def post_delete():
post_by = request.headers.get('userid')
post_id = request.form.get('pid')
# Check if requested post exists
sql = "SELECT * FROM posts WHERE pid='{}'".format(post_id)
if VERBOSE:
print("delete post pid check" + sql)
check = query_fetch(sql, DB)
if check is None:
response = ErrorResponse()
response.error['errorCode'] = '105'
response.error['errorMsg'] = 'post does not exist'
return jsonify(response.__dict__)
# Check if user have authorization to delete
sql = "SELECT authorid FROM posts WHERE pid='{}'".format(post_id)
if VERBOSE:
print("delete post authorization check" + sql)
indicator = query_fetch(sql, DB)
# Authorid and userid matchs and have authority to delete post
if indicator['authorid'] == int(post_by):
# Delete the post
sql = "DELETE FROM posts WHERE authorid = '{}' AND pid = '{}'"\
.format(post_by, post_id)
if VERBOSE:
print("delete post" + sql)
query_mod(sql, DB)
response = PostList()
response.data['pid'] = post_id
# No authority to delete post
else:
response = ErrorResponse()
response.error['errorCode'] = '104'
response.error['errorMsg'] = 'No authority.'
return jsonify(response.__dict__)
def login():
user_email = request.form.get('email')
user_pass = request.form.get('passwdtoken')
if VERBOSE:
print(user_email, user_pass)
# user must finish all verifications to login
sql = 'SELECT user_key FROM users WHERE user_email = "{}"'.format(
user_email)
key = query_fetch(sql, DB)
if key is None:
return jsonify(
dict(state=False,
error={
'errorCode': LOGIN_ERR,
'errorMsg': 'User does not exist.'
},
timestamp=int(time())))
elif key['user_key'] is not None:
return jsonify(
dict(state=False,
error={
'errorCode': VERIFY_ERR,
'errorMsg': 'Verification has not been finished.'
},
timestamp=int(time())))
# user chooses to login by email
if user_pass == "NYUSHer_by_email_login":
return login_by_email(user_email)
# Check of the input email and token match database
sql = 'SELECT user_id FROM users WHERE user_email = "{}" and user_pass = "******"'.format(
user_email, user_pass)
indicator = query_fetch(sql, DB)
if VERBOSE:
print(indicator)
# Login Success
if indicator:
response = SuccessResponse()
response.data['userid'] = indicator['user_id']
token = uuid.uuid4() # generate token
response.data['token'] = token
# Insert generated token to database
sql = "UPDATE users SET user_tokens = '{}' WHERE user_id = {} ".format(
token, indicator['user_id'])
query_mod(sql, DB)
# Login Fail
else:
response = ErrorResponse()
response.error['errorCode'] = LOGIN_ERR
response.error['errorMsg'] = "Password is incorrect"
return jsonify(response.__dict__)
def register():
user_email = request.form.get('email')
user_name = request.form.get('username')
user_pass = request.form.get('passwdtoken')
sql = 'SELECT user_id FROM users WHERE user_email = "{}"'.format(
user_email)
indicator = query_fetch(sql, DB)
# Invalid (user exists)
if indicator:
response = ErrorResponse()
response.error['errorCode'] = REG_ERR
response.error['errorMsg'] = "User already exists"
# Valid (user doesn't exist)
else:
response = SuccessResponse()
user_token = uuid.uuid4()
key = uuid.uuid4()
sql = "INSERT INTO users(user_name, user_email, user_pass, user_tokens, user_key) VALUES ('{}', '{}', '{}', '{}', '{}')"\
.format(user_name, user_email, user_pass, user_token, key)
if VERBOSE:
print("insert query:" + sql)
query_mod(sql, DB)
sql = "SELECT user_id FROM users WHERE user_name = '{}'".format(
user_name)
if VERBOSE:
print("get userid query:" + sql)
user_id = query_fetch(sql, DB)
response.data['userid'] = user_id['user_id']
response.data['email'] = user_email
response.data['username'] = user_name
response.data['token'] = user_token
# send email in this block
verify_url = PROTOCOL + DOMAIN + ':' + str(PORT) + url_for(
'auth.verify', key=key)
params = dict(USER=user_name, USER_EMAIL=user_email, URL=verify_url)
print(verify_url)
msg = Message('NYUSHer: Verify Your Email',
sender='*****@*****.**',
recipients=[user_email])
msg.html = render_template('email-verification.html', **params)
send_mail(msg)
if VERBOSE:
print(response)
return jsonify(response.__dict__)
def login_by_email(user_email):
sql = 'SELECT user_id, user_name FROM users WHERE user_email = "{}"'.format(
user_email)
indicator = query_fetch(sql, DB)
# Login Success
if indicator:
response = SuccessResponse()
response.data['userid'] = indicator['user_id']
token = uuid.uuid4() # generate token
key = uuid.uuid4() # generate key
response.data['token'] = token
# Insert generated token to database
sql = "UPDATE users SET user_tokens = '{}', user_key = '{}' WHERE user_id = {} "\
.format(token, key, indicator['user_id'])
query_mod(sql, DB)
# send email in this block
verify_url = PROTOCOL + DOMAIN + ':' + str(PORT) + url_for(
'auth.verify', key=key)
params = dict(USER=indicator['user_name'], URL=verify_url)
msg = Message('NYUSHer: Verify Your Login',
sender='*****@*****.**',
recipients=[user_email])
msg.html = render_template('login-verification.html', **params)
send_mail(msg)
# Login Fail
else:
response = ErrorResponse()
response.error['errorCode'] = LOGIN_ERR
response.error['errorMsg'] = "Email doesn't not exist"
return jsonify(response.__dict__)
def get_info():
user_id = request.form.get('userid') # TODO: change api book @jerry
if VERBOSE:
print(user_id)
# retrieve user's info from DB
sql = 'SELECT user_name, user_email, user_motto, user_avatar ' \
'FROM users WHERE user_id = "{}" '.format(user_id)
indicator = query_fetch(sql, DB)
if VERBOSE:
print(indicator)
# User exists
if indicator:
response = SuccessResponse()
response.data['email'] = indicator['user_email']
response.data['username'] = indicator['user_name']
response.data['imageuri'] = indicator['user_avatar']
response.data['motto'] = indicator['user_motto']
# User does not exist
else:
response = ErrorResponse()
response.error['errorCode'] = UID_ERR
response.error['errorMsg'] = "User ID does not exist"
return jsonify(response.__dict__)
def create_a_comment():
author_id = int(request.headers.get('userid'))
subscriber_id = request.form.get('suid')
pid = int(request.form.get('pid'))
content = replace(request.form.get('content'))
if content.strip() == '':
# No empty content allowed
response = ErrorResponse()
response.error['errorCode'] = '108'
response.error['errorMsg'] = 'content cannot be empty'
return jsonify(response.__dict__)
sql = "INSERT INTO comments(content, pid, uid, subscriber) VALUES ('{}', '{}', '{}', '{}')" \
.format(content, pid, author_id, subscriber_id)
if VERBOSE:
print("insert query:" + sql)
query_mod(sql, DB)
# Get the generated comment
sql = "SELECT users.user_name,comments.* FROM comments, users " \
"WHERE users.user_id = comments.uid AND pid = {} AND uid = {} AND subscriber = '{}' " \
"ORDER BY timestamp DESC LIMIT 1" .format(pid, author_id, subscriber_id)
if VERBOSE:
print("get post_id query:" + sql)
indicator = query_fetch(sql, DB)
response = PostList()
if indicator:
print()
response.data = indicator
else:
response = ErrorResponse()
response.error['errorCode'] = '106'
response.error['errorMsg'] = 'Somehow comment is not posted.'
return jsonify(response.__dict__)
def delete_a_comment(cid):
uid = int(request.headers.get('userid'))
sql = "SELECT uid FROM comments WHERE cid = '{}'".format(cid)
indicator = query_fetch(sql, DB)
# authentication
if indicator:
if uid != indicator['uid']:
response = ErrorResponse()
response.error['errorCode'] = '104'
response.error['errorMsg'] = "No authority."
return jsonify(response.__dict__)
else:
response = ErrorResponse()
response.error['errorCode'] = '105'
response.error['errorMsg'] = 'cid does not exist.'
return jsonify(response.__dict__)
# deletion
sql = "DELETE FROM comments WHERE cid = '{}'" \
.format(cid)
if VERBOSE:
print("delete post" + sql)
query_mod(sql, DB)
response = PostList()
response.data['cid'] = cid
return jsonify(response.__dict__)
def check_email():
user_email = request.form.get('email')
sql = 'SELECT user_id FROM users WHERE user_email = "{}"'.format(
user_email)
indicator = query_fetch(sql, DB)
if indicator:
response = SuccessResponse()
else:
response = ErrorResponse()
return jsonify(response.__dict__)
def edit_a_comment(cid=None):
uid = int(request.headers.get('userid'))
content = replace(request.form.get('content')) # could be a problem
sql = "SELECT uid FROM comments WHERE cid = '{}'" .format(cid)
indicator = query_fetch(sql, DB)
# authentication
if indicator:
if uid != indicator['uid']:
response = ErrorResponse()
response.error['errorCode'] = '104'
response.error['errorMsg'] = "No authority."
return jsonify(response.__dict__)
else:
response = ErrorResponse()
response.error['errorCode'] = '105'
response.error['errorMsg'] = 'cid does not exist.'
return jsonify(response.__dict__)
# modification
if content.strip() == '':
# No empty content
response = ErrorResponse()
response.error['errorCode'] = '108'
response.error['errorMsg'] = 'content cannot be empty.'
sql = "UPDATE comments SET content='{}', timestamp = (CURRENT_TIMESTAMP) WHERE cid='{}'" \
.format(content, cid)
if VERBOSE:
print(sql)
query_mod(sql, DB)
# get the changed comment
sql = "SELECT * FROM comments WHERE cid = '{}'" .format(cid)
if VERBOSE:
print("get post_id query:" + sql)
indicator = query_fetch(sql, DB)
response = PostList()
if indicator:
response.data = indicator
else:
response = ErrorResponse()
response.error['errorCode'] = '106'
response.error['errorMsg'] = 'Somehow comment is not posted.'
return jsonify(response.__dict__)
def verify(key=None):
if key is None:
abort(404)
sql = "SELECT user_key FROM users WHERE user_key = '{}' ".format(key)
indicator = query_fetch(sql, DB)
if indicator:
sql = "UPDATE users SET user_key = null WHERE user_key = '{}' ".format(
key)
query_mod(sql, DB)
return render_template('verification-success.html')
else:
return render_template('URL-expired.html')
def set_info():
user_id = request.headers.get('userid')
# PAIN IN THE ASS! column name in database does not match api name!! We should fix it someday.
params = ['username', 'imageuri', 'motto', 'passwdtoken']
column_names = ['user_name', 'user_avatar', 'user_motto',
'user_pass'] # matching column name
info_2_set = {}
for i in range(len(params)):
data = request.form.get(params[i])
if data is not None:
info_2_set[column_names[i]] = data
if VERBOSE:
print(info_2_set)
for param in info_2_set.keys():
if param == 'user_pass':
key = uuid.uuid4()
sql = "UPDATE users SET user_key = '{}' WHERE user_id = {} " \
.format(key, user_id)
query_mod(sql, DB)
# send email in this block
sql = 'SELECT user_email, user_name FROM users WHERE user_id = "{}"'.format(
user_id)
info = query_fetch(sql, DB)
user_name = info['user_name']
user_email = info['user_email']
verify_url = PROTOCOL + DOMAIN + ':' + str(PORT) + url_for(
'auth.verify', key=key)
params = dict(USER=user_name, URL=verify_url)
if VERBOSE:
print(verify_url)
msg = Message('NYUSHer: Verify Your Password Change',
sender='*****@*****.**',
recipients=[user_email])
msg.html = render_template('password-verification.html', **params)
send_mail(msg)
sql = "UPDATE users SET {} = '{}' WHERE user_id = {} " \
.format(param, info_2_set[param], user_id)
if VERBOSE:
print(sql)
query_mod(sql, DB)
return get_info()
def post_get():
post_id = request.form.get('pid')
sql = "SELECT title, category, tags, content FROM posts WHERE pid = '{}'".format(post_id)
if VERBOSE:
print("post get query:" + sql)
indicator = query_fetch(sql, DB)
response = PostList()
if indicator:
response.data['pid'] = post_id
response.data['title'] = indicator['title']
response.data['category'] = indicator['category']
"""
NOTE: Tags must be deserialized first.
Split with comma
e.g. post_tags = 'dog, 2017, happy, weekend'
"""
response.data['tags'] = indicator['tags']
response.data['content'] = indicator['content']
else:
response = ErrorResponse()
response.error['errorCode'] = '105'
response.error['errorMsg'] = 'Post does not exist'
return jsonify(response.__dict__)
def get_avatar():
user_id = request.form.get('userid')
sql = 'SELECT user_avatar FROM users WHERE user_id = "{}"'.format(user_id)
response = query_fetch(sql, DB)
if response:
return response['user_avatar']
def post_submit():
post_title = replace(request.form.get('title'))
post_category = replace(request.form.get('category'))
post_tags = replace(request.form.get('tags'))
post_content = replace(request.form.get('content'))
post_by = request.headers.get('userid')
if VERBOSE:
print(post_title, post_category, post_tags, post_content, post_by)
# No empty title
if post_title == "":
response = ErrorResponse()
response.error['errorCode'] = '108'
response.error['errorMsg'] = 'title cannot be empty'
return jsonify(response.__dict__)
# No empty content
elif post_content == "":
response = ErrorResponse()
response.error['errorCode'] = '108'
response.error['errorMsg'] = 'content cannot be empty'
return jsonify(response.__dict__)
# Modify Existing Post
elif request.form.get('pid') is not None and request.form.get(
'pid').isdigit():
post_id = request.form.get('pid')
# Check if user_id and post_by matches
sql = "SELECT authorid FROM posts WHERE pid = '{}'".format(post_id)
if VERBOSE:
print(sql)
indicator = query_fetch(sql, DB)
user_id = request.headers.get('userid')
response = PostList()
if indicator['authorid'] == int(user_id):
sql = "UPDATE posts SET title='{}', category='{}', tags='{}', content='{}', timestamp = (CURRENT_TIMESTAMP) WHERE pid='{}'"\
.format(post_title, post_category, post_tags, post_content, post_id)
if VERBOSE:
print(sql)
query_mod(sql, DB)
response.data['pid'] = post_id
# New Post
elif request.form.get('pid') is None:
sql = "INSERT INTO posts(title, content, tags, category, authorid) VALUES ('{}', '{}', '{}', '{}', '{}')" \
.format(post_title, post_content, post_tags, post_category, post_by)
if VERBOSE:
print("insert query:" + sql)
query_mod(sql, DB)
# Get the generated post_id
sql = "SELECT pid FROM posts WHERE category = '{}' AND content = '{}' AND authorid = '{}'" \
.format(post_category, post_content, post_by)
if VERBOSE:
print("get post_id query:" + sql)
indicator = query_fetch(sql, DB)
response = PostList()
if indicator:
response.data['pid'] = indicator['pid']
else:
response = ErrorResponse()
response.error['errorCode'] = '106'
response.error['errorMsg'] = 'How did you wind up here??'
return jsonify(response.__dict__)