def on_auth(self, auth):
if not isinstance(auth, dict):
try:
auth = json.loads(auth)
except: # pylint: disable=bare-except
emit("info", "invalid json", namespace=NS)
return
if "api_key" not in auth:
emit("info", "'api_key' param missing", namespace=NS)
return
if "nonce" not in auth:
emit("info", "'nonce' param missing", namespace=NS)
return
if "signature" not in auth:
emit("info", "'signature' param missing", namespace=NS)
return
# check auth
res, reason, api_key = check_auth(db.session, auth["api_key"], auth["nonce"], auth["signature"], str(auth["nonce"]))
if res:
emit("info", "authenticated!", namespace=NS)
# join room and store user
logger.info("join room for email: %s", api_key.user.email)
join_room(api_key.user.email)
# store sid -> email map
ws_sids[request.sid] = api_key.user.email
else:
api_key = auth["api_key"]
emit("info", f"failed authentication ({api_key}): {reason}", namespace=NS)
logger.info("failed authentication (%s): %s", api_key, reason)
def on_auth(self, auth):
# check auth
res, reason, api_key = check_auth(db.session, auth["api_key"],
auth["nonce"], auth["signature"],
str(auth["nonce"]))
if res:
emit("info", "authenticated!", namespace=NS)
# join room and store user
logger.info("join room for email: %s", api_key.user.email)
join_room(api_key.user.email)
# store sid -> email map
ws_sids[request.sid] = api_key.user.email
else:
logger.info("failed authentication (%s): %s", auth["api_key"],
reason)
def user_update_photo():
sig = request_get_signature()
content = request.get_json(force=True)
if content is None:
return bad_request(web_utils.INVALID_JSON)
params, err_response = get_json_params(
content, ["api_key", "nonce", "photo", "photo_type"])
if err_response:
return err_response
api_key, nonce, photo, photo_type = params
res, reason, api_key = check_auth(db.session, api_key, nonce, sig,
request.data)
if not res:
return bad_request(reason)
user = api_key.user
user.photo = photo
user.photo_type = photo_type
db.session.add(user)
db.session.commit()
return jsonify(dict(photo=user.photo, photo_type=user.photo_type))
def transaction_create():
sig = request_get_signature()
content = request.get_json(force=True)
if content is None:
return bad_request(web_utils.INVALID_JSON)
params, err_response = get_json_params(
content,
["api_key", "nonce", "action", "recipient", "amount", "attachment"])
if err_response:
return err_response
api_key, nonce, action, recipient, amount, attachment = params
res, reason, api_key = check_auth(db.session, api_key, nonce, sig,
request.data)
if not res:
return bad_request(reason)
tx, error = paydb_core.tx_create_and_play(db.session, api_key, action,
recipient, amount, attachment)
if not tx:
return bad_request(error)
tx_event(tx)
return jsonify(dict(tx=tx.to_json()))
def reward_categories():
sig = request_get_signature()
content = request.get_json(force=True)
if content is None:
return bad_request(web_utils.INVALID_JSON)
params, err_response = get_json_params(content, ["api_key", "nonce"])
if err_response:
return err_response
api_key, nonce = params
res, auth_fail_reason, api_key = check_auth(db.session, api_key, nonce,
sig, request.data)
if not res:
return bad_request(auth_fail_reason)
if not api_key.user.has_role(
Role.ROLE_ADMIN) and not api_key.user.has_role(
Role.ROLE_AUTHORIZER):
return bad_request(web_utils.UNAUTHORIZED)
# pylint: disable=no-member
cats = db.session.query(Category).all()
cats = [cat.name for cat in cats]
return jsonify(dict(categories=cats))
def user_transactions():
sig = request_get_signature()
content = request.get_json(force=True)
if content is None:
return bad_request(web_utils.INVALID_JSON)
params, err_response = get_json_params(
content, ["api_key", "nonce", "offset", "limit"])
if err_response:
return err_response
api_key, nonce, offset, limit = params
if limit > 1000:
return bad_request(web_utils.LIMIT_TOO_LARGE)
res, reason, api_key = check_auth(db.session, api_key, nonce, sig,
request.data)
if not res:
return bad_request(reason)
if not api_key.has_permission(Permission.PERMISSION_HISTORY):
return bad_request(web_utils.UNAUTHORIZED)
txs = PayDbTransaction.related_to_user(db.session, api_key.user, offset,
limit)
txs = [tx.to_json() for tx in txs]
return jsonify(dict(txs=txs))
def reward_create():
sig = request_get_signature()
content = request.get_json(force=True)
if content is None:
return bad_request(web_utils.INVALID_JSON)
params, err_response = get_json_params(content, [
"api_key", "nonce", "reason", "category", "recipient", "amount",
"message"
])
if err_response:
return err_response
api_key, nonce, reason, category, recipient, amount, message = params
res, auth_fail_reason, api_key = check_auth(db.session, api_key, nonce,
sig, request.data)
if not res:
return bad_request(auth_fail_reason)
if not api_key.user.has_role(
Role.ROLE_ADMIN) and not api_key.user.has_role(
Role.ROLE_AUTHORIZER):
return bad_request(web_utils.UNAUTHORIZED)
cat = Category.from_name(db.session, category)
if not cat:
return bad_request(web_utils.INVALID_CATEGORY)
if amount <= 0:
return bad_request(web_utils.INVALID_AMOUNT)
proposal, payment = _reward_create(api_key.user, reason, cat, recipient,
amount, message)
db.session.commit()
return jsonify(
dict(proposal=dict(reason=reason,
category=category,
status=proposal.status,
payment=dict(amount=amount,
email=payment.email,
mobile=payment.mobile,
address=payment.recipient,
message=message,
status=payment.status))))
def user_update_password():
sig = request_get_signature()
content = request.get_json(force=True)
if content is None:
return bad_request(web_utils.INVALID_JSON)
params, err_response = get_json_params(
content, ["api_key", "nonce", "current_password", "new_password"])
if err_response:
return err_response
api_key, nonce, current_password, new_password = params
res, reason, api_key = check_auth(db.session, api_key, nonce, sig,
request.data)
if not res:
return bad_request(reason)
user = api_key.user
verified_password = verify_password(current_password, user.password)
if not verified_password:
return bad_request(web_utils.INCORRECT_PASSWORD)
### set the new_password:
user.password = encrypt_password(new_password)
db.session.add(user)
db.session.commit()
return 'password changed.'