Add pics, links and cover all overlap scenarios

dylan8902 · Feb 20, 2024 · e2baf4b · e2baf4b
1 parent 3d228a3
commit e2baf4b
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 10 deletions.
diff --git a/app/controllers/pub_thursday_audit_controller.rb b/app/controllers/pub_thursday_audit_controller.rb
@@ -9,18 +9,22 @@ class PubThursdayAuditController < ApplicationController
   # GET /pub-thursday-audit.xml
   def index
 
-    @users = {}
     project = "pub-tracker-live"
-    base_url = "https://firestore.googleapis.com/v1/projects/#{project}/databases/(default)/documents"
-    response = JSON.parse(RestClient.get("#{base_url}/users?mask.fieldPaths=displayName&pageSize=300").body)
+    api_url = "https://firestore.googleapis.com/v1/"
+    base_url = "#{api_url}projects/#{project}/databases/(default)/documents"
+
+    @users = {}
+
+    response = JSON.parse(RestClient.get("#{base_url}/users?mask.fieldPaths=displayName&mask.fieldPaths=photoURL&pageSize=300").body)
     response["documents"].each do |user|
       display_name = user["fields"]["displayName"]["stringValue"]
-      @users[user["name"]] = { name: display_name, sessions: [] }
+      photo_url = user["fields"]["photoURL"]["stringValue"]
+      @users[user["name"]] = { name: display_name, photo: photo_url, sessions: [] }
     end
 
     documents = []
 
-    url = "#{base_url}/sessions?orderBy=startTime%20desc&mask.fieldPaths=startTime&mask.fieldPaths=endTime&mask.fieldPaths=userRef&mask.fieldPaths=locationRef&pageSize=300"
+    url = "#{base_url}/sessions?orderBy=startTime%20desc&mask.fieldPaths=startTime&mask.fieldPaths=endTime&mask.fieldPaths=userRef&mask.fieldPaths=locationName&pageSize=300"
     response = JSON.parse(RestClient.get(url).body)
     documents.concat response["documents"]
 
@@ -32,7 +36,14 @@ def index
       ref = session["fields"]["userRef"]["referenceValue"]
       start_time = session["fields"]["startTime"]["timestampValue"]
       end_time = session["fields"]["endTime"]["timestampValue"]
-      @users[ref][:sessions] << { id: session["name"], start: DateTime.parse(start_time), end: DateTime.parse(end_time) }
+      location = session["fields"]["locationName"]["stringValue"]
+      @users[ref][:sessions] << {
+        id: session["name"],
+        url: "#{api_url}#{session["name"]}",
+        start: DateTime.parse(start_time),
+        end: DateTime.parse(end_time),
+        location: location
+      }
     end
 
     @users.delete_if do |k,v|
@@ -42,11 +53,28 @@ def index
     @users.each do |key, user|
       user[:sessions].each do |session|
         user[:sessions].each do |other_session|
-          if other_session[:start] > session[:start] and other_session[:end] < session[:end]
-            session[:within] = other_session
+          if
+            (other_session[:start] > session[:start] and other_session[:end] < session[:end]) ||
+            (other_session[:start] < session[:start] and other_session[:end] > session[:end]) ||
+            (other_session[:start] > session[:start] and other_session[:start] < session[:end] and other_session[:end] > session[:end]) ||
+            (other_session[:start] < session[:start] and other_session[:end] < session[:end] and other_session[:end] > session[:start])
+            session[:within] = {
+              id: other_session[:id],
+              url: other_session[:url],
+              start: other_session[:start],
+              end: other_session[:end]
+            }
+            user[:illegal] = true
           end
         end
       end
+      user[:sessions].delete_if do |session|
+        session[:within].nil?
+      end
+    end
+
+    @users.delete_if do |k,v|
+      v[:illegal].nil?
     end
 
     respond_to do |format|

diff --git a/app/views/pub_thursday_audit/index.html.erb b/app/views/pub_thursday_audit/index.html.erb
@@ -1,10 +1,36 @@
 <% provide(:title, "Pub Thursday Audit") %>
 <% provide(:description, "Due to a small bug of allowing users to have more than one active session, an audit needs to occur") %>
+
 <h1>Pub Thursday Audit</h1>
 
+<p class="well">
+	Due to a severe security vulnerability on the Pub Tursday backed, clients have been able to trigger multiple check-in sessions inflating their time spent in pub.
+	Here is an audit of sessions where they overlap another.
+</p>
+
 <section class="row">
-	<pre class="col-md-8"><%= JSON.pretty_generate(@users) %></pre>
+  <% @users.each do |key, user| %>
 	<article class="col-md-4">
-
+		<h2>
+			<img alt="Gravatar" width="50" height="50" class="img-circle" src="<%= user[:photo] %>">
+			<%= user[:name] %>
+		</h2>
+		<% user[:sessions].each do |session| %>
+		<div style="margin-bottom:24px">
+			<h4>
+				<a href="<%= session[:url] %>" target="_blank">
+					<%= session[:start].strftime('%d/%m/%Y') %>
+					<%= session[:start].strftime('%H:%M:%S') %> - <%= session[:end].strftime('%H:%M:%S') %>
+				</a>
+			</h4>
+			<h5><%= session[:location] %></h6>
+			<p>
+				Overlaps with <a href="<%= session[:within][:url] %>" target="_blank">another session</a>
+				<%= session[:within][:start].strftime('%H:%M:%S') %> -
+				<%= session[:within][:end].strftime('%H:%M:%S') %>
+			</p>
+		</div>
+		<% end %>
 	</article>
+	<% end %>
 </section>