def get_card(): data = request.json if 'card_id' not in list(data.keys()): return s_vars.bad_request, 400 auth_status, auth_user = au_ser.check_auth_token(request.headers) result_arr = [] card_from_db = Card.query.filter(Card.card_id.in_(data['card_id'])).all() for card in card_from_db: acc = 'RW' if auth_user == card.owner else access_from_card_access( card.card_id, auth_user) if auth_user == card.owner or card.owner == 'public' or acc != '': user_access = [ card_a.__repr__() for card_a in CardAccess.query.filter( CardAccess.card_id == card.card_id).all() ] res = card.__repr__() res['access_type'] = acc res['user_access_list'] = user_access result_arr.append(res) if len(result_arr) > 0: return jsonify({ 'result': result_arr }), 200 if len(result_arr) == len(data['card_id']) else 200 else: return s_vars.card_not_exist, 404
def perform_group_action(group_action): data = request.json try: group_id = data['group_id'] auth_status, auth_user = au_ser.check_auth_token(request.headers) if auth_user == '': return s_vars.not_authorized, 401 else: group = Group.query.filter_by(group_id=group_id).first() if group is None: return s_vars.group_not_exist, 404 else: if group.owner == auth_user or access_from_group_access(group_id, auth_user): msg = '' if group_action == 'deactivate': change_group_activation(group_id, False) msg = '{} deactivated'.format(group_id) elif group_action == 'activate': change_group_activation(group_id, True) msg = '{} activated'.format(group_id) elif group_action == 'delete': delete_group(group_id) msg = '{} activated'.format(group_id) else: return s_vars.invalid_action, 403 return jsonify({'result': msg}) else: return s_vars.not_authorized, 401 except KeyError: return s_vars.bad_request, 400
def add_card_to_existing_group(): data = request.json try: auth_status, auth_user = au_ser.check_auth_token(request.headers) if auth_user == '': auth_user = '******' cards_from_db = list( set([ card.card_id for card in Card.query.filter( Card.card_id.in_(data['card_ids'])).all() ])) group = Group.query.filter_by(group_id=data['group_id']).first() if group is None: return s_vars.group_not_exist, 404 else: result = {'result': []} for card_id in cards_from_db: group_card = GroupCards(group_id=group.group_id, card_id=card_id) try: db.session.add(group_card) db.session.commit() result['result'].append( {card_id: 'Added in group: ' + group.group_id}) except exc.IntegrityError: result['result'].append({card_id: 'Already exist'}) return jsonify(result), 200 except KeyError: return s_vars.bad_request, 400
def action_by_username(action_type): data = request.json if 'username' not in list(data.keys()): return s_vars.bad_request, 400 auth_status, auth_user = au_ser.check_auth_token(request.headers) if auth_user == data['username'] and auth_user != 'public': update_user = user_model.User.query.filter_by( username=data['username']).first() if update_user is not None: msg_str = '' if action_type == 'deactivate': change_user_activation(data['username'], False) msg_str = ' deactivated' elif action_type == 'activate': change_user_activation(data['username'], True) msg_str = ' activated' elif action_type == 'delete': delete_user(data['username']) msg_str = ' deleted' elif action_type == 'verify': try: if update_user.verification_code == data[ 'verification_code']: update_user.verified = True msg_str = ' verified' send_mail(update_user.email, 'Account Verified at N4NITIN', 'Hi, Your account has been verified') else: return s_vars.invalid_code, 401 except KeyError: return s_vars.bad_request, 400 except smtplib.SMTPException: return s_vars.mail_sending_failed, 501 elif action_type == 'resend_verification': update_user.verification_code = code_gen() update_user.set_verification_expiry() try: send_mail( update_user.email, 'Welcome to N4NITIN', 'Verification Code: {}'.format( update_user.verification_code)) msg_str = ', verification code resent.' except smtplib.SMTPException: return s_vars.mail_sending_failed, 501 else: return s_vars.invalid_action, 404 update_user.last_updated = datetime.utcnow() db.session.commit() res = { 'response': 'User \'{}\'{}'.format(update_user.username, msg_str) } return jsonify(res), 200 else: return s_vars.user_not_exist, 404 else: return s_vars.not_authorized, 401
def get_user_by_username(username): auth_status, auth_user = au_ser.check_auth_token(request.headers) if auth_user == username: user = user_model.User.query.filter_by(username=username).scalar() if user is not None: return jsonify({'result': user.__repr__()}), 200 else: return s_vars.user_not_exist, 404 else: return s_vars.not_authorized, 401
def update_card(card_id): data = request.json auth_status, auth_user = au_ser.check_auth_token(request.headers) try: card_from_db = Card.query.filter_by(card_id=card_id).first() if card_from_db is None: return s_vars.card_not_exist, 404 elif auth_user == '': return s_vars.not_authorized, 401 elif card_from_db.owner == auth_user or card_from_db.owner == 'public' or access_from_card_access( card_id, auth_user) == 'RW': keys = list(data.keys()) if card_from_db.owner == 'public' and card_from_db.created_by != auth_user and 'owner' in keys: return s_vars.cannot_change_owner, 403 if 'owner' in keys: if data['owner'] != 'public': user = user_model.User.query.filter_by( username=data['owner']).first() if user is not None: card_from_db.owner = data[ 'owner'] if 'owner' in keys else card_from_db.owner else: return s_vars.user_not_exist, 404 else: card_from_db.owner = 'public' card_from_db.title = data[ 'title'] if 'title' in keys else card_from_db.title card_from_db.description = data[ 'description'] if 'description' in keys else card_from_db.description card_from_db.icon_url = data[ 'icon_url'] if 'icon_url' in keys else card_from_db.icon_url card_from_db.short_url = data[ 'short_url'] if 'short_url' in keys else card_from_db.short_url card_from_db.redirect_url = data[ 'redirect_url'] if 'redirect_url' in keys else card_from_db.redirect_url card_from_db.expiry = parser.parse( data['expiry']) if 'expiry' in keys else card_from_db.expiry card_from_db.status = data[ 'status'] if 'status' in keys else card_from_db.status card_from_db.last_updated = datetime.utcnow() db.session.commit() card_json_data = card_from_db.__repr__() card_json_data['user_access_list'] = [ card_a.__repr__() for card_a in CardAccess.query.filter( CardAccess.card_id == card_from_db.card_id).all() ] res = {'result': card_json_data} return jsonify(res), 200 else: return s_vars.not_authorized, 401 except KeyError: return s_vars.bad_request, 400
def remove_change_group_access(): data = request.json try: auth_status, auth_user = au_ser.check_auth_token(request.headers) group_from_db = Group.query.filter_by( group_id=data['group_id']).first() if group_from_db.owner == auth_user or access_from_group_access( group_from_db.card_id, auth_user) == 'RW': group_access = GroupAccess.query.filter_by( group_id=group_from_db.group_id, username=data['username']).first() if group_access is None: return jsonify({ 'result': '{} does not have access for group {}'.format( data['username'], group_from_db.title) }), 200 msg = '' if data['action_name'] == 'delete': db.session.delete(group_access) msg = 'Deleted {} access from group {}'.format( data['username'], group_from_db.title) elif data['action_name'] == 'enable': group_access.access_status = True group_access.last_updated = datetime.utcnow() msg = 'Update: {} access from disable to enable'.format( data['username']) elif data['action_name'] == 'disable': group_access.access_status = False group_access.last_updated = datetime.utcnow() msg = 'Update: {} access from enable to disable'.format( data['username']) elif data['action_name'] == 'access_RO': group_access.access_type = 'RO' group_access.last_updated = datetime.utcnow() msg = 'Update: {} access from RW to RO'.format( data['username']) elif data['action_name'] == 'access_RW': group_access.access_type = 'RW' group_access.last_updated = datetime.utcnow() msg = 'Update: {} access from RO to RW'.format( data['username']) else: return s_vars.invalid_action, 403 db.session.commit() return jsonify({'result': msg}), 200 else: return s_vars.not_authorized, 401 except KeyError: return s_vars.bad_request, 400
def get_list_of_valid_cards_owned(): data = request.json try: auth_status, auth_user = au_ser.check_auth_token(request.headers) cards_owned = [] if auth_user == data['username']: cards_owned = Card.query.filter_by(owner=auth_user).all() cards_owned = [ card.__repr__() for card in cards_owned if card.expiry is None or card.expiry > datetime.utcnow() ] return jsonify({'result': cards_owned}), 200 except KeyError: return s_vars.bad_request, 400
def get_user_verification(username): """Get user verification from db""" user_from_db = user_model.User.query.filter_by(username=username).first() if user_from_db is None: return s_vars.user_not_exist, 400 else: auth_status, auth_user = au_ser.check_auth_token(request.headers) if auth_user == username: if auth_status: return s_vars.verified_user, 200 else: return s_vars.not_verified_user, 403 else: return s_vars.not_authorized, 401
def check_if_can_login(username): data = request.json if 'secret' not in list(data.keys()): return s_vars.bad_request, 400 auth_status, auth_user = au_ser.check_auth_token(request.headers) if auth_user == username: user = user_model.User.query.filter_by(username=username).first() if user is not None: if user.check_password(data['secret']): res = {'result': user.__repr__()} return jsonify(res), 200 else: res = {'result': 'Can\'t login'} return jsonify(res), 403 return s_vars.user_not_exist, 404 else: return s_vars.not_authorized, 401
def get_group_data(group_ids=None): data = request.json try: if group_ids is None: group_ids = data['group_ids'] result = {} auth_status, auth_user = au_ser.check_auth_token(request.headers) if auth_user == '': return s_vars.not_authorized, 401 for group_id in group_ids: user_has_access = False user_access_type = 'RO' group = Group.query.filter_by(group_id=group_id, owner=auth_user).first() if group is None: group_access = GroupAccess.query.filter_by(group_id=group_id, username=auth_user, access_status=True).first() if group_access is not None: user_access_type = group_access.access_type user_has_access = True else: user_has_access = True user_access_type = 'RW' if user_has_access: group = Group.query.filter_by(group_id=group_id).first() card_ids = [gc.card_id for gc in GroupCards.query.filter_by(group_id=group_id).all()] cards = [card.__repr__() for card in Card.query.filter(Card.card_id.in_(card_ids)).all()] for card in cards: if user_access_type == 'RW' or access_from_card_access(card['card_id'], auth_user) == 'RW': card['access_type'] = 'RW' else: card['access_type'] = 'RO' card['user_access_list'] = [card_a.__repr__() for card_a in CardAccess.query.filter( CardAccess.card_id == card['card_id']).all()] result[group_id] = {} result[group_id]['card_list'] = cards group_json = group.__repr__() group_json['access_type'] = user_access_type group_json['user_access_list'] = [group_a.__repr__() for group_a in GroupAccess.query.filter( GroupAccess.group_id == group.group_id).all()] result[group_id]['group_details'] = group_json return jsonify({'result': result}), 200 except KeyError: return s_vars.bad_request, 400
def add_group_access(): data = request.json try: auth_status, auth_user = au_ser.check_auth_token(request.headers) group_from_db = Group.query.filter_by( group_id=data['group_id']).first() owner = group_from_db.owner access_by = auth_user if len(access_by) == 0: access_by = 'public' if owner == access_by or access_from_group_access( data['group_id'], access_by) == 'RW': username = data['username'] username_in_db = user_model.User.query.filter_by( username=username, deactivated=False, verified=True).first() if username_in_db is None and username != 'public' or owner == username: return jsonify({'result': {username: False}}) else: keys = list(data.keys()) group_access = GroupAccess(owner=owner, username=username, group_id=data['group_id'], access_by=access_by, access_type=data['access_type'] if 'access_type' in keys else 'RO') db.session.add(group_access) try: db.session.commit() return jsonify( {'result': { username: group_access.__repr__() }}), 200 except exc.IntegrityError as e: logging.info(e) return jsonify({'result': { username: '******' }}), 200 else: return s_vars.not_authorized, 401 except KeyError: return s_vars.bad_request, 400
def remove_cards_from_group(): data = request.json try: auth_status, auth_user = au_ser.check_auth_token(request.headers) if auth_user == '': return s_vars.not_authorized, 401 else: group = Group.query.filter_by(group_id=data['group_id']).first() if group is None: return s_vars.group_not_exist, 404 else: if group.owner == auth_user or access_from_group_access(data['group_id'], auth_user): GroupCards.query.filter(GroupCards.card_id.in_(data['card_ids'])).filter_by( group_id=data['group_id']).delete(synchronize_session='fetch') db.session.commit() return jsonify({'result': '{} deleted from group {}'.format(data['card_ids'], data['group_id'])}) else: return s_vars.not_authorized, 401 except KeyError: return s_vars.bad_request, 400
def update_pass_by_username(username): data = request.json if 'secret' not in list(data.keys()): return s_vars.bad_request, 400 auth_status, auth_user = au_ser.check_auth_token(request.headers) if auth_user == username: update_user = user_model.User.query.filter_by( username=username).first() if update_user is not None: update_user.set_password(data['secret']) update_user.last_updated = datetime.utcnow() db.session.commit() res = { 'result': 'Password updated for user {}'.format(update_user.username) } return jsonify(res), 200 else: return s_vars.user_not_exist, 404 else: return s_vars.not_authorized, 401
def add_group(): data = request.json try: auth_status, auth_user = au_ser.check_auth_token(request.headers) owner = auth_user if owner != data['username']: return s_vars.not_authorized, 401 cards = Card.query.filter(Card.card_id.in_(data['card_ids'])).all() if len(cards) < len(set(data['card_ids'])) or len(data['card_ids']) == 0: return s_vars.card_not_exist, 404 group = Group( owner=owner, group_id=id_gen(), title=data['title'], description=data['description'], icon_url=data['icon_url'] if 'icon_url' in list(data.keys()) else None, ) db.session.add(group) db.session.commit() result = {'group': group.__repr__(), 'cards_in_group': []} for card_id in list(set(data['card_ids'])): group_card = GroupCards(group_id=group.group_id, card_id=card_id) db.session.add(group_card) db.session.commit() result['cards_in_group'].append(group_card.__repr__()) try: user = user_model.User.query.filter_by(username=owner).first() send_mail(user.email, 'Successfully Created Group', '''Hi {}, Group \'{}\' has been successfully with below cards. {}'''.format(user.name, group.title, ', '.join([card.title for card in cards]))) except smtplib.SMTPException: return s_vars.mail_sending_failed, 501 except socket.gaierror: return s_vars.mail_sending_failed, 502 return jsonify({'result': result}), 200 except KeyError: return s_vars.bad_request, 400 except exc.IntegrityError: return jsonify({'result': 'Duplicate record'}), 409
def add_card_access(): data = request.json try: auth_status, auth_user = au_ser.check_auth_token(request.headers) card_from_db = Card.query.filter_by(card_id=data['card_id']).first() owner = card_from_db.owner access_by = auth_user if len(access_by) == 0: access_by = 'public' if owner == access_by or access_from_card_access( data['card_id'], access_by) == 'RW': resp = [] if len(data['username']) > 0: for username in data['username']: username_in_db = user_model.User.query.filter_by( username=username, deactivated=False, verified=True).first() if username_in_db is None and username != 'public' or owner == username: resp.append({username: False}) else: keys = list(data.keys()) card_access = CardAccess( owner=owner, username=username, card_id=data['card_id'], access_by=access_by, access_type=data['access_type'] if 'access_type' in keys else 'RO') db.session.add(card_access) try: db.session.commit() resp.append({username: True}) except exc.IntegrityError as e: resp.append({username: '******'}) logging.info(e) return jsonify({'result': resp}), 200 else: return s_vars.not_authorized, 401 except KeyError: return s_vars.bad_request, 400
def action_for_card(action_type): data = request.json if 'card_ids' not in list(data.keys()): return s_vars.bad_request, 400 auth_status, auth_user = au_ser.check_auth_token(request.headers) try: card_from_db = Card.query.filter(Card.card_id.in_( data['card_ids'])).all() except KeyError: return s_vars.bad_request, 400 if len(card_from_db) == 0: return s_vars.card_not_exist, 404 else: result = {'result': []} for card in card_from_db: owner = card.owner if not (auth_user == owner or card.owner == 'public' or access_from_card_access(card.card_id, auth_user) == 'RW'): return s_vars.not_authorized, 401 for card in card_from_db: owner = card.owner card_title = card.title if auth_user == owner or card.owner == 'public' or access_from_card_access( card.card_id, auth_user) == 'RW': if action_type == 'deactivate': change_card_activation(card.card_id, False) card.last_updated = datetime.utcnow() result['result'].append(card.__repr__()) elif action_type == 'activate': change_card_activation(card.card_id, True) card.last_updated = datetime.utcnow() result['result'].append(card.__repr__()) elif action_type == 'delete': delete_card(card.card_id) result['result'].append('Deleted : {}'.format(card_title)) db.session.commit() return jsonify(result), 200
def update_group(group_id): data = request.json auth_status, auth_user = au_ser.check_auth_token(request.headers) try: group_from_db = Group.query.filter_by(group_id=group_id).first() if group_from_db is None: return s_vars.group_not_exist, 404 elif auth_user == '': return s_vars.not_authorized, 401 elif group_from_db.owner == auth_user or access_from_group_access(group_id, auth_user) == 'RW': keys = list(data.keys()) if 'owner' in keys: if data['owner'] != 'public': user = user_model.User.query.filter_by(username=data['owner']).first() if user is not None: group_from_db.owner = data['owner'] if 'owner' in keys else group_from_db.owner else: return s_vars.user_not_exist, 404 else: return s_vars.user_not_exist, 404 group_from_db.title = data['title'] if 'title' in keys else group_from_db.title group_from_db.description = data['description'] if 'description' in keys else group_from_db.description group_from_db.icon_url = data['icon_url'] if 'icon_url' in keys else group_from_db.icon_url group_from_db.status = data['status'] if 'status' in keys else group_from_db.status group_from_db.last_updated = datetime.utcnow() db.session.commit() group_json_data = group_from_db.__repr__() group_json_data['user_access_list'] = [group_a.__repr__() for group_a in GroupAccess.query.filter( GroupAccess.group_id == group_from_db.group_id).all()] res = {'result': group_json_data} return jsonify(res), 200 else: return s_vars.not_authorized, 401 except KeyError: return s_vars.bad_request, 400
def update_user_by_username(username): data = request.json auth_status, auth_user = au_ser.check_auth_token(request.headers) try: if auth_user == username: update_user = user_model.User.query.filter_by( username=username).first() if update_user is not None: keys = list(data.keys()) if update_user.verified and 'email' in keys: return s_vars.cannot_change_email, 403 update_user.name = data[ 'name'] if 'name' in keys else update_user.name update_user.email = data[ 'email'] if 'email' in keys else update_user.email update_user.last_updated = datetime.utcnow() db.session.commit() return jsonify({'result': update_user.__repr__()}), 200 else: return s_vars.user_not_exist, 404 else: return s_vars.not_authorized, 401 except KeyError: return s_vars.bad_request, 400
def return_redirect_url(short_url): auth_status, auth_user = au_ser.check_auth_token(request.headers) if auth_user == '': auth_user = '******' card_with_short_url = Card.query.filter_by(short_url=short_url, status=True).first() if card_with_short_url is None: return jsonify({'result': 'failure'}), 404 else: if auth_user == card_with_short_url.owner or card_with_short_url.owner == 'public': return check_expiry_and_return(card_with_short_url.expiry, card_with_short_url.redirect_url) else: read_card_access = [ access_from_card_access(card_id=card_with_short_url.card_id, auth_user=user) for user in ['public', auth_user] ] if 'RW' in read_card_access or 'RO' in read_card_access: return check_expiry_and_return( card_with_short_url.expiry, card_with_short_url.redirect_url) else: return s_vars.not_authorized, 401
def return_data_for_profile(): data = request.json access_types = ['RO', 'RW'] try: username = data['username'] auth_status, auth_user = au_ser.check_auth_token(request.headers) if username != auth_user: return s_vars.not_authorized, 401 result = {'owner': [], 'shared_with_me': [], 'cards_in_group': []} cards_owned = Card.query.filter(Card.owner == username).all() result['owner'] = [card.__repr__() for card in cards_owned] for card_details in result['owner']: card_details['user_access_list'] = [ card_a.__repr__() for card_a in CardAccess.query.filter( CardAccess.card_id == card_details['card_id']).all() ] cards_shared_with_me = [[ card.__repr__() for card in CardAccess.query.filter( CardAccess.username == username, CardAccess.access_type == access_t, CardAccess.access_status == True).all() ] for access_t in access_types] for i in range(0, len(cards_shared_with_me)): card_ids_to_fetch = [ card_access['card_id'] for card_access in cards_shared_with_me[i] if card_access['card_id'] not in result['owner'] ] cards = [ card.__repr__() for card in Card.query.filter( Card.card_id.in_(card_ids_to_fetch)).all() ] for card in cards: card['access_type'] = access_types[i] card['user_access_list'] = [ card_a.__repr__() for card_a in CardAccess.query.filter( CardAccess.card_id == card['card_id']).all() ] result['shared_with_me'].append(card) groups_owned = [ group.__repr__() for group in Group.query.filter(Group.owner == username).all() ] for group in groups_owned: group['access_type'] = 'RW' group['user_access_list'] = [ group_a.__repr__() for group_a in GroupAccess.query.filter( GroupAccess.group_id == group['group_id']).all() ] groups_owned_ids = [g['group_id'] for g in groups_owned] groups_shared_with_me = [ group_a.__repr__() for group_a in GroupAccess.query.filter( GroupAccess.username == username).all() ] group_ids_to_fetch = [ group_access['group_id'] for group_access in groups_shared_with_me if group_access['group_id'] not in groups_owned_ids ] access_type_for_group = {} for group_access in groups_shared_with_me: if group_access['group_id'] not in groups_owned_ids: access_type_for_group[ group_access['group_id']] = group_access['access_type'] groups = [ group.__repr__() for group in Group.query.filter( Group.group_id.in_(group_ids_to_fetch)).all() ] addition_group_ids = [] for group in groups: addition_group_ids.append(group['group_id']) group['access_type'] = access_type_for_group[group['group_id']] group['user_access_list'] = [ group_a.__repr__() for group_a in GroupAccess.query.filter( GroupAccess.group_id == group['group_id']).all() ] cards_in_group, st = get_group_data( list(set(groups_owned_ids + addition_group_ids))) result['cards_in_group'] = cards_in_group.json['result'] return jsonify({'result': result}) except KeyError: return s_vars.bad_request, 400
def add_card(): data = request.json auth_status, auth_user = au_ser.check_auth_token(request.headers) owner = auth_user if len(owner) == 0: return s_vars.not_authorized, 401 else: try: user = None if owner != 'public': user = user_model.User.query.filter_by( username=owner, deactivated=False).first() if user is None: return s_vars.user_not_exist, 401 if not user.verified: return s_vars.not_verified_user, 403 short_url = data['short_url'] if 'short_url' in list( data.keys()) else id_gen(10) msg, resp_code = get_availability_su(short_url) if resp_code == 409: return msg, resp_code keys = list(data.keys()) card = Card( created_by=owner, owner=owner, card_id=id_gen(), title=data['title'], description=data['description'], icon_url=data['icon_url'] if 'icon_url' in keys else None, short_url=short_url, redirect_url=data['redirect_url'], expiry=parser.parse(data['expiry']) if 'expiry' in keys else None, ) db.session.add(card) db.session.commit() res = card.__repr__() if owner != 'public': send_mail( user.email, 'N4NITIN - Create Request', '''Hi {0}, You have created new shorturl with below details: Owner: {0}, Title: {1}, Description: {2}, ShortUrl: {3}, RedirectUrl: {4}, Expiry: {5} '''.format(res['owner'], res['title'], res['description'], (request.origin if request.origin is not None else 'http://www.n4nit.in') + '/' + short_url, res['redirect_url'], res['expiry'])) db.session.expunge(card) db.session.close() except KeyError: return s_vars.bad_request, 400 except exc.IntegrityError: return s_vars.duplicate_record, 409 except smtplib.SMTPException: return s_vars.mail_sending_failed, 501 return jsonify(res), 200