def login():
"""Gives a token given password and email.
:param post email:
:param post password:
===== ===================
Error Meaning
===== ===================
0 Success
1 Email not found
2 Incorrect password
===== ===================
:return: {'status': int(error), 'token': user token}
"""
email = request.form['email']
password = request.form['password']
db = get_db()
error = 0
user = db.execute("SELECT * FROM users WHERE email = ?",
(email, )).fetchone()
if user is None:
error = 1
elif not check_password_hash(user['password'], password):
error = 2
if error == 0:
return {'status': 0, 'token': encode_auth_token(user['id'])}
return {'status': error}
def wrapped_view(**kwargs):
token = request.form['token']
user_id = decode_auth_token(request.form['token'])
if user_id < 0:
return {'status': -1}
else:
g.user = get_db().execute('SELECT * FROM users WHERE id = ?',
(user_id, )).fetchone()
return view(**kwargs)
def create_post():
"""Used to create a post.
:param post body: supply a body text for this post
:return: status (0 good, 1 bad, check docs for login_required)
:rtype: {'status': (int)}
"""
db = get_db()
try:
db.execute('INSERT INTO posts (author, body) VALUES (?,?)',
(g.user['username'], request.form['body']))
db.commit()
return {'status': 0}
except:
return {'status': 1}
def delete_post():
"""Used to delete a post.
:param post id: id of the post
:return: status (0 good, 1 bad, check docs for login_required)
:rtype: {'status': (int)}
"""
db = get_db()
if not request.form['id']:
return {'status': 1}
else:
id = request.form['id']
posts = db.execute('DELETE FROM posts '
'WHERE id == ? AND author == ?',
(id, g.user['username']))
db.commit()
return {'status': 0}
def register(): # TODO: code the input checks
"""Registers users.
===== ==================
Error Meaning
===== ==================
0 Success
1 Email Missing
2 Username Missing
3 Password Missing
4 Pre-existing user
===== ==================
:param post username:
:param post email:
:param post password:
:return: { 'status': error }
:rtype: json / int
"""
username = request.form['username']
email = request.form['email']
password = request.form['password']
db = get_db()
error = 0
if not email:
error = 1
elif not username:
error = 2
elif not password:
error = 3
elif db.execute('SELECT id FROM users WHERE email = ?',
(email, )).fetchone() is not None:
error = 4
if error == 0:
db.execute(
'INSERT INTO users (username, password, email) VALUES (?, ?, ?)',
(username, generate_password_hash(password), email))
db.commit()
return {'status': error}
def get_posts():
"""Gets posts.
:param post authors: optionally get posts belonging to multiple authors.
:return: array of posts
:rtype: JSON array
"""
try:
last_num = request.form['last_num']
except:
last_num = 0
try:
authors = list(request.form['authors'].replace(" ", "").split(','))
print(authors)
except:
authors = None
db = get_db()
if authors is not None:
s = ('SELECT body, author, created, id FROM posts WHERE author IN (' +
(', '.join(["?" for i in range(len(authors))])) +
') ORDER BY created ASC LIMIT 15 OFFSET ?')
posts = db.execute(s, tuple(authors + [last_num])).fetchall()
print(posts)
elif authors is None:
posts = db.execute(
'SELECT body, author, created, id FROM posts '
'ORDER BY created ASC LIMIT 15 OFFSET ?', (last_num, )).fetchall()
q = []
for post in posts:
q += [{
'body': post['body'],
'author': post['author'],
'created': post['created'],
'id': post['id']
}]
return jsonify(q)