block is now a cookie

4 files changed, 96 insertions, 29 deletions

diff --git a/backend/main.py b/backend/main.py
index ce8f103..da914df 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -52,7 +52,8 @@ CREATE TABLE IF NOT EXISTS timers (
     duration INT NOT NULL,
     block INT NOT NULL,
     machine INT NOT NULL,
-    status TEXT NOT NULL CHECK(status IN ('RUNNING', 'FINISHED'))
+    status TEXT NOT NULL CHECK(status IN ('RUNNING', 'FINISHED')),
+    subscription_id TEXT NOT NULL,
 );
                """)  # block is either 1 or 2, machine (1-4), odd is dryer, even is machine.
 
@@ -72,7 +73,7 @@ for k, v in yaml_dict["qr_uri"]["h2"].items():
     qr_uri[v] = f"h1-{k}"
 
 print("config.yaml loaded, qr_uri:")
-for k,v in qr_uri.items():
+for k, v in qr_uri.items():
     print(k, v)
 
 
@@ -97,6 +98,10 @@ class RequestData(BaseModel):
     machine_id: str
 
 
+class InformationRequestData(BaseModel):
+    machine_id: str
+
+
 class BlockRequestData(BaseModel):
     block: int
 
@@ -112,6 +117,20 @@ class Status(Enum):
     OUTOFSERVICE = 3,
 
 
+URI_TO_MACHINES = {
+    "h0": [1, None],
+    "h1-dryer1": [1, 1],
+    "h1-washer1": [1, 2],
+    "h1-dryer2": [1, 3],
+    "h1-washer2": [1, 4],
+    "hf": [2, None],
+    "h2-dryer1": [2, 1],
+    "h2-washer1": [2, 2],
+    "h2-dryer2": [2, 3],
+    "h2-washer2": [2, 4],
+}
+
+
 # ## global vars for user-end
 
 machine_status = [[Status.EMPTY.name, Status.EMPTY.name, Status.EMPTY.name, Status.EMPTY.name],
@@ -170,7 +189,7 @@ def final_timer_finished(timer_id):
     cursor.execute(f"SELECT * FROM timers WHERE timer_id = '{timer_id}'")
     out = cursor.fetchall()
 
-    notification = Notification(app_id=ONESIGNAL_APP_ID, included_segments=['All'], contents={'en' : 'get your bloody laundry'}, headings={'en': 'laundry finished'})
+    notification = Notification(app_id=ONESIGNAL_APP_ID, included_segments=['All'], contents={'en': 'get your bloody laundry'}, headings={'en': 'laundry finished'})
 
     try:
         api_response = api_instance.create_notification(notification)
@@ -187,6 +206,19 @@ def create_session(response: fastapi.Response):
     return cookie
 
 
+def authenticate_block(response: fastapi.Response, machine_id: str = None, block: int = None):
+    if machine_id:
+        blk = URI_TO_MACHINES[machine_id][0]
+        response.set_cookie(key="auth_block", value=blk)
+        return blk
+    elif block:
+        blk = block
+        response.set_cookie(key="auth_block", value=blk)
+        return block
+    else:
+        return "FAIL"
+
+
 # ## beginning
 
 print("Hello, world!")
@@ -195,22 +227,11 @@ restart_terminated_schedules()
 
 # ## api endpoints
 
-# this is a constant, mapping uri keys to block-machine pair
-URI_TO_MACHINES = {
-    "h1-dryer1": [1, 1],
-    "h1-washer1": [1, 2],
-    "h1-dryer2": [1, 3],
-    "h1-washer2": [1, 4],
-    "h2-dryer1": [2, 1],
-    "h2-washer1": [2, 2],
-    "h2-dryer2": [2, 3],
-    "h2-washer2": [2, 4],
-}
-
-
 # --- starting new timer
+# eugh. too complex. TODO: refactor perhaps
+# it's so complex even the linter is complaining
 @app.post("/start", response_class=PlainTextResponse)
-async def start_new_timer(data: RequestData, response: fastapi.Response, session_key: Annotated[str | None, fastapi.Cookie()] = None):
+def start_new_timer(data: RequestData, response: fastapi.Response, session_key: Annotated[str | None, fastapi.Cookie()] = None, auth_block: Annotated[str | None, fastapi.Cookie()] = None):
     now = datetime.datetime.now()
     try:
         if not session_key:
@@ -228,6 +249,13 @@ async def start_new_timer(data: RequestData, response: fastapi.Response, session
         response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED
         return "invalid uri; you are unauthorised"
 
+    if auth_block:
+        if auth_block != block:
+            response.status_code = fastapi.status.HTTP_403_FORBIDDEN
+            return "mismatch in block authentication cookie and requested block machine. forbidden."
+    else:
+        authenticate_block(response, machine_id=data.machine_id)
+
     try:
         print("session key valid", session_key)
         cursor.execute(f"""
@@ -266,6 +294,7 @@ async def start_new_timer(data: RequestData, response: fastapi.Response, session
         response.status_code = fastapi.status.HTTP_500_INTERNAL_SERVER_ERROR
         return "something went wrong during machine_status setting somehow"
 
+    # HTTP 200
     return "all good bro timer started"
 
 
@@ -290,9 +319,12 @@ def check_status(response: fastapi.Response, session_key: Annotated[str | None,
 
 # --- fetch machine status for block
 @app.post("/status")
-def get_machine_status(data: BlockRequestData, auth_block: Annotated[str | None, fastapi.Cookie()] = None):
-    block_idx = data.block - 1
-    return [machine_status[block_idx], machine_times[block_idx], machine_durations[block_idx]]
+def get_machine_status(response: fastapi.Response, auth_block: Annotated[str | None, fastapi.Cookie()] = None):
+    if auth_block:
+        return [machine_status[auth_block], machine_times[auth_block], machine_durations[auth_block]]
+    else:
+        response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED
+        return "block cookie needed. unauthorised"
 
 
 # --- get laundr(y/ies) information of user
@@ -345,8 +377,8 @@ def finish_laundry(data: FinishRequestData, response: fastapi.Response, session_
         return "laundry finished"
 
         if session_key != row[1]:
-            response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED
-            return "session key mismatch with timer id, dubious and hence unauthorised."
+            response.status_code = fastapi.status.HTTP_403_FORBIDDEN
+            return "session key mismatch with timer id, dubious!"
     else:
         response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED
         return "you got no session key, cannot"
@@ -354,5 +386,18 @@ def finish_laundry(data: FinishRequestData, response: fastapi.Response, session_
 
 # --- get information from uri search query
 @app.post("/info")
-def uri_to_information(data: FinishRequestData):
-    pass
+def uri_to_information(data: InformationRequestData, response: fastapi.Response, auth_block: Annotated[str | None, fastapi.Cookie()] = None):
+    try:
+        info = URI_TO_MACHINES[data.machine_id]
+    except KeyError:
+        response.status_code = fastapi.status.HTTP_404_NOT_FOUND
+        return "INVALID machine ID/URI"
+
+    if auth_block:
+        if auth_block != info[0]:
+            response.status_code = fastapi.status.HTTP_403_FORBIDDEN
+            return "UNAUTHORISED to view information"
+    else:
+        authenticate_block(response, block=info[0])
+
+    return {"block": info[0], "machine": info[1]}
diff --git a/frontend/assets/.DS_Store b/frontend/assets/.DS_Store
index 4e6198d..320d9b9 100644
--- a/frontend/assets/.DS_Store
+++ b/frontend/assets/.DS_Store
diff --git a/frontend/main.js b/frontend/main.js
index e677c68..6c46b20 100644
--- a/frontend/main.js
+++ b/frontend/main.js
@@ -25,10 +25,7 @@ async function checkUserStatus() {
 async function checkMachineStatus() {
 	const response = await fetch(`${API_URL}/status`, {
 		method: "POST",
-		headers: {
-			"Content-Type": "application/json"
-		},
-		body: JSON.stringify({block: 1}),
+		credentials: "include",
 	});
 	return await response.json();
 }
@@ -69,17 +66,41 @@ function start() {
 	});
 }
 
+// --- information loading + cookie setting (from server)
+async function information(urlParam = null) {
+	const response = fetch(`${API_URL}/info`, {
+		credentials: "include",
+		method: "POST",
+		headers: {
+			"Content-Type": "application/json"
+		},
+		body: JSON.stringify({ "machine_id": urlParam ? urlParam : await browser.cookies.get({name: "auth_block", url: API_URL}) })
+	});
+
+	const block = await response.json()["block"];
+
+	document.getElementById("logo-id").innerText = block;
+
+	return Promise.resolve(block);
+}
+
 
 // ------ page specific -----
 
 // ---- machine status page
 
+const STATUS_INTERVAL = 30
+
 // --- machines visual
 async function startUpdateMachines() {
+	const urlParams = new URLSearchParams(window.location.search);
+
+	await information(urlParams.get("block"));
+
 	updateMachines();
 
 	while (true) {
-		await delay(30 * 1000);
+		await delay(STATUS_INTERVAL * 1000);
 
 		await updateMachines();
 	}
diff --git a/frontend/style.css b/frontend/style.css
index 3b727c0..297b0ff 100644
--- a/frontend/style.css
+++ b/frontend/style.css
@@ -241,4 +241,5 @@ body {
 
 button {
 	font-family: "Interesting", sans-serif;
+	font-size: 1rem;
 }