108 lines
3.0 KiB
Python
Executable File
108 lines
3.0 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
import sqlite3
|
|
from flask import Flask, request, jsonify, send_from_directory
|
|
from flask import make_response
|
|
from os import urandom
|
|
from base64 import b64encode
|
|
|
|
app = Flask(__name__)
|
|
|
|
def get_db():
|
|
db = sqlite3.connect("main.sqlite")
|
|
return db
|
|
|
|
@app.route("/users", methods=["GET"])
|
|
def get_users():
|
|
db = get_db()
|
|
cursor = db.cursor()
|
|
cursor.execute("SELECT * FROM users")
|
|
users = cursor.fetchall()
|
|
return jsonify(users)
|
|
|
|
@app.route("/users", methods=["POST"])
|
|
def create_user():
|
|
db = get_db()
|
|
cursor = db.cursor()
|
|
user = request.form["user"]
|
|
password = request.form["password"]
|
|
salt = request.form["salt"]
|
|
cursor.execute("INSERT INTO users (user, password, salt) \
|
|
VALUES (?, ?, ?)"
|
|
, (user, password, salt))
|
|
db.commit()
|
|
return jsonify({"message": "User created successfully"})
|
|
|
|
@app.route("/login", methods=["POST"])
|
|
def login():
|
|
db = get_db()
|
|
cursor = db.cursor()
|
|
|
|
user = request.form["user"]
|
|
password = request.form.get("password", None)
|
|
if password is None:
|
|
cursor.execute("SELECT salt FROM users WHERE user = ?", (user,))
|
|
user = cursor.fetchone()
|
|
if user is None:
|
|
return jsonify({}), 404
|
|
|
|
print(user[0])
|
|
|
|
return make_response(user[0], 200)
|
|
|
|
|
|
cursor.execute("SELECT id FROM users WHERE user = ? AND password = ?",
|
|
(user, password))
|
|
|
|
user_id = cursor.fetchone()
|
|
|
|
if user_id is None:
|
|
return jsonify({}), 403
|
|
|
|
|
|
token = b64encode(urandom(16)).decode('utf-8')
|
|
cursor.execute("INSERT INTO token (id, token, expiry) VALUES (?,?,\
|
|
unixepoch(datetime(\"NOW\", \"+30 days\"))) \
|
|
RETURNING expiry;",
|
|
(user_id[0], token))
|
|
response = make_response("", 204)
|
|
response.set_cookie("token", value=token, expires=cursor.fetchone()[0])
|
|
|
|
return response
|
|
|
|
@app.route("/users/<int:user_id>", methods=["GET"])
|
|
def get_user(user_id):
|
|
db = get_db()
|
|
cursor = db.cursor()
|
|
cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,))
|
|
user = cursor.fetchone()
|
|
return jsonify(user)
|
|
|
|
@app.route("/users/<int:user_id>", methods=["PUT"])
|
|
def update_user(user_id):
|
|
db = get_db()
|
|
cursor = db.cursor()
|
|
name = request.form["name"]
|
|
email = request.form["email"]
|
|
cursor.execute("UPDATE users SET name = ?, email = ? WHERE id = ?", (name, email, user_id))
|
|
db.commit()
|
|
return jsonify({"message": "User updated successfully"})
|
|
|
|
@app.route("/users/<int:user_id>", methods=["DELETE"])
|
|
def delete_user(user_id):
|
|
db = get_db()
|
|
cursor = db.cursor()
|
|
cursor.execute("DELETE FROM users WHERE id = ?", (user_id,))
|
|
db.commit()
|
|
return jsonify({"message": "User deleted successfully"})
|
|
|
|
@app.route("/")
|
|
def index():
|
|
return send_from_directory("static", "index.html")
|
|
|
|
@app.route("/<path:path>")
|
|
def serve_static_path(path):
|
|
return send_from_directory('static', path)
|
|
|
|
if __name__ == "__main__":
|
|
app.run(debug=True)
|