def post_orders(): access_token = request.headers.get('Authorization', '')[len('Bearer '):] if not db.token(access=access_token) or db.token(access=access_token)[0]['expire_time'] < datetime.now(): return '', 403 user_id = db.token(access=access_token)[0]['user_id'] try: order = request.json for clothes in order['clothes']: if clothes['id'] not in db.clothes: raise Exception() if 'delivery_location' not in order: raise Exception() except: return '', 400 id = db.order.insert(user_id=user_id, clothes=order['clothes'], delivery_location=order['delivery_location'], time_placed=datetime.now()) db.order.commit() return '', 201, { 'Location': '/orders/{}'.format(id) }
def put_order_item(id): access_token = request.headers.get('Authorization', '')[len('Bearer '):] if not db.token(access=access_token) or db.token(access=access_token)[0]['expire_time'] < datetime.now(): return '', 403 user_id = db.token(access=access_token)[0]['user_id'] try: id = int(id) if id not in db.order or db.order[id]['user_id'] != user_id: raise Exception() except: return '', 404 try: order = request.json for clothes in order['clothes']: if clothes['id'] not in db.clothes: raise Exception() if 'delivery_location' not in order: raise Exception() except: return '', 400 db.order.update(db.order[id], clothes=order['clothes'], delivery_location=order['delivery_location'], time_placed=datetime.now()) db.order.commit() return '', 200
def get_me(): access_token = request.headers.get('Authorization', '')[len('Bearer '):] if not db.token(access=access_token) or db.token(access=access_token)[0]['expire_time'] < datetime.now(): return '', 403 user_id = db.token(access=access_token)[0]['user_id'] return json.dumps({ 'login': db.user[user_id]['login'], 'name': db.user[user_id]['name'], 'email': db.user[user_id]['email'], 'phone': db.user[user_id]['phone'], }, indent=4), 200, { 'Content-Type': 'application/json;charset=UTF-8', }
def delete_order_item(id): access_token = request.headers.get('Authorization', '')[len('Bearer '):] if not db.token(access=access_token) or db.token(access=access_token)[0]['expire_time'] < datetime.now(): return '', 403 user_id = db.token(access=access_token)[0]['user_id'] try: id = int(id) if id not in db.order or db.order[id]['user_id'] != user_id: raise Exception() except: return '', 404 db.order.delete(db.order[id]) db.order.commit() return '', 200
def get_orders(): access_token = request.headers.get('Authorization', '')[len('Bearer '):] if not db.token(access=access_token) or db.token(access=access_token)[0]['expire_time'] < datetime.now(): return '', 403 user_id = db.token(access=access_token)[0]['user_id'] try: per_page = int(request.args.get('per_page', 20)) if per_page < 20 or per_page > 100: raise Exception() page = int(request.args.get('page', 0)) if page < 0 or page > len(db.order(user_id=user_id)) // per_page: raise Exception() except: return '', 400 items = [] for i, order in enumerate(db.order(user_id=user_id)): if i < page * per_page: continue if i >= (page + 1) * per_page: break items.append({ 'id': order['__id__'], 'clothes': order['clothes'], 'delivery_location': order['delivery_location'], 'time_placed': order['time_placed'].isoformat(), 'time_delivered': None if order['time_delivered'] is None else order['time_delivered'].isoformat(), }) return json.dumps({ 'items': items, 'per_page': per_page, 'page': page, 'page_count': math.ceil(len(db.order) / per_page) }, indent=4), 200, { 'Content-Type': 'application/json;charset=UTF-8', }
def get_orders_item(id): access_token = request.headers.get('Authorization', '')[len('Bearer '):] if not db.token(access=access_token) or db.token(access=access_token)[0]['expire_time'] < datetime.now(): return '', 403 user_id = db.token(access=access_token)[0]['user_id'] try: id = int(id) if id not in db.order or db.order[id]['user_id'] != user_id: raise Exception() except: return '', 404 order = db.order[id] return json.dumps({ 'id': order['__id__'], 'clothes': order['clothes'], 'delivery_location': order['delivery_location'], 'time_placed': order['time_placed'].isoformat(), 'time_delivered': None if order['time_delivered'] is None else order['time_delivered'].isoformat(), }, indent=4), 200, { 'Content-Type': 'application/json;charset=UTF-8', }
def token(): try: grant_type = request.form.get('grant_type') client_id = request.form.get('client_id') client_secret = request.form.get('client_secret') except KeyError: return json.dumps({'error': 'invalid_request'}), 400, { 'Content-Type': 'application/json;charset=UTF-8', } try: client_id = int(client_id) except: client_id = None print(client_id, client_secret, db.client[client_id]['secret']) if client_id not in db.client or db.client[client_id]['secret'] != client_secret: return json.dumps({'error': 'invalid_client'}), 400, { 'Content-Type': 'application/json;charset=UTF-8', } if grant_type == 'authorization_code': try: code = request.form.get('code') except KeyError: return json.dumps({'error': 'invalid_request'}), 400, { 'Content-Type': 'application/json;charset=UTF-8', } if not db.authorization_code(code=code) or db.authorization_code(code=code)[0]['expire_time'] < datetime.now(): return json.dumps({'error': 'invalid_grant'}), 400, { 'Content-Type': 'application/json;charset=UTF-8', } user_id = db.authorization_code(code=code)[0]['user_id'] db.authorization_code.delete(db.authorization_code(code=code)) db.authorization_code.commit() elif grant_type == 'refresh_token': try: refresh_token = request.form.get('refresh_token') except KeyError: return json.dumps({'error': 'invalid_request'}), 400, { 'Content-Type': 'application/json;charset=UTF-8', } if not db.token(refresh=refresh_token): return json.dumps({'error': 'invalid_grant'}), 400, { 'Content-Type': 'application/json;charset=UTF-8', } user_id = db.token(refresh=refresh_token)[0]['user_id'] db.token.delete(db.token(refresh=refresh_token)) db.token.commit() else: return json.dumps({'error': 'unsupported_grant_type'}), 400, { 'Content-Type': 'application/json;charset=UTF-8', } access_token = sha256(str(uuid4()).encode('UTF-8')).hexdigest() # expire_time = datetime.now() + timedelta(hours=1) expire_time = datetime.now() + timedelta(minutes=1) refresh_token = sha256(str(uuid4()).encode('UTF-8')).hexdigest() db.token.insert(user_id=user_id, access=access_token, expire_time=expire_time, refresh=refresh_token) db.token.commit() return json.dumps({ 'access_token': access_token, 'token_type': 'bearer', 'expires_in': 3600, 'refresh_token': refresh_token, }), 200, { 'Content-Type': 'application/json;charset=UTF-8', 'Cache-Control': 'no-store', 'Pragma': 'no-cache', }