Головна сторінка Огляд Довідка
Реєстрація Увійти
sthd
/
openisp
2
0
Відгалуження 0
Файли Проблеми 0 Запити на злиття 0 Wiki
Дерево: 00edd97922
Гілки Теги
openisp
/
Backend
/
Sources
/
View
/
view_basics_api.py

view_basics_api.py 4.5 KB
Історія Запис

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119 
  1. import Model.isp_model as isp_model
    2. 

  2. from flask import session,request,jsonify
    3. 

  3. import Model.model_manager as model_manager
    4. 

  4. from werkzeug.security import check_password_hash,generate_password_hash
    5. 

  5. import persistence
    6. 

  6. import json
    7. 

  7. import View.view_privilege as privileges
    8. 

  8. import logging
    9. 

  9. from utility.app_logging import logger_name
    10. 

  10. logger = logging.getLogger(logger_name + ".VIEW")
    11. 

  11. 

  12. __api_login_url__ = "/api/login"
    13. 

  13. __id_counter__ : int = 1
    14. 

  14. 

  15. def define_basic_api(app) :
    16. 

  16. 

  17. 

  18.     @app.before_request
    19. 

  19.     def before_request_func():
    20. 

  20. 

  21.         global __id_counter__
    22. 

  22.         logger.debug("before_request processing")
    23. 

  23.         logger.debug("request from " + request.remote_addr)
    24. 

  24.         logger.debug("request header" + str(request.headers.__dict__))
    25. 

  25. 

  26.         if request.json :
    27. 

  27.             logger.debug("request json body : " + str(request.json))
    28. 

  28. 

  29. 

  30.         if not "client_id" in session :
    31. 

  31.             session["client_id"] = str(__id_counter__)
    32. 

  32.         logger.debug("client_id is " + session["client_id"])
    33. 

  33.         __id_counter__ = __id_counter__ + 1
    34. 

  34. 

  35. 

  36.         if not request.path == __api_login_url__ and not "username" in session :
    37. 

  37.             logger.warning("Unauthorized client with id " + session["client_id"] + " try to access application")
    38. 

  38.             resp = jsonify({'message' : 'Unauthorized access, request is not from and authentificated user.'})
    39. 

  39.             resp.status_code = 401
    40. 

  40.             return resp
    41. 

  41. 

  42.         if "username" in session :
    43. 

  43.             logger.debug("request from  " + session["username"])
    44. 

  44. 

  45. 

  46.     @app.route(__api_login_url__,methods = ['POST'])
    47. 

  47.     def login():
    48. 

  48.         _json = request.json
    49. 

  49.         _username = _json['username']
    50. 

  50.         _password = _json['password']
    51. 

  51. 

  52. 

  53.         with persistence.get_Session_Instance() as sess :
    54. 

  54. 

  55.             Item = sess.query(isp_model.user_account).filter(isp_model.user_account.nickname == _username).first()
    56. 

  56.             if not isinstance(Item,isp_model.user_account) :
    57. 

  57.                 logger.warning("user tried to login with unknown account name : " + _username)
    58. 

  58.                 resp = jsonify({'message' : 'Bad Request - user account not found'})
    59. 

  59.                 resp.status_code = 400
    60. 

  60.                 return resp
    61. 

  61. 

  62.             if not check_password_hash(Item.password,_password) :
    63. 

  63.                 logger.warning("user with account name '" + _username + "' tried to login with invalid password")
    64. 

  64.                 resp = jsonify({'message' : 'Bad Request - invalid password for this account'})
    65. 

  65.                 resp.status_code = 400
    66. 

  66.                 return resp
    67. 

  67. 

  68. 

  69. 

  70.             session["username"] = _username
    71. 

  71.             session["user_account_id"] = Item.id
    72. 

  72.             logger.info("account " + _username + " logged IN successfully with id : " + session["client_id"])
    73. 

  73.             resp = jsonify({'message' : 'login successful'})
    74. 

  74.             resp.status_code = 200
    75. 

  75.             return resp
    76. 

  76. 

  77. 

  78. 

  79. 

  80.     @app.route('/api/logout',methods = ['DELETE'])
    81. 

  81.     def logout():
    82. 

  82.         logger.info("account " + session["username"] + " logged OUT with id : " + session["client_id"])
    83. 

  83.         session.clear()
    84. 

  84.         return jsonify('logout')
    85. 

  85. 

  86.     @app.route('/api/me',methods = ['GET'])
    87. 

  87.     def user_description():
    88. 

  88.         with persistence.get_Session_Instance() as sess :
    89. 

  89.             item : isp_model.user_account = sess.query(isp_model.user_account).filter(isp_model.user_account.id == session["client_id"]).first()
    90. 

  90.             json_string = model_manager.ModelObjectToJsonString(item)
    91. 

  91.             json_dict : dict = json.loads(json_string)
    92. 

  92.             json_dict.pop("password") # removing the password item for security
    93. 

  93.             json_string = json.dumps(json_dict)
    94. 

  94.             return jsonify(json_dict)
    95. 

  95. 

  96.     @app.route('/api/password',methods = ['POST'])
    97. 

  97.     def change_password():
    98. 

  98.         _json = request.json
    99. 

  99.         _old_password = _json['old_password']
    100. 

  100.         _password     = _json['new_password']
    101. 

  101.         with persistence.get_Session_Instance() as sess :
    102. 

  102.             Item : isp_model.user_account = sess.query(isp_model.user_account).filter(isp_model.user_account.id == session["user_account_id"]).first()
    103. 

  103. 

  104. 

  105.             if not check_password_hash(Item.password,_password) :
    106. 

  106.                 raise Exception("old password is incorrect")
    107. 

  107. 

  108.             Item.password = generate_password_hash(_password)
    109. 

  109.             sess.commit()
    110. 

  110. 

  111.         return jsonify('password changed')
    112. 

  112. 

  113. 

  114.     @app.route('/routes',methods = ['GET'])
    115. 

  115.     def routes():
    116. 

  116.         routes = []
    117. 

  117.         for route in app.url_map.iter_rules():
    118. 

  118.             routes.append('%s' % route)
    119. 

  119.         return jsonify(routes)
    120.