def login(): """Gives a token given password and email. :param post email: :param post password: ===== =================== Error Meaning ===== =================== 0 Success 1 Email not found 2 Incorrect password ===== =================== :return: {'status': int(error), 'token': user token} """ email = request.form['email'] password = request.form['password'] db = get_db() error = 0 user = db.execute("SELECT * FROM users WHERE email = ?", (email, )).fetchone() if user is None: error = 1 elif not check_password_hash(user['password'], password): error = 2 if error == 0: return {'status': 0, 'token': encode_auth_token(user['id'])} return {'status': error}
def wrapped_view(**kwargs): token = request.form['token'] user_id = decode_auth_token(request.form['token']) if user_id < 0: return {'status': -1} else: g.user = get_db().execute('SELECT * FROM users WHERE id = ?', (user_id, )).fetchone() return view(**kwargs)
def create_post(): """Used to create a post. :param post body: supply a body text for this post :return: status (0 good, 1 bad, check docs for login_required) :rtype: {'status': (int)} """ db = get_db() try: db.execute('INSERT INTO posts (author, body) VALUES (?,?)', (g.user['username'], request.form['body'])) db.commit() return {'status': 0} except: return {'status': 1}
def delete_post(): """Used to delete a post. :param post id: id of the post :return: status (0 good, 1 bad, check docs for login_required) :rtype: {'status': (int)} """ db = get_db() if not request.form['id']: return {'status': 1} else: id = request.form['id'] posts = db.execute('DELETE FROM posts ' 'WHERE id == ? AND author == ?', (id, g.user['username'])) db.commit() return {'status': 0}
def register(): # TODO: code the input checks """Registers users. ===== ================== Error Meaning ===== ================== 0 Success 1 Email Missing 2 Username Missing 3 Password Missing 4 Pre-existing user ===== ================== :param post username: :param post email: :param post password: :return: { 'status': error } :rtype: json / int """ username = request.form['username'] email = request.form['email'] password = request.form['password'] db = get_db() error = 0 if not email: error = 1 elif not username: error = 2 elif not password: error = 3 elif db.execute('SELECT id FROM users WHERE email = ?', (email, )).fetchone() is not None: error = 4 if error == 0: db.execute( 'INSERT INTO users (username, password, email) VALUES (?, ?, ?)', (username, generate_password_hash(password), email)) db.commit() return {'status': error}
def get_posts(): """Gets posts. :param post authors: optionally get posts belonging to multiple authors. :return: array of posts :rtype: JSON array """ try: last_num = request.form['last_num'] except: last_num = 0 try: authors = list(request.form['authors'].replace(" ", "").split(',')) print(authors) except: authors = None db = get_db() if authors is not None: s = ('SELECT body, author, created, id FROM posts WHERE author IN (' + (', '.join(["?" for i in range(len(authors))])) + ') ORDER BY created ASC LIMIT 15 OFFSET ?') posts = db.execute(s, tuple(authors + [last_num])).fetchall() print(posts) elif authors is None: posts = db.execute( 'SELECT body, author, created, id FROM posts ' 'ORDER BY created ASC LIMIT 15 OFFSET ?', (last_num, )).fetchall() q = [] for post in posts: q += [{ 'body': post['body'], 'author': post['author'], 'created': post['created'], 'id': post['id'] }] return jsonify(q)