Example #1
0
    def handle_login_user(self, req: Request) -> Union[Response, HTTPError]:
        user_from_req = self.read_user_from_request_body(req)
        user_from_db = self._users.get_by_login(user_from_req.login)

        if user_from_db is None:
            # user not found, 404
            return HTTPError(404, 'Not Found')

        if user_from_db.password != user_from_req.password:
            # forbidden, 403
            return HTTPError(403, 'Forbidden')

        ts = int(time.time())
        token = Token.as_authorization(user_from_db.login, ts + 3600)
        return Response(200, 'OK', headers={"Authorization": token})
Example #2
0
    def handle_request(self, req: Request):
        user_login = None
        if "Authorization" in req.headers:
            try:
                user_login = Token.as_token(req.headers["Authorization"])
            except KeyError as ke:
                return HTTPError(403, "Forbidden", body=("token must have key " + str(ke)).encode())
            except Exception as e:
                return HTTPError(403, "Forbidden", body=str(e).encode())

        print(req.path, req.query, req.url)

        if req.path == '/users' and req.method == 'POST':#REGISTRATION
            return self.handle_post_users(req)

        if req.path == '/login' and req.method == 'POST':#LOGIN
            return self.handle_login_user(req)

        if req.path == '/users' and req.method == 'GET': #GET ALL USERS LIST
            if user_login is None:
                return HTTPError(403, "Forbidden", body="authorization header is absent".encode())
            return self.handle_get_users(req, user_login)


        if req.path == '/cafes' and req.method == 'GET': #TODO # withMeanStars
            if user_login is None:
                return HTTPError(403, "Forbidden", body="authorization header is absent".encode())
            return self.handle_get_cafes(req)

        if req.path == '/cafe/media' and req.method == 'GET': #TODO
            if user_login is None:
                return HTTPError(403, "Forbidden", body="authorization header is absent".encode())
            return self.handle_get_cafe_media(req)

        if req.path == '/cafe/media' and req.method == 'POST':
            if user_login is None:
                return HTTPError(403, "Forbidden", body="authorization header is absent".encode())
            return self.handle_add_cafe_media(req, user_login)

        if req.path == '/cafe/media' and req.method == 'DELETE': #TODO
            if user_login is None:
                return HTTPError(403, "Forbidden", body="authorization header is absent".encode())
            return self.handle_del_cafe_media(req)

        if req.path == '/cafe' and req.method == 'POST':
            if user_login is None:
                return HTTPError(403, "Forbidden", body="authorization header is absent".encode())
            return self.handle_put_cafe(req, user_login)

        # if req.path == '/cafe' and req.method == 'POST':
        #     if user_login is None:
        #         return HTTPError(403, "Forbidden", body="authorization header is absent".encode())
        #     return self.handle_edit_cafe(req)

        if req.path == '/cafe/review' and req.method == 'GET':
            if user_login is None:
                return HTTPError(403, "Forbidden", body="authorization header is absent".encode())
            return self.handle_get_reviews(req)

        if req.path == '/cafe/review' and req.method == 'POST':
            if user_login is None:
                return HTTPError(403, "Forbidden", body="authorization header is absent".encode())
            return self.handle_add_review(req, user_login)

        if req.path == '/cafe/review' and req.method == 'DELETE': #TODO
            if user_login is None:
                return HTTPError(403, "Forbidden", body="authorization header is absent".encode())
            return self.handle_del_review(req, user_login)

        """if req.path.startswith('/users/'):
            user_id = req.path[len('/users/'):]
            if user_id.isdigit():
                return self.handle_get_user(req, user_id)"""

        raise HTTPError(404, 'Not found')