stuff not ready to be pushed to master

2015-03-08 22:29:37 +01:00
parent fce49c9f5b
commit cb37ff0391
9 changed files with 234 additions and 49 deletions
--- a/front-api/controllers/cart.rb
+++ b/front-api/controllers/cart.rb
@@ -9,21 +9,37 @@ helpers do
    end
    return auid
  end
+
+  def user_id
+      auth = cookies['ribica_auth']
+      if not auth.nil?
+          auth = decrypt(auth)
+          return User.find_by(id: auth).id
+      end
+      -1
+  end
+
+end
+
+get '/cart/init' do
+    auid = anonymous_id
+    Cart.find_or_create(auid, user_id).to_json
+    auid.to_json
 end

 get '/cart' do
  # -1 is a placeholder for user id when we implement users
  # auid will still be used in case user is not logged in
-  Cart.find_or_create(anonymous_id, -1).to_json
+  Cart.find_or_create(anonymous_id, user_id).to_json
 end

 # gets number of items in cart for every item
 get '/cart/item' do
-  Cart.find_or_create(anonymous_id, -1).item_in_carts.to_json
+  Cart.find_or_create(anonymous_id, user_id).item_in_carts.to_json
 end

 update_cart_item = ->() {
-  cart_id = Cart.find_or_create(anonymous_id, -1).id
+  cart_id = Cart.find_or_create(anonymous_id, user_id).id
  item_id = @json_params["item_id"].to_i
  count = @json_params["count"].to_i
  ItemInCart.update_state(cart_id, item_id, count).to_json
@@ -34,7 +50,7 @@ post '/cart/item', &update_cart_item

 # gets list of items in cart without count
 get '/cart/item/display' do 
-  cart = Cart.find_or_create(anonymous_id, -1)
+  cart = Cart.find_or_create(anonymous_id, user_id)
  item_ids = cart.item_in_carts.map do |x|
   x.item_id
  end
@@ -44,12 +60,12 @@ get '/cart/item/display' do
 end

 get '/cart/delivery_destination' do 
-  cart = Cart.find_or_create(anonymous_id, -1)
+  cart = Cart.find_or_create(anonymous_id, user_id)
  cart.delivery_destination.to_json(:except => [:created_at, :email_verification_code, :phone_verification_code])
 end 

 update_delivery_destination = ->() {
-  cart = Cart.find_or_create(anonymous_id, -1)
+  cart = Cart.find_or_create(anonymous_id, user_id)
  allowed_keys = ["name", "address", "place", "postal_code", "phone", "email", "note"]
  params = @json_params.reject { |key,_| !allowed_keys.include?(key) }
  cart.delivery_destination.update_attributes(params)
@@ -61,10 +77,12 @@ post '/cart/delivery_destination', &update_delivery_destination


 post '/cart/confirmation' do 
-  cart = Cart.find_or_create(anonymous_id, -1)
+  cart = Cart.find_or_create(anonymous_id, user_id)
  if cart.item_in_carts.length > 0
    cart.ordered = true
    cart.save!
  end
+
+  Cart.find_or_create(anonymous_id, user_id)
  "OK".to_json
-end
+end
--- a/front-api/controllers/user.rb
+++ b/front-api/controllers/user.rb
@@ -1,6 +1,28 @@
+require 'openssl'
+require "base64"

 post '/user/logout' do
    response.delete_cookie("ribica_auth", :path => "/")
+    #response.delete_cookie("anonymous_user_id", :path => "/")
+    auid = AnonymousUser.uid
+    response.set_cookie('anonymous_user_id', :path=> '/', :httponly => true, :value=>auid, :expires=> Time.now + 100.year)
+    #Cart.find_or_create(auid, -1)
+end
+
+def encrypt(data)
+    cipher = OpenSSL::Cipher.new('AES-128-CBC')
+    cipher.encrypt
+    cipher.key = COOKIE_SECRET_KEY
+    encrypted = cipher.update(data) + cipher.final
+    Base64.encode64(encrypted)
+end
+
+def decrypt(data)
+    data = Base64.decode64(data)
+    cipher = OpenSSL::Cipher.new('AES-128-CBC')
+    cipher.decrypt
+    cipher.key = COOKIE_SECRET_KEY
+    decrypted = cipher.update(data) + cipher.final
 end

 post '/user/login' do
@@ -13,7 +35,9 @@ post '/user/login' do
  res = User.find_by(email: email).try(:authenticate, password)      # => false
  if res 
      #TODO : encrypt this cookie
-      response.set_cookie('ribica_auth', :path=> '/', :httponly => true, :value=>res.id, :expires=>Time.now+100.year)
+      val = encrypt(res.id.to_s)
+      response.set_cookie('ribica_auth', :path=> '/', :httponly => true, :value=>val, :expires=>Time.now+100.year)
+      #Cart.find_or_create(anonymous_id, res.id)
    res.to_json(except: 'password_digest')
  else
    status 401
@@ -24,6 +48,7 @@ end
 get '/user' do
    auth = cookies['ribica_auth']
    if not auth.nil?
+        auth = decrypt(auth)
        return User.find_by(id: auth).to_json(except: 'password_digest')
    end
 end
@@ -36,7 +61,8 @@ post '/user' do
  user.from_json(json, false)

  if user.save
-    response.set_cookie('ribica_auth', :path=> '/', :httponly => true, :value=>user.id, :expires=>Time.now+100.year)
+    val = encrypt(user.id.to_s)
+    response.set_cookie('ribica_auth', :path=> '/', :httponly => true, :value=>val, :expires=>Time.now+100.year)
    user.to_json(except: 'password_digest')
  else
    status 400