sthd
/
openisp


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119
							import Model.isp_model as isp_model
from flask import session,request,jsonify
import Model.model_manager as model_manager
from werkzeug.security import check_password_hash,generate_password_hash
import persistence
import json
import View.view_privilege as privileges
import logging
from utility.app_logging import logger_name
logger = logging.getLogger(logger_name + ".VIEW")

__api_login_url__ = "/api/login"
__id_counter__ : int = 1

def define_basic_api(app) :


    @app.before_request
    def before_request_func():

        global __id_counter__
        logger.debug("before_request processing")
        logger.debug("request from " + request.remote_addr)
        logger.debug("request header" + str(request.headers.__dict__))

        if request.json :
            logger.debug("request json body : " + str(request.json))


        if not "client_id" in session :
            session["client_id"] = str(__id_counter__)
        logger.debug("client_id is " + session["client_id"])
        __id_counter__ = __id_counter__ + 1


        if not request.path == __api_login_url__ and not "username" in session :
            logger.warning("Unauthorized client with id " + session["client_id"] + " try to access application")
            resp = jsonify({'message' : 'Unauthorized access, request is not from and authentificated user.'})
            resp.status_code = 401
            return resp

        if "username" in session :
            logger.debug("request from  " + session["username"])


    @app.route(__api_login_url__,methods = ['POST'])
    def login():
        _json = request.json
        _username = _json['username']
        _password = _json['password']


        with persistence.get_Session_Instance() as sess :

            Item = sess.query(isp_model.user_account).filter(isp_model.user_account.nickname == _username).first()
            if not isinstance(Item,isp_model.user_account) :
                logger.warning("user tried to login with unknown account name : " + _username)
                resp = jsonify({'message' : 'Bad Request - user account not found'})
                resp.status_code = 400
                return resp

            if not check_password_hash(Item.password,_password) :
                logger.warning("user with account name '" + _username + "' tried to login with invalid password")
                resp = jsonify({'message' : 'Bad Request - invalid password for this account'})
                resp.status_code = 400
                return resp


            session["username"] = _username
            session["user_account_id"] = Item.id
            logger.info("account " + _username + " logged IN successfully with id : " + session["client_id"])
            resp = jsonify({'message' : 'login successful'})
            resp.status_code = 200
            return resp


    @app.route('/api/logout',methods = ['DELETE'])
    def logout():
        logger.info("account " + session["username"] + " logged OUT with id : " + session["client_id"])
        session.clear()
        return jsonify('logout')

    @app.route('/api/me',methods = ['GET'])
    def user_description():
        with persistence.get_Session_Instance() as sess :
            item : isp_model.user_account = sess.query(isp_model.user_account).filter(isp_model.user_account.id == session["client_id"]).first()
            json_string = model_manager.ModelObjectToJsonString(item)
            json_dict : dict = json.loads(json_string)
            json_dict.pop("password") # removing the password item for security
            json_string = json.dumps(json_dict)
            return jsonify(json_dict)

    @app.route('/api/password',methods = ['POST'])
    def change_password():
        _json = request.json
        _old_password = _json['old_password']
        _password     = _json['new_password']
        with persistence.get_Session_Instance() as sess :
            Item : isp_model.user_account = sess.query(isp_model.user_account).filter(isp_model.user_account.id == session["user_account_id"]).first()


            if not check_password_hash(Item.password,_password) :
                raise Exception("old password is incorrect")

            Item.password = generate_password_hash(_password)
            sess.commit()

        return jsonify('password changed')


    @app.route('/routes',methods = ['GET'])
    def routes():
        routes = []
        for route in app.url_map.iter_rules():
            routes.append('%s' % route)
        return jsonify(routes)