From fd608391164ddc9e55e2f383620d395b43ae99b7 Mon Sep 17 00:00:00 2001 From: Daniel Friesel Date: Thu, 7 Mar 2019 18:36:11 +0100 Subject: [PATCH] switch from HTTP Auth to Cookie Auth --- index.pl | 540 ++++++++++------------ public/static/js/geolocation.js | 4 +- public/static/js/geolocation.min.js | 2 +- public/static/js/travelynx-actions.js | 2 +- public/static/js/travelynx-actions.min.js | 2 +- public/static/v1 | 1 + templates/account.html.ep | 2 +- templates/landingpage.html.ep | 141 +++--- templates/layouts/default.html.ep | 23 +- templates/login.html.ep | 4 +- templates/register.html.ep | 4 +- 11 files changed, 335 insertions(+), 390 deletions(-) create mode 120000 public/static/v1 diff --git a/index.pl b/index.pl index 51eb158..69d1079 100755 --- a/index.pl +++ b/index.pl @@ -44,13 +44,10 @@ app->plugin( authentication => { autoload_user => 1, session_key => 'foodor', + fail_render => { template => 'login' }, load_user => sub { my ( $self, $uid ) = @_; - my $data = $self->get_user_data($uid); - if ($data) { - return { name => $data->{name} }; - } - return undef; + return $self->get_user_data($uid); }, validate_user => sub { my ( $self, $username, $password, $extradata ) = @_; @@ -68,6 +65,7 @@ app->plugin( }, } ); +app->sessions->default_expiration( 60 * 60 * 24 * 180 ); app->defaults( layout => 'default' ); @@ -427,7 +425,7 @@ helper 'checkin' => sub { } my $success = $self->app->checkin_query->execute( - $self->get_user_id, + $self->current_user->{id}, $self->get_station_id( ds100 => $status->{station_ds100}, name => $status->{station_name} @@ -457,7 +455,7 @@ helper 'checkin' => sub { helper 'undo' => sub { my ($self) = @_; - my $uid = $self->get_user_id; + my $uid = $self->current_user->{id}; $self->app->get_last_actions_query->execute($uid); my $rows = $self->app->get_last_actions_query->fetchall_arrayref; @@ -469,10 +467,10 @@ helper 'undo' => sub { return 'Repeated undo is not supported'; } - my $success - = $self->app->undo_query->execute( $self->get_user_id, + my $success = $self->app->undo_query->execute( + $self->current_user->{id}, DateTime->now( time_zone => 'Europe/Berlin' )->epoch, - ); + ); if ( defined $success ) { return; @@ -501,7 +499,7 @@ helper 'checkout' => sub { if ( not defined $train ) { if ($force) { my $success = $self->app->checkout_query->execute( - $self->get_user_id, + $self->current_user->{id}, $self->get_station_id( ds100 => $status->{station_ds100}, name => $status->{station_name} @@ -523,7 +521,7 @@ helper 'checkout' => sub { } else { my $success = $self->app->checkout_query->execute( - $self->get_user_id, + $self->current_user->{id}, $self->get_station_id( ds100 => $status->{station_ds100}, name => $status->{station_name} @@ -580,7 +578,7 @@ helper 'get_user_token' => sub { helper 'get_user_data' => sub { my ( $self, $uid ) = @_; - $uid //= $self->get_user_id; + $uid //= $self->current_user->{id}; my $query = $self->app->get_user_query; $query->execute($uid); my $rows = $query->fetchall_arrayref; @@ -603,7 +601,7 @@ helper 'get_user_data' => sub { deletion_requested => $row[7] }; } - return; + return undef; }; helper 'get_user_password' => sub { @@ -623,80 +621,9 @@ helper 'get_user_password' => sub { return; }; -helper 'get_user_name' => sub { - my ($self) = @_; - - my $user = $self->req->headers->header('X-Remote-User') // 'dev'; - - return $user; -}; - -helper 'get_user_id' => sub { +helper 'add_user' => sub { my ( $self, $user_name, $email, $token, $password ) = @_; - $user_name //= $self->get_user_name; - - if ( not -e $dbname ) { - $self->app->dbh->begin_work; - $self->app->dbh->do( - qq{ - create table schema_version ( - version integer primary key - ); - } - ); - $self->app->dbh->do( - qq{ - create table users ( - id integer primary key, - name char(64) not null unique, - status int not null, - public_level bool not null, - email char(256), - token char(80), - password text, - registered_at datetime not null, - last_login datetime not null, - deletion_requested datetime - ) - } - ); - $self->app->dbh->do( - qq{ - create table stations ( - id integer primary key, - ds100 char(16) not null unique, - name char(64) not null unique - ) - } - ); - $self->app->dbh->do( - qq{ - create table user_actions ( - user_id int not null, - action_id int not null, - station_id int, - action_time int not null, - train_type char(16), - train_line char(16), - train_no char(16), - train_id char(128), - sched_time int, - real_time int, - route text, - messages text, - primary key (user_id, action_time) - ) - } - ); - $self->app->dbh->do( - qq{ - insert into schema_version (version) values (1); - } - ); - $self->app->dbh->commit; - } - $self->app->get_userid_query->execute($user_name); my $rows = $self->app->get_userid_query->fetchall_arrayref; @@ -737,7 +664,7 @@ helper 'check_if_user_name_exists' => sub { helper 'get_user_travels' => sub { my ( $self, $limit ) = @_; - my $uid = $self->get_user_id; + my $uid = $self->current_user->{id}; my $query = $self->app->get_all_actions_query; if ($limit) { $query = $self->app->get_last_actions_query; @@ -800,7 +727,7 @@ helper 'get_user_travels' => sub { helper 'get_user_status' => sub { my ($self) = @_; - my $uid = $self->get_user_id; + my $uid = $self->current_user->{id}; $self->app->get_last_actions_query->execute($uid); my $rows = $self->app->get_last_actions_query->fetchall_arrayref; @@ -886,7 +813,217 @@ helper 'navbar_class' => sub { get '/' => sub { my ($self) = @_; - $self->render( 'landingpage', with_geolocation => 1 ); + if ( $self->is_user_authenticated ) { + $self->render( 'landingpage', with_geolocation => 1 ); + } + else { + $self->render( 'landingpage', intro => 1 ); + } +}; + +get '/about' => sub { + my ($self) = @_; + + $self->render( 'about', version => $VERSION ); +}; + +get '/impressum' => sub { + my ($self) = @_; + + $self->render('imprint'); +}; + +get '/imprint' => sub { + my ($self) = @_; + + $self->render('imprint'); +}; + +post '/geolocation' => sub { + my ($self) = @_; + + my $lon = $self->param('lon'); + my $lat = $self->param('lat'); + + if ( not $lon or not $lat ) { + $self->render( json => { error => 'Invalid lon/lat received' } ); + } + else { + my @candidates = map { + { + ds100 => $_->[0][0], + name => $_->[0][1], + eva => $_->[0][2], + lon => $_->[0][3], + lat => $_->[0][4], + distance => $_->[1], + } + } Travel::Status::DE::IRIS::Stations::get_station_by_location( $lon, + $lat, 5 ); + $self->render( + json => { + candidates => [@candidates], + } + ); + } + +}; + +get '/login' => sub { + my ($self) = @_; + $self->render('login'); +}; + +post '/login' => sub { + my ($self) = @_; + my $user = $self->req->param('user'); + my $password = $self->req->param('password'); + + # Keep cookies for 6 months + $self->session( expiration => 60 * 60 * 24 * 180 ); + + if ( $self->validation->csrf_protect->has_error('csrf_token') ) { + $self->render( + 'login', + invalid => 'csrf', + ); + } + else { + if ( $self->authenticate( $user, $password ) ) { + $self->redirect_to('/'); + } + else { + $self->render( 'login', invalid => 'credentials' ); + } + } +}; + +get '/register' => sub { + my ($self) = @_; + $self->render('register'); +}; + +post '/register' => sub { + my ($self) = @_; + my $user = $self->req->param('user'); + my $email = $self->req->param('email'); + my $password = $self->req->param('password'); + my $password2 = $self->req->param('password2'); + my $ip = $self->req->headers->header('X-Forwarded-For'); + my $ua = $self->req->headers->user_agent; + my $date = DateTime->now( time_zone => 'Europe/Berlin' ) + ->strftime('%d.%m.%Y %H:%M:%S %z'); + + # In case Mojolicious is not running behind a reverse proxy + $ip + //= sprintf( '%s:%s', $self->tx->remote_address, $self->tx->remote_port ); + + if ( $self->validation->csrf_protect->has_error('csrf_token') ) { + $self->render( + 'register', + invalid => 'csrf', + ); + return; + } + + if ( not length($user) ) { + $self->render( 'register', invalid => 'user_empty' ); + return; + } + + if ( not length($email) ) { + $self->render( 'register', invalid => 'mail_empty' ); + return; + } + + if ( $user !~ m{ ^ [0-9a-zA-Z_-]+ $ }x ) { + $self->render( 'register', invalid => 'user_format' ); + return; + } + + if ( $self->check_if_user_name_exists($user) ) { + $self->render( 'register', invalid => 'user_collision' ); + return; + } + + if ( $password ne $password2 ) { + $self->render( 'register', invalid => 'password_notequal' ); + return; + } + + if ( length($password) < 8 ) { + $self->render( 'register', invalid => 'password_short' ); + return; + } + + my $token = make_token(); + my $pw_hash = hash_password($password); + my $user_id = $self->add_user( $user, $email, $token, $pw_hash ); + + my $body = "Hallo, ${user}!\n\n"; + $body .= "Mit deiner E-Mail-Adresse (${email}) wurde ein Account auf\n"; + $body .= "travelynx.finalrewind.org angelegt.\n\n"; + $body + .= "Falls die Registrierung von dir ausging, kannst du den Account unter\n"; + $body .= "https://travelynx.finalrewind.org/reg/${user_id}/${token}\n"; + $body .= "freischalten.\n\n"; + $body + .= "Falls nicht, ignoriere diese Mail bitte. Nach 48 Stunden wird deine\n"; + $body + .= "Mail-Adresse erneut zur Registrierung freigeschaltet. Falls auch diese fehlschlägt,\n"; + $body + .= "werden wir sie dauerhaft sperren und keine Mails mehr dorthin schicken.\n\n"; + $body .= "Daten zur Registrierung:\n"; + $body .= " * Datum: ${date}\n"; + $body .= " * Verwendete IP: ${ip}\n"; + $body .= " * Verwendeter Browser gemäß User Agent: ${ua}\n\n\n"; + $body .= "Impressum: https://travelynx.finalrewind.org/impressum\n"; + + my $reg_mail = Email::Simple->create( + header => [ + To => $email, + From => 'Travelynx ', + Subject => 'Registrierung auf travelynx.finalrewind.org', + 'Content-Type' => 'text/plain; charset=UTF-8', + ], + body => encode( 'utf-8', $body ), + ); + + my $success = try_to_sendmail($reg_mail); + if ($success) { + $self->render( 'login', from => 'register' ); + } + else { + $self->render( 'register', invalid => 'sendmail' ); + } +}; + +get '/reg/:id/:token' => sub { + my ($self) = @_; + + my $id = $self->stash('id'); + my $token = $self->stash('token'); + + my @db_user = $self->get_user_token($id); + + if ( not @db_user ) { + $self->render( 'register', invalid => 'token' ); + return; + } + + my ( $db_name, $db_status, $db_token ) = @db_user; + + if ( not $db_name or $token ne $db_token or $db_status != 0 ) { + $self->render( 'register', invalid => 'token' ); + return; + } + $self->app->set_status_query->execute( 1, $id ); + $self->render( 'login', from => 'verification' ); +}; + +under sub { + my ($self) = @_; + return $self->is_user_authenticated; }; post '/action' => sub { @@ -979,15 +1116,21 @@ post '/action' => sub { } }; -get '/a/account' => sub { +get '/account' => sub { my ($self) = @_; $self->render('account'); }; -get '/a/export.json' => sub { +get '/history' => sub { my ($self) = @_; - my $uid = $self->get_user_id; + + $self->render('history'); +}; + +get '/export.json' => sub { + my ($self) = @_; + my $uid = $self->current_user->{id}; my $query = $self->app->get_all_actions_query; $query->execute($uid); @@ -1031,220 +1174,13 @@ get '/a/export.json' => sub { ); }; -get '/a/history' => sub { - my ($self) = @_; - - $self->render('history'); -}; - -get '/x/about' => sub { - my ($self) = @_; - - $self->render( 'about', version => $VERSION ); -}; - -get '/x/impressum' => sub { - my ($self) = @_; - - $self->render('imprint'); -}; - -get '/x/imprint' => sub { - my ($self) = @_; - - $self->render('imprint'); -}; - -post '/x/geolocation' => sub { - my ($self) = @_; - - my $lon = $self->param('lon'); - my $lat = $self->param('lat'); - - if ( not $lon or not $lat ) { - $self->render( json => { error => 'Invalid lon/lat received' } ); - } - else { - my @candidates = map { - { - ds100 => $_->[0][0], - name => $_->[0][1], - eva => $_->[0][2], - lon => $_->[0][3], - lat => $_->[0][4], - distance => $_->[1], - } - } Travel::Status::DE::IRIS::Stations::get_station_by_location( $lon, - $lat, 5 ); - $self->render( - json => { - candidates => [@candidates], - } - ); - } - -}; - -get '/x/login' => sub { - my ($self) = @_; - $self->render('login'); -}; - -post '/x/login' => sub { - my ($self) = @_; - my $user = $self->req->param('user'); - my $password = $self->req->param('password'); - - # Keep cookies for 6 months - $self->session( expiration => 60 * 60 * 24 * 180 ); - - if ( $self->validation->csrf_protect->has_error('csrf_token') ) { - $self->render( - 'login', - invalid => 'csrf', - ); - } - else { - if ( $self->authenticate( $user, $password ) ) { - $self->redirect_to('/'); - } - else { - $self->render( 'login', invalid => 'credentials' ); - } - } -}; - -get '/x/logout' => sub { +post '/logout' => sub { my ($self) = @_; $self->logout; - $self->redirect_to('/x/login'); + $self->redirect_to('/login'); }; -get '/x/register' => sub { - my ($self) = @_; - $self->render('register'); -}; - -post '/x/register' => sub { - my ($self) = @_; - my $user = $self->req->param('user'); - my $email = $self->req->param('email'); - my $password = $self->req->param('password'); - my $password2 = $self->req->param('password2'); - my $ip = $self->req->headers->header('X-Forwarded-For'); - my $ua = $self->req->headers->user_agent; - my $date = DateTime->now( time_zone => 'Europe/Berlin' ) - ->strftime('%d.%m.%Y %H:%M:%S %z'); - - # In case Mojolicious is not running behind a reverse proxy - $ip - //= sprintf( '%s:%s', $self->tx->remote_address, $self->tx->remote_port ); - - if ( $self->validation->csrf_protect->has_error('csrf_token') ) { - $self->render( - 'register', - invalid => 'csrf', - ); - return; - } - - if ( not length($user) ) { - $self->render( 'register', invalid => 'user_empty' ); - return; - } - - if ( not length($email) ) { - $self->render( 'register', invalid => 'mail_empty' ); - return; - } - - if ( $user !~ m{ ^ [0-9a-zA-Z_-]+ $ }x ) { - $self->render( 'register', invalid => 'user_format' ); - return; - } - - #if ( $self->check_if_user_name_exists($user) or $user eq 'dev' ) { - if ( $user ne $self->get_user_name ) { - $self->render( 'register', invalid => 'user_collision' ); - return; - } - - if ( $password ne $password2 ) { - $self->render( 'register', invalid => 'password_notequal' ); - return; - } - - if ( length($password) < 8 ) { - $self->render( 'register', invalid => 'password_short' ); - return; - } - - my $token = make_token(); - my $pw_hash = hash_password($password); - my $user_id = $self->get_user_id( $user, $email, $token, $pw_hash ); - - my $body = "Hallo, ${user}!\n\n"; - $body .= "Mit deiner E-Mail-Adresse (${email}) wurde ein Account auf\n"; - $body .= "travelynx.finalrewind.org angelegt.\n\n"; - $body - .= "Falls die Registrierung von dir ausging, kannst du den Account unter\n"; - $body .= "https://travelynx.finalrewind.org/x/reg/${user_id}/${token}\n"; - $body .= "freischalten.\n\n"; - $body - .= "Falls nicht, ignoriere diese Mail bitte. Nach 48 Stunden wird deine\n"; - $body - .= "Mail-Adresse erneut zur Registrierung freigeschaltet. Falls auch diese fehlschlägt,\n"; - $body - .= "werden wir sie dauerhaft sperren und keine Mails mehr dorthin schicken.\n\n"; - $body .= "Daten zur Registrierung:\n"; - $body .= " * Datum: ${date}\n"; - $body .= " * Verwendete IP: ${ip}\n"; - $body .= " * Verwendeter Browser gemäß User Agent: ${ua}\n\n\n"; - $body .= "Impressum: https://travelynx.finalrewind.org/x/impressum\n"; - - my $reg_mail = Email::Simple->create( - header => [ - To => $email, - From => 'Travelynx ', - Subject => 'Registrierung auf travelynx.finalrewind.org', - 'Content-Type' => 'text/plain; charset=UTF-8', - ], - body => encode( 'utf-8', $body ), - ); - - my $success = try_to_sendmail($reg_mail); - if ($success) { - $self->render( 'login', from => 'register' ); - } - else { - $self->render( 'register', invalid => 'sendmail' ); - } -}; - -get '/x/reg/:id/:token' => sub { - my ($self) = @_; - - my $id = $self->stash('id'); - my $token = $self->stash('token'); - - my @db_user = $self->get_user_token($id); - - if ( not @db_user ) { - $self->render( 'register', invalid => 'token' ); - return; - } - - my ( $db_name, $db_status, $db_token ) = @db_user; - - if ( not $db_name or $token ne $db_token or $db_status != 0 ) { - $self->render( 'register', invalid => 'token' ); - return; - } - $self->app->set_status_query->execute( 1, $id ); - $self->render( 'login', from => 'verification' ); -}; - -get '/*station' => sub { +get '/s/*station' => sub { my ($self) = @_; my $station = $self->stash('station'); diff --git a/public/static/js/geolocation.js b/public/static/js/geolocation.js index 1c881e2..caf2a2a 100644 --- a/public/static/js/geolocation.js +++ b/public/static/js/geolocation.js @@ -25,14 +25,14 @@ $(document).ready(function() { stationlink.attr('href', ds100); stationlink.text(name); - resultBody.append('' + name + ''); + resultBody.append('' + name + ''); }); placeholder.replaceWith(resultTable); } }; var processLocation = function(loc) { - $.post('/x/geolocation', {lon: loc.coords.longitude, lat: loc.coords.latitude}, processResult); + $.post('/geolocation', {lon: loc.coords.longitude, lat: loc.coords.latitude}, processResult); }; var processError = function(error) { diff --git a/public/static/js/geolocation.min.js b/public/static/js/geolocation.min.js index 50cd010..1bd2c77 100644 --- a/public/static/js/geolocation.min.js +++ b/public/static/js/geolocation.min.js @@ -1 +1 @@ -$(document).ready(function(){var e=$("p.geolocationhint"),t=$("div.geolocation div.progress"),o=function(o,a,n){e.remove(),t.remove()},a=function(e){e.error?o(0,e.error):0==e.candidates.length?o():(resultTable=$("
"),resultBody=resultTable.children(),$.each(e.candidates,function(e,t){var o=t.ds100,a=t.name,n=t.distance;n=n.toFixed(1);var r=$(document.createElement("a"));r.attr("href",o),r.text(a),resultBody.append(''+a+"")}),t.replaceWith(resultTable))},n=function(e){$.post("/x/geolocation",{lon:e.coords.longitude,lat:e.coords.latitude},a)},r=function(e){e.code==e.PERMISSION_DENIED?o():e.code==e.POSITION_UNAVAILABLE?o():(e.code,e.TIMEOUT,o())};navigator.geolocation?navigator.geolocation.getCurrentPosition(n,r):o()}); +$(document).ready(function(){var a=$("p.geolocationhint"),n=$("div.geolocation div.progress"),t=function(e,t,o){a.remove(),n.remove()},o=function(e){e.error?t(0,e.error):0==e.candidates.length?t():(resultTable=$("
"),resultBody=resultTable.children(),$.each(e.candidates,function(e,t){var o=t.ds100,a=t.name,n=t.distance;n=n.toFixed(1);var r=$(document.createElement("a"));r.attr("href",o),r.text(a),resultBody.append(''+a+"")}),n.replaceWith(resultTable))};navigator.geolocation?navigator.geolocation.getCurrentPosition(function(e){$.post("/geolocation",{lon:e.coords.longitude,lat:e.coords.latitude},o)},function(e){e.code==e.PERMISSION_DENIED||e.code==e.POSITION_UNAVAILABLE||(e.code,e.TIMEOUT),t()}):t()}); diff --git a/public/static/js/travelynx-actions.js b/public/static/js/travelynx-actions.js index d758a1a..0a3d092 100644 --- a/public/static/js/travelynx-actions.js +++ b/public/static/js/travelynx-actions.js @@ -34,7 +34,7 @@ $(document).ready(function() { station: link.data('station'), force: link.data('force'), }; - tvly_run(link, req, '/' + req.station, function() { + tvly_run(link, req, '/s/' + req.station, function() { link.append(' – Ohne Echtzeitdaten auschecken?') link.data('force', true); }); diff --git a/public/static/js/travelynx-actions.min.js b/public/static/js/travelynx-actions.min.js index 156c458..9c37d8d 100644 --- a/public/static/js/travelynx-actions.min.js +++ b/public/static/js/travelynx-actions.min.js @@ -1 +1 @@ -function tvly_run(n,t,i,a){var c='error',o=$('
');n.hide(),n.after(o),$.post("/action",t,function(t){t.success?$(location).attr("href",i):(M.toast({html:c+" "+t.error}),o.remove(),a&&a(),n.append(" "+c),n.show())})}$(document).ready(function(){$(".action-checkin").click(function(){var t=$(this);tvly_run(t,{action:"checkin",station:t.data("station"),train:t.data("train")},"/")}),$(".action-checkout").click(function(){var t=$(this),n={action:"checkout",station:t.data("station"),force:t.data("force")};tvly_run(t,n,"/"+n.station,function(){t.append(" – Ohne Echtzeitdaten auschecken?"),t.data("force",!0)})}),$(".action-undo").click(function(){tvly_run($(this),{action:"undo"},window.location.href)})}); +function tvly_run(n,t,i,a){var c='error',o=$('
');n.hide(),n.after(o),$.post("/action",t,function(t){t.success?$(location).attr("href",i):(M.toast({html:c+" "+t.error}),o.remove(),a&&a(),n.append(" "+c),n.show())})}$(document).ready(function(){$(".action-checkin").click(function(){var t=$(this);tvly_run(t,{action:"checkin",station:t.data("station"),train:t.data("train")},"/")}),$(".action-checkout").click(function(){var t=$(this),n={action:"checkout",station:t.data("station"),force:t.data("force")};tvly_run(t,n,"/s/"+n.station,function(){t.append(" – Ohne Echtzeitdaten auschecken?"),t.data("force",!0)})}),$(".action-undo").click(function(){tvly_run($(this),{action:"undo"},window.location.href)})}); diff --git a/public/static/v1 b/public/static/v1 new file mode 120000 index 0000000..945c9b4 --- /dev/null +++ b/public/static/v1 @@ -0,0 +1 @@ +. \ No newline at end of file diff --git a/templates/account.html.ep b/templates/account.html.ep index 9c3a435..c3f24f8 100644 --- a/templates/account.html.ep +++ b/templates/account.html.ep @@ -22,7 +22,7 @@
    -
  • Rohdaten (Kein API-Ersatz, das Format kann sich jederzeit ändern)
    • +
  • Rohdaten (Kein API-Ersatz, das Format kann sich jederzeit ändern)
diff --git a/templates/landingpage.html.ep b/templates/landingpage.html.ep index 00a67cc..4c6a8f2 100644 --- a/templates/landingpage.html.ep +++ b/templates/landingpage.html.ep @@ -1,72 +1,77 @@ -
-
- % my $status = $self->get_user_status; - % if ($status->{checked_in}) { -
-
- Hallo, <%= $self->get_user_name %>! -

Du bist gerade eingecheckt in - <%= $status->{train_type} %> <%= $status->{train_no} %> - ab <%= $status->{station_name} %>. - % if ($status->{timestamp_delta} < 3600) { - undo Rückgängig - % } -

-

Auschecken?

- - - % my $is_after = 0; - % for my $station (@{$status->{route_after}}) { - +% if (is_user_authenticated()) { +
+
+ % my $status = get_user_status(); + % if ($status->{checked_in}) { +
+
+ Hallo, <%= current_user()->{name} %>! +

Du bist gerade eingecheckt in + <%= $status->{train_type} %> <%= $status->{train_no} %> + ab <%= $status->{station_name} %>. + % if ($status->{timestamp_delta} < 3600) { + undo Rückgängig % } -

-
<%= $station %>
-
-
- % } - % else { -
-
- Hallo, <%= $self->get_user_name %>! -

Du bist gerade nicht eingecheckt.

-

Stationen in der Umgebung:

-
-
+

+

Auschecken?

+ + + % my $is_after = 0; + % for my $station (@{$status->{route_after}}) { + + % } + +
<%= $station %>
-
- % } -
-
-

Letzte Fahrten

-
- - - - - - - - - - - % for my $travel (get_user_travels(1)) { - % if ($travel->{completed}) { - - - - - % if ($travel->{rt_arrival}->epoch and $travel->{rt_departure}->epoch) { - - % } else { - - % } - - % } % } - - - + % else { +
+
+ Hallo, <%= current_user()->{name} %>! +

Du bist gerade nicht eingecheckt.

+

Stationen in der Umgebung:

+
+
+
+
+
+ % } + + +

Letzte Fahrten

+
+
DatumZugStreckeDauer
<%= $travel->{sched_departure}->strftime('%d.%m.%Y') %><%= $travel->{type} %> <%= $travel->{line} // $travel->{no} %><%= $travel->{from_name} %> → <%= $travel->{to_name} %><%= ($travel->{rt_arrival}->epoch - $travel->{rt_departure}->epoch) / 60 %> min - <%= sprintf('%.f', $self->get_travel_distance($travel->{from_name}, $travel->{to_name}, $travel->{route})) %>km - timer_off -
+ + + + + + + + + + % for my $travel (get_user_travels(1)) { + % if ($travel->{completed}) { + + + + + % if ($travel->{rt_arrival}->epoch and $travel->{rt_departure}->epoch) { + + % } else { + + % } + + % } + % } + + + +% } +% else { +Huhu! +% } diff --git a/templates/layouts/default.html.ep b/templates/layouts/default.html.ep index cbe06e3..3fdb075 100644 --- a/templates/layouts/default.html.ep +++ b/templates/layouts/default.html.ep @@ -5,14 +5,15 @@ - %= stylesheet '/static/css/materialize.min.css' - %= stylesheet '/static/css/material-icons.css' - %= stylesheet '/static/css/local.css' - %= javascript '/static/js/jquery-2.2.4.min.js' - %= javascript '/static/js/materialize.min.js' - %= javascript '/static/js/travelynx-actions.min.js' + % my $av = 'v1'; # asset version + %= stylesheet "/static/${av}/css/materialize.min.css" + %= stylesheet "/static/${av}/css/material-icons.css" + %= stylesheet "/static/${av}/css/local.css" + %= javascript "/static/${av}/js/jquery-2.2.4.min.js" + %= javascript "/static/${av}/js/materialize.min.js" + %= javascript "/static/${av}/js/travelynx-actions.min.js" % if (stash('with_geolocation')) { - %= javascript '/static/js/geolocation.min.js' + %= javascript "/static/${av}/js/geolocation.min.js" % } @@ -21,9 +22,11 @@
diff --git a/templates/login.html.ep b/templates/login.html.ep index 37afacc..f85ba91 100644 --- a/templates/login.html.ep +++ b/templates/login.html.ep @@ -7,7 +7,7 @@

Du bist bereits angemeldet. Falls du mehrere Accounts hast und auf einen anderen wechseln möchtest, musst du dich - vorher abmelden. + vorher abmelden.

@@ -64,7 +64,7 @@ % }
- %= form_for '/x/login' => (class => 'col s12', method => 'POST') => begin + %= form_for '/login' => (class => 'col s12', method => 'POST') => begin %= csrf_field
diff --git a/templates/register.html.ep b/templates/register.html.ep index a227e6f..d1e189d 100644 --- a/templates/register.html.ep +++ b/templates/register.html.ep @@ -59,7 +59,7 @@
% }
- %= form_for '/x/register' => (class => 'col s12', method => 'POST') => begin + %= form_for '/register' => (class => 'col s12', method => 'POST') => begin %= csrf_field
@@ -103,7 +103,7 @@ Die Mail-Adresse wird ausschließlich zur Bestätigung der Anmeldung und für die "Passwort vergessen"-Funktionalität verwendet und nicht an Dritte weitergegeben. Die Datenschutzerklärung beschreibt weitere + href="/impressum">Datenschutzerklärung beschreibt weitere erhobene Daten sowie deren Zweck und Speicherfristen. Accounts werden nach einem Jahr ohne Nutzung automatisch gelöscht.

DatumZugStreckeDauer
<%= $travel->{sched_departure}->strftime('%d.%m.%Y') %><%= $travel->{type} %> <%= $travel->{line} // $travel->{no} %><%= $travel->{from_name} %> → <%= $travel->{to_name} %><%= ($travel->{rt_arrival}->epoch - $travel->{rt_departure}->epoch) / 60 %> min + <%= sprintf('%.f', $self->get_travel_distance($travel->{from_name}, $travel->{to_name}, $travel->{route})) %>km + timer_off +