-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.py
103 lines (78 loc) · 2.16 KB
/
app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
import os
import redis
from flask import Flask, jsonify, request
from flask_sqlalchemy import SQLAlchemy
app = Flask(__name__)
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = True
app.config['SQLALCHEMY_DATABASE_URI'] = os.environ['JAWSDB_URL']
db = SQLAlchemy(app)
from models import BjRecord, BjUser
db.create_all()
BJ_REQUEST_ORIGIN_LIST = {
'bj.cli',
'bj.postman',
'bj.web',
'bj.desktop',
}
@app.route('/signup', methods = ['POST'])
def signup():
if not is_bj_header(request.headers):
return '', 401
username = request.form.get('username')
password = request.form.get('hashed-password')
if not username or not password:
return '', 500
if BjUser.has_username(username):
return '', 400
user_id, access_token = BjUser.add_user(username, password)
bj_record = BjRecord(
user_id=user_id,
data='',
)
db.session.add(bj_record)
db.session.commit()
return jsonify(
user_id=user_id,
access_token=access_token,
), 200
@app.route('/login', methods = ['POST'])
def login():
if not is_bj_header(request.headers):
return '', 401
username = request.form.get('username')
password = request.form.get('hashed-password')
if not username or not password:
return '', 401
if not BjUser.has_username(username):
return '', 401
user_id, access_token = BjUser.get_user(username, password)
if not user_id or not access_token:
return '', 401
return jsonify(
user_id=user_id,
access_token=access_token,
), 200
@app.route('/<user_id>', methods = ['GET', 'PUT'])
def access(user_id):
if not is_bj_header(request.headers):
return '', 401
if not has_access(user_id, request.headers):
return '', 401
bj_record = db.session.query(BjRecord).filter_by(user_id=user_id).scalar()
if not bj_record:
return '', 404
if request.method == 'GET':
return bj_record.data, 200
if not request.data:
return '', 400
bj_record.data = request.data
db.session.commit()
return '', 204
def has_access(user_id, headers):
access_token = headers.get('BJ_SERVER_ACCESS_TOKEN')
if not access_token:
return False
return BjUser.validate_token(user_id, access_token)
def is_bj_header(headers):
origin = headers.get('BJ_REQUEST_ORIGIN')
return origin in BJ_REQUEST_ORIGIN_LIST