def referral_create(): if not use_referrals: return bad_request(web_utils.NOT_AVAILABLE) recipient, api_key, err_response = auth_request_get_single_param( db, "recipient") if err_response: return err_response if not utils.is_email(recipient): return bad_request(web_utils.INVALID_EMAIL) recipient = recipient.lower() user = User.from_email(db.session, recipient) if user: time.sleep(5) return bad_request(web_utils.USER_EXISTS) reward_sender_type = app.config["REFERRAL_REWARD_TYPE_SENDER"] reward_sender = app.config["REFERRAL_REWARD_SENDER"] reward_recipient_type = app.config["REFERRAL_REWARD_TYPE_RECIPIENT"] reward_recipient = app.config["REFERRAL_REWARD_RECIPIENT"] recipient_min_spend = app.config["REFERRAL_RECIPIENT_MIN_SPEND"] ref = Referral(api_key.user, recipient, reward_sender_type, reward_sender, reward_recipient_type, reward_recipient, recipient_min_spend) utils.email_referral(logger, ref) db.session.add(ref) db.session.commit() return 'ok'
def user_register(): content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params(content, [ "email", "password", "first_name", "last_name", "mobile_number", "address", "photo", "photo_type" ]) if err_response: return err_response email, password, first_name, last_name, mobile_number, address, photo, photo_type = params if not utils.is_email(email): return bad_request(web_utils.INVALID_EMAIL) email = email.lower() if not password: return bad_request(web_utils.EMPTY_PASSWORD) if photo and len(photo) > 50000: return bad_request(web_utils.PHOTO_DATA_LARGE) req = UserCreateRequest(first_name, last_name, email, mobile_number, address, photo, photo_type, encrypt_password(password)) user = User.from_email(db.session, email) if user: time.sleep(5) return bad_request(web_utils.USER_EXISTS) utils.email_user_create_request(logger, req, req.MINUTES_EXPIRY) db.session.add(req) db.session.commit() return 'ok'
def api_key_create(): content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params( content, ["email", "password", "device_name"]) if err_response: return err_response email, password, device_name = params if not email: return bad_request(web_utils.INVALID_EMAIL) email = email.lower() user = User.from_email(db.session, email) if not user: time.sleep(5) return bad_request(web_utils.AUTH_FAILED) if not flask_security.verify_password(password, user.password): time.sleep(5) return bad_request(web_utils.AUTH_FAILED) api_key = ApiKey(user, device_name) for name in Permission.PERMS_ALL: perm = Permission.from_name(db.session, name) api_key.permissions.append(perm) db.session.add(api_key) db.session.commit() return jsonify( dict(token=api_key.token, secret=api_key.secret, device_name=api_key.device_name, expiry=api_key.expiry))
def transaction_info(): token, api_key, err_response = auth_request_get_single_param(db, "token") if err_response: return err_response tx = PayDbTransaction.from_token(db.session, token) if not tx: return bad_request(web_utils.INVALID_TX) if tx.sender != api_key.user and tx.recipient != api_key.user: return bad_request(web_utils.UNAUTHORIZED) return jsonify(dict(tx=tx.to_json()))
def user_transactions(): params, api_key, err_response = auth_request_get_params(db, ["offset", "limit"]) if err_response: return err_response offset, limit = params if limit > 1000: return bad_request(web_utils.LIMIT_TOO_LARGE) if not api_key.has_permission(Permission.PERMISSION_HISTORY): return bad_request(web_utils.UNAUTHORIZED) txs = PayDbTransaction.related_to_user(db.session, api_key.user, offset, limit) txs = [tx.to_json() for tx in txs] return jsonify(dict(txs=txs))
def referral_remind(): if not use_referrals: return bad_request(web_utils.NOT_AVAILABLE) token, api_key, err_response = auth_request_get_single_param(db, "token") if err_response: return err_response ref = Referral.from_token_user(db.session, token, api_key.user) if not ref: return bad_request(web_utils.NOT_FOUND) if ref.status != ref.STATUS_CREATED: return bad_request(web_utils.NOT_FOUND) utils.email_referral(logger, ref) return 'ok'
def tx_status(): content = request.get_json(force=True) if content is None: return bad_request("failed to decode JSON object") params, err_response = get_json_params(content, ["txid"]) if err_response: return err_response txid, = params dbtx = WavesTx.from_txid(db.session, txid) if not dbtx: return bad_request('tx not found', 404) tx = dbtx.tx_with_sigs() return jsonify(dict(txid=txid, state=dbtx.state, tx=tx))
def tx_serialize(): content = request.get_json(force=True) if content is None: return bad_request("failed to decode JSON object") params, err_response = get_json_params(content, ["tx"]) if err_response: return err_response tx, = params if not "type" in tx: return bad_request("tx does not contain 'type' field") tx_serialized = tx_utils.tx_serialize(tx) res = {"bytes": base64.b64encode(tx_serialized).decode("utf-8", "ignore")} return jsonify(res)
def user_info(): email, api_key, err_response = auth_request_get_single_param(db, "email") if err_response: return err_response if not email: email = api_key.user.email else: email = email.lower() user = User.from_email(db.session, email) if not user: time.sleep(5) return bad_request(web_utils.AUTH_FAILED) if user == api_key.user: balance = paydb_core.user_balance(db.session, api_key) roles = [role.name for role in api_key.user.roles] perms = [perm.name for perm in api_key.permissions] return jsonify( dict(email=user.email, balance=balance, photo=user.photo, photo_type=user.photo_type, roles=roles, permissions=perms)) return jsonify( dict(email=user.email, balance=-1, photo=user.photo, photo_type=user.photo_type, roles=[], permissions=[]))
def user_update_email(): email, api_key, err_response = auth_request_get_single_param(db, "email") if err_response: return err_response if not email: return bad_request(web_utils.INVALID_EMAIL) email = email.lower() user = User.from_email(db.session, email) if user: time.sleep(5) return bad_request(web_utils.USER_EXISTS) req = UserUpdateEmailRequest(api_key.user, email) utils.email_user_update_email_request(logger, req, req.MINUTES_EXPIRY) db.session.add(req) db.session.commit() return 'ok'
def referral_validate(): if not use_referrals: return bad_request(web_utils.NOT_AVAILABLE) token, api_key, err_response = auth_request_get_single_param(db, "token") if err_response: return err_response if not api_key.user.has_role( Role.ROLE_ADMIN) and not api_key.user.has_role( Role.ROLE_REFERRAL_CLAIMER): return bad_request(web_utils.UNAUTHORIZED) ref = Referral.from_token(db.session, token) if not ref: return bad_request(web_utils.NOT_FOUND) if ref.status != ref.STATUS_CREATED: return bad_request(web_utils.NOT_FOUND) return jsonify(dict(referral=ref.to_json()))
def push_notifications_register(): content = request.get_json(force=True) if content is None: return bad_request("failed to decode JSON object") params, err_response = get_json_params(content, ["registration_token"]) if err_response: return err_response registration_token, = params latitude, longitude = get_json_params_optional(content, ["latitude", "longitude"]) topics = Topic.topic_list(db.session) fcm.subscribe_to_topics(registration_token, topics) if latitude and longitude: latitude = float(latitude) longitude = float(longitude) push_location = PushNotificationLocation.from_token( db.session, registration_token) if push_location: push_location.update(latitude, longitude) else: push_location = PushNotificationLocation(registration_token, latitude, longitude) db.session.add(push_location) db.session.commit() return jsonify(dict(result="ok"))
def tx_signature(): content = request.get_json(force=True) if content is None: return bad_request("failed to decode JSON object") params, err_response = get_json_params(content, ["txid", "signer_index", "signature"]) if err_response: return err_response txid, signer_index, signature = params dbtx = WavesTx.from_txid(db.session, txid) if not dbtx: return bad_request('tx not found', 404) logger.info(":: adding sig to tx - %s, %d, %s", txid, signer_index, signature) sig = WavesTxSig(dbtx, signer_index, signature) db.session.add(sig) db.session.commit() tx = dbtx.tx_with_sigs() return jsonify(dict(txid=txid, state=dbtx.state, tx=tx))
def referral_claim(): if not use_referrals: return bad_request(web_utils.NOT_AVAILABLE) token, api_key, err_response = auth_request_get_single_param(db, "token") if err_response: return err_response if not api_key.user.has_role( Role.ROLE_ADMIN) and not api_key.user.has_role( Role.ROLE_REFERRAL_CLAIMER): return bad_request(web_utils.UNAUTHORIZED) ref = Referral.from_token(db.session, token) if not ref: return bad_request(web_utils.NOT_FOUND) if ref.status != ref.STATUS_CREATED: return bad_request(web_utils.NOT_FOUND) # send referral rewards category = Category.from_name(db.session, Category.CATEGORY_REFERRAL) if not category: return bad_request(web_utils.INVALID_CATEGORY) if ref.reward_sender <= 0: return bad_request(web_utils.INVALID_AMOUNT) if ref.reward_recipient_type == ref.REWARD_TYPE_FIXED and ref.reward_recipient <= 0: return bad_request(web_utils.INVALID_AMOUNT) reason = f'{ref.token}: reward for referral' _reward_create(api_key.user, reason, category, ref.recipient, ref.reward_sender, 'Thank you for referring a friend') if ref.reward_recipient_type == ref.REWARD_TYPE_FIXED: _reward_create(api_key.user, reason, category, ref.recipient, ref.reward_recipient, 'Thank you for using our service') ref.status = ref.STATUS_CLAIMED db.session.add(ref) db.session.commit() return jsonify(dict(referral=ref.to_json()))
def referral_list(): if not use_referrals: return bad_request(web_utils.NOT_AVAILABLE) api_key, err_response = auth_request(db) if err_response: return err_response refs = Referral.from_user(db.session, api_key.user) refs = [ref.to_json() for ref in refs] return jsonify(dict(referrals=refs))
def tx_broadcast(): content = request.get_json(force=True) if content is None: return bad_request("failed to decode JSON object") params, err_response = get_json_params(content, ["txid"]) if err_response: return err_response txid, = params error, dbtx, tx = _tx_broadcast(txid) return jsonify(dict(txid=txid, state=dbtx.state, tx=tx, error=error))
def api_key_claim(): content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params(content, ["token"]) if err_response: return err_response token, = params req = ApiKeyRequest.from_token(db.session, token) if not token: time.sleep(5) return bad_request(web_utils.NOT_FOUND) req = ApiKeyRequest.from_token(db.session, token) if not req.created_api_key: time.sleep(5) return bad_request(web_utils.NOT_CREATED) api_key = req.created_api_key db.session.delete(req) db.session.commit() return jsonify(dict(token=api_key.token, secret=api_key.secret, device_name=api_key.device_name, expiry=api_key.expiry))
def api_key_request(): content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params(content, ["email", "device_name"]) if err_response: return err_response email, device_name = params if not email: return bad_request(web_utils.INVALID_EMAIL) email = email.lower() user = User.from_email(db.session, email) if not user: req = ApiKeyRequest(user, device_name) return jsonify(dict(token=req.token)) req = ApiKeyRequest(user, device_name) utils.email_api_key_request(logger, req, req.MINUTES_EXPIRY) db.session.add(req) db.session.commit() return jsonify(dict(token=req.token))
def user_update_photo(): sig = request_get_signature() content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params( content, ["api_key", "nonce", "photo", "photo_type"]) if err_response: return err_response api_key, nonce, photo, photo_type = params res, reason, api_key = check_auth(db.session, api_key, nonce, sig, request.data) if not res: return bad_request(reason) user = api_key.user user.photo = photo user.photo_type = photo_type db.session.add(user) db.session.commit() return jsonify(dict(photo=user.photo, photo_type=user.photo_type))
def reward_categories(): sig = request_get_signature() content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params(content, ["api_key", "nonce"]) if err_response: return err_response api_key, nonce = params res, auth_fail_reason, api_key = check_auth(db.session, api_key, nonce, sig, request.data) if not res: return bad_request(auth_fail_reason) if not api_key.user.has_role( Role.ROLE_ADMIN) and not api_key.user.has_role( Role.ROLE_AUTHORIZER): return bad_request(web_utils.UNAUTHORIZED) # pylint: disable=no-member cats = db.session.query(Category).all() cats = [cat.name for cat in cats] return jsonify(dict(categories=cats))
def transaction_create(): sig = request_get_signature() content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params( content, ["api_key", "nonce", "action", "recipient", "amount", "attachment"]) if err_response: return err_response api_key, nonce, action, recipient, amount, attachment = params res, reason, api_key = check_auth(db.session, api_key, nonce, sig, request.data) if not res: return bad_request(reason) tx, error = paydb_core.tx_create_and_play(db.session, api_key, action, recipient, amount, attachment) if not tx: return bad_request(error) tx_event(tx) return jsonify(dict(tx=tx.to_json()))
def transaction_create(): params, api_key, err_response = auth_request_get_params(db, ["action", "recipient", "amount", "attachment"]) if err_response: return err_response action, recipient, amount, attachment = params if recipient: recipient = recipient.lower() tx, error = paydb_core.tx_create_and_play(db.session, api_key, action, recipient, amount, attachment) if not tx: return bad_request(error) tx_event(tx) return jsonify(dict(tx=tx.to_json()))
def user_transactions(): sig = request_get_signature() content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params( content, ["api_key", "nonce", "offset", "limit"]) if err_response: return err_response api_key, nonce, offset, limit = params if limit > 1000: return bad_request(web_utils.LIMIT_TOO_LARGE) res, reason, api_key = check_auth(db.session, api_key, nonce, sig, request.data) if not res: return bad_request(reason) if not api_key.has_permission(Permission.PERMISSION_HISTORY): return bad_request(web_utils.UNAUTHORIZED) txs = PayDbTransaction.related_to_user(db.session, api_key.user, offset, limit) txs = [tx.to_json() for tx in txs] return jsonify(dict(txs=txs))
def reward_create(): sig = request_get_signature() content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params(content, [ "api_key", "nonce", "reason", "category", "recipient", "amount", "message" ]) if err_response: return err_response api_key, nonce, reason, category, recipient, amount, message = params res, auth_fail_reason, api_key = check_auth(db.session, api_key, nonce, sig, request.data) if not res: return bad_request(auth_fail_reason) if not api_key.user.has_role( Role.ROLE_ADMIN) and not api_key.user.has_role( Role.ROLE_AUTHORIZER): return bad_request(web_utils.UNAUTHORIZED) cat = Category.from_name(db.session, category) if not cat: return bad_request(web_utils.INVALID_CATEGORY) if amount <= 0: return bad_request(web_utils.INVALID_AMOUNT) proposal, payment = _reward_create(api_key.user, reason, cat, recipient, amount, message) db.session.commit() return jsonify( dict(proposal=dict(reason=reason, category=category, status=proposal.status, payment=dict(amount=amount, email=payment.email, mobile=payment.mobile, address=payment.recipient, message=message, status=payment.status))))
def user_update_password(): sig = request_get_signature() content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params( content, ["api_key", "nonce", "current_password", "new_password"]) if err_response: return err_response api_key, nonce, current_password, new_password = params res, reason, api_key = check_auth(db.session, api_key, nonce, sig, request.data) if not res: return bad_request(reason) user = api_key.user verified_password = verify_password(current_password, user.password) if not verified_password: return bad_request(web_utils.INCORRECT_PASSWORD) ### set the new_password: user.password = encrypt_password(new_password) db.session.add(user) db.session.commit() return 'password changed.'
def tx_broadcast(): content = request.get_json(force=True) if content is None: return bad_request("failed to decode JSON object") params, err_response = get_json_params(content, ["txid"]) if err_response: return err_response txid, = params dbtx = WavesTx.from_txid(db.session, txid) if not dbtx: return bad_request('tx not found', 404) tx = dbtx.tx_with_sigs() error = "" # broadcast transaction try: dbtx = tx_utils.broadcast_transaction(db.session, dbtx.txid) db.session.add(dbtx) db.session.commit() except OtherError as ex: error = ex.message if hasattr(ex, 'data'): error = "{} - {}".format(ex.message, ex.data) return jsonify(dict(txid=txid, state=dbtx.state, tx=tx, error=error))
def user_update_password(): params, api_key, err_response = auth_request_get_params(db, ["current_password", "new_password"]) if err_response: return err_response current_password, new_password = params user = api_key.user verified_password = verify_password(current_password, user.password) if not verified_password: return bad_request(web_utils.INCORRECT_PASSWORD) ### set the new_password: user.password = encrypt_password(new_password) db.session.add(user) db.session.commit() return 'password changed.'
def _tx_broadcast(txid): dbtx = WavesTx.from_txid(db.session, txid) if not dbtx: return bad_request('tx not found', 404) tx = dbtx.tx_with_sigs() error = "" # broadcast transaction try: dbtx = tx_utils.broadcast_transaction(db.session, dbtx.txid) db.session.add(dbtx) db.session.commit() except OtherError as ex: error = ex.message if hasattr(ex, 'data'): error = "{} - {}".format(ex.message, ex.data) return error, dbtx, tx
def referral_config(): if not use_referrals: return bad_request(web_utils.NOT_AVAILABLE) _, err_response = auth_request(db) if err_response: return err_response reward_sender_type = app.config["REFERRAL_REWARD_TYPE_SENDER"] reward_sender = app.config["REFERRAL_REWARD_SENDER"] reward_recipient_type = app.config["REFERRAL_REWARD_TYPE_RECIPIENT"] reward_recipient = app.config["REFERRAL_REWARD_RECIPIENT"] recipient_min_spend = app.config["REFERRAL_RECIPIENT_MIN_SPEND"] spend_asset = app.config["REFERRAL_SPEND_ASSET"] return jsonify( dict(reward_sender_type=reward_sender_type, reward_sender=reward_sender, reward_recipient_type=reward_recipient_type, reward_recipient=reward_recipient, recipient_min_spend=recipient_min_spend, spend_asset=spend_asset))
def user_update_email_confirm(token=None): req = UserUpdateEmailRequest.from_token(db.session, token) if not req: flash('User update email request not found.', 'danger') return redirect('/') now = datetime.datetime.now() if now > req.expiry: flash('User update email request expired.', 'danger') return redirect('/') user = User.from_email(db.session, req.email) if user: time.sleep(5) return bad_request(web_utils.USER_EXISTS) user = req.user user.email = req.email db.session.add(user) db.session.delete(req) db.session.commit() flash('User email updated.', 'success') return redirect('/')