def post(self):
data = Sec.encode_data(parser.parse_args())
try:
pass_ = sha512(data['pass_'].encode()).hexdigest()
cur.execute(
"SELECT * FROM librarians.user WHERE email=%s AND haslo=%s;",
(data['login'].lower(), pass_))
resp = cur.fetchone()
if resp:
d = date.today() - resp[6]
print(d.days)
if d.days >= 30:
d = '1'
else:
d = '0'
cache = ''.join(
random.sample('qwertyuiopasdfghjklzxcvbnm123456789', 32))
auth_k.append((cache, resp[0]))
open('pem/' + cache + '.pem', 'wb').write(data['publicKey'])
return {
'auth': Sec.encrypt_(cache, Sec.get_public()),
'master': Sec.encrypt_(str(resp[5]), data['publicKey']),
'data': Sec.encrypt_(d, data['publicKey'])
}, 200
else:
return {'status': 'zle dane'}, 406
except:
return {'status': 'blad'}, 500
def post(self):
data = Sec.encode_data(parser.parse_args())
if not login_required(data):
return {'status': 'brak autoryzacji'}, 401
accept = False
for key in auth_k:
if key[0] == data['key']:
accept = str(key[1])
break
if accept:
return {'status': 'brak autoryzacji'}, 401
try:
cur.execute("SELECT master FROM librarians.user WHERE id=%s ORDER BY id ASC;", (accept, ))
resp = cur.fetchone()
if resp:
cur.execute("SELECT * FROM librarians.user;")
resp = cur.fetchall()
ret = {}
pub = open('pem/'+data['key']+'.pem', 'rb').read()
for user in range(len(resp)):
ret.update({user: [Sec.encrypt_(str(value), pub) for value in resp[user]]})
return ret, 200
else:
return {'status': 'brak autoryzacji'}, 401
except Exception:
return {'status': 'wystapil blad'}, 500
def post(self):
data = Sec.encode_data(parser.parse_args())
if not login_required(data):
return {'status': 'brak autoryzacji'}, 401
user_id = str([x[1] for x in auth_k if x[0] == data['key']][0])
if not user_id:
return {'status': 'brak autoryzacji'}, 401
try:
pass_old = sha512(data['arg1'].encode()).hexdigest()
cur.execute("SELECT haslo FROM librarians.user WHERE id=%s;",
(user_id, ))
resp = cur.fetchone()
if resp[0] == pass_old:
pass_new = sha512(data['pass_'].encode()).hexdigest()
data = date.today()
cur.execute(
"UPDATE librarians.user SET haslo=%s, last=%s WHERE id=%s;",
(pass_new, data.isoformat(), user_id))
return {'status': 'zmieniono'}, 200
else:
return {'status': 'rozne'}, 409
except:
return {'status': 'blad'}, 500
def post(self):
data = Sec.encode_data(parser.parse_args())
if not login_required(data):
return {'status': 'brak autoryzacji'}, 401
accept = False
for key in auth_k:
if key[0] == data['key']:
accept = str(key[1])
break
if accept:
return {'status': 'brak autoryzacji'}, 401
try:
cur.execute(
"SELECT master FROM librarians.user WHERE id=%s ORDER BY id ASC;",
(accept, ))
resp = cur.fetchone()
if resp:
cur.execute("DELETE FROM librarians.user WHERE id=%s;",
(data['arg1'], ))
return {'status': 'usunieto'}, 200
else:
return {'status': 'brak autoryzacji'}, 401
except Exception:
return {'status': 'wystapil blad'}, 500
def post(self):
data = Sec.encode_data(parser.parse_args())
if not login_required(data):
return {'status': 'brak autoryzacji'}, 401
user_id = str([x[1] for x in auth_k if x[0] == data['key']][0])
if not user_id:
return {'status': 'brak autoryzacji'}, 401
try:
cur.execute(
"SELECT imie, nazwisko, email, master FROM librarians.user WHERE id=%s;",
(user_id, ))
resp = cur.fetchone()
if resp:
pub = open('pem/' + data['key'] + '.pem', 'rb').read()
return {
'data': [Sec.encrypt_(str(value), pub) for value in resp]
}, 200
else:
return {'status': 'brak danych'}, 204
except Exception:
return {'status': 'wystapil blad'}, 500
def post(self):
data = Sec.encode_data(parser.parse_args())
if not login_required(data):
return {'status': 'brak autoryzacji'}, 401
try:
if 'cover' in request.files and check_ext(request.files['cover']):
f = request.files['cover']
cover = secure_filename(data['arg1'])
f.save(
os.path.join('sort_api/image/' + cover + '.' +
f.filename.split('.')[1]))
cur.execute(
"SELECT * FROM librarians.books WHERE title=%s AND author=%s;",
(data['arg1'], data['arg2']))
resp = cur.fetchone()
if resp:
cur.execute(
"UPDATE librarians.books SET count=%s WHERE id_b=%s;",
(int(data['arg3']) + resp[3], resp[0]))
return {'status': 'istnieje/dodano'}, 507
else:
cur.execute(
"""INSERT INTO librarians.books
VALUES (default, %s, %s, %s);""",
(data['arg1'], data['arg2'], data['arg3']))
return {'status': 'dodano'}, 201
except Exception:
return {'status': 'wystapil blad'}, 500
def post(self):
data = Sec.encode_data(parser.parse_args())
if not login_required(data):
return {'status': 'brak autoryzacji'}, 401
accept = False
for key in auth_k:
if key[0] == data['key']:
accept = str(key[1])
break
if accept:
return {'status': 'brak autoryzacji'}, 401
try:
cur.execute("SELECT master FROM librarians.user WHERE id=%s ORDER BY id ASC;", (accept, ))
resp = cur.fetchone()
if resp:
if data['arg3'] == 'True': data['arg3'] = '1'
else: data['arg3'] = '0'
cur.execute("""UPDATE librarians.user
SET imie=%s, nazwisko=%s, email=%s, master=%s
WHERE id=%s;""", (data['arg1'], data['arg2'], data['login'], data['arg3'], data['name_id']))
return {'status': 'zmieniono'}, 200
else:
return {'status': 'brak autoryzacji'}, 401
except Exception:
return {'status': 'wystapil blad'}, 500
def post(self):
data = Sec.encode_data(parser.parse_args())
if not login_required(data):
return {'status': 'brak autoryzacji'}, 401
try:
cur.execute("SELECT * FROM librarians.readers WHERE id_r=%s;",
(data['arg1'], ))
resp = cur.fetchone()
if resp:
pub = open('pem/' + data['key'] + '.pem', 'rb').read()
return {
'data': [Sec.encrypt_(str(value), pub) for value in resp]
}, 200
else:
return {'status': 'brak danych'}, 204
except Exception:
return {'status': 'wystapil blad'}, 500
def post(self):
data = Sec.encode_data(parser.parse_args())
if not login_required(data):
return {'status': 'brak autoryzacji'}, 401
try:
cur.execute("SELECT * FROM librarians.borrows WHERE id_br=%s AND give_back='1';", (data['arg1'], ))
resp = cur.fetchone()
if resp:
return {'status': 'istnieje'}, 507
else:
cur.execute("""
UPDATE librarians.books SET count=count+1
WHERE id_b=(SELECT book_id FROM librarians.borrows WHERE id_br=%s AND give_back='0');
UPDATE librarians.borrows SET return=%s, give_back='1' WHERE id_br=%s;
""", (data['arg1'], datetime.datetime.now().strftime("%Y-%m-%d"), data['arg1']))
return {'status': 'dodano'}, 201
except Exception:
return {'status': 'wystapil blad'}, 500