fix: store session controller impl

zcesur · zcesur · commit 1c6745d71ea0 · 2025-05-05T17:25:48.000+03:00
diff --git a/assets/js/app.ts b/assets/js/app.ts
@@ -774,9 +774,7 @@ window.addEventListener("phx:store-session", (event) => {
     .querySelector('meta[name="csrf-token"]')
     .getAttribute("content");
 
-  console.log(event.detail);
-
-  fetch("/store-session", {
+  fetch("/api/store_session", {
     method: "POST",
     headers: {
       "Content-Type": "application/json",
diff --git a/lib/algora_web/controllers/api/store_session_controller.ex b/lib/algora_web/controllers/api/store_session_controller.ex
@@ -0,0 +1,37 @@
+defmodule AlgoraWeb.API.StoreSessionController do
+  use AlgoraWeb, :controller
+
+  require Logger
+
+  def create(conn, %{"encrypted" => encrypted}) do
+    updated_conn =
+      case decrypt(encrypted) do
+        {:ok, data} ->
+          Enum.reduce(data, conn, fn {key, value}, acc_conn -> put_session(acc_conn, key, value) end)
+
+        error ->
+          Logger.error("Failed to decrypt session: #{inspect(error)}")
+          conn
+      end
+
+    send_resp(updated_conn, 200, "")
+  end
+
+  def store_session(socket, data) do
+    Phoenix.LiveView.push_event(socket, "store-session", %{encrypted: encrypt(data)})
+  end
+
+  defp default_ttl, do: Algora.config([:local_store, :ttl])
+  defp salt, do: "store_session_controller" <> Algora.config([:local_store, :salt])
+
+  defp encrypt(data) do
+    Phoenix.Token.encrypt(AlgoraWeb.Endpoint, salt(), :erlang.term_to_binary(data), max_age: default_ttl())
+  end
+
+  defp decrypt(data) do
+    case Phoenix.Token.decrypt(AlgoraWeb.Endpoint, salt(), data, max_age: default_ttl()) do
+      {:ok, data} -> {:ok, :erlang.binary_to_term(data, [:safe])}
+      error -> error
+    end
+  end
+end
diff --git a/lib/algora_web/controllers/store_session_controller.ex b/lib/algora_web/controllers/store_session_controller.ex
diff --git a/lib/algora_web/router.ex b/lib/algora_web/router.ex
@@ -21,6 +21,8 @@ defmodule AlgoraWeb.Router do
 
   pipeline :api do
     plug :accepts, ["json"]
+    plug :fetch_session
+    plug Plug.Parsers, parsers: [:urlencoded, {:json, json_decoder: Jason}]
   end
 
   # Legacy tRPC pipeline
@@ -145,12 +147,11 @@ defmodule AlgoraWeb.Router do
 
     live "/0/bounties/:id", OG.BountyLive, :show
     get "/og/*path", OGImageController, :generate
-
-    post "/store-session", StoreSessionController, :create
   end
 
   scope "/api", AlgoraWeb.API do
     pipe_through :api
+    post "/store_session", StoreSessionController, :create
 
     # Legacy tRPC endpoints
     scope "/trpc" do
diff --git a/lib/algora_web/util.ex b/lib/algora_web/util.ex
@@ -54,4 +54,8 @@ defmodule AlgoraWeb.Util do
       _other -> nil
     end)
   end
+
+  def store_session(socket, data) do
+    AlgoraWeb.API.StoreSessionController.store_session(socket, data)
+  end
 end
