X-Git-Url: https://git-public.kairo.at/?p=lantea.git;a=blobdiff_plain;f=js%2Fui.js;h=a44a4625ee1f9b8ae1e64213795da61642d637a2;hp=e1f2a55631849ffa2629483ebae1d8ca817215a4;hb=6201b11296e29c248fcdd84c5f3237754fd98b60;hpb=026c4f465e64e898d04d6394672a11cff4f1b7ab

diff --git a/js/ui.js b/js/ui.js
index e1f2a55..a44a462 100644
--- a/js/ui.js
+++ b/js/ui.js
@@ -12,9 +12,22 @@ var gUIHideCountdown = 0;
 var gWaitCounter = 0;
 var gTrackUpdateInterval;
 var gAction, gActionLabel;
-var gOSMAPIURL = "http://api.openstreetmap.org/";
+var gBackendURL = "https://backend.lantea.kairo.at";
+var gAuthClientID = "lantea";
+var gOSMAPIURL = "https://api.openstreetmap.org/";
+var gOSMOAuthData = {
+    oauth_consumer_key: "6jjWwlbhGqyYeCdlFE1lTGG6IRGOv1yKpFxkcq2z",
+    oauth_secret: "A21gUeDM6mdoQgbA9uF7zJ13sbUQrNG7QQ4oSrKA",
+    url: "https://www.openstreetmap.org",
+    landing: "auth-done.html",
+}
 
 window.onload = function() {
+  if (/\/login\.html/.test(window.location)) {
+    // If we are in the login window, call a function to complete the process and don't do anything else here.
+    completeLoginWindow();
+    return;
+  }
   gAction = document.getElementById("action");
   gActionLabel = document.getElementById("actionlabel");
 
@@ -48,10 +61,29 @@ window.onload = function() {
     document.getElementById("saveTrackButton").classList.add("debugHide");
   }
 
-  // Without OAuth, the login data is useless
-  //document.getElementById("uploadSettingsArea").classList.remove("debugHide");
-  // As login data is useless for now, always enable upload button
-  document.getElementById("uploadTrackButton").disabled = false;
+  // Set backend URL in a way that it works for testing on localhost as well as
+  // both the lantea.kairo.at and lantea-dev.kairo.at deployments.
+  if (window.location.host == "localhost") {
+    gBackendURL = window.location.protocol + '//' + window.location.host + "/lantea-backend/";
+  }
+  else {
+    gBackendURL = window.location.protocol + '//' + "backend." + window.location.host + "/";
+  }
+  // Make sure to use a different login client ID for the -dev setup.
+  if (/\-dev\./.test(window.location.host)) {
+    gAuthClientID += "-dev";
+  }
+
+  // Set up the login area.
+  document.getElementById("loginbtn").onclick = startLogin;
+  document.getElementById("logoutbtn").onclick = doLogout;
+  prepareLoginButton(function() {
+    // Anything that needs the backend should only be triggered from in here.
+    // That makes sure that the first call the the backend is oauth_state and no other is running in parallel.
+    // If we call multiple backend methods at once and no session is open, we create multiple sessions, which calls for confusion later on.
+
+    // Call any UI preparation that needs the backend.
+  });
 
   if (gDebug) {
     // Note that GPX upload returns an error 500 on the dev API right now.
@@ -91,6 +123,114 @@ window.onresize = function() {
   gMap.resizeAndDraw();
 }
 
+function startLogin() {
+  var authURL = authData["url"] + "authorize?response_type=code&client_id=" + gAuthClientID + "&scope=email" +
+                "&state=" + authData["state"] + "&redirect_uri=" + encodeURIComponent(getRedirectURI());
+  if (window.open(authURL, "KaiRoAuth", 'height=450,width=600')) {
+    console.log("Sign In window open.");
+  }
+  else {
+    console.log("Opening Sign In window failed.");
+  }
+}
+
+function getRedirectURI() {
+  return window.location.protocol + '//' + window.location.host + window.location.pathname.replace("index.html", "") + "login.html";
+}
+
+function doLogout() {
+  fetchBackend("logout", "GET", null,
+     function(aResult, aStatus) {
+        if (aStatus < 400) {
+          prepareLoginButton();
+        }
+        else {
+          console.log("Backend issue trying to log out.");
+        }
+      },
+      {}
+  );
+}
+
+function prepareLoginButton(aCallback) {
+  fetchBackend("oauth_state", "GET", null,
+      function(aResult, aStatus) {
+        if (aStatus == 200) {
+          if (aResult["logged_in"]) {
+            userData = {
+              "email": aResult["email"],
+              "permissions": aResult["permissions"],
+            };
+            authData = null;
+            displayLogin();
+          }
+          else {
+            authData = {"state": aResult["state"], "url": aResult["url"]};
+            userData = null;
+            displayLogout();
+          }
+        }
+        else {
+          console.log("Backend error " + aStatus + " fetching OAuth state: " + aResult["message"]);
+        }
+        if (aCallback) { aCallback(); }
+      },
+      {}
+  );
+}
+
+function completeLoginWindow() {
+  if (window.opener) {
+    window.opener.finishLogin(getParameterByName("code"), getParameterByName("state"));
+    window.close();
+  }
+  else {
+    document.getElementById("logininfo").textContent = "You have called this document outside of the login flow, which is not supported.";
+  }
+}
+
+function finishLogin(aCode, aState) {
+  if (aState == authData["state"]) {
+    fetchBackend("login?code=" + aCode + "&state=" + aState + "&redirect_uri=" + encodeURIComponent(getRedirectURI()), "GET", null,
+        function(aResult, aStatus) {
+          if (aStatus == 200) {
+            userData = {
+              "email": aResult["email"],
+              "permissions": aResult["permissions"],
+            };
+            displayLogin();
+          }
+          else {
+            console.log("Login error " + aStatus + ": " + aResult["message"]);
+            prepareLoginButton();
+          }
+        },
+        {}
+    );
+  }
+  else {
+    console.log("Login state did not match, not continuing with login.");
+  }
+}
+
+function displayLogin() {
+  document.getElementById("loginbtn").classList.add("hidden");
+  document.getElementById("logindesc").classList.add("hidden");
+  document.getElementById("username").classList.remove("hidden");
+  document.getElementById("username").textContent = userData.email;
+  document.getElementById("uploadTrackButton").disabled = false;
+  document.getElementById("logoutbtn").classList.remove("hidden");
+}
+
+function displayLogout() {
+  document.getElementById("logoutbtn").classList.add("hidden");
+  document.getElementById("username").classList.add("hidden");
+  document.getElementById("username").textContent = "";
+  document.getElementById("uploadTrackButton").disabled = true;
+  document.getElementById("loginbtn").classList.remove("hidden");
+  document.getElementById("logindesc").classList.remove("hidden");
+}
+
 function initDB(aEvent) {
   // Open DB.
   if (aEvent)
@@ -215,7 +355,7 @@ function toggleFullscreen() {
 }
 
 function showUploadDialog() {
-  var dia = document.getElementById("dialogArea");
+  var dia = document.getElementById("trackDialogArea");
   var areas = dia.children;
   for (var i = 0; i <= areas.length - 1; i++) {
     areas[i].style.display = "none";
@@ -235,8 +375,8 @@ function showGLWarningDialog() {
   dia.classList.remove("hidden");
 }
 
-function cancelDialog() {
-  document.getElementById("dialogArea").classList.add("hidden");
+function cancelTrackDialog() {
+  document.getElementById("trackDialogArea").classList.add("hidden");
   document.getElementById("uploadTrackButton").disabled = false;
 }
 
@@ -336,7 +476,7 @@ function saveTrackDump() {
 
 function uploadTrack() {
   // Hide all areas in the dialog.
-  var dia = document.getElementById("dialogArea");
+  var dia = document.getElementById("trackDialogArea");
   var areas = dia.children;
   for (var i = 0; i <= areas.length - 1; i++) {
     areas[i].style.display = "none";
@@ -351,59 +491,26 @@ function uploadTrack() {
   // Now show the status area.
   document.getElementById("uploadStatus").style.display = "block";
 
-  // See http://wiki.openstreetmap.org/wiki/Api06#Uploading_traces
-  var trackBlob = new Blob([convertTrack("gpx")],
-                           { "type" : "application/gpx+xml" });
+  // Assemble field to post to the backend.
   var formData = new FormData();
-  formData.append("file", trackBlob);
+  formData.append("jsondata", convertTrack("json"));
   var desc = document.getElementById("uploadDesc").value;
-  formData.append("description",
+  formData.append("comment",
                   desc.length ? desc : "Track recorded via Lantea Maps");
-  //formData.append("tags", "");
-  formData.append("visibility",
-                  document.getElementById("uploadVisibility").value);
-  // Do an empty POST request first, so that we don't send everything,
-  // then ask for credentials, and then send again.
-  var hXHR = new XMLHttpRequest();
-  hXHR.onreadystatechange = function() {
-    if (hXHR.readyState == 4 && (hXHR.status == 200 || hXHR.status == 400)) {
-      // 400 is Bad Request, but that's expected as this was empty.
-      // So far so good, init actual upload.
-      var XHR = new XMLHttpRequest();
-      XHR.onreadystatechange = function() {
-        if (XHR.readyState == 4 && XHR.status == 200) {
-          // Everthing looks fine.
-          reportUploadStatus(true);
-        } else if (XHR.readyState == 4 && XHR.status != 200) {
-          // Fetched the wrong page or network error...
-          reportUploadStatus(false);
-        }
-      };
-      XHR.open("POST", gOSMAPIURL + "api/0.6/gpx/create", true);
-      // Cross-Origin XHR doesn't allow username/password (HTTP Auth).
-      // So, we'll ask the user for entering credentials with rather ugly UI.
-      XHR.withCredentials = true;
-      try {
-        XHR.send(formData); // Send actual form data.
+  //formData.append("devicename", "");
+  formData.append("public",
+                  document.getElementById("uploadPublic").value);
+
+  fetchBackend("save_track", "POST", formData,
+    function(aResult, aStatusCode) {
+      if (aStatusCode >= 400) {
+        reportUploadStatus(false, aResult);
       }
-      catch (e) {
-        reportUploadStatus(false, e);
+      else {
+        reportUploadStatus(true);
       }
-    } else if (hXHR.readyState == 4 && hXHR.status != 200) {
-      // Fetched the wrong page or network error...
-      reportUploadStatus(false);
     }
-  };
-  hXHR.open("POST", gOSMAPIURL + "api/0.6/gpx/create", true);
-  // Cross-Origin XHR doesn't allow username/password (HTTP Auth).
-  // So, we'll ask the user for entering credentials with rather ugly UI.
-  hXHR.withCredentials = true;
-  try {
-    hXHR.send(); // Empty request, see above.
-  }
-  catch (e) {
-    reportUploadStatus(false, e);
-  }
+  );
 }
 
 function reportUploadStatus(aSuccess, aMessage) {
@@ -557,3 +664,38 @@ var gTrackStore = {
     }
   }
 };
+
+function fetchBackend(aEndpoint, aMethod, aSendData, aCallback, aCallbackForwards) {
+  var XHR = new XMLHttpRequest();
+  XHR.onreadystatechange = function() {
+    if (XHR.readyState == 4) {
+      // State says we are fully loaded.
+      var result = {};
+      if (XHR.getResponseHeader("Content-Type") == "application/json") {
+        // Got a JSON object, see if we have success.
+        result = JSON.parse(XHR.responseText);
+      }
+      else {
+        result = XHR.responseText;
+      }
+      aCallback(result, XHR.status, aCallbackForwards);
+    }
+  };
+  XHR.open(aMethod, gBackendURL + aEndpoint, true);
+  XHR.withCredentials = "true";
+  //XHR.setRequestHeader("Accept", "application/json");
+  try {
+    XHR.send(aSendData); // Send actual form data.
+  }
+  catch (e) {
+    aCallback(e, 500, aCallbackForwards);
+  }
+}
+
+function getParameterByName(aName) {
+  // from http://stackoverflow.com/questions/901115/how-can-i-get-query-string-values-in-javascript
+  name = aName.replace(/[\[]/, "\\[").replace(/[\]]/, "\\]");
+  var regex = new RegExp("[\\?&]" + name + "=([^&#]*)"),
+      results = regex.exec(location.search);
+  return results === null ? "" : decodeURIComponent(results[1].replace(/\+/g, " "));
+}