def saveUpdateNote(): # Gets user's identity (username) currentUser = get_jwt_identity() # Gets noteID if provided newNote = request.json.get('newNote', None) # Gets the note data from the request noteId = request.json.get('id', None) body = request.json.get('body', None) title = request.json.get('title', None) timeStampEntered = request.json.get('timeStampEntered', None) timeStampModified = request.json.get('timeStampModified', None) userId = request.json.get('user', None) # Checks newNote value to determine if this is an existing note and therefore an update is necessary, otherwise it's a new note. if newNote: if queryDB( modify=True, query= "insert into notes (title, body, timeStampEntered, timeStampModified, user) values (%s, %s, %s, %s, %s);", queryTerms=(title, body, timeStampEntered, timeStampModified, userId)) != False: return resp(msg="Note saved.") # Updates an existing note with the values provided elif queryDB( modify=True, query= "update notes set timeStampModified=%s, body=%s, title=%s where id=%s;", queryTerms=(timeStampModified, body, title, noteId)) != False: return resp(msg="updates saved") # Returns an error if noteID is null/None or an error is encountered during saving/updating return resp(code=500, msg="Error saving note! Please try again later")
def getToken(): username_email = request.json.get('usernameEmail', None) password = request.json.get('password', None) # Checks username/email and password are not null/none if not username_email or not password: return resp(code=400, msg="Username/Email or Password not provided!") # Retrieves the user from the DB if the user exists userFromDB = queryDB( query= "select id, username, avatar, syncInterval, password from users where username=%s or email=%s;", oneRow=True, queryTerms=(username_email, username_email)) # Checks user is not null/none if userFromDB: # Checks password is matches the password stored for the user if verifyPw(password, userFromDB['password']) == True: # Generates a refresh and access token for the user with their username embedded within refresh_token = create_refresh_token( identity=userFromDB['username']) access_token = create_access_token(identity=userFromDB['username']) # Stores the latest access and refresh token generated for the user in the DB with a datetime stamp and a session start timestamp data = queryDB( modify=True, query= "Update users set access_token=%s, refresh_token=%s, timeStampLastLogin=CURRENT_TIMESTAMP(), timeStampSessionStart=CURRENT_TIMESTAMP() where username=%s;", queryTerms=(access_token, refresh_token, userFromDB['username'])) # Confirms the above ran without error if data != False: # Returns an access and refresh token along with the users username and avatar return resp(data={ "access_token": access_token, "refresh_token": refresh_token, "userId": userFromDB["id"], "username": userFromDB['username'], "syncInterval": userFromDB['syncInterval'], "avatar": f"http://localhost:5000/static/profileImages/{userFromDB['avatar']}" }, msg="token request successful") # If there was an issue storing the latest tokens and timestamps the login will fail and return a failur message return resp(code=400, msg="Issue logging in, Please try again.") # If the username cannot be found or the password is incorrect the login will fail an return a failure message return resp(code=400, msg="Incorrect username and/or password!")
def updatePassword(): # Gets user's identity (username) current_user = get_jwt_identity() # Gets password from request password = request.json.get('password', None) # Checks passwordis not null/none or an empty string if password and password != "": # Hashes the password passwordHash = hashPw(password) # Writes the updated password to the DB if queryDB(modify=True, query="update users set password=%s where username=%s;", queryTerms=(passwordHash, current_user)) != False: # Returns a successful message if the query was successful return resp(msg="Password has been successfully updated.") # Returns an error due to an issue writing the password to the DB return resp(msg="Issue updating password, PLease try again later.") # Returns an error due to the password being null/none or an empty string return resp( msg= "Password cannot be empty, How did you even get here, My frontend validations must be sleeping O_o" )
def updateAccount(): # Gets user's identity (username) current_user = get_jwt_identity() # Gets the updateable account details email = request.json.get('email', None) username = request.json.get('username', None) firstname = request.json.get('firstname', None) lastname = request.json.get('lastname', None) syncInterval = request.json.get('syncInterval', None) # Checks none of the details are neither null/none or an empty string if email and username and firstname and lastname and syncInterval != None or "": # Updates the users details if queryDB( modify=True, query= "update users set email=%s, username=%s, firstname=%s, lastname=%s, syncInterval=%s) where username=%s;", queryTerms=(email, username, firstname, lastname, syncInterval, current_user)) != False: # Gets tehe new users details from the DB data = queryDB(query="select * from users where username=%s;", oneRow=True, queryTerms=(username, )) # Confirms it was successfully retreived if data != False: # If successful, new account data will be returned to frontend return resp(data=data, msg="Account updated!") # Returns an error due to an issue writing updated details to the DB return resp(code=400, msg="Error while updating account, Please try agin later.") # Returns an error due to empty account details return resp(code=400, msg="Error, Empty account data.")
def register(): username = request.json.get('username', None) password = request.json.get('password', None) firstname = request.json.get('firstname', None) lastname = request.json.get('lastname', None) email = request.json.get('email', None) # Checks for null fields if not username or not password or not firstname or not lastname or not email: return resp(code=400, msg="Missing details") # Checks for empty fields if username == "" or password == "" or email == "" or firstname == "" or lastname == "": return resp(code=400, msg="Malformed register request!") # Checks if a user already exists with the provided username or email if queryDB(query="select * from users where username=%s or email=%s;", oneRow=True, queryTerms=(username, email)): return resp(code=400, msg="Username or email in use!") # Generates a unique userID userID = str(uuid.uuid4()) # Hashes the users password. passwordHash = hashPw(password) # Inserts new users details into the DB. if queryDB( modify=True, query= "insert into users (id,username,firstname,lastname,email,password, timeStampRegistration, syncInterval) VALUES (%s,%s,%s,%s,%s,%s, CURRENT_TIMESTAMP(), %s);", queryTerms=(userID, username, firstname, lastname, email, passwordHash, 5)) != True: return resp(code=400, msg="Issue during registration! Please try again later.") # Returns a success message to the frontend return resp(msg="Registration successful.")
def updateAccountData(): # Gets user's identity (username) current_user = get_jwt_identity() # Checks the request contains a file if 'file' in request.files: # Assigns the file to a variable file = request.files['file'] # Checks file is not null/None and that the file is using an allowed file extension if file and allowedFile(file.filename): # Checks and returns a secure filename and appends the current user to the name # to make it somewhat unique (UUID would be better here) filename = secure_filename(file.filename) + f"_{current_user}" # Saves the file in the set env variable UPLOAD FOLDER path file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename)) # Save the filename to the DB data = queryDB( modify=True, query="update users set avatar=%s where username=%s", queryTerms=(filename, current_user)) # Checks the data was successfully pushed to the DB if data != False: # Returns the updated filename to the frontend along with the full url to access it return resp(data={ "avatar": f"http://localhost:5000/static/profileImages/{filename}" }, msg="avatar added/updated") else: # Returns an error if the query was unsuccessful return resp(code=500, msg="error adding/updating avatar") # Returns an error if the file extension is not in the list of allowed extensions return resp(code=500, msg="File ext not allowed") # Returns an error if the request does not contain a file return resp(code=500, msg="File not in request")
def retrieveNotes(): # Get identity(username) from the access(JWT) token currentUser = get_jwt_identity() # Retrieve all notes associated with the user data = queryDB( query= "select id, title, body, timeStampEntered, timeStampModified, user from notes where user=(select id from users where username=%s);", allRows=True, queryTerms=(currentUser)) # Checks notes where successfully retrieved if data != False: # Returns users notes to frontend return resp(data=data, msg="query successful") # Returns error message if notes where not retrieved return resp(code=400, msg="Error retrieving notes, Please try again later.")
def retrieveAccountData(): # Get identity(username) from the access(JWT) token currentUser = get_jwt_identity() # Retrieve user info from DB accountInfo = queryDB( query= "select email, firstname, lastname, timeStampLastLogin, timeStampRegistration from users where username=%s;", oneRow=True, queryTerms=(currentUser)) # Checks account info is not null/none suggesting a failure to retrieve from the DB if accountInfo != False: # Returns account info return resp(data=accountInfo) # If account info retrieval fails for any reason return resp(code=400, msg="Error occured, Please try again later!")
def deleteNote(): # Gets user's identity (username) current_user = get_jwt_identity() # Gets note id from request noteId = request.json.get('id', None) # Checks noteId is not null/none then proceeds to delete the requested note if noteId: if queryDB( modify=True, query= "delete from notes where id=%s and user=(select id from users where username=%s);", queryTerms=(noteId, current_user)) != False: # Upon successful deletion a response will be resturned to the frontend stating such return resp(msg="Note successfully deleted!") # If noteId is null/none or the DB query fails an error message will be returned to the frontend return resp(code=400, msg="Error while deleting note, Please try again later.")