def handle_login_user(self, req: Request) -> Union[Response, HTTPError]:
user_from_req = self.read_user_from_request_body(req)
user_from_db = self._users.get_by_login(user_from_req.login)
if user_from_db is None:
# user not found, 404
return HTTPError(404, 'Not Found')
if user_from_db.password != user_from_req.password:
# forbidden, 403
return HTTPError(403, 'Forbidden')
ts = int(time.time())
token = Token.as_authorization(user_from_db.login, ts + 3600)
return Response(200, 'OK', headers={"Authorization": token})
def handle_request(self, req: Request):
user_login = None
if "Authorization" in req.headers:
try:
user_login = Token.as_token(req.headers["Authorization"])
except KeyError as ke:
return HTTPError(403, "Forbidden", body=("token must have key " + str(ke)).encode())
except Exception as e:
return HTTPError(403, "Forbidden", body=str(e).encode())
print(req.path, req.query, req.url)
if req.path == '/users' and req.method == 'POST':#REGISTRATION
return self.handle_post_users(req)
if req.path == '/login' and req.method == 'POST':#LOGIN
return self.handle_login_user(req)
if req.path == '/users' and req.method == 'GET': #GET ALL USERS LIST
if user_login is None:
return HTTPError(403, "Forbidden", body="authorization header is absent".encode())
return self.handle_get_users(req, user_login)
if req.path == '/cafes' and req.method == 'GET': #TODO # withMeanStars
if user_login is None:
return HTTPError(403, "Forbidden", body="authorization header is absent".encode())
return self.handle_get_cafes(req)
if req.path == '/cafe/media' and req.method == 'GET': #TODO
if user_login is None:
return HTTPError(403, "Forbidden", body="authorization header is absent".encode())
return self.handle_get_cafe_media(req)
if req.path == '/cafe/media' and req.method == 'POST':
if user_login is None:
return HTTPError(403, "Forbidden", body="authorization header is absent".encode())
return self.handle_add_cafe_media(req, user_login)
if req.path == '/cafe/media' and req.method == 'DELETE': #TODO
if user_login is None:
return HTTPError(403, "Forbidden", body="authorization header is absent".encode())
return self.handle_del_cafe_media(req)
if req.path == '/cafe' and req.method == 'POST':
if user_login is None:
return HTTPError(403, "Forbidden", body="authorization header is absent".encode())
return self.handle_put_cafe(req, user_login)
# if req.path == '/cafe' and req.method == 'POST':
# if user_login is None:
# return HTTPError(403, "Forbidden", body="authorization header is absent".encode())
# return self.handle_edit_cafe(req)
if req.path == '/cafe/review' and req.method == 'GET':
if user_login is None:
return HTTPError(403, "Forbidden", body="authorization header is absent".encode())
return self.handle_get_reviews(req)
if req.path == '/cafe/review' and req.method == 'POST':
if user_login is None:
return HTTPError(403, "Forbidden", body="authorization header is absent".encode())
return self.handle_add_review(req, user_login)
if req.path == '/cafe/review' and req.method == 'DELETE': #TODO
if user_login is None:
return HTTPError(403, "Forbidden", body="authorization header is absent".encode())
return self.handle_del_review(req, user_login)
"""if req.path.startswith('/users/'):
user_id = req.path[len('/users/'):]
if user_id.isdigit():
return self.handle_get_user(req, user_id)"""
raise HTTPError(404, 'Not found')