def delete_label(lid):
errors = []
links = []
links.append(Link("labels", "/sender/dashboard", type="GET"))
links.append(Link("label:new", "/labels", type="POST"))
login = g.authorization.get("usr")
if login is None:
errors.append("Musisz się zalogować")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 401
if not db.hexists(f"label:{lid}", "id"):
errors.append("Taka etykieta nie istnieje")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 400
if login != db.hget(f"label:{lid}", "sender").decode():
errors.append("To nie Twoja etykieta")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 401
if db.hexists(f"package:{lid}", "id"):
errors.append("Nie możesz usunąć tej etykiety")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 401
db.delete(f"label:{lid}")
document = Document(links=links)
return document.to_json(), 200
def generate_token():
access_token = request.headers.get("Access_Token")
id_token = request.headers.get("ID_Token")
response = requests.get(AUTH0_DOMAIN + "/.well-known/jwks.json")
if response.status_code != 200:
document = Document(data={"error": "Wystąpił błąd. Spróbuj ponownie później."})
return document.to_json(), 400
try:
kid = get_unverified_header(access_token)["kid"]
except Exception:
document = Document(data={"error": "Wystąpił błąd. Spróbuj ponownie później."})
return document.to_json(), 400
url = AUTH0_DOMAIN + "/.well-known/jwks.json"
jwks_client = PyJWKClient(url)
signing_key = jwks_client.get_signing_key_from_jwt(access_token)
try:
data = decode(
access_token,
signing_key.key,
algorithms=["RS256"],
audience=AUTH0_AUDIENCE
)
except Exception as e:
document = Document(data={"error": "Brak autoryzacji. Spróbuj ponownie później."})
return document.to_json(), 401
try:
data = decode(
id_token,
signing_key.key,
algorithms=["RS256"],
audience=AUTH0_CLIENT_ID
)
except Exception as e:
document = Document(data={"error": "Brak autoryzacji. Spróbuj ponownie później."})
return document.to_json(), 401
payload = {
"exp": datetime.utcnow() + timedelta(days=365),
"usr": "******",
"name": data["name"],
"sub": data["sub"]
}
token = encode(payload, JWT_SECRET, algorithm='HS256')
document = Document(data={"token": token})
return document.to_json(), 200
def index():
links = []
if g.authorization.get("usr") is None:
links.append(Link("login", "/sender/login"))
links.append(Link("register", "/sender/register"))
document = Document(data={}, links=links)
return document.to_json(), 200
links.append(Link("login", "/sender/login", type="POST"))
links.append(Link("registration", "/sender/register", type="POST"))
document = Document(data={}, links=links)
return document.to_json(), 200
def get_labels():
data = {}
links = []
labels = []
errors = []
is_not_send = request.headers.get('is_not_send')
if is_not_send == "True":
is_not_send = True
else:
is_not_send = False
login = g.authorization.get("usr")
if login is None or login != "Courier":
errors.append("Brak autoryzacji")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 401
for key in db.scan_iter("label:*"):
status = db.hget(f"package:{db.hget(key, 'id').decode()}", "status")
if status is None:
status = "Utworzona"
else:
status = status.decode()
label = {}
label = {
"id": db.hget(key, "id").decode(),
"name": db.hget(key, "name").decode(),
"delivery_id": db.hget(key, "delivery_id").decode(),
"size": db.hget(key, "size").decode(),
"status": status,
"sender": db.hget(key, "sender").decode()
}
if is_not_send:
if (status == "Utworzona"):
labels.append(label)
else:
labels.append(label)
for label in labels:
links.append(Link("label:" + (label["id"]), "/labels/" + label["id"]))
data["labels"] = labels
links.append(Link("find", "/label/{id}", templated=True))
document = Document(data=data, links=links)
return document.to_json(), 200
def login():
form_values = request.json
if form_values is None:
return {"error": "Brak JSON"}
login = form_values.get("login")
password = form_values.get("password")
auth0 = form_values.get("auth0")
links = []
errors = []
links.append(Link("login", "/sender/login", type="POST"))
links.append(Link("registration", "/sender/register", type="POST"))
if not is_database_available():
errors.append("Błąd połączenia z bazą danych")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 500
if auth0 is None:
if not login or not password:
errors.append("Brak loginu lub hasła")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 400
if not verify_user(login, password):
errors.append("Błędny login lub hasło")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 400
links = []
data = {}
links.append(Link("labels", "/sender/dashboard", type="GET"))
links.append(Link("label:new", "/labels", type="POST"))
if not db.hexists(f"user:{login}", "auth0"):
db.hset(f"user:{login}", "auth0", "True")
db.hset(f"user:{login}", "name", form_values.get("name"))
db.hset(f"user:{login}", "email", form_values.get("email"))
payload = {
"exp": datetime.utcnow() + timedelta(seconds=JWT_TIME),
"usr": login
}
token = encode(payload, JWT_SECRET, algorithm='HS256')
data["status"] = "logged"
data["token"] = token
document = Document(data=data, links=links)
return document.to_json(), 200
def dashboard():
data = {}
links = []
labels = []
errors = []
login = g.authorization.get("usr")
links.append(Link("find", "/labels/{id}", templated=True))
links.append(Link("label:new", "/labels", type="POST"))
if login is None:
errors.append("Brak autoryzacji")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 401
for key in db.scan_iter("label:*"):
if db.hget(key, "sender").decode() == login:
status = db.hget(f"package:{db.hget(key, 'id').decode()}",
"status")
if status is None:
status = "Utworzona"
else:
status = status.decode()
label = {}
label = {
"id": db.hget(key, "id").decode(),
"name": db.hget(key, "name").decode(),
"delivery_id": db.hget(key, "delivery_id").decode(),
"size": db.hget(key, "size").decode(),
"status": status
}
labels.append(label)
items = []
for label in labels:
item_links = []
link_info = Link("info", "/labels/" + label["id"], type="GET")
item_links.append(link_info)
if label["status"] == "Utworzona":
link_delete = Link("delete",
"/labels/" + label["id"],
type="DELETE")
item_links.append(link_delete)
items.append(Embedded(data=label, links=item_links))
document = Document(embedded={'labels': Embedded(data=items)}, links=links)
return document.to_json(), 200
def add_package():
links = []
errors = []
login = g.authorization.get("usr")
if login is None or login != "Courier":
errors.append("Brak autoryzacji")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 401
label_id = request.json['label_id']
if label_id is None:
errors.append("Brak etykiety")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 400
links = []
links.append(Link("packages", "/pacakges", type="GET"))
links.append(Link("find", "/pacakges/{id}", templated=True, type="GET"))
if not is_database_available():
errors.append("Błąd połączenia z bazą danych")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 500
if not db.hexists(f"label:{label_id}", "id"):
errors.append("Taka etykieta nie istnieje")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 404
status = db.hget(f"package:{label_id}", "status")
if status is not None:
errors.append("Istnieje paczka utworzona z tej etykiety")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 404
label = {
"id": db.hget(f"label:{label_id}", "id").decode(),
"name": db.hget(f"label:{label_id}", "name").decode(),
"delivery_id": db.hget(f"label:{label_id}", "delivery_id").decode(),
"size": db.hget(f"label:{label_id}", "size").decode(),
"sender": db.hget(f"label:{label_id}", "sender").decode()
}
success = create_package(label)
if not success:
errors.append("Błąd tworzenia etykiety")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 500
document = Document(links=links)
return document.to_json(), 200
document = Document(links=links)
return document.to_json(), 200
def package_create():
if g.authorization is None or g.authorization.get('role') != 'courier':
return create_message_response("Unauthorized", 401)
label_id = request.json.get('labelId')
if not db.hexists(f"label:{label_id}", "size"):
return create_message_response("Label not Found", 404)
if not db.hget(f"label:{label_id}", "sent").decode() == 'false':
return create_message_response("Label already sent", 400)
db.hset(f"label:{label_id}", "sent", 'true')
package_id = str(uuid.uuid4())
db.hset(f"package:{package_id}", "packageId", f"{package_id}")
db.hset(f"package:{package_id}", "labelId", f"{label_id}")
db.hset(f"package:{package_id}", "status", "IN_TRANSIT")
data = {
"packageId": package_id,
"labelId": label_id,
"status": "IN_TRANSIT"
}
links = [Link('self', '/packages/{id}', templated=True)]
document = Document(embedded={'data': Embedded(data=data)}, links=links)
return document.to_json()
def sender_get_label(label_uuid):
if request.method == 'OPTIONS':
return allowed_methods(['GET', 'PUT', 'DELETE'])
if g.authorization is None:
return create_message_response("Unauthorized", 401)
if not db.hexists(f"label:{label_uuid}", "size"):
return create_message_response("Label not Found", 404)
username = g.authorization.get('sub')
if not g.authorization.get('role') == 'courier' or db.hget(
f"label:{label_uuid}", "sender").decode() == username:
return create_message_response("Label not found", 404)
receiver = db.hget(f"label:{label_uuid}", "receiver").decode()
size = db.hget(f"label:{label_uuid}", "size").decode()
po_box_id = db.hget(f"label:{label_uuid}", "POBoxId").decode()
sent = db.hget(f"label:{label_uuid}", "sent").decode()
data = {
"labelId": label_uuid,
"username": username,
"receiver": receiver,
"size": size,
"POBoxId": po_box_id,
"sent": sent
}
links = [Link('self', '/labels/' + label_uuid)]
document = Document(data=data, links=links)
return document.to_json()
def add_user():
if request.method == 'OPTIONS':
return allowed_methods(['POST'])
firstname = request.json.get('firstname')
lastname = request.json.get('lastname')
username = request.json.get('username')
password = request.json.get('password')
email = request.json.get('email')
address = request.json.get('address')
pl = 'ąćęłńóśźż'
PL = 'ĄĆĘŁŃÓŚŹŻ'
if not re.compile(f'[A-Z{PL}][a-z{pl}]+').match(firstname):
return create_message_response("Invalid firstname", 400)
if not re.compile(f'[A-Z{PL}][a-z{pl}]+').match(lastname):
return create_message_response("Invalid lastname", 400)
if not re.compile('[a-z]{3,12}').match(username):
return create_message_response("Invalid username", 400)
if not re.compile('.{8,}').match(password.strip()):
return create_message_response("Invalid password", 400)
if not re.compile(
'(?:[A-Za-z0-9!#$%&\'*+/=?^_`{|}~-]+(?:\\.[A-Za-z0-9!#$%&\'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[A-Za-z0-9](?:[A-Za-z0-9-]*[A-Za-z0-9])?\\.)+[A-Za-z0-9](?:[A-Za-z0-9-]*[A-Za-z0-9])?|\\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[A-Za-z0-9-]*[A-Za-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\\])'
).match(email.strip()):
return create_message_response("Invalid email", 400)
if address is None:
return create_message_response("Empty address", 400)
if user_exists(username):
return create_message_response("Username already exists", 400)
if not save_user(username, firstname, lastname, address, password, email):
return create_message_response("An error occurred", 500)
links = [Link('next', '/auth/login')]
data = {'message': 'Account created'}
document = Document(data=data, links=links)
return document.to_json()
def get_labels_by_sender():
if g.authorization is None:
return create_message_response("Unauthorized", 401)
username = g.authorization.get('sub')
keys = db.keys(pattern='label*')
data = []
label_json = {}
for key in keys:
sender = db.hget(key, "sender").decode()
if username == sender or g.authorization.get('role') == 'courier':
label_id = key.decode().split(":")[1]
link = Link('self', '/labels/' + label_id)
addressee = db.hget(key, "addressee").decode()
size = db.hget(key, "size").decode()
po_box_id = db.hget(key, "POBoxId").decode()
sent = db.hget(key, "sent").decode()
label_json = {
"id": label_id,
"sender": sender,
"addressee": addressee,
"size": size,
"poBox": po_box_id,
"sent": sent,
}
data.append(Embedded(data=label_json, links=[link]))
links = [Link('self', '/labels/{id}', templated=True)]
document = Document(embedded={'data': Embedded(data=data)}, links=links)
return document.to_json()
def add_label():
if g.authorization is None:
return create_message_response("Unauthorized", 401)
sender = g.authorization.get('sub')
size = request.json.get('size')
addressee = request.json.get('addressee')
po_box_id = request.json.get('POBoxId')
if addressee is None:
return create_message_response("Invalid addressee", 400)
if size not in ('XS', 'S', 'M', 'L', 'XL'):
return create_message_response("Invalid size", 400)
if po_box_id is None:
return create_message_response("Invalid PO box id", 400)
label_id = uuid.uuid4()
db.hset(f"label:{label_id}", "sender", f"{sender}")
db.hset(f"label:{label_id}", "addressee", f"{addressee}")
db.hset(f"label:{label_id}", "size", f"{size}")
db.hset(f"label:{label_id}", "POBoxId", f"{po_box_id}")
db.hset(f"label:{label_id}", "sent", "false")
data = {
"id": str(label_id),
"sender": sender,
"addressee": addressee,
"size": size,
"POBoxId": po_box_id,
"sent": "false"
}
links = [Link('self', '/labels/' + str(label_id))]
document = Document(data=data, links=links)
return document.to_json()
def change_status(id):
if g.username != COURIER_NAME:
return error("Unauthorized", "Brak dostępu.", 401)
json_data = request.json
if not json_data:
return error("No JSON provided",
"Niepoprawne żądanie, brak zawartości JSON.")
status = json_data.get("status")
if status not in ["label", "in transit", "delivered", "collected"]:
return error("Invalid status type", "Nieprawidłowy status paczki.")
package = "package:" + id
if not db.hexists(package, "status"):
return error("Package not found",
"Nie znaleziono paczki o danym identyfikatorze.")
if status != db.hget(package, "status"):
sender = db.hget(package, "sender")
recipient = db.hget(package, "recipient")
box_id = db.hget(package, "box_id")
db.publish(
f"user:{sender}",
f"Nowy status paczki dla adresata '{recipient}', nadanej do skrytki numer {box_id}!\nOdśwież stronę, aby zobaczyć zmiany."
)
db.hset(package, "status", status)
links = [Link("packages", "/courier/packages")]
document = Document(data={"package": db.hgetall(package)}, links=links)
return document.to_json()
def delete_sender_package(username, id):
if username != g.get("username") or g.get("username") == COURIER_NAME:
return error("Unauthorized", "Brak dostępu.", 401)
is_package_sender = db.sismember(f"user_packages:{username}",
f"package:{id}")
if not db.hget(f"package:{id}", "recipient"):
return error("Package not found", "Nie znaleziono paczki")
if not is_package_sender:
return error("Unauthorized", "Brak dostępu.", 401)
if not db.hget(f"package:{id}", "status") == "label":
return error("Package in transit cannot be deleted",
"Nie można usunąć, paczka jest już w drodze.")
db.srem(f"user_packages:{username}", f"package:{id}")
db.delete(f"package:{id}")
log("Deleted package: " + id + " from sender: " + username)
links = [Link("package:create", "/sender/" + g.username + "/packages")]
document = Document(data={"status": "ok"}, links=links)
return document.to_json()
def register():
data = request.json
if not data:
return {"error": "No JSON provided"}, 400
names_and_errors = {
"username": "******",
"firstname": "imienia",
"lastname": "nazwiska",
"email": "adresu email",
"address": "adresu",
"password": "******",
"password2": "potwierdzenia hasła"
}
errors = []
errors_pl = []
fields = {}
for name in names_and_errors:
fields[name] = data.get(name)
if not fields[name]:
errors.append("No " + name + " provided.")
errors_pl.append(f"Nie podano {names_and_errors[name]}.")
if fields["password"] != fields["password2"]:
errors.append("Passwords does not match")
errors_pl.append("Hasła nie są takie same.")
if fields["username"] and not re.fullmatch(r"^[a-z]{3,20}",
fields["username"]):
errors.append("Username must contain only 3-20 lowercase letters")
errors_pl.append(
"Nazwa użytkownika musi składać się z 3-20 małych liter.")
if fields["username"] and db.hexists(f"user:{fields['username']}",
"password"):
errors.append("Username is taken")
errors_pl.append("Nazwa użytkownika jest zajęta.")
if len(errors) > 0:
return error(errors, errors_pl)
db.hset(f"user:{fields['username']}", "firstname", fields["firstname"])
db.hset(f"user:{fields['username']}", "lastname", fields["lastname"])
db.hset(f"user:{fields['username']}", "address", fields["address"])
db.hset(f"user:{fields['username']}", "email", fields["email"])
password = fields["password"].encode()
hashed = hashpw(password, gensalt(5))
db.hset(f"user:{fields['username']}", "password", hashed)
db.sadd("users", fields["username"])
links = [Link("sender:login", "/sender/login")]
document = Document(links=links)
return document.to_json(), 201
def show_label(lid):
errors = []
links = []
labels = {}
links.append(Link("labels", "/sender/dashboard", type="GET"))
links.append(Link("delete", "/labels/" + str(lid), type="DELETE"))
login = g.authorization.get("usr")
if login is None:
errors.append("Musisz się zalogować")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 401
if not db.hexists(f"label:{lid}", "id"):
errors.append("Taka etykieta nie istnieje")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 404
if login != db.hget(f"label:{lid}", "sender").decode():
errors.append("To nie Twoja etykieta")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 401
status = db.hget(f"package:{lid}", "status")
if status is None:
status = "Utworzona"
else:
status = status.decode()
label = {
"id": db.hget(f"label:{lid}", "id").decode(),
"name": db.hget(f"label:{lid}", "name").decode(),
"delivery_id": db.hget(f"label:{lid}", "delivery_id").decode(),
"size": db.hget(f"label:{lid}", "size").decode(),
"status": status
}
labels["label"] = label
document = Document(data=labels, links=links)
return document.to_json(), 200
def get_package():
data = {}
links = []
packages = []
errors = []
login = g.authorization.get("usr")
if login is None or login != "Courier":
errors.append("Brak autoryzacji")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 401
for key in db.scan_iter("package:*"):
status = db.hget(f"package:{db.hget(key, 'id').decode()}", "status")
if status is None:
status = "Utworzona"
else:
status = status.decode()
package = {}
package = {
"id": db.hget(key, "id").decode(),
"name": db.hget(key, "name").decode(),
"delivery_id": db.hget(key, "delivery_id").decode(),
"size": db.hget(key, "size").decode(),
"status": status,
"sender": db.hget(key, "sender").decode()
}
packages.append(package)
for package in packages:
links.append(
Link("label:" + (package["id"]), "/labels/" + package["id"]))
data["packages"] = packages
links.append(Link("package:new", "/pacakges", type="POST"))
links.append(Link("find", "/pacakges/{id}", templated=True, type="GET"))
document = Document(data=data, links=links)
return document.to_json(), 200
def root():
if request.method == 'OPTIONS':
return allowed_methods(['GET'])
links = [
Link('auth', '/auth'),
Link('labels', '/sender'),
Link('packages', '/packages')
]
# if g.authorization is None:
# links.append(Link('test', '/test'))
document = Document(data={}, links=links)
return document.to_json()
def label_delete(label_uuid):
if g.authorization is None:
return create_message_response("Unauthorized", 401)
username = g.authorization.get('sub')
if not db.hexists(f"label:{label_uuid}", "size"):
return create_message_response("Label not Found", 404)
if not db.hget(f"label:{label_uuid}", "sender").decode() == username:
return create_message_response("Label not found", 404)
db.delete(f"label:{label_uuid}")
link = [Link('all', '/labels')]
document = Document(embedded={'data': Embedded(data={})}, links=link)
return document.to_json()
def before():
token = request.headers.get("Authorization", "").replace("Bearer ", "")
if token is not None:
try:
g.authorization = decode(token, str(JWT_SECRET), algorithms=["HS256"])
except ExpiredSignatureError:
links = [Link("login", "sender/login")]
document = Document(links=links)
return document.to_json(), 440
except Exception as e:
g.authorization = {}
else:
g.authorization = {}
def registration():
form_values = request.json
errors = []
if form_values is None:
return {"error": "Brak JSON"}
firstname = form_values.get("firstname")
lastname = form_values.get("lastname")
adress = form_values.get("adress")
email = form_values.get("mail")
login = form_values.get("login")
password = form_values.get("password")
password2 = form_values.get("password2")
links = []
links.append(Link("login", "/sender/login"))
links.append(Link("register", "/sender/register"))
if not is_database_available():
errors.append("Błąd połączenia z bazą danych")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 500
if not firstname:
errors.append("Brak imienia")
if not lastname:
errors.append("Brak nazwiska")
if not adress:
errors.append("Brak adresu")
if not email:
errors.append("Brak maila")
if not login:
errors.append("Brak loginu")
if not password:
errors.append("Brak hasła")
if password != password2:
errors.append("Hasła nie są takie same")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 400
if email and login and password and firstname and lastname and adress:
if is_user(login):
errors.append("Taka nazwa użytkownika istnieje")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 400
else:
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 400
success = save_user(firstname, lastname, login, email, password, adress)
if not success:
errors.append("Wystąpił błąd podczas rejestracji. Spróbuj później")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 500
document = Document(links=links)
return document.to_json(), 200
def update_package(pid):
errors = []
links = []
labels = {}
links.append(Link("packages", "/pacakges", type="GET"))
links.append(Link("package:new", "/pacakges", type="POST"))
links.append(Link("find", "/pacakges/{id}", templated=True, type="GET"))
login = g.authorization.get("usr")
if login is None or login != "Courier":
errors.append("Brak autoryzacji")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 401
package_id = request.json['package_id']
if package_id is None:
errors.append("Brak Id paczki")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 400
if not is_database_available():
errors.append("Błąd połączenia z bazą danych")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 500
if not db.hexists(f"package:{package_id}", "id"):
errors.append("Taka paczka nie istnieje")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 404
status = db.hget(f"package:{package_id}", "status").decode()
if status == "Odebrana":
errors.append(
"Ta paczka została odebrana. Nie możesz zmienić jej statusu")
document = Document(data={"errors": errors}, links=links)
return document.to_json(), 404
sender = db.hget(f"package:{package_id}", "sender").decode()
if status == "W drodze":
db.hset(f"package:{package_id}", "status", "Dostarczona")
db.lpush(
f"notifications:{sender}",
f"Paczka o numerze id {package_id} zmieniła status na 'Dostarczona'"
)
elif status == "Dostarczona":
db.hset(f"package:{package_id}", "status", "Odebrana")
db.lpush(
f"notifications:{sender}",
f"Paczka o numerze id {package_id} zmieniła status na 'Odebrana'")
document = Document(data=labels, links=links)
return document.to_json(), 200
def package_get(package_id):
if request.method == 'OPTIONS':
return allowed_methods(['GET', 'PUT'])
if g.authorization is None or g.authorization.get('role') == 'courier':
return create_message_response("Unauthorized", 401)
if not db.hexists(f"package:{package_id}", "labelId"):
return create_message_response("Package not found", 404)
label_id = db.hget(f"package:{package_id}", "labelId").decode()
status = db.hget(f"package:{package_id}", "status").decode()
data = {"packageId": package_id, "labelId": label_id, "status": status}
links = [Link('self', '/packages/' + package_id)]
document = Document(data=data, links=links)
return document.to_json()
def courier_packages():
if g.username != COURIER_NAME:
return error("Unauthorized", "Brak dostępu.", 401)
packages = []
for user in db.smembers("users"):
for package_name in db.smembers(f"user_packages:{user}"):
package = db.hgetall(package_name)
package["id"] = package_name.replace("package:", "")
package["sender"] = user
packages.append(package)
links = [
Link("package:update_status", "/courier/packages/{id}", templated=True)
]
document = Document(data={"packages": packages}, links=links)
return document.to_json()
def login():
json = request.json
if not json:
return {"error": "No JSON provided"}, 400
username = json.get("username")
password = json.get("password")
db_password = db.hget(f"user:{username}", "password")
if not username:
return error("No username provided",
"Nazwa użytkownika nie może być pusta.")
if not password:
return error("No password provided", "Hasło nie może być puste.")
if not db_password:
return error("Invalid username", "Nieprawidłowa nazwa użytkownika.")
if not checkpw(password.encode(), db_password.encode()):
return error("Invalid password", "Nieprawidłowe hasło.")
log("Logged in user " + username)
payload = {
"exp": datetime.utcnow() + timedelta(seconds=JWT_LIFETIME),
"iat": datetime.utcnow(),
"sub": username
}
token = encode(payload, str(JWT_SECRET), algorithm="HS256")
links = [
Link("sender:dashboard", "/sender/dashboard"),
Link("sender:logout", "/sender/logout")
]
document = Document(data={
"status": "logged-in",
"token": token
},
links=links)
return document.to_json()
def package_update(package_id):
if request.method == 'OPTIONS':
return allowed_methods(['GET', 'PUT'])
if g.authorization is None or g.authorization.get('role') != 'courier':
return create_message_response("Unauthorized", 401)
if not db.hexists(f"package:{package_id}", "labelId"):
return create_message_response("Package not found", 404)
status = request.json.get('status')
if status not in ('IN_TRANSIT', 'DELIVERED', 'PICKED_UP'):
return create_message_response("Invalid status", 400)
db.hset(f"package:{package_id}", "status", status)
label_id = db.hget(f"package:{package_id}", "labelId").decode()
data = {"packageId": package_id, "labelId": label_id, "status": status}
links = [Link('self', '/packages/' + package_id)]
document = Document(data=data, links=links)
return document.to_json()
def wrapper(*args, **kwargs):
token = request.headers.get("Authorization", "").replace("Bearer ", "")
try:
authorization = decode(token, JWT_SECRET, algorithms=["HS256"])
g.username = authorization.get("sub")
except ExpiredSignatureError:
if request.path != "/login":
log("Expired token for path: " + request.path)
links = [Link("login", "/login")]
data = {
"error": "Expired token",
"error_pl": "Token wygasł, zaloguj się ponownie."
}
document = Document(data=data, links=links)
return document.to_json(), 401
except Exception as e:
log("Unauthorized: " + str(e))
g.username = ""
return function(*args, **kwargs)
def get_sender_packages(username):
if username != g.get("username") or g.get("username") == COURIER_NAME:
return error("Unauthorized", "Brak dostępu.")
package_names = db.smembers(f"user_packages:{username}")
packages = []
for name in package_names:
package = db.hgetall(name)
package["id"] = name.replace("package:", "")
packages.append(package)
packages = sorted(packages, key=lambda k: int(k["box_id"]))
links = [
Link("package:create", "/sender/" + g.username + "/packages"),
Link("package:delete",
"/sender/" + g.username + "/packages/{id}",
templated=True)
]
document = Document(data={"packages": packages}, links=links)
return document.to_json()
def add_sender_package(username):
if username != g.get("username") or g.get("username") == COURIER_NAME:
return error("Unauthorized", "Brak dostępu.")
package = request.json
if not package.get("recipient"):
return error("No recipient provided",
"Nazwa adresata nie może być pusta.")
if not package.get("box_id"):
return error("No box_id provided", "Numer skrytki nie może być pusty.")
try:
box_id = int(package.get("box_id"))
except ValueError:
return error("Invalid box_id", "Nieprawidłowy numer skrytki.")
size = int(package.get("size"))
if size not in [1, 2, 3]:
return error("Invalid size", "Nieprawidłowy rozmiar paczki.")
id = uuid4()
db.hset(f"package:{id}", "recipient", package["recipient"])
db.hset(f"package:{id}", "sender", username)
db.hset(f"package:{id}", "box_id", box_id)
db.hset(f"package:{id}", "size", size)
db.hset(f"package:{id}", "status", "label")
db.sadd(f"user_packages:{username}", f"package:{id}")
log("Created package: " + str(db.hgetall(f"package:{id}")) +
" from sender " + username)
links = [
Link("package:delete",
"/sender/" + g.username + "/packages/" + str(id))
]
document = Document(links=links)
return document.to_json(), 201
def package():
if request.method == 'GET':
sender = request.args.get('sender')
if (g.auth.get('usertype') !=
'courier') and (sender is None or g.auth.get('sub') != sender):
return "Unauthorized", 401
links = []
links.append(Link('package:create', '/package', type="POST"))
links.append(
Link('package:delete',
'/package/{id}',
templated=True,
type="DELETE"))
links.append(
Link('package:update',
'/package/{id}',
templated=True,
type="PATCH"))
data = {"packages": get_packages(sender)}
document = Document(data=data, links=links)
return document.to_json(), 200
elif request.method == 'POST':
json = request.get_json()
if (g.auth.get('sub') != json.get('sender')):
return "Unauthorized", 401
db.session.add(
PackageModel({
"uuid": uuid.uuid4().hex,
"sender": json.get("sender"),
"receiver": json.get("receiver"),
"machine": json.get("machine"),
"size": json.get("size"),
"status": json.get("status")
}))
db.session.commit()
return "Created", 201
def test_empty_document_to_json():
app = flask.Flask(__name__)
with app.test_request_context("/foo/23"):
document = Document()
expected = '{"_links": {"self": {"href": "/foo/23"}}}'
assert expected == document.to_json()
