From 91e9ee34e54abbba8376be880c1b133d701e598e Mon Sep 17 00:00:00 2001
From: Jules Laplace <jules@okfoc.us>
Date: Wed, 9 Jul 2014 19:00:00 -0400
Subject: various apis

---
 public/js/protocols_site.js | 160 +++++++++++++++++++++-----------------------
 server/api/party.js         |  15 +++++
 server/api/user.js          |  14 ++++
 server/auth/index.js        |  17 +++--
 server/index.js             |   8 +--
 server/middleware.js        |  32 ---------
 6 files changed, 119 insertions(+), 127 deletions(-)

diff --git a/public/js/protocols_site.js b/public/js/protocols_site.js
index 3a38ab9..41123bd 100644
--- a/public/js/protocols_site.js
+++ b/public/js/protocols_site.js
@@ -3,7 +3,7 @@ var URLregexp = /^(https?:\/\/)(www.)?([-A-Z0-9.]+)(\/)?([-A-Z0-9+&@#\/%?=~_|!:,
 var months = { Jan: 0, Feb: 1, Mar: 2, Apr: 3, May: 4, Jun: 5, Jul: 6, Aug: 7, Sep: 8, Oct: 9, Nov: 10, Dec: 11 }
 function isScrolledIntoView (elem)
 	{
-    return true;
+	return true;
 	var docViewTop = $(window).scrollTop();
 	var docViewBottom = docViewTop + $(window).height();
 	var elemTop = $(elem).offset().top;
@@ -31,7 +31,7 @@ function is_image(s)
 		}
 	return false
 	}
-var domain_extensions = [".com",".net",".org",".uk",".fr",".de",".ch",".info",".nu",".mu","facebook.com","twitter.com"]
+var domain_extensions = [".com",".net",".org",".uk",".fr",".de",".ch",".info",".nu",".mu",".io","facebook.com","twitter.com"]
 function has_domain(s)
 	{
 	for (var i in domain_extensions)
@@ -75,9 +75,9 @@ function linkify(s)
 	{
 	var link = '';
 	var punctuation = '';
-    var end = s.length-1;
+	var end = s.length-1;
 
-    // strip the terminal punctuation mark if it's a period or comma
+	// strip the terminal punctuation mark if it's a period or comma
 	if (s.indexOf(".", end) === end || s.indexOf(",", end) === end)
 		{
 		punctuation = s.substr(end, 1);
@@ -91,26 +91,26 @@ function linkify(s)
 			uname = partz[partz.length-1];
 		else if (parts[-2].length)
 			uname = partz[partz.length-2];
-		link = '<a href="' + s + '" target="_blank">@' + uname + '</a>';
+		link = '<a href="https://twitter.com/' + uname + '" target="_blank">@' + uname + '</a>';
 		}
 	else
 		{
 		// link = s.replace(URLregexp,"<a href='$1$2$3$4$5' target='_blank'>[$3]</a>");
-        var match = URLregexp.exec(s);
-        if (match && match.length == 6)
-            {
-            var url = match[0] || "";
-            var http = match[1] || "";
-            var www = match[2] || "";
-            var domain = match[3] || "";
-            var slash = match[4] || "";
-            var uri = match[5] ?  match[5].replace(/\/?index.html$/, "") : "";
-            link = '<a href="' + url + '" target="_blank">[' + domain + ']</a>';
-            }
-        else
-            {
-            link = s.replace(URLregexp,"<a href='$1$2$3$4$5' target='_blank'>[$3]</a>");
-            }
+		var match = URLregexp.exec(s);
+		if (match && match.length == 6)
+			{
+			var url = match[0] || "";
+			var http = match[1] || "";
+			var www = match[2] || "";
+			var domain = match[3] || "";
+			var slash = match[4] || "";
+			var uri = match[5] ?  match[5].replace(/\/?index.html$/, "") : "";
+			link = '<a href="' + url + '" target="_blank">[' + domain + ']</a>';
+			}
+		else
+			{
+			link = s.replace(URLregexp,"<a href='$1$2$3$4$5' target='_blank'>[$3]</a>");
+			}
 		}
 	return link + punctuation;
 	}
@@ -118,21 +118,21 @@ var URL =
 	{
 	auth:
 		{
-		login: "/cgi-bin/auth/login.cgi",
-		logout: "/cgi-bin/auth/logout.cgi",
+		login: "/login",
+		logout: "/logout",
 		},
 	party:
 		{
-		list: "/cgi-bin/party/list.cgi",
-		view: "/cgi-bin/party/view.cgi",
-		edit: "/cgi-bin/party/edit.cgi",
+		list: "/api/party/list",
+		view: "/api/party/view",
+		edit: "/api/party/edit",
 		},
 	user:
 		{
-		all: "/cgi-bin/user/all.cgi",
-		view: "/cgi-bin/user/view.cgi",
-		edit: "/cgi-bin/user/edit.cgi",
-		deleter: "/cgi-bin/user/delete.cgi",
+		all: "/api/user/all",
+		view: "/api/user/view",
+		edit: "/api/user/edit",
+		destroy: "/api/user/destroy",
 		},
 	};
 var Party =
@@ -194,7 +194,7 @@ var Party =
 		$('#userEditContainer').hide()
 		$('#partyEditContainer').hide()
 		$('#userListContainer').fadeOut(200)
-		$.get(URL.party.view,{'id':id},Party.viewCallback)
+		$.get(URL.party.view, {'id':id}, Party.viewCallback)
 		},
 	viewCallback: function (raw)
 		{
@@ -352,7 +352,7 @@ var Users =
 	userlist: {},
 	hovering: true,
 	current: false,
-        allCount: 0,
+		allCount: 0,
 	userListIndex: [],
 	currentIdx: -1,
 	all: function ()
@@ -373,7 +373,7 @@ var Users =
 			return
 			}
 		var partyUserList = [];
-        var guestHosts = [];
+		var guestHosts = [];
 		var editable = [];
 		var firstletter = "A";
 		Users.allCount = 0;
@@ -392,9 +392,9 @@ var Users =
 
 			var a = fields[2].substr(0,1)
 			var li = "li id='r-"+Users.allCount+"'"
-            var userRow = "";
-            var editSpan = "";
-            
+			var userRow = "";
+			var editSpan = "";
+			
 			if (firstletter !== a)
 				{
 				firstletter = a
@@ -407,34 +407,34 @@ var Users =
 				editable.push(fields[0]);
 				}
 
-            switch (fields[1]) {
-                case '2': // host
-                    userRow = "<"+li+"><span class='view' id='user-"+fields[0]+"'>"+fields[2]+" *</span>" + editSpan + "</li>";
-                    break;
-                case '1': // guest host
-                    userRow = "<"+li+"><span class='view' id='user-"+fields[0]+"'>"+fields[2]+" *</span>" + editSpan + "</li>";
-                    guestHosts.push(userRow);
-                    Users.userListIndex.unshift('user-'+fields[0]);
-                    Users.allCount += 1;
+			switch (fields[1]) {
+				case '2': // host
+					userRow = "<"+li+"><span class='view' id='user-"+fields[0]+"'>"+fields[2]+" *</span>" + editSpan + "</li>";
+					break;
+				case '1': // guest host
+					userRow = "<"+li+"><span class='view' id='user-"+fields[0]+"'>"+fields[2]+" *</span>" + editSpan + "</li>";
+					guestHosts.push(userRow);
+					Users.userListIndex.unshift('user-'+fields[0]);
+					Users.allCount += 1;
 
-                    break;
-                default:  // guest
-                    userRow = "<"+li+"><span class='view' id='user-"+fields[0]+"'>"+fields[2]+"</span>" + editSpan + "</li>";
-            }
+					break;
+				default:  // guest
+					userRow = "<"+li+"><span class='view' id='user-"+fields[0]+"'>"+fields[2]+"</span>" + editSpan + "</li>";
+			}
 
-            partyUserList.push(userRow);
+			partyUserList.push(userRow);
 			Users.userlist['user-'+fields[0]] = fields;
 			Users.userListIndex.push('user-'+fields[0]);
 			Users.allCount += 1;
 			}
 		$('#partyLocation').html("");
 
-        var guestHostHeader = "<li class='hostlist'>Guest Hosts</li>";
-        var guestListHeader = "<li class='br'></li><li class='hostlist'>Guest List</li>";
-        for (var i in guestHosts)
-            guestHosts[i] = guestHosts[i].replace("class='br'","").replace("*","");
-        // console.log(guestHosts);
-        // guestHosts[guestHosts.length-1] = guestHosts[guestHosts.length-1].replace("<li", "<li class='br'");
+		var guestHostHeader = "<li class='hostlist'>Guest Hosts</li>";
+		var guestListHeader = "<li class='br'></li><li class='hostlist'>Guest List</li>";
+		for (var i in guestHosts)
+			guestHosts[i] = guestHosts[i].replace("class='br'","").replace("*","");
+		// console.log(guestHosts);
+		// guestHosts[guestHosts.length-1] = guestHosts[guestHosts.length-1].replace("<li", "<li class='br'");
 
 		$('#userList').html(guestHostHeader + guestHosts.join("") + guestListHeader + partyUserList.join(""));
 		$('#user-add').hide();
@@ -678,7 +678,7 @@ var Users =
 		var name = $('#user-name').val()
 		var r = confirm("ARE YOU SURE YOU WANT TO DELETE " + name + "?")
 		if (r)
-			$.post(URL.user.deleter, {'id':id}, Users.deleteClickCallback)
+			$.post(URL.user.destroy, {'id':id}, Users.deleteClickCallback)
 		},
 	deleteClickCallback: function ()
 		{
@@ -802,7 +802,7 @@ var Auth =
 	hosts: {},
 	init: function ()
 		{
-		if (document.cookie.indexOf("_protocols") !== -1)
+		if (document.cookie.indexOf("sid.protocols") !== -1)
 			{
 			warn('got cookie')
 			$.post(URL.auth.login, {}, Auth.loginCallback)
@@ -845,19 +845,11 @@ var Auth =
 		$('#login-password').val(''),
 		$.post(URL.auth.login, data, Auth.loginCallback)
 		},
-	loginCallback: function (raw)
+	loginCallback: function (json)
 		{
 		Main.saving = false
-		var lines = raw.split("\n")
-		if (lines.shift() !== API_MAGIC)
-			{
-			if (! Auth.loginPrompt)
-				Auth.load()
-			warn("bad api: login")
-			return
-			}
-		var result = lines.shift().split("\t")
-		if (result[0] === '0')
+
+		if (json.error)
 			{
 			if (! Auth.loginPrompt)
 				Auth.load()
@@ -867,28 +859,28 @@ var Auth =
 			}
 
 		// 0 id  1 name  2 firstname  3 email  4 access
-		var name = result[1].split(' ')[0] || result[1].split('@')[0]
+		var user = Auth.user = json.user
+		
+		var name = user.name.split(' ')[0] || user.email.split('@')[0]
 		warn( "Logged in! Hello "+name )
-		Auth.userID = result[0]
-		Auth.isHost = result[4] == 2 ? true : false;
-		Auth.name = result[1]
-		Auth.firstName = result[2]
+		Auth.userID = user.id
+		Auth.isHost = user.access == 2 ? true : false;
+		Auth.name = user.name
+		Auth.firstName = name
 
 		$('#profile-edit').html(Auth.firstName + "!")
 		$('#logout').click( Auth.logout )
 
 		var hostSelect = ""
-		for (i in lines)
-			{
-			if (! lines[i])
-				continue
-			var host = lines[i].split("\t")
-			if (host[0] === Auth.userID)
-				hostSelect += "<option value='"+host[0]+"' selected='1'>"+host[1]+"</option>"
+		Auth.hosts = {}
+		json.hosts.forEach(function(host){
+			if (host.id === Auth.userID)
+				hostSelect += "<option value='"+host.id+"' selected='1'>"+host.name+"</option>"
 			else
-				hostSelect += "<option value='"+host[0]+"'>"+host[1]+"</option>"
-			Auth.hosts[host[0]] = host[1]
-			}
+				hostSelect += "<option value='"+host.id+"'>"+host.name+"</option>"
+			Auth.hosts[ host.id ] = host.name
+		})
+
 		$("#user-host").html(hostSelect)
 		
 		Auth.unload()
@@ -896,7 +888,7 @@ var Auth =
 	logout: function ()
 		{
 		warn("logging out")
-		document.cookie = '_protocols=LOGGEDOUT; expires=Mon, 1 Jan 2001 12:00:00 UTC; path=/'
+		document.cookie = 'sid.protocols=LOGGEDOUT; expires=Mon, 1 Jan 2001 12:00:00 UTC; path=/'
 		Main.unload()
 		},
 	};
diff --git a/server/api/party.js b/server/api/party.js
index e0a9a22..53a0d32 100644
--- a/server/api/party.js
+++ b/server/api/party.js
@@ -1,8 +1,23 @@
+var _ = require('lodash'),
+    User = require('../models/User'),
+    Party = require('../models/Party'),
+    UserParty = require('../models/UserParty');
+
 module.exports = {
 	list: function (req, res) {
+		Party.all().success(function(parties){
+			res.json(parties)
+		})
 	},
 	
 	view: function (req, res) {
+		var party_id = res.body.party_id
+		UserParty.findAll({ where: { party_id: party_id } }).success(function(parties){
+			var user_ids = _.pluck(parties, user_id)
+			User.findAll({ where: { id: user_ids } }).success(function(users){
+				res.json(users)
+			})
+		})
 	},
 	
 	edit: function (req, res) {
diff --git a/server/api/user.js b/server/api/user.js
index b47d31a..49f70ff 100644
--- a/server/api/user.js
+++ b/server/api/user.js
@@ -1,5 +1,13 @@
+var _ = require('lodash'),
+    User = require('../models/User'),
+    Party = require('../models/Party'),
+    UserParty = require('../models/UserParty');
+
 module.exports = {
 	all: function (req, res) {
+		User.all().success(function(users){
+			res.json(users)
+		})
 	},
 	
 	view: function (req, res) {
@@ -9,5 +17,11 @@ module.exports = {
 	},
 
 	destroy: function (req, res) {
+		var id = req.body.id
+		if (! id) return res.status(500)
+		
+		User.destroy({id: id}).success(function(affectedRows) {
+			res.json({ status: 'ok' })
+		})
 	}
 }
diff --git a/server/auth/index.js b/server/auth/index.js
index 37b023f..b15094d 100644
--- a/server/auth/index.js
+++ b/server/auth/index.js
@@ -12,27 +12,31 @@ var auth = {
 	guestUser: {
 		id: "guest",
 		username: "guest",
+		access: 0,
 	},
 
 	init: function () { 
 		passport.serializeUser(auth.serializeUser);
 		passport.deserializeUser(auth.deserializeUser);
-		
 		passport.use(new LocalStrategy(auth.verifyLocalUser))
 	},
 
 	login: function (req, res, next) {
 		passport.authenticate("local", function(err, user, info){
-			if (err) {
+			if (err || ! user) {
 				return res.json({ error: err });
 			}
-			if (! user) {
-				return info ? res.json(info) : res.redirect("/login");
-			}
 			
 			req.logIn(user, function(err) {
 				if (err) { return next(err); }
-				return res.json({ status: "OK", user: user, returnTo: returnTo || "/profile" })
+				User.findAll({ where: { access: 2 }, attributes: ['id','name'] }).success(function(hosts){
+					return res.json({
+						status: "OK",
+						user: user,
+						hosts: hosts,
+						returnTo: returnTo || "/profile"
+					})
+				})
 			});
 		})(req, res, next);
 	},
@@ -58,7 +62,6 @@ var auth = {
 	verifyLocalUser: function (username, password, done) {
 		if (username == "protocolsnyc" && password == "madhousenyc") {
 			return done(null, auth.guestUser)
-			return
 		}
 		User.findByUsername(username, function(err, user){
 			if (err) { return done(err); }
diff --git a/server/index.js b/server/index.js
index 42092f6..105e4ee 100644
--- a/server/index.js
+++ b/server/index.js
@@ -61,16 +61,16 @@ site.setup = function(){
   app.use(bodyParser());
   app.use(multer());
   app.use(express.query());
-  app.use(csurf);
+//  app.use(csurf);
   app.use(methodOverride());
-//   app.use(passport.initialize());
-//   app.use(passport.session());
+  app.use(passport.initialize());
+  app.use(passport.session());
   app.enable('trust proxy')
   app.get('env') === 'development' && app.use(errorHandler());
 
   // Essential middleware
   // app.all('*', middleware.enableCORS);
-  app.all('*', middleware.ensureLocals);
+  // app.all('*', middleware.ensureLocals);
 
   server = http.createServer(app)
   server.listen(app.get('port'), function () {
diff --git a/server/middleware.js b/server/middleware.js
index a834822..67fb732 100644
--- a/server/middleware.js
+++ b/server/middleware.js
@@ -1,21 +1,7 @@
 
 /* jshint node: true */
 
-var passport = require('passport'),
-	_ = require('lodash'),
-	config = require('../config.json');
-
-
 var middleware = {
-
-	enableCORS: function (req, res, next) {
-		res.header('Access-Control-Allow-Credentials', true);
-		// TODO Check https vs. http
-		res.header('Access-Control-Allow-Origin', '*');
-		res.header('Access-Control-Allow-Headers', 'X-Requested-With');
-		next();
-	},
-
 	ensureAuthenticated: function (req, res, next) {
 		if (! req.isAuthenticated()) {
 			req.session.returnTo = req.path;
@@ -23,24 +9,6 @@ var middleware = {
 		}
 		next();
 	},
-
-	ensureIsStaff: function (req, res, next) {
-		if (! req.user.isStaff) {
-			return res.redirect('http://' + config.host + '/');
-		}
-		next();
-	},
-
-	ensureLocals: function (req, res, next) {
-		res.locals.token = req.csrfToken();
-		res.locals.logged_in = req.isAuthenticated()
-		res.locals.user = req.user || {}
-		res.locals.config = config
-		res.locals.profile = null
-		res.locals.opt = {}
-		next()
-	},
-
 }
 
 module.exports = middleware
-- 
cgit v1.2.3-70-g09d2