def users():
""" GET REQUEST """
if request.method == 'GET':
return cors_response((jsonify(users = [user.serialize for user in models.User.query.all()]),200))
""" POST REQUEST """
if request.method == 'POST':
email = request.form.get('email')
user = models.User.query.filter(models.User.email==email).first()
if user:
return cors_response(("Email already registered",400))
firstName = request.form.get('firstName')
lastName = request.form.get('lastName')
password = request.form.get('password')
university = request.form.get('university')
if (firstName and lastName and email and password and university):
pw_hash = bcrypt.generate_password_hash(password)
user = models.User(firstName = firstName,
lastName = lastName,
email = email,
password = pw_hash,
university = university)
profile = models.Profile()
grad_year = request.form.get('grad_year')
major = request.form.get('major')
courses = request.form.get('classes')
bio = request.form.get('bio')
avatar = generator.generate(firstName + lastName, 240, 240, output_format="png")
if (grad_year):
profile.grad_year = grad_year
if (major):
profile.major = major
if (courses):
courseList = json.loads(courses)
user.courses = ",".join(courseList)
if (bio):
profile.bio = bio
profile.avatar = avatar
user.profile = profile
db.session.add(user)
db.session.commit()
# Send email to new user.
regEmail = generateEmail("registration", firstName = firstName)
sendEmail(email, "Welcome to Deku!", regEmail[0], regEmail[1])
return cors_response((jsonify(user = user.serialize), 201))
else:
return cors_response(("Bad Request.", 400))
else:
pass
def commentCard(card_id):
if request.method == 'POST':
# Verify card existence:
card = models.Card.query.get(int(card_id))
if (card):
# set up data fields for comment
author_id = request.form.get('author_id')
content = request.form.get('content')
comment = models.Comment(author_id = author_id,
card_id = card_id,
content = content)
card.comments.append(comment)
card.popularity+=1 # commenting is +1 popularity
user = models.User.query.get(int(card.user_id)) #this is the user who authored the card
# This is so a user doesn't get notification if they comment on their own card
if (int(author_id) is not user.id):
notification = models.Notification(from_id = author_id,
card_id = card_id,
content = "commented on")
user.notifications.append(notification) # append notification to user's account
db.session.commit()
return cors_response((jsonify(card.serialize), 200))
else:
return cors_response(("Card doesn't exist.", 404))
else:
pass
def follow_user(user_id):
if request.method == 'POST':
# Verify user existence.
user = models.User.query.get(int(user_id))
if user:
# Get current user.
active_user_id = request.form.get("active_id")
if active_user_id:
active_user = models.User.query.get(int(active_user_id))
if active_user:
if user in active_user.following:
active_user.following.remove(user)
else:
active_user.following.append(user)
notification = models.Notification(from_id = active_user_id,
card_id = -1,
content = "is now following you")
user.notifications.append(notification)
print "Pre rep"
print user.reputationPositive
user.reputationPositive+=2
print "Post rep, " , user.reputationPositive
db.session.commit()
return cors_response((jsonify(active_user.serialize), 200))
else:
return cors_response(("User not found.", 404))
else:
return cors_response(("Bad request.", 400))
else:
return cors_response(("User not found.", 404))
else:
pass
def markCard(card_id):
if request.method == 'POST':
# Verify card existence:
card = models.Card.query.get(int(card_id))
if (card):
user_id = request.form.get("user_id")
if (user_id):
user = models.User.query.get(int(user_id))
if (user):
# If card is already marked, remove it.
if card in user.markedCards:
user.markedCards.remove(card)
card.popularity-=1; # less popular
else:
user.markedCards.append(card)
card.popularity+=1 # more popular
# Only notify the author if a user marks it. Unmarking is not important
card_author = models.User.query.get(int(card.user_id)) #this is the user who authored the card
if (int(user_id) != card_author.id):
notification = models.Notification(from_id = user_id,
card_id = card_id,
content = "marked")
card_author.notifications.append(notification) # append notification to user's account
card_author.reputationPositive+=1
db.session.commit()
return cors_response((jsonify(card.serialize), 200))
else:
return cors_response(("User does not exist.", 404))
else:
return cors_response(("Bad request.", 400))
else:
return cors_response(("Card doesn't exist.", 404))
else:
pass
def cards():
if request.method == 'GET':
return cors_response((jsonify(cards = [card.serialize for card in models.Card.query.all()]), 200))
elif request.method == 'POST':
content = request.form.get('content')
category = request.form.get('category')
tags = request.form.get('tags')
colors = request.form.get('colors')
author_id = request.form.get('author_id')
author = models.User.query.get(author_id) #get the author id from db
if (content):
card = models.Card(user_id = author_id,
content = content,
userFirst = author.firstName,
userLast = author.lastName,
popularity = 0)
if (category):
card.category = category
if (tags):
tagList = json.loads(tags)
card.tags = ",".join(tagList)
if (colors):
colorList = json.loads(colors)
card.colors = ",".join(colorList)
db.session.add(card)
db.session.commit()
return cors_response((jsonify(card = card.serialize), 201))
else:
return cors_response(("Invalid request", 400))
else:
return cors_response(("Card not found",400))
def user_authentication():
email = request.form.get('email')
password = request.form.get('password')
user = authenticate_by_email(email, password)
if user:
return cors_response((jsonify(user = user.serialize),200))
else:
return cors_response(("Unauthorized access", 401))
def search_by_tag(tag):
if request.method == 'GET':
matches = Card.query.filter(models.Card.tags.contains(tag)).all()
if len(matches) == 0:
return cors_response(("No matching cards.", 204))
return cors_response((jsonify(cards = [card.serialize for card in matches]), 200))
else:
pass
def search_by_category(category):
if request.method == 'GET':
matches = Card.query.filter_by(category=category).all()
if len(matches) == 0:
return cors_response(("No matching cards.", 204))
return cors_response((jsonify(cards = [card.serialize for card in matches]), 200))
else:
pass
def search_by_author(author):
if request.method == 'GET':
firstName, lastName = author.split(",")
matches = Card.query.filter(Card.userFirst == firstName and Card.userLast == lastName).all()
if len(matches) == 0:
return cors_response(("No matching cards.", 204))
return cors_response((jsonify(cards = [card.serialize for card in matches]), 200))
else:
pass
def card_by_id(card_id):
if request.method == 'GET':
card = Card.query.get(int(card_id))
if (card):
return cors_response((jsonify(card = card.serialize), 200))
else:
return cors_response(("Card not found.", 404))
else:
pass
def make_user_admin(user_id):
if request.method == 'PUT':
user = models.User.query.get(int(user_id))
if (user):
user.role = 2
db.session.commit()
return cors_response((jsonify(user = user.serialize), 200))
else:
return cors_response(("User not found.", 404))
else:
pass
def user_by_id(user_id):
if request.method == 'GET':
user = models.User.query.get(int(user_id))
if (user):
return cors_response((jsonify(user = user.serialize), 200))
else:
return cors_response(("User not found.", 404))
else:
pass
def update_card(card_id):
if request.method == 'POST':
card = Card.query.get(int(card_id))
content = request.form.get('content')
if (card):
if (content):
card.content = content
db.session.commit()
return cors_response(("Card modified.", 200))
else:
return cors_response(("Card not found.", 404))
else:
pass
def update_user_by_id(user_id):
if request.method == 'POST':
password = request.form.get('confirm_password')
user = authenticate_by_id(user_id, password)
if user is None:
return cors_response(("Unauthorized Access.", 401))
# Update fields
firstName = request.form.get('firstName')
lastName = request.form.get('lastName')
email = request.form.get('email')
password = request.form.get('password')
university = request.form.get('university')
grad_year = request.form.get('grad_year')
major = request.form.get('major')
courses = request.form.get('classes')
bio = request.form.get('bio')
if (firstName):
user.firstName = firstName
if (lastName):
user.lastName = lastName
if (email):
user.email = email
if (password):
user.password = bcrypt.generate_password_hash(password)
if (university):
user.university = university
if (grad_year):
user.profile.grad_year = grad_year
if (major):
user.profile.major = major
if (courses):
courseList = json.loads(courses)
user.courses = ",".join(courseList)
if (bio):
user.profile.bio = bio
db.session.commit()
return cors_response((jsonify(user = user.serialize), 200))
else:
return cors_response(("User not found"))
def get_users_cards(user_id):
if request.method == 'GET':
hand = Card.query.filter(Card.user_id == user_id).all()
addedCards = models.User.query.get(int(user_id)).addedCards
for card in addedCards:
if card in hand:
pass
else:
hand.append(card)
if len(hand) == 0:
return cors_response(("No cards from user.", 204))
return cors_response((jsonify(cards = [card.serialize for card in hand]), 200))
else:
pass
def search_profile_by_tag(user_id, tag):
if request.method == 'GET':
hand = Card.query.filter(Card.user_id == user_id).all()
addedCards = models.User.query.get(int(user_id)).addedCards
for card in addedCards:
if card in hand:
pass
else:
hand.append(card)
if len(hand) == 0:
return cors_response(("No cards from user.", 204))
matches = [card for card in hand if tag in card.tags.split(",")]
return cors_response((jsonify(cards = [card.serialize for card in matches]), 200))
else:
pass
def resetPassword(user_id):
if request.method == 'POST':
user = models.User.query.get(int(user_id))
if user:
password = request.form.get("password")
if password:
password_hash = bcrypt.generate_password_hash(password)
user.password = password_hash
db.session.commit()
return cors_response((jsonify(user.serialize), 200))
else:
return cors_response(("Bad Request.", 400))
else:
return cors_response(("User not found.", 404))
else:
pass
def delete_user(user_id):
if request.method == 'POST':
password = request.form.get('password')
user = authenticate_by_id(user_id, password)
if (user is not None):
if user.role == ROLE_ADMIN:
return cors_response(("Admin cannot delete own account.", 403))
else:
db.session.delete(user)
db.session.commit()
return cors_response(("User deleted", 200))
else:
return cors_response(("User not found.", 404))
else:
pass
def search_profile_by_author(user_id, author):
if request.method == 'GET':
firstName, lastName = author.split(",")
hand = Card.query.filter(Card.user_id == user_id).all()
addedCards = models.User.query.get(int(user_id)).addedCards
for card in addedCards:
if card in hand:
pass
else:
hand.append(card)
if len(hand) == 0:
return cors_response(("No cards from user.", 204))
matches = [card for card in hand if card.userFirst == firstName and card.userLast == lastName]
if len(matches) == 0:
return cors_response(("No cards from user.", 204))
return cors_response((jsonify(cards = [card.serialize for card in matches]), 200))
else:
pass
def deleteNotification(user_id):
if request.method == 'POST':
# Verify card existence:
user = models.User.query.get(int(user_id))
if (user):
# set up data fields for notification
notification_id = request.form.get('notification_id')
notification = models.Notification.query.get(notification_id)
if (notification):
user.notifications.remove(notification)
db.session.commit()
return cors_response((jsonify(user.serialize), 200))
else:
return cors_response(("Notification doesn't exist", 404))
else:
return cors_response(("User doesn't exist.", 404))
else:
pass
def check_duplicate_email():
if request.method == 'POST':
email = request.form.get('email')
user = models.User.query.filter(models.User.email==email).first()
if user:
return cors_response(("That email is already registered", 400))
firstName = request.form.get('firstName')
lastName = request.form.get('lastName')
if (firstName and lastName):
avatar = generator.generate(firstName + lastName, 240, 240, output_format="png")
return cors_response(base64.b64encode(avatar))
else:
return cors_response(("Bad Request.", 400))
else:
pass
def delete_card(card_id):
if request.method == 'POST':
card = Card.query.get(int(card_id))
author_id = card.user_id
author = models.User.query.get(author_id) #get the author id from db
password = request.form.get('password') # get password that was passed back
user = authenticate_by_id(author_id, password) # just make sure the user is good
if (user):
if (card):
db.session.delete(card)
db.session.commit()
return cors_response(("Card deleted.", 200))
elif (card is None):
return cors_response(("No card found.", 204))
else:
return cors_response(("Unauthorized access", 403))
else:
pass
def search_by_name():
names = request.args.get('names')
output = "wtf"
names = names.split(",")
ors = []
for name in names:
ors.append(func.lower(models.User.firstName)==func.lower(name))
ors.append(func.lower(models.User.lastName)==func.lower(name))
users = models.User.query.filter(or_(*ors)).all()
return cors_response((jsonify(users = [user.serialize for user in users]),200))
def deleteComment(card_id):
if request.method == 'POST':
# Verify card existence:
card = models.Card.query.get(int(card_id))
if (card):
# set up data fields for comment
comment_id = request.form.get('comment_id')
comment = models.Comment.query.get(comment_id)
if (comment):
card.comments.remove(comment)
card.popularity-=1 # removing comment reduces popularity
db.session.commit()
return cors_response((jsonify(card.serialize), 200))
else:
return cors_response(("Comment doesn't exist", 404))
else:
return cors_response(("Card doesn't exist.", 404))
else:
pass
def generateTemporaryPassword():
if request.method == 'POST':
email = request.form.get('email')
if email:
# Find user by email address.
user = models.User.query.filter(models.User.email==email).first()
if user:
# Send reset email
tempPassword = ''.join([random.choice(string.ascii_letters + string.digits) for n in xrange(32)])
user.password = bcrypt.generate_password_hash(tempPassword)
db.session.commit()
resetEmail = generateEmail("reset", firstName = user.firstName, tempPassword = tempPassword)
sendEmail(email, "Forgot your password?", resetEmail[0], resetEmail[1])
return cors_response(("Email sent.", 200))
else:
return cors_response(("User not found.", 404))
else:
return cors_response(("Bad Request.", 400))
else:
pass
def deleteCard(card_id):
if request.method == 'POST':
card = models.Card.query.get(int(card_id))
if (card):
admin_id = request.form.get("admin_id")
admin_password = request.form.get("admin_password")
if (admin_id and admin_password):
admin = authenticate_by_id(admin_id, admin_password)
if (admin):
db.session.delete(card)
db.session.commit()
return cors_response(("Card deleted.", 200))
else:
return cors_response(("Unauthorized.", 403))
else:
return cors_response(("Bad Request.", 400))
else:
return cors_response(("Card not found.", 404))
else:
pass
def deleteUser(user_id):
if request.method == 'POST':
user = models.User.query.get(int(user_id))
if (user):
admin_id = request.form.get("admin_id")
admin_password = request.form.get("admin_password")
if (admin_id and admin_password):
admin = authenticate_by_id(admin_id, admin_password)
if (admin):
db.session.delete(user)
db.session.commit()
return cors_response(("User deleted.", 200))
else:
return cors_response(("Unauthorized.", 403))
else:
return cors_response(("Bad Request.", 400))
else:
return cors_response(("User not found.", 404))
else:
pass
def makeUser(user_id):
if request.method == 'POST':
user = models.User.query.get(int(user_id))
if (user):
admin_id = request.form.get("admin_id")
admin_password = request.form.get("admin_password")
if (admin_id and admin_password):
admin = authenticate_by_id(admin_id, admin_password)
if (admin):
user.role = ROLE_USER
db.session.commit()
return cors_response(("User is no longer a moderator.", 200))
else:
return cors_response(("Unauthorized.", 403))
else:
return cors_response(("Bad Request.", 400))
else:
return cors_response(("User not found.", 404))
else:
pass
def hideCard(card_id):
if request.method == 'POST':
card = models.Card.query.get(int(card_id))
if card:
user_id = request.form.get('user_id')
if user_id:
user = models.User.query.get(int(user_id))
if user:
if card in user.cardsHidden:
user.cardsHidden.remove(card)
else:
user.cardsHidden.append(card)
db.session.commit()
return cors_response((jsonify(user.serialize), 200))
else:
return cors_response(("User not found.", 404))
else:
return cors_response(("Bad Request.", 400))
else:
return cors_response(("Card not found.", 404))
else:
pass
def setJoker(card_id):
if request.method == 'POST':
# Verify card existence:
card = models.Card.query.get(int(card_id))
if card:
# Get user that reported the card.
user_id = request.form.get('reporter_id')
if (user_id):
user = models.User.query.get(int(user_id))
if (user):
if card in user.jokers:
return cors_response(("User cannot report card again.", 403))
user.jokers.append(card)
# Decrease popularity and alert admins, mods
if card.popularity >= 5:
card.popularity -= 5
else:
card.popularity = 0
admins = models.User.query.filter_by(role=2).all()
# Append mods to admin list.
admins += models.User.query.filter_by(role=1).all()
for person in admins:
notification = models.Notification(from_id = user_id,
card_id = card_id,
content = "spotted a Joker on")
person.notifications.append(notification)
db.session.commit()
return cors_response((jsonify(card.serialize), 200))
else:
return cors_response(("User not found.", 404))
else:
return cors_response(("Bad Request.", 400))
else:
return cors_response(("Card not found.", 404))
else:
pass
def process_nickname(server, nickname):
if not getters.SERVERS.get(server):
return err('Unknown server')
profile = getters.getMojangProfile(nickname)
if not profile:
return err('No profile for nickname "%s"' % nickname, 404)
result = getters.getSkin(server, profile['id'],
request.args.get('recursive') == '')
if not result:
return err('No skin for nickname "%s"' % profile['name'], 404)
return cors_response(result['skin'], 200, {'Content-Type': 'image/png'}, {
'X-Nickname': profile['name'],
'X-Model': result['model']
})