def add_popular_category(current_user): if isAdmin(current_user): if 'file' not in request.files: return "No file part", 205 file = request.files["file"] popular_category_name = request.form['name'] if file.filename == "": return "No images selected", 205 if file and allowed_file(file.filename): filename = secure_filename(file.filename) if os.path.exists("images/popular_categories/" + str(file.filename)): os.remove("images/popular_categories/" + str(file.filename)) file.save( os.path.join(app.config["POPULAR_CATEGORIES"], file.filename)) db = mysql_db.get_db() cursor = db.cursor() cursor.execute( "INSERT INTO popular_categories (name, image) VALUES(%s, %s) ", (popular_category_name, file.filename)) db.commit() # print("File uploaded: " + filename + " to test_images/profile_photos") return jsonify({"message": "Added"}), 200 else: return jsonify({"message": "Not authorized"}), 401
def edit_popular_category(current_user): if isAdmin(current_user): if 'file' not in request.files: return "No file part found", 205 file = request.files['file'] popular_category_name = request.form['name'] id = request.form['id'] if file.filename == "": return "No images selected", 205 if file and allowed_file(file.filename): filename = secure_filename(file.filename) if os.path.exists("images/popular_categories/" + str(file.filename)): os.remove("images/popular_categories/" + str(file.filename)) # Remove old image db = mysql_db.get_db() cursor = db.cursor() cursor.execute("SELECT image FROM popular_categories WHERE id=%s", (id, )) old_name = cursor.fetchone() try: os.remove("images/popular_categories/" + str(old_name)) except FileNotFoundError as fne: print(fne) cursor.execute( "UPDATE popular_categories SET name=%s, image=%s WHERE id=%s", (popular_category_name, str(file.filename), id)) file.save( os.path.join(app.config["POPULAR_CATEGORIES"], file.filename)) db.commit() return jsonify({"message": "Edited"}), 200 else: return jsonify({"message": "Not authorized"}), 401
def confirm_reset_password_token(token): try: email = confirm_token(token) except: return jsonify({"message": "Expired or invalid link"}), 401 if email: db = mysql_db.get_db() cursor = db.cursor() cursor.execute("SELECT * FROM users WHERE email=%s", (email, )) user = cursor.fetchone() temp_pass = str(uuid4())[:8] user['password'] = generate_password_hash(temp_pass, method='sha256') user['password_reset'] = True cursor.execute( "UPDATE users SET password_reset=%(password_reset)s, password=%(password)s WHERE email=%(email)s", user) db.commit() return render_template('reset_password.html', url=url_for('index'), success=True, password=temp_pass) else: return render_template('reset_password.html', url=url_for('index'), success=False)
def confirm_email(token): try: email = confirm_token(token) except: return jsonify({"message": "Invalid token"}) if email: db = mysql_db.get_db() cursor = db.cursor() cursor.execute("SELECT * FROM users WHERE email=%s", (email, )) user = cursor.fetchone() if user['confirmed']: return render_template('email_confirmed.html', url=url_for('index'), success=False), 201 user['confirmed'] = True user['confirmed_on'] = datetime.datetime.now() cursor.execute( "UPDATE users SET confirmed=%(confirmed)s, confirmed_on=%(confirmed_on)s WHERE email=%(email)s", user) db.commit() return render_template('email_confirmed.html', url=url_for('index'), success=True), 201 else: return render_template('email_confirmed.html', url=url_for('index'), failed=True), 404
def login(): auth = request.get_json() cursor = mysql_db.get_db().cursor() cursor.execute("SELECT * FROM users WHERE username=%(username)s", auth) customer = cursor.fetchone() if not customer: return jsonify({"message": "Invalid credentials"}), 401 if check_password_hash(customer.get('password'), auth['password']): token = jwt.encode( { 'id': customer.get('id'), 'exp': datetime.datetime.utcnow() + datetime.timedelta(hours=12) }, app.config['SECRET_KEY'], 'HS256') response = make_response("Verified", 200) # Check if cookie with token exists get_cookie = request.cookies.get('_tkws') if not get_cookie: response.set_cookie('_tkws', encrypt_jwt(token), max_age=60 * 60 * 13), 200 return response return make_response("Could not verify", 401, {"WWW-Authenticate": "Basic realm='Login required!'"})
def customer_registration(): data = request.get_json() hashed_password = generate_password_hash(data['password'], method='sha256') db = mysql_db.get_db() cursor = db.cursor() data['password'] = hashed_password # data['date_of_birth'] = datetime.datetime.strptime( data['date_of_birth'][:-5], "%Y-%m-%dT%H:%M:%S") + datetime.timedelta(hours=1) data['registration_date'] = datetime.datetime.now() data['admin'] = False data['image'] = "no_picture.png" token = generate_confirmation_token(data['email']) confirm_url = url_for("customer.confirm_email", token=token, _external=True) html = render_template('email_confirmation.html', confirm_url=confirm_url, name=data['first_name']) subject = "WebShop - Email confirmation" send_email(data['email'], subject, html) cursor.execute( "INSERT INTO users (email, username, password, first_name, last_name, gender, date_of_birth, registration_date, admin, image) VALUES(%(email)s, %(username)s, %(password)s, %(first_name)s, %(last_name)s, %(gender)s, %(date_of_birth)s, %(registration_date)s, %(admin)s, %(image)s)", data) db.commit() return jsonify({ "message": "A confirmation email has been sent to your email address" }), 201
def edit_user_data(current_user): data = request.get_json() current_user['address_1'] = data['address_1'] current_user['address_2'] = data['address_2'] current_user['city'] = data['city'] current_user['country'] = data['country'] current_user['postal_code'] = data['postal_code'] current_user['phone_number'] = data['phone_number'] db = mysql_db.get_db() cursor = db.cursor() if data['email'] != current_user['email']: current_user['email'] = data['email'] current_user['confirmed'] = False cursor.execute( "UPDATE users SET confirmed=%(confirmed)s, email=%(email)s, address_1=%(address_1)s, address_2=%(address_2)s, city=%(city)s, country=%(country)s, postal_code=%(postal_code)s, phone_number=%(phone_number)s WHERE id=%(id)s", current_user) # Token for email confirmation token = generate_confirmation_token(data['email']) confirm_url = url_for("customer.confirm_email", token=token, _external=True) html = render_template('email_confirmation.html', confirm_url=confirm_url, name=data['first_name']) subject = "WebShop - Email address changed" send_email(data['email'], subject, html) else: cursor.execute( "UPDATE users SET address_1=%(address_1)s, address_2=%(address_2)s, city=%(city)s, country=%(country)s, postal_code=%(postal_code)s, phone_number=%(phone_number)s WHERE id=%(id)s", current_user) db.commit() return jsonify({"message": "Updated"}), 200
def get_all_products(): cursor = mysql_db.get_db().cursor() cursor.execute("SELECT * FROM products") products = cursor.fetchall() for i in products: i["created_at"] = i["created_at"].isoformat() return jsonify(products)
def update_cart_item_quantity(current_user, id): db = mysql_db.get_db() cursor = db.cursor() cursor.execute("UPDATE cart_items SET quantity=%s WHERE id=%s", (int(request.data), id)) db.commit() return "", 200
def decorated(*args, **kwargs): token = None try: if request.cookies.get('_tkws'): token = request.cookies.get('_tkws') token = token.encode() try: token = decrypt_jwt(token) except cryptography.fernet.InvalidToken: return "Invalid Token", 205 except KeyError: return "Could not authenticate", 205 if not token: return jsonify({"message":'Missing token'}), 205 try: data = jwt.decode(token, app.config['SECRET_KEY'], algorithms=['HS256']) cursor = mysql_db.get_db().cursor() cursor.execute("SELECT * FROM users WHERE id=%s", (data['id'], )) current_user = cursor.fetchone() except jwt.ExpiredSignatureError: return jsonify({"message':'Expired or it's invalid token"}), 401 return f(current_user, *args, **kwargs)
def get_all_admins(current_user): if isAdmin(current_user ): # returns True if user has attribute of admin(bool)==True db = mysql_db.get_db().cursor() db.execute("SELECT * FROM admins") admins = db.fetchall() return jsonify(admins), 200 else: return jsonify({'message': 'Not verified'}), 401
def get_admin_orders_by_status(current_user, status): if isAdmin(current_user): cursor = mysql_db.get_db().cursor() cursor.execute( "SELECT o.id, o.customer_id, o.order_status_code, o.order_date, SUM(oi.order_item_quantity) order_item_quantity, SUM(oi.order_item_price) total, u.username FROM orders o INNER JOIN order_items oi ON o.id = oi.order_id INNER JOIN users u ON o.customer_id=u.id WHERE o.order_status_code=%s GROUP BY o.id", (status, )) orders = cursor.fetchall() return jsonify(orders) else: return jsonify({"message": "Not authorized"}), 401
def stripe_pay(): customer = stripe.Customer.create(email=request.form['stripeEmail'], source=request.form['stripeToken']) db = mysql_db.get_db() cursor = db.cursor() cursor.execute("SELECT * FROM users WHERE email=%s", (request.form['stripeEmail'])) customer_db = cursor.fetchone() if not customer_db: return "No user with email provided found", 205 cursor.execute( "SELECT * FROM cart_items c LEFT JOIN products p ON c.product_id=p.id LEFT JOIN shopping_cart s ON c.shopping_cart_id=s.id WHERE s.customer_id=%s", (customer_db['id'], )) cart_items = cursor.fetchall() # Get amount to be charged total_price = 0 for i in cart_items: total_price += (i["price"] * i["quantity"]) charge = stripe.Charge.create(customer=customer.id, amount=int(total_price * 100), currency='usd', description=customer_db["username"] + " cart items") cursor.execute("SELECT id FROM shopping_cart WHERE customer_id=%s", (customer_db['id'])) shopping_cart_id = cursor.fetchone() cursor.execute("DELETE FROM cart_items WHERE shopping_cart_id=%s", (int(shopping_cart_id['id']))) cursor.execute( "INSERT INTO orders (customer_id, order_status_code) VALUES (%s, %s)", (customer_db['id'], 1)) db.commit() cursor.execute( "SELECT * FROM orders WHERE customer_id=%s ORDER BY orders.order_date DESC", (customer_db['id'])) order = cursor.fetchone() cursor.execute( "INSERT INTO invoices (order_id, invoice_desc) VALUES (%s, %s)", (order['id'], str(customer_db['first_name'] + " " + customer_db['last_name']))) for i in cart_items: cursor.execute( "INSERT INTO order_items (product_id, order_id, order_item_quantity, order_item_price) VALUES (%s, %s, %s, %s)", (i['product_id'], order['id'], i['quantity'], i['price'])) # TODO - Place order db.commit() return redirect(url_for('index'))
def edit_category(current_user, id): if isAdmin(current_user): data = dict(request.json) db = mysql_db.get_db() cursor = db.cursor() cursor.execute("UPDATE categories SET category_name=%s WHERE id=%s", (data['category_name'], id)) db.commit() return jsonify({"messsage": "Category name updated"}), 200 else: return jsonify({"message": "Not authorized"}), 401
def add_category(current_user): if isAdmin(current_user): data = dict(request.json) db = mysql_db.get_db() cursor = db.cursor() cursor.execute("INSERT INTO categories VALUES (0, %s)", data['category_name']) db.commit() return jsonify({"message": "Category added"}), 200 else: return jsonify({"message": "Not authorized"}), 401
def add_subcategory(current_user): if isAdmin(current_user): data = dict(request.json) db = mysql_db.get_db() cursor = db.cursor() cursor.execute( "INSERT INTO sub_categories (category_id, sub_category_name) VALUES (%(category_id)s, %(sub_category_name)s)", data) db.commit() return jsonify({"message": "Category added"}), 200 else: return jsonify({"message": "Not authorized"}), 401
def search(params): cursor = mysql_db.get_db().cursor() query = "SELECT * FROM products WHERE name LIKE '%" + params + "%'" cursor.execute(query) search_result = cursor.fetchall() # count = len(search_result) # if len(params) <= 3: # If search params is les than 3 characters, return quarter of search results number # return jsonify(search_result[:round(count/4)]) if not search_result: return "", 205 return jsonify(search_result)
def delete_popular_category(current_user, id): if isAdmin(current_user): db = mysql_db.get_db() cursor = db.cursor() cursor.execute("SELECT * FROM popular_categories WHERE id=%s", (id, )) cat = cursor.fetchone() try: os.remove("images/popular_categories/" + str(cat['image'])) except FileNotFoundError as fne: print(fne) cursor.execute("DELETE FROM popular_categories WHERE id=%s", (id, )) db.commit() return jsonify({"message": "Deleted"})
def get_cart_items(current_user): if current_user: cursor = mysql_db.get_db().cursor() cursor.execute( "SELECT * FROM cart_items c LEFT JOIN products p ON c.product_id=p.id LEFT JOIN shopping_cart s ON c.shopping_cart_id=s.id WHERE s.customer_id=%s", (current_user['id'], )) cart_items = cursor.fetchall() for i in cart_items: i["product_id"] = i["p.id"] del i["customer_id"], i["shopping_cart_id"], i["s.id"], i["p.id"] return jsonify(cart_items) else: return "Not authenticated", 401
def get_orders(current_user): db = mysql_db.get_db() cursor = db.cursor() cursor.execute( "SELECT o.id, o.order_date, o.order_status_code, p.name, oi.order_item_quantity, oi.order_item_price FROM order_items oi LEFT JOIN orders o ON oi.order_id=o.id LEFT JOIN products p ON oi.product_id=p.id WHERE o.customer_id=%s ORDER BY o.order_date DESC", (current_user['id'])) orders = cursor.fetchall() sorted_orders = sorted(orders, key=operator.itemgetter('id')) list_orders = [] for key, group in itertools.groupby(sorted_orders, key=lambda x: x['id']): list_orders.append(list(group)) return jsonify(list_orders)
def change_password(current_user): data = dict(request.json) db = mysql_db.get_db() cursor = db.cursor() cursor.execute("SELECT * FROM users WHERE id=%s", (current_user['id'], )) user = cursor.fetchone() user["password"] = generate_password_hash(data["newPass"], method='sha256') user["password_reset"] = False cursor.execute( "UPDATE users SET password=%(password)s, password_reset=%(password_reset)s WHERE email=%(email)s", user) db.commit() return jsonify({"message": "Password successfully changed"}), 200
def add_item_to_cart(current_user, id): db = mysql_db.get_db() cursor = db.cursor() cursor.execute( "SELECT customer_id, id FROM shopping_cart WHERE customer_id=%s", (current_user['id'], )) hasCart = cursor.fetchone() cursor.execute("SELECT id FROM products WHERE id=%s", (id, )) product = cursor.fetchone() try: quantity = int(request.data) except TypeError: return "", 205 if hasCart: data = { "product_id": product['id'], "shopping_cart_id": hasCart["id"], "created_at": datetime.datetime.now(), "quantity": quantity } cursor.execute( "INSERT INTO cart_items (product_id, shopping_cart_id, created_at, quantity) VALUES (%(product_id)s, %(shopping_cart_id)s, %(created_at)s, %(quantity)s)", data) db.commit() return jsonify({"message": "Added to cart"}), 200 else: cursor.execute( "INSERT INTO shopping_cart (customer_id, created_at) VALUES (%s, %s)", (current_user['id'], datetime.datetime.now())) db.commit() cursor.execute( "SELECT customer_id, id FROM shopping_cart WHERE customer_id=%s", (current_user['id'], )) hasCart = cursor.fetchone() data = { "product_id": product['id'], "shopping_cart_id": hasCart["id"], "created_at": datetime.datetime.now(), "quantity": quantity } cursor.execute( "INSERT INTO cart_items (product_id, shopping_cart_id, created_at, quantity) VALUES (%(product_id)s, %(shopping_cart_id)s, %(created_at)s, %(quantity)s)", data) db.commit() return jsonify({"message": "Added to cart"}), 200
def delete_profile_picture(current_user): if os.path.exists("images/profile_images/" + str(current_user['image'])): try: if not str(current_user['image']) == "no_image.png": os.remove("images/profile_images/" + str(current_user['image'])) except PermissionError: return "Error", 404 current_user['image'] = "" db = mysql_db.get_db() cursor = db.cursor() cursor.execute("UPDATE users SET image=%(image)s WHERE id=%(id)s", current_user) db.commit() return "", 200 else: return "", 400
def reset_password(): data = dict(request.json) cursor = mysql_db.get_db().cursor() cursor.execute("SELECT * FROM users WHERE email=%s", (data['email'], )) user = cursor.fetchone() if user: token = generate_confirmation_token(user['email']) reset_url = url_for("customer.confirm_reset_password_token", token=token, _external=True) html = render_template("reset_password_email.html", reset_url=reset_url) subject = "WebShop - Account Recovery" send_email(user['email'], subject, html) return jsonify({ "message": "An email with reset token has been sent to email address" }), 200 if not user: return jsonify({"message": "No user found with email provided"}), 200
def upload_profile_picture(current_user): if 'file' not in request.files: return "No file part", 205 file = request.files["file"] if file.filename == "": return "No images selected", 205 if file and allowed_file(file.filename): filename = secure_filename(file.filename) if os.path.exists("images/profile_images/" + str(current_user['image']) ) and current_user['image'] != "": os.remove("images/profile_images/" + str(current_user['image'])) file.save(os.path.join(app.config["PROFILE_IMAGES"], file.filename)) db = mysql_db.get_db() cursor = db.cursor() current_user['image'] = file.filename cursor.execute("UPDATE users SET image=%(image)s WHERE id=%(id)s", current_user) db.commit() # print("File uploaded: " + filename + " to test_images/profile_photos") return filename, 200
def get_one_category(id): cursor = mysql_db.get_db().cursor() cursor.execute("SELECT * FROM categories WHERE id=%s", (id, )) category = cursor.fetchone() return jsonify(category)
def get_categories(): cursor = mysql_db.get_db().cursor() cursor.execute("SELECT * FROM categories") categories = cursor.fetchall() return jsonify(categories)
def get_daily_deals_products(): cursor = mysql_db.get_db().cursor() cursor.execute("SELECT p.id, p.category_id, p.sub_category_id, p.name, p.price, p.color, p.size, p.desc, p.image, p.created_at FROM daily_deals d LEFT JOIN products p ON p.id = d.product_id") daily_deals = cursor.fetchall() return jsonify(daily_deals)
def get_similar_products(id): cursor = mysql_db.get_db().cursor() cursor.execute("SELECT * FROM products WHERE sub_category_id=%s", (id, )) products = cursor.fetchmany(4) return jsonify(products)
def get_one_product(id): cursor = mysql_db.get_db().cursor() cursor.execute("SELECT * FROM products WHERE id=%s", (id, )) product = cursor.fetchone() product["created_at"] = product["created_at"].isoformat() return jsonify(product)