class flagsaman(Resource):
decorators = [
limiter.limit("1/second;3/minute",
key_func=get_user_id_with_jwt,
methods=["POST"])
]
@jwt_required
def post(self, id):
parser = reqparse.RequestParser()
parser.add_argument('reason',
help='This field cannot be blank',
required=True)
data = parser.parse_args()
username = get_jwt_identity()
item = db.saman.find_one({"_id": id}, {'_id': 1, 'flaged_by': 1})
if (item == None):
return Response('404 Not Found', status=404)
if (username in item.get('flaged_by', {})):
return {"message": "Your have already flagged this object"}
try:
db.saman.update_one(
{'_id': id},
{'$set': {
'flaged_by': {
username: data['reason']
}
}})
return {"message": "Object flagged!"}
except Exception as e:
return {"message": "error occured while flagging"}
class listallsaman(Resource):
decorators = [
limiter.limit("5/second", methods=["GET"]),
]
def get(self):
total_saman = []
query = request.args.get('text', -1)
objType = request.args.get('type', -1)
limit = int(request.args.get('limit', -1))
to_get = {'_id': 1, 'images': 1, 'title': 1, 'type': 1, 'price': 1}
filterBy = {}
obj_Arr = []
if (objType != -1):
obj_Arr = objType.split(',')
filterBy['type'] = {'$in': obj_Arr}
if (query != -1):
to_get.update({'score': {'$meta': "textScore"}})
filterBy["$text"] = {"$search": query}
if (limit != -1):
saman_list = db.saman.find(
filterBy,
to_get,
).limit(limit)
else:
saman_list = db.saman.find(
filterBy,
to_get,
)
for i in saman_list:
total_saman.append(i)
return total_saman
class TokenRefresh(Resource):
decorators = [limiter.limit("5/second", methods=["POST"])]
@jwt_refresh_token_required
def post(self):
current_user = get_jwt_identity()
access_token = create_access_token(identity=current_user)
return {'access_token': access_token}
class UserProfile(Resource):
decorators = [limiter.limit("5/second")]
def get(self, username):
user = db.users.find_one({'username': username.lower()})
if (user != None):
del user['_id']
del user['password']
del user['phone']
return user
else:
return {'message': 'User does not exists'}
class User(Resource):
decorators = [limiter.limit("5/second", key_func=get_user_id_with_jwt)]
@jwt_required
def get(self):
username = get_jwt_identity()
user = db.users.find_one({'username': username})
if (user != None):
del user['_id']
del user['password']
return user
else:
return {'message': 'User does not exists'}
class UserLogin(Resource):
decorators = [limiter.limit("5/second")]
def post(self):
other_login = False
loginvia = request.args.get('use', '')
if loginvia.lower() == 'twq':
parser = reqparse.RequestParser()
parser.add_argument('response_qr',
help='This field cannot be blank',
required=True)
data = parser.parse_args()
user_got = twqgetUser(data['response_qr'])
if user_got is None or 'email' not in user_got:
return {'message': 'Invalid scopes or token'}
data['id'] = user_got['email']
other_login = True
else:
parser = reqparse.RequestParser()
parser.add_argument('id',
help='This field cannot be blank',
required=True)
parser.add_argument('password',
help='This field cannot be blank',
required=True)
data = parser.parse_args()
if '@' in data['id']:
user = db.users.find_one({'email': data['id'].lower()})
else:
user = db.users.find_one({'username': data['id'].lower()})
if (user):
if other_login or (user['password'] == data['password']
and user.get('isactive', False)):
access_token = create_access_token(identity=user['username'])
refresh_token = create_refresh_token(identity=user['username'])
return {
'message': 'Logging in User {}'.format(user['username']),
'name': user['name'],
'image': user['image'],
'username': user['username'],
'access_token': access_token,
'refresh_token': refresh_token
}
else:
return {'message': 'Invalid Credentials or account disabled'}
else:
return {'message': 'User does not exists'}
class UserProfileUpdate(Resource):
decorators = [
limiter.limit("1/second",
key_func=get_user_id_with_jwt,
methods=["POST"])
]
@jwt_required
def post(self):
_user = get_jwt_identity()
parser = reqparse.RequestParser()
parser.add_argument('name',
help='This field can be blank',
required=True)
parser.add_argument('about',
help='This field can be blank',
required=True)
parser.add_argument('phone',
help='This field can be blank',
required=True)
data = parser.parse_args()
_about = data['about']
_phone = data['phone']
_name = data['name']
query = {"username": _user}
values = {}
if (db.users.find_one(query)):
values['about'] = _about
values['phone'] = _phone
values['name'] = _name
query_update = {"$set": values}
try:
db.users.update_one(query, query_update)
return {"message": "Information updated successfully"}
except Exception as e:
print("could not able to update the info")
print("Exception", e)
return Response(
"{'message': 'Sorry due to some reason the information is not updated..!!'}",
status=500,
mimetype='application/json')
else:
return Response("{'message': 'User not exist'}",
status=404,
mimetype='application/json')
class userSaman(Resource):
decorators = [
limiter.limit("5/second", methods=["GET"]),
]
@jwt_required
def get(self):
user_saman = []
username = get_jwt_identity()
try:
query = {'username': username}
saman_list = db.saman.find(query)
except Exception as e:
return {
'message':
"error occured while loading, error is -> {} ".format(e)
}
for i in saman_list:
user_saman.append(i)
return user_saman
class GetAUTHID(Resource):
decorators = [limiter.limit("5/second")]
def get(self):
query = request.args.get('scopes')
if query is None:
return Response( 'Please pass scopes in query', status=400)
res = requests.get(
f'https://twowayqr.iamabhishek.live/auth-id?scopes={query}',
headers={ 'vendor-secret': TWQ_CODE}
)
try:
rjson = res.json()
except:
return Response("Some error occured", status=500)
if res.status_code != 200:
return Response(rjson, status=res.status_code)
else:
return {
"qr": rjson['qr'],
"token":rjson['token']
}
class ChangeProfilePic(Resource):
decorators = [
limiter.limit("5/minute",
key_func=get_user_id_with_jwt,
methods=["POST"])
]
@jwt_required
def post(self):
username = get_jwt_identity()
try:
_user = db.users.find_one({'username': username})
if (_user == None):
return Response("{'message': 'User not exist'}",
status=404,
mimetype='application/json')
img_rev = request.data.decode('ascii').split(',')[1]
image_data = bytes(img_rev, encoding="ascii")
im = Image.open(BytesIO(base64.b64decode(image_data)))
if (im.size != (400, 400)):
return Response("{'message': 'Invalid Size'}",
status=403,
mimetype='application/json')
tar_loc = f'{username}_{str(uuid.uuid4())}.jpg'
img_loc = f'{username}/{str(uuid.uuid4())}.jpg'
file_loc = os.path.join(os.getenv('FILES'), tar_loc)
im = im.convert("RGB")
im.save(file_loc)
FileManagement.upload(img_loc, file_loc)
FileManagement.delete(_user['image'])
db.users.update_one({'username': username},
{"$set": {
'image': img_loc
}})
os.remove(file_loc)
return {'message': 'Saved Successfully', 'image': img_loc}
except:
return Response("{'message': 'Invalid image'}",
status=403,
mimetype='application/json')
class UserVerify(Resource):
decorators = [limiter.limit("1/second", methods=["POST"])]
def post(self, username):
parser = reqparse.RequestParser()
parser.add_argument('token',
help='This field cannot be blank',
required=True)
data = parser.parse_args()
token = data['token']
token_rev = decode_token(token, allow_expired=False)
user = db.users.find_one({'username': username}, {
'_id': 1,
'email': 1,
'password': 1,
'username': 1,
'last_reset_request': 1,
'last_reset': 1
})
if (user == None):
return {'message': 'User does not exists'}
identity = token_rev['identity']
token = identity['token']
last_rest = user.get('last_reset', 0)
curr_time = user.get('last_reset_request', 0)
print(last_rest)
print(curr_time)
new_token = bytes(
username + user['password'] + str(last_rest) + str(curr_time),
'ascii')
new_token_en = sha256(new_token).hexdigest()
if (token != new_token_en):
return {'message': 'Invalid Token'}
curr_time = int(time.time())
toUpdate = {'last_reset': curr_time, 'isactive': True}
db.users.update_one({'username': username}, {"$set": toUpdate})
return {'message': 'Success', 'status': 200}
class addSaman(Resource):
decorators = [
limiter.limit("1/second; 10/minute",
key_func=get_user_id_with_jwt,
methods=["POST"])
]
@jwt_required
def post(self):
username = get_jwt_identity()
parser = reqparse.RequestParser()
parser.add_argument('title',
help='This field cannot be blank',
required=True)
parser.add_argument('price',
help='This field cannot be blank',
required=True)
parser.add_argument('image',
help='This field cannot be blank',
required=True)
parser.add_argument('type',
help='This field can be blank',
required=True)
parser.add_argument('description',
help='This field can be blank',
required=True)
parser.add_argument('phone',
help='This field can be blank',
required=True)
data = parser.parse_args()
post_id = str(uuid.uuid4())
data['_id'] = post_id
_user = db.users.find_one({'username': username})
if (_user == None):
return Response("{'message': 'User not exist'}",
status=404,
mimetype='application/json')
try:
img_rev = data['image'].split(',')[1]
image_data = bytes(img_rev, encoding="ascii")
im = Image.open(BytesIO(base64.b64decode(image_data)))
if (im.size[0] > 720 or im.size[1] > 720):
return Response("{'message': 'Invalid Size'}",
status=403,
mimetype='application/json')
tar_loc = f'{username}_{str(uuid.uuid4())}.jpg'
post_img_path = f'{username}/{post_id}/{str(uuid.uuid4())}.jpg'
file_loc = os.path.join(os.getenv('FILES'), tar_loc)
im = im.convert("RGB")
im.save(file_loc)
FileManagement.upload(post_img_path, file_loc)
data['images'] = post_img_path
data['username'] = username
del data['image']
os.remove(file_loc)
data['tags'] = getTags(post_img_path)
db.saman.insert_one(data)
return {
"message": "new post of saaman is created successfully..!!"
}
except:
return Response("{'message': 'Invalid image'}",
status=403,
mimetype='application/json')
class SingleSaman(Resource):
decorators = [
limiter.limit("5/second", methods=["GET"]),
limiter.limit("1/second;6/minute",
key_func=get_user_id_with_jwt,
methods=["POST"]),
limiter.limit("1/second;12/minute",
key_func=get_user_id_with_jwt,
methods=["DELETE"])
]
def get_identity_if_logedin(self):
try:
verify_jwt_in_request_optional()
return get_jwt_identity()
except Exception:
# this handles if the access tocken is wrong or expired, hence have to handle:-
pass
def get(self, id):
logged_user = self.get_identity_if_logedin()
item = db.saman.find_one({"_id": id})
if (item == None):
return Response(
'404 Not Found',
status=404,
)
item['moneytized'] = 'priced'
if (int(item['price']) == 0):
item['moneytized'] = 'free'
# handline if user is loggedin or not to show phone number:-
if logged_user == None:
item["phone"] = "xxxxxxxxxx"
return item
@jwt_required
def post(self, id):
username = get_jwt_identity()
parser = reqparse.RequestParser()
parser.add_argument('title',
help='This field cannot be blank',
required=True)
parser.add_argument('price',
help='This field cannot be blank',
required=True)
#parser.add_argument('image', help = 'This field cannot be blank', required = False)
parser.add_argument('type',
help='This field can be blank',
required=True)
parser.add_argument('description',
help='This field can be blank',
required=True)
parser.add_argument('phone',
help='This field can be blank',
required=True)
data = parser.parse_args()
query = {'username': username, "_id": id}
data['type'] = data['type'].lower()
if (db.saman.find_one(query)):
query_update = {"$set": data}
try:
db.saman.update_one(query, query_update)
return {
"message": "Information of your saman updated successfully"
}
except Exception as e:
print("could not able to update the info of saaman")
print("Exception", e)
return Response(
"{'message': 'Sorry due to some reason the information of your saman is not updated..!!'}",
status=504,
mimetype='application/json')
else:
return Response("{'message': 'You cannot edit this saman'}",
status=403,
mimetype='application/json')
@jwt_required
def delete(self, id):
username = get_jwt_identity()
query = {'username': username, "_id": id}
item = db.saman.find_one(query)
if (item == None):
return {'message': 'You cannot edit this saman'}
try:
FileManagement.delete(item['images'])
db.saman.delete_one(query)
return {
"message":
"Your saaman's post has been deleted successfully..!!"
}
except Exception as e:
return {
"message":
"Post is not deleted successfully, error is -> {} ".format(e)
}
class UserRegistration(Resource):
decorators = [limiter.limit("5/second")]
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('username',
help='This field cannot be blank',
required=True)
parser.add_argument('name',
help='This field cannot be blank',
required=True)
parser.add_argument('email',
help='This field cannot be blank',
required=True)
parser.add_argument('password',
help='This field cannot be blank',
required=True)
parser.add_argument('phone_number',
help='This field cannot be blank',
required=True)
data = parser.parse_args()
username = data['username'].lower()
email = data['email'].lower()
password = data['password']
name = data['name']
phone_number = data['phone_number']
if ((username.isalnum() == False) or (len(email) <= 15)
or (email[-15:] != '@iitjammu.ac.in')
or (phone_number.isnumeric() == False)
or int(phone_number) < 6000000000
or int(phone_number) > 9999999999):
return {'message': 'invalid params'}
if (db.users.find_one({'email': email})
or db.users.find_one({'username': username})):
return {'message': 'User already exists'}
img_loc = f'{username}/{str(uuid.uuid4())}.jpg'
user = {
'username': username,
'name': name,
'email': email,
'password': password,
'phone': phone_number,
'image': img_loc,
'about': "My text by default",
'isactive': False,
'last_reset_request': int(time.time()),
'last_reset': int(time.time())
}
try:
db.users.insert(user)
except:
return {'message': "Some Error"}
else:
def_img = os.path.join(os.getenv('FILES'), 'user.jpg')
FileManagement.upload(img_loc, def_img)
tok_pre = bytes(
username + user['password'] + str(user['last_reset']) +
str(user['last_reset_request']), 'ascii')
tok_pre_en = sha256(tok_pre).hexdigest()
identity = {'username': username, 'token': tok_pre_en}
# disabled email feature because of send-grid limitations
# You can turn it on
"""
tok_final = create_access_token(identity = identity, expires_delta= timedelta(minutes= 5))
token_url = os.getenv('FRONTEND') + f'/verify/{username}/{tok_final}'
resp = render_template('verify.html', user_name = username, token = token_url)
sg = sendgrid.SendGridAPIClient(api_key=os.environ.get('SENDGRID_API_KEY'))
from_email = Email("*****@*****.**")
to_email = To(user['email'])
subject = "Welcome to Requip"
content = Content("text/html", resp)
mail = Mail(from_email, to_email, subject, content)
response = sg.client.mail.send.post(request_body=mail.get())
"""
return {
'message': 'User {} is created'.format(data['username']),
'username': f"{data['username']}"
}
class UserReset(Resource):
decorators = [
limiter.limit("1/second", methods=["GET"]),
limiter.limit("1/second", methods=["POST"])
]
def get(self, username):
username = username.lower()
user = db.users.find_one({'username': username}, {
'_id': 1,
'email': 1,
'password': 1,
'username': 1,
'last_reset_request': 1,
'last_reset': 1
})
if (user == None):
return {'message': 'User does not exists'}
last_req = user.get('last_reset_request', 0)
last_rest = user.get('last_reset', 0)
curr_time = int(time.time())
if ((curr_time - last_req) < 300):
return {'message': 'Please wait 5 min before making request again'}
db.users.update_one({'username': username},
{"$set": {
'last_reset_request': curr_time
}})
tok_pre = bytes(
username + user['password'] + str(last_rest) + str(curr_time),
'ascii')
tok_pre_en = sha256(tok_pre).hexdigest()
identity = {'username': username, 'token': tok_pre_en}
# disabled email feature because of send-grid limitations
"""
tok_final = create_access_token(identity = identity, expires_delta= timedelta(minutes= 5))
token_url = os.getenv('FRONTEND') + f'/reset/{username}/{tok_final}'
resp = render_template('forget.html', user_name = username, token = token_url)
sg = sendgrid.SendGridAPIClient(api_key=os.environ.get('SENDGRID_API_KEY'))
from_email = Email("*****@*****.**")
to_email = To(user['email'])
subject = "Reset Requip Password"
content = Content("text/html", resp)
mail = Mail(from_email, to_email, subject, content)
response = sg.client.mail.send.post(request_body=mail.get())
print(response)
"""
return {'message': 'Email Sent'}
def post(self, username):
parser = reqparse.RequestParser()
parser.add_argument('token',
help='This field cannot be blank',
required=True)
parser.add_argument('password',
help='This field cannot be blank',
required=True)
data = parser.parse_args()
password = data.get('password', None)
token = data['token']
token_rev = decode_token(token, allow_expired=False)
user = db.users.find_one({'username': username}, {
'_id': 1,
'email': 1,
'password': 1,
'username': 1,
'last_reset_request': 1,
'last_reset': 1
})
if (user == None):
return {'message': 'User does not exists'}
identity = token_rev['identity']
token = identity['token']
last_rest = user.get('last_reset', 0)
curr_time = user.get('last_reset_request', 0)
new_token = bytes(
username + user['password'] + str(last_rest) + str(curr_time),
'ascii')
new_token_en = sha256(new_token).hexdigest()
if (token != new_token_en):
return {'message': 'Invalid Token'}
curr_time = int(time.time())
toUpdate = {'last_reset': curr_time, 'isactive': True}
toUpdate['password'] = password
db.users.update_one({'username': username}, {"$set": toUpdate})
return {'message': 'Success', 'status': 200}