
|
-
# authorization = ::Google::Auth.get_application_default
|
|
86
|
-
# result = authorization.apply({ accessToken: params[:accessToken] })
|
|
87
|
-
# puts! result, 'googleauth result'
|
|
88
|
-
|
|
89
|
-
decoded_token = JWT.decode params[:idToken], nil, false
|
|
90
|
-
|
|
91
|
-
@current_user = User.find_by email: decoded_token[0]['email']
|
|
92
|
-
|
|
93
|
-
elsif 'facebook' == provider
|
|
94
|
-
# accessToken ||= params[:fb_long_access_token]
|
|
95
|
-
|
|
96
|
-
accessToken = request.headers[:accessToken]
|
|
97
|
-
accessToken ||= params[:accessToken]
|
|
98
|
-
if accessToken
|
|
99
|
-
|
|
100
|
-
#
|
|
101
|
-
# long-term token
|
|
102
|
-
#
|
|
103
|
-
params['domain'] = 'tgm.piousbox.com'
|
|
104
|
-
response = HTTParty.get "https://graph.facebook.com/v5.0/oauth/access_token?grant_type=fb_exchange_token&" +
|
|
105
|
-
"client_id=#{FB[params['domain']][:app]}&client_secret=#{FB[params['domain']][:secret]}&" +
|
|
106
|
-
"fb_exchange_token=#{accessToken}"
|
|
107
|
-
j = JSON.parse response.body
|
|
108
|
-
@long_term_token = j['access_token']
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
@graph = Koala::Facebook::API.new( accessToken )
|
|
112
|
-
@me = @graph.get_object( 'me', :fields => 'email' )
|
|
113
|
-
@current_user = User.where( :email => @me['email'] ).first
|
|
114
|
-
@current_user ||= User.create! email: @me['email'], password: SecureRandom.urlsafe_base64
|
|
115
|
-
|
|
116
|
-
@current_profile = @current_user.profile
|
|
117
|
-
if !@current_profile
|
|
118
|
-
begin
|
|
119
|
-
g = Gallery.find '5e1495e2d697f768ad0779eb'
|
|
120
|
-
rescue Mongoid::Errors::DocumentNotFound => e
|
|
121
|
-
g = Gallery.create id: '5e1495e2d697f768ad0779eb'
|
|
122
|
-
end
|
|
123
|
-
@current_profile = IshModels::UserProfile.create user: @current_user, name: @me['email'], email: @me['email']
|
|
124
|
-
test_newsitem = Newsitem.new gallery_id: '5e1495e2d697f768ad0779eb'
|
|
125
|
-
@current_profile.newsitems << test_newsitem
|
|
126
|
-
@current_profile.save
|
|
127
|
-
end
|
|
128
|
-
@current_profile.update fb_long_access_token: @long_term_token
|
|
129
|
-
else
|
|
130
|
-
@current_user = current_user if Rails.env.test?
|
|
131
|
-
end
|
|
132
|
-
|
|
133
|
-
elsif 'jwt' == provider
|
|
33
|
+
def check_profile
|
|
34
|
+
begin
|
|
134
35
|
decoded = decode(params[:jwt_token])
|
|
135
36
|
@current_user = User.find decoded['user_id']
|
|
136
|
-
|
|
137
|
-
puts!
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
# @TODO: refactor [ref-5]
|
|
142
|
-
sign_in @current_user, scope: :user
|
|
143
|
-
current_ability
|
|
144
|
-
end
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
# same as check_profile but doesn't error out when jwt_token is missing or expired
|
|
149
|
-
def check_profile_optionally
|
|
150
|
-
if !params[:jwt_token]
|
|
151
|
-
@current_user = User.new profile: Profile.new
|
|
152
|
-
else
|
|
153
|
-
begin
|
|
154
|
-
check_profile
|
|
155
|
-
rescue JWT::ExpiredSignature
|
|
156
|
-
Rails.logger.info("JWT::ExpiredSignature")
|
|
157
|
-
@current_user = User.new profile: Profile.new
|
|
158
|
-
end
|
|
37
|
+
rescue JWT::ExpiredSignature, JWT::DecodeError => e
|
|
38
|
+
puts! e, 'ee1'
|
|
39
|
+
flash[:notice] = 'You arent logged in, or you have been logged out.'
|
|
40
|
+
@current_user = User.new
|
|
159
41
|
end
|
|
160
42
|
end
|
|
161
43
|
|
|
162
|
-
# this doesn't generate long-lived token, doesn't update user_profile
|
|
163
|
-
def check_profile
|
|
164
|
-
puts! params, 'params'
|
|
165
|
-
|
|
166
|
-
# return check_multiprofile 'google'
|
|
167
|
-
# return check_multiprofile 'facebook'
|
|
168
|
-
return check_multiprofile 'jwt'
|
|
169
|
-
|
|
170
|
-
accessToken = request.headers[:accessToken]
|
|
171
|
-
accessToken ||= params[:fb_long_access_token]
|
|
172
|
-
accessToken ||= params[:accessToken]
|
|
173
|
-
if accessToken
|
|
174
|
-
@graph = Koala::Facebook::API.new( accessToken )
|
|
175
|
-
@me = @graph.get_object( 'me', :fields => 'email' )
|
|
176
|
-
@current_user = User.find_by :email => @me['email']
|
|
177
|
-
else
|
|
178
|
-
@current_user = current_user if Rails.env.test?
|
|
179
|
-
end
|
|
180
|
-
@current_profile = @current_user.profile
|
|
181
|
-
@current_order = @current_profile.current_order
|
|
182
|
-
# orders.where( :submitted_at => nil ).first || ::CoTailors::Order.create( :profile_id => @current_profile.id )
|
|
183
|
-
|
|
184
|
-
## for sedux
|
|
185
|
-
sign_in( @current_user )
|
|
186
|
-
# puts! @current_user, '@current_user 222'
|
|
187
|
-
end
|
|
188
|
-
|
|
189
|
-
def set_profile
|
|
190
|
-
accessToken = request.headers[:accessToken]
|
|
191
|
-
accessToken ||= params[:fb_long_access_token]
|
|
192
|
-
accessToken ||= params[:accessToken]
|
|
193
|
-
|
|
194
|
-
# params[:domain] ||= '_default'
|
|
195
|
-
|
|
196
|
-
if accessToken
|
|
197
|
-
begin
|
|
198
|
-
@graph = Koala::Facebook::API.new( accessToken )
|
|
199
|
-
@me = @graph.get_object( 'me', :fields => 'email' )
|
|
200
|
-
@current_user = User.find_or_create_by :email => @me['email']
|
|
201
|
-
@oauth = Koala::Facebook::OAuth.new( FB[params['domain']][:app], FB[params['domain']][:secret] )
|
|
202
|
-
get_token = get_long_token( accessToken )
|
|
203
|
-
@long_lived_token = get_token['access_token']
|
|
204
|
-
|
|
205
|
-
begin
|
|
206
|
-
@current_profile = IshModels::UserProfile.find_by :email => @me['email']
|
|
207
|
-
@current_profile.update_attributes({ :fb_access_token => @long_lived_token,
|
|
208
|
-
:fb_long_access_token => @long_lived_token,
|
|
209
|
-
:fb_expires_in => get_token['expires_in']
|
|
210
|
-
})
|
|
211
|
-
rescue Mongoid::Errors::DocumentNotFound
|
|
212
|
-
@current_profile = IshModels::UserProfile.create :user => @current_user, :email => @me['email'],
|
|
213
|
-
:fb_access_token => @long_lived_token,
|
|
214
|
-
:fb_long_access_token => @long_lived_token,
|
|
215
|
-
:fb_expires_in => get_token['expires_in'],
|
|
216
|
-
:fb_id => params[:id],
|
|
217
|
-
:name => params[:name],
|
|
218
|
-
:signed_request => params[:signedRequest]
|
|
219
|
-
end
|
|
220
|
-
@current_user.reload
|
|
221
|
-
rescue Koala::Facebook::AuthenticationError => e
|
|
222
|
-
render :json => { :status => :not_ok, :errors => "Probably expired token: #{accessToken}" }
|
|
223
|
-
return
|
|
224
|
-
end
|
|
225
|
-
else
|
|
226
|
-
@current_user = current_user if Rails.env.test?
|
|
227
|
-
end
|
|
228
|
-
@current_profile = @current_user.profile
|
|
229
|
-
@current_order = @current_profile.current_order
|
|
230
|
-
# orders.where( :submitted_at => nil ).first || ::CoTailors::Order.new( :profile_id => @current_profile.id )
|
|
231
|
-
end
|
|
232
|
-
|
|
233
|
-
def get_long_token accessToken
|
|
234
|
-
url = "https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&" +
|
|
235
|
-
"client_id=#{FB[params['domain']][:app]}&client_secret=#{FB[params['domain']][:secret]}&fb_exchange_token=#{accessToken}"
|
|
236
|
-
result = HTTParty.get url
|
|
237
|
-
token = JSON.parse result.body
|
|
238
|
-
return token # ['access_token']
|
|
239
|
-
end
|
|
240
|
-
|
|
241
|
-
def current_ability
|
|
242
|
-
@current_user ||= User.new({ profile: ::IshModels::UserProfile.new })
|
|
243
|
-
@current_ability ||= Ishapi::Ability.new( @current_user )
|
|
244
|
-
end
|
|
245
|
-
|
|
246
|
-
def puts! a, b=''
|
|
247
|
-
puts "+++ +++ #{b}"
|
|
248
|
-
puts a.inspect
|
|
249
|
-
end
|
|
250
|
-
|
|
251
44
|
# jwt
|
|
252
45
|
def check_jwt
|
|
253
46
|
begin
|
|
254
47
|
decoded = decode(params[:jwt_token])
|
|
255
|
-
puts! decoded, 'decoded'
|
|
256
48
|
@current_user = User.find decoded['user_id']
|
|
257
49
|
rescue JWT::ExpiredSignature
|
|
258
50
|
Rails.logger.info("JWT::ExpiredSignature")
|
|
259
51
|
rescue JWT::DecodeError
|
|
260
52
|
Rails.logger.info("JWT::DecodeError")
|
|
261
53
|
end
|
|
262
|
-
@current_user ||= User.new
|
|
263
54
|
current_ability
|
|
264
55
|
end
|
|
265
56
|
|
|
57
|
+
# jwt
|
|
58
|
+
def decode(token)
|
|
59
|
+
decoded = JWT.decode(token, Rails.application.secrets.secret_key_base.to_s)[0]
|
|
60
|
+
HashWithIndifferentAccess.new decoded
|
|
61
|
+
end
|
|
62
|
+
|
|
266
63
|
# jwt
|
|
267
64
|
def encode(payload, exp = 2.hours.from_now)
|
|
268
65
|
payload[:exp] = exp.to_i
|
|
269
66
|
JWT.encode(payload, Rails.application.secrets.secret_key_base.to_s)
|
|
270
67
|
end
|
|
271
68
|
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
decoded = JWT.decode(token, Rails.application.secrets.secret_key_base.to_s)[0]
|
|
275
|
-
HashWithIndifferentAccess.new decoded
|
|
69
|
+
def current_ability
|
|
70
|
+
@current_ability ||= Ishapi::Ability.new( current_user )
|
|
276
71
|
end
|
|
277
72
|
|
|
278
73
|
end
|
|
@@ -0,0 +1,275 @@
|
|
|
1
|
+
module Ishapi
|
|
2
|
+
class ApplicationController < ActionController::Base
|
|
3
|
+
after_action :append_long_term_token, except: [ :long_term_token, :test ]
|
|
4
|
+
|
|
5
|
+
protect_from_forgery :prepend => true, :with => :exception
|
|
6
|
+
layout :false
|
|
7
|
+
|
|
8
|
+
check_authorization except: [ :long_term_token ]
|
|
9
|
+
skip_before_action :verify_authenticity_token
|
|
10
|
+
|
|
11
|
+
def test
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def long_term_token
|
|
15
|
+
accessToken = request.headers[:accessToken]
|
|
16
|
+
accessToken ||= params[:accessToken]
|
|
17
|
+
|
|
18
|
+
params['domain'] = 'tgm.piousbox.com'
|
|
19
|
+
|
|
20
|
+
response = ::HTTParty.get "https://graph.facebook.com/v5.0/oauth/access_token?grant_type=fb_exchange_token&" +
|
|
21
|
+
"client_id=#{FB[params['domain']][:app]}&client_secret=#{FB[params['domain']][:secret]}&" +
|
|
22
|
+
"fb_exchange_token=#{accessToken}"
|
|
23
|
+
j = JSON.parse response.body
|
|
24
|
+
@long_term_token = j['access_token']
|
|
25
|
+
@graph = Koala::Facebook::API.new( accessToken )
|
|
26
|
+
@me = @graph.get_object( 'me', :fields => 'email' )
|
|
27
|
+
@current_user = User.where( :email => @me['email'] ).first
|
|
28
|
+
|
|
29
|
+
# send the jwt to client
|
|
30
|
+
@jwt_token = encode(user_id: @current_user.id.to_s)
|
|
31
|
+
|
|
32
|
+
render json: {
|
|
33
|
+
email: @current_user.email,
|
|
34
|
+
jwt_token: @jwt_token,
|
|
35
|
+
long_term_token: @long_term_token,
|
|
36
|
+
n_unlocks: @current_user.profile.n_unlocks,
|
|
37
|
+
}
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def home
|
|
41
|
+
authorize! :welcome_home, Ishapi
|
|
42
|
+
render :json => { :status => :ok, :message => 'Ishapi::ApiController.home',
|
|
43
|
+
:n_reports => Report.count, :n_cities => City.count }
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
#
|
|
47
|
+
# private
|
|
48
|
+
#
|
|
49
|
+
private
|
|
50
|
+
|
|
51
|
+
def append_long_term_token
|
|
52
|
+
if @long_term_token
|
|
53
|
+
response.body = JSON.parse(response.body).merge({ long_term_token: @long_term_token }).to_json
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
## Hard check by default; craps out if accessToken is missing
|
|
58
|
+
def check_long_term_token soft=false
|
|
59
|
+
accessToken = request.headers[:accessToken]
|
|
60
|
+
accessToken ||= params[:accessToken]
|
|
61
|
+
if accessToken
|
|
62
|
+
@graph = Koala::Facebook::API.new( accessToken )
|
|
63
|
+
@me = @graph.get_object( 'me', :fields => 'email' )
|
|
64
|
+
@current_user = User.where( :email => @me['email'] ).first
|
|
65
|
+
@profile = @current_user.profile
|
|
66
|
+
raise '98& - no profile' unless @profile
|
|
67
|
+
else
|
|
68
|
+
if soft
|
|
69
|
+
return
|
|
70
|
+
else
|
|
71
|
+
raise 'no access token'
|
|
72
|
+
end
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
## Does not crap out if accessToken is missing
|
|
77
|
+
def soft_check_long_term_token
|
|
78
|
+
check_long_term_token soft=true
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
def check_multiprofile provider = 'google'
|
|
82
|
+
if 'google' == provider
|
|
83
|
+
# client_secrets = ::Google::APIClient::ClientSecrets.load
|
|
84
|
+
# accessToken = params[:accessToken]
|
|
85
|
+
# authorization = ::Google::Auth.get_application_default
|
|
86
|
+
# result = authorization.apply({ accessToken: params[:accessToken] })
|
|
87
|
+
# puts! result, 'googleauth result'
|
|
88
|
+
|
|
89
|
+
decoded_token = JWT.decode params[:idToken], nil, false
|
|
90
|
+
|
|
91
|
+
@current_user = User.find_by email: decoded_token[0]['email']
|
|
92
|
+
|
|
93
|
+
elsif 'facebook' == provider
|
|
94
|
+
# accessToken ||= params[:fb_long_access_token]
|
|
95
|
+
|
|
96
|
+
accessToken = request.headers[:accessToken]
|
|
97
|
+
accessToken ||= params[:accessToken]
|
|
98
|
+
if accessToken
|
|
99
|
+
|
|
100
|
+
#
|
|
101
|
+
# long-term token
|
|
102
|
+
#
|
|
103
|
+
params['domain'] = 'tgm.piousbox.com'
|
|
104
|
+
response = HTTParty.get "https://graph.facebook.com/v5.0/oauth/access_token?grant_type=fb_exchange_token&" +
|
|
105
|
+
"client_id=#{FB[params['domain']][:app]}&client_secret=#{FB[params['domain']][:secret]}&" +
|
|
106
|
+
"fb_exchange_token=#{accessToken}"
|
|
107
|
+
j = JSON.parse response.body
|
|
108
|
+
@long_term_token = j['access_token']
|
|
109
|
+
|
|
110
|
+
|
|
111
|
+
@graph = Koala::Facebook::API.new( accessToken )
|
|
112
|
+
@me = @graph.get_object( 'me', :fields => 'email' )
|
|
113
|
+
@current_user = User.where( :email => @me['email'] ).first
|
|
114
|
+
@current_user ||= User.create! email: @me['email'], password: SecureRandom.urlsafe_base64
|
|
115
|
+
|
|
116
|
+
@current_profile = @current_user.profile
|
|
117
|
+
if !@current_profile
|
|
118
|
+
begin
|
|
119
|
+
g = Gallery.find '5e1495e2d697f768ad0779eb'
|
|
120
|
+
rescue Mongoid::Errors::DocumentNotFound => e
|
|
121
|
+
g = Gallery.create id: '5e1495e2d697f768ad0779eb'
|
|
122
|
+
end
|
|
123
|
+
@current_profile = IshModels::UserProfile.create user: @current_user, name: @me['email'], email: @me['email']
|
|
124
|
+
test_newsitem = Newsitem.new gallery_id: '5e1495e2d697f768ad0779eb'
|
|
125
|
+
@current_profile.newsitems << test_newsitem
|
|
126
|
+
@current_profile.save
|
|
127
|
+
end
|
|
128
|
+
@current_profile.update fb_long_access_token: @long_term_token
|
|
129
|
+
else
|
|
130
|
+
@current_user = current_user if Rails.env.test?
|
|
131
|
+
end
|
|
132
|
+
|
|
133
|
+
elsif 'jwt' == provider
|
|
134
|
+
decoded = decode(params[:jwt_token])
|
|
135
|
+
@current_user = User.find decoded['user_id']
|
|
136
|
+
puts! @current_user, '@current_user from decoded'
|
|
137
|
+
else
|
|
138
|
+
raise "ww1 - not implemented"
|
|
139
|
+
end
|
|
140
|
+
|
|
141
|
+
sign_in @current_user, scope: :user
|
|
142
|
+
puts! current_user, 'did I sign in?'
|
|
143
|
+
current_ability
|
|
144
|
+
end
|
|
145
|
+
|
|
146
|
+
|
|
147
|
+
|
|
148
|
+
# same as check_profile but doesn't error out when jwt_token is missing or expired
|
|
149
|
+
def check_profile_optionally
|
|
150
|
+
if !params[:jwt_token]
|
|
151
|
+
# @current_user = User.new profile: Profile.new
|
|
152
|
+
else
|
|
153
|
+
begin
|
|
154
|
+
check_profile
|
|
155
|
+
rescue JWT::ExpiredSignature
|
|
156
|
+
Rails.logger.info("JWT::ExpiredSignature")
|
|
157
|
+
# @current_user = User.new profile: Profile.new
|
|
158
|
+
end
|
|
159
|
+
end
|
|
160
|
+
end
|
|
161
|
+
|
|
162
|
+
# this doesn't generate long-lived token, doesn't update user_profile
|
|
163
|
+
def check_profile
|
|
164
|
+
# return check_multiprofile 'google'
|
|
165
|
+
# return check_multiprofile 'facebook'
|
|
166
|
+
return check_multiprofile 'jwt'
|
|
167
|
+
|
|
168
|
+
accessToken = request.headers[:accessToken]
|
|
169
|
+
accessToken ||= params[:fb_long_access_token]
|
|
170
|
+
accessToken ||= params[:accessToken]
|
|
171
|
+
if accessToken
|
|
172
|
+
@graph = Koala::Facebook::API.new( accessToken )
|
|
173
|
+
@me = @graph.get_object( 'me', :fields => 'email' )
|
|
174
|
+
@current_user = User.find_by :email => @me['email']
|
|
175
|
+
else
|
|
176
|
+
@current_user = current_user if Rails.env.test?
|
|
177
|
+
end
|
|
178
|
+
@current_profile = @current_user.profile
|
|
179
|
+
@current_order = @current_profile.current_order
|
|
180
|
+
# orders.where( :submitted_at => nil ).first || ::CoTailors::Order.create( :profile_id => @current_profile.id )
|
|
181
|
+
|
|
182
|
+
## for sedux
|
|
183
|
+
sign_in( @current_user )
|
|
184
|
+
end
|
|
185
|
+
|
|
186
|
+
def set_profile
|
|
187
|
+
accessToken = request.headers[:accessToken]
|
|
188
|
+
accessToken ||= params[:fb_long_access_token]
|
|
189
|
+
accessToken ||= params[:accessToken]
|
|
190
|
+
|
|
191
|
+
# params[:domain] ||= '_default'
|
|
192
|
+
|
|
193
|
+
if accessToken
|
|
194
|
+
begin
|
|
195
|
+
@graph = Koala::Facebook::API.new( accessToken )
|
|
196
|
+
@me = @graph.get_object( 'me', :fields => 'email' )
|
|
197
|
+
@current_user = User.find_or_create_by :email => @me['email']
|
|
198
|
+
@oauth = Koala::Facebook::OAuth.new( FB[params['domain']][:app], FB[params['domain']][:secret] )
|
|
199
|
+
get_token = get_long_token( accessToken )
|
|
200
|
+
@long_lived_token = get_token['access_token']
|
|
201
|
+
|
|
202
|
+
begin
|
|
203
|
+
@current_profile = IshModels::UserProfile.find_by :email => @me['email']
|
|
204
|
+
@current_profile.update_attributes({ :fb_access_token => @long_lived_token,
|
|
205
|
+
:fb_long_access_token => @long_lived_token,
|
|
206
|
+
:fb_expires_in => get_token['expires_in']
|
|
207
|
+
})
|
|
208
|
+
rescue Mongoid::Errors::DocumentNotFound
|
|
209
|
+
@current_profile = IshModels::UserProfile.create :user => @current_user, :email => @me['email'],
|
|
210
|
+
:fb_access_token => @long_lived_token,
|
|
211
|
+
:fb_long_access_token => @long_lived_token,
|
|
212
|
+
:fb_expires_in => get_token['expires_in'],
|
|
213
|
+
:fb_id => params[:id],
|
|
214
|
+
:name => params[:name],
|
|
215
|
+
:signed_request => params[:signedRequest]
|
|
216
|
+
end
|
|
217
|
+
@current_user.reload
|
|
218
|
+
rescue Koala::Facebook::AuthenticationError => e
|
|
219
|
+
render :json => { :status => :not_ok, :errors => "Probably expired token: #{accessToken}" }
|
|
220
|
+
return
|
|
221
|
+
end
|
|
222
|
+
else
|
|
223
|
+
@current_user = current_user if Rails.env.test?
|
|
224
|
+
end
|
|
225
|
+
@current_profile = @current_user.profile
|
|
226
|
+
@current_order = @current_profile.current_order
|
|
227
|
+
# orders.where( :submitted_at => nil ).first || ::CoTailors::Order.new( :profile_id => @current_profile.id )
|
|
228
|
+
end
|
|
229
|
+
|
|
230
|
+
def get_long_token accessToken
|
|
231
|
+
url = "https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&" +
|
|
232
|
+
"client_id=#{FB[params['domain']][:app]}&client_secret=#{FB[params['domain']][:secret]}&fb_exchange_token=#{accessToken}"
|
|
233
|
+
result = HTTParty.get url
|
|
234
|
+
token = JSON.parse result.body
|
|
235
|
+
return token # ['access_token']
|
|
236
|
+
end
|
|
237
|
+
|
|
238
|
+
def current_ability
|
|
239
|
+
# @current_user ||= User.new({ profile: ::IshModels::UserProfile.new })
|
|
240
|
+
@current_ability ||= Ishapi::Ability.new( current_user )
|
|
241
|
+
end
|
|
242
|
+
|
|
243
|
+
def puts! a, b=''
|
|
244
|
+
puts "+++ +++ #{b}"
|
|
245
|
+
puts a.inspect
|
|
246
|
+
end
|
|
247
|
+
|
|
248
|
+
# jwt
|
|
249
|
+
def check_jwt
|
|
250
|
+
begin
|
|
251
|
+
decoded = decode(params[:jwt_token])
|
|
252
|
+
@current_user = User.find decoded['user_id']
|
|
253
|
+
rescue JWT::ExpiredSignature
|
|
254
|
+
Rails.logger.info("JWT::ExpiredSignature")
|
|
255
|
+
rescue JWT::DecodeError
|
|
256
|
+
Rails.logger.info("JWT::DecodeError")
|
|
257
|
+
end
|
|
258
|
+
# @current_user ||= User.new
|
|
259
|
+
current_ability
|
|
260
|
+
end
|
|
261
|
+
|
|
262
|
+
# jwt
|
|
263
|
+
def encode(payload, exp = 2.hours.from_now)
|
|
264
|
+
payload[:exp] = exp.to_i
|
|
265
|
+
JWT.encode(payload, Rails.application.secrets.secret_key_base.to_s)
|
|
266
|
+
end
|
|
267
|
+
|
|
268
|
+
# jwt
|
|
269
|
+
def decode(token)
|
|
270
|
+
decoded = JWT.decode(token, Rails.application.secrets.secret_key_base.to_s)[0]
|
|
271
|
+
HashWithIndifferentAccess.new decoded
|
|
272
|
+
end
|
|
273
|
+
|
|
274
|
+
end
|
|
275
|
+
end
|
|
@@ -24,7 +24,7 @@ module Ishapi
|
|
|
24
24
|
@gallery = ::Gallery.unscoped.find_by :galleryname => params[:galleryname]
|
|
25
25
|
authorize! :show, @gallery
|
|
26
26
|
if @gallery.premium?
|
|
27
|
-
if current_user
|
|
27
|
+
if current_user&.profile&.has_premium_purchase( @gallery )
|
|
28
28
|
render 'show_premium_unlocked'
|
|
29
29
|
else
|
|
30
30
|
render 'show_premium_locked'
|
|
@@ -2,8 +2,8 @@ require_dependency "ishapi/application_controller"
|
|
|
2
2
|
module Ishapi
|
|
3
3
|
class MapsController < ApplicationController
|
|
4
4
|
|
|
5
|
-
before_action :
|
|
6
|
-
|
|
5
|
+
before_action :check_profile, only: [ :show ]
|
|
6
|
+
|
|
7
7
|
def index
|
|
8
8
|
authorize! :index, ::Gameui::Map
|
|
9
9
|
@maps = ::Gameui::Map.all
|
|
@@ -12,6 +12,7 @@ module Ishapi
|
|
|
12
12
|
def show
|
|
13
13
|
@map = ::Gameui::Map.find_by slug: params[:slug]
|
|
14
14
|
@markers = @map.markers.where( is_active: true )
|
|
15
|
+
@newsitems = @map.newsitems
|
|
15
16
|
|
|
16
17
|
case @map.ordering_type
|
|
17
18
|
when ::Gameui::Map::ORDERING_TYPE_ALPHABETIC
|
|
@@ -96,6 +96,8 @@ module Ishapi
|
|
|
96
96
|
authorize! :unlock, ::Ish::Payment
|
|
97
97
|
item = Object::const_get(params['kind']).find params['id']
|
|
98
98
|
|
|
99
|
+
puts! params, 'unlocking...'
|
|
100
|
+
|
|
99
101
|
existing = Purchase.where( user_profile: @current_user.profile, item: item ).first
|
|
100
102
|
if existing
|
|
101
103
|
render status: 200, json: { status: :ok, message: 'already purchased' }
|
|
@@ -3,7 +3,7 @@ require_dependency "ishapi/application_controller"
|
|
|
3
3
|
module Ishapi
|
|
4
4
|
class SitesController < ApplicationController
|
|
5
5
|
|
|
6
|
-
before_action :
|
|
6
|
+
before_action :check_profile, only: %i| show |
|
|
7
7
|
|
|
8
8
|
def index
|
|
9
9
|
authorize! :index, ::Site
|
|
@@ -32,16 +32,24 @@ module Ishapi
|
|
|
32
32
|
else
|
|
33
33
|
render :json => { :status => :unauthorized}, :status => :unauthorized
|
|
34
34
|
render :status => :unauthorized
|
|
35
|
+
return
|
|
35
36
|
end
|
|
36
37
|
end
|
|
37
38
|
|
|
38
|
-
@galleries = @site.galleries.limit( 10 )
|
|
39
|
-
@newsitems = @site.newsitems.limit( @site.newsitems_per_page )
|
|
40
|
-
@reports = @site.reports.limit( 10 )
|
|
39
|
+
@galleries = @site.galleries.limit( 10 ) # @TODO: paginate
|
|
40
|
+
@newsitems = @site.newsitems.limit( @site.newsitems_per_page ) # @TODO: paginate
|
|
41
|
+
@reports = @site.reports.limit( 10 ) # @TODO: paginate
|
|
41
42
|
@langs = ::Site.where( :domain => domain ).map( &:lang )
|
|
42
43
|
@feature_tags = @site.tags.where( :is_feature => true )
|
|
43
|
-
|
|
44
44
|
end
|
|
45
45
|
|
|
46
|
+
private
|
|
47
|
+
|
|
48
|
+
# # jwt
|
|
49
|
+
# def decode(token)
|
|
50
|
+
# decoded = JWT.decode(token, Rails.application.secrets.secret_key_base.to_s)[0]
|
|
51
|
+
# HashWithIndifferentAccess.new decoded
|
|
52
|
+
# end
|
|
53
|
+
|
|
46
54
|
end
|
|
47
55
|
end
|
|
@@ -10,8 +10,8 @@ json.cache! this_key do
|
|
|
10
10
|
json.is_premium @gallery.is_premium
|
|
11
11
|
json.is_purchased false
|
|
12
12
|
|
|
13
|
-
json.partial! 'ishapi/galleries/show', gallery: @gallery
|
|
14
|
-
json.partial! 'ishapi/photos/index', :photos => [ @gallery.photos[0] ]
|
|
13
|
+
# json.partial! 'ishapi/galleries/show', gallery: @gallery
|
|
14
|
+
# json.partial! 'ishapi/photos/index', :photos => [ @gallery.photos[0] ]
|
|
15
15
|
end
|
|
16
16
|
end
|
|
17
17
|
|
|
@@ -13,6 +13,8 @@ json.cache! key do
|
|
|
13
13
|
json.subhead @site.subhead
|
|
14
14
|
json.description @site.description
|
|
15
15
|
|
|
16
|
+
json.email @current_user.email
|
|
17
|
+
|
|
16
18
|
json.is_ads_enabled @site.is_ads_enabled
|
|
17
19
|
json.play_videos_in_preview @site.play_videos_in_preview
|
|
18
20
|
json.newsitems_per_page @site.newsitems_per_page
|
data/config/routes.rb
CHANGED
|
@@ -27,7 +27,8 @@ Ishapi::Engine.routes.draw do
|
|
|
27
27
|
get 'maps', to: 'maps#index'
|
|
28
28
|
get 'maps/view/:slug', to: 'maps#show'
|
|
29
29
|
get 'markers/view/:slug', to: 'maps#show_marker'
|
|
30
|
-
get
|
|
30
|
+
get "/my/account", to: "my/my#account"
|
|
31
|
+
post "/my/account", to: "my/my#account"
|
|
31
32
|
namespace :my do
|
|
32
33
|
get 'galleries', to: 'galleries#index'
|
|
33
34
|
get 'newsitems', to: 'newsitems#index'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ishapi
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.8.
|
|
4
|
+
version: 0.1.8.144
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- piousbox
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-09-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -196,6 +196,7 @@ files:
|
|
|
196
196
|
- app/assets/stylesheets/scaffold.css
|
|
197
197
|
- app/controllers/ishapi/addresses_controller.rb
|
|
198
198
|
- app/controllers/ishapi/application_controller.rb
|
|
199
|
+
- app/controllers/ishapi/application_controller.rb-trash
|
|
199
200
|
- app/controllers/ishapi/articles_controller.rb
|
|
200
201
|
- app/controllers/ishapi/cities_controller.rb
|
|
201
202
|
- app/controllers/ishapi/events_controller.rb
|
|
@@ -284,7 +285,7 @@ homepage: http://wasya.co
|
|
|
284
285
|
licenses:
|
|
285
286
|
- MIT
|
|
286
287
|
metadata: {}
|
|
287
|
-
post_install_message:
|
|
288
|
+
post_install_message:
|
|
288
289
|
rdoc_options: []
|
|
289
290
|
require_paths:
|
|
290
291
|
- lib
|
|
@@ -299,8 +300,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
299
300
|
- !ruby/object:Gem::Version
|
|
300
301
|
version: '0'
|
|
301
302
|
requirements: []
|
|
302
|
-
rubygems_version: 3.
|
|
303
|
-
signing_key:
|
|
303
|
+
rubygems_version: 3.2.25
|
|
304
|
+
signing_key:
|
|
304
305
|
specification_version: 4
|
|
305
306
|
summary: Summary of Ishapi.
|
|
306
307
|
test_files: []
|