def db(app, request):
"""
Returns session-wide initialised database.
"""
_db.init_app(app)
with app.app_context():
_db.drop_all()
_db.create_all()
def create_app(configuration):
app = Flask(__name__)
app.config.from_object(config_by_name[configuration])
db.init_app(app)
api.init_app(app)
CORS(app)
return app
from flask import Flask
from __init__ import db, login_manager
from views import view
app = Flask(__name__)
# Routing
app.register_blueprint(view)
# Config
app.config['SQLALCHEMY_DATABASE_URI'] = 'postgresql://{username}:{password}@{host}:{port}/{database}'\
.format(
username='******',
password='******',
host='localhost',
port=5555,
database='postgres'
)
app.config['SECRET_KEY'] = 'cWNNnECxbA8aMra5'
# Initialize other components
db.init_app(app)
login_manager.init_app(app)
if __name__ == "__main__":
app.run(debug=True, host='0.0.0.0', port=8080)
from __init__ import db, app
db.init_app(app)
with app.app_context():
db.create_all()
def create_app(DOCKER=False, testing=TESTING):
app = Flask(__name__)
app.config.from_object(config)
if TESTING:
app.config.from_object(config_test)
if DOCKER:
app.config.from_object(config_docker)
db.app = app
db.init_app(app)
db.create_all()
CORS(app, resources={r"*": {"origins": "*"}})
@app.after_request
def after_request(response):
response.headers.add("Access-Control-allow-Origin", "*")
response.headers.add("Access-Control-allow-Headers",
"Content-Type,Autorization,true")
response.headers.add("Access-Control-allow-Methods",
"GET,PUT,POST,DELETE,OPTIONS")
db.session.rollback()
return response
@app.route('/r', methods=['GET'])
def raised():
# Testng the ability to raise custom responses
abort(make_response(jsonify({"sucess": True}), 200))
return jsonify({"success": False})
@app.route('/', methods=['GET'])
def home():
return render_template('pages/index.html')
@app.route('/add-product', methods=['GET'])
def add_product():
return render_template('pages/add_product.html')
@app.route('/add-image', methods=['GET'])
def add_image():
return render_template('pages/add_image.html')
@app.route('/cart', methods=['GET'])
def cart():
return render_template('pages/cart.html')
@app.route('/edit-product', methods=['GET'])
def edit_product():
return render_template('pages/edit_product.html')
@app.route('/login', methods=['GET'])
def login():
return render_template('pages/login.html')
@app.route('/manage-products', methods=['GET'])
def manage_products():
return render_template('pages/manage_products.html')
@app.route('/manage-images', methods=['GET'])
def manage_images():
return render_template('pages/manage_images.html')
@app.route('/product', methods=['GET'])
def product():
return render_template('pages/product.html')
@app.route('/signup', methods=['GET'])
def signup():
return render_template('pages/signup.html')
@app.route('/about', methods=['GET'])
def about():
return render_template('pages/about.html')
@app.route('/test', methods=['GET'])
def test_template():
return render_template('pages/test.html')
"""
1) "/clear_tables"-------->"GET" , "OPTIONS"
"""
@app.route("/clear_tables", methods=["GET"])
def clear_all_tables():
test_only()
db_drop_and_create_all()
"""
Tests: test_02_populate_test
"""
return jsonify({"success": True})
"""
2) "/populate" ->--------->"GET" , "OPTIONS"
"""
@app.route("/populate", methods=["GET"])
def populate_all_tables():
test_only()
#This endpoint will clear all the data in the database and
#populate with new data
try:
populate_tables()
return jsonify({"success": True})
except:
abort(422) #Unprocessible
"""
Tests: test_01_clear_tables
"""
"""
User endpoints:
post_users
delete users
login
"""
@app.route("/users/who", methods=["POST"])
def users_who():
#This endpoint will tell if the user should pass or not
#and if his token expired, it will refresh it
if "cantiin" not in request.cookies:
abort(401)
#Now the cookie exists
token = request.cookies["cantiin"]
#print(SECRET,flush=True)
#print(request.cookies,flush=True)
token_validation = validate_token(token=token, secret=SECRET)
#print(token_validation,flush=True)
#print("WHO: "+str(token_validation),flush=True)
if token_validation["case"] == 3:
abort(401)
if token_validation["case"] == 2:
res = jsonify({"success": True})
user_id = token_validation["payload"]["uid"]
res.set_cookie
response = auth_cookie_response(response={
"success": True,
"result": "refreshed expired token",
"user_id": user_id
},
user_id=user_id)
return response
else:
return jsonify({
"success": True,
"result": "user is logged in",
"user_id": token_validation["payload"]["uid"]
})
@app.route("/users", methods=["POST"])
def post_users():
#This endpoint will add a new user
try:
body = request.get_json()
except:
return my_error(
status=400,
description="request body can not be parsed to json")
try:
username = body.get("username", None)
password1 = body.get("password1", None)
password2 = body.get("password2", None)
except:
return my_error(status=400, description="there is no request body")
#Validating inputs one by one
username_validation = validate_must(input=username,
type="s",
input_name_string="username",
minimum=2,
maximum=150)
password1_validation = validate_must(input=password1,
type="s",
input_name_string="password1",
minimum=8,
maximum=150)
password2_validation = validate_must(input=password2,
type="s",
input_name_string="password2",
minimum=8,
maximum=150)
#Validating inputs a group
val_group = validate_must_group(
[username_validation, password1_validation, password2_validation])
#Now we will validate all inputs as a group
if val_group["case"] == True:
# Success: they pass the conditions
username, password1, password2 = val_group["result"]
else:
# Failure: Something went wrong
return val_group["result"]
#Now we have username, password1 and password2 as strings
#validate that the username has no white spaces
if " " in username:
return my_error(
status=422,
description="username can not contain white spaces")
#Validate that this username is unique
all_users = User.query.all()
all_names = [str(u.username) for u in all_users]
if username in all_names:
return my_error(status=422,
description="this username already exists")
#Validate that these passwords are not the same
if password1 != password2:
return my_error(status=422,
description="please enter the same password")
#Create the user
new_user = User(username=username, password=password1)
#Insert the user in the database
try:
new_user.insert()
response = auth_cookie_response(response={
"success": True,
"user": new_user.simple()
},
user_id=new_user.id)
return response
except Exception as e:
raise (e)
db.session.rollback()
abort(500)
@app.route("/users", methods=["DELETE"])
@requires_auth()
def delete_users(payload):
#This endpoint will delete an existing user
user_id = payload["uid"]
users_query = User.query
user_id_validation = validate_model_id(input_id=user_id,
model_query=users_query,
model_name_string="user")
if user_id_validation["case"] == 1:
#The user exists
user = user_id_validation["result"]
else:
#No user with this id, can not convert to int,
# or id is missing (Impossible)
return my_error(
status=user_id_validation["result"]["status"],
description=user_id_validation["result"]["description"])
#Now, we have "user", this is essential
try:
# Finally, deleting the user itself
user.delete()
r = jsonify({
"success": True,
"result": "user deleted successfully"
})
cookies = request.cookies
for co in cookies:
r.set_cookie(co, value="", expires=-50)
return r
#return jsonify({"success":True,
# "result":"user deleted successfully"})
except Exception as e:
raise (e)
db.session.rollback()
abort(500)
@app.route("/users/login", methods=["POST"])
def login_users():
#This endpoint will log the user in
try:
body = request.get_json()
except:
return my_error(
status=400,
description="request body can not be parsed to json")
try:
username = body.get("username", None)
password = body.get("password", None)
except:
return my_error(status=400, description="there is no request body")
#Validating inputs one by one
username_validation = validate_must(input=username,
type="s",
input_name_string="username",
minimum=2,
maximum=150)
password_validation = validate_must(input=password,
type="s",
input_name_string="password",
minimum=8,
maximum=150)
#Validating inputs a group
val_group = validate_must_group(
[username_validation, password_validation])
#Now we will validate all inputs as a group
if val_group["case"] == True:
# Success: they pass the conditions
username, password = val_group["result"]
else:
# Failure: Something went wrong
return val_group["result"]
#Now we have username, password and password2 as strings
users = User.query.all()
#Validate that this username and password are correct
all_users = User.query.all()
the_user_id = ""
for usr in all_users:
if (str(usr.username) == str(username)
and str(usr.password) == str(password)):
the_user_id = usr.id # Here we go the user id
break
if the_user_id == "":
return my_error(status=422,
description="wrong username or password")
#now we have the_user_id as integer
response = auth_cookie_response(response={
"success": True,
"result": "logged in successfully",
"user_id": the_user_id
},
user_id=the_user_id)
return response
#return jsonify()
@app.route("/users/logout", methods=["POST"])
def logout_users():
#This endpoint will log the user out
cookies = request.cookies
r = jsonify({"success": True, "result": "logged out successfully"})
for co in cookies:
r.set_cookie(co, value="", expires=-50)
return r
#return jsonify({"success":True,
# "result":"logged out successfully"})
@app.route("/users/login/test", methods=["POST"])
def login_test():
test_only()
#This endpoint will log the user in
response = auth_cookie_response(response={
"success": True,
"result": "logged in successfully",
"user_id": 1
},
user_id=1)
return response
@app.route("/users/login/expired", methods=["POST"])
def login_expired():
test_only()
#This endpoint will log the user in with expired token
res = jsonify({
"success": True,
"result": "setting expired token successfully"
})
expired_token = generate_token(user_id=1,
secret=SECRET,
expiration_delta=timedelta(days=-7),
issued_at=datetime.now())
res.set_cookie('cantiin',
value=expired_token["result"],
httponly=True,
samesite='Lax')
return res, 200
"""
3) and 4) Product endpoints
"""
@app.route("/products", methods=["GET"])
def get_products():
#print("Cookies: "+str(request.cookies),flush=True)
#This endpoint will return all the products
#recievng inputs:
#in_stock has a fall back value of True (The default)
in_stock = request.args.get('in_stock', True)
#in stock now has one of two values
#1) input value
#2) True (Fall back value)
#- I can not be equal to None at all
#- Even if equal to None, it will be rejected
in_stock_validation = validate_must(input=in_stock,
type="b",
input_name_string="in_stock")
#Now we will validate the in_stock input
if in_stock_validation["case"] == True:
# Success: True or false
in_stock = in_stock_validation["result"]
else:
# Failure: Can't convert to boolean or None (Impossible)
return in_stock_validation["result"]
#Now: There are 2 possibilties
#1) in_stock = True
#2) in_stock=False
#input now must have been converted to True or False
if in_stock == True:
products = get_in_stock_products()
else:
products = Product.query.order_by(Product.id).all()
to_return = [p.simple() for p in products]
return jsonify({"success": True, "products": to_return})
@app.route("/products", methods=["POST"])
@requires_auth()
def post_products(payload):
#This endpoint will add a new product
#print(payload,flush=True)
try:
body = request.get_json()
except:
return my_error(
status=400,
description="request body can not be parsed to json")
try:
name = body.get("name", None)
price = body.get("price", None)
in_stock = body.get("in_stock", None)
#seller_id = body.get("seller_id",None)
except:
return my_error(status=400, description="there is no request body")
#Validating inputs one by one
name_validation = validate_must(input=name,
type="s",
input_name_string="name",
minimum=3,
maximum=150)
price_validation = validate_must(input=price,
type="f",
input_name_string="price",
minimum=0.1,
maximum=1000000)
in_stock_validation = validate_must(input=in_stock,
type="b",
input_name_string="in_stock")
#seller_id_validation = validate_must(
# input=seller_id,type="i",input_name_string="seller_id",
# minimum=1,maximum=100000000000000000)
#Validating inputs a group
val_group = validate_must_group(
[name_validation, price_validation, in_stock_validation])
#Now we will validate all inputs as a group
if val_group["case"] == True:
# Success: they pass the conditions
name, price, in_stock = val_group["result"]
else:
# Failure: Something went wrong
return val_group["result"]
seller_id = payload["uid"]
users_query = User.query
user_id_validation = validate_model_id(input_id=seller_id,
model_query=users_query,
model_name_string="user")
if user_id_validation["case"] == 1:
#The user exists
seller = user_id_validation["result"]
else:
#No user with this id, can not convert to int,
# or id is missing
return my_error(
status=user_id_validation["result"]["status"],
description=user_id_validation["result"]["description"])
seller_id = seller.id
#Create the product
new_product = Product(name=name,
price=price,
seller_id=seller_id,
in_stock=in_stock)
#Insert the product in the database
try:
new_product.insert()
return jsonify({"success": True, "product": new_product.simple()})
except Exception as e:
db.session.rollback()
abort(500)
@app.route("/products/<int:product_id>", methods=["PUT"])
@requires_auth()
def edit_products(payload, product_id):
#This endpoint will add a new product
#This is the correct arrangement
#payload then product id
#the opposite will result in error
#print("product_id: "+str(product_id),flush=True)
#print("payload: "+str(payload),flush=True)
try:
body = request.get_json()
except:
return my_error(
status=400,
description="request body can not be parsed to json")
try:
name = body.get("name", None)
price = body.get("price", None)
in_stock = body.get("in_stock", None)
except:
return my_error(status=400, description="there is no request body")
#There can not be 0 fields to change
#There must be at least one input field
if (name == None and price == None and in_stock == None):
return my_error(status=400,
description="you must at least enter"
" one field to change")
products_query = Product.query
product_id_validation = validate_model_id(input_id=product_id,
model_query=products_query,
model_name_string="product")
if product_id_validation["case"] == 1:
#The product exists
product = product_id_validation["result"]
else:
#No product with this id, can not convert to int,
# or id is missing (Impossible)
return my_error(
status=product_id_validation["result"]["status"],
description=product_id_validation["result"]["description"])
#Now, we have "product", this is essential
#there will be no None
if name == None: name = product.name
if price == None: price = product.price
if in_stock == None: in_stock = product.in_stock
#Now there is no None
#There are default values
#This step can not change it's place because
#here we need default values
name_validation = validate_must(input=name,
type="s",
input_name_string="name",
minimum=3,
maximum=150)
price_validation = validate_must(input=price,
type="f",
input_name_string="price",
minimum=0.1,
maximum=1000000)
in_stock_validation = validate_must(input=in_stock,
type="b",
input_name_string="in_stock")
#seller_id_validation = validate_must(
# input=seller_id,type="i",input_name_string="seller_id",
# minimum=1,maximum=100000000000000000)
#seller_id can not change
val_group = validate_must_group(
[name_validation, price_validation, in_stock_validation])
#Now we will validate all inputs as a group
if val_group["case"] == True:
# Success: they pass the conditions
name, price, in_stock, = val_group["result"]
else:
# Failure: Something went wrong
return val_group["result"]
#Making sure that this user can change this product
if int(product.seller_id) != payload["uid"]:
return my_error(
status=403,
description="you can not change this product, because" +
" you are not the one who created it")
#Finally: applying changes
product.name = name
product.price = price
product.in_stock = in_stock
try:
product.update()
return jsonify({"success": True, "product": product.simple()})
except Exception as e:
db.session.rollback()
abort(500)
@app.route("/products/<int:product_id>", methods=["DELETE"])
@requires_auth()
def delete_products(payload, product_id):
#This endpoint will delete an existing product
products_query = Product.query
product_id_validation = validate_model_id(input_id=product_id,
model_query=products_query,
model_name_string="product")
if product_id_validation["case"] == 1:
#The product exists
product = product_id_validation["result"]
else:
#No product with this id, can not convert to int,
# or id is missing (Impossible)
return my_error(
status=product_id_validation["result"]["status"],
description=product_id_validation["result"]["description"])
#Now, we have "product", this is essential
#Making sure that this user can delete this product
if int(product.seller_id) != payload["uid"]:
return my_error(
status=403,
description="you can not delete this product, because" +
" you are not the one who created it")
try:
# Finally, deleting the product itself
product.delete()
return jsonify({
"success": True,
"result": "product deleted successfully"
})
except Exception as e:
db.session.rollback()
abort(500)
@app.route("/products/users", methods=["GET"])
@requires_auth()
def get_products_users(payload):
user_id = int(payload["uid"])
products = Product.query.filter(Product.seller_id == user_id).order_by(
Product.id).all()
to_return = [p.simple() for p in products]
return jsonify({"success": True, "products": to_return})
"""
5) and 6) Order endpoints
"""
@app.route("/orders", methods=["GET"])
@requires_auth()
def get_orders(payload):
#This endpoint will return all the orders
user_id = payload["uid"]
"""user_id_validation = validate_must(
input=user_id,type="i",input_name_string="user_id",
minimum=1,maximum=1000000000000000000000)
#Now we will validate the user_id input
if user_id_validation["case"] == True:
# Success: value is integer
user_id=user_id_validation["result"]
else:
# Failure: Can't convert to integer or None
return user_id_validation["result"]
#Now: There is only one possibility
#1) type(user_id) = int
#input now must have been converted to integer"""
#Filtering by user_id
orders = Order.query.filter(
Order.user_id == user_id).order_by("id").all()
to_return = [o.get_dict() for o in orders]
return jsonify({"success": True, "orders": to_return})
@app.route("/orders", methods=["POST"])
@requires_auth()
def post_orders(payload):
#This endpoint will add a new product
try:
body = request.get_json()
except:
return my_error(
status=400,
description="request body can not be parsed to json")
try:
#user_id = body.get("user_id",None)
product_id = body.get("product_id", None)
amount = body.get("amount", None)
except:
return my_error(status=400, description="there is no request body")
#Validating inputs one by one
#user_id_validation = validate_must(
# input=user_id,type="i",input_name_string="user_id",
# minimum=0,maximum=1000)
amount_validation = validate_must(input=amount,
type="i",
input_name_string="amount",
minimum=1,
maximum=1000000000)
#Validating inputs a group
val_group = validate_must_group([amount_validation])
#Now we will validate all inputs as a group
if val_group["case"] == True:
# Success: they pass the conditions
amount = val_group["result"][0]
else:
# Failure: Something went wrong
return val_group["result"]
#Now the inputs user_id and amount are validated
#Now we will validate product_id
products_query = Product.query
product_id_validation = validate_model_id(input_id=product_id,
model_query=products_query,
model_name_string="product")
if product_id_validation["case"] == 1:
#The product exists
product = product_id_validation["result"]
else:
#No product with this id, can not convert to int,
# or id is missing
return my_error(
status=product_id_validation["result"]["status"],
description=product_id_validation["result"]["description"])
product_id = product.id
#Now, we have "product_id", this is essential
user_id = payload["uid"]
#Create the Order
new_order = Order(user_id=user_id,
amount=amount,
product_id=product_id)
#Insert the order in the database
try:
new_order.insert()
return jsonify({"success": True, "order": new_order.get_dict()})
except Exception as e:
db.session.rollback()
abort(500)
@app.route("/orders/<int:order_id>", methods=["PUT"])
@requires_auth()
def edit_orders(payload, order_id):
#This endpoint will edit an exiting order
try:
body = request.get_json()
except:
return my_error(
status=400,
description="request body can not be parsed to json")
try:
amount = body.get("amount", None)
except:
return my_error(status=400, description="there is no request body")
#There can not be 0 fields to change
#There must be at least one input field
if (amount == None):
return my_error(status=400,
description="you must at least enter"
" one field to change")
#Validating inputs one by one
amount_validation = validate_must(input=amount,
type="i",
input_name_string="amount",
minimum=0,
maximum=1000000000)
#Now we will validate all inputs as a group
if amount_validation["case"] == True:
# Success: they pass the conditions
amount = amount_validation["result"]
else:
# Failure: Something went wrong
return amount_validation["result"]
#Now the inputs user_id and amount are validated
orders_query = Order.query
order_id_validation = validate_model_id(input_id=order_id,
model_query=orders_query,
model_name_string="order")
if order_id_validation["case"] == 1:
#The order exists
order = order_id_validation["result"]
else:
#No order with this id, can not convert to int,
# or id is missing (Impossible)
return my_error(
status=order_id_validation["result"]["status"],
description=order_id_validation["result"]["description"])
#Now, we have "order", this is essential
#Now we validate if the this user can edit the order
if int(order.user_id) != payload["uid"]:
return my_error(
status=403,
description="you can not edit this order, because" +
" you are not the one who created it")
#Finally: applying changes
order.amount = amount
if amount == 0:
try:
order.update()
return jsonify({
"success": True,
"result": "order" + " deleted successfully"
})
except Exception as e:
db.session.rollback()
abort(500)
try:
order.update()
return jsonify({"success": True, "order": order.get_dict()})
except Exception as e:
db.session.rollback()
abort(500)
@app.route("/orders/<int:order_id>", methods=["DELETE"])
@requires_auth()
def delete_orders(payload, order_id):
#This endpoint will delete an existing order
orders_query = Order.query
order_id_validation = validate_model_id(input_id=order_id,
model_query=orders_query,
model_name_string="order")
if order_id_validation["case"] == 1:
#The order exists
order = order_id_validation["result"]
else:
#No order with this id, can not convert to int,
# or id is missing (Impossible)
return my_error(
status=order_id_validation["result"]["status"],
description=order_id_validation["result"]["description"])
#Now, we have "order", this is essential
#Now we validate if the this user can delete the order
if int(order.user_id) != payload["uid"]:
return my_error(
status=403,
description="you can not delete this order, because" +
" you are not the one who created it")
try:
# Finally, deleting the order itself
order.delete()
return jsonify({
"success": True,
"result": "order deleted successfully"
})
except Exception as e:
db.session.rollback()
abort(500)
@app.errorhandler(400)
def bad_request(error):
return jsonify({
"success": False,
"error": 400,
"message": "bad request"
}), 400
@app.errorhandler(401)
def unauthorized(error):
return jsonify({
"success": False,
"error": 401,
"message": "unauthorized"
}), 401
@app.errorhandler(403)
def forbidden(error):
return jsonify({
"success": False,
"error": 403,
"message": "forbidden"
}), 403
@app.errorhandler(404)
def not_found(error):
return jsonify({
"success": False,
"error": 404,
"message": "not found"
}), 404
@app.errorhandler(405)
def method_not_allowed(error):
return jsonify({
"success": False,
"error": 405,
"message": "method not allowed"
}), 405
@app.errorhandler(422)
def unprocessible(error):
return jsonify({
"success": False,
"error": 422,
"message": "unprocessible"
}), 422
@app.errorhandler(500)
def internal_server_error(error):
return jsonify({
"success": False,
"error": 500,
"message": "internal server error"
}), 500
def test_only():
if testing == False:
abort(404)
return app
def create_app(DOCKER=False, testing=TESTING):
app = Flask(__name__)
app.config.from_object(config)
if TESTING:
app.config.from_object(config_test)
if DOCKER:
app.config.from_object(config_docker)
db.app = app
db.init_app(app)
db.create_all()
CORS(app, resources={r"*": {"origins": "*"}})
@app.after_request
def after_request(response):
response.headers.add("Access-Control-allow-Origin", "*")
response.headers.add("Access-Control-allow-Headers",
"*,Content-Type,true")
response.headers.add("Access-Control-allow-Methods",
"GET,PUT,POST,DELETE,OPTIONS")
response.headers.add("Access-Control-Expose-Headers",
"Authorization,Set-Cookie")
db.session.rollback()
return response
@app.route('/r', methods=['GET'])
def raised():
# Testng the ability to raise custom responses
abort(make_response(jsonify({"sucess": True}), 200))
return jsonify({"success": False})
"""
1) "/clear_tables"-------->"GET" , "OPTIONS"
"""
@app.route("/clear_tables", methods=["GET"])
def clear_all_tables():
test_only()
db_drop_and_create_all()
"""
Tests: test_02_populate_test
"""
return jsonify({"success": True})
"""
2) "/populate" ->--------->"GET" , "OPTIONS"
"""
@app.route("/populate", methods=["GET"])
def populate_all_tables():
test_only()
#This endpoint will clear all the data in the database and
#populate with new data
try:
populate_tables()
return jsonify({"success": True})
except:
abort(422) #Unprocessible
"""
Tests: test_01_clear_tables
"""
"""
User endpoints:
post_users
delete users
login
"""
@app.route("/users/who", methods=["POST"])
def users_who():
#This endpoint will tell if the user should pass or not
#and if his token expired, it will refresh it
the_401_error = jsonify({
"error": 401,
"message": "unauthorized",
"success": False
})
the_401_error.headers.add("Authorization", "")
if "Authorization" not in request.headers:
return the_401_error, 401
#Now the cookie exists
token = request.headers["Authorization"]
#print(SECRET,flush=True)
#print(request.cookies,flush=True)
token_validation = validate_token(token=token, secret=SECRET)
#print(token_validation,flush=True)
#print("WHO: "+str(token_validation),flush=True)
if token_validation["case"] == 3:
return the_401_error, 401
if token_validation["case"] == 2:
res = jsonify({"success": True})
user_id = token_validation["payload"]["uid"]
response = auth_cookie_response(response={
"success": True,
"result": "refreshed expired token",
"user_id": user_id
},
user_id=user_id)
return response
else:
res = jsonify({
"success": True,
"result": "user is logged in",
"user_id": token_validation["payload"]["uid"]
})
res.headers.add("Authorization", token)
return res
@app.route("/users", methods=["POST"])
@validate()
def post_users(body: UserPost):
#This endpoint will add a new user
username = body.username
password = body.password1
#return jsonify({"success":True,
#"username":username,"password":password
#})
#Create the user
new_user = User(username=username, password=password)
#Insert the user in the database
try:
new_user.insert()
response = auth_cookie_response(response={
"success": True,
"user": new_user.simple()
},
user_id=new_user.id)
return response
except Exception as e:
raise (e)
abort(500)
@app.route("/users", methods=["DELETE"])
@requires_auth()
def delete_users(payload):
#This endpoint will delete an existing user
user_id = payload["uid"]
users_query = User.query
user_id_validation = validate_model_id(input_id=user_id,
model_query=users_query,
model_name_string="user")
if user_id_validation["case"] == 1:
#The user exists
user = user_id_validation["result"]
else:
#No user with this id, can not convert to int,
# or id is missing (Impossible)
return my_error(
status=user_id_validation["result"]["status"],
description=user_id_validation["result"]["description"])
#Now, we have "user", this is essential
try:
# Finally, deleting the user itself
user.delete()
r = jsonify({
"success": True,
"result": "user deleted successfully"
})
cookies = request.cookies
for co in cookies:
r.set_cookie(co, value="", expires=-50)
return r
#return jsonify({"success":True,
# "result":"user deleted successfully"})
except Exception as e:
raise (e)
db.session.rollback()
abort(500)
@app.route("/users/login", methods=["POST"])
@validate()
def login_users(body: UserLogin):
#This endpoint will log the user in
the_user_id = body.password
response = auth_cookie_response(response={
"success": True,
"result": "logged in successfully",
"user_id": the_user_id
},
user_id=the_user_id)
return response
@app.route("/users/logout", methods=["POST"])
def logout_users():
#This endpoint will log the user out
cookies = request.cookies
r = jsonify({"success": True, "result": "logged out successfully"})
r.headers.add("Authorization", "")
return r
@app.route("/users/login/test", methods=["POST"])
def login_test():
test_only()
#This endpoint will log the user in
response = auth_cookie_response_new(response={
"success": True,
"result": "logged in successfully",
"user_id": 1
},
user_id=1)
return response
@app.route("/users/login/expired", methods=["POST"])
def login_expired():
test_only()
#This endpoint will log the user in with expired token
res = jsonify({
"success": True,
"result": "setting expired token successfully"
})
expired_token = generate_token(user_id=1,
secret=SECRET,
expiration_delta=timedelta(days=-7),
issued_at=datetime.now())
res.headers.add('Authorization', expired_token["result"])
return res, 200
@app.errorhandler(400)
def bad_request(error):
return jsonify({
"success": False,
"error": 400,
"message": "bad request"
}), 400
@app.errorhandler(401)
def unauthorized(error):
return jsonify({
"success": False,
"error": 401,
"message": "unauthorized"
}), 401
@app.errorhandler(403)
def forbidden(error):
return jsonify({
"success": False,
"error": 403,
"message": "forbidden"
}), 403
@app.errorhandler(404)
def not_found(error):
return jsonify({
"success": False,
"error": 404,
"message": "not found"
}), 404
@app.errorhandler(405)
def method_not_allowed(error):
return jsonify({
"success": False,
"error": 405,
"message": "method not allowed"
}), 405
@app.errorhandler(422)
def unprocessible(error):
return jsonify({
"success": False,
"error": 422,
"message": "unprocessible"
}), 422
@app.errorhandler(500)
def internal_server_error(error):
return jsonify({
"success": False,
"error": 500,
"message": "internal server error"
}), 500
def test_only():
if testing == False:
abort(404)
return app