login is (almost) fully working now

2019-08-07 23:03:59 +02:00 · 2019-08-07 23:03:59 +02:00 · eb8edc8d03
commit eb8edc8d03
parent 903f730502
9 changed files with 241 additions and 84239 deletions
--- a/README.md
+++ b/README.md
@ -125,4 +125,40 @@ triggered by setting POST parameter 'submitSensorData' to a JSON encoded string
 - data: Array[Array[sensorId, errorCode]] sensors which were ignored due to some error (401: user doesn't own sensor; 404: senso wasn't found) 
        only set if status is 901
-## 
+## edit user data
 - requests to change user specific data (like adding/removing sensors/api-keys, etc.)
 - this type of request is triggered by setting GET parameter 'command' to a JSON encoded string containing the request
 - request structure: (JSON object)
    - header: (int) containing the desired command
    - body:   (mixed)(optional) containing the individual request
 - reply structure: (JSON object)
    - header: (int) indicating if the request was successfull (mostly like HTTP status codes)
    - body:   (mixed)(optional) containing further data depending on the request
 ### login
 submit username and password to get a session token which can be used to authenticate any further commands
 #### Request
 - header: 1000
 - body: (object)
    - username: (string)
    - password: (string)
 #### Reply
 - header: (int)
    - 200: OK
    - 400: invalid request
    - 401: invalid username or password
 - body: (string) (only set when header is 200) Session-token
 ### get user information
 submit a sesion token to check if it s valid and get some information about the user if it is
 #### Request
 - header: 1001
 - body: (string) the session token to be checked
 #### Reply
 - header: (int)
    - 200: OK
    - 400: invalid request
    - 401: the token is invalid
 - body: (object) (only set when header is 200)
    - username: (string) username of the user the session belongs to
    - realname: (string) full name of the user the session belongs to
--- a/api/blueweather.php
+++ b/api/blueweather.php
@ -92,7 +92,7 @@ class BlueWeather
     *
     * @param string $session session token
     *
-     * @return int (-1: does not exist; x>0: userId)
+     * @return int (-1: does not exist; >0: userId)
     */
    public function checkSession($session)
    {
@ -110,6 +110,29 @@ class BlueWeather
        return($data['userId']);
    }
    /**
     * Function to user information
     *
     * @param int $userId id of the user
     *
     * @return mixed (array with some user information, or -1 if user not found)
     */
    public function getUserInfo($userId) 
    {
        $sql = "SELECT username,realname FROM `users`
        WHERE`id`=\"".$this->_con->real_escape_string($userId)."\"";
        $result = $this->_con->query($sql);
        if (!$result->num_rows > 0) {
            return -1;
        }
        // only one row will be returned
        $data = $result->fetch_assoc();
        return($data);
    }
    // --------------------
    // - getter functions -
--- a/api/blueweather.sql
+++ b/api/blueweather.sql
--- a/api/json.php
+++ b/api/json.php
@ -25,6 +25,8 @@ header('Access-Control-Allow-Origin: *');
 $blueweather = new BlueWeather($config);
 //$_GET['command'] = '{"header":1001,"body":"undefined"}';
 if (isset($_GET['locId'])) {
    // get data of given location
    $data = $blueweather->getLocationData(
@ -35,6 +37,47 @@ if (isset($_GET['locId'])) {
    $sensorData = json_decode($_POST['submitSensorData'], true);
    $ret =  $blueweather->processSensorData($sensorData);
    $data = $ret;
 } elseif (isset($_GET['command'])) {
    // some user-data api request
    $request = json_decode($_GET['command'], true);
    if (!$request || !isset($request['header'])) {
        $data = array("header"=>400);
    } else {
        switch ($request['header']) {
        case 1000:
            // user login
            if (!isset($request['body']['username']) || !isset($request['body']['password'])) {
                $data = array("header"=>400);
            } else {
                $token = $blueweather->loginUser(
                    $request['body']['username'], 
                    $request['body']['password']
                );
                if ($token !== '') {
                    $data = array("header"=>200, "body"=>$token);
                } else {
                    $data = array("header"=>401);
                }
            }
            break;
        case 1001:
            // check session
            if (!isset($request['body'])) {
                $data = array("header"=>400);
            } else {
                $ret = $blueweather->getUserInfo(
                    $blueweather->checkSession($request['body'])
                );
                if ($ret === -1) {
                    $data = array("header"=>401);
                } else {
                    $data = array("header"=>200, "data"=>$ret);
                }
            }
        }
    }
 } else {
    $data = $blueweather->getAllLocations();
 }
--- a/css/blueweather.css
+++ b/css/blueweather.css
@ -15,6 +15,12 @@
    width:100%;
  }
  .feather {
    width: 16px;
    height: 16px;
    vertical-align: text-bottom;
  }
 /*
  * Login modal
  */
--- a/css/dashboard.css
+++ b/css/dashboard.css
@ -2,12 +2,6 @@ body {
  font-size: .875rem;
 }
 .feather {
  width: 16px;
  height: 16px;
  vertical-align: text-bottom;
 }
 /*
 * Sidebar
 */
--- a/js/blueweather.js
+++ b/js/blueweather.js
@ -1,9 +1,12 @@
 class BlueWeather {
-    constructor() {
+    constructor(profileObjectParent) {
        // cunstruct xmlhttp
        this.xhttp = new XMLHttpRequest();
-        this.host =  "https://weather.itsblue.de"//window.location.href.substring(0, window.location.href.lastIndexOf("/"));
+        //this.host = "https://weather.itsblue.de"
        this.host = window.location.href.substring(0, window.location.href.lastIndexOf("/"));
        this.profileObjectParent = profileObjectParent
        this.log("init done", 2)
@ -24,34 +27,44 @@ class BlueWeather {
    // ----------------------
    restoreSession() {
-        if(this.getCookie("session") !== "" && this.getCookie("session") !== undefined) {
+        var thisObject = this
-            console.log("old session found: " + this.getCookie("session"), 3)
+        if (this.getCookie("session") !== "" && this.getCookie("session") !== undefined && this.getCookie("session") !== "undefined") {
            // old session found
-            this.session.loggedIn = true
+            console.log("old session found: " + this.getCookie("session"), 3)
-            this.session.token = this.getCookie("session")
+            // check if the session is still valid
            this.checkSession(this.getCookie("session"), function (sessionIsValid) {
                if (sessionIsValid) {
                    thisObject.session.loggedIn = true
                    thisObject.session.token = thisObject.getCookie("session")
                }
                thisObject.loadProfileObject(thisObject.profileObjectParent)
            })
        }
        else {
            this.loadProfileObject(this.profileObjectParent)
        }
    }
    login(async, username, password, processingFunction) {
-        this.xhttp.abort()
+        var xhttp = new XMLHttpRequest();
        var thisObject = this
        if (async) {
-            this.xhttp.onreadystatechange = function() {
+            xhttp.onreadystatechange = function () {
                if (this.readyState === 4) {
                    // Typical action to be performed when the document is ready:
                    if (this.status === 200) {
                        thisObject.log("login response was: " + this.responseText, 3)
                        var ret = JSON.parse(this.responseText)
-                        if(ret && ret['status'] === 200) {
+                        if (ret && ret['header'] === 200) {
-                            //this.session.token = ret["token"]
+                            thisObject.session.token = ret["body"]
-                            //this.session.loggedIn = true
+                            document.cookie = "session=" + ret["body"] + ";"
                            thisObject.session.loggedIn = true
                            processingFunction(true)
                            return
                        }
                        else {
-                            //this.session.token = ""
+                            thisObject.endSession()
                            //this.session.loggedIn = false
                        }
                    }
                    processingFunction(false)
@ -59,15 +72,49 @@ class BlueWeather {
            }
        }
-        var url = this.host + "/api/json.php"
+        var request = JSON.stringify({ header: 1000, body: { username: username, password: password } })
-        this.log("starting location request; URL is: " + url, 3)
+        var url = this.host + "/api/json.php?command=" + request
-        this.xhttp.open("GET", url, async)
+        this.log("starting login request; URL is: " + url, 3)
-        this.xhttp.send()
+        xhttp.open("GET", url, async)
        xhttp.send()
    }
    checkSession(token, processingFunction) {
        var xhttp = new XMLHttpRequest();
        var thisObject = this
        xhttp.onreadystatechange = function () {
            if (this.readyState === 4) {
                if (this.status === 200) {
                    thisObject.log("login response was: " + this.responseText, 3)
                    var ret = JSON.parse(this.responseText)
                    if (ret && ret['header'] === 200) {
                        thisObject.session.user.username = ret["data"]["username"]
                        thisObject.session.user.realName = ret["data"]["realname"]
                        processingFunction(true)
                        return
                    }
                    else {
                        thisObject.endSession()
                    }
                }
                processingFunction(false)
            }
        }
        var request = JSON.stringify({ header: 1001, body: token })
        var url = this.host + "/api/json.php?command=" + request
        this.log("starting session check request; URL is: " + url, 3)
        xhttp.open("GET", url, true)
        xhttp.send()
    }
    endSession() {
        document.cookie = "session=;"
-        window.location.href = "./index.html"
+        if (this.session.loggedIn) {
            // if the user was logged in before
            location.reload()
        }
    }
    // --------------------
@ -139,10 +186,14 @@ class BlueWeather {
    // ----------------------
    loadProfileObject(parent) {
        parent = this.profileObjectParent
        if (!parent) {
            this.log("error: no profile object parent", 3)
            return false
        }
        parent = document.getElementById(parent)
        var thisObject = this
        var profileObject = document.createElement("li")
@ -263,8 +314,11 @@ class BlueWeather {
                thisObject.login(true, username, password, function (loginSuccess) {
                    if (!loginSuccess) {
                        alert.appear()
                    }
                        signInButton.setNormal()
                    }
                    else {
                        location.reload()
                    }
                })
            }
            // ----------
@ -302,11 +356,12 @@ class BlueWeather {
            profileDropdown.setAttribute("aria-labelledby", "userDropdown")
            // fill the dropdown menu
-            function createDropdownMenuElement(icon, text) {
+            function createDropdownMenuElement(icon, text, onclick=null) {
                // create element
                var elem = document.createElement("a")
                elem.classList.add("dropdown-item")
                elem.href = "#"
                elem.onclick = onclick
                // create icon
                var iconSpan = document.createElement("span")
@ -333,7 +388,10 @@ class BlueWeather {
            profileDropdown.appendChild(createDropdownSeparator())
            profileDropdown.appendChild(createDropdownMenuElement("settings", " Settings"))
            profileDropdown.appendChild(createDropdownSeparator())
-            profileDropdown.appendChild(createDropdownMenuElement("log-out", " Log out"))
+            profileDropdown.appendChild(createDropdownMenuElement("log-out", " Log out", function() {
                document.cookie = "session=;"
                location.reload()
            }))
        }
--- a/js/dashboard.js
+++ b/js/dashboard.js
@ -8,7 +8,7 @@ class BlueWeatherDashboard {
  constructor() {
    // cunstruct xmlhttp
    this.initDone = false
-    this.blueweather = new BlueWeather()
+    this.blueweather = new BlueWeather("profileContainer")
    this.params = {
      loc: 1,
@ -615,5 +615,4 @@ window.onresize = function (event) {
  flexFont();
 };
 feather.replace()
-dashboard = new BlueWeatherDashboard()
+dashboard = new BlueWeatherDashboard(document.getElementById("profileContainer"))
 dashboard.blueweather.loadProfileObject(document.getElementById("profileContainer"))
--- a/js/index.js
+++ b/js/index.js
@ -2,7 +2,7 @@ class BlueWeatherIndex {
    constructor() {
        this.initDone = false
-      this.blueweather = new BlueWeather()
+        this.blueweather = new BlueWeather("profileContainer")
        this.initDone = true
@ -56,4 +56,3 @@ class BlueWeatherIndex {
 }
 feather.replace()
 index = new BlueWeatherIndex()
 index.blueweather.loadProfileObject(document.getElementById("profileContainer"))