-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapp.py
More file actions
158 lines (132 loc) · 5.45 KB
/
app.py
File metadata and controls
158 lines (132 loc) · 5.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
from flask import Flask, request, jsonify
from flask_login import LoginManager, login_user, current_user, logout_user, login_required
from database import db
from models.users import Users
from schemas.users import UserCreate, UserLogin, UserUpdate, UserUpdatePassword
from pydantic import ValidationError
from sqlalchemy.exc import IntegrityError
from middleware.sqlErrorHandler import SqlErrorHandler
from datetime import timedelta
from dotenv import load_dotenv
from os import environ
load_dotenv()
def create_app():
app = Flask(__name__)
login_manager = LoginManager()
DURATION = int(environ.get('REMEMBER_COOKIE_DURATION'))
app.config['SECRET_KEY'] = environ.get('SECRET_KEY')
app.config['SQLALCHEMY_DATABASE_URI'] = environ.get('SQLALCHEMY_DATABASE_URI')
app.config['REMEMBER_COOKIE_DURATION'] = timedelta(days=DURATION)
app.config.update(
SESSION_COOKIE_HTTPONLY = environ.get('SESSION_COOKIE_HTTPONLY'),
SESSION_COOKIE_SECURE = environ.get('SESSION_COOKIE_SECURE'),
SESSION_COOKIE_SAMESITE = environ.get('SESSION_COOKIE_SAMESITE'),
)
db.init_app(app)
login_manager.init_app(app)
login_manager.login_view = 'login'
@login_manager.user_loader
def load_user(user_id):
return Users.query.filter_by(user_id=user_id).first()
@login_manager.unauthorized_handler
def unauthorized_callback():
return jsonify({"message": "User not authenticated"}), 401
@app.route('/login', methods=['POST'])
def login():
if current_user.is_authenticated:
return jsonify({"message":"User already logged in"}), 401
if not request.get_json():
return jsonify({"message":"Missing content"}),400
try:
data = UserLogin(**request.get_json())
except ValidationError as e:
return jsonify({"message":e.errors()}),400
user = Users.query.filter_by(username=data.username).first()
if user and user.verify_password(data.password):
login_user(user,remember=environ.get("REMEMBER_USER"))
return jsonify({"message":"Login Successful"})
else:
return jsonify({"message":"Login Failed"}), 400
@app.route('/logout', methods=["POST"])
@login_required
def logout():
logout_user()
response = jsonify({"message": "Logout successful"})
response.set_cookie('session', '', expires=0)
return response, 200
@app.route("/user", methods=["GET"])
def get_user():
users = Users.query.all()
return jsonify({"users":[u.to_dict() for u in users]})
@app.route('/register', methods=['POST'])
@login_required
def post_user():
if not request.get_json():
return jsonify({"message": "Content missing"}), 400
try:
data = UserCreate(**request.get_json())
except ValidationError as e:
return jsonify({"message": e.errors()}), 400
try:
user = Users(**data.model_dump())
db.session.add(user)
db.session.commit()
except IntegrityError as e:
error_details = SqlErrorHandler(e).errors()
return jsonify(error_details),error_details.get("status_code")
return jsonify({"message": user.to_dict()}), 201
@app.route("/user/<int:user_id>", methods=["PUT"])
@login_required
def put_user(user_id):
if current_user.id != user_id:
return jsonify({"message": "Forbidden"}), 403
try:
data = UserUpdate(**request.get_json())
except ValidationError as e:
return jsonify({"message": e.errors()}), 400
user = Users.query.get(user_id)
if not user:
return jsonify({"message": "User not found"}), 404
try:
user.username = data.username
user.email = data.email
user.password = data.password
db.session.commit()
except IntegrityError as e:
db.session.rollback()
error_details = SqlErrorHandler(e).errors()
return jsonify(error_details), error_details.get("status_code")
return jsonify({"message": "User updated successfully", "user": user.to_dict()}), 200
@app.route("/user/<int:user_id>/password", methods=["PATCH"])
@login_required
def patch_user_password(user_id):
if current_user.id != user_id:
return jsonify({"message": "Forbidden"}), 403
try:
data = UserUpdatePassword(**request.get_json())
except ValidationError as e:
return jsonify({"message": e.errors()}), 400
user = Users.query.get(user_id)
if not user:
return jsonify({"message": "User not found"}), 404
user.password = data.password
db.session.commit()
return jsonify({"message": "Password updated successfully"}), 200
@app.route("/user/<int:user_id>", methods=['DELETE'])
@login_required
def delete_user(user_id):
if current_user.id != user_id:
return jsonify({"message":"Forbidden"}),403
user = Users.query.filter_by(user_id=user_id).first()
db.session.delete(user)
db.session.commit()
@app.errorhandler(405)
def method_not_allowed(e):
return jsonify({
"error": "Method Not Allowed",
"message": "This endpoint does not accept the requested method."
}), 405
return app
if __name__ == '__main__':
app = create_app()
app.run(debug=True, port=3333)