def get_payment_grade():
db = conn.db()
cursor = db.cursor()
sql = "SELECT * FROM Payment"
cursor.execute(sql)
data = (cursor.fetchall())
return jsonify(data)
def edit_user():
"""
User update API
email, name, password
:return: json type message
"""
request_data = request.get_json()
# Get user data
email = request_data.get("email")
name = request_data.get("name")
# SHA256 hashing with SALT
password = request_data.get("password") + SALT
password = hashlib.sha256(password.encode()).hexdigest()
db = conn.db()
cursor = db.cursor()
sql = "update User set name = %s, password = %s where email = %s"
cursor.execute(sql, (name, password, email))
db.commit()
return jsonify({"message": "수정이 완료되었습니다."})
def sign_in():
"""
User Login API
emain, password
:return: json type message
"""
request_data = request.get_json()
# Get user data
email = request_data.get("email")
# SHA256 hashing with SALT
password = request_data.get("password") + SALT
password = hashlib.sha256(password.encode()).hexdigest()
cursor = conn.db().cursor()
sql = "select * from User where email = %s and password = %s"
cursor.execute(sql, (email, password))
# Get one user
result = cursor.fetchone()
# If email or password does not match
if isinstance(result, type(None)):
return jsonify({"result": "false", "message": "회원정보를 다시 확인해주세요."})
result["result"] = "true"
return jsonify(result)
def sign_up():
"""
User signUp API
email, name, password, auth
:return: json type message
"""
request_data = request.get_json()
# Get user data
email = request_data.get("email")
name = request_data.get("name")
auth = request_data.get("auth")
# SHA256 hashing with SALT
password = request_data.get("password") + SALT
password = hashlib.sha256(password.encode()).hexdigest()
db = conn.db()
cursor = db.cursor()
sql = "insert into User (email, name, password, auth,grade) values (%s, %s, %s, %s,'basic')"
# User email existed check
try:
cursor.execute(sql, (email, name, password, auth))
except pymysql.err.IntegrityError as e:
return jsonify({"message": "중복된 계정입니다."})
db.commit()
return jsonify({"message": "가입완료."})
def chrome_get_site():
cursor = conn.db().cursor()
sql = "select url from RequestList where analysis_check = 1"
cursor.execute(sql)
result = cursor.fetchall()
return jsonify(result)
def get_user_payment_history():
email = request.form.get("email")
db = conn.db()
cursor = db.cursor()
sql = "SELECT grade, date_format(payment_date, '%%Y년%%m월%%d일 %%H시 %%i분') as payment_date, date_format(expire_date, '%%Y년%%m월%%d일 %%H시 %%i분') as expire_date FROM User_Payment WHERE email=%s ORDER BY expire_date DESC"
cursor.execute(sql, email)
data = (cursor.fetchall())
return jsonify(data)
def post_price():
"""
post grade
:return: price of grade
"""
grade = request.form.get("grade")
cursor = conn.db().cursor()
sql = "select price from Payment where grade= %s"
cursor.execute(sql, grade)
res = cursor.fetchall()
return jsonify(res)
def get_user_payment():
email = request.form.get("email")
db = conn.db()
cursor = db.cursor()
sql = "SELECT (CASE WHEN expire_date > now() THEN grade ELSE 'basic' END) as grade, \
date_format(payment_date, '%%Y년%%m월%%d일 %%H시 %%i분') as payment_date, date_format(expire_date, '%%Y년%%m월%%d일 %%H시 %%i분') as expire_date \
FROM User_Payment WHERE email= %s ORDER BY expire_date desc limit 1"
cursor.execute(sql, email)
data = (cursor.fetchall())
return jsonify(data)
def get_phishing_list():
"""
Get phishing site list API
:return: json type phishing site list
"""
cursor = conn.db().cursor()
sql = "select url from RequestList where analysis_check=1"
cursor.execute(sql)
result = cursor.fetchall()
return jsonify(result)
def get_payment_list():
"""
Get payments list API
:return: json type payments list
"""
cursor = conn.db().cursor()
sql = "select email, grade, date_format(payment_date, '%Y-%m-%d %r') as payment_date," \
"date_format(expire_date, '%Y-%m-%d %r') as expire_date from User_Payment"
cursor.execute(sql)
result = cursor.fetchall()
return jsonify(result)
def chrome_phishing_check():
url = request.get_data().decode("UTF-8")
url = url.replace("http://", "").replace("https://", "")
cursor = conn.db().cursor()
sql = "select * from RequestList where url = %s and analysis_check = 1"
cursor.execute(sql, url)
result = cursor.fetchone()
if result == None:
return jsonify({"phishingFlag": False})
return jsonify({"phishingFlag": True})
def post_change_Analysis_Result():
"""
Post change analysisResult
:return: json type change analysisResult
"""
db = conn.db()
url = request.form.get("url")
cursor = db.cursor()
sql = "update RequestList set analysis_check=NOT analysis_check where url=%s"
cursor.execute(sql, url)
db.commit()
return jsonify()
def get_user_list():
"""
Get user list
:return: json type user list
"""
cursor = conn.db().cursor()
sql = "select u.*, count(r.email) as requestCount from User u LEFT OUTER JOIN RequestList r on r.email = u.email group by email"
cursor.execute(sql)
result = cursor.fetchall()
return jsonify(result)
def get_today_request():
"""
Get today request list API
:return: json type request list
"""
# Calculate today YYYY-MM-DD
today = get_today()
cursor = conn.db().cursor()
sql = "select email, url, analysis_check as analysisResult from RequestList where request_date = %s"
cursor.execute(sql, today)
result = cursor.fetchall()
return jsonify(result)
def get_all_count():
"""
Get user, request, payments, phishing site count API
:return: Json type each count
"""
# Calculate today YYYY-MM-DD
today = get_today()
cursor = conn.db().cursor()
# Get user, request, payments, phishing site count
sql = "select (select count(*) from User) as userCount, (select count(*) from User u, RequestList r where r.request_date = %s and u.email = r.email) as todayCount, (select count(*) from User_Payment) as paymentCount, (select count(*) from RequestList where analysis_check=1) as siteCount"
cursor.execute(sql, today)
result = cursor.fetchall()
return jsonify(result)
def chrome_xss_check():
page_data = request.get_data().decode("UTF-8")
cursor = conn.db().cursor()
sql = "select * from XssList"
cursor.execute(sql)
result = cursor.fetchall()
xss_flag = False
for xss in result:
if xss["gadget"] in page_data:
xss_flag = True
break
return jsonify({"xssFlag": xss_flag})
def get_one_user_request():
"""
Get one user request API
:return: json type one user requests
"""
email = request.form.get("email")
cursor = conn.db().cursor()
sql = "select url, date_format(request_date, '%%Y-%%m-%%d') as request_date, analysis_check as result\
from RequestList \
where email = %s order by request_date desc"
cursor.execute(sql, email)
result = cursor.fetchall()
return jsonify(result)
def add_pay():
"""
post pay history
:return:
"""
approved_time = request.form.get("approved_time")
approved_time = approved_time.split("T")
time = approved_time[0] + " " + approved_time[1]
grade = request.form.get("grade")
email = request.form.get("email")
db = conn.db()
cursor = db.cursor()
sql = "insert into User_Payment values(%s,%s,%s,date_add(%s, interval 1 month)); "
usersql = "update User set grade=%s where email=%s"
cursor.execute(sql, (email, grade, time, time))
cursor.execute(usersql, (grade, email))
db.commit()
return jsonify()
def delete_user():
"""
Delete User API
:return: json type message
"""
request_data = request.get_json()
# Get user data
email = request_data.get("email")
db = conn.db()
cursor = db.cursor()
sql = "delete from User where email = %s"
cursor.execute(sql, email)
db.commit()
return jsonify({"message": "탈퇴가 완료되었습니다."})
def chrome_user_site_request():
request_data = request.form
current_date = get_today()
url = request_data.get("url")
url = url.replace("http://", "").replace("https://", "")
email = request_data.get("email")
if '.' not in url:
return jsonify({"message": "해당 사이트가 이미 전달되었거나 올바르지 않은 url입니다."})
db = conn.db()
cursor = db.cursor()
sql = "insert into RequestList (url, request_date, email, analysis_check) values(%s, %s, %s, 0)"
try:
cursor.execute(sql, (url, current_date, email))
db.commit()
except pymysql.err.IntegrityError as e:
return jsonify({"message": "해당 사이트가 이미 전달되었거나 올바르지 않은 url입니다."})
return jsonify({"message": "사이트를 전달하였습니다."})
def chrome_sign_in():
# Get user information
request_data = request.form
email = request_data.get("email")
password = request_data.get("password") + SALT
password = hashlib.sha256(password.encode()).hexdigest()
cursor = conn.db().cursor()
sql = "select email,grade from User where email = %s and password = %s"
cursor.execute(sql, (email, password))
# Get one user
result = cursor.fetchone()
# If email or password does not match
if isinstance(result, type(None)):
return jsonify({"status": "failed", "message": "회원정보를 다시 확인해주세요."})
result['status'] = "success"
result['grade'] = result['grade']
return jsonify(result)