def delete_user(username):
prepared_statement = session.prepare('SELECT ID,Username FROM CCMiniProject.users WHERE Username = ?')
rows = session.execute(prepared_statement, (username,))
# if not admin not allowed to delete other users
if g.user.role == 2:
# if user to be deleted doesn't exist, show unauthorized instead of user doesn't exist. Non admins shouldn't
# know which users exist and which do not.
if (rows is None) or (not rows):
return jsonify({'error': 'unauthorized delete request!'}), 401
else:
if rows[0][u'username'] != g.user.username:
# existing user
return jsonify({'error': 'unauthorized delete request!'}), 401
id_to_delete = rows[0][u'id']
prepared_statement = session.prepare("DELETE FROM CCMiniProject.users WHERE ID = ?")
rows = session.execute(prepared_statement, (id_to_delete,))
return jsonify({'data': 'user deleted'}), 200
# if admin allowed to delete any user
else:
# if user does't exist
if (rows is None) or (not rows):
return jsonify({'error': 'user not found'}), 404
user_id = rows[0][u'id']
prepared_statement = session.prepare("DELETE FROM CCMiniProject.users WHERE ID = ?")
rows = session.execute(prepared_statement, (user_id,))
return jsonify({'data': 'user deleted'}), 200
def query5():
hashtag = request.form['query5']
cluster = Cluster(['127.0.0.1'])
session = cluster.connect()
session.set_keyspace("midsem")
query = session.prepare(
""" SELECT * from table_query5 where hashtag = ?""")
open_read = session.execute(query, (hashtag, ))
page = " <style> table, th, td { border: 1px solid black; } </style>"
page = page + "<table style = \"width:100%\"> <tr> <th> HASHTAG </th> <th> DATE </th> <th> TWEET COUNT </th> </tr> "
for row in open_read:
page = page + "<tr> "
page += "<td> %s </td>" % repr(row.hashtag)
page += "<td> %s </td>" % repr(row.date)
page += "<td> %s </td>" % repr(row.tweet_count)
page += "</tr>"
page += "</table>"
return page
def update_user(username):
if request.json is None:
return jsonify({'error': 'missing arguments!'}), 400
password = request.json.get('password')
email = request.json.get('email')
name = request.json.get('name')
if password is None or email is None or name is None:
# missing arguments
return jsonify({'error': 'missing arguments!'}), 400
prepared_statement = session.prepare('SELECT ID, Username FROM CCMiniProject.users WHERE Username = ?')
rows = session.execute(prepared_statement, (username,))
# if not admin then not allowed to update or create other users
if g.user.role == 2:
if (rows is None) or (not rows):
return jsonify({'error': 'only authorized to update your user'}), 401
else:
if rows[0][u'username'] != g.user.username:
# existing user
return jsonify({'error': 'only authorized to update your user'}), 401
user = User(username=username, name=name, email=email)
user.hash_password(password)
user.update_id(rows[0][u'id'])
prepared_statement = session.prepare("UPDATE CCMiniProject.users SET Password_hash = ?, Name = ?, Email = ? WHERE ID = ?")
rows = session.execute(prepared_statement, (user.password_hash, user.name, user.email, user.id))
return jsonify({'username': user.username, 'name': user.name, 'email': user.email}), 200
# if admin then allowed to update and create users
else:
# if user doesn't exist create new one
if (rows is None) or (not rows):
user = User(username=username, name=name, email=email)
user.hash_password(password)
rows = session.execute("INSERT INTO CCMiniProject.users (ID,Username,Password_hash, Name, Email, Role) VALUES (%s,%s,%s,%s,%s,%s)", (uuid.uuid4(),user.username, user.password_hash, user.name, user.email,2))
return jsonify({'username': user.username, 'name': user.name, 'email': user.email}), 201
# if user exists then update
else:
user = User(username=username, name=name, email=email)
user.hash_password(password)
user_id = rows[0][u'id']
prepared_statement = session.prepare("UPDATE CCMiniProject.users SET Password_hash = ?, Name = ?, Email = ? WHERE ID = ?")
rows = session.execute(prepared_statement, (user.password_hash, user.name, user.email, user_id))
return jsonify({'username': user.username, 'name': user.name, 'email': user.email}), 200
def verify_auth_token(token):
s = Serializer(app.config['SECRET_KEY'])
try:
data = s.loads(token)
except SignatureExpired:
return None # valid token, but expired
except BadSignature:
return None # invalid token
print("that f*****g thing" + data['id'])
prepared_statement = session.prepare('SELECT ID ,Username,Role FROM CCMiniProject.users WHERE ID= ?')
rows = session.execute(prepared_statement, (uuid.UUID(data['id']),))
if not rows:
return None
else:
user = User(rows[0][u'username'], "", "")
user.update_role(rows[0][u'role'])
return user
def verify_password(username_or_token, password):
# verify based on authentication token
user = User.verify_auth_token(username_or_token)
# if not verified, try to verify using username and password
if not user:
prepared_statement = session.prepare("SELECT ID,Username,Password_hash,Role FROM CCMiniProject.users WHERE Username = ?;")
rows = session.execute(prepared_statement, (username_or_token,))
if not rows:
return False
else:
user = User(rows[0][u'username'],"","")
user.update_password_hash(rows[0][u'password_hash'])
user.update_role(rows[0][u'role'])
user.update_id(str(rows[0][u'id']))
if not user.verify_password(password):
return False
g.user = user
return True
def query1():
author = request.form['query1']
cluster = Cluster(['127.0.0.1'])
session = cluster.connect()
session.set_keyspace("twitter_key_space")
query = session.prepare(""" SELECT * from table_query1 where author = ?""")
open_read = session.execute(query, (author, ))
page = ''
for row in open_read:
page += '<p>%s</p>' % repr(row)
return page
def create_user():
if request.json is None:
return jsonify({'error': 'missing arguments!'}), 400
username = request.json.get('username')
password = request.json.get('password')
email = request.json.get('email')
name = request.json.get('name')
if username is None or password is None:
# missing arguments
return jsonify({'error': 'missing arguments!'}), 400
prepared_statement = session.prepare("SELECT * FROM CCMiniProject.users WHERE Username = ?;")
rows = session.execute(prepared_statement,(username,))
if rows:
if rows[0][u'username'] == username:
# existing user
return jsonify({'error': 'existing user!'}), 400
user = User(username=username, name=name, email=email)
user.hash_password(password)
rows = session.execute("INSERT INTO CCMiniProject.users (ID,Username,Password_hash, Name, Email, Role) VALUES (%s,%s,%s,%s,%s,%s);", (uuid.uuid4(),user.username, user.password_hash, user.name, user.email, 2))
return jsonify({'username': user.username, 'name': user.name, 'email': user.email}), 201
def query3():
hashtag = request.form['query3']
print(hashtag)
cluster = Cluster(['127.0.0.1'])
session = cluster.connect()
session.set_keyspace("twitter_key_space")
query = session.prepare(
""" SELECT * from table_query3 where hashtgs = ?""")
open_read = session.execute(query, (hashtag, ))
page = ''
for row in open_read:
page += '<p>%s</p>' % repr(row)
return page
def query6():
date = request.form['query6']
cluster = Cluster(['127.0.0.1'])
session = cluster.connect()
session.set_keyspace("midsem")
query = session.prepare(""" SELECT * from table_query8 where date = ?""")
open_read = session.execute(query, (date, ))
page = " <style> table, th, td { border: 1px solid black; } </style>"
page = page + "<table style = \"width:50%\"> <tr> <th> HASHTAG </th> <th> DATE </th> </tr> "
for row in open_read:
page = page + "<tr> "
page += "<td> %s </td>" % repr(row.date)
page += "<td> %s </td>" % repr(row.hashtag_mention)
page += "</tr>"
page += "</table>"
return page