szurubooru/public_html/js/Auth.js

var App = App || {};

App.Auth = function(_, jQuery, util, api, appState, promise) {

	var privileges = {
		register: 'register',
		listUsers: 'listUsers',
		viewUsers: 'viewUsers',
		viewAllEmailAddresses: 'viewAllEmailAddresses',
		changeAccessRank: 'changeAccessRank',
		changeOwnAvatarStyle: 'changeOwnAvatarStyle',
		changeOwnEmailAddress: 'changeOwnEmailAddress',
		changeOwnName: 'changeOwnName',
		changeOwnPassword: 'changeOwnPassword',
		changeAllAvatarStyles: 'changeAllAvatarStyles',
		changeAllEmailAddresses: 'changeAllEmailAddresses',
		changeAllNames: 'changeAllNames',
		changeAllPasswords: 'changeAllPasswords',
		deleteOwnAccount: 'deleteOwnAccount',
		deleteAllAccounts: 'deleteAllAccounts',
		ban: 'ban',

		listPosts: 'listPosts',
		viewPosts: 'viewPosts',
		uploadPosts: 'uploadPosts',
		uploadPostsAnonymously: 'uploadPostsAnonymously',
		deletePosts: 'deletePosts',
		featurePosts: 'featurePosts',
		changePostSafety: 'changePostSafety',
		changePostSource: 'changePostSource',
		changePostTags: 'changePostTags',
		changePostContent: 'changePostContent',
		changePostThumbnail: 'changePostThumbnail',
		changePostRelations: 'changePostRelations',
		changePostFlags: 'changePostFlags',

		listComments: 'listComments',
		addComments: 'addComments',
		editOwnComments: 'editOwnComments',
		editAllComments: 'editAllComments',
		deleteOwnComments: 'deleteOwnComments',
		deleteAllComments: 'deleteAllComments',

		listTags: 'listTags',
		massTag: 'massTag',
		changeTagName: 'changeTagName',

		viewHistory: 'viewHistory',
	};

	function loginFromCredentials(userNameOrEmail, password, remember) {
		return promise.make(function(resolve, reject) {
			promise.wait(api.post('/login', {userNameOrEmail: userNameOrEmail, password: password}))
				.then(function(response) {
					updateAppState(response);
					jQuery.cookie(
						'auth',
						response.json.token.name,
						remember ? { expires: 365 } : {});
					resolve(response);
				}).fail(function(response) {
					reject(response);
				});
		});
	}

	function loginFromToken(token, isFromCookie) {
		return promise.make(function(resolve, reject) {
			var fd = {
				token: token,
				isFromCookie: isFromCookie
			};
			promise.wait(api.post('/login', fd))
				.then(function(response) {
					updateAppState(response);
					resolve(response);
				}).fail(function(response) {
					reject(response);
				});
		});
	}

	function loginAnonymous() {
		return promise.make(function(resolve, reject) {
			promise.wait(api.post('/login'))
				.then(function(response) {
					updateAppState(response);
					resolve(response);
				}).fail(function(response) {
					reject(response);
				});
		});
	}

	function logout() {
		return promise.make(function(resolve, reject) {
			jQuery.removeCookie('auth');
			appState.set('loginToken', null);
			return promise.wait(loginAnonymous())
				.then(resolve)
				.fail(reject);
		});
	}

	function tryLoginFromCookie() {
		return promise.make(function(resolve, reject) {
			if (isLoggedIn()) {
				resolve();
				return;
			}

			var authCookie = jQuery.cookie('auth');
			if (!authCookie) {
				reject();
				return;
			}

			promise.wait(loginFromToken(authCookie, true))
				.then(function(response) {
					resolve();
				}).fail(function(response) {
					jQuery.removeCookie('auth');
					reject();
				});
		});
	}

	function updateAppState(response) {
		appState.set('privileges', response.json.privileges || []);
		appState.set('loginToken', response.json.token && response.json.token.name);
		appState.set('loggedIn', response.json.user && !!response.json.user.id);
		appState.set('loggedInUser', response.json.user);
	}

	function isLoggedIn(userName) {
		if (!appState.get('loggedIn')) {
			return false;
		}
		if (typeof(userName) !== 'undefined') {
			if (getCurrentUser().name !== userName) {
				return false;
			}
		}
		return true;
	}

	function getCurrentUser() {
		return appState.get('loggedInUser');
	}

	function getCurrentPrivileges() {
		return appState.get('privileges');
	}

	function updateCurrentUser(user) {
		if (user.id !== getCurrentUser().id) {
			throw new Error('Cannot set current user to other user this way.');
		}
		appState.set('loggedInUser', user);
	}

	function hasPrivilege(privilege) {
		return _.contains(getCurrentPrivileges(), privilege);
	}

	function startObservingLoginChanges(listenerName, callback) {
		appState.startObserving('loggedInUser', listenerName, callback);
	}

	return {
		loginFromCredentials: loginFromCredentials,
		loginFromToken: loginFromToken,
		loginAnonymous: loginAnonymous,
		tryLoginFromCookie: tryLoginFromCookie,
		logout: logout,

		startObservingLoginChanges: startObservingLoginChanges,
		isLoggedIn: isLoggedIn,
		getCurrentUser: getCurrentUser,
		updateCurrentUser: updateCurrentUser,
		getCurrentPrivileges: getCurrentPrivileges,
		hasPrivilege: hasPrivilege,

		privileges: privileges,
	};

};

App.DI.registerSingleton('auth', ['_', 'jQuery', 'util', 'api', 'appState', 'promise'], App.Auth);
Added frontend outline 2014-08-31 23:22:56 +02:00			`var App = App \|\| {};`

Improved Javascript coding style 2014-09-08 22:02:28 +02:00			`App.Auth = function(_, jQuery, util, api, appState, promise) {`
Added frontend outline 2014-08-31 23:22:56 +02:00
Refactored privilege system 2014-09-06 10:00:26 +02:00			`var privileges = {`
			`register: 'register',`
			`listUsers: 'listUsers',`
Fixed privileges 2014-09-30 22:09:43 +02:00			`viewUsers: 'viewUsers',`
Added account settings management and avatars 2014-09-07 00:33:46 +02:00			`viewAllEmailAddresses: 'viewAllEmailAddresses',`
			`changeAccessRank: 'changeAccessRank',`
			`changeOwnAvatarStyle: 'changeOwnAvatarStyle',`
			`changeOwnEmailAddress: 'changeOwnEmailAddress',`
			`changeOwnName: 'changeOwnName',`
			`changeOwnPassword: 'changeOwnPassword',`
			`changeAllAvatarStyles: 'changeAllAvatarStyles',`
			`changeAllEmailAddresses: 'changeAllEmailAddresses',`
			`changeAllNames: 'changeAllNames',`
			`changeAllPasswords: 'changeAllPasswords',`
Refactored privilege system 2014-09-06 10:00:26 +02:00			`deleteOwnAccount: 'deleteOwnAccount',`
			`deleteAllAccounts: 'deleteAllAccounts',`
Added user banning 2014-09-30 13:22:11 +02:00			`ban: 'ban',`
Added presenter placeholders 2014-09-07 19:49:11 +02:00
Fixed privileges 2014-09-30 22:09:43 +02:00			`listPosts: 'listPosts',`
			`viewPosts: 'viewPosts',`
Added presenter placeholders 2014-09-07 19:49:11 +02:00			`uploadPosts: 'uploadPosts',`
Implemented post uploads (closed #11) 2014-09-15 11:38:24 +02:00			`uploadPostsAnonymously: 'uploadPostsAnonymously',`
Added post deleting 2014-09-23 20:18:12 +02:00			`deletePosts: 'deletePosts',`
Added post featuring 2014-09-24 23:24:51 +02:00			`featurePosts: 'featurePosts',`
Added basic post editing 2014-09-25 19:11:41 +02:00			`changePostSafety: 'changePostSafety',`
			`changePostSource: 'changePostSource',`
			`changePostTags: 'changePostTags',`
			`changePostContent: 'changePostContent',`
			`changePostThumbnail: 'changePostThumbnail',`
Added post relations 2014-09-25 23:53:47 +02:00			`changePostRelations: 'changePostRelations',`
Added ability to loop video posts 2014-10-09 09:45:06 +02:00			`changePostFlags: 'changePostFlags',`
Added presenter placeholders 2014-09-07 19:49:11 +02:00
Added comment API 2014-10-04 13:56:38 +02:00			`listComments: 'listComments',`
			`addComments: 'addComments',`
			`editOwnComments: 'editOwnComments',`
			`editAllComments: 'editAllComments',`
			`deleteOwnComments: 'deleteOwnComments',`
			`deleteAllComments: 'deleteAllComments',`

Added presenter placeholders 2014-09-07 19:49:11 +02:00			`listTags: 'listTags',`
Implemented mass tag 2014-10-09 23:46:32 +02:00			`massTag: 'massTag',`
Added tag name changing 2014-10-10 09:53:05 +02:00			`changeTagName: 'changeTagName',`
Added post history 2014-09-26 20:41:28 +02:00
			`viewHistory: 'viewHistory',`
Refactored privilege system 2014-09-06 10:00:26 +02:00			`};`

Added IValidatable; moved validation to FormData I still struggle to find out how to deal with arguments like $userNameOrEmail. Should I trim() them in controllers, or in service? If I do it in service, shouldn't all of such validation belong in there? 2014-09-09 19:38:16 +02:00			`function loginFromCredentials(userNameOrEmail, password, remember) {`
Fixed promises on Internet Explorer 2014-09-04 18:06:25 +02:00			`return promise.make(function(resolve, reject) {`
Added IValidatable; moved validation to FormData I still struggle to find out how to deal with arguments like $userNameOrEmail. Should I trim() them in controllers, or in service? If I do it in service, shouldn't all of such validation belong in there? 2014-09-09 19:38:16 +02:00			`promise.wait(api.post('/login', {userNameOrEmail: userNameOrEmail, password: password}))`
Added frontend outline 2014-08-31 23:22:56 +02:00			`.then(function(response) {`
Fixed app state authentication variables 2014-09-01 08:07:51 +02:00			`updateAppState(response);`
Added frontend outline 2014-08-31 23:22:56 +02:00			`jQuery.cookie(`
			`'auth',`
			`response.json.token.name,`
			`remember ? { expires: 365 } : {});`
			`resolve(response);`
Fixed promises on Internet Explorer 2014-09-04 18:06:25 +02:00			`}).fail(function(response) {`
Added frontend outline 2014-08-31 23:22:56 +02:00			`reject(response);`
			`});`
			`});`
Refactored frontend authentication system 2014-09-05 13:50:19 +02:00			`}`
Added frontend outline 2014-08-31 23:22:56 +02:00
Optimized API operations Every operation updated user last login time, which was inefficient. Changed it to update only after logins from credentials or cookies. 2014-09-23 20:35:41 +02:00			`function loginFromToken(token, isFromCookie) {`
Fixed promises on Internet Explorer 2014-09-04 18:06:25 +02:00			`return promise.make(function(resolve, reject) {`
Optimized API operations Every operation updated user last login time, which was inefficient. Changed it to update only after logins from credentials or cookies. 2014-09-23 20:35:41 +02:00			`var fd = {`
			`token: token,`
			`isFromCookie: isFromCookie`
			`};`
			`promise.wait(api.post('/login', fd))`
Added frontend outline 2014-08-31 23:22:56 +02:00			`.then(function(response) {`
Fixed app state authentication variables 2014-09-01 08:07:51 +02:00			`updateAppState(response);`
Added frontend outline 2014-08-31 23:22:56 +02:00			`resolve(response);`
Fixed promises on Internet Explorer 2014-09-04 18:06:25 +02:00			`}).fail(function(response) {`
Added frontend outline 2014-08-31 23:22:56 +02:00			`reject(response);`
			`});`
			`});`
Refactored frontend authentication system 2014-09-05 13:50:19 +02:00			`}`
Added frontend outline 2014-08-31 23:22:56 +02:00
			`function loginAnonymous() {`
Fixed promises on Internet Explorer 2014-09-04 18:06:25 +02:00			`return promise.make(function(resolve, reject) {`
			`promise.wait(api.post('/login'))`
Added frontend outline 2014-08-31 23:22:56 +02:00			`.then(function(response) {`
Fixed app state authentication variables 2014-09-01 08:07:51 +02:00			`updateAppState(response);`
Added frontend outline 2014-08-31 23:22:56 +02:00			`resolve(response);`
Fixed promises on Internet Explorer 2014-09-04 18:06:25 +02:00			`}).fail(function(response) {`
Added frontend outline 2014-08-31 23:22:56 +02:00			`reject(response);`
			`});`
			`});`
Refactored frontend authentication system 2014-09-05 13:50:19 +02:00			`}`
Added frontend outline 2014-08-31 23:22:56 +02:00
			`function logout() {`
Fixed promises on Internet Explorer 2014-09-04 18:06:25 +02:00			`return promise.make(function(resolve, reject) {`
Added frontend outline 2014-08-31 23:22:56 +02:00			`jQuery.removeCookie('auth');`
Fixed logging out 2014-09-07 08:47:06 +02:00			`appState.set('loginToken', null);`
Fixed promises and its race conditions 2014-10-02 00:30:25 +02:00			`return promise.wait(loginAnonymous())`
			`.then(resolve)`
			`.fail(reject);`
Added frontend outline 2014-08-31 23:22:56 +02:00			`});`
Refactored frontend authentication system 2014-09-05 13:50:19 +02:00			`}`
Added frontend outline 2014-08-31 23:22:56 +02:00
			`function tryLoginFromCookie() {`
Fixed promises on Internet Explorer 2014-09-04 18:06:25 +02:00			`return promise.make(function(resolve, reject) {`
Refactored frontend authentication system 2014-09-05 13:50:19 +02:00			`if (isLoggedIn()) {`
Added frontend outline 2014-08-31 23:22:56 +02:00			`resolve();`
			`return;`
			`}`

			`var authCookie = jQuery.cookie('auth');`
			`if (!authCookie) {`
			`reject();`
			`return;`
			`}`

Optimized API operations Every operation updated user last login time, which was inefficient. Changed it to update only after logins from credentials or cookies. 2014-09-23 20:35:41 +02:00			`promise.wait(loginFromToken(authCookie, true))`
Fixed promises on Internet Explorer 2014-09-04 18:06:25 +02:00			`.then(function(response) {`
			`resolve();`
			`}).fail(function(response) {`
			`jQuery.removeCookie('auth');`
			`reject();`
			`});`
Added frontend outline 2014-08-31 23:22:56 +02:00			`});`
Refactored frontend authentication system 2014-09-05 13:50:19 +02:00			`}`
Added frontend outline 2014-08-31 23:22:56 +02:00
Fixed app state authentication variables 2014-09-01 08:07:51 +02:00			`function updateAppState(response) {`
Added basic privilege system 2014-09-04 19:57:06 +02:00			`appState.set('privileges', response.json.privileges \|\| []);`
Fixed app state authentication variables 2014-09-01 08:07:51 +02:00			`appState.set('loginToken', response.json.token && response.json.token.name);`
Added support for parameters in presenters 2014-09-03 09:10:26 +02:00			`appState.set('loggedIn', response.json.user && !!response.json.user.id);`
Fixed frontend behavior after edited user name 2014-09-10 19:19:30 +02:00			`appState.set('loggedInUser', response.json.user);`
Fixed app state authentication variables 2014-09-01 08:07:51 +02:00			`}`

Refactored privilege system 2014-09-06 10:00:26 +02:00			`function isLoggedIn(userName) {`
Improved Javascript coding style 2014-09-08 22:02:28 +02:00			`if (!appState.get('loggedIn')) {`
Refactored privilege system 2014-09-06 10:00:26 +02:00			`return false;`
Improved Javascript coding style 2014-09-08 22:02:28 +02:00			`}`
			`if (typeof(userName) !== 'undefined') {`
			`if (getCurrentUser().name !== userName) {`
Refactored privilege system 2014-09-06 10:00:26 +02:00			`return false;`
Improved Javascript coding style 2014-09-08 22:02:28 +02:00			`}`
Refactored privilege system 2014-09-06 10:00:26 +02:00			`}`
			`return true;`
Refactored frontend authentication system 2014-09-05 13:50:19 +02:00			`}`

			`function getCurrentUser() {`
			`return appState.get('loggedInUser');`
			`}`

			`function getCurrentPrivileges() {`
			`return appState.get('privileges');`
			`}`

Fixed frontend behavior after edited user name 2014-09-10 19:19:30 +02:00			`function updateCurrentUser(user) {`
			`if (user.id !== getCurrentUser().id) {`
			`throw new Error('Cannot set current user to other user this way.');`
			`}`
			`appState.set('loggedInUser', user);`
			`}`

Refactored frontend authentication system 2014-09-05 13:50:19 +02:00			`function hasPrivilege(privilege) {`
			`return _.contains(getCurrentPrivileges(), privilege);`
			`}`

			`function startObservingLoginChanges(listenerName, callback) {`
Fixed frontend behavior after edited user name 2014-09-10 19:19:30 +02:00			`appState.startObserving('loggedInUser', listenerName, callback);`
Refactored frontend authentication system 2014-09-05 13:50:19 +02:00			`}`

Added frontend outline 2014-08-31 23:22:56 +02:00			`return {`
			`loginFromCredentials: loginFromCredentials,`
			`loginFromToken: loginFromToken,`
			`loginAnonymous: loginAnonymous,`
			`tryLoginFromCookie: tryLoginFromCookie,`
			`logout: logout,`
Refactored privilege system 2014-09-06 10:00:26 +02:00
			`startObservingLoginChanges: startObservingLoginChanges,`
Refactored frontend authentication system 2014-09-05 13:50:19 +02:00			`isLoggedIn: isLoggedIn,`
			`getCurrentUser: getCurrentUser,`
Fixed frontend behavior after edited user name 2014-09-10 19:19:30 +02:00			`updateCurrentUser: updateCurrentUser,`
Refactored frontend authentication system 2014-09-05 13:50:19 +02:00			`getCurrentPrivileges: getCurrentPrivileges,`
			`hasPrivilege: hasPrivilege,`
Refactored privilege system 2014-09-06 10:00:26 +02:00
			`privileges: privileges,`
Added frontend outline 2014-08-31 23:22:56 +02:00			`};`

			`};`

Removed {mangle: false} requirement to uglify-js Improves solution to #4 for javasript files by 12K (in current build). 2014-09-11 12:33:44 +02:00			`App.DI.registerSingleton('auth', ['_', 'jQuery', 'util', 'api', 'appState', 'promise'], App.Auth);`