def login(): """ Handles login of a user and returns a session_token if supplied password and username is correct. Token and Username needs to be supplied with every request in order to access restricted routes. Example: { "username": "******", "token": "0e45b5df2e6c42ae9b69f1a2a2470209" } """ data = request.json if data.get('username') and data.get('password'): query = sql('GET_USER_BY_NAME', data.get('username')) user = conn.execute(query, data.get('username')).json if not user: return make_response(status_custom("No such user"), 200) user = user[0] if auth.is_valid_login(data.get('password'), user.get('hash')): token = secrets.token_urlsafe(64) query = sql('POST_UPDATE_TOKEN') conn.execute(query, token, user.get('id')) user = {"username": user.get('name'), "token": token} return make_response(user, 200) else: return make_response(status_code(403), 403) return abort(400)
def products(): if request.args.get('community'): query = sql('GET_PRODUCTS_BY_COMMUNITY') likeStr = "%" + request.args.get('community') + "%" res = conn.execute(query, likeStr) else: query = sql('GET_ALL_PRODUCTS') res = conn.execute(query) return make_response(res, 200)
def get_user(): if request.args.get('id'): id = request.args.get('id') query = sql('GET_USER_BY_ID', request.args.get('id')) res = conn.execute(query, id) else: query = sql(request_type='GET_ALL_USERS') res = conn.execute(query) return make_response(res, 200)
def author(): """ Can be used to get the true author behind a specific Post or Project. """ if request.args.get('project_id'): query = sql('GET_PROJECT_AUTHOR') res = conn.execute(query, request.args.get('project_id')) elif request.args.get('post_id'): query = sql('GET_PUBLISHABLE_AUTHOR') res = conn.execute(query, request.args.get('post_id')) return make_response(res, 200)
def recent(): """ Fetches the most recent Posts or Projects. Can be used with query param LIMIT to limit the search result. """ if request.args.get('limit'): query = sql('GET_ALL_PUBLISHABLE_PROJECTS') res = conn.execute(query, try_parse(request.args.get('limit'))) else: query = sql('GET_ALL_PUBLISHABLE_PROJECTS') res = conn.execute(query, 5) return make_response(res, 200)
def publishable(): if request.args.get('hidden'): query = sql('GET_POSTS_HIDDEN') res = conn.execute(query, request.args.get('hidden')) elif request.args.get('start') and request.args.get('end'): query = sql('GET_POSTS_BY_DATE') res = conn.execute(query, request.args.get('start'), request.args.get('end')) elif request.args.get('minchars'): query = sql('GET_POSTS_OVER_X_CHARS') res = conn.execute(query, request.args.get('minchars')) else: query = sql('GET_ALL_POSTS') res = conn.execute(query) return make_response(res, 200)
def register(): data = request.json if data.get('username') and data.get('password'): query = sql('GET_USER_BY_NAME', data.get('username')) res = conn.execute(query, data.get('username')) if len(res.json) != 1: hash = auth.hash_password(password=data.get('password')) query = sql('POST_REGISTER_USER', data.get('username'), hash) conn.execute(query, data.get('username'), hash) return make_response(status_custom("Registration successful"), 200) else: return make_response(status_custom("User already exists."), 200) else: return abort(400)
def get_communities(): if request.args.get('area'): query = sql('GET_COMMUNITY_BY_AREA') res = conn.execute(query, request.args.get('area')) elif request.args.get('name'): query = sql('GET_COMMUNITY_BY_NAME') likeStr = "%" + request.args.get('name') + "%" res = conn.execute(query, likeStr) else: query = sql('GET_ALL_COMMUNITIES') res = conn.execute(query) return make_response(res, 200)
def projects(): """ Fetches all projects. """ query = sql('GET_ALL_PROJECTS') res = conn.execute(query) return make_response(res, 200)
def top(): """ Gets the top blog posters. """ query = sql('GET_TOP_POSTERS') res = conn.execute(query) return make_response(res, 200)
def communities(): """ Returns communities based on area or wildcard name. """ if request.args.get('area'): query = sql('GET_COMMUNITY_BY_AREA') res = conn.execute(query, request.args.get('area')) elif request.args.get('name'): query = sql('GET_COMMUNITY_BY_NAME') likeStr = "%" + request.args.get('name') + "%" res = conn.execute(query, likeStr) else: query = sql('GET_ALL_COMMUNITIES') res = conn.execute(query) return make_response(res, 200)
def courses(): """ Returns information on courses. Can be filtered with queryparams 'completed' and 'sum' """ if request.args.get('completed') and request.args.get('sum') == '1': query = sql('GET_SUM_COURSES') res = conn.execute(query, request.args.get('completed')) elif request.args.get('completed'): query = sql('GET_COMPLETED_COURSES') res = conn.execute(query, request.args.get('completed')) else: query = sql("GET_ALL_COURSES") res = conn.execute(query) return make_response(res, 200)
def login(): data = request.json if data.get('username') and data.get('password'): query = sql('GET_USER_BY_NAME', data.get('username')) user = conn.execute(query, data.get('username')).json if not user: return make_response(status_custom("No such user"), 200) user = user[0] if auth.is_valid_login(data.get('password'), user[2]): token = uuid.uuid4().hex query = sql('POST_UPDATE_TOKEN') conn.execute(query, token, user[0]) user = {"username": user[1], "token": token} return make_response(user, 200) else: return make_response(status_custom("Invalid password"), 200) else: return abort(400)
def user(): """ Handles crud operations on a user. Can be used to fetch all users, user by id and delete user by id """ if request.method == 'GET': if request.args.get('id'): query = sql('GET_USER_BY_ID', request.args.get('id')) res = conn.execute(query, request.args.get('id')) elif request.args.get('type'): query = sql('GET_USER_BY_TYPE') res = conn.execute(query, request.args.get('type')) elif request.args.get('name'): query = sql('GET_USER_BY_NAME') likeStr = "%" + request.args.get('name') + "%" res = conn.execute(query, likeStr) else: query = sql(request_type='GET_ALL_USERS') res = conn.execute(query) elif request.method == 'DELETE': if request.args.get('id'): query = sql('DELETE_USER', request.args.get('id')) conn.execute(query, request.args.get('id')) return make_response(status_custom("User deleted"), 200) else: return make_response(status_code(400), 400) return make_response(res, 200)
def register(): """ Handles registration of users. Works by supplying a json object in the POST request body. Example: { "username": "******", "password": "******" } """ data = request.json if data.get('username') and data.get('password'): query = sql('GET_USER_BY_NAME', data.get('username')) res = conn.execute(query, data.get('username')) if len(res.json) != 1: hash = auth.hash_password(password=data.get('password')) query = sql('POST_REGISTER_USER', data.get('username'), hash) conn.execute(query, data.get('username'), hash, DEFAULT_PERMISSION) return make_response(status_custom("Registration successful"), 200) else: return abort(400) return make_response(status_custom("Username taken"), 400)
def validate(request): """ Validates request by comparing token and username supplied in request payload. """ if request is not None: if request.get('token') and request.get('username'): query = sql('GET_USER_BY_NAME') res = conn.execute(query, (request['username'], )) if res.json: token = res.json[0].get('token') if token == request.get('token'): return True return False