diff --git a/app/assets/javascripts/backbone/models/artist.js.coffee b/app/assets/javascripts/backbone/models/artist.js.coffee index ecdf6f8..28a106a 100644 --- a/app/assets/javascripts/backbone/models/artist.js.coffee +++ b/app/assets/javascripts/backbone/models/artist.js.coffee @@ -1,2 +1,2 @@ -class BeatHaven.Models.Artist extends Backbone.Model +class BeatHaven.Models.Artist extends BeatHaven.Modules.ProtectedModel urlRoot: "/api/artists" diff --git a/app/assets/javascripts/backbone/models/user.js.coffee b/app/assets/javascripts/backbone/models/user.js.coffee index 35fbc2e..2f66f45 100644 --- a/app/assets/javascripts/backbone/models/user.js.coffee +++ b/app/assets/javascripts/backbone/models/user.js.coffee @@ -2,7 +2,7 @@ class BeatHaven.Models.User extends Backbone.Model auth: -> BH.log "Authenticating user ..." - this.query "/api/session/auth", {}, (response) -> + this.query "/api/session/auth", { user: @.get("vk_session")["user"] }, (response) -> if response.error? # report error else @@ -12,11 +12,20 @@ class BeatHaven.Models.User extends Backbone.Model # BH.VK.set_favorites() query: (path, params, callback) -> - query_params = $.extend {}, @.get("vk_session"), params + query_params = $.extend {}, @auth_params(), params query_params.authenticity_token = $('meta[name="csrf-token"]').attr("content") - $.post path, query_params, callback + $.get path, query_params, callback false + auth_params: -> + params = @.get("vk_session") + vk_auth: + expire: params["expire"] + mid: params["mid"] + secret: params["secret"] + sid: params["sid"] + sig: params["sig"] + set_favorites: (tracks) -> BH.log tracks BH.log "Sending your Vkontakte media collection to BeatHaven ..." diff --git a/app/assets/javascripts/backbone/modules/protected_model.js.coffee b/app/assets/javascripts/backbone/modules/protected_model.js.coffee new file mode 100644 index 0000000..25b8721 --- /dev/null +++ b/app/assets/javascripts/backbone/modules/protected_model.js.coffee @@ -0,0 +1,12 @@ +class BeatHaven.Modules.ProtectedModel extends Backbone.Model + + fetch: (options) -> + options = options ? _.clone(options) : {} + model = this + success = options.success + options.success = (resp, status, xhr) -> + if (!model.set(model.parse(resp, xhr), options)) return false; + if (success) success(model, resp); + }; + options.error = Backbone.wrapError(options.error, model, options); + return (this.sync || Backbone.sync).call(this, 'read', this, options); diff --git a/app/controllers/api/albums_controller.rb b/app/controllers/api/albums_controller.rb index 45f1a40..64c4cb5 100644 --- a/app/controllers/api/albums_controller.rb +++ b/app/controllers/api/albums_controller.rb @@ -1,13 +1,16 @@ module Api class AlbumsController < BaseController + before_filter :validate_request! + def picture album = Album.find(params[:id]) - redirect_to album.load_pic + redirect_to album.update_image.sized(:extralarge) end def show @album = Album.find(params[:id]) return render json: { fail: true } if @album.nil? end + end end diff --git a/app/controllers/api/artists_controller.rb b/app/controllers/api/artists_controller.rb index 30073ad..d854856 100644 --- a/app/controllers/api/artists_controller.rb +++ b/app/controllers/api/artists_controller.rb @@ -1,8 +1,11 @@ module Api class ArtistsController < BaseController + before_filter :validate_request! + def show @artist = Artist.with_name(params[:id].gsub("+", " ")) return render json: { fail: true } if @artist.nil? end + end end diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index 97784c8..46d22d4 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -1,5 +1,27 @@ module Api class BaseController < ::ApplicationController respond_to :json + + private + + def validate_request! + @user = nil + render json: { error: "Signature verification failed!" } unless request_valid? + + @user = User.find_by_vk_id(params[:vk_auth][:mid]) + end + + def request_valid? + %w[ expire mid secret sid sig ].each do |key| + raise "Parameter not set: #{key} (VK auth)" if params[:vk_auth][key].nil? + end + + validation_string = %w[ expire mid secret sid ].map{ |key| + "#{key}=#{params[:vk_auth][key]}" + }.join() << BeatHaven::Application.config.api_accounts["vk"]["api_secret"] + + params[:vk_auth][:sig] == Digest::MD5.hexdigest(validation_string) + end + end end diff --git a/app/controllers/api/search_controller.rb b/app/controllers/api/search_controller.rb index 89db91a..ae9385f 100644 --- a/app/controllers/api/search_controller.rb +++ b/app/controllers/api/search_controller.rb @@ -1,5 +1,7 @@ module Api class SearchController < BaseController + before_filter :validate_request! + def complete return render json: { suggestions: [] } if params[:query].to_s.length == 0 @@ -31,5 +33,6 @@ module Api render json: { found: nil } end + end end diff --git a/app/controllers/api/session_controller.rb b/app/controllers/api/session_controller.rb index 35f35ef..5785f9f 100644 --- a/app/controllers/api/session_controller.rb +++ b/app/controllers/api/session_controller.rb @@ -1,35 +1,19 @@ module Api class SessionController < BaseController + before_filter :validate_request! def auth - render json: { error: "Signature verification failed!" } unless request_valid? - user_name = "#{params[:user][:first_name]} #{params[:user][:last_name]}" - user = User.find_by_vk_id(params[:mid].to_i) is_newbie = false - if user.nil? - user = User.create(name: user_name, vk_id: params[:mid].to_i) + if @user.nil? + @user = User.create(name: user_name, vk_id: params[:vk_auth][:mid].to_i) is_newbie = true - elsif user.name != user_name - user.update_attributes(name: user_name) + elsif @user.name != user_name + @user.update_attributes(name: user_name) end - render json: { user: user.dump_json, is_newbie: is_newbie } - end - - private - - def request_valid? - %w[ expire mid secret sid sig ].map(&:to_sym).each do |key| - raise "Parameter not set: #{key}" if params[key].nil? - end - - validation_string = %w[ expire mid secret sid ].map{ |key| - "#{key}=#{params[key.to_sym]}" - }.join() << BeatHaven::Application.config.api_accounts["vk"]["api_secret"] - - params[:sig] == Digest::MD5.hexdigest(validation_string) + render json: { user: @user.dump_json, is_newbie: is_newbie } end end diff --git a/app/models/album.rb b/app/models/album.rb index c922d3f..3fc9904 100644 --- a/app/models/album.rb +++ b/app/models/album.rb @@ -17,8 +17,8 @@ class Album < ActiveRecord::Base VA = "Various Artists" def pic_safe - unless pic.nil? - pic + unless image.nil? + image.sized(:extralarge) else "/api/albums/#{id}/picture" end diff --git a/app/models/artist.rb b/app/models/artist.rb index f8e59e8..91c7e84 100644 --- a/app/models/artist.rb +++ b/app/models/artist.rb @@ -14,7 +14,7 @@ class Artist < ActiveRecord::Base } def loaded? - image? && bio? + true end def update_image diff --git a/app/views/api/artists/show.json.jbuilder b/app/views/api/artists/show.json.jbuilder index 5de588c..dbb78f6 100644 --- a/app/views/api/artists/show.json.jbuilder +++ b/app/views/api/artists/show.json.jbuilder @@ -1,6 +1,6 @@ json.artist_title @artist.name -json.artist_pic @artist.pic -json.artist_bio @artist.bio +json.artist_pic @artist.image.sized(:extralarge) +json.artist_bio @artist.bio(@user.lang || "en") json.artist_loaded @artist.loaded? json.artist_url @artist.url json.artist_albums @artist.albums.shown.to_a do |json, album| diff --git a/config/routes.rb b/config/routes.rb index 6e673f0..7cc6508 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -8,7 +8,7 @@ BeatHaven::Application.routes.draw do collection { get :complete; get :wtfis } end resources :session, only: [] do - collection { post :auth } + collection { get :auth } end end