async def decorator(*args): if 'Authorization' in args[0].request.headers: token = args[0].request.headers['Authorization'] if token is not None and is_valid_token(token): return await f(*args) return failure_response(401, 'Invalid token') return failure_response(401, 'Authorize please')
async def update_user(request: Request) -> json_response: try: data = await request.json() if data['key'] is None or len(data['key']) < 10: return failure_response(401, 'Authorize please') if len(data['update'].items()) == 0: return failure_response(400, 'Nothing to update') pool = request.app['pool'] async with pool.acquire() as conn: async with conn.transaction(): users = await conn.fetch( 'SELECT * FROM users WHERE key=\'{}\''.format(data['key'])) if len(users) == 0: return failure_response(401, 'Authorize please') else: u = user_record_to_json(users[0]) u.update(data['update']) await conn.fetch( '''UPDATE users SET name=\'{}\',email=\'{}\',country=\'{}\',age={} WHERE key=\'{}\';'''.format( u['name'], u['email'], u['country'], u['age'], data['key'])) token = get_token({'user': u, 'key': data['key']}) return success_response(200, 'ok', token=token) except Exception as e: return server_error_response(e)
async def login(request: Request) -> json_response: try: user = await request.json() if 8 > len(user['email']) > 20: return failure_response(400, 'Invalid email length') if 8 > len(user['password']) > 20: return failure_response(400, 'Invalid password length') pool = request.app['pool'] async with pool.acquire() as conn: users = await conn.fetch( 'SELECT * FROM users WHERE email=\'{}\''.format(user['email'])) if len(users) == 0: return failure_response(401, 'Invalid email or password') else: if users[0]['password'] != encode( str(user['password']).encode('utf-8')): return failure_response(401, 'Invalid email or password') else: token = get_token({ 'user': user_record_to_json(users[0]), 'key': users[0]['key'] }) logger.info('User {} login at site'.format(user['email'])) return success_response(200, 'ok', token=token) except Exception as e: return server_error_response(e)
async def post(self) -> json_response: try: form = await self.request.json() if form['title'] is None or 60 < len(form['title']) < 4: return failure_response(400, 'Invalid title') if form['text'] is None or len(form['text']) > 500: return failure_response(400, 'Invalid text') user = get_user_from_token(self.request.headers['Authorization']) pool = self.request.app['pool'] async with pool.acquire() as conn: async with conn.cursor() as c: await c.execute(select_from_users_where_email(user['email'])) u = await c.fetchone() if u is None: return failure_response(401, 'No such user') await c.execute(select_from_news_where_title(form['title'])) n = await c.fetchone() if n is None: return failure_response(400, f"No such post with title {form['title']}") com = CommentModel(text=form['text'], title=form['title'], author=user['name'], email=user['email']) await c.execute(insert_new_comment(com)) return success_response(201, f'New comment at {com.created}', data=com.to_json()) except Exception as e: return server_error_response(e)
async def get(self) -> json_response: try: email = self.request.rel_url.query['email'] if email is not None: if 20 < len(email) < 8: return failure_response(400, 'Invalid email length') pool = self.request.app['pool'] async with pool.acquire() as conn: async with conn.cursor() as c: await c.execute(select_from_users_where_email(email)) u = await c.fetchone() if u is not None: return success_response(200, 'OK', data=user_tuple_to_json(u)) return failure_response(400, f"No such email : '{email}'") return failure_response(400, 'No email param') except Exception as e: return server_error_response(e)
async def post(self) -> json_response: try: form_data = await self.request.post() file = form_data['file'].file if file is not None: result = save(file=file) return success_response(200, 'OK', data=result['url']) return failure_response(400, 'You did not send file') except Exception as e: return server_error_response(e)
async def get_token_by_key(request: Request) -> json_response: try: data = await request.json() if data['key'] is None or len(data['key']) < 10: return failure_response(401, 'Authorize please') pool = request.app['pool'] async with pool.acquire() as conn: users = await conn.fetch( 'SELECT * FROM users WHERE key=\'{}\''.format(data['key'])) if len(users) == 0: return failure_response(401, 'Authorize please') else: token = get_token({ 'user': user_record_to_json(users[0]), 'key': users[0]['key'] }) return success_response(200, 'ok', token=token) except Exception as e: return server_error_response(e)
async def get(self) -> json_response: try: title = self.request.rel_url.query['title'] if title is None: return failure_response(400, 'No title param') if 60 < len(title) < 4: return failure_response(400, 'Invalid title length') pool = self.request.app['pool'] async with pool.acquire() as conn: async with conn.cursor() as c: await c.execute(select_from_news_where_title(title)) n = await c.fetchone() if n is None: return failure_response(400, f'No post with title {title}') await c.execute(select_comments_where_title(title)) comments = await c.fetchall() return success_response(200, 'OK', data=list(map(lambda x: to_json(x), comments[::-1]))) except Exception as e: return server_error_response(e)
async def get(self) -> json_response: try: url = self.request.rel_url.query['url'] print('remote' + self.request.remote) if url is not None: if 60 > len(url) < 4: return failure_response(400, 'Invalid url length') pool = self.request.app['pool'] async with pool.acquire() as conn: async with conn.cursor() as c: await c.execute(select_from_news_where_url(url)) n = await c.fetchone() if n is not None: return success_response(200, 'OK', data=new_tuple_to_json(n)) return failure_response( 400, f"No such post on url : '{url}'") return failure_response(400, 'No url param') except Exception as e: server_error_response(e)
async def post(self) -> json_response: try: form = await self.request.json() if form['email'] is None or 8 > len(form['email']) > 20: return failure_response(400, 'Invalid email length') if form['password'] is None or 8 > len(form['password']) > 20: return failure_response(400, 'Invalid password length') pool = self.request.app['pool'] async with pool.acquire() as conn: async with conn.cursor() as c: await c.execute( select_from_users_where_email(form['email'])) user = await c.fetchone() if user is not None and compare(user[3], form['password']): token = generate_token( dict(user=user_tuple_to_json(user), password=form['password'])) return success_response(200, 'OK', token=token) return failure_response(400, 'Invalid email or password') except Exception as e: return server_error_response(e)
async def delete(self): try: deleted = int(self.request.rel_url.query['id']) if deleted is None: return failure_response(400, 'No id param') if deleted < 0: return failure_response(400, 'Invalid id') user = get_user_from_token(self.request.headers['Authorization']) pool = self.request.app['pool'] async with pool.acquire() as conn: async with conn.cursor() as c: await c.execute(select_comment_by_id(deleted)) com = await c.fetchone() if com is None: return failure_response(400, 'Invalid id') if user['email'] != to_json(com)['email']: return failure_response(401, 'You are not an author') await c.execute(delete_comment_by_id(deleted)) return success_response(200, f'Deleted comment by id {deleted}') except Exception as e: return server_error_response(e)
async def put(self): try: form = await self.request.json() if int(form['id']) is None or int(form['id']) < 0: return failure_response(400, 'Invalid comment id') if form['text'] is None or not form['text']: return failure_response(400, 'Invalid comment text') user = get_user_from_token(self.request.headers['Authorization']) pool = self.request.app['pool'] async with pool.acquire() as conn: async with conn.cursor() as c: await c.execute(select_comment_by_id(int(form['id']))) com = await c.fetchone() if com is None: return failure_response(400, f"No comment with id {form['id']}") if user['email'] != to_json(com)['email']: return failure_response(401, 'You are not an author') await c.execute(update_comment_by_id(form['text'], int(form['id']))) return success_response(200, 'Updated!') except Exception as e: return server_error_response(e)
async def delete_user(request: Request) -> json_response: try: data = await request.json() if data['key'] is None or len(data['key']) < 10: return failure_response(401, 'Authorize please') pool = request.app['pool'] async with pool.acquire() as conn: async with conn.transaction(): users = await conn.fetch( 'SELECT * FROM users WHERE key=\'{}\''.format(data['key'])) if len(users) == 0: return failure_response(401, 'Authorize please') else: await conn.fetch(''' DELETE FROM users WHERE email=\'{}\'; DELETE FROM transfers WHERE master=\'{}\' '''.format(users[0]['email'], users[0]['email'])) logger.info('User {} was deleted (key={})'.format( users[0]['email'], data['key'])) return success_response(200, 'ok') except Exception as e: return server_error_response(e)
async def get_user_transfers(request: Request) -> json_response: try: data = await request.json() if data['key'] is None or len(data['key']) < 10: return failure_response(401, 'Authorize please') pool = request.app['pool'] async with pool.acquire() as conn: users = await conn.fetch( 'SELECT * FROM users WHERE key=\'{}\''.format(data['key'])) if len(users) == 0: return failure_response(401, 'Authorize please') else: transfers = await conn.fetch( 'SELECT * FROM transfers WHERE master=\'{}\''.format( users[0]['email'])) return success_response( 200, 'ok', data=list( map(lambda t: transfer_record_to_json(t), transfers))) except Exception as e: return server_error_response(e)
async def delete(self) -> json_response: try: title = self.request.rel_url.query['title'] if title is not None: if len(title) < 4: return failure_response(400, 'Invalid title length') user = get_user_from_token( self.request.headers['Authorization']) pool = self.request.app['pool'] async with pool.acquire() as conn: async with conn.cursor() as c: await c.execute(find(user['email'], title)) n = await c.fetchone() if n is not None: await c.execute(delete_new_by_title(title)) return success_response( 200, f'NewPage {title} was deleted') return failure_response( 400, f"No such post with title : {title}") return failure_response(400, 'No title parameter') except Exception as e: return server_error_response(e)
async def post(self) -> json_response: try: form = await self.request.json() if form['title'] is None or 4 > len(form['title']) > 60: return failure_response(400, 'Invalid title length') if form['text'] is None or len(form['text']) < 15: return failure_response(400, 'Invalid text length') if form['url'] is None or 5 > len(form['url']) < 60: return failure_response(400, 'Invalid url') user = get_user_from_token(self.request.headers['Authorization']) pool = self.request.app['pool'] async with pool.acquire() as conn: async with conn.cursor() as c: await c.execute( select_from_users_where_email(user['email'])) u = await c.fetchone() if u is not None: await c.execute( select_from_news_where_title(form['title'])) n = await c.fetchone() if n is None: post = New_Model(title=form['title'], text=form['text'], image_url=form['url'], name=user['name'], email=user['email']) await c.execute(insert_new_post(post)) print( f"New {post.title} was created by {user['email']}" ) return success_response( 201, f'New {post.title} was created!') return failure_response( 400, f"New with title {form['title']} already exist") return failure_response(401, 'No such user') except Exception as e: return server_error_response(e)
async def delete(self) -> json_response: try: usr = get_user_from_token(self.request.headers['Authorization']) pool = self.request.app['pool'] async with pool.acquire() as conn: async with conn.cursor() as c: await c.execute(select_from_users_where_email(usr['email'])) u = await c.fetchone() if u is not None: await c.execute(delete_user_by_email(usr['email'])) return success_response(200, f"Deleted user with email {usr['email']}") return failure_response(400, 'Bad email') except Exception as e: return server_error_response(e)
async def put(self) -> json_response: try: form = await self.request.json() if len(form['obj'].items()) == 0: return failure_response(400, 'Nothing to edit') if form['old'] is None or 4 > len(form['old']) > 60: return failure_response(400, 'Error') user = get_user_from_token(self.request.headers['Authorization']) pool = self.request.app['pool'] async with pool.acquire() as conn: async with conn.cursor() as c: await c.execute(find(user['email'], form['old'])) n = await c.fetchone() if n is not None: new_post = new_tuple_to_json(n) new_post.update(form['obj']) await c.execute( update_news_where_title(new_post, form['old'])) return success_response(200, 'Updated!') return failure_response( 400, f"No such post with title {form['old']}") except Exception as e: return server_error_response(e)
async def put(self) -> json_response: try: form = await self.request.json() if len(form['obj'].items()) == 0: return failure_response(400, 'Nothing to edit') obj = form['obj'] token = self.request.headers['Authorization'] if 'password' in obj: if get_old_pass(token) == obj['password']: if obj['newPassword'] is None or 20 < len(obj['newPassword']) < 8: return failure_response(400, 'Invalid length of new password') obj['password'] = crypt_password(obj['newPassword']) else: return failure_response(401, 'Invalid password') usr = get_user_from_token(token) pool = self.request.app['pool'] async with pool.acquire() as conn: async with conn.cursor() as c: await c.execute(select_from_users_where_email(usr['email'])) u = await c.fetchone() if u is not None: new_user = user_tuple_to_json(u) new_user.update(obj) if 'password' not in obj: new_user['password'] = u[3] await c.execute(update_users_where_email(new_user, usr['email'])) updated = dict((i, new_user[i]) for i in new_user if i != 'password') if 'password' in obj: new_token = generate_token(dict(user=updated, password=obj['newPassword'])) else: new_token = generate_token(dict(user=updated, password=get_old_pass(token))) return success_response(200, 'OK', token=new_token) return failure_response(400, f"No such user with email {usr['email']}") except Exception as e: return server_error_response(e)
async def post(self) -> json_response: try: form = await self.request.json() if form['name'] is None or 8 > len(form['name']) > 20: return failure_response(400, 'Invalid name length') if form['email'] is None or 8 > len(form['email']) > 20: return failure_response(400, 'Invalid email length') if form['password'] is None or 8 > len(form['password']) > 20: return failure_response(400, 'Invalid password length') if form['country'] is None or 3 > len(form['country']) > 15: return failure_response(400, 'Invalid country length') if form['age'] is None or 6 > int(form['age']) > 65: return failure_response(400, 'Invalid age ') if not isinstance(form['gender'], bool): return failure_response(400, 'Invalid gender') pool = self.request.app['pool'] async with pool.acquire() as conn: async with conn.cursor() as c: await c.execute( select_from_users_where_email(form['email'])) usr = await c.fetchone() if usr is None: password_hash = crypt_password(form['password']) user = User(name=form['name'], email=form['email'], password=password_hash, country=form['country'], age=int(form['age']), gender=form['gender'], active=True, role='User') await c.execute(insert_new_user(user)) print(f'Created new user : {user.email}') return success_response( 201, f'Created user : {user.email}') return failure_response( 400, f"User with email {form['email']} already exists") except Exception as e: return server_error_response(e)
async def register(request: Request) -> json_response: try: user = await request.json() if 8 > len(user['name']) > 20: return failure_response(400, 'Invalid name length') if 8 > len(user['email']) > 20: return failure_response(400, 'Invalid email length') if 8 > len(user['password']) > 20: return failure_response(400, 'Invalid email length') if 3 > len(user['country']) > 15: return failure_response(400, 'Invalid country') if user['age'] is None or 6 > int(user['age']) > 65: return failure_response(400, 'Invalid age') pool = request.app['pool'] async with pool.acquire() as conn: async with conn.transaction(): usr = await conn.fetch( 'SELECT * FROM users WHERE email=\'{}\''.format( user['email'])) if len(usr) == 0: password_hash = encode( str(user['password']).encode('utf-8')) u = User(name=user['name'], email=user['email'], password=password_hash, age=user['age'], country=user['country']) await conn.fetch( '''INSERT INTO users (name,email,password,age,country,balance,key) VALUES (\'{}\', \'{}\', \'{}\', {}, \'{}\', {}, \'{}\')''' .format(u.name, u.email, u.password, u.age, u.country, u.balance, u.key)) token = get_token({'user': u.to_json(), 'key': u.key}) logger.info( 'Registrate new User(name={}, email={}, age={}, country={})' .format(u.name, u.email, u.age, u.country)) return success_response(200, 'ok', token=token) else: return failure_response(200, 'This login is already taken') except Exception as e: return server_error_response(e)
async def new_transfer(request: Request) -> json_response: try: transfer = await request.json() if len(transfer['master']) < 0: return failure_response(403, 'Authorize please') if 8 > len(transfer['whom']) > 20: return failure_response(400, 'Invalid length of destination email') if transfer['amount'] is None or int(transfer['amount']) < 0: return failure_response(400, 'Invalid amount') pool = request.app['pool'] async with pool.acquire() as conn: async with conn.transaction(): users = await conn.fetch( 'SELECT * FROM users WHERE key=\'{}\''.format( transfer['master'])) if len(users) == 0: return failure_response(403, 'Authorize please') else: if users[0]['email'] == transfer['whom']: return failure_response(400, 'Not bad') if int(users[0]['balance']) < 0: return failure_response( 402, 'There is no money in your account') if users[0]['balance'] < int(transfer['amount']): return failure_response( 400, 'There is not enough money in your account') u_dests = await conn.fetch( 'SELECT * FROM users WHERE email=\'{}\''.format( transfer['whom'])) if len(u_dests) == 0: return failure_response(400, 'No such destination email') else: dest = u_dests[0] # how to get last element F**K (MAX & LIMIT didn't work) transfers = await conn.fetch( '''SELECT * FROM transfers''') t = Transfer(master=transfer['master'], amount=transfer['amount'], whom=transfer['whom'], prev=transfer_record_to_json_string( transfers[-1])) await conn.fetch(''' INSERT INTO transfers (transfer_hash, master, whom, amount, time) VALUES (\'{}\', \'{}\', \'{}\', {}, \'{}\') '''.format(t.transfer_hash, users[0]['email'], t.whom, t.amount, t.time)) await conn.fetch( 'UPDATE users SET balance={} WHERE email=\'{}\''. format((users[0]['balance'] - int(transfer['amount'])), users[0]['email'])) await conn.fetch( 'UPDATE users SET balance={} WHERE email=\'{}\''. format((dest['balance'] + int(transfer['amount'])), dest['email'])) logger.info('New Transfer {} send {} to {}'.format( users[0]['email'], transfer['amount'], transfer['whom'])) return success_response(200, 'ok') except Exception as e: return server_error_response(e)