def edit(note_id):
note = Note.query.filter_by(id=note_id).first()
if isinstance(note, NoneType) or current_user.id != note.id_user:
flash('This note does not exists !', 'warning')
return redirect(url_for('index'))
form = NoteForm(obj=note)
if form.validate_on_submit():
edit_date = datetime.now()
# update note in postgresql
note.title = form.title.data
note.content = form.content.data
note.is_public = form.is_public.data
note.edit_date = edit_date
db.session.commit()
# update note in redis
redis_client.hmset(
note_id, {
'title': form.title.data,
'content': form.content.data,
'is_public': str(form.is_public.data),
'edit_date': str(edit_date)
})
flash('Your note has been updated !', 'success')
return redirect(url_for('index'))
return render_template('note_form.html', title='Update a note', form=form)
def index():
notes = None
if current_user.is_authenticated:
if not redis_client.exists(f'{current_user.id}:notes_id'):
notes = current_user.notes.order_by(Note.edit_date.desc())
if notes.count() != 0:
for note in notes:
note_dict = NoteConverter.note_to_dict(note)
redis_client.lpush(f'{current_user.id}:notes_id',
note_dict['id'])
redis_client.hmset(note_dict['id'], note_dict)
flash('Your notes where loaded from postgresql !', 'info')
else:
notes = None
else:
notes = []
count = 0
while count < redis_client.llen(f'{current_user.id}:notes_id'):
note_id = redis_client.lindex(f'{current_user.id}:notes_id',
count)
notes.append(
NoteConverter.dict_to_note(redis_client.hgetall(note_id)))
count += 1
flash('Your notes where loaded from redis !', 'info')
return render_template("index.html", title='Your notes', notes=notes)
def test():
id = request.args.get('id')
name = request.args.get('name')
age = request.args.get('age')
dic = {
'age': age,
'name': name,
'id': id,
'address': {
"1": 1,
"province": 13,
"city": 3
}
}
redis_client.hmset('user_info', dic)
re = redis_client.hmget('user_info', 'name', 'age')
all = redis_client.hgetall('user_info')
print(all)
return jsonify(data=all)
def attack():
global authentication_request_count
if not request.json or not 'user' in request.json or not 'password' in request.json or not 'metadata' in request.json:
abort(400)
dict = flatten_request(request)
if authentication_request_count == 1000:
authentication_request_count = 0
try:
password_match = False
blocked = False
with sql.connect(LEGITIMATE_DATABASE) as con:
cur = con.cursor()
user = request.json['user']
password = request.json['password']
cur.execute(
"SELECT rowid from USER where name = ? and password = ?",
(user, password))
data = cur.fetchone()
if data is not None:
password_match = True
bvalue = blacklist(dict)
wvalue = whitelist(dict)
if (bvalue > wvalue):
dict['authenticated'] = 0
blocked = True
else:
if password_match:
dict['authenticated'] = 1
else:
dict['authenticated'] = 0
redis_client.hmset("authentication:" +
str(authentication_request_count),
mapping=dict)
authentication_request_count += 1
if dict['authenticated'] == 1:
return jsonify({"Authentication": True}), 200
elif blocked == True:
return jsonify({"Authentication": "Blocked"}), 401
except Exception as e:
print(e)
return jsonify({"Authentication": False}), 401
def new():
form = NoteForm()
if form.validate_on_submit():
note = Note(title=form.title.data,
content=form.content.data,
creation_date=datetime.now(),
edit_date=datetime.now(),
author=current_user,
is_public=form.is_public.data,
uuid=uuid.uuid4())
# insert into postgresql
db.session.add(note)
db.session.flush()
# get id of inserted note
db.session.refresh(note)
db.session.commit()
# insert into redis
redis_client.lpush('notes_id', note.id)
redis_client.hmset(note.id, NoteConverter.note_to_dict(note))
flash('Your note has been created !', 'success')
return redirect(url_for('index'))
return render_template('note_form.html', title='New note', form=form)