def check_admin(token):
db = get_db()
admin = pickle.loads(base64.b64decode(token))
admin_vals = db.execute(
"SELECT username, password FROM user WHERE username = '******'"
).fetchone()
return admin.name == "admin" and admin.password == admin_vals[1]
def user_list():
db = get_db()
users = rows_to_dict(
db.execute("SELECT id, username FROM user").fetchall())
response = jsonify(users)
response.headers['Access-Control-Allow-Credentials'] = "true"
return response
def post_list():
db = get_db()
posts = db.execute("SELECT p.id, title, body, created, author_id, username"
" FROM post p JOIN user u ON p.author_id = u.id"
" ORDER BY created DESC").fetchall()
response = jsonify(rows_to_dict(posts))
response.headers['Access-Control-Allow-Credentials'] = "true"
return response
def check_auth(token):
db = get_db()
user = pickle.loads(base64.b64decode(token))
try:
user_vals = db.execute(
"SELECT username, password FROM user WHERE id = ?",
(user.id, )).fetchone()
except Exception as e:
return (False, f"Invalid token, the object {user} is invalid.")
return (user.name == user_vals[0]
and user.password == user_vals[1], "Invalid token.")
def user_detail(id):
db = get_db()
user = db.execute("SELECT username FROM user WHERE id = ?",
(id, )).fetchone()
if user is None:
raise Error("No user with that ID", status_code=404)
if request.method == 'DELETE':
db.execute("DELETE FROM user WHERE id = ?", (id, ))
db.commit()
response = jsonify(dict(user))
response.headers['Access-Control-Allow-Credentials'] = "true"
return response
def comment_list():
db = get_db()
if "post_id" in request.args:
comments = db.execute(
"SELECT c.id, post_id, c.author_id, c.created, c.body, username"
" FROM comment c JOIN user u ON c.author_id = u.id"
" WHERE post_id = ?"
" ORDER BY c.created ASC", (request.args['post_id'], )).fetchall()
else:
comments = db.execute(
"SELECT c.id, post_id, c.author_id, c.created, c.body, username"
" FROM comment c JOIN user u ON c.author_id = u.id"
" ORDER BY c.created ASC").fetchall()
response = jsonify(rows_to_dict(comments))
response.headers['Access-Control-Allow-Credentials'] = "true"
return response
def post_detail(id):
db = get_db()
post = db.execute(
"SELECT p.id, title, body, created, author_id, username"
" FROM post p JOIN user u ON p.author_id = u.id"
" WHERE p.id = ?", (id, )).fetchone()
if post is None:
raise Error("No post with that ID", status_code=404)
if request.method == 'DELETE':
db.execute("DELETE FROM post WHERE id = ?", (id, ))
db.commit()
response = jsonify(dict(post))
response.headers['Access-Control-Allow-Credentials'] = "true"
return response
def comment_detail(id):
db = get_db()
comment = db.execute(
"SELECT c.id, post_id, c.author_id, c.created, c.body, username"
" FROM comment c JOIN post p ON c.post_id = p.id"
" JOIN user u ON c.author_id = u.id"
" WHERE c.id = ?", (id, )).fetchone()
if comment is None:
raise Error("No comment with that ID", status_code=404)
if request.method == 'DELETE':
db.execute("DELETE FROM comment WHERE id = ?", (id, ))
db.commit()
response = jsonify(dict(comment))
response.headers['Access-Control-Allow-Credentials'] = "true"
return response
def comment_create():
body = request.form['body']
post = request.form['post_id']
author = request.form['username']
error = None
if not body:
error = "Content is required."
if error is None:
db = get_db()
author_id = db.execute("SELECT id FROM user WHERE username = ?",
(author, )).fetchone()[0]
db.execute(
"INSERT INTO comment (body, author_id, post_id) VALUES (?, ?, ?)",
(body, author_id, post))
db.commit()
comment_id = db.execute("SELECT max(id) FROM comment").fetchone()[0]
return comment_detail(comment_id)
raise Error(error, status_code=400)
def login():
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
user = db.execute("SELECT * FROM user WHERE username = ?",
(username, )).fetchone()
if user is None or not check_password_hash(user['password'], password):
error = "Incorrect username or password."
if error is None:
token = base64.b64encode(
pickle.dumps(
Token(user['id'], username, datetime.now(), user['password'])))
response = jsonify({"username": username})
response.set_cookie('token', token)
response.headers['Access-Control-Allow-Credentials'] = "true"
return response
raise Error(error)
def post_create():
body = request.form['body']
title = request.form['title']
author = request.form['author_id']
error = None
if not title:
error = "Title is required."
elif not body:
error = "Content is required."
if error is None:
db = get_db()
db.execute(
"INSERT INTO post (title, body, author_id) VALUES (?, ?, ?)",
(title, body, author))
db.commit()
response = make_response("Created", 201)
response.headers['Access-Control-Allow-Credentials'] = "true"
return response
raise Error(error, status_code=400)
def register():
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
if not username:
error = "Username is required."
elif not password:
error = "Password is required."
elif db.execute("SELECT id FROM user WHERE username = ?",
(username, )).fetchone() is not None:
error = f"{username} is already registered."
if error is None:
db.execute("INSERT INTO user (username, password) VALUES (?, ?)",
(username, generate_password_hash(password)))
db.commit()
response = make_response("Created", 201)
response.headers['Access-Control-Allow-Credentials'] = "true"
return response
raise Error(error)
