예제 #1
0
    def get(app_name):
        parser = reqparse.RequestParser()
        parser.add_argument('id', type=str, location='args', required=True, help='User id cannot be blank')
        parser.add_argument('access_token', type=str, location='args', required=True)
        values = parser.parse_args(strict=True)

        cursor = conn.cursor(pymysql.cursors.DictCursor)
        cursor.execute("SELECT TOKEN FROM FACEBOOK WHERE USER_ID=%s AND APP=%s;", (values['id'], app_name))
        results = cursor.fetchall()
        cursor.close()
        if results != ():
            access_token = results[0]['TOKEN']
            try:
                graph = GraphAPI(access_token=access_token, version=API_VERSION)
                permissions = graph.get_permissions(user_id=values['id'])
            except GraphAPIError:
                logging.info('Expired access token: {}'.format(access_token))
                return error_message('GraphAPI', 'Expired Token', 403), 403
            if all(x in ['public_profile', 'user_friends'] for x in permissions):
                logging.info('\'user_friends\' permission denied for user with id: {}'.format(values['id']))
                return error_message('Permission', 'User Friends permission', 403), 403
            friends_call = 'https://graph.facebook.com/' + values['id'] + '/friends'
            friends = requests.get(friends_call, params={'access_token': access_token}).json()['data']
            logger.info('HTTP GET successfully processed')
            return {'ack': 'true',
                    'msg': friends}, 200
        else:
            return {'ack': 'false',
                    'msg': 'Invalid User'}, 200
예제 #2
0
    def post(app_name):
        parser = reqparse.RequestParser()
        parser.add_argument('access_token', type=str, location='json', required=True, help='Access Token cannot '
                                                                                           'be blank')
        parser.add_argument('id', type=str, location='json', required=True, help='User id cannot be blank')
        parser.add_argument('expires_in', type=int, location='json', required=True,
                            help='Expire Time cannot be blank')
        parser.add_argument('access_token_', type=str, location='json', required=True)
        values = parser.parse_args(strict=True)
        actual_time = datetime.now().strftime("%H:%M:%S %d/%m/%Y")

        try:
            graph = GraphAPI(access_token=values['access_token'], version=API_VERSION)
            user = graph.get_object("me")
        except GraphAPIError:
            logging.info('Expired access token: {}'.format(values['access_token']))
            return error_message('GraphAPI', 'Expired Token', 403), 403
        if user['id'] == values['id']:
            cursor = conn.cursor()
            cursor.execute("SELECT USER_ID FROM FACEBOOK WHERE USER_ID=%s AND APP=%s;", (user['id'], app_name))
            results = cursor.fetchall()
            if results == ():
                try:
                    permissions = graph.get_permissions(user_id=user['id'])
                except GraphAPIError:
                    logging.info('Expired access token: {}'.format(values['access_token']))
                    return error_message('GraphAPI', 'Expired Token', 403), 403
                if all(x in ['public_profile', 'email'] for x in permissions):
                    logging.info('\'email\' permission denied for user with id: {}'.format(values['id']))
                    return error_message('Permission', 'Email permission', 403), 403
                picture_call = 'https://graph.facebook.com/' + user['id'] + '/picture'
                photo = requests.get(picture_call, params={'access_token': values['access_token']}).url
                email = requests.get('https://graph.facebook.com/me', params={'fields': 'email',
                                                                              'access_token': values[
                                                                                  'access_token']}).json()['email']
                cursor = conn.cursor()
                try:
                    cursor.execute("INSERT INTO FACEBOOK(USER_ID, PHOTO, TOKEN, DATETIME, EXPIRES_IN, EMAIL, APP) VALUES "
                                   "(%s, %s, %s, %s, %s, %s, %s);", (user["id"], photo, values['access_token'], actual_time,
                                                                 values['expires_in'], email, app_name))
                    conn.commit()
                except (pymysql.Error, Exception) as error:
                    conn.rollback()
                    cursor.close()
                    logger.exception(error)
                    return error_message('Create', 'Internal error', 500), 500
                cursor.close()
                logger.info('HTTP POST Create - successfully processed')
                return {'ack': 'true',
                        'email': email}, 200
            else:
                cursor = conn.cursor()
                try:
                    cursor.execute("UPDATE FACEBOOK SET TOKEN = %s, DATETIME = %s, EXPIRES_IN = %s WHERE USER_ID = %s AND APP=%s;",
                                   (values["access_token"], actual_time, values['expires_in'], user['id'], app_name))
                    conn.commit()
                except (pymysql.Error, Exception) as error:
                    conn.rollback()
                    cursor.close()
                    logger.exception(error)
                    return error_message('Update', 'Internal error', 500), 500
                cursor.close()

                cursor = conn.cursor()
                cursor.execute("SELECT EMAIL FROM FACEBOOK WHERE USER_ID=%s AND APP=%s;", (user['id'], app_name))
                results = cursor.fetchone()
                logger.info('HTTP POST Update - successfully processed')
                return {'ack': 'true',
                        'email': results[0]}, 200
        logger.info('User mismatch')
        return error_message('mismatch', 'token user id does not match id parameter', 403)