示例#1
0
class flagsaman(Resource):
    decorators = [
        limiter.limit("1/second;3/minute",
                      key_func=get_user_id_with_jwt,
                      methods=["POST"])
    ]

    @jwt_required
    def post(self, id):
        parser = reqparse.RequestParser()
        parser.add_argument('reason',
                            help='This field cannot be blank',
                            required=True)
        data = parser.parse_args()
        username = get_jwt_identity()
        item = db.saman.find_one({"_id": id}, {'_id': 1, 'flaged_by': 1})
        if (item == None):
            return Response('404 Not Found', status=404)
        if (username in item.get('flaged_by', {})):
            return {"message": "Your have already flagged this object"}
        try:
            db.saman.update_one(
                {'_id': id},
                {'$set': {
                    'flaged_by': {
                        username: data['reason']
                    }
                }})
            return {"message": "Object flagged!"}
        except Exception as e:
            return {"message": "error occured while flagging"}
示例#2
0
class listallsaman(Resource):
    decorators = [
        limiter.limit("5/second", methods=["GET"]),
    ]

    def get(self):
        total_saman = []
        query = request.args.get('text', -1)
        objType = request.args.get('type', -1)
        limit = int(request.args.get('limit', -1))
        to_get = {'_id': 1, 'images': 1, 'title': 1, 'type': 1, 'price': 1}
        filterBy = {}
        obj_Arr = []
        if (objType != -1):
            obj_Arr = objType.split(',')
        filterBy['type'] = {'$in': obj_Arr}
        if (query != -1):
            to_get.update({'score': {'$meta': "textScore"}})
            filterBy["$text"] = {"$search": query}

        if (limit != -1):
            saman_list = db.saman.find(
                filterBy,
                to_get,
            ).limit(limit)
        else:
            saman_list = db.saman.find(
                filterBy,
                to_get,
            )
        for i in saman_list:
            total_saman.append(i)
        return total_saman
示例#3
0
class TokenRefresh(Resource):
    decorators = [limiter.limit("5/second", methods=["POST"])]

    @jwt_refresh_token_required
    def post(self):
        current_user = get_jwt_identity()
        access_token = create_access_token(identity=current_user)
        return {'access_token': access_token}
示例#4
0
class UserProfile(Resource):
    decorators = [limiter.limit("5/second")]

    def get(self, username):
        user = db.users.find_one({'username': username.lower()})
        if (user != None):
            del user['_id']
            del user['password']
            del user['phone']
            return user
        else:
            return {'message': 'User does not exists'}
示例#5
0
class User(Resource):
    decorators = [limiter.limit("5/second", key_func=get_user_id_with_jwt)]

    @jwt_required
    def get(self):
        username = get_jwt_identity()
        user = db.users.find_one({'username': username})
        if (user != None):
            del user['_id']
            del user['password']
            return user
        else:
            return {'message': 'User does not exists'}
示例#6
0
class UserLogin(Resource):
    decorators = [limiter.limit("5/second")]

    def post(self):
        other_login = False
        loginvia = request.args.get('use', '')

        if loginvia.lower() == 'twq':
            parser = reqparse.RequestParser()
            parser.add_argument('response_qr',
                                help='This field cannot be blank',
                                required=True)
            data = parser.parse_args()
            user_got = twqgetUser(data['response_qr'])
            if user_got is None or 'email' not in user_got:
                return {'message': 'Invalid scopes or token'}
            data['id'] = user_got['email']
            other_login = True
        else:
            parser = reqparse.RequestParser()
            parser.add_argument('id',
                                help='This field cannot be blank',
                                required=True)
            parser.add_argument('password',
                                help='This field cannot be blank',
                                required=True)
            data = parser.parse_args()

        if '@' in data['id']:
            user = db.users.find_one({'email': data['id'].lower()})
        else:
            user = db.users.find_one({'username': data['id'].lower()})
        if (user):
            if other_login or (user['password'] == data['password']
                               and user.get('isactive', False)):
                access_token = create_access_token(identity=user['username'])
                refresh_token = create_refresh_token(identity=user['username'])
                return {
                    'message': 'Logging in User {}'.format(user['username']),
                    'name': user['name'],
                    'image': user['image'],
                    'username': user['username'],
                    'access_token': access_token,
                    'refresh_token': refresh_token
                }
            else:
                return {'message': 'Invalid Credentials or account disabled'}
        else:
            return {'message': 'User does not exists'}
示例#7
0
class UserProfileUpdate(Resource):
    decorators = [
        limiter.limit("1/second",
                      key_func=get_user_id_with_jwt,
                      methods=["POST"])
    ]

    @jwt_required
    def post(self):
        _user = get_jwt_identity()
        parser = reqparse.RequestParser()
        parser.add_argument('name',
                            help='This field can be blank',
                            required=True)
        parser.add_argument('about',
                            help='This field can be blank',
                            required=True)
        parser.add_argument('phone',
                            help='This field can be blank',
                            required=True)
        data = parser.parse_args()
        _about = data['about']
        _phone = data['phone']
        _name = data['name']
        query = {"username": _user}
        values = {}
        if (db.users.find_one(query)):
            values['about'] = _about
            values['phone'] = _phone
            values['name'] = _name
            query_update = {"$set": values}
            try:
                db.users.update_one(query, query_update)
                return {"message": "Information updated successfully"}
            except Exception as e:
                print("could not able to update the info")
                print("Exception", e)
                return Response(
                    "{'message': 'Sorry due to some reason the information is not updated..!!'}",
                    status=500,
                    mimetype='application/json')
        else:
            return Response("{'message': 'User not exist'}",
                            status=404,
                            mimetype='application/json')
示例#8
0
class userSaman(Resource):
    decorators = [
        limiter.limit("5/second", methods=["GET"]),
    ]

    @jwt_required
    def get(self):
        user_saman = []
        username = get_jwt_identity()
        try:
            query = {'username': username}
            saman_list = db.saman.find(query)
        except Exception as e:
            return {
                'message':
                "error occured while loading, error is -> {} ".format(e)
            }
        for i in saman_list:
            user_saman.append(i)
        return user_saman
示例#9
0
class GetAUTHID(Resource):
    decorators = [limiter.limit("5/second")]
    def get(self):
        query = request.args.get('scopes')
        if query is None:
            return Response( 'Please pass scopes in query', status=400)
        res = requests.get(
            f'https://twowayqr.iamabhishek.live/auth-id?scopes={query}',
            headers={ 'vendor-secret': TWQ_CODE}
        )
        try:
            rjson = res.json()
        except:
            return Response("Some error occured", status=500) 
        if res.status_code != 200:
            return Response(rjson, status=res.status_code)
        else:
            return {
                "qr": rjson['qr'],
                "token":rjson['token']
            }
示例#10
0
class ChangeProfilePic(Resource):
    decorators = [
        limiter.limit("5/minute",
                      key_func=get_user_id_with_jwt,
                      methods=["POST"])
    ]

    @jwt_required
    def post(self):
        username = get_jwt_identity()
        try:
            _user = db.users.find_one({'username': username})
            if (_user == None):
                return Response("{'message': 'User not exist'}",
                                status=404,
                                mimetype='application/json')
            img_rev = request.data.decode('ascii').split(',')[1]
            image_data = bytes(img_rev, encoding="ascii")
            im = Image.open(BytesIO(base64.b64decode(image_data)))
            if (im.size != (400, 400)):
                return Response("{'message': 'Invalid Size'}",
                                status=403,
                                mimetype='application/json')
            tar_loc = f'{username}_{str(uuid.uuid4())}.jpg'
            img_loc = f'{username}/{str(uuid.uuid4())}.jpg'
            file_loc = os.path.join(os.getenv('FILES'), tar_loc)
            im = im.convert("RGB")
            im.save(file_loc)
            FileManagement.upload(img_loc, file_loc)
            FileManagement.delete(_user['image'])
            db.users.update_one({'username': username},
                                {"$set": {
                                    'image': img_loc
                                }})
            os.remove(file_loc)
            return {'message': 'Saved Successfully', 'image': img_loc}
        except:
            return Response("{'message': 'Invalid image'}",
                            status=403,
                            mimetype='application/json')
示例#11
0
class UserVerify(Resource):
    decorators = [limiter.limit("1/second", methods=["POST"])]

    def post(self, username):
        parser = reqparse.RequestParser()
        parser.add_argument('token',
                            help='This field cannot be blank',
                            required=True)
        data = parser.parse_args()
        token = data['token']
        token_rev = decode_token(token, allow_expired=False)
        user = db.users.find_one({'username': username}, {
            '_id': 1,
            'email': 1,
            'password': 1,
            'username': 1,
            'last_reset_request': 1,
            'last_reset': 1
        })
        if (user == None):
            return {'message': 'User does not exists'}
        identity = token_rev['identity']
        token = identity['token']
        last_rest = user.get('last_reset', 0)
        curr_time = user.get('last_reset_request', 0)
        print(last_rest)
        print(curr_time)
        new_token = bytes(
            username + user['password'] + str(last_rest) + str(curr_time),
            'ascii')
        new_token_en = sha256(new_token).hexdigest()
        if (token != new_token_en):
            return {'message': 'Invalid Token'}
        curr_time = int(time.time())
        toUpdate = {'last_reset': curr_time, 'isactive': True}
        db.users.update_one({'username': username}, {"$set": toUpdate})
        return {'message': 'Success', 'status': 200}
示例#12
0
class addSaman(Resource):
    decorators = [
        limiter.limit("1/second; 10/minute",
                      key_func=get_user_id_with_jwt,
                      methods=["POST"])
    ]

    @jwt_required
    def post(self):
        username = get_jwt_identity()
        parser = reqparse.RequestParser()
        parser.add_argument('title',
                            help='This field cannot be blank',
                            required=True)
        parser.add_argument('price',
                            help='This field cannot be blank',
                            required=True)
        parser.add_argument('image',
                            help='This field cannot be blank',
                            required=True)
        parser.add_argument('type',
                            help='This field can be blank',
                            required=True)
        parser.add_argument('description',
                            help='This field can be blank',
                            required=True)
        parser.add_argument('phone',
                            help='This field can be blank',
                            required=True)
        data = parser.parse_args()
        post_id = str(uuid.uuid4())
        data['_id'] = post_id
        _user = db.users.find_one({'username': username})
        if (_user == None):
            return Response("{'message': 'User not exist'}",
                            status=404,
                            mimetype='application/json')
        try:
            img_rev = data['image'].split(',')[1]
            image_data = bytes(img_rev, encoding="ascii")
            im = Image.open(BytesIO(base64.b64decode(image_data)))
            if (im.size[0] > 720 or im.size[1] > 720):
                return Response("{'message': 'Invalid Size'}",
                                status=403,
                                mimetype='application/json')
            tar_loc = f'{username}_{str(uuid.uuid4())}.jpg'
            post_img_path = f'{username}/{post_id}/{str(uuid.uuid4())}.jpg'
            file_loc = os.path.join(os.getenv('FILES'), tar_loc)
            im = im.convert("RGB")
            im.save(file_loc)
            FileManagement.upload(post_img_path, file_loc)
            data['images'] = post_img_path
            data['username'] = username
            del data['image']
            os.remove(file_loc)
            data['tags'] = getTags(post_img_path)
            db.saman.insert_one(data)
            return {
                "message": "new post of saaman is created successfully..!!"
            }
        except:
            return Response("{'message': 'Invalid image'}",
                            status=403,
                            mimetype='application/json')
示例#13
0
class SingleSaman(Resource):
    decorators = [
        limiter.limit("5/second", methods=["GET"]),
        limiter.limit("1/second;6/minute",
                      key_func=get_user_id_with_jwt,
                      methods=["POST"]),
        limiter.limit("1/second;12/minute",
                      key_func=get_user_id_with_jwt,
                      methods=["DELETE"])
    ]

    def get_identity_if_logedin(self):
        try:
            verify_jwt_in_request_optional()
            return get_jwt_identity()
        except Exception:
            # this handles if the access tocken is wrong or expired, hence have to handle:-
            pass

    def get(self, id):
        logged_user = self.get_identity_if_logedin()
        item = db.saman.find_one({"_id": id})
        if (item == None):
            return Response(
                '404 Not Found',
                status=404,
            )
        item['moneytized'] = 'priced'
        if (int(item['price']) == 0):
            item['moneytized'] = 'free'
        # handline if user is loggedin or not to show phone number:-
        if logged_user == None:
            item["phone"] = "xxxxxxxxxx"
        return item

    @jwt_required
    def post(self, id):
        username = get_jwt_identity()
        parser = reqparse.RequestParser()
        parser.add_argument('title',
                            help='This field cannot be blank',
                            required=True)
        parser.add_argument('price',
                            help='This field cannot be blank',
                            required=True)
        #parser.add_argument('image', help = 'This field cannot be blank', required = False)
        parser.add_argument('type',
                            help='This field can be blank',
                            required=True)
        parser.add_argument('description',
                            help='This field can be blank',
                            required=True)
        parser.add_argument('phone',
                            help='This field can be blank',
                            required=True)
        data = parser.parse_args()
        query = {'username': username, "_id": id}
        data['type'] = data['type'].lower()
        if (db.saman.find_one(query)):
            query_update = {"$set": data}
            try:
                db.saman.update_one(query, query_update)
                return {
                    "message": "Information of your saman updated successfully"
                }
            except Exception as e:
                print("could not able to update the info of saaman")
                print("Exception", e)
                return Response(
                    "{'message': 'Sorry due to some reason the information of your saman is not updated..!!'}",
                    status=504,
                    mimetype='application/json')
        else:
            return Response("{'message': 'You cannot edit this saman'}",
                            status=403,
                            mimetype='application/json')

    @jwt_required
    def delete(self, id):
        username = get_jwt_identity()
        query = {'username': username, "_id": id}
        item = db.saman.find_one(query)
        if (item == None):
            return {'message': 'You cannot edit this saman'}
        try:
            FileManagement.delete(item['images'])
            db.saman.delete_one(query)
            return {
                "message":
                "Your saaman's post has been deleted successfully..!!"
            }
        except Exception as e:
            return {
                "message":
                "Post is not deleted successfully, error is -> {} ".format(e)
            }
示例#14
0
class UserRegistration(Resource):
    decorators = [limiter.limit("5/second")]

    def post(self):
        parser = reqparse.RequestParser()
        parser.add_argument('username',
                            help='This field cannot be blank',
                            required=True)
        parser.add_argument('name',
                            help='This field cannot be blank',
                            required=True)
        parser.add_argument('email',
                            help='This field cannot be blank',
                            required=True)
        parser.add_argument('password',
                            help='This field cannot be blank',
                            required=True)
        parser.add_argument('phone_number',
                            help='This field cannot be blank',
                            required=True)
        data = parser.parse_args()
        username = data['username'].lower()
        email = data['email'].lower()
        password = data['password']
        name = data['name']
        phone_number = data['phone_number']
        if ((username.isalnum() == False) or (len(email) <= 15)
                or (email[-15:] != '@iitjammu.ac.in')
                or (phone_number.isnumeric() == False)
                or int(phone_number) < 6000000000
                or int(phone_number) > 9999999999):
            return {'message': 'invalid params'}
        if (db.users.find_one({'email': email})
                or db.users.find_one({'username': username})):
            return {'message': 'User already exists'}
        img_loc = f'{username}/{str(uuid.uuid4())}.jpg'
        user = {
            'username': username,
            'name': name,
            'email': email,
            'password': password,
            'phone': phone_number,
            'image': img_loc,
            'about': "My text by default",
            'isactive': False,
            'last_reset_request': int(time.time()),
            'last_reset': int(time.time())
        }
        try:
            db.users.insert(user)
        except:
            return {'message': "Some Error"}
        else:
            def_img = os.path.join(os.getenv('FILES'), 'user.jpg')
            FileManagement.upload(img_loc, def_img)
            tok_pre = bytes(
                username + user['password'] + str(user['last_reset']) +
                str(user['last_reset_request']), 'ascii')
            tok_pre_en = sha256(tok_pre).hexdigest()
            identity = {'username': username, 'token': tok_pre_en}
            # disabled email feature because of send-grid limitations
            # You can turn it on
            """
            tok_final = create_access_token(identity = identity, expires_delta= timedelta(minutes= 5))
            token_url = os.getenv('FRONTEND') + f'/verify/{username}/{tok_final}'
            resp = render_template('verify.html', user_name = username, token = token_url)
            sg = sendgrid.SendGridAPIClient(api_key=os.environ.get('SENDGRID_API_KEY'))
            from_email = Email("*****@*****.**")
            to_email = To(user['email'])
            subject = "Welcome to Requip"
            content = Content("text/html", resp)
            mail = Mail(from_email, to_email, subject, content)
            response = sg.client.mail.send.post(request_body=mail.get())
            """
            return {
                'message': 'User {} is created'.format(data['username']),
                'username': f"{data['username']}"
            }
示例#15
0
class UserReset(Resource):
    decorators = [
        limiter.limit("1/second", methods=["GET"]),
        limiter.limit("1/second", methods=["POST"])
    ]

    def get(self, username):
        username = username.lower()
        user = db.users.find_one({'username': username}, {
            '_id': 1,
            'email': 1,
            'password': 1,
            'username': 1,
            'last_reset_request': 1,
            'last_reset': 1
        })
        if (user == None):
            return {'message': 'User does not exists'}
        last_req = user.get('last_reset_request', 0)
        last_rest = user.get('last_reset', 0)
        curr_time = int(time.time())
        if ((curr_time - last_req) < 300):
            return {'message': 'Please wait 5 min before making request again'}
        db.users.update_one({'username': username},
                            {"$set": {
                                'last_reset_request': curr_time
                            }})
        tok_pre = bytes(
            username + user['password'] + str(last_rest) + str(curr_time),
            'ascii')
        tok_pre_en = sha256(tok_pre).hexdigest()
        identity = {'username': username, 'token': tok_pre_en}
        # disabled email feature because of send-grid limitations
        """
        tok_final = create_access_token(identity = identity, expires_delta= timedelta(minutes= 5))
        token_url = os.getenv('FRONTEND') + f'/reset/{username}/{tok_final}'
        resp = render_template('forget.html', user_name = username, token = token_url)
        sg = sendgrid.SendGridAPIClient(api_key=os.environ.get('SENDGRID_API_KEY'))
        from_email = Email("*****@*****.**")
        to_email = To(user['email'])
        subject = "Reset Requip Password"
        content = Content("text/html", resp)
        mail = Mail(from_email, to_email, subject, content)
        response = sg.client.mail.send.post(request_body=mail.get())
        print(response)
        """
        return {'message': 'Email Sent'}

    def post(self, username):
        parser = reqparse.RequestParser()
        parser.add_argument('token',
                            help='This field cannot be blank',
                            required=True)
        parser.add_argument('password',
                            help='This field cannot be blank',
                            required=True)
        data = parser.parse_args()
        password = data.get('password', None)
        token = data['token']
        token_rev = decode_token(token, allow_expired=False)
        user = db.users.find_one({'username': username}, {
            '_id': 1,
            'email': 1,
            'password': 1,
            'username': 1,
            'last_reset_request': 1,
            'last_reset': 1
        })
        if (user == None):
            return {'message': 'User does not exists'}
        identity = token_rev['identity']
        token = identity['token']
        last_rest = user.get('last_reset', 0)
        curr_time = user.get('last_reset_request', 0)
        new_token = bytes(
            username + user['password'] + str(last_rest) + str(curr_time),
            'ascii')
        new_token_en = sha256(new_token).hexdigest()
        if (token != new_token_en):
            return {'message': 'Invalid Token'}
        curr_time = int(time.time())
        toUpdate = {'last_reset': curr_time, 'isactive': True}
        toUpdate['password'] = password
        db.users.update_one({'username': username}, {"$set": toUpdate})
        return {'message': 'Success', 'status': 200}