def register_user(username, email, password, password_confirmed): # Note: emails are blindly accepted, no assumption is even made that the # frontend validated them. Emails are validated with the confirmation # pattern rather than some attempt at a regex or something. u_check = User.query.filter_by(username=username).first() if u_check is not None: return error_response(409, 'Username in use') u_check = User.query.filter_by(email=email).first() if u_check is not None: return error_response(409, 'Email is use') if password != password_confirmed: return error_response(422, 'Passwords do not match') new_user = User(username=username, email=email, password=password) db.session.add(new_user) # BetaCode specific. Because the requirement to use beta codes is switched # with a config param, the validation must occur in this route, rather than # at the JSON schema level. registration_json = request.get_json() if current_app.config['BETA_KEYS_REQUIRED']: if 'beta_code' not in registration_json: db.session.rollback() return error_response( 400, 'Beta codes are currently required for registration') beta_code = registration_json['beta_code'] if not check_and_assign_beta_code(beta_code, new_user): db.session.rollback() return error_response(422, 'Invalid beta code') db.session.commit() return { 'message': 'Successfully registered user', 'user': new_user.as_dict() }
def change_password(id, current_password, new_password): u = User.query.get_or_404(id) if not u.check_password(current_password): return error_response(403, 'Current password incorrect') u.set_password(new_password) db.session.commit() return {'message': 'Successfully changed password', 'user': u.as_dict()}
def accept_match_invite(id): invite = MatchInvite.query.get_or_404(id) if invite.inviter_id == g.current_user.id: return error_response(400, 'Player cannot accept own invite') if invite.accepted: return error_response(410, 'Match invite has already been accepted') acceptor = g.current_user if invite.invited_id != acceptor.id and not invite.open: return error_response(403, 'Invite not open, and not for player') if invite.open: invite.invited = acceptor new_match = Match() db.session.add(new_match) new_match.join(invite.inviter) new_match.join(acceptor) db.session.flush() invite.match = new_match db.session.commit() return { 'message': 'Successfully accepted invite', 'match_invite': invite.as_dict(), 'match': new_match.as_dict() }
def make_move(uci_string, id): match = Match.query.get_or_404(id) player = g.current_user if not match.playing(player): return error_response(403, 'Player not playing this match') if not match.players_turn(player): return error_response(409, 'Not your turn') req_json = request.get_json() if not match.attempt_move(player, uci_string): return error_response(422, 'Move not possible') db.session.commit() ws_events.broadcast_move_made(player=player, move=uci_string, current_fen=match.current_fen, connection_token=match.connection_token) if match.is_finished: # Should this be handled by the match? # match.update_stats() match.player_white.stat_block.add_match(match) match.player_black.stat_block.add_match(match) db.session.commit() ws_events.broadcast_match_finish( winning_player=player, connection_token=match.connection_token) return {'message': 'Move successfully made', 'match': match.as_dict()}
def accept_friend_invite(id): u = User.query.get_or_404(id) if u not in g.current_user.friend_invites: return error_response( 400, 'You don\'t have a friend invite from this player') if u in g.current_user.friends: return { 'message': 'You are already friends with this user', 'user': u.as_dict() }, 201 g.current_user.accept_friend(u) db.session.commit() return { 'message': 'Successfully accepted friend invite', 'user': u.as_dict() }
def token_auth_error(): return error_response(401)