def get(app_name):
parser = reqparse.RequestParser()
parser.add_argument('id', type=str, location='args', required=True, help='User id cannot be blank')
parser.add_argument('access_token', type=str, location='args', required=True)
values = parser.parse_args(strict=True)
cursor = conn.cursor(pymysql.cursors.DictCursor)
cursor.execute("SELECT TOKEN FROM FACEBOOK WHERE USER_ID=%s AND APP=%s;", (values['id'], app_name))
results = cursor.fetchall()
cursor.close()
if results != ():
access_token = results[0]['TOKEN']
try:
graph = GraphAPI(access_token=access_token, version=API_VERSION)
permissions = graph.get_permissions(user_id=values['id'])
except GraphAPIError:
logging.info('Expired access token: {}'.format(access_token))
return error_message('GraphAPI', 'Expired Token', 403), 403
if all(x in ['public_profile', 'user_friends'] for x in permissions):
logging.info('\'user_friends\' permission denied for user with id: {}'.format(values['id']))
return error_message('Permission', 'User Friends permission', 403), 403
friends_call = 'https://graph.facebook.com/' + values['id'] + '/friends'
friends = requests.get(friends_call, params={'access_token': access_token}).json()['data']
logger.info('HTTP GET successfully processed')
return {'ack': 'true',
'msg': friends}, 200
else:
return {'ack': 'false',
'msg': 'Invalid User'}, 200
def post(app_name):
parser = reqparse.RequestParser()
parser.add_argument('access_token', type=str, location='json', required=True, help='Access Token cannot '
'be blank')
parser.add_argument('id', type=str, location='json', required=True, help='User id cannot be blank')
parser.add_argument('expires_in', type=int, location='json', required=True,
help='Expire Time cannot be blank')
parser.add_argument('access_token_', type=str, location='json', required=True)
values = parser.parse_args(strict=True)
actual_time = datetime.now().strftime("%H:%M:%S %d/%m/%Y")
try:
graph = GraphAPI(access_token=values['access_token'], version=API_VERSION)
user = graph.get_object("me")
except GraphAPIError:
logging.info('Expired access token: {}'.format(values['access_token']))
return error_message('GraphAPI', 'Expired Token', 403), 403
if user['id'] == values['id']:
cursor = conn.cursor()
cursor.execute("SELECT USER_ID FROM FACEBOOK WHERE USER_ID=%s AND APP=%s;", (user['id'], app_name))
results = cursor.fetchall()
if results == ():
try:
permissions = graph.get_permissions(user_id=user['id'])
except GraphAPIError:
logging.info('Expired access token: {}'.format(values['access_token']))
return error_message('GraphAPI', 'Expired Token', 403), 403
if all(x in ['public_profile', 'email'] for x in permissions):
logging.info('\'email\' permission denied for user with id: {}'.format(values['id']))
return error_message('Permission', 'Email permission', 403), 403
picture_call = 'https://graph.facebook.com/' + user['id'] + '/picture'
photo = requests.get(picture_call, params={'access_token': values['access_token']}).url
email = requests.get('https://graph.facebook.com/me', params={'fields': 'email',
'access_token': values[
'access_token']}).json()['email']
cursor = conn.cursor()
try:
cursor.execute("INSERT INTO FACEBOOK(USER_ID, PHOTO, TOKEN, DATETIME, EXPIRES_IN, EMAIL, APP) VALUES "
"(%s, %s, %s, %s, %s, %s, %s);", (user["id"], photo, values['access_token'], actual_time,
values['expires_in'], email, app_name))
conn.commit()
except (pymysql.Error, Exception) as error:
conn.rollback()
cursor.close()
logger.exception(error)
return error_message('Create', 'Internal error', 500), 500
cursor.close()
logger.info('HTTP POST Create - successfully processed')
return {'ack': 'true',
'email': email}, 200
else:
cursor = conn.cursor()
try:
cursor.execute("UPDATE FACEBOOK SET TOKEN = %s, DATETIME = %s, EXPIRES_IN = %s WHERE USER_ID = %s AND APP=%s;",
(values["access_token"], actual_time, values['expires_in'], user['id'], app_name))
conn.commit()
except (pymysql.Error, Exception) as error:
conn.rollback()
cursor.close()
logger.exception(error)
return error_message('Update', 'Internal error', 500), 500
cursor.close()
cursor = conn.cursor()
cursor.execute("SELECT EMAIL FROM FACEBOOK WHERE USER_ID=%s AND APP=%s;", (user['id'], app_name))
results = cursor.fetchone()
logger.info('HTTP POST Update - successfully processed')
return {'ack': 'true',
'email': results[0]}, 200
logger.info('User mismatch')
return error_message('mismatch', 'token user id does not match id parameter', 403)