def login():
body = request.get_json(force=True)
username = body.get('username')
password = body.get('password')
errors = {}
if not (username and len(username.strip()) > 0):
errors['username'] = '******'
if not (password and len(password.strip()) > 0):
errors['password'] = '******'
if len(errors):
return jsonify({'errors': errors}), 400
username = username.lower().strip()
user = db.query(User).filter(User.username == username).first()
if not user:
return jsonify({'error': 'incorrect username or password'}), 401
if not user.is_correct_password(password):
return jsonify({'error': 'incorrect username or password'}), 401
token = jwt.encode({'user_id': user.id}, JWT_SECRET).decode('utf-8')
return jsonify({'token': token})
def inner(*args, **kwargs):
comment = db.query(Comment).filter(
Comment.id == kwargs.get('id')).first()
if comment and comment.author_id != g.user.id:
abort(403)
return func(*args, **kwargs)
def update_comment(id):
body = request.get_json(force=True)
update = CommentSchema().load(body)
updated = db.query(Comment).filter(
Comment.id == id, Comment.author_id == g.user.id).update(update)
db.commit()
return jsonify({'success': True if updated else False})
def update_post(id):
body = request.get_json(force=True)
update = PostSchema(only=['title', 'body']).load(body)
updated = db.query(Post).filter(Post.id == id,
Post.author_id == g.user.id).update(update)
db.commit()
return jsonify({'success': True if updated else False})
def register():
body = request.get_json(force=True)
data = UserSchema().load(body)
username_taken = db.query(User).filter(
User.username == data['username']).first()
if username_taken:
return jsonify({'errors': {'username': '******'}})
user = User(**data)
db.add(user)
db.commit()
token = jwt.encode({'user_id': user.id}, JWT_SECRET).decode('utf-8')
return jsonify({'token': token})
def inner(*args, **kwargs):
token = request.headers.get('Authorization')
if not token:
abort(401)
try:
payload = jwt.decode(token, JWT_SECRET)
except jwt.exceptions.InvalidSignatureError:
abort(401)
user = db.query(
User.id,
User.username).filter(User.id == payload['user_id']).first()
if not user:
abort(401)
g.user = user
return func(*args, **kwargs)
def get_all_users():
users = db.query(User).all()
users[98]
return jsonify(UserSchema().dump(users, many=True))
def delete_comment(id):
deleted = db.query(Comment).filter(
Comment.id == id, Comment.author_id == g.user.id).delete()
db.commit()
return jsonify({'success': True if deleted else False})
def inner(*args, **kwargs):
post = db.query(Post).filter(Post.id == kwargs.get('id')).first()
if post and post.author_id != g.user.id:
abort(403)
return func(*args, **kwargs)
def get_post_comments(id):
comments = db.query(Comment).filter(Comment.post_id == id).all()
return jsonify(CommentSchema().dump(comments, many=True))
def get_post(id):
post = db.query(Post).filter(Post.id == id).first()
if not post:
return jsonify({'error': 'Post not found'}), 404
return jsonify(PostSchema().dump(post))
def get_all_posts():
posts = db.query(Post).all()
return jsonify(PostSchema().dump(posts, many=True))
