def post(self): data = Sec.encode_data(parser.parse_args()) try: pass_ = sha512(data['pass_'].encode()).hexdigest() cur.execute( "SELECT * FROM librarians.user WHERE email=%s AND haslo=%s;", (data['login'].lower(), pass_)) resp = cur.fetchone() if resp: d = date.today() - resp[6] print(d.days) if d.days >= 30: d = '1' else: d = '0' cache = ''.join( random.sample('qwertyuiopasdfghjklzxcvbnm123456789', 32)) auth_k.append((cache, resp[0])) open('pem/' + cache + '.pem', 'wb').write(data['publicKey']) return { 'auth': Sec.encrypt_(cache, Sec.get_public()), 'master': Sec.encrypt_(str(resp[5]), data['publicKey']), 'data': Sec.encrypt_(d, data['publicKey']) }, 200 else: return {'status': 'zle dane'}, 406 except: return {'status': 'blad'}, 500
def post(self): data = Sec.encode_data(parser.parse_args()) if not login_required(data): return {'status': 'brak autoryzacji'}, 401 accept = False for key in auth_k: if key[0] == data['key']: accept = str(key[1]) break if accept: return {'status': 'brak autoryzacji'}, 401 try: cur.execute("SELECT master FROM librarians.user WHERE id=%s ORDER BY id ASC;", (accept, )) resp = cur.fetchone() if resp: cur.execute("SELECT * FROM librarians.user;") resp = cur.fetchall() ret = {} pub = open('pem/'+data['key']+'.pem', 'rb').read() for user in range(len(resp)): ret.update({user: [Sec.encrypt_(str(value), pub) for value in resp[user]]}) return ret, 200 else: return {'status': 'brak autoryzacji'}, 401 except Exception: return {'status': 'wystapil blad'}, 500
def post(self): data = Sec.encode_data(parser.parse_args()) if not login_required(data): return {'status': 'brak autoryzacji'}, 401 try: name = data['arg1'].split('/') cur.execute( "SELECT * FROM librarians.user WHERE imie=%s AND nazwisko=%s AND email=%s;", (name[0], name[1], data['arg2'])) resp = cur.fetchall() if resp: return {'status': 'istnieje'}, 507 else: if data['arg3'] == 'True': data['arg3'] = '1' else: data['arg3'] = '0' d = date.today() password = ''.join( random.sample('qwertyuiopasdfghjklzxcvbnm1234567890', 8)) cur.execute( "INSERT INTO librarians.user VALUES (default, %s, %s, %s, %s, %s, %s);", (name[0], name[1], data['arg2'], sha512(password.encode('UTF-8')).hexdigest(), data['arg3'], d.isoformat())) pub = open('pem/' + data['key'] + '.pem', 'rb').read() return { 'status': 'dodano', 'data': Sec.encrypt_(password, pub) }, 201 except Exception: return {'status': 'wystapil blad'}, 500
def post(self): data = Sec.encode_data(parser.parse_args()) if not login_required(data): return {'status': 'brak autoryzacji'}, 401 user_id = str([x[1] for x in auth_k if x[0] == data['key']][0]) if not user_id: return {'status': 'brak autoryzacji'}, 401 try: cur.execute( "SELECT imie, nazwisko, email, master FROM librarians.user WHERE id=%s;", (user_id, )) resp = cur.fetchone() if resp: pub = open('pem/' + data['key'] + '.pem', 'rb').read() return { 'data': [Sec.encrypt_(str(value), pub) for value in resp] }, 200 else: return {'status': 'brak danych'}, 204 except Exception: return {'status': 'wystapil blad'}, 500
def post(self): data = Sec.encode_data(parser.parse_args()) if not login_required(data): return {'status': 'brak autoryzacji'}, 401 try: cur.execute("SELECT * FROM librarians.books ORDER BY id_b ASC;") resp = cur.fetchall() if resp: ret = {} pub = open('pem/' + data['key'] + '.pem', 'rb').read() for reader in range(len(resp)): ret.update({ reader + 1: [ Sec.encrypt_(str(value), pub) for value in resp[reader] ] }) return ret, 200 else: return {'status': 'brak danych'}, 204 except Exception: return {'status': 'wystapil blad'}, 500
def post(self): data = Sec.encode_data(parser.parse_args()) if not login_required(data): return {'status': 'brak autoryzacji'}, 401 try: cur.execute(""" SELECT bor.rented, re.name, bo.title, bor.give_back, bor.id_br FROM librarians.borrows AS bor, librarians.books AS bo, librarians.readers AS re WHERE bor.name_id=re.id_r AND bor.book_id=bo.id_b ORDER BY bor.id_br ASC; """) resp = cur.fetchall() if resp: ret = {} pub = open('pem/' + data['key'] + '.pem', 'rb').read() for borrow in range(len(resp)): cache = (resp[borrow][0].isoformat(), resp[borrow][1], resp[borrow][2], resp[borrow][3], resp[borrow][4]) ret.update({ borrow: [Sec.encrypt_(str(value), pub) for value in cache] }) return ret, 200 else: return {'status': 'brak danych'}, 204 except Exception: return {'status': 'wystapil blad'}, 500
def post(self): data = Sec.encode_data(parser.parse_args()) if not login_required(data): return {'status': 'brak autoryzacji'}, 401 accept = False for key in auth_k: if key[0] == data['key']: accept = str(key[1]) break if accept: return {'status': 'brak autoryzacji'}, 401 try: cur.execute( "SELECT master FROM librarians.user WHERE id=%s ORDER BY id ASC;", (accept, )) resp = cur.fetchone() if resp: cur.execute("DELETE FROM librarians.user WHERE id=%s;", (data['arg1'], )) return {'status': 'usunieto'}, 200 else: return {'status': 'brak autoryzacji'}, 401 except Exception: return {'status': 'wystapil blad'}, 500
def post(self): data = Sec.encode_data(parser.parse_args()) if not login_required(data): return {'status': 'brak autoryzacji'}, 401 try: if 'cover' in request.files and check_ext(request.files['cover']): f = request.files['cover'] cover = secure_filename(data['arg1']) f.save( os.path.join('sort_api/image/' + cover + '.' + f.filename.split('.')[1])) cur.execute( "SELECT * FROM librarians.books WHERE title=%s AND author=%s;", (data['arg1'], data['arg2'])) resp = cur.fetchone() if resp: cur.execute( "UPDATE librarians.books SET count=%s WHERE id_b=%s;", (int(data['arg3']) + resp[3], resp[0])) return {'status': 'istnieje/dodano'}, 507 else: cur.execute( """INSERT INTO librarians.books VALUES (default, %s, %s, %s);""", (data['arg1'], data['arg2'], data['arg3'])) return {'status': 'dodano'}, 201 except Exception: return {'status': 'wystapil blad'}, 500
def post(self): data = Sec.encode_data(parser.parse_args()) if not login_required(data): return {'status': 'brak autoryzacji'}, 401 accept = False for key in auth_k: if key[0] == data['key']: accept = str(key[1]) break if accept: return {'status': 'brak autoryzacji'}, 401 try: cur.execute("SELECT master FROM librarians.user WHERE id=%s ORDER BY id ASC;", (accept, )) resp = cur.fetchone() if resp: if data['arg3'] == 'True': data['arg3'] = '1' else: data['arg3'] = '0' cur.execute("""UPDATE librarians.user SET imie=%s, nazwisko=%s, email=%s, master=%s WHERE id=%s;""", (data['arg1'], data['arg2'], data['login'], data['arg3'], data['name_id'])) return {'status': 'zmieniono'}, 200 else: return {'status': 'brak autoryzacji'}, 401 except Exception: return {'status': 'wystapil blad'}, 500
def post(self): data = Sec.encode_data(parser.parse_args()) if not login_required(data): return {'status': 'brak autoryzacji'}, 401 user_id = str([x[1] for x in auth_k if x[0] == data['key']][0]) if not user_id: return {'status': 'brak autoryzacji'}, 401 try: pass_old = sha512(data['arg1'].encode()).hexdigest() cur.execute("SELECT haslo FROM librarians.user WHERE id=%s;", (user_id, )) resp = cur.fetchone() if resp[0] == pass_old: pass_new = sha512(data['pass_'].encode()).hexdigest() data = date.today() cur.execute( "UPDATE librarians.user SET haslo=%s, last=%s WHERE id=%s;", (pass_new, data.isoformat(), user_id)) return {'status': 'zmieniono'}, 200 else: return {'status': 'rozne'}, 409 except: return {'status': 'blad'}, 500
def post(self): data = Sec.encode_data(parser.parse_args()) if not login_required(data): return {'status': 'brak autoryzacji'}, 401 try: cur.execute("SELECT * FROM librarians.readers WHERE id_r=%s;", (data['arg1'], )) resp = cur.fetchone() if resp: pub = open('pem/' + data['key'] + '.pem', 'rb').read() return { 'data': [Sec.encrypt_(str(value), pub) for value in resp] }, 200 else: return {'status': 'brak danych'}, 204 except Exception: return {'status': 'wystapil blad'}, 500
def post(self): data = Sec.encode_data(parser.parse_args()) if not login_required(data): return {'status': 'brak autoryzacji'}, 401 try: cur.execute("SELECT * FROM librarians.readers WHERE name=%s AND addres=%s;", (data['arg1'], data['arg2'])) resp = cur.fetchall() if resp: return {'status': 'istnieje'}, 507 else: password = ''.join(random.sample('qwertyuiopasdfghjklzxcvbnm1234567890', 8)) cur.execute("INSERT INTO librarians.readers VALUES (default ,%s, %s, 'null', %s, 'false', %s);", (data['arg1'], data['arg2'], sha512(password.encode('UTF-8')).hexdigest(), data['login'])) pub = open('pem/'+data['key']+'.pem', 'rb').read() return {'status': 'dodano', 'login': Sec.encrypt_(data['arg1'], pub), 'haslo': Sec.encrypt_(password, pub)}, 201 except Exception: return {'status': 'wystapil blad'}, 500
def post(self): data = Sec.encode_data(parser.parse_args()) if not login_required(data): return {'status': 'brak autoryzacji'}, 401 try: cur.execute( """UPDATE librarians.readers SET name=%s, addres=%s WHERE id_r=%s;""", (data['arg1'], data['arg2'], data['name_id'])) return {'status': 'zmieniono'}, 200 except Exception: return {'status': 'wystapil blad'}, 5000
def post(self): data = Sec.encode_data(parser.parse_args()) if not login_required(data): return {'status': 'brak autoryzacji'}, 401 try: if data['arg2'] == 'True': cur.execute( "UPDATE librarians.comments SET accept='1' WHERE id_comment=%s;", (data['arg1'], )) return {'status': 'zaakceptowano'}, 200 else: cur.execute( "DELETE FROM librarians.comments WHERE id_comment=%s;", (data['arg1'], )) return {'status': 'usunieto'}, 200 except Exception: return {'status': 'wystapil blad'}, 500
def post(self): data = Sec.encode_data(parser.parse_args()) if not login_required(data): return {'status': 'brak autoryzacji'}, 401 try: cur.execute("SELECT * FROM librarians.borrows WHERE id_br=%s AND give_back='1';", (data['arg1'], )) resp = cur.fetchone() if resp: return {'status': 'istnieje'}, 507 else: cur.execute(""" UPDATE librarians.books SET count=count+1 WHERE id_b=(SELECT book_id FROM librarians.borrows WHERE id_br=%s AND give_back='0'); UPDATE librarians.borrows SET return=%s, give_back='1' WHERE id_br=%s; """, (data['arg1'], datetime.datetime.now().strftime("%Y-%m-%d"), data['arg1'])) return {'status': 'dodano'}, 201 except Exception: return {'status': 'wystapil blad'}, 500
def post(self): data = Sec.encode_data(parser.parse_args()) if not login_required(data): return {'status': 'brak autoryzacji'}, 401 try: if 'cover' in request.files and check_ext(request.files['cover']): f = request.files['cover'] cover = secure_filename(data['arg1']) f.save( os.path.join('sort_api/image/'+cover+'.'+f.filename.split('.')[1]) ) cur.execute("""UPDATE librarians.books SET title=%s, author=%s, count=%s WHERE id_b=%s;""", (data['arg1'], data['arg2'], data['arg3'], data['book_id'])) return {'status': 'zmieniono'}, 200 except Exception: return {'status': 'wystapil blad'}, 500
def post(self): data = Sec.encode_data(parser.parse_args()) if not login_required(data): return {'status': 'brak autoryzacji'}, 401 try: cur.execute( "SELECT give_back FROM librarians.borrows WHERE name_id=%s AND book_id=%s AND give_back='0';", (data['name_id'], data['book_id'])) resp = cur.fetchall() if resp: return {'status': 'istnieje'}, 507 else: cur.execute( """ INSERT INTO librarians.borrows VALUES (default, %s, %s, %s, %s, '0'); UPDATE librarians.books SET count=count-1 WHERE id_b=%s; """, (data['arg1'], data['arg2'], data['name_id'], data['book_id'], data['book_id'])) return {'status': 'dodano'}, 201 except Exception: return {'status': 'wystapil blad'}, 500