Example #1
0
    def post(self):

        data = Sec.encode_data(parser.parse_args())

        try:
            pass_ = sha512(data['pass_'].encode()).hexdigest()
            cur.execute(
                "SELECT * FROM librarians.user WHERE email=%s AND haslo=%s;",
                (data['login'].lower(), pass_))
            resp = cur.fetchone()
            if resp:
                d = date.today() - resp[6]
                print(d.days)
                if d.days >= 30:
                    d = '1'
                else:
                    d = '0'
                cache = ''.join(
                    random.sample('qwertyuiopasdfghjklzxcvbnm123456789', 32))
                auth_k.append((cache, resp[0]))
                open('pem/' + cache + '.pem', 'wb').write(data['publicKey'])

                return {
                    'auth': Sec.encrypt_(cache, Sec.get_public()),
                    'master': Sec.encrypt_(str(resp[5]), data['publicKey']),
                    'data': Sec.encrypt_(d, data['publicKey'])
                }, 200
            else:
                return {'status': 'zle dane'}, 406
        except:
            return {'status': 'blad'}, 500
Example #2
0
    def post(self):

        data = Sec.encode_data(parser.parse_args())

        if not login_required(data):
            return {'status': 'brak autoryzacji'}, 401

        accept = False
        for key in auth_k:
            if key[0] == data['key']:
                accept = str(key[1])
                break

        if accept:
            return {'status': 'brak autoryzacji'}, 401

        try:
            cur.execute("SELECT master FROM librarians.user WHERE id=%s ORDER BY id ASC;", (accept, ))
            resp = cur.fetchone()
            if resp:
                cur.execute("SELECT * FROM librarians.user;")
                resp = cur.fetchall()

                ret = {}
                pub = open('pem/'+data['key']+'.pem', 'rb').read()
                for user in range(len(resp)):
                    ret.update({user: [Sec.encrypt_(str(value), pub) for value in resp[user]]})
                return ret, 200
            else:
                return {'status': 'brak autoryzacji'}, 401
        except Exception:
            return {'status': 'wystapil blad'}, 500
Example #3
0
    def post(self):

        data = Sec.encode_data(parser.parse_args())

        if not login_required(data):
            return {'status': 'brak autoryzacji'}, 401

        try:
            name = data['arg1'].split('/')
            cur.execute(
                "SELECT * FROM librarians.user WHERE imie=%s AND nazwisko=%s AND email=%s;",
                (name[0], name[1], data['arg2']))
            resp = cur.fetchall()
            if resp:
                return {'status': 'istnieje'}, 507
            else:
                if data['arg3'] == 'True': data['arg3'] = '1'
                else: data['arg3'] = '0'
                d = date.today()
                password = ''.join(
                    random.sample('qwertyuiopasdfghjklzxcvbnm1234567890', 8))
                cur.execute(
                    "INSERT INTO librarians.user VALUES (default, %s, %s, %s, %s, %s, %s);",
                    (name[0], name[1], data['arg2'],
                     sha512(password.encode('UTF-8')).hexdigest(),
                     data['arg3'], d.isoformat()))
                pub = open('pem/' + data['key'] + '.pem', 'rb').read()
                return {
                    'status': 'dodano',
                    'data': Sec.encrypt_(password, pub)
                }, 201
        except Exception:
            return {'status': 'wystapil blad'}, 500
Example #4
0
    def post(self):

        data = Sec.encode_data(parser.parse_args())

        if not login_required(data):
            return {'status': 'brak autoryzacji'}, 401

        user_id = str([x[1] for x in auth_k if x[0] == data['key']][0])

        if not user_id:
            return {'status': 'brak autoryzacji'}, 401

        try:
            cur.execute(
                "SELECT imie, nazwisko, email, master FROM librarians.user WHERE id=%s;",
                (user_id, ))
            resp = cur.fetchone()
            if resp:
                pub = open('pem/' + data['key'] + '.pem', 'rb').read()
                return {
                    'data': [Sec.encrypt_(str(value), pub) for value in resp]
                }, 200
            else:
                return {'status': 'brak danych'}, 204
        except Exception:
            return {'status': 'wystapil blad'}, 500
Example #5
0
    def post(self):

        data = Sec.encode_data(parser.parse_args())

        if not login_required(data):
            return {'status': 'brak autoryzacji'}, 401

        try:
            cur.execute("SELECT * FROM librarians.books ORDER BY id_b ASC;")
            resp = cur.fetchall()
            if resp:
                ret = {}
                pub = open('pem/' + data['key'] + '.pem', 'rb').read()
                for reader in range(len(resp)):
                    ret.update({
                        reader + 1: [
                            Sec.encrypt_(str(value), pub)
                            for value in resp[reader]
                        ]
                    })
                return ret, 200
            else:
                return {'status': 'brak danych'}, 204
        except Exception:
            return {'status': 'wystapil blad'}, 500
Example #6
0
    def post(self):

        data = Sec.encode_data(parser.parse_args())

        if not login_required(data):
            return {'status': 'brak autoryzacji'}, 401

        try:
            cur.execute("""
            SELECT bor.rented, re.name, bo.title, bor.give_back, bor.id_br
            FROM librarians.borrows AS bor, librarians.books AS bo, librarians.readers AS re
            WHERE bor.name_id=re.id_r AND bor.book_id=bo.id_b
            ORDER BY bor.id_br ASC;
            """)

            resp = cur.fetchall()
            if resp:
                ret = {}
                pub = open('pem/' + data['key'] + '.pem', 'rb').read()
                for borrow in range(len(resp)):
                    cache = (resp[borrow][0].isoformat(), resp[borrow][1],
                             resp[borrow][2], resp[borrow][3], resp[borrow][4])
                    ret.update({
                        borrow:
                        [Sec.encrypt_(str(value), pub) for value in cache]
                    })
                return ret, 200
            else:
                return {'status': 'brak danych'}, 204
        except Exception:
            return {'status': 'wystapil blad'}, 500
Example #7
0
    def post(self):

        data = Sec.encode_data(parser.parse_args())

        if not login_required(data):
            return {'status': 'brak autoryzacji'}, 401

        accept = False
        for key in auth_k:
            if key[0] == data['key']:
                accept = str(key[1])
                break

        if accept:
            return {'status': 'brak autoryzacji'}, 401

        try:
            cur.execute(
                "SELECT master FROM librarians.user WHERE id=%s ORDER BY id ASC;",
                (accept, ))
            resp = cur.fetchone()
            if resp:
                cur.execute("DELETE FROM librarians.user WHERE id=%s;",
                            (data['arg1'], ))

                return {'status': 'usunieto'}, 200
            else:
                return {'status': 'brak autoryzacji'}, 401
        except Exception:
            return {'status': 'wystapil blad'}, 500
Example #8
0
    def post(self):

        data = Sec.encode_data(parser.parse_args())

        if not login_required(data):
            return {'status': 'brak autoryzacji'}, 401

        try:
            if 'cover' in request.files and check_ext(request.files['cover']):
                f = request.files['cover']
                cover = secure_filename(data['arg1'])
                f.save(
                    os.path.join('sort_api/image/' + cover + '.' +
                                 f.filename.split('.')[1]))

            cur.execute(
                "SELECT * FROM librarians.books WHERE title=%s AND author=%s;",
                (data['arg1'], data['arg2']))
            resp = cur.fetchone()
            if resp:
                cur.execute(
                    "UPDATE librarians.books SET count=%s WHERE id_b=%s;",
                    (int(data['arg3']) + resp[3], resp[0]))
                return {'status': 'istnieje/dodano'}, 507
            else:
                cur.execute(
                    """INSERT INTO librarians.books
                               VALUES (default, %s, %s, %s);""",
                    (data['arg1'], data['arg2'], data['arg3']))
                return {'status': 'dodano'}, 201
        except Exception:
            return {'status': 'wystapil blad'}, 500
Example #9
0
    def post(self):

        data = Sec.encode_data(parser.parse_args())

        if not login_required(data):
            return {'status': 'brak autoryzacji'}, 401

        accept = False
        for key in auth_k:
            if key[0] == data['key']:
                accept = str(key[1])
                break

        if accept:
            return {'status': 'brak autoryzacji'}, 401

        try:
            cur.execute("SELECT master FROM librarians.user WHERE id=%s ORDER BY id ASC;", (accept, ))
            resp = cur.fetchone()
            if resp:
                if data['arg3'] == 'True': data['arg3'] = '1'
                else: data['arg3'] = '0'
                cur.execute("""UPDATE librarians.user
                            SET imie=%s, nazwisko=%s, email=%s, master=%s 
                            WHERE id=%s;""", (data['arg1'], data['arg2'], data['login'], data['arg3'], data['name_id']))

                return {'status': 'zmieniono'}, 200
            else:
                return {'status': 'brak autoryzacji'}, 401
        except Exception:
            return {'status': 'wystapil blad'}, 500
Example #10
0
    def post(self):

        data = Sec.encode_data(parser.parse_args())

        if not login_required(data):
            return {'status': 'brak autoryzacji'}, 401

        user_id = str([x[1] for x in auth_k if x[0] == data['key']][0])

        if not user_id:
            return {'status': 'brak autoryzacji'}, 401

        try:
            pass_old = sha512(data['arg1'].encode()).hexdigest()
            cur.execute("SELECT haslo FROM librarians.user WHERE id=%s;",
                        (user_id, ))
            resp = cur.fetchone()

            if resp[0] == pass_old:
                pass_new = sha512(data['pass_'].encode()).hexdigest()
                data = date.today()
                cur.execute(
                    "UPDATE librarians.user SET haslo=%s, last=%s WHERE id=%s;",
                    (pass_new, data.isoformat(), user_id))
                return {'status': 'zmieniono'}, 200
            else:
                return {'status': 'rozne'}, 409
        except:
            return {'status': 'blad'}, 500
Example #11
0
    def post(self):

        data = Sec.encode_data(parser.parse_args())

        if not login_required(data):
            return {'status': 'brak autoryzacji'}, 401

        try:
            cur.execute("SELECT * FROM librarians.readers WHERE id_r=%s;",
                        (data['arg1'], ))
            resp = cur.fetchone()
            if resp:
                pub = open('pem/' + data['key'] + '.pem', 'rb').read()
                return {
                    'data': [Sec.encrypt_(str(value), pub) for value in resp]
                }, 200
            else:
                return {'status': 'brak danych'}, 204
        except Exception:
            return {'status': 'wystapil blad'}, 500
Example #12
0
    def post(self):

        data = Sec.encode_data(parser.parse_args())

        if not login_required(data):
            return {'status': 'brak autoryzacji'}, 401

        try:
            cur.execute("SELECT * FROM librarians.readers WHERE name=%s AND addres=%s;", (data['arg1'], data['arg2']))
            resp = cur.fetchall()
            if resp:
                return {'status': 'istnieje'}, 507
            else:
                password = ''.join(random.sample('qwertyuiopasdfghjklzxcvbnm1234567890', 8))
                cur.execute("INSERT INTO librarians.readers VALUES (default ,%s, %s, 'null', %s, 'false', %s);",
                            (data['arg1'], data['arg2'], sha512(password.encode('UTF-8')).hexdigest(), data['login']))
                pub = open('pem/'+data['key']+'.pem', 'rb').read()
                return {'status': 'dodano', 'login': Sec.encrypt_(data['arg1'], pub),
                        'haslo': Sec.encrypt_(password, pub)}, 201
        except Exception:
            return {'status': 'wystapil blad'}, 500
Example #13
0
    def post(self):

        data = Sec.encode_data(parser.parse_args())

        if not login_required(data):
            return {'status': 'brak autoryzacji'}, 401

        try:
            cur.execute(
                """UPDATE librarians.readers
                            SET name=%s, addres=%s 
                            WHERE id_r=%s;""",
                (data['arg1'], data['arg2'], data['name_id']))
            return {'status': 'zmieniono'}, 200
        except Exception:
            return {'status': 'wystapil blad'}, 5000
Example #14
0
    def post(self):

        data = Sec.encode_data(parser.parse_args())

        if not login_required(data):
            return {'status': 'brak autoryzacji'}, 401

        try:
            if data['arg2'] == 'True':
                cur.execute(
                    "UPDATE librarians.comments SET accept='1' WHERE id_comment=%s;",
                    (data['arg1'], ))
                return {'status': 'zaakceptowano'}, 200
            else:
                cur.execute(
                    "DELETE FROM librarians.comments WHERE id_comment=%s;",
                    (data['arg1'], ))
                return {'status': 'usunieto'}, 200
        except Exception:
            return {'status': 'wystapil blad'}, 500
Example #15
0
    def post(self):

        data = Sec.encode_data(parser.parse_args())

        if not login_required(data):
            return {'status': 'brak autoryzacji'}, 401

        try:
            cur.execute("SELECT * FROM librarians.borrows WHERE id_br=%s AND give_back='1';", (data['arg1'], ))
            resp = cur.fetchone()
            if resp:
                return {'status': 'istnieje'}, 507
            else:
                cur.execute("""
                UPDATE librarians.books SET count=count+1
                WHERE id_b=(SELECT book_id FROM librarians.borrows WHERE id_br=%s AND give_back='0');
                UPDATE librarians.borrows SET return=%s, give_back='1' WHERE id_br=%s;
                """, (data['arg1'], datetime.datetime.now().strftime("%Y-%m-%d"), data['arg1']))
                return {'status': 'dodano'}, 201
        except Exception:
            return {'status': 'wystapil blad'}, 500
Example #16
0
    def post(self):

        data = Sec.encode_data(parser.parse_args())

        if not login_required(data):
            return {'status': 'brak autoryzacji'}, 401

        try:
            if 'cover' in request.files and check_ext(request.files['cover']):
                f = request.files['cover']
                cover = secure_filename(data['arg1'])
                f.save(
                        os.path.join('sort_api/image/'+cover+'.'+f.filename.split('.')[1])
                      )

            cur.execute("""UPDATE librarians.books
                            SET title=%s, author=%s, count=%s 
                            WHERE id_b=%s;""", (data['arg1'], data['arg2'], data['arg3'], data['book_id']))

            return {'status': 'zmieniono'}, 200
        except Exception:
            return {'status': 'wystapil blad'}, 500
Example #17
0
    def post(self):

        data = Sec.encode_data(parser.parse_args())

        if not login_required(data):
            return {'status': 'brak autoryzacji'}, 401

        try:
            cur.execute(
                "SELECT give_back FROM librarians.borrows WHERE name_id=%s AND book_id=%s AND give_back='0';",
                (data['name_id'], data['book_id']))
            resp = cur.fetchall()
            if resp:
                return {'status': 'istnieje'}, 507
            else:
                cur.execute(
                    """
                INSERT INTO librarians.borrows VALUES (default, %s, %s, %s, %s, '0');
                UPDATE librarians.books SET count=count-1 WHERE id_b=%s;
                """, (data['arg1'], data['arg2'], data['name_id'],
                      data['book_id'], data['book_id']))
                return {'status': 'dodano'}, 201
        except Exception:
            return {'status': 'wystapil blad'}, 500