ishapi 0.1.8.142 → 0.1.8.143
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/ishapi/application_controller.rb +15 -215
- data/app/controllers/ishapi/application_controller.rb-trash +275 -0
- data/app/controllers/ishapi/maps_controller.rb +3 -2
- data/app/controllers/ishapi/payments_controller.rb +2 -0
- data/app/controllers/ishapi/sites_controller.rb +13 -5
- data/app/views/ishapi/sites/show.jbuilder +2 -0
- data/config/routes.rb +2 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 021f74439ddc6f123f3f7b33d5d444a27dab186b2ec4a522041eca80667d1e63
|
4
|
+
data.tar.gz: 5745dcdf642671f2abe7dab138edbd05955c56c05f916388df2f65edb378528d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 713eca65e6c3639a5469bce0a9b8db7d3b204f9a73e414be676ec25a0dcf9f3189d0ed09720be9dccda14533dc0040c6ed546c74649b8180626adeb68fcf4a98
|
7
|
+
data.tar.gz: 759d8ba2374e9938af198c592ad5eb174e08431146b65956f9c9d79ee8998c0d8d184da41e0606c6955c37dfcda330e55de82fd5feb6c9fa04a2914e50a5b2b7
|
@@ -1,16 +1,7 @@
|
|
1
1
|
module Ishapi
|
2
2
|
class ApplicationController < ActionController::Base
|
3
|
-
after_action :append_long_term_token, except: [ :long_term_token, :test ]
|
4
|
-
|
5
|
-
protect_from_forgery :prepend => true, :with => :exception
|
6
|
-
layout :false
|
7
|
-
|
8
|
-
check_authorization except: [ :long_term_token ]
|
9
|
-
skip_before_action :verify_authenticity_token
|
10
|
-
|
11
|
-
def test
|
12
|
-
end
|
13
3
|
|
4
|
+
## POST /api/users/long_term_token , a FB login flow
|
14
5
|
def long_term_token
|
15
6
|
accessToken = request.headers[:accessToken]
|
16
7
|
accessToken ||= params[:accessToken]
|
@@ -37,213 +28,19 @@ module Ishapi
|
|
37
28
|
}
|
38
29
|
end
|
39
30
|
|
40
|
-
def home
|
41
|
-
authorize! :welcome_home, Ishapi
|
42
|
-
render :json => { :status => :ok, :message => 'Ishapi::ApiController.home',
|
43
|
-
:n_reports => Report.count, :n_cities => City.count }
|
44
|
-
end
|
45
|
-
|
46
|
-
#
|
47
|
-
# private
|
48
|
-
#
|
49
31
|
private
|
50
32
|
|
51
|
-
def
|
52
|
-
|
53
|
-
response.body = JSON.parse(response.body).merge({ long_term_token: @long_term_token }).to_json
|
54
|
-
end
|
55
|
-
end
|
56
|
-
|
57
|
-
## Hard check by default; craps out if accessToken is missing
|
58
|
-
def check_long_term_token soft=false
|
59
|
-
accessToken = request.headers[:accessToken]
|
60
|
-
accessToken ||= params[:accessToken]
|
61
|
-
if accessToken
|
62
|
-
@graph = Koala::Facebook::API.new( accessToken )
|
63
|
-
@me = @graph.get_object( 'me', :fields => 'email' )
|
64
|
-
@current_user = User.where( :email => @me['email'] ).first
|
65
|
-
@profile = @current_user.profile
|
66
|
-
raise '98& - no profile' unless @profile
|
67
|
-
else
|
68
|
-
if soft
|
69
|
-
return
|
70
|
-
else
|
71
|
-
raise 'no access token'
|
72
|
-
end
|
73
|
-
end
|
74
|
-
end
|
75
|
-
|
76
|
-
## Does not crap out if accessToken is missing
|
77
|
-
def soft_check_long_term_token
|
78
|
-
check_long_term_token soft=true
|
79
|
-
end
|
80
|
-
|
81
|
-
def check_multiprofile provider = 'google'
|
82
|
-
if 'google' == provider
|
83
|
-
# client_secrets = ::Google::APIClient::ClientSecrets.load
|
84
|
-
# accessToken = params[:accessToken]
|
85
|
-
# authorization = ::Google::Auth.get_application_default
|
86
|
-
# result = authorization.apply({ accessToken: params[:accessToken] })
|
87
|
-
# puts! result, 'googleauth result'
|
88
|
-
|
89
|
-
decoded_token = JWT.decode params[:idToken], nil, false
|
90
|
-
|
91
|
-
@current_user = User.find_by email: decoded_token[0]['email']
|
92
|
-
|
93
|
-
elsif 'facebook' == provider
|
94
|
-
# accessToken ||= params[:fb_long_access_token]
|
95
|
-
|
96
|
-
accessToken = request.headers[:accessToken]
|
97
|
-
accessToken ||= params[:accessToken]
|
98
|
-
if accessToken
|
99
|
-
|
100
|
-
#
|
101
|
-
# long-term token
|
102
|
-
#
|
103
|
-
params['domain'] = 'tgm.piousbox.com'
|
104
|
-
response = HTTParty.get "https://graph.facebook.com/v5.0/oauth/access_token?grant_type=fb_exchange_token&" +
|
105
|
-
"client_id=#{FB[params['domain']][:app]}&client_secret=#{FB[params['domain']][:secret]}&" +
|
106
|
-
"fb_exchange_token=#{accessToken}"
|
107
|
-
j = JSON.parse response.body
|
108
|
-
@long_term_token = j['access_token']
|
109
|
-
|
110
|
-
|
111
|
-
@graph = Koala::Facebook::API.new( accessToken )
|
112
|
-
@me = @graph.get_object( 'me', :fields => 'email' )
|
113
|
-
@current_user = User.where( :email => @me['email'] ).first
|
114
|
-
@current_user ||= User.create! email: @me['email'], password: SecureRandom.urlsafe_base64
|
115
|
-
|
116
|
-
@current_profile = @current_user.profile
|
117
|
-
if !@current_profile
|
118
|
-
begin
|
119
|
-
g = Gallery.find '5e1495e2d697f768ad0779eb'
|
120
|
-
rescue Mongoid::Errors::DocumentNotFound => e
|
121
|
-
g = Gallery.create id: '5e1495e2d697f768ad0779eb'
|
122
|
-
end
|
123
|
-
@current_profile = IshModels::UserProfile.create user: @current_user, name: @me['email'], email: @me['email']
|
124
|
-
test_newsitem = Newsitem.new gallery_id: '5e1495e2d697f768ad0779eb'
|
125
|
-
@current_profile.newsitems << test_newsitem
|
126
|
-
@current_profile.save
|
127
|
-
end
|
128
|
-
@current_profile.update fb_long_access_token: @long_term_token
|
129
|
-
else
|
130
|
-
@current_user = current_user if Rails.env.test?
|
131
|
-
end
|
132
|
-
|
133
|
-
elsif 'jwt' == provider
|
33
|
+
def check_profile
|
34
|
+
begin
|
134
35
|
decoded = decode(params[:jwt_token])
|
135
36
|
@current_user = User.find decoded['user_id']
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
# @TODO: refactor [ref-5]
|
141
|
-
sign_in @current_user, scope: :user
|
142
|
-
current_ability
|
143
|
-
end
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
# same as check_profile but doesn't error out when jwt_token is missing or expired
|
148
|
-
def check_profile_optionally
|
149
|
-
if !params[:jwt_token]
|
150
|
-
@current_user = User.new profile: Profile.new
|
151
|
-
else
|
152
|
-
begin
|
153
|
-
check_profile
|
154
|
-
rescue JWT::ExpiredSignature
|
155
|
-
Rails.logger.info("JWT::ExpiredSignature")
|
156
|
-
@current_user = User.new profile: Profile.new
|
157
|
-
end
|
37
|
+
rescue JWT::ExpiredSignature => e
|
38
|
+
puts! e, 'ee1'
|
39
|
+
flash[:notice] = 'You arent logged in, or you have been logged out.'
|
40
|
+
@current_user = User.new
|
158
41
|
end
|
159
42
|
end
|
160
43
|
|
161
|
-
# this doesn't generate long-lived token, doesn't update user_profile
|
162
|
-
def check_profile
|
163
|
-
# return check_multiprofile 'google'
|
164
|
-
# return check_multiprofile 'facebook'
|
165
|
-
return check_multiprofile 'jwt'
|
166
|
-
|
167
|
-
accessToken = request.headers[:accessToken]
|
168
|
-
accessToken ||= params[:fb_long_access_token]
|
169
|
-
accessToken ||= params[:accessToken]
|
170
|
-
if accessToken
|
171
|
-
@graph = Koala::Facebook::API.new( accessToken )
|
172
|
-
@me = @graph.get_object( 'me', :fields => 'email' )
|
173
|
-
@current_user = User.find_by :email => @me['email']
|
174
|
-
else
|
175
|
-
@current_user = current_user if Rails.env.test?
|
176
|
-
end
|
177
|
-
@current_profile = @current_user.profile
|
178
|
-
@current_order = @current_profile.current_order
|
179
|
-
# orders.where( :submitted_at => nil ).first || ::CoTailors::Order.create( :profile_id => @current_profile.id )
|
180
|
-
|
181
|
-
## for sedux
|
182
|
-
sign_in( @current_user )
|
183
|
-
end
|
184
|
-
|
185
|
-
def set_profile
|
186
|
-
accessToken = request.headers[:accessToken]
|
187
|
-
accessToken ||= params[:fb_long_access_token]
|
188
|
-
accessToken ||= params[:accessToken]
|
189
|
-
|
190
|
-
# params[:domain] ||= '_default'
|
191
|
-
|
192
|
-
if accessToken
|
193
|
-
begin
|
194
|
-
@graph = Koala::Facebook::API.new( accessToken )
|
195
|
-
@me = @graph.get_object( 'me', :fields => 'email' )
|
196
|
-
@current_user = User.find_or_create_by :email => @me['email']
|
197
|
-
@oauth = Koala::Facebook::OAuth.new( FB[params['domain']][:app], FB[params['domain']][:secret] )
|
198
|
-
get_token = get_long_token( accessToken )
|
199
|
-
@long_lived_token = get_token['access_token']
|
200
|
-
|
201
|
-
begin
|
202
|
-
@current_profile = IshModels::UserProfile.find_by :email => @me['email']
|
203
|
-
@current_profile.update_attributes({ :fb_access_token => @long_lived_token,
|
204
|
-
:fb_long_access_token => @long_lived_token,
|
205
|
-
:fb_expires_in => get_token['expires_in']
|
206
|
-
})
|
207
|
-
rescue Mongoid::Errors::DocumentNotFound
|
208
|
-
@current_profile = IshModels::UserProfile.create :user => @current_user, :email => @me['email'],
|
209
|
-
:fb_access_token => @long_lived_token,
|
210
|
-
:fb_long_access_token => @long_lived_token,
|
211
|
-
:fb_expires_in => get_token['expires_in'],
|
212
|
-
:fb_id => params[:id],
|
213
|
-
:name => params[:name],
|
214
|
-
:signed_request => params[:signedRequest]
|
215
|
-
end
|
216
|
-
@current_user.reload
|
217
|
-
rescue Koala::Facebook::AuthenticationError => e
|
218
|
-
render :json => { :status => :not_ok, :errors => "Probably expired token: #{accessToken}" }
|
219
|
-
return
|
220
|
-
end
|
221
|
-
else
|
222
|
-
@current_user = current_user if Rails.env.test?
|
223
|
-
end
|
224
|
-
@current_profile = @current_user.profile
|
225
|
-
@current_order = @current_profile.current_order
|
226
|
-
# orders.where( :submitted_at => nil ).first || ::CoTailors::Order.new( :profile_id => @current_profile.id )
|
227
|
-
end
|
228
|
-
|
229
|
-
def get_long_token accessToken
|
230
|
-
url = "https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&" +
|
231
|
-
"client_id=#{FB[params['domain']][:app]}&client_secret=#{FB[params['domain']][:secret]}&fb_exchange_token=#{accessToken}"
|
232
|
-
result = HTTParty.get url
|
233
|
-
token = JSON.parse result.body
|
234
|
-
return token # ['access_token']
|
235
|
-
end
|
236
|
-
|
237
|
-
def current_ability
|
238
|
-
@current_user ||= User.new({ profile: ::IshModels::UserProfile.new })
|
239
|
-
@current_ability ||= Ishapi::Ability.new( @current_user )
|
240
|
-
end
|
241
|
-
|
242
|
-
def puts! a, b=''
|
243
|
-
puts "+++ +++ #{b}"
|
244
|
-
puts a.inspect
|
245
|
-
end
|
246
|
-
|
247
44
|
# jwt
|
248
45
|
def check_jwt
|
249
46
|
begin
|
@@ -254,20 +51,23 @@ module Ishapi
|
|
254
51
|
rescue JWT::DecodeError
|
255
52
|
Rails.logger.info("JWT::DecodeError")
|
256
53
|
end
|
257
|
-
@current_user ||= User.new
|
258
54
|
current_ability
|
259
55
|
end
|
260
56
|
|
57
|
+
# jwt
|
58
|
+
def decode(token)
|
59
|
+
decoded = JWT.decode(token, Rails.application.secrets.secret_key_base.to_s)[0]
|
60
|
+
HashWithIndifferentAccess.new decoded
|
61
|
+
end
|
62
|
+
|
261
63
|
# jwt
|
262
64
|
def encode(payload, exp = 2.hours.from_now)
|
263
65
|
payload[:exp] = exp.to_i
|
264
66
|
JWT.encode(payload, Rails.application.secrets.secret_key_base.to_s)
|
265
67
|
end
|
266
68
|
|
267
|
-
|
268
|
-
|
269
|
-
decoded = JWT.decode(token, Rails.application.secrets.secret_key_base.to_s)[0]
|
270
|
-
HashWithIndifferentAccess.new decoded
|
69
|
+
def current_ability
|
70
|
+
@current_ability ||= Ishapi::Ability.new( current_user )
|
271
71
|
end
|
272
72
|
|
273
73
|
end
|
@@ -0,0 +1,275 @@
|
|
1
|
+
module Ishapi
|
2
|
+
class ApplicationController < ActionController::Base
|
3
|
+
after_action :append_long_term_token, except: [ :long_term_token, :test ]
|
4
|
+
|
5
|
+
protect_from_forgery :prepend => true, :with => :exception
|
6
|
+
layout :false
|
7
|
+
|
8
|
+
check_authorization except: [ :long_term_token ]
|
9
|
+
skip_before_action :verify_authenticity_token
|
10
|
+
|
11
|
+
def test
|
12
|
+
end
|
13
|
+
|
14
|
+
def long_term_token
|
15
|
+
accessToken = request.headers[:accessToken]
|
16
|
+
accessToken ||= params[:accessToken]
|
17
|
+
|
18
|
+
params['domain'] = 'tgm.piousbox.com'
|
19
|
+
|
20
|
+
response = ::HTTParty.get "https://graph.facebook.com/v5.0/oauth/access_token?grant_type=fb_exchange_token&" +
|
21
|
+
"client_id=#{FB[params['domain']][:app]}&client_secret=#{FB[params['domain']][:secret]}&" +
|
22
|
+
"fb_exchange_token=#{accessToken}"
|
23
|
+
j = JSON.parse response.body
|
24
|
+
@long_term_token = j['access_token']
|
25
|
+
@graph = Koala::Facebook::API.new( accessToken )
|
26
|
+
@me = @graph.get_object( 'me', :fields => 'email' )
|
27
|
+
@current_user = User.where( :email => @me['email'] ).first
|
28
|
+
|
29
|
+
# send the jwt to client
|
30
|
+
@jwt_token = encode(user_id: @current_user.id.to_s)
|
31
|
+
|
32
|
+
render json: {
|
33
|
+
email: @current_user.email,
|
34
|
+
jwt_token: @jwt_token,
|
35
|
+
long_term_token: @long_term_token,
|
36
|
+
n_unlocks: @current_user.profile.n_unlocks,
|
37
|
+
}
|
38
|
+
end
|
39
|
+
|
40
|
+
def home
|
41
|
+
authorize! :welcome_home, Ishapi
|
42
|
+
render :json => { :status => :ok, :message => 'Ishapi::ApiController.home',
|
43
|
+
:n_reports => Report.count, :n_cities => City.count }
|
44
|
+
end
|
45
|
+
|
46
|
+
#
|
47
|
+
# private
|
48
|
+
#
|
49
|
+
private
|
50
|
+
|
51
|
+
def append_long_term_token
|
52
|
+
if @long_term_token
|
53
|
+
response.body = JSON.parse(response.body).merge({ long_term_token: @long_term_token }).to_json
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
## Hard check by default; craps out if accessToken is missing
|
58
|
+
def check_long_term_token soft=false
|
59
|
+
accessToken = request.headers[:accessToken]
|
60
|
+
accessToken ||= params[:accessToken]
|
61
|
+
if accessToken
|
62
|
+
@graph = Koala::Facebook::API.new( accessToken )
|
63
|
+
@me = @graph.get_object( 'me', :fields => 'email' )
|
64
|
+
@current_user = User.where( :email => @me['email'] ).first
|
65
|
+
@profile = @current_user.profile
|
66
|
+
raise '98& - no profile' unless @profile
|
67
|
+
else
|
68
|
+
if soft
|
69
|
+
return
|
70
|
+
else
|
71
|
+
raise 'no access token'
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
## Does not crap out if accessToken is missing
|
77
|
+
def soft_check_long_term_token
|
78
|
+
check_long_term_token soft=true
|
79
|
+
end
|
80
|
+
|
81
|
+
def check_multiprofile provider = 'google'
|
82
|
+
if 'google' == provider
|
83
|
+
# client_secrets = ::Google::APIClient::ClientSecrets.load
|
84
|
+
# accessToken = params[:accessToken]
|
85
|
+
# authorization = ::Google::Auth.get_application_default
|
86
|
+
# result = authorization.apply({ accessToken: params[:accessToken] })
|
87
|
+
# puts! result, 'googleauth result'
|
88
|
+
|
89
|
+
decoded_token = JWT.decode params[:idToken], nil, false
|
90
|
+
|
91
|
+
@current_user = User.find_by email: decoded_token[0]['email']
|
92
|
+
|
93
|
+
elsif 'facebook' == provider
|
94
|
+
# accessToken ||= params[:fb_long_access_token]
|
95
|
+
|
96
|
+
accessToken = request.headers[:accessToken]
|
97
|
+
accessToken ||= params[:accessToken]
|
98
|
+
if accessToken
|
99
|
+
|
100
|
+
#
|
101
|
+
# long-term token
|
102
|
+
#
|
103
|
+
params['domain'] = 'tgm.piousbox.com'
|
104
|
+
response = HTTParty.get "https://graph.facebook.com/v5.0/oauth/access_token?grant_type=fb_exchange_token&" +
|
105
|
+
"client_id=#{FB[params['domain']][:app]}&client_secret=#{FB[params['domain']][:secret]}&" +
|
106
|
+
"fb_exchange_token=#{accessToken}"
|
107
|
+
j = JSON.parse response.body
|
108
|
+
@long_term_token = j['access_token']
|
109
|
+
|
110
|
+
|
111
|
+
@graph = Koala::Facebook::API.new( accessToken )
|
112
|
+
@me = @graph.get_object( 'me', :fields => 'email' )
|
113
|
+
@current_user = User.where( :email => @me['email'] ).first
|
114
|
+
@current_user ||= User.create! email: @me['email'], password: SecureRandom.urlsafe_base64
|
115
|
+
|
116
|
+
@current_profile = @current_user.profile
|
117
|
+
if !@current_profile
|
118
|
+
begin
|
119
|
+
g = Gallery.find '5e1495e2d697f768ad0779eb'
|
120
|
+
rescue Mongoid::Errors::DocumentNotFound => e
|
121
|
+
g = Gallery.create id: '5e1495e2d697f768ad0779eb'
|
122
|
+
end
|
123
|
+
@current_profile = IshModels::UserProfile.create user: @current_user, name: @me['email'], email: @me['email']
|
124
|
+
test_newsitem = Newsitem.new gallery_id: '5e1495e2d697f768ad0779eb'
|
125
|
+
@current_profile.newsitems << test_newsitem
|
126
|
+
@current_profile.save
|
127
|
+
end
|
128
|
+
@current_profile.update fb_long_access_token: @long_term_token
|
129
|
+
else
|
130
|
+
@current_user = current_user if Rails.env.test?
|
131
|
+
end
|
132
|
+
|
133
|
+
elsif 'jwt' == provider
|
134
|
+
decoded = decode(params[:jwt_token])
|
135
|
+
@current_user = User.find decoded['user_id']
|
136
|
+
puts! @current_user, '@current_user from decoded'
|
137
|
+
else
|
138
|
+
raise "ww1 - not implemented"
|
139
|
+
end
|
140
|
+
|
141
|
+
sign_in @current_user, scope: :user
|
142
|
+
puts! current_user, 'did I sign in?'
|
143
|
+
current_ability
|
144
|
+
end
|
145
|
+
|
146
|
+
|
147
|
+
|
148
|
+
# same as check_profile but doesn't error out when jwt_token is missing or expired
|
149
|
+
def check_profile_optionally
|
150
|
+
if !params[:jwt_token]
|
151
|
+
# @current_user = User.new profile: Profile.new
|
152
|
+
else
|
153
|
+
begin
|
154
|
+
check_profile
|
155
|
+
rescue JWT::ExpiredSignature
|
156
|
+
Rails.logger.info("JWT::ExpiredSignature")
|
157
|
+
# @current_user = User.new profile: Profile.new
|
158
|
+
end
|
159
|
+
end
|
160
|
+
end
|
161
|
+
|
162
|
+
# this doesn't generate long-lived token, doesn't update user_profile
|
163
|
+
def check_profile
|
164
|
+
# return check_multiprofile 'google'
|
165
|
+
# return check_multiprofile 'facebook'
|
166
|
+
return check_multiprofile 'jwt'
|
167
|
+
|
168
|
+
accessToken = request.headers[:accessToken]
|
169
|
+
accessToken ||= params[:fb_long_access_token]
|
170
|
+
accessToken ||= params[:accessToken]
|
171
|
+
if accessToken
|
172
|
+
@graph = Koala::Facebook::API.new( accessToken )
|
173
|
+
@me = @graph.get_object( 'me', :fields => 'email' )
|
174
|
+
@current_user = User.find_by :email => @me['email']
|
175
|
+
else
|
176
|
+
@current_user = current_user if Rails.env.test?
|
177
|
+
end
|
178
|
+
@current_profile = @current_user.profile
|
179
|
+
@current_order = @current_profile.current_order
|
180
|
+
# orders.where( :submitted_at => nil ).first || ::CoTailors::Order.create( :profile_id => @current_profile.id )
|
181
|
+
|
182
|
+
## for sedux
|
183
|
+
sign_in( @current_user )
|
184
|
+
end
|
185
|
+
|
186
|
+
def set_profile
|
187
|
+
accessToken = request.headers[:accessToken]
|
188
|
+
accessToken ||= params[:fb_long_access_token]
|
189
|
+
accessToken ||= params[:accessToken]
|
190
|
+
|
191
|
+
# params[:domain] ||= '_default'
|
192
|
+
|
193
|
+
if accessToken
|
194
|
+
begin
|
195
|
+
@graph = Koala::Facebook::API.new( accessToken )
|
196
|
+
@me = @graph.get_object( 'me', :fields => 'email' )
|
197
|
+
@current_user = User.find_or_create_by :email => @me['email']
|
198
|
+
@oauth = Koala::Facebook::OAuth.new( FB[params['domain']][:app], FB[params['domain']][:secret] )
|
199
|
+
get_token = get_long_token( accessToken )
|
200
|
+
@long_lived_token = get_token['access_token']
|
201
|
+
|
202
|
+
begin
|
203
|
+
@current_profile = IshModels::UserProfile.find_by :email => @me['email']
|
204
|
+
@current_profile.update_attributes({ :fb_access_token => @long_lived_token,
|
205
|
+
:fb_long_access_token => @long_lived_token,
|
206
|
+
:fb_expires_in => get_token['expires_in']
|
207
|
+
})
|
208
|
+
rescue Mongoid::Errors::DocumentNotFound
|
209
|
+
@current_profile = IshModels::UserProfile.create :user => @current_user, :email => @me['email'],
|
210
|
+
:fb_access_token => @long_lived_token,
|
211
|
+
:fb_long_access_token => @long_lived_token,
|
212
|
+
:fb_expires_in => get_token['expires_in'],
|
213
|
+
:fb_id => params[:id],
|
214
|
+
:name => params[:name],
|
215
|
+
:signed_request => params[:signedRequest]
|
216
|
+
end
|
217
|
+
@current_user.reload
|
218
|
+
rescue Koala::Facebook::AuthenticationError => e
|
219
|
+
render :json => { :status => :not_ok, :errors => "Probably expired token: #{accessToken}" }
|
220
|
+
return
|
221
|
+
end
|
222
|
+
else
|
223
|
+
@current_user = current_user if Rails.env.test?
|
224
|
+
end
|
225
|
+
@current_profile = @current_user.profile
|
226
|
+
@current_order = @current_profile.current_order
|
227
|
+
# orders.where( :submitted_at => nil ).first || ::CoTailors::Order.new( :profile_id => @current_profile.id )
|
228
|
+
end
|
229
|
+
|
230
|
+
def get_long_token accessToken
|
231
|
+
url = "https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&" +
|
232
|
+
"client_id=#{FB[params['domain']][:app]}&client_secret=#{FB[params['domain']][:secret]}&fb_exchange_token=#{accessToken}"
|
233
|
+
result = HTTParty.get url
|
234
|
+
token = JSON.parse result.body
|
235
|
+
return token # ['access_token']
|
236
|
+
end
|
237
|
+
|
238
|
+
def current_ability
|
239
|
+
# @current_user ||= User.new({ profile: ::IshModels::UserProfile.new })
|
240
|
+
@current_ability ||= Ishapi::Ability.new( current_user )
|
241
|
+
end
|
242
|
+
|
243
|
+
def puts! a, b=''
|
244
|
+
puts "+++ +++ #{b}"
|
245
|
+
puts a.inspect
|
246
|
+
end
|
247
|
+
|
248
|
+
# jwt
|
249
|
+
def check_jwt
|
250
|
+
begin
|
251
|
+
decoded = decode(params[:jwt_token])
|
252
|
+
@current_user = User.find decoded['user_id']
|
253
|
+
rescue JWT::ExpiredSignature
|
254
|
+
Rails.logger.info("JWT::ExpiredSignature")
|
255
|
+
rescue JWT::DecodeError
|
256
|
+
Rails.logger.info("JWT::DecodeError")
|
257
|
+
end
|
258
|
+
# @current_user ||= User.new
|
259
|
+
current_ability
|
260
|
+
end
|
261
|
+
|
262
|
+
# jwt
|
263
|
+
def encode(payload, exp = 2.hours.from_now)
|
264
|
+
payload[:exp] = exp.to_i
|
265
|
+
JWT.encode(payload, Rails.application.secrets.secret_key_base.to_s)
|
266
|
+
end
|
267
|
+
|
268
|
+
# jwt
|
269
|
+
def decode(token)
|
270
|
+
decoded = JWT.decode(token, Rails.application.secrets.secret_key_base.to_s)[0]
|
271
|
+
HashWithIndifferentAccess.new decoded
|
272
|
+
end
|
273
|
+
|
274
|
+
end
|
275
|
+
end
|
@@ -2,8 +2,8 @@ require_dependency "ishapi/application_controller"
|
|
2
2
|
module Ishapi
|
3
3
|
class MapsController < ApplicationController
|
4
4
|
|
5
|
-
before_action :
|
6
|
-
|
5
|
+
before_action :check_profile, only: [ :show ]
|
6
|
+
|
7
7
|
def index
|
8
8
|
authorize! :index, ::Gameui::Map
|
9
9
|
@maps = ::Gameui::Map.all
|
@@ -12,6 +12,7 @@ module Ishapi
|
|
12
12
|
def show
|
13
13
|
@map = ::Gameui::Map.find_by slug: params[:slug]
|
14
14
|
@markers = @map.markers.where( is_active: true )
|
15
|
+
@newsitems = @map.newsitems
|
15
16
|
|
16
17
|
case @map.ordering_type
|
17
18
|
when ::Gameui::Map::ORDERING_TYPE_ALPHABETIC
|
@@ -96,6 +96,8 @@ module Ishapi
|
|
96
96
|
authorize! :unlock, ::Ish::Payment
|
97
97
|
item = Object::const_get(params['kind']).find params['id']
|
98
98
|
|
99
|
+
puts! params, 'unlocking...'
|
100
|
+
|
99
101
|
existing = Purchase.where( user_profile: @current_user.profile, item: item ).first
|
100
102
|
if existing
|
101
103
|
render status: 200, json: { status: :ok, message: 'already purchased' }
|
@@ -3,7 +3,7 @@ require_dependency "ishapi/application_controller"
|
|
3
3
|
module Ishapi
|
4
4
|
class SitesController < ApplicationController
|
5
5
|
|
6
|
-
before_action :
|
6
|
+
before_action :check_profile, only: %i| show |
|
7
7
|
|
8
8
|
def index
|
9
9
|
authorize! :index, ::Site
|
@@ -32,16 +32,24 @@ module Ishapi
|
|
32
32
|
else
|
33
33
|
render :json => { :status => :unauthorized}, :status => :unauthorized
|
34
34
|
render :status => :unauthorized
|
35
|
+
return
|
35
36
|
end
|
36
37
|
end
|
37
38
|
|
38
|
-
@galleries = @site.galleries.limit( 10 )
|
39
|
-
@newsitems = @site.newsitems.limit( @site.newsitems_per_page )
|
40
|
-
@reports = @site.reports.limit( 10 )
|
39
|
+
@galleries = @site.galleries.limit( 10 ) # @TODO: paginate
|
40
|
+
@newsitems = @site.newsitems.limit( @site.newsitems_per_page ) # @TODO: paginate
|
41
|
+
@reports = @site.reports.limit( 10 ) # @TODO: paginate
|
41
42
|
@langs = ::Site.where( :domain => domain ).map( &:lang )
|
42
43
|
@feature_tags = @site.tags.where( :is_feature => true )
|
43
|
-
|
44
44
|
end
|
45
45
|
|
46
|
+
private
|
47
|
+
|
48
|
+
# # jwt
|
49
|
+
# def decode(token)
|
50
|
+
# decoded = JWT.decode(token, Rails.application.secrets.secret_key_base.to_s)[0]
|
51
|
+
# HashWithIndifferentAccess.new decoded
|
52
|
+
# end
|
53
|
+
|
46
54
|
end
|
47
55
|
end
|
@@ -13,6 +13,8 @@ json.cache! key do
|
|
13
13
|
json.subhead @site.subhead
|
14
14
|
json.description @site.description
|
15
15
|
|
16
|
+
json.email @current_user.email
|
17
|
+
|
16
18
|
json.is_ads_enabled @site.is_ads_enabled
|
17
19
|
json.play_videos_in_preview @site.play_videos_in_preview
|
18
20
|
json.newsitems_per_page @site.newsitems_per_page
|
data/config/routes.rb
CHANGED
@@ -27,7 +27,8 @@ Ishapi::Engine.routes.draw do
|
|
27
27
|
get 'maps', to: 'maps#index'
|
28
28
|
get 'maps/view/:slug', to: 'maps#show'
|
29
29
|
get 'markers/view/:slug', to: 'maps#show_marker'
|
30
|
-
get
|
30
|
+
get "/my/account", to: "my/my#account"
|
31
|
+
post "/my/account", to: "my/my#account"
|
31
32
|
namespace :my do
|
32
33
|
get 'galleries', to: 'galleries#index'
|
33
34
|
get 'newsitems', to: 'newsitems#index'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ishapi
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.8.
|
4
|
+
version: 0.1.8.143
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- piousbox
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-09-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -196,6 +196,7 @@ files:
|
|
196
196
|
- app/assets/stylesheets/scaffold.css
|
197
197
|
- app/controllers/ishapi/addresses_controller.rb
|
198
198
|
- app/controllers/ishapi/application_controller.rb
|
199
|
+
- app/controllers/ishapi/application_controller.rb-trash
|
199
200
|
- app/controllers/ishapi/articles_controller.rb
|
200
201
|
- app/controllers/ishapi/cities_controller.rb
|
201
202
|
- app/controllers/ishapi/events_controller.rb
|