def user_info(variables={}, request={}):
result = {}
try:
user_id = Token.Token().query('USERID').where(
'TOKEN', '=', request.params['token']).get()[0]['USERID']
user_query = User.User()\
.query('USERS.ID', 'USERS.USERNAME', 'USERS.FIRSTNAME', 'USERS.LASTNAME', 'USERS.EMAIL')\
.where('USERS.ID', '=', user_id).get()[0]
locations = Location.Location()\
.query('LOCATIONS.COUNTRY', 'LOCATIONS.CITY', 'LOCATIONS.STREET')\
.where('USERID', '=', user_id).get()
if locations:
locations = locations[0]
else:
locations = dict()
prefs = Preference.Preference().query('*').where(
'USERID', '=', user_id).get()
if prefs:
prefs = prefs[0]
else:
prefs = dict()
result['firstname'] = user_query['USERS.FIRSTNAME']
result['lastname'] = user_query['USERS.LASTNAME']
result['email'] = user_query['USERS.EMAIL']
result['country'] = locations.get('LOCATIONS.COUNTRY', '')
result['city'] = locations.get('LOCATIONS.CITY', '')
result['street'] = locations.get('LOCATIONS.STREET', '')
result['title_preferences'] = prefs.get('PREFERENCE', '')
except UserWarning, e:
logging.exception('User warning')
return Controller.response_json({'status': 'error', 'message': str(e)})
def token_valid(variables={}, request={}):
status = 'success'
message = ''
token_ok = False
if not 'token' in request.params:
status = 'error'
message = 'token must be present for this api'
else:
token = Token.Token()
user_token = request.params['token']
count = len(token.query('ID').where('TOKEN', '=', user_token).get())
if count == 0:
status = 'error'
message = 'invalid user token'
else:
token_ok = True
if token_ok:
return (True, None)
else:
result = {
'status' : status,
'message' : message
}
return (False, Controller.response_json(result))
def closure(variables={}, request={}):
for param in params:
if not param in request.params:
result = {
'status': 'error',
'message': 'Parameter %s should be present' % (param)
}
return (False, Controller.response_json(result))
return (True, None)
def user_info(variables={}, request={}):
id = request.params['id']
ok, error_message = Validator.validate([(id, r'^[0-9]|[1-9][0-9]+$',
'id value is invalid')])
user = {}
try:
if not ok:
raise UserWaning(error_message)
found_user = User.User().query('*').where('ID', '=', id).get()
if not found_user:
raise UserWarning('no such user')
found_user = found_user[0]
book_count = UserBook.UserBook().count().where(
'USERID', '=', found_user['ID']).get()[0]
books_query = Book.Book()\
.query('BOOKS.ID')\
.join('USERBOOKS', 'ID', 'BOOKID')\
.where('USERBOOKS.USERID', '=', found_user['ID']).get()
books = []
for book_result in books_query:
book = BookController.get_book_by_id(book_result['BOOKS.ID'])
books.append(book)
location = Location.Location().query('*').where(
'USERID', '=', found_user['ID']).get()
if location:
location = location[0]
else:
location = dict()
prefs = Preference.Preference().query('*').where(
'USERID', '=', found_user['ID']).get()
if prefs:
prefs = prefs[0]
else:
prefs = dict()
user = {
'id': found_user['ID'],
'username': found_user['USERNAME'],
'first_name': found_user['FIRSTNAME'],
'last_name': found_user['LASTNAME'],
'country': location.get('COUNTRY', ''),
'city': location.get('CITY', ''),
'street': location.get('STREET', ''),
'email': found_user['EMAIL'],
'book_count': book_count['count'],
'books': books,
'title_preference': prefs.get('PREFERENCE', '')
}
except UserWarning, e:
logging.exception('User warning')
return Controller.response_json({'status': 'error', 'message': str(e)})
def get_genres(variables={}, request={}):
global genres
result = {
'status': 'success',
'message': 'genres',
'response': {
'genres': genres
}
}
return Controller.response_json(result)
def recommended(variables={}, request={}):
result = []
try:
search_results = Book.Book().query('ID').get()
logging.debug(search_results)
for search_result in search_results[:10]:
book = BookController.get_book_by_id(search_result['ID'])
result.append(book)
except UserWarning, e:
logging.exception('User warning')
return Controller.response_json({'status': 'error', 'message': str(e)})
def search(variables={}, request={}):
keywords = request.params.get('keywords', '.*')
authors = request.params.get('authors', '.*')
genres = request.params.get('genres', '.*')
before = request.params.get('before', '-')
after = request.params.get('after', '-')
location = request.params.get('location', '-')
ok, error_message = Validator.validate([
(keywords, r'^\.\*|[a-zA-Z0-9,. \'"+-=;?]+$',
'keywords value is invalid'),
(authors, r'^\.\*|[\w\'-, ]+$', 'authors value is invalid'),
(genres, r'^\.\*|(%s)$' % ('|'.join(BookController.genres)),
'genres value is invalid'),
(before,
r'^\-|([1-9]|([012][0-9])|(3[01]))\-([0]{0,1}[1-9]|1[012])\-\d\d\d\d$',
'before value is invalid'),
(after,
r'^\-|([1-9]|([012][0-9])|(3[01]))\-([0]{0,1}[1-9]|1[012])\-\d\d\d\d$',
'after value is invalid'),
])
result = []
try:
if not ok:
raise UserWarning(error_message)
search_results = Book.Book().query('BOOKS.ID', 'BOOKS.GOODREADSID', 'BOOKS.ISBN', 'BOOKS.TITLE', 'BOOKS.GENRE', 'BOOKS.EXPIRES', 'BOOKS.AUTHORID', 'BOOKS.COVER', 'AUTHORS.NAME')\
.join('AUTHORS', 'AUTHORID', 'ID')\
.where('BOOKS.title', 'REGEXP', '|'.join(keywords.split(',')))\
.condition('AND', 'BOOKS.GENRE', 'REGEXP', '|'.join(genres.split(',')))\
.condition('AND', 'AUTHORS.NAME', 'REGEXP', '|'.join(authors.split(',')))
if before != '-':
before = datetime.strptime(before, '%d-%m-%Y').strftime('%Y-%m-%d')
search_results = search_results.condition('AND', 'BOOKS.EXPIRES',
'<', before)
if after != '-':
after = datetime.strptime(after, '%d-%m-%Y').strftime('%Y-%m-%d')
search_results = search_results.condition('AND', 'BOOKS.EXPIRES',
'>', after)
search_results = search_results.get()
for search_result in search_results:
book = BookController.get_book_by_id(search_result['BOOKS.ID'])
result.append(book)
except UserWarning, e:
logging.exception('User warning')
return Controller.response_json({'status': 'error', 'message': str(e)})
def propose_exchange(variables={}, request={}):
status = 'success'
message = ''
token = request.params['token']
book_id = request.params['bookid']
dict_book = Book.Book().query("DELETED").where("ID", "=", book_id).get()
if not dict_book:
status = 'error'
message = 'the book does not exist'
elif (dict_book[0]['DELETED'] == 1):
status = 'error'
message = 'the book is not available for exchange'
else:
dict_receiver = Token.Token().query("USERID").where(
"TOKEN", "=", token).get()
dict_owner = UserBook.UserBook().query("USERID").where(
"BOOKID", "=", book_id).get()
logging.debug(dict_owner)
if (dict_receiver[0]['USERID'] == dict_owner[0]['USERID']):
status = 'error'
message = 'users cannot send requests to themselves'
else:
dict_exchange = Exchange.Exchange().query('ID').where("OWNERID", "=", dict_owner[0]['USERID']). \
condition("AND", "RECEIVERID", "=", dict_receiver[0]['USERID']). \
condition("AND", "BOOKID1", "=", book_id).get()
if (dict_exchange):
status = 'error'
message = 'the exchange already exists'
else:
date = datetime.datetime.now().strftime("%Y-%m-%d")
insert_dict = {
'OWNERID': dict_owner[0]['USERID'],
'RECEIVERID': dict_receiver[0]['USERID'],
'BOOKID1': book_id,
'EXCHANGEDATE': date,
'ISFINISHED': 0,
'HASSUCCEEDED': 0
}
message = 'the request has been registered'
Exchange.Exchange().insert(insert_dict)
result = {'status': status, 'message': message}
return Controller.response_json(result)
def get_book(variables={}, request={}):
id = request.params['id']
ok, error_message = Validator.validate([
(id, r'^([0-9]|[1-9][0-9]+)$',
'id value is invalid, should be a positive number')
])
result = None
try:
if not ok:
raise UserWarning(error_message)
result = get_book_by_id(int(id))
if not result:
raise UserWarning('book not found')
except UserWarning, e:
print 'user warining: ', repr(e)
return Controller.response_json({'status': 'error', 'message': str(e)})
def match_book(variables={}, request={}):
status = 'success'
message = ''
token = request.params['token']
receiver_id = request.params['receiverid']
book_id1 = request.params['bookid1']
book_id2 = request.params['bookid2']
user_dict = Token.Token().query("USERID").where("TOKEN", "=", token).get()
book1_dict = Book.Book().query("TITLE").where("ID", "=", book_id1).get()
book2_dict = Book.Book().query("TITLE").where("ID", "=", book_id2).get()
if not book1_dict or not book2_dict:
status = 'error'
message = 'one of the books does not exist'
else:
exchange_dict = Exchange.Exchange().query("*").where("OWNERID", "=", user_dict[0]['USERID']). \
condition("AND", "BOOKID1", "=", book_id1). \
condition("AND", "RECEIVERID", "=", receiver_id).get()
if not exchange_dict:
status = 'error'
message = 'the exchange does not exist'
else:
if exchange_dict[0]['ISFINISHED'] == 1:
status = 'error'
message = 'the exchange has already been approved/denied'
else:
if exchange_dict[0]['BOOKID2'] != None:
status = 'error'
message = 'you cannot respond to this exchange'
else:
Exchange.Exchange().update({ 'BOOKID2' : book_id2 }). \
where("OWNERID", "=", user_dict[0]['USERID']). \
condition("AND", "BOOKID1", "=", book_id1). \
condition("AND", "RECEIVERID", "=", receiver_id).execute()
status = 'success'
message = 'user responded to the exchange'
result = {'status': status, 'message': message}
return Controller.response_json(result)
def register(variables={}, request={}):
status = 'success'
message = ''
username = request.params['username']
password = request.params['password']
user = User.User()
response_dict_user = user.query("ID").where("USERNAME", "=",
username).condition(
"OR", "EMAIL", "=",
username).get()
if not response_dict_user:
message = 'incorrect username or password'
status = 'error'
else:
response_dict_pass = user.query("PASSWORD", "SALT").where(
"USERNAME", "=", username).condition("OR", "EMAIL", "=",
username).get()
input_pass_hash = bcrypt.hashpw(password.encode('utf8'),
response_dict_pass[0]["SALT"])
if input_pass_hash != response_dict_pass[0]["PASSWORD"]:
message = 'incorrect username or password'
status = 'error'
else:
token = Token.Token()
response_dict_token = token.query("TOKEN").where(
"USERID", "=",
response_dict_user[0]["ID"]).condition("AND", "TOKENTYPE", "=",
"booxtoken").get()
message = 'log in successful'
status = 'success'
if status == 'success':
response = {
'token': response_dict_token[0]['TOKEN'],
'id': response_dict_user[0]['ID']
}
result = {'status': status, 'message': message, 'response': response}
else:
result = {'status': status, 'message': message}
return Controller.response_json(result)
def search_external(variables={}, request={}):
query = request.params['query']
limit = request.params.get('limit', '0')
ok, error_message = Validator.validate([
(query, r'^[a-zA-Z0-9, \'"+-=;?]+$', 'title query is invalid'),
(limit, r'^([0-9]|[1-9][0-9]+)$',
'limit value is invalid, should be a positive number')
])
try:
if not ok:
raise UserWarning(error_message)
limit = int(limit)
result = Goodreads.request_search(query, limit)
except UserWarning, e:
print 'user warining: ', repr(e)
return Controller.response_json({'status': 'error', 'message': str(e)})
def get_user_books(variables={}, request={}):
status = 'success'
message = ''
user_id = request.params.get('user', '')
exchange_id = request.params.get('exchange_id', '')
token = request.params.get('token', '')
result = None
try:
books_query = Book.Book().query('ID').join('USERBOOKS', 'ID',
'BOOKID').where(
'USERBOOKS.USERID', '=',
user_id).get()
books = [
BookController.get_book_by_id(book['ID']) for book in books_query
]
result = books
except UserWarning, e:
logging.exception('User warning')
return Controller.response_json({'status': 'error', 'message': str(e)})
def list_offers(variables={}, request={}):
status = 'success'
message = ''
exchange_status = ''
token = request.params['token']
user_dict = Token.Token().query("USERID").where("TOKEN", "=", token).get()
exchange_dict = Exchange.Exchange().query("EXCHANGES.OWNERID", "EXCHANGES.RECEIVERID", "EXCHANGES.BOOKID1", "EXCHANGES.BOOKID2", "EXCHANGES.ISFINISHED"). \
where("EXCHANGES.OWNERID", "=", user_dict[0]['USERID']). \
condition("OR", "EXCHANGES.RECEIVERID", "=", user_dict[0]['USERID']).get()
result = None
if not exchange_dict:
status = 'success'
message = 'no entries found'
result = {'status': status, 'message': message}
else:
status = 'success'
message = 'entries found'
response = exchange_dict
for exchange in exchange_dict:
if exchange['EXCHANGES.ISFINISHED'] == 1:
exchange['exchange_status'] = 'exchange_finished'
else:
if exchange['EXCHANGES.BOOKID2'] == None:
exchange['exchange_status'] = 'pending_match'
else:
exchange['exchange_status'] = 'request_sent'
if user_dict[0]['USERID'] == exchange['EXCHANGES.OWNERID']:
exchange['user_status'] = 'owner'
else:
exchange['user_status'] = 'receiver'
result = {'status': status, 'message': message, 'response': response}
return Controller.response_json(result)
def get_user_by_token(variables={}, request={}):
status = 'success'
message = ''
token = request
user_dict = Token.Token().query("TOKENS.USERID").where(
"TOKENS.TOKEN", "=", request.params['token']).get()
if not user_dict:
status = 'error'
message = 'invalid token'
else:
status = 'success'
message = 'valid token'
if user_dict:
response = {'userid': user_dict[0]['TOKENS.USERID']}
else:
response = []
result = {'status': status, 'message': message, 'response': response}
return Controller.response_json(result)
def add_book(variables={}, request={}):
status = 'success'
message = ''
values = {}
#title = request.params['title']
#author = request.params['author']
expires = request.params['expires']
genre = request.params['genre']
goodreads_id = request.params['goodreads_id']
ok, error_message = Validator.validate([
#(title, r'^[A-Za-z0-9\s\-_,\.;:()]+$', 'title value is invalid'),
#(author, r'^[a-zA-Z0-9 ,.\'-]+$', 'author value is invalid'),
(genre, r'^(%s)$' % ('|'.join(genres)), 'genre value is invalid'),
(expires,
r'^([1-9]|([012][0-9])|(3[01]))\-([0]{0,1}[1-9]|1[012])\-\d\d\d\d$',
'expires value is invalid'),
(goodreads_id, r'^[0-9]|[1-9][0-9]+$',
'goodreads_id value is invalid'),
])
try:
if not ok:
raise UserWarning(error_message)
book = Goodreads.find_book_by_id(int(goodreads_id))
if not book:
raise UserWarning('no book with such id was found')
current_user_id = Token.Token().query('USERID').where(
'TOKEN', '=', request.params['token']).get()[0]['USERID']
if not current_user_id or current_user_id == 0:
raise UserWarning('invalid user connected to token')
created_author = Author.Author().update_or_create(
{'NAME': book['author']}, {'NAME': book['author']})
if not created_author:
raise UserWarning('unable to create or update the book author')
datetime_object = datetime.strptime(expires, '%d-%m-%Y')
created_book = Book.Book().insert({
'ISBN':
book['isbn'],
'GOODREADSID':
int(goodreads_id),
'TITLE':
book['title'],
'GENRE':
genre,
'COVER':
book['image_url'],
'EXPIRES':
datetime_object.strftime('%Y-%m-%d'),
'AUTHORID':
created_author['ID']
})
if not created_book:
raise UserWarning('unable to add book to the database')
created_user_book = UserBook.UserBook().insert({
'BOOKID':
created_book['ID'],
'USERID':
current_user_id
})
if not created_user_book:
raise UserWarning('unable to connect user to book')
message = 'the book has been added'
values['book_id'] = created_book['ID']
values['user_id'] = current_user_id
values['author_id'] = created_author['ID']
except UserWarning, e:
logging.exception('User Warning')
return Controller.response_json({'status': 'error', 'message': str(e)})
result = None
try:
if not ok:
raise UserWarning(error_message)
result = get_book_by_id(int(id))
if not result:
raise UserWarning('book not found')
except UserWarning, e:
print 'user warining: ', repr(e)
return Controller.response_json({'status': 'error', 'message': str(e)})
except Exception, e:
print 'fatal error: ', repr(e)
return Controller.response_json({
'status': 'error',
'message': 'fatal error occured'
})
return Controller.response_json({
'status': 'success',
'message': 'search sucessful',
'response': result
})
@Routing.Route(
url='/book/search',
method='GET',
middleware=[TokenCheck.token_valid,
Params.has_params('token', 'query')])
def search_external(variables={}, request={}):
def add_session(variables={}, request={}):
App.session.set(request.params['key'], request.params['msg'])
return Controller.response_json({
'status': 'success',
'message': 'session variable set'
})
def user_edit(variables={}, request={}):
status = 'success'
message = ''
fname = request.params.get('fname', '')
lname = request.params.get('lname', '')
email = request.params.get('email', '')
password = request.params.get('password', None)
new_password = request.params.get('npassword', None)
confirm_new_password = request.params.get('cnpassword', None)
country = request.params.get('country', '')
city = request.params.get('city', '')
street = request.params.get('street', '')
title_prefs = request.params.get('title_preferences', '')
result = None
try:
if not fname or not lname or not email:
raise UserWarning(
'firstname, lastname and email are mandatory fields')
user_id = Token.Token().query('USERID').where(
'TOKEN', '=', request.params['token']).get()[0]['USERID']
User.User().update({
'FIRSTNAME': fname,
'LASTNAME': lname,
'EMAIL': email
}).where('ID', '=', user_id).execute()
user = User.User().query('*').where('ID', '=', user_id).get()[0]
Preference.Preference().update_or_create(
{
'USERID': user_id,
'PREFERENCETYPE': 'bookname'
}, {
'USERID': user_id,
'PREFERENCETYPE': 'bookname',
'PREFERENCE': title_prefs
})
if country or city or street:
Location.Location().update_or_create({'USERID': user_id}, {
'USERID': user_id,
'COUNTRY': country,
'CITY': city,
'STREET': street
})
if password:
old_password_hash = bcrypt.hashpw(password.encode('utf8'),
user['SALT'])
if old_password_hash != user['PASSWORD']:
raise UserWarning('password incorrect')
if new_password != confirm_new_password:
raise UserWarning(
'new password and confirm password don\'t match')
else:
new_password_hash = bcrypt.hashpw(new_password.encode('utf8'),
user['SALT'])
User.User().update({
'PASSWORD': new_password_hash
}).where('ID', '=', user_id).execute()
except UserWarning, e:
logging.exception('User warning')
return Controller.response_json({'status': 'error', 'message': str(e)})
def general_info(variables={}, request={}):
users = 0
connections = 0
locations = 0
books = 0
authors = 0
genres = 0
try:
users = User.User().count().get()[0]['count']
connections = Exchange.Exchange().count().get()[0]['count']
locations = Location.Location().count().get()[0]['count']
books = Book.Book().count().get()[0]['count']
authors = Author.Author().count().get()[0]['count']
genres = len(BookController.genres)
except Exception, e:
print str(e)
pass
return Controller.response_json({
'status': 'success',
'message': 'statistics collected',
'response': {
'users': users,
'connections': connections,
'locations': locations,
'books': books,
'authors': authors,
'genres': genres
}
})
def register(variables={}, request={}):
status = 'success'
message = ''
username = request.params['username']
password = request.params['password']
cpassword = request.params['cpassword']
fname = request.params['fname']
lname = request.params['lname']
email = request.params['email']
ok, error_message = Validator.validate([
(username, r'^[A-Za-z][A-Za-z0-9]+$',
'The username should be only small and big letters with numbers'),
(password, r'^.{7,}$', 'Password should be longer than 6 characters'),
(cpassword, r'^.{7,}$',
'Password confirm should be longer than 6 characters'),
(fname, r'^[\w,-\']+$', 'first name value is invalid'),
(lname, r'^[\w,-\']+$', 'last name value is invalid'),
(email,
r"""^(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])$""",
'email value is invalid'),
])
try:
if not ok:
raise UserWarning(error_message)
user = User.User()
token = Token.Token()
response_dict_list = user.query("ID").where("USERNAME", "=",
username).condition(
"OR", "EMAIL", "=",
email).get()
if not response_dict_list:
if (password != cpassword):
raise UserWarning('passwords do no match')
generated_token = strgen.StringGenerator("[\w\d]{20}").render()
salt = bcrypt.gensalt()
password_hash = bcrypt.hashpw(password.encode('utf8'), salt)
insert_user_dict = {
"USERNAME": username,
"PASSWORD": password_hash,
"SALT": salt,
"FIRSTNAME": fname,
"LASTNAME": lname,
"EMAIL": email,
"ISADMINISTRATOR": 0
}
inserted_user = user.insert(insert_user_dict)
insert_token_dict = {
"USERID": inserted_user["ID"],
"TOKENTYPE": "booxtoken",
"TOKEN": generated_token
}
token.insert(insert_token_dict)
message = 'user registered successfully'
else:
raise UserWarning('username already exists')
except UserWarning, e:
logging.exception('User warning')
return Controller.response_json({'status': 'error', 'message': str(e)})
'country': location.get('COUNTRY', ''),
'city': location.get('CITY', ''),
'street': location.get('STREET', ''),
'email': found_user['EMAIL'],
'book_count': book_count['count'],
'books': books,
'title_preference': prefs.get('PREFERENCE', '')
}
except UserWarning, e:
logging.exception('User warning')
return Controller.response_json({'status': 'error', 'message': str(e)})
except Exception, e:
logging.exception('Fatal error')
return Controller.response_json({
'status': 'error',
'message': 'fatal error occured'
})
return Controller.response_json({
'status': 'success',
'message': 'search sucessful',
'response': user
})
@Routing.Route(url='/getuserbytoken',
method='GET',
middleware=[Params.has_params('token')])
def get_user_by_token(variables={}, request={}):
status = 'success'
message = ''
"ISADMINISTRATOR": 0
}
inserted_user = user.insert(insert_user_dict)
insert_token_dict = {
"USERID": inserted_user["ID"],
"TOKENTYPE": "booxtoken",
"TOKEN": generated_token
}
token.insert(insert_token_dict)
message = 'user registered successfully'
else:
raise UserWarning('username already exists')
except UserWarning, e:
logging.exception('User warning')
return Controller.response_json({'status': 'error', 'message': str(e)})
except Exception, e:
logging.exception('Fatal error')
return Controller.response_json({
'status': 'error',
'message': 'fatal error occured'
})
return Controller.response_json({
'status': 'success',
'message': 'register sucessful',
'response': result
})
