def push_notifications_register(): content = request.get_json(force=True) if content is None: return bad_request("failed to decode JSON object") params, err_response = get_json_params(content, ["registration_token"]) if err_response: return err_response registration_token, = params latitude, longitude = get_json_params_optional(content, ["latitude", "longitude"]) topics = Topic.topic_list(db.session) fcm.subscribe_to_topics(registration_token, topics) if latitude and longitude: latitude = float(latitude) longitude = float(longitude) push_location = PushNotificationLocation.from_token( db.session, registration_token) if push_location: push_location.update(latitude, longitude) else: push_location = PushNotificationLocation(registration_token, latitude, longitude) db.session.add(push_location) db.session.commit() return jsonify(dict(result="ok"))
def user_register(): content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params(content, [ "email", "password", "first_name", "last_name", "mobile_number", "address", "photo", "photo_type" ]) if err_response: return err_response email, password, first_name, last_name, mobile_number, address, photo, photo_type = params if not utils.is_email(email): return bad_request(web_utils.INVALID_EMAIL) email = email.lower() if not password: return bad_request(web_utils.EMPTY_PASSWORD) if photo and len(photo) > 50000: return bad_request(web_utils.PHOTO_DATA_LARGE) req = UserCreateRequest(first_name, last_name, email, mobile_number, address, photo, photo_type, encrypt_password(password)) user = User.from_email(db.session, email) if user: time.sleep(5) return bad_request(web_utils.USER_EXISTS) utils.email_user_create_request(logger, req, req.MINUTES_EXPIRY) db.session.add(req) db.session.commit() return 'ok'
def api_key_create(): content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params( content, ["email", "password", "device_name"]) if err_response: return err_response email, password, device_name = params if not email: return bad_request(web_utils.INVALID_EMAIL) email = email.lower() user = User.from_email(db.session, email) if not user: time.sleep(5) return bad_request(web_utils.AUTH_FAILED) if not flask_security.verify_password(password, user.password): time.sleep(5) return bad_request(web_utils.AUTH_FAILED) api_key = ApiKey(user, device_name) for name in Permission.PERMS_ALL: perm = Permission.from_name(db.session, name) api_key.permissions.append(perm) db.session.add(api_key) db.session.commit() return jsonify( dict(token=api_key.token, secret=api_key.secret, device_name=api_key.device_name, expiry=api_key.expiry))
def tx_broadcast(): content = request.get_json(force=True) if content is None: return bad_request("failed to decode JSON object") params, err_response = get_json_params(content, ["txid"]) if err_response: return err_response txid, = params error, dbtx, tx = _tx_broadcast(txid) return jsonify(dict(txid=txid, state=dbtx.state, tx=tx, error=error))
def tx_serialize(): content = request.get_json(force=True) if content is None: return bad_request("failed to decode JSON object") params, err_response = get_json_params(content, ["tx"]) if err_response: return err_response tx, = params if not "type" in tx: return bad_request("tx does not contain 'type' field") tx_serialized = tx_utils.tx_serialize(tx) res = {"bytes": base64.b64encode(tx_serialized).decode("utf-8", "ignore")} return jsonify(res)
def tx_status(): content = request.get_json(force=True) if content is None: return bad_request("failed to decode JSON object") params, err_response = get_json_params(content, ["txid"]) if err_response: return err_response txid, = params dbtx = WavesTx.from_txid(db.session, txid) if not dbtx: return bad_request('tx not found', 404) tx = dbtx.tx_with_sigs() return jsonify(dict(txid=txid, state=dbtx.state, tx=tx))
def tx_signature(): content = request.get_json(force=True) if content is None: return bad_request("failed to decode JSON object") params, err_response = get_json_params(content, ["txid", "signer_index", "signature"]) if err_response: return err_response txid, signer_index, signature = params dbtx = WavesTx.from_txid(db.session, txid) if not dbtx: return bad_request('tx not found', 404) logger.info(":: adding sig to tx - %s, %d, %s", txid, signer_index, signature) sig = WavesTxSig(dbtx, signer_index, signature) db.session.add(sig) db.session.commit() tx = dbtx.tx_with_sigs() return jsonify(dict(txid=txid, state=dbtx.state, tx=tx))
def api_key_request(): content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params(content, ["email", "device_name"]) if err_response: return err_response email, device_name = params if not email: return bad_request(web_utils.INVALID_EMAIL) email = email.lower() user = User.from_email(db.session, email) if not user: req = ApiKeyRequest(user, device_name) return jsonify(dict(token=req.token)) req = ApiKeyRequest(user, device_name) utils.email_api_key_request(logger, req, req.MINUTES_EXPIRY) db.session.add(req) db.session.commit() return jsonify(dict(token=req.token))
def api_key_claim(): content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params(content, ["token"]) if err_response: return err_response token, = params req = ApiKeyRequest.from_token(db.session, token) if not token: time.sleep(5) return bad_request(web_utils.NOT_FOUND) req = ApiKeyRequest.from_token(db.session, token) if not req.created_api_key: time.sleep(5) return bad_request(web_utils.NOT_CREATED) api_key = req.created_api_key db.session.delete(req) db.session.commit() return jsonify(dict(token=api_key.token, secret=api_key.secret, device_name=api_key.device_name, expiry=api_key.expiry))
def user_update_photo(): sig = request_get_signature() content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params( content, ["api_key", "nonce", "photo", "photo_type"]) if err_response: return err_response api_key, nonce, photo, photo_type = params res, reason, api_key = check_auth(db.session, api_key, nonce, sig, request.data) if not res: return bad_request(reason) user = api_key.user user.photo = photo user.photo_type = photo_type db.session.add(user) db.session.commit() return jsonify(dict(photo=user.photo, photo_type=user.photo_type))
def transaction_create(): sig = request_get_signature() content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params( content, ["api_key", "nonce", "action", "recipient", "amount", "attachment"]) if err_response: return err_response api_key, nonce, action, recipient, amount, attachment = params res, reason, api_key = check_auth(db.session, api_key, nonce, sig, request.data) if not res: return bad_request(reason) tx, error = paydb_core.tx_create_and_play(db.session, api_key, action, recipient, amount, attachment) if not tx: return bad_request(error) tx_event(tx) return jsonify(dict(tx=tx.to_json()))
def stash_load(): content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params(content, ["key", "email"]) if err_response: return err_response key, email = params stash = UserStash.from_email_hash(db.session, key, utils.sha256(email)) req = UserStashRequest(key, email, None, None, None, UserStashRequest.ACTION_LOAD) if stash: utils.email_stash_load_request(logger, email, req, req.MINUTES_EXPIRY) db.session.add(req) db.session.commit() logger.info('stash load request %s created', req.token) else: logger.warning( 'stash for email %s does not exist, load request %s not created', email, req.token) return jsonify(dict(token=req.token))
def reward_categories(): sig = request_get_signature() content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params(content, ["api_key", "nonce"]) if err_response: return err_response api_key, nonce = params res, auth_fail_reason, api_key = check_auth(db.session, api_key, nonce, sig, request.data) if not res: return bad_request(auth_fail_reason) if not api_key.user.has_role( Role.ROLE_ADMIN) and not api_key.user.has_role( Role.ROLE_AUTHORIZER): return bad_request(web_utils.UNAUTHORIZED) # pylint: disable=no-member cats = db.session.query(Category).all() cats = [cat.name for cat in cats] return jsonify(dict(categories=cats))
def user_transactions(): sig = request_get_signature() content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params( content, ["api_key", "nonce", "offset", "limit"]) if err_response: return err_response api_key, nonce, offset, limit = params if limit > 1000: return bad_request(web_utils.LIMIT_TOO_LARGE) res, reason, api_key = check_auth(db.session, api_key, nonce, sig, request.data) if not res: return bad_request(reason) if not api_key.has_permission(Permission.PERMISSION_HISTORY): return bad_request(web_utils.UNAUTHORIZED) txs = PayDbTransaction.related_to_user(db.session, api_key.user, offset, limit) txs = [tx.to_json() for tx in txs] return jsonify(dict(txs=txs))
def reward_create(): sig = request_get_signature() content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params(content, [ "api_key", "nonce", "reason", "category", "recipient", "amount", "message" ]) if err_response: return err_response api_key, nonce, reason, category, recipient, amount, message = params res, auth_fail_reason, api_key = check_auth(db.session, api_key, nonce, sig, request.data) if not res: return bad_request(auth_fail_reason) if not api_key.user.has_role( Role.ROLE_ADMIN) and not api_key.user.has_role( Role.ROLE_AUTHORIZER): return bad_request(web_utils.UNAUTHORIZED) cat = Category.from_name(db.session, category) if not cat: return bad_request(web_utils.INVALID_CATEGORY) if amount <= 0: return bad_request(web_utils.INVALID_AMOUNT) proposal, payment = _reward_create(api_key.user, reason, cat, recipient, amount, message) db.session.commit() return jsonify( dict(proposal=dict(reason=reason, category=category, status=proposal.status, payment=dict(amount=amount, email=payment.email, mobile=payment.mobile, address=payment.recipient, message=message, status=payment.status))))
def user_update_password(): sig = request_get_signature() content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params( content, ["api_key", "nonce", "current_password", "new_password"]) if err_response: return err_response api_key, nonce, current_password, new_password = params res, reason, api_key = check_auth(db.session, api_key, nonce, sig, request.data) if not res: return bad_request(reason) user = api_key.user verified_password = verify_password(current_password, user.password) if not verified_password: return bad_request(web_utils.INCORRECT_PASSWORD) ### set the new_password: user.password = encrypt_password(new_password) db.session.add(user) db.session.commit() return 'password changed.'
def stash_save(): content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params( content, ["key", "email", "iv", "cyphertext", "question"]) if err_response: return err_response key, email, iv, cyphertext, question = params stash = UserStash.from_email_hash(db.session, key, utils.sha256(email)) req = UserStashRequest(key, email, iv, cyphertext, question, UserStashRequest.ACTION_SAVE) if not stash: db.session.add(req) db.session.commit() utils.email_stash_save_request(logger, email, req, req.MINUTES_EXPIRY) logger.info('stash save request %s created', req.token) else: logger.warning( 'stash for email %s exists, save request %s not created', email, req.token) utils.email_stash_save_exists(logger, email, req) return jsonify(dict(token=req.token))
def tx_broadcast(): content = request.get_json(force=True) if content is None: return bad_request("failed to decode JSON object") params, err_response = get_json_params(content, ["txid"]) if err_response: return err_response txid, = params dbtx = WavesTx.from_txid(db.session, txid) if not dbtx: return bad_request('tx not found', 404) tx = dbtx.tx_with_sigs() error = "" # broadcast transaction try: dbtx = tx_utils.broadcast_transaction(db.session, dbtx.txid) db.session.add(dbtx) db.session.commit() except OtherError as ex: error = ex.message if hasattr(ex, 'data'): error = "{} - {}".format(ex.message, ex.data) return jsonify(dict(txid=txid, state=dbtx.state, tx=tx, error=error))
def tx_create(): tx_utils.tx_init_chain_id(TESTNET) content = request.get_json(force=True) if content is None: return bad_request("failed to decode JSON object") params, err_response = get_json_params(content, ["type", "timestamp"]) if err_response: return err_response type_, timestamp = params if not type_ in tx_utils.TYPES: return bad_request("'type' not valid") pubkey = ASSET_MASTER_PUBKEY address = tx_utils.generate_address(pubkey) amount = 0 if type_ == "transfer": fee = tx_utils.get_fee(NODE_BASE_URL, tx_utils.DEFAULT_TX_FEE, address, None) params, err_response = get_json_params(content, ["recipient", "amount"]) if err_response: return err_response recipient, amount = params tx = tx_utils.transfer_asset_payload(address, pubkey, None, recipient, ASSET_ID, amount, "", None, fee, timestamp) elif type_ == "issue": fee = tx_utils.get_fee(NODE_BASE_URL, tx_utils.DEFAULT_ASSET_FEE, address, None) params, err_response = get_json_params( content, ["asset_name", "asset_description", "amount"]) if err_response: return err_response asset_name, asset_description, amount = params tx = tx_utils.issue_asset_payload(address, pubkey, None, asset_name, asset_description, amount, None, 2, True, fee, timestamp) elif type_ == "reissue": fee = tx_utils.get_fee(NODE_BASE_URL, tx_utils.DEFAULT_ASSET_FEE, address, None) params, err_response = get_json_params(content, ["amount"]) if err_response: return err_response amount, = params tx = tx_utils.reissue_asset_payload(address, pubkey, None, ASSET_ID, amount, True, fee, timestamp) elif type_ == "sponsor": fee = tx_utils.get_fee(NODE_BASE_URL, tx_utils.DEFAULT_SPONSOR_FEE, address, None) params, err_response = get_json_params(content, ["asset_fee"]) if err_response: return err_response asset_fee, = params amount = asset_fee tx = tx_utils.sponsor_payload(address, pubkey, None, ASSET_ID, asset_fee, fee, timestamp) elif type_ == "setscript": fee = tx_utils.get_fee(NODE_BASE_URL, tx_utils.DEFAULT_SCRIPT_FEE, address, None) params, err_response = get_json_params(content, ["script"]) if err_response: return err_response script, = params tx = tx_utils.set_script_payload(address, pubkey, None, script, fee, timestamp) else: return bad_request("invalid type") txid = tx_utils.tx_to_txid(tx) dbtx = WavesTx.from_txid(db.session, txid) if dbtx: return bad_request("txid already exists") dbtx = WavesTx(txid, type_, tx_utils.CTX_CREATED, amount, False, json.dumps(tx)) db.session.add(dbtx) db.session.commit() return jsonify(dict(txid=txid, state=tx_utils.CTX_CREATED, tx=tx))
def claim_payment(token): payment = Payment.from_token(db.session, token) if not payment: return bad_request('payment not found', 404) now = datetime.datetime.now() if now > payment.proposal.date_expiry and payment.status != payment.STATE_SENT_FUNDS: return bad_request('expired', 404) def render(recipient): url_parts = urlparse(request.url) url = url_parts._replace(scheme=DEEP_LINK_SCHEME, query='scheme={}'.format( url_parts.scheme)).geturl() qrcode_svg = utils.qrcode_svg_create(url) return render_template("claim_payment.html", payment=payment, recipient=recipient, qrcode_svg=qrcode_svg, url=url) def render_waves(dbtx): recipient = None if dbtx: recipient = dbtx.tx_with_sigs()["recipient"] return render(recipient) if SERVER_MODE == SERVER_MODE_WAVES: dbtx = WavesTx.from_txid(db.session, payment.txid) if request.method == "POST": content_type = request.content_type using_app = content_type.startswith('application/json') logger.info("claim_payment: content type - %s, using_app - %s", content_type, using_app) recipient = "" asset_id = "" if using_app: content = request.get_json(force=True) if content is None: return bad_request("failed to decode JSON object") if SERVER_MODE == SERVER_MODE_WAVES: params, err_response = get_json_params( content, ["recipient", "asset_id"]) if err_response: return err_response recipient, asset_id = params else: # paydb params, err_response = get_json_params(content, ["recipient"]) if err_response: return err_response recipient, = params else: # using html form try: recipient = request.form["recipient"] except: # pylint: disable=bare-except flash("'recipient' parameter not present", "danger") return render_waves(dbtx) try: asset_id = request.form["asset_id"] except: # pylint: disable=bare-except pass if SERVER_MODE == SERVER_MODE_WAVES: dbtx, err_msg = process_claim_waves(payment, dbtx, recipient, asset_id) else: # paydb err_msg = process_claim_paydb(payment, recipient) if err_msg: logger.error("claim_payment: %s", err_msg) if using_app: return bad_request(err_msg) flash(err_msg, "danger") if SERVER_MODE == SERVER_MODE_WAVES: return render_waves(dbtx) return render(None)