def referral_create():
if not use_referrals:
return bad_request(web_utils.NOT_AVAILABLE)
recipient, api_key, err_response = auth_request_get_single_param(
db, "recipient")
if err_response:
return err_response
if not utils.is_email(recipient):
return bad_request(web_utils.INVALID_EMAIL)
recipient = recipient.lower()
user = User.from_email(db.session, recipient)
if user:
time.sleep(5)
return bad_request(web_utils.USER_EXISTS)
reward_sender_type = app.config["REFERRAL_REWARD_TYPE_SENDER"]
reward_sender = app.config["REFERRAL_REWARD_SENDER"]
reward_recipient_type = app.config["REFERRAL_REWARD_TYPE_RECIPIENT"]
reward_recipient = app.config["REFERRAL_REWARD_RECIPIENT"]
recipient_min_spend = app.config["REFERRAL_RECIPIENT_MIN_SPEND"]
ref = Referral(api_key.user, recipient, reward_sender_type, reward_sender,
reward_recipient_type, reward_recipient,
recipient_min_spend)
utils.email_referral(logger, ref)
db.session.add(ref)
db.session.commit()
return 'ok'
def user_register():
content = request.get_json(force=True)
if content is None:
return bad_request(web_utils.INVALID_JSON)
params, err_response = get_json_params(content, [
"email", "password", "first_name", "last_name", "mobile_number",
"address", "photo", "photo_type"
])
if err_response:
return err_response
email, password, first_name, last_name, mobile_number, address, photo, photo_type = params
if not utils.is_email(email):
return bad_request(web_utils.INVALID_EMAIL)
email = email.lower()
if not password:
return bad_request(web_utils.EMPTY_PASSWORD)
if photo and len(photo) > 50000:
return bad_request(web_utils.PHOTO_DATA_LARGE)
req = UserCreateRequest(first_name, last_name, email, mobile_number,
address, photo, photo_type,
encrypt_password(password))
user = User.from_email(db.session, email)
if user:
time.sleep(5)
return bad_request(web_utils.USER_EXISTS)
utils.email_user_create_request(logger, req, req.MINUTES_EXPIRY)
db.session.add(req)
db.session.commit()
return 'ok'
def api_key_create():
content = request.get_json(force=True)
if content is None:
return bad_request(web_utils.INVALID_JSON)
params, err_response = get_json_params(
content, ["email", "password", "device_name"])
if err_response:
return err_response
email, password, device_name = params
if not email:
return bad_request(web_utils.INVALID_EMAIL)
email = email.lower()
user = User.from_email(db.session, email)
if not user:
time.sleep(5)
return bad_request(web_utils.AUTH_FAILED)
if not flask_security.verify_password(password, user.password):
time.sleep(5)
return bad_request(web_utils.AUTH_FAILED)
api_key = ApiKey(user, device_name)
for name in Permission.PERMS_ALL:
perm = Permission.from_name(db.session, name)
api_key.permissions.append(perm)
db.session.add(api_key)
db.session.commit()
return jsonify(
dict(token=api_key.token,
secret=api_key.secret,
device_name=api_key.device_name,
expiry=api_key.expiry))
def transaction_info():
token, api_key, err_response = auth_request_get_single_param(db, "token")
if err_response:
return err_response
tx = PayDbTransaction.from_token(db.session, token)
if not tx:
return bad_request(web_utils.INVALID_TX)
if tx.sender != api_key.user and tx.recipient != api_key.user:
return bad_request(web_utils.UNAUTHORIZED)
return jsonify(dict(tx=tx.to_json()))
def user_transactions():
params, api_key, err_response = auth_request_get_params(db, ["offset", "limit"])
if err_response:
return err_response
offset, limit = params
if limit > 1000:
return bad_request(web_utils.LIMIT_TOO_LARGE)
if not api_key.has_permission(Permission.PERMISSION_HISTORY):
return bad_request(web_utils.UNAUTHORIZED)
txs = PayDbTransaction.related_to_user(db.session, api_key.user, offset, limit)
txs = [tx.to_json() for tx in txs]
return jsonify(dict(txs=txs))
def referral_remind():
if not use_referrals:
return bad_request(web_utils.NOT_AVAILABLE)
token, api_key, err_response = auth_request_get_single_param(db, "token")
if err_response:
return err_response
ref = Referral.from_token_user(db.session, token, api_key.user)
if not ref:
return bad_request(web_utils.NOT_FOUND)
if ref.status != ref.STATUS_CREATED:
return bad_request(web_utils.NOT_FOUND)
utils.email_referral(logger, ref)
return 'ok'
def tx_status():
content = request.get_json(force=True)
if content is None:
return bad_request("failed to decode JSON object")
params, err_response = get_json_params(content, ["txid"])
if err_response:
return err_response
txid, = params
dbtx = WavesTx.from_txid(db.session, txid)
if not dbtx:
return bad_request('tx not found', 404)
tx = dbtx.tx_with_sigs()
return jsonify(dict(txid=txid, state=dbtx.state, tx=tx))
def tx_serialize():
content = request.get_json(force=True)
if content is None:
return bad_request("failed to decode JSON object")
params, err_response = get_json_params(content, ["tx"])
if err_response:
return err_response
tx, = params
if not "type" in tx:
return bad_request("tx does not contain 'type' field")
tx_serialized = tx_utils.tx_serialize(tx)
res = {"bytes": base64.b64encode(tx_serialized).decode("utf-8", "ignore")}
return jsonify(res)
def user_info():
email, api_key, err_response = auth_request_get_single_param(db, "email")
if err_response:
return err_response
if not email:
email = api_key.user.email
else:
email = email.lower()
user = User.from_email(db.session, email)
if not user:
time.sleep(5)
return bad_request(web_utils.AUTH_FAILED)
if user == api_key.user:
balance = paydb_core.user_balance(db.session, api_key)
roles = [role.name for role in api_key.user.roles]
perms = [perm.name for perm in api_key.permissions]
return jsonify(
dict(email=user.email,
balance=balance,
photo=user.photo,
photo_type=user.photo_type,
roles=roles,
permissions=perms))
return jsonify(
dict(email=user.email,
balance=-1,
photo=user.photo,
photo_type=user.photo_type,
roles=[],
permissions=[]))
def user_update_email():
email, api_key, err_response = auth_request_get_single_param(db, "email")
if err_response:
return err_response
if not email:
return bad_request(web_utils.INVALID_EMAIL)
email = email.lower()
user = User.from_email(db.session, email)
if user:
time.sleep(5)
return bad_request(web_utils.USER_EXISTS)
req = UserUpdateEmailRequest(api_key.user, email)
utils.email_user_update_email_request(logger, req, req.MINUTES_EXPIRY)
db.session.add(req)
db.session.commit()
return 'ok'
def referral_validate():
if not use_referrals:
return bad_request(web_utils.NOT_AVAILABLE)
token, api_key, err_response = auth_request_get_single_param(db, "token")
if err_response:
return err_response
if not api_key.user.has_role(
Role.ROLE_ADMIN) and not api_key.user.has_role(
Role.ROLE_REFERRAL_CLAIMER):
return bad_request(web_utils.UNAUTHORIZED)
ref = Referral.from_token(db.session, token)
if not ref:
return bad_request(web_utils.NOT_FOUND)
if ref.status != ref.STATUS_CREATED:
return bad_request(web_utils.NOT_FOUND)
return jsonify(dict(referral=ref.to_json()))
def push_notifications_register():
content = request.get_json(force=True)
if content is None:
return bad_request("failed to decode JSON object")
params, err_response = get_json_params(content, ["registration_token"])
if err_response:
return err_response
registration_token, = params
latitude, longitude = get_json_params_optional(content,
["latitude", "longitude"])
topics = Topic.topic_list(db.session)
fcm.subscribe_to_topics(registration_token, topics)
if latitude and longitude:
latitude = float(latitude)
longitude = float(longitude)
push_location = PushNotificationLocation.from_token(
db.session, registration_token)
if push_location:
push_location.update(latitude, longitude)
else:
push_location = PushNotificationLocation(registration_token,
latitude, longitude)
db.session.add(push_location)
db.session.commit()
return jsonify(dict(result="ok"))
def tx_signature():
content = request.get_json(force=True)
if content is None:
return bad_request("failed to decode JSON object")
params, err_response = get_json_params(content, ["txid", "signer_index", "signature"])
if err_response:
return err_response
txid, signer_index, signature = params
dbtx = WavesTx.from_txid(db.session, txid)
if not dbtx:
return bad_request('tx not found', 404)
logger.info(":: adding sig to tx - %s, %d, %s", txid, signer_index, signature)
sig = WavesTxSig(dbtx, signer_index, signature)
db.session.add(sig)
db.session.commit()
tx = dbtx.tx_with_sigs()
return jsonify(dict(txid=txid, state=dbtx.state, tx=tx))
def referral_claim():
if not use_referrals:
return bad_request(web_utils.NOT_AVAILABLE)
token, api_key, err_response = auth_request_get_single_param(db, "token")
if err_response:
return err_response
if not api_key.user.has_role(
Role.ROLE_ADMIN) and not api_key.user.has_role(
Role.ROLE_REFERRAL_CLAIMER):
return bad_request(web_utils.UNAUTHORIZED)
ref = Referral.from_token(db.session, token)
if not ref:
return bad_request(web_utils.NOT_FOUND)
if ref.status != ref.STATUS_CREATED:
return bad_request(web_utils.NOT_FOUND)
# send referral rewards
category = Category.from_name(db.session, Category.CATEGORY_REFERRAL)
if not category:
return bad_request(web_utils.INVALID_CATEGORY)
if ref.reward_sender <= 0:
return bad_request(web_utils.INVALID_AMOUNT)
if ref.reward_recipient_type == ref.REWARD_TYPE_FIXED and ref.reward_recipient <= 0:
return bad_request(web_utils.INVALID_AMOUNT)
reason = f'{ref.token}: reward for referral'
_reward_create(api_key.user, reason, category, ref.recipient,
ref.reward_sender, 'Thank you for referring a friend')
if ref.reward_recipient_type == ref.REWARD_TYPE_FIXED:
_reward_create(api_key.user, reason, category, ref.recipient,
ref.reward_recipient, 'Thank you for using our service')
ref.status = ref.STATUS_CLAIMED
db.session.add(ref)
db.session.commit()
return jsonify(dict(referral=ref.to_json()))
def referral_list():
if not use_referrals:
return bad_request(web_utils.NOT_AVAILABLE)
api_key, err_response = auth_request(db)
if err_response:
return err_response
refs = Referral.from_user(db.session, api_key.user)
refs = [ref.to_json() for ref in refs]
return jsonify(dict(referrals=refs))
def tx_broadcast():
content = request.get_json(force=True)
if content is None:
return bad_request("failed to decode JSON object")
params, err_response = get_json_params(content, ["txid"])
if err_response:
return err_response
txid, = params
error, dbtx, tx = _tx_broadcast(txid)
return jsonify(dict(txid=txid, state=dbtx.state, tx=tx, error=error))
def api_key_claim():
content = request.get_json(force=True)
if content is None:
return bad_request(web_utils.INVALID_JSON)
params, err_response = get_json_params(content, ["token"])
if err_response:
return err_response
token, = params
req = ApiKeyRequest.from_token(db.session, token)
if not token:
time.sleep(5)
return bad_request(web_utils.NOT_FOUND)
req = ApiKeyRequest.from_token(db.session, token)
if not req.created_api_key:
time.sleep(5)
return bad_request(web_utils.NOT_CREATED)
api_key = req.created_api_key
db.session.delete(req)
db.session.commit()
return jsonify(dict(token=api_key.token, secret=api_key.secret, device_name=api_key.device_name, expiry=api_key.expiry))
def api_key_request():
content = request.get_json(force=True)
if content is None:
return bad_request(web_utils.INVALID_JSON)
params, err_response = get_json_params(content, ["email", "device_name"])
if err_response:
return err_response
email, device_name = params
if not email:
return bad_request(web_utils.INVALID_EMAIL)
email = email.lower()
user = User.from_email(db.session, email)
if not user:
req = ApiKeyRequest(user, device_name)
return jsonify(dict(token=req.token))
req = ApiKeyRequest(user, device_name)
utils.email_api_key_request(logger, req, req.MINUTES_EXPIRY)
db.session.add(req)
db.session.commit()
return jsonify(dict(token=req.token))
def user_update_photo():
sig = request_get_signature()
content = request.get_json(force=True)
if content is None:
return bad_request(web_utils.INVALID_JSON)
params, err_response = get_json_params(
content, ["api_key", "nonce", "photo", "photo_type"])
if err_response:
return err_response
api_key, nonce, photo, photo_type = params
res, reason, api_key = check_auth(db.session, api_key, nonce, sig,
request.data)
if not res:
return bad_request(reason)
user = api_key.user
user.photo = photo
user.photo_type = photo_type
db.session.add(user)
db.session.commit()
return jsonify(dict(photo=user.photo, photo_type=user.photo_type))
def reward_categories():
sig = request_get_signature()
content = request.get_json(force=True)
if content is None:
return bad_request(web_utils.INVALID_JSON)
params, err_response = get_json_params(content, ["api_key", "nonce"])
if err_response:
return err_response
api_key, nonce = params
res, auth_fail_reason, api_key = check_auth(db.session, api_key, nonce,
sig, request.data)
if not res:
return bad_request(auth_fail_reason)
if not api_key.user.has_role(
Role.ROLE_ADMIN) and not api_key.user.has_role(
Role.ROLE_AUTHORIZER):
return bad_request(web_utils.UNAUTHORIZED)
# pylint: disable=no-member
cats = db.session.query(Category).all()
cats = [cat.name for cat in cats]
return jsonify(dict(categories=cats))
def transaction_create():
sig = request_get_signature()
content = request.get_json(force=True)
if content is None:
return bad_request(web_utils.INVALID_JSON)
params, err_response = get_json_params(
content,
["api_key", "nonce", "action", "recipient", "amount", "attachment"])
if err_response:
return err_response
api_key, nonce, action, recipient, amount, attachment = params
res, reason, api_key = check_auth(db.session, api_key, nonce, sig,
request.data)
if not res:
return bad_request(reason)
tx, error = paydb_core.tx_create_and_play(db.session, api_key, action,
recipient, amount, attachment)
if not tx:
return bad_request(error)
tx_event(tx)
return jsonify(dict(tx=tx.to_json()))
def transaction_create():
params, api_key, err_response = auth_request_get_params(db, ["action", "recipient", "amount", "attachment"])
if err_response:
return err_response
action, recipient, amount, attachment = params
if recipient:
recipient = recipient.lower()
tx, error = paydb_core.tx_create_and_play(db.session, api_key, action, recipient, amount, attachment)
if not tx:
return bad_request(error)
tx_event(tx)
return jsonify(dict(tx=tx.to_json()))
def user_transactions():
sig = request_get_signature()
content = request.get_json(force=True)
if content is None:
return bad_request(web_utils.INVALID_JSON)
params, err_response = get_json_params(
content, ["api_key", "nonce", "offset", "limit"])
if err_response:
return err_response
api_key, nonce, offset, limit = params
if limit > 1000:
return bad_request(web_utils.LIMIT_TOO_LARGE)
res, reason, api_key = check_auth(db.session, api_key, nonce, sig,
request.data)
if not res:
return bad_request(reason)
if not api_key.has_permission(Permission.PERMISSION_HISTORY):
return bad_request(web_utils.UNAUTHORIZED)
txs = PayDbTransaction.related_to_user(db.session, api_key.user, offset,
limit)
txs = [tx.to_json() for tx in txs]
return jsonify(dict(txs=txs))
def reward_create():
sig = request_get_signature()
content = request.get_json(force=True)
if content is None:
return bad_request(web_utils.INVALID_JSON)
params, err_response = get_json_params(content, [
"api_key", "nonce", "reason", "category", "recipient", "amount",
"message"
])
if err_response:
return err_response
api_key, nonce, reason, category, recipient, amount, message = params
res, auth_fail_reason, api_key = check_auth(db.session, api_key, nonce,
sig, request.data)
if not res:
return bad_request(auth_fail_reason)
if not api_key.user.has_role(
Role.ROLE_ADMIN) and not api_key.user.has_role(
Role.ROLE_AUTHORIZER):
return bad_request(web_utils.UNAUTHORIZED)
cat = Category.from_name(db.session, category)
if not cat:
return bad_request(web_utils.INVALID_CATEGORY)
if amount <= 0:
return bad_request(web_utils.INVALID_AMOUNT)
proposal, payment = _reward_create(api_key.user, reason, cat, recipient,
amount, message)
db.session.commit()
return jsonify(
dict(proposal=dict(reason=reason,
category=category,
status=proposal.status,
payment=dict(amount=amount,
email=payment.email,
mobile=payment.mobile,
address=payment.recipient,
message=message,
status=payment.status))))
def user_update_password():
sig = request_get_signature()
content = request.get_json(force=True)
if content is None:
return bad_request(web_utils.INVALID_JSON)
params, err_response = get_json_params(
content, ["api_key", "nonce", "current_password", "new_password"])
if err_response:
return err_response
api_key, nonce, current_password, new_password = params
res, reason, api_key = check_auth(db.session, api_key, nonce, sig,
request.data)
if not res:
return bad_request(reason)
user = api_key.user
verified_password = verify_password(current_password, user.password)
if not verified_password:
return bad_request(web_utils.INCORRECT_PASSWORD)
### set the new_password:
user.password = encrypt_password(new_password)
db.session.add(user)
db.session.commit()
return 'password changed.'
def tx_broadcast():
content = request.get_json(force=True)
if content is None:
return bad_request("failed to decode JSON object")
params, err_response = get_json_params(content, ["txid"])
if err_response:
return err_response
txid, = params
dbtx = WavesTx.from_txid(db.session, txid)
if not dbtx:
return bad_request('tx not found', 404)
tx = dbtx.tx_with_sigs()
error = ""
# broadcast transaction
try:
dbtx = tx_utils.broadcast_transaction(db.session, dbtx.txid)
db.session.add(dbtx)
db.session.commit()
except OtherError as ex:
error = ex.message
if hasattr(ex, 'data'):
error = "{} - {}".format(ex.message, ex.data)
return jsonify(dict(txid=txid, state=dbtx.state, tx=tx, error=error))
def user_update_password():
params, api_key, err_response = auth_request_get_params(db, ["current_password", "new_password"])
if err_response:
return err_response
current_password, new_password = params
user = api_key.user
verified_password = verify_password(current_password, user.password)
if not verified_password:
return bad_request(web_utils.INCORRECT_PASSWORD)
### set the new_password:
user.password = encrypt_password(new_password)
db.session.add(user)
db.session.commit()
return 'password changed.'
def _tx_broadcast(txid):
dbtx = WavesTx.from_txid(db.session, txid)
if not dbtx:
return bad_request('tx not found', 404)
tx = dbtx.tx_with_sigs()
error = ""
# broadcast transaction
try:
dbtx = tx_utils.broadcast_transaction(db.session, dbtx.txid)
db.session.add(dbtx)
db.session.commit()
except OtherError as ex:
error = ex.message
if hasattr(ex, 'data'):
error = "{} - {}".format(ex.message, ex.data)
return error, dbtx, tx
def referral_config():
if not use_referrals:
return bad_request(web_utils.NOT_AVAILABLE)
_, err_response = auth_request(db)
if err_response:
return err_response
reward_sender_type = app.config["REFERRAL_REWARD_TYPE_SENDER"]
reward_sender = app.config["REFERRAL_REWARD_SENDER"]
reward_recipient_type = app.config["REFERRAL_REWARD_TYPE_RECIPIENT"]
reward_recipient = app.config["REFERRAL_REWARD_RECIPIENT"]
recipient_min_spend = app.config["REFERRAL_RECIPIENT_MIN_SPEND"]
spend_asset = app.config["REFERRAL_SPEND_ASSET"]
return jsonify(
dict(reward_sender_type=reward_sender_type,
reward_sender=reward_sender,
reward_recipient_type=reward_recipient_type,
reward_recipient=reward_recipient,
recipient_min_spend=recipient_min_spend,
spend_asset=spend_asset))
def user_update_email_confirm(token=None):
req = UserUpdateEmailRequest.from_token(db.session, token)
if not req:
flash('User update email request not found.', 'danger')
return redirect('/')
now = datetime.datetime.now()
if now > req.expiry:
flash('User update email request expired.', 'danger')
return redirect('/')
user = User.from_email(db.session, req.email)
if user:
time.sleep(5)
return bad_request(web_utils.USER_EXISTS)
user = req.user
user.email = req.email
db.session.add(user)
db.session.delete(req)
db.session.commit()
flash('User email updated.', 'success')
return redirect('/')
