ishapi 0.1.8.130 → 0.1.8.131

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f5be547a2ce4023c1237cabdd8e61a65a429fcc096001ccfd5e6b8e09680b9da
-  data.tar.gz: 1819b1d0d21a61cb2a1b37d15a8c67dc63432da20c750dd7ace1db224afb4e12
+  metadata.gz: f1802659d2e8c6ce8924c5e5645314e9c235d548f967b1c98041b80c22b5daf9
+  data.tar.gz: 2fb33453eb17bae2775ea7a2b3f8988bb044d853f5df16e3ce134c77a0d1725d
 SHA512:
-  metadata.gz: 050317ad3336f122667a195d97dcaf628aa7234026986a1a47115f7a9df8b93c3a49c89fca2e067da20da233ff64dfd5c3c1dede2ccfa25ddd9074402e806faa
-  data.tar.gz: 57df13b680b3f175e8e479197dec86a7217f8be392d8a9f20941c81c0f5072a637cde9c65e10d3bd363894a8878e497b3ebb974c3775eb7c56c9f5cbb719ce65
+  metadata.gz: dc18bdfec85c2e6e3847f9936999f35a47df4e6a1bf1d791d7c1bd6cd55334ca7a0a4a10d12a1a9bf001cbcd6f0107fceb0c8ccd235717f86a254afae85c370d
+  data.tar.gz: bc6daf89813d973285525d8f8664408a1f97f7b07ab136c709f560f1de6c3627926120679bee7a42180cd9ce9707a1b34b2274ca9d27a9daa8c5702f204afe24

data/app/controllers/ishapi/application_controller.rb

@@ -7,7 +7,7 @@ module Ishapi
 
     # before_action :check_profile, except: [ :test ]
     before_action :set_current_ability
-    
+
     check_authorization
     skip_before_action :verify_authenticity_token
 
@@ -26,9 +26,19 @@ module Ishapi
         "client_id=#{FB[params['domain']][:app]}&client_secret=#{FB[params['domain']][:secret]}&" +
         "fb_exchange_token=#{accessToken}"
       j = JSON.parse response.body
+      puts! j, 'fb response'
       @long_term_token = j['access_token']
 
-      render json: { long_term_token: @long_term_token }
+      # get user email
+      @graph            = Koala::Facebook::API.new( accessToken )
+      @me               = @graph.get_object( 'me', :fields => 'email' )
+      @current_user     = User.where( :email => @me['email'] ).first
+      @profile          = @current_user.profile
+
+      # send the jwt to client
+      @jwt_token = encode(user_id: @current_user.id)
+
+      render json: { long_term_token: @long_term_token, jwt_token: @jwt_token }
     end
 
     #
@@ -75,9 +85,9 @@ module Ishapi
         # puts! result, 'googleauth result'
 
         decoded_token = JWT.decode params[:idToken], nil, false
-        
+
         @current_user = User.find_by email: decoded_token[0]['email']
-        
+
       elsif 'facebook' == provider
         # accessToken ||= params[:fb_long_access_token]
 
@@ -101,7 +111,7 @@ module Ishapi
           @current_user     = User.where( :email => @me['email'] ).first
           @current_user   ||= User.create! email: @me['email'], password: SecureRandom.urlsafe_base64
 
-          @current_profile = @current_user.profile          
+          @current_profile = @current_user.profile
           if !@current_profile
             begin
               g = Gallery.find '5e1495e2d697f768ad0779eb'
@@ -120,9 +130,15 @@ module Ishapi
 
         puts! @current_user, 'current_user'
         puts! @current_profile, 'current_profile'
-        # byebug
+
+      elsif 'jwt' == provider
+        decoded = decode(params[:jwt_token])
+        puts! decoded, 'decoded'
+        @current_user = User.find decoded[:user_id]
+
       else
         puts! 'check_multiprofile(): no access token'
+        raise "ww1 - not implemented"
       end
 
       sign_in @current_user, scope: :user
@@ -132,13 +148,16 @@ module Ishapi
     # this doesn't generate long-lived token, doesn't update user_profile
     # this is only for facebook now
     def check_profile
+      puts! params, 'params'
+
       # return check_multiprofile 'google'
-      return check_multiprofile 'facebook'
+      # return check_multiprofile 'facebook'
+      return check_multiprofile 'jwt'
 
       # puts! params, 'params'
       # puts! current_user, 'current_user'
       # puts! @current_user, '@current_user'
-      
+
       accessToken   = request.headers[:accessToken]
       accessToken ||= params[:fb_long_access_token]
       accessToken ||= params[:accessToken]
@@ -201,7 +220,7 @@ module Ishapi
       @current_order   = @current_profile.current_order
       # orders.where( :submitted_at => nil ).first || ::CoTailors::Order.new( :profile_id => @current_profile.id )
     end
-    
+
     def get_long_token accessToken
       url = "https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&" +
             "client_id=#{FB[params['domain']][:app]}&client_secret=#{FB[params['domain']][:secret]}&fb_exchange_token=#{accessToken}"
@@ -221,5 +240,17 @@ module Ishapi
       puts a.inspect
     end
 
+    # jwt
+    def encode(payload, exp = 2.hours.from_now)
+      payload[:exp] = exp.to_i
+      JWT.encode(payload, Rails.application.secrets.secret_key_base.to_s)
+    end
+
+    # jwt
+    def decode(token)
+      decoded = JWT.decode(token, Rails.application.secrets.secret_key_base.to_s)[0]
+      HashWithIndifferentAccess.new decoded
+    end
+
   end
 end

data/app/controllers/ishapi/my/my_controller.rb

@@ -3,10 +3,19 @@ module Ishapi
   module My
     class MyController < Ishapi::ApplicationController
 
-      before_action :set_profile
+      # before_action :set_profile # this is DoS on FB - disabled
+      before_action :do_login
 
       private
 
+      def do_login
+        puts! params, 'params'
+
+        token = decode(params[:jwtToken])
+        puts! token, 'token'
+        @current_user = User.find(token["user_id"])
+      end
+
       def set_profile
         begin
           @graph   = Koala::Facebook::API.new( params[:accessToken] )

data/app/controllers/ishapi/my/videos_controller.rb

@@ -0,0 +1,16 @@
+
+module Ishapi
+  module My
+    class VideosController < Ishapi::My::MyController
+
+      def index
+        authorize! :my_index, Video
+        puts! @current_user, 'current_user'
+
+        @videos = @current_user.profile.videos.unscoped.where( is_trash: false ).limit(20)
+      end
+
+    end
+  end
+end
+

data/app/controllers/ishapi/user_profiles_controller.rb

@@ -10,6 +10,8 @@ module Ishapi
     end
 
     def my
+      puts! params, 'params 233'
+
       @profile = current_user.profile
       authorize! :show, @profile
     end

data/app/models/ishapi/ability.rb

@@ -56,7 +56,7 @@ class Ishapi::Ability
     can [ :my_index, :show ], Report do |report|
       report.is_public
     end
-    
+
     can [ :fb_sign_in, :long_term_token, :open_permission, :welcome_home ], Ishapi
 
     can [ :index, :show ], Site
@@ -66,11 +66,14 @@ class Ishapi::Ability
       tag.is_public
     end
 
+    #
+    # V
+    #
     can [ :index ], Venue
     can [ :show ], Venue do |venue|
       venue.is_public
     end
-    can [ :index ], Video
+    can [ :index, :my_index ], Video
     can [ :show ], Video do |video|
       video.is_public
     end

data/app/views/ishapi/galleries/show.jbuilder

@@ -5,10 +5,8 @@
 this_key = [ @gallery, params.permit! ]
 json.cache! this_key do
   json.gallery do
-    json.partial! 'ishapi/galleries/show', gallery: @gallery   
-    json.partial! 'ishapi/photos/index', :photos => @gallery.photos 
-
     json.partial! 'ishapi/application/meta', item: @gallery
+    json.partial! 'ishapi/galleries/show', gallery: @gallery
   end
 end
 

data/app/views/ishapi/my/videos/index.jbuilder

@@ -0,0 +1,7 @@
+
+json.videos(@videos) do |video|
+  json.name      video.name
+  json.video_url     video.video
+  json.thumb_url     video.thumb
+end
+

data/app/views/ishapi/photos/_index.jbuilder

@@ -1,6 +1,7 @@
 
 #
 # ishapi / photos / _index
+# @deprecated, ishapi / galleries / _show is preferred
 #
 
 json.photos do

data/config/routes.rb

@@ -7,7 +7,7 @@ Ishapi::Engine.routes.draw do
   get 'cities',                :to => 'cities#index'
   get 'cities/view/:cityname', :to => 'cities#show'
   get 'cities/features',       :to => 'cities#features'
- 
+
   post 'co_tailors/orders',                 :to => 'orders#create'
   post 'co_tailors/order_items',            :to => 'order_items#create'
   post 'co_tailors/measurements',           :to => 'measurements#update'
@@ -16,7 +16,7 @@ Ishapi::Engine.routes.draw do
   end
 
   post 'do_purchase', to: 'gameui#do_purchase'
-  
+
   get 'events/view/:eventname',      :to => 'events#show'
 
   get  'galleries',                   :to => 'galleries#index'
@@ -35,8 +35,10 @@ Ishapi::Engine.routes.draw do
   namespace :my do
     # post 'reports', :to => 'reports#index'
     get  'reports', :to => 'reports#index'
+    get 'videos', to: 'videos#index'
+    post 'videos', to: 'videos#index'
   end
-  
+
   post 'payments', :to => 'payments#create'
 
   get 'profiles/view/:username', :to => 'user_profiles#show'
@@ -64,7 +66,7 @@ Ishapi::Engine.routes.draw do
 
   get 'venues', :to => 'venues#index'
   get 'venues/view/:venuename', :to => 'venues#show'
- 
+
   resources :videos
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ishapi
 version: !ruby/object:Gem::Version
-  version: 0.1.8.130
+  version: 0.1.8.131
 platform: ruby
 authors:
 - piousbox
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-01 00:00:00.000000000 Z
+date: 2020-07-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -207,6 +207,7 @@ files:
 - app/controllers/ishapi/measurements_controller.rb
 - app/controllers/ishapi/my/my_controller.rb
 - app/controllers/ishapi/my/reports_controller.rb
+- app/controllers/ishapi/my/videos_controller.rb
 - app/controllers/ishapi/newsitems_controller.rb
 - app/controllers/ishapi/order_items_controller.rb
 - app/controllers/ishapi/orders_controller.rb
@@ -248,6 +249,7 @@ files:
 - app/views/ishapi/maps/index.jbuilder
 - app/views/ishapi/maps/show.jbuilder
 - app/views/ishapi/measurements/_show.jbuilder
+- app/views/ishapi/my/videos/index.jbuilder
 - app/views/ishapi/newsitems/_index.jbuilder
 - app/views/ishapi/newsitems/index.jbuilder
 - app/views/ishapi/orders/_item.jbuilder