def delete(cls, name: str):
store = StoreModel.find_by_name(name)
if store:
store.delete_from_db()
return {"message": get_text("store_deleted")}, 200
return {"message": get_text("store_not_found")}, 404
def post(cls):
user = user_schema.load(request.get_json())
if UserModel.find_by_username(user.username):
return {
"message": get_text("user_name_exists").format(user.username)
}, 400
if UserModel.find_by_email(user.email):
return {
"message": get_text("user_email_exists").format(user.email)
}, 400
user.password = bc.generate_password_hash(
user.password).decode('utf-8')
try:
user.save_to_db()
activation = ActivationModel(user.id)
activation.save_to_db()
user.send_confirmation_email()
return {"message": get_text("user_register_successful")}, 201
except MailgunException as err:
user.delete_from_db()
return {"message": str(err)}, 500
except:
traceback.print_exc()
user.delete_from_db()
return {"message": get_text("user_register_error")}, 500
def put(cls):
"""
Upload user avatars. All avatars are named after the user's ID.
Something like this: user_{id}.{ext}
Uploading a new avatar overwrites the existing one.
"""
data = image_schema.load(request.files)
user_id = get_jwt_identity()
filename = f"user_{user_id}"
folder = "avatars"
avatar_path = im.find_image_any_format(filename, folder)
if avatar_path:
try:
os.remove(avatar_path)
except:
return {
"message": get_text("avatar_delete_error").format(filename)
}, 500
try:
ext = im.get_extension(data["image"].filename)
name = filename + ext
avatar_path = im.save_image(data["image"], folder, name)
basename = im.get_basename(avatar_path)
return {
"message": get_text("avatar_uploaded").format(basename)
}, 200
except UploadNotAllowed:
extension = im.get_extension(data["image"])
return {
"message":
get_text("image_extension_not_allowed").format(extension)
}, 400
def post(cls, name: str):
if StoreModel.find_by_name(name):
return {"message": get_text("store_name_exists").format(name)}, 400
store = StoreModel(name=name)
try:
store.save_to_db()
except:
return {"message": get_text("store_insert_error")}, 500
return store_schema.dump(store), 201
def get(cls, activation_id: str):
activation = ActivationModel.find_by_id(activation_id)
if not activation:
return {"message": get_text("activation_not_found")}, 404
if activation.expired:
return {"message": get_text("activation_expired")}, 400
if activation.activated:
return {"message": get_text("activation_activated")}, 400
activation.activated = True
activation.save_to_db()
headers = {"Content-Type": "text/html"}
return make_response(
render_template("activation_page.html",
email=activation.user.email), 200, headers)
def get(cls, filename: str):
"""
Returns the reuqested image if it exists. Looks inside the logged in user's folder.
"""
user_id = get_jwt_identity()
folder = f"user_{user_id}"
if not im.is_filename_safe(filename):
return {
"message": get_text("image_illegal_file_name").format(filename)
}, 400
try:
return send_file(im.get_path(filename, folder))
except FileNotFoundError:
return {
"message": get_text("image_not_found").format(filename)
}, 404
def get(cls, user_id: int):
filename = f"user_{user_id}"
folder = "avatars"
avatar = im.find_image_any_format(filename, folder)
if avatar:
return send_file(avatar)
return {"message": get_text("avatar_not_found").format(user_id)}, 404
def delete(cls, filename: str):
user_id = get_jwt_identity()
folder = f"user_{user_id}"
if not im.is_filename_safe(filename):
return {
"message": get_text("image_illegal_file_name").format(filename)
}, 400
try:
os.remove(im.get_path(filename, folder))
return {"message": get_text("image_deleted").format(filename)}, 200
except FileNotFoundError:
return {
"message": get_text("image_not_found").format(filename)
}, 404
except:
traceback.print_exc()
return {
"message": get_text("image_delete_error").format(filename)
}, 500
def post(cls):
user_data = user_schema.load(request.get_json(), partial=("email", ))
user = UserModel.find_by_username(user_data.username)
if user and user.verify_password(user_data.password):
activation = user.most_recent_activation
if activation and activation.activated:
access_token = create_access_token(identity=user.id,
fresh=True)
refresh_token = create_refresh_token(user.id)
return {
"access_token": access_token,
"refresh_token": refresh_token
}, 200
return {
"message": get_text("user_not_activated").format(user.email)
}, 40
return {"message": get_text("user_invalid_credentials")}, 401
def get(cls, user_id: int):
user = UserModel.find_by_id(user_id)
if not user:
return {"message": get_text("user_not_found")}, 404
return ({
"current_time":
int(time()),
"activation": [
activation_schema.dump(each)
for each in user.activation.order_by(ActivationModel.expire_at)
]
}, 200)
def post(cls):
"""
Upload an image file. It uses JWT to retrieve user information and then saves the image to the user's folder.
If there is a filename conflict, it appends a number at the end.
"""
data = image_schema.load(request.files)
user_id = get_jwt_identity()
folder = f"user_{user_id}"
try:
image_path = im.save_image(data["image"], folder)
basename = im.get_basename(image_path)
return {
"message": get_text("image_uploaded").format(basename)
}, 201
except UploadNotAllowed:
extension = im.get_extension(data["image"])
return {
"message":
get_text("image_extension_not_allowed").format(extension)
}, 400
def send_email(cls, email: List[str], subject: str, text: str,
html: str) -> Response:
if cls.MAILGUN_DOMAIN is None:
raise MailgunException(get_text("mailgun_failed_load_domain"))
if cls.MAILGUN_API_KEY is None:
raise MailgunException(get_text("mailgun_failed_load_api_key"))
response = post(
f"https://api.mailgun.net/v3/{cls.MAILGUN_DOMAIN}/messages",
auth=("api", cls.MAILGUN_API_KEY),
data={
"from": f"{cls.FROM_TITLE} <{cls.FROM_EMAIL}>",
"to": email,
"subject": subject,
"text": text,
"html": html
})
if response.status_code != 200:
raise MailgunException(get_text("mailgun_failed_send_email"))
return response
def post(cls, user_id: int):
"""Resend activation email"""
user = UserModel.find_by_id(user_id)
if not user:
return {"message": get_text("user_not_found")}, 404
try:
activation = user.most_recent_activation
if activation:
if activation.activated:
return {"message": get_text("activation_activated")}, 400
activation.force_to_expire()
new_activation = ActivationModel(user_id)
new_activation.save_to_db()
user.send_confirmation_email()
return {"message": get_text("activation_resend_successful")}, 201
except MailgunException as err:
return {"message": err.message}, 500
except:
traceback.print_exc()
return {"message": get_text("activation_resend_error")}, 500
def get(cls, name: str):
store = StoreModel.find_by_name(name)
if store:
return store_schema.dump(store), 200
return {"message": get_text("store_not_found")}, 404
def get(cls, user_id: int):
user = UserModel.find_by_id(user_id)
if not user:
return {"message": get_text("user_not_found")}, 404
return user_schema.dump(user), 200
def post(cls):
# jti is "JWT ID", a unique identifier for a JWT.
jti = get_jwt()["jti"]
user_id = get_jwt_identity()
BLACKLIST.add(jti)
return {"message": get_text("user_logged_out").format(user_id)}, 200
def delete(cls, user_id: int):
user = UserModel.find_by_id(user_id)
if not user:
return {"message": get_text("user_not_found")}, 404
user.delete_from_db()
return {"message": get_text("user_deleted")}, 200