package Reporter::Routes;
use Dancer2;
use Dancer2::Plugin::Deferred;
use Dancer2::Plugin::Auth::Extensible;
# 'p' generates error (maybe conflict with DPP from another place?)
use Data::Printer alias => 'ddp';
use Reporter;
# use Reporter::Routes::AJAX; # not using - psgi can't find its route
# use Reporter::Routes::Test; # do we need this?
=begin # seems to work the same setting $Local::QueryLogger::CurrentUsername directly
use Tie::RefHash::Weak;
use Scope::Guard qw(guard);
{
tie my %refhash, 'Tie::RefHash::Weak';
sub set_username {
my ($request, $username) = @_; # ddp $request; ddp $username;
$refhash{$request} = guard { undef $Local::QueryLogger::CurrentUsername };
$Local::QueryLogger::CurrentUsername = $username;
return;
}
}
=cut
# ddp \%ENV;
set auto_page => 1; # eg /login, /denied (DPAE)
# disable sql_trace if test script (needs explicit export SQL_TRACE=1 if req'd):
set enable_sql_trace => 0 if $ENV{HARNESS_VERSION}; # ddp $ENV{HARNESS_VERSION};
# app, contains model & db classes:
my $app = Reporter->new( config => config() );
sub flash { deferred @_ } # to use old term flash instead of deferred
hook before => sub {
# discard old db connection if mysql has gone away since last request:
$app->check_db_connection; # Local::DB - creates new DBIx::Simple object on demand
# sql query output to stdout:
$app->enable_sql_trace if setting('enable_sql_trace'); # development env
# all routes need login (except /login):
my $session = session('user_profile'); # ddp $session; # beware auto-vivification here
unless ( $session ) {
redirect '/login' unless request->path_info =~ m!^/login!;
}
# set_username(request(), $session->{username}); # works the same setting directly:
$Local::QueryLogger::CurrentUsername = $session->{username};
};
hook before_template_render => sub { # do NOT use 'var' in here or 500.tt fails
my $tokens = shift;
$tokens->{app_version} = $app->version; # warn $app->version;
$tokens->{symbolise} = sub { $app->symbolise(@_) };
if ( session->read('logged_in_user_realm') ) { # fatal if called before login
$tokens->{user_roles} = user_roles; # ddp user_roles; # DPAE
}
};
# fix for broken 500.tt rendering if use of 'var' in before_template_render() :
# hook on_route_exception => sub { send_error($_[1]) }; # err msg available in [% content %]
# default route:
get '/' => sub {
my $page = param('page') || 1;
# get list of reported requests for this user:
my $user = session('user_profile'); # ddp $user;
my %args = (
user_id => $user->{id},
page => $page,
uri => uri_for('/'),
);
my $data = $app->model->get_reports_for_user(\%args);
template load => { data => $data };
};
# submitted user credentials:
post '/login' => sub {
my $params = params; # ddp $params;
# validate username/password
if ( my $user = $app->model->authenticate_user($params) ) { # ddp $user;
session user_profile => $user;
my @user_details = ( $user->{username}, $user->{password} );
# authenticate using DPAE authenticate_user() method:
my ($success, $realm) = authenticate_user(@user_details); # ddp $success; ddp $realm;
if ($success) { # ddp $realm; # for DPAE:
session logged_in_user => $user->{username};
session logged_in_user_realm => $realm;
}
redirect '/';
}
else {
my $failed_logins = session('failed_logins') || 0;
session failed_logins => $failed_logins + 1; # increment
redirect '/login';
}
};
get '/load' => sub {
my $params = params; # ddp $params;
# validate lab number format:
my $validation = $app->model->validator->validate( search => $params );
# ddp $validation;
if ( $validation->{failed} ) { # ddp $result->{errors};
return template load => $validation; # href containing dfv_errs key
}
my $lab_number = param('lab_number');
my $session = session('user_profile');
{ # get request for lab_number:
my %h = (
lab_number => $lab_number,
user_id => $session->{id},
);
my $data = $app->model->load_request(\%h); # ddp $data;
if (! $data) {
my $msg = 'request with lab number %s not found';
flash warning => sprintf $msg, $lab_number;
redirect '/';
}
# store data in session for tt, and in case needed for re-display to report.tt:
session record => $data;
}
{ # get validation profile to configure required fields:
my $profile = $app->model->get_validation_profile('report'); # ddp $profile;
session validation_profile => $profile;
}
# tt gets data from session.record:
template report => { target => uri_for('/report') };
};
post '/report/:request_id' => sub {
my $params = params; # ddp $params;
my $validation = $app->model->validator->validate( report => $params );
# ddp $validation;
my $record = session('record');
$record->{report} = $params; # in case validation fails
if ( $validation->{failed} ) { # ddp $validation->{errors};
my %args = (
target => uri_for('/report'),
dfv_errs => $validation->{dfv_errs}, # href containing dfv_errs key
);
return template report => \%args;
}
my $data = $validation->{valid}; # ddp $data;
my $user = session('user_profile'); # ddp $user;
# add user_id & request_id to $data:
$data->{request_id} = param('request_id');
$data->{user_id} = $user->{id}; # ddp $data;
my $result = $app->model->save_report($data);
if ( my $err = $result->{error} ) { # ddp $result;
my %args = ( target => uri_for('/report'), error => $err );
return template report => \%args;
} # ddp $params->{request_id};
else {
flash info => $result->{message};
}
my $lab_number = $app->model->get_lab_number($params->{request_id}); # ddp $lab_number;
redirect '/load?lab_number='.$lab_number;
};
get '/register' => require_role qr/admin/ => sub { # ddp logged_in_user; ddp user_roles;
# return 'access_denied' unless user_has_role('admin'); # permission_denied_page_handler
return template register => { target => uri_for('/register') };
};
post '/register' => require_role qr/admin/ => sub {
my $params = params; # ddp $params;
my $validation = $app->model->validator->validate( register => $params );
if ( $validation->{failed} ) { # ddp $validation;
my %args = (
target => uri_for('/register'),
dfv_errs => $validation->{dfv_errs}, # href containing dfv_errs key
);
return template register => \%args;
}
my $data = $validation->{valid}; # ddp $data;
{ # register validated user:
my $result = $app->model->register_user($data);
if ( my $err = $result->{error} ) { # ddp $result;
my %args = ( target => uri_for('/register'), error => $err );
return template register => \%args;
}
}
{ # OK, registration success, email message to user:
my $result = $app->model->email_registration($data);
return template registration => $result; # hand $result straight to tt
}
};
get '/report_summary' => sub {
my $user_id = session('user_profile')->{id}; # ddp $user_id;
my $data = $app->model->user_reports_list($user_id);
{ # set headers & return PDF form for user to print & send:
my $content = template 'report_summary', { data => $data },
{ layout => undef }; # override default 'main' layout
return $content if dancer_app->environment eq 'development';
my $pdf = $app->model->render_pdf($content);
header 'Content-Type' => 'application/pdf';
return $pdf;
}
};
=begin # moved back to Routes::AJAX which now works with .psgi
# ajax call:
prefix '/ajax' => sub {
get '/get_diagnoses' => sub {
my $diagnoses = $app->model->get_diagnoses( param('diagnosis') )
|| return; # p $diagnoses; # doesn't do query unless str >= 3 chars
my @results = map {
{
id => $_->{id},
value => $_->{diagnosis},
info => $_->{icdo3} || '[non-ICDO3]',
}
} @$diagnoses; # ddp \@results;
my $ref = { results => \@results }; # p $ref;
encode_json($ref);
};
};
=cut
# logout route:
get '/logout' => sub {
app->destroy_session;
redirect('/'); # should redirect to /login
};
get '/gitlog' => sub { template gitlog => { log => $app->gitlog } };
# default Dancer2 app index page:
get '/index' => sub { template index => {}, { layout => 'index' } };
#===============================================================================
# http://blog.geekuni.com/2015/06/three-ways-to-implement-sessions.html
=begin
get '/count' => sub {
if ( my $user = session('user') ) {
session count => session('count') + 1;
my $ordinal = $app->model->num2ordinal(session('count')); ddp $ordinal;
return
'<a href="/count">Click here</a> for the name of the eldest son of ' .
'<b>Count von '. ucfirst $user.' the '. ucfirst $ordinal .'</b>';
}
return 'Cookie Monster!';
};
get '/do_login/:user' => sub {
session user => params->{user};
session count => 0;
redirect '/count';
};
=cut
#===============================================================================
true;
