def POST(self, query_type):
""" Depending on query_type returns
a list of users, following or followed by current user
:param str logintoken: Login token to authenticate current user
:param str user_id: Quieried user id.
:to test: curl --data "csid_from_client=1&user_id=78&logintoken=RxPu7fLYgv" http://localhost:8080/api/social/query/following
:to test: curl --data "csid_from_client=1&user_id=78&logintoken=RxPu7fLYgv" http://localhost:8080/api/social/query/followed-by
:response data: list of users
"""
data = web.input()
user_id = data.get("user_id")
logintoken = data.get("logintoken", "")
status, response_or_user = self.authenticate_by_token(logintoken)
# Login was not successful
if not status:
return response_or_user
if not user_id:
return e_response('user_id is required', 400)
if 0 == web.ctx.orm.query(User).filter(User.id == user_id).count():
return e_response('User with id %s is not found' % user_id, 404)
if "followed-by" == query_type:
follows = UserProfile.query_followed_by(user_id,
response_or_user.id)
else:
follows = UserProfile.query_following(user_id, response_or_user.id)
csid_from_client = data.pop('csid_from_client')
return api_response(data=follows,
csid_from_client=csid_from_client,
csid_from_server="")
def check_global_params(handler):
req = web.input(project_id='1.0', format_type='JSON', os_type='web')
if '1.0' != req.get('project_id'):
return e_response('project_id must be 1.0', 400)
if 'JSON' != req.get('format_type'):
return e_response('Server supports JSON format_type only', 400)
if req.get('os_type') not in ['web', 'ios', 'android', 'other']:
return e_response('os_type can be web|ios|android|other only', 400)
# try:
return handler()
def POST(self):
""" Returns pin id's of a given board
:param str csid_from_client: Csid string from client
:param str board_name: name of a queried board
:param username: name of the user who is being queried
:response: * img_ids - list of pins related to a given board
* board_info - relevant board information
:to test: curl -d "username=olte" -d "board_name=Things to get" -d "csid_from_client=1" http://localhost:8080/api/image/query-board
"""
request_data = web.input()
username = request_data.get('username')
if not username:
return e_response('username is required', 400)
board_name = request_data.get('board_name')
if not board_name:
return e_response('board_name is required', 400)
# Get user_id from username
user = self.db.select('users',
where='username=$username',
vars={'username': username})
if len(user) == 0:
return e_response("Given user does not exist")
user_id = user[0].get("id")
# Get board by user_id and board_name
board = self.db.select(
'boards',
where='user_id=$uid and LOWER(name) like $bname',
vars={
'uid': user_id,
'bname': board_name.lower() + '%'
}).list()
if len(board) == 0:
return e_response(
"There are no board %s for user %s" % (board_name, username),
404)
# Get pins by board.id
image_ids = self.db.select('pins',
where='board_id=$bid',
vars={'bid': board[0]['id']},
what='id')
self.data['img_ids'] = [img["id"] for img in image_ids.list()]
self.data['board'] = board
return self.respond()
def POST(self):
""" Images upload main handler
Can be tested using the following command:
curl -F "image_title=some_title" -F "image_descr=some_descr" \
-F "image_file=@/home/oleg/Desktop/hard.jpg" \
http://localhost:8080/api/image/upload
"""
request_data = web.input(image_file={})
file_obj = request_data.get('image_file')
# For some reason, FileStorage object treats itself as False
if type(file_obj) == dict:
return e_response("Required args are missing", 400)
file_path = self.save_file(file_obj)
images_dict = store_image_from_filename(self.db,
file_path,
widths=(202, 212))
external_id = _generate_external_id()
pin_id = self.create_db_record({
'name':
request_data.get("image_title"),
'description':
request_data.get("image_descr"),
'user_id':
self._user['id'],
'link':
request_data.get("link"),
'product_url':
request_data.get("product_url"),
'price':
request_data.get("price"),
'price_range':
request_data.get("price_range"),
'board_id':
request_data.get("board_id"),
'external_id':
external_id,
'image_url':
images_dict[0]['url'],
'image_width':
images_dict[0]['width'],
'image_height':
images_dict[0]['height'],
'image_202_url':
images_dict[202]['url'],
'image_202_height':
images_dict[202]['height'],
'image_212_url':
images_dict[212]['url'],
'image_212_height':
images_dict[212]['height']
})
self.data['image_id'] = pin_id
self.data['external_id'] = external_id
return self.respond()
def POST(self):
"""
Compare given activation code with existed.
If they are identical - activate new user
"""
hashed_activation = web.input().get("hashed_activation")
activation = self.user.get('activation')
if not hashed_activation:
return e_response("Not found hashed_activation field in request", 400)
if hash(str(activation)) != int(hashed_activation):
return e_response("Wrong activation code given from user", 403)
update(User).where(User.id == self.user['id']).values(activation=0)
# db.update('users', activation=0,
# vars={'id': self.user["id"]}, where="id=$id")
return self.respond()
def search(self):
# Get data from request
query = web.input().get("query", None)
if not query:
return e_response('query is required', 400)
query = make_tsquery(query)
self.where.append(query)
self.query_range()
return self.respond()
def POST(self):
request_data = web.input()
# Get data from request
hashtag = request_data.get("hashtag", None)
if not hashtag:
return e_response('hashtag is required', 400)
self.where.append("tags.tags ILIKE '%%%s%%'" % hashtag)
self.query_range()
return self.respond()
def POST(self):
"""
Authentification method for API
"""
request_data = web.input()
save_api_request(request_data)
email = request_data.get("email")
if not email:
return e_response('username or email is required', 400)
password = request_data.get("password")
if not password:
return e_response('password is required', 400)
user = self.authenticate(email, password)
if not user:
return self.access_denied("Login or password wrong")
login_user(sess, user.get('id'))
self.data["user_id"] = user.get("id")
self.data["email"] = user.get("email")
self.data["username"] = user.get("username")
return self.respond()
def POST(self):
"""
Example usage:
curl --data "csid_from_client=11&user_id=78&msg=message&url=some_url" \
http://localhost:8080/api/notification/add
"""
params = web.input()
required = {'user_id', 'msg', 'url'}
required -= set(params.keys())
if len(required) > 0:
return e_response(', '.join(required) + ' is required', 400)
if not params["user_id"].isdigit():
return e_response('user_id must be positive integer', 400)
user_id = int(params["user_id"])
if 0 == web.ctx.orm.query(User).filter(User.id == user_id).count():
return e_response('User with id %s is not found' % user_id, 404)
try:
self.db.insert('notifs', user_id=user_id, message=params["msg"], link=params["url"])
except Exception as ex:
return e_response(ex.message)
return self.respond()
def POST(self):
"""
:param str csid_from_client: Csid string from client
:param str logintoken: logintoken of user
:param int picture_id: id of photo that you wish tis set as xover
:response data: no extra rsponse
:to test: curl --data "csid_from_client=1&picture_id=5&logintoken=XXXXXXX" http://localhost:8080/api/profile/userinfo/album_default_picture
"""
data = {}
status = 200
csid_from_server = None
error_code = ""
request_data = web.input()
logintoken = request_data.get('logintoken')
picture_id = request_data.get('picture_id')
user_status, user = self.authenticate_by_token(logintoken)
# User id contains error code
if not user_status:
return user
if not (picture_id and picture_id.isdigit()):
return e_response('picture_id is required', 400)
csid_from_server = user['seriesid']
csid_from_client = request_data.get("csid_from_client")
if not self._set_picture(user['id'], picture_id):
return e_response('Picture with id %s not found' % picture_id, 404)
response = api_response(data=data,
status=status,
error_code=error_code,
csid_from_client=csid_from_client,
csid_from_server=csid_from_server)
return response
def POST(self):
request_data = web.input()
# Get data from request
image_id = request_data.get("image_id")
if not image_id:
return e_response('image_id is required', 400)
self.data['image_id'] = image_id
tags = self.db.select('tags', where='pin_id = ' + image_id).list()
if len(tags) > 0:
tags = tags[0]['tags'].split()
self.data['hashtag_list'] = tags
return self.respond()
def POST(self):
request_data = web.input()
# Get data from request
query_type = request_data.get("query_type")
if 'all' == query_type or not query_type:
self.get_all()
elif 'new' == query_type:
self.get_new()
elif 'range' == query_type:
self.query_range()
else:
return e_response('Invalid query_type ' + query_type)
return self.respond()
def authenticate_by_token(self, logintoken):
"""Authenticates user by given logintoken
Returns:
status - flag set to True in case if user was successfully logged in
user_dict - dictionary with users profile data (if login success)
access_denied - if login failure
"""
user = self.db.select('users', {"logintoken": logintoken},
where="logintoken=$logintoken")
if len(user) > 0:
return True, user[0]
else:
return False, e_response("Wrong login token" if logintoken else
"Not received login token")
def POST(self):
"""
:param str csid_from_client: Csid string from client
:param str logintoken: logintoken of user
:param int picture_id: id of photo that you wish to remove
:response data: no extra rsponse
:to test: curl --data "csid_from_client=1&picture_id=5&logintoken=XXXXXXX" http://localhost:8080/api/profile/userinfo/remove_pic
"""
request_data = web.input()
logintoken = request_data.get('logintoken')
picture_id = request_data.get('picture_id')
user_status, user = self.authenticate_by_token(logintoken)
# User id contains error code
if not user_status:
return user
if not (picture_id and picture_id.isdigit()):
return e_response('picture_id is required', 400)
if not self._delete_picture(user['id'], picture_id):
return e_response('Picture with id %s not found' % picture_id, 404)
return api_response(
csid_from_client=request_data.get("csid_from_client"),
csid_from_server=user['seriesid'])
def POST(self):
request_data = web.input(category_id_list=[])
# Get data from request
image_id = request_data.get("image_id")
if not image_id:
return e_response('image_id is required', 400)
category_id_list = map(int, request_data.get("category_id_list"))
self.data['image_id'] = image_id
self.db.delete('pins_categories', where='pin_id = %s' % image_id)
for category_id in category_id_list:
self.db.insert('pins_categories',
pin_id=image_id,
category_id=category_id)
return self.respond()
def POST(self, notification_id):
""" Method responsible for retuning individual notifications
:args: logintoken, csid_from_client, notification_id.
:returns: notification_or_404
:to_test: curl --data "csid_from_client=1&logintoken=zs4jxj0yM2"\
http://localhost:8080/api/notification/177
"""
self.data = dbget('notifs', notification_id)
# Do not allow to read notification related to other users
if self.data.user_id != self._user.id:
return e_response('User can access to his own notifications only', 403)
# Remove notification which was already reviewed
self.db.delete('notifs', where='id = $id', vars={'id': notification_id})
return self.respond()
def POST(self):
"""
You can tested it using:
curl --data "csid_from_client=1&query_type=all&logintoken=2mwvVHVFga&
query_params=840&query_params=841&&query_params=842"
http://localhost:8080/api/image/query
"image_url" in response related with "link" in pins table.
"""
request_data = web.input(query_params=[], )
query_params = map(str, request_data.get("query_params"))
self.data['image_data_list'] = []
if len(query_params) > 0:
self.data['image_data_list'] = self.query_image(query_params)
else:
return e_response('Empty query_params', 400)
return self.respond()
def POST(self):
"""
:param str logintoken: Logintoken used fo authentication
:param str csid_from_client: CSID from client
:param str pin_id: Identifier of the pin
:response data: returns status: success, if like was added
:example usage: curl --data "csid_from_client=1&logintoken=RxPu7fLYgv&pin_id=46" http://localhost:8080/api/social/pin/like-unlike
"""
request_data = web.input()
csid_from_client = request_data.get('csid_from_client')
logintoken = request_data.get('logintoken')
status, user_or_response = self.authenticate_by_token(logintoken)
if not status:
return user_or_response
csid_from_server = user_or_response['seriesid']
pin_id = request_data.get('pin_id')
if not pin_id:
error_code = "pin_id can't be empty"
return api_response(data={},
error_code=error_code,
csid_from_client=csid_from_client,
csid_from_server=csid_from_server)
if 0 == db.query('select count(*) as num from pins where id=$id',
vars={'id': pin_id})[0].num:
return e_response('Pin with id=%s nof found' % pin_id, 404)
try:
db.insert('likes', user_id=user_or_response["id"], pin_id=pin_id)
except Exception:
db.delete('likes',
where='user_id = $uid and pin_id = $pid',
vars={
'uid': user_or_response["id"],
'pid': pin_id
})
return api_response(data={'status': 'success'},
csid_from_client=csid_from_client,
csid_from_server=csid_from_server)
def POST(self):
request_data = web.input(
hash_tag_add_list=[],
hash_tag_remove_list=[],
)
update_data = {}
# Get data from request
image_id = request_data.get("image_id")
if not image_id:
return e_response('image_id is required', 400)
image_title = request_data.get("image_title")
image_desc = request_data.get("image_desc")
product_url = request_data.get("product_url")
link = request_data.get("link")
price_range = request_data.get("price_range")
board_id = request_data.get("board_id")
hash_tag_add_list = map(str, request_data.get("hash_tag_add_list"))
hash_tag_remove_list = map(str,
request_data.get("hash_tag_remove_list"))
self.data['image_id'] = image_id
if image_title:
update_data['name'] = image_title
self.data['image_title'] = image_title
if image_desc:
update_data['description'] = image_desc
self.data['image_desc'] = image_desc
if product_url:
update_data['product_url'] = product_url
self.data['product_url'] = product_url
if link:
update_data['link'] = link
self.data['link'] = link
if price_range:
update_data['price_range'] = price_range
self.data['price_range'] = price_range
if board_id:
update_data['board_id'] = board_id
self.data['board_id'] = board_id
tags = self.db.select('tags', where='pin_id = %s' % image_id)
if len(tags) > 0:
tags = tags[0]['tags'].split()
tags = set(tags) - set(hash_tag_remove_list)
tags = tags | set(hash_tag_add_list)
tags = ' '.join(tags)
self.db.update('tags', where='pin_id = %s' % image_id, tags=tags)
else:
tags = ' '.join(hash_tag_add_list)
self.db.insert('tags', pin_id=image_id, tags=tags)
if len(update_data) > 0:
self.db.update('pins', where='id = %s' % image_id, **update_data)
pins = self.db.select('pins', where='id = %s' % image_id)
if len(pins) > 0:
self.data['external_id'] = pins[0]['external_id']
return self.respond()
