API tools faq
paste
Guest User

Untitled

a guest
Mar 9th, 2018
119
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.33 KB | None | 0 0
raw download clone embed print report
  1. from flask import Flask, request, jsonify, make_response
  2. from flask_sqlalchemy import SQLAlchemy
  3. import uuid
  4. from werkzeug.security import generate_password_hash, check_password_hash
  5. import jwt
  6. import datetime
  7. from functools import wraps
  8.  
  9. app = Flask(__name__)
  10.  
  11. app.config['SECRET_KEY'] = 'thisissecret'
  12. app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql://root:root@localhost/flask_db'
  13.  
  14. db = SQLAlchemy(app)
  15.  
  16.  
  17. class User(db.Model):
  18. id = db.Column(db.Integer, primary_key=True)
  19. public_id = db.Column(db.String(50), unique=True)
  20. name = db.Column(db.String(50))
  21. password = db.Column(db.String(80))
  22. admin = db.Column(db.Boolean)
  23.  
  24.  
  25. class Todo(db.Model):
  26. id = db.Column(db.Integer, primary_key=True)
  27. text = db.Column(db.String(50))
  28. complete = db.Column(db.Boolean)
  29. user_id = db.Column(db.Integer)
  30.  
  31.  
  32. def token_required(f):
  33. @wraps(f)
  34. def decorated(*args, **kwargs):
  35. token = None
  36.  
  37. if 'x-access-token' in request.headers:
  38. token = request.headers['x-access-token']
  39.  
  40. if not token:
  41. return jsonify({"message": "Token is missing"}), 401
  42.  
  43. try:
  44. data = jwt.decode(token, app.config['SECRET_KEY'])
  45. current_user = User.query.filter_by(public_id=data['public_id']).first()
  46. except:
  47. return jsonify({'message': 'Token is invalid'}), 401
  48.  
  49. return f(current_user, *args, **kwargs)
  50.  
  51. return decorated
  52.  
  53.  
  54. @app.route('/login', methods=['GET'])
  55. def login():
  56. auth = request.authorization
  57.  
  58. if not auth or not auth.username or not auth.password:
  59. return make_response('Could not verify', 401, {'WWW-Authenticate': 'Basic realm="Login required!"'})
  60.  
  61. user = User.query.filter_by(name=auth.username).first()
  62.  
  63. if not user:
  64. return make_response('Could not verify', 401, {'WWW-Authenticate': 'Basic realm="Login required!"'})
  65.  
  66. if check_password_hash(user.password, auth.password):
  67. token = jwt.encode(
  68. {'public_id': user.public_id, 'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=30)},
  69. app.config['SECRET_KEY'])
  70. return jsonify({'token': token.decode('UTF-8')})
  71. return make_response('Could not verify', 401, {'WWW-Authenticate': 'Basic realm="Login required!"'})
  72.  
  73.  
  74. @app.route('/user', methods=['GET'])
  75. @token_required
  76. def get_all_user(current_user):
  77. if not current_user.admin:
  78. return jsonify({"message": "Cannot perform that action!"})
  79.  
  80. users = User.query.all()
  81. output = []
  82. for user in users:
  83. user_data = {}
  84. user_data['public_id'] = user.public_id
  85. user_data['name'] = user.name
  86. user_data['password'] = user.password
  87. user_data['admin'] = user.admin
  88. output.append(user_data)
  89.  
  90. return jsonify({'users': output})
  91.  
  92.  
  93. @app.route('/user/<public_id>', methods=['GET'])
  94. @token_required
  95. def get_one_user(current_user, public_id):
  96. user = User.query.filter_by(public_id=public_id).first()
  97.  
  98. if not user:
  99. return jsonify({"message": "No user found"})
  100.  
  101. user_data = {}
  102. user_data['public_id'] = user.public_id
  103. user_data['name'] = user.name
  104. user_data['password'] = user.password
  105. user_data['admin'] = user.admin
  106.  
  107. return jsonify({'users': user_data})
  108.  
  109.  
  110. @app.route('/user', methods=['POST'])
  111. @token_required
  112. def create_user(current_user):
  113. data = request.get_json()
  114. hashed_password = generate_password_hash(data['password'], method='sha256')
  115. new_user = User(public_id=str(uuid.uuid4()), name=data['name'], password=hashed_password, admin=False)
  116. db.session.add(new_user)
  117. db.session.commit()
  118. return jsonify({'message': 'New user created'})
  119.  
  120.  
  121. @app.route('/user/<public_id>', methods=['PUT'])
  122. @token_required
  123. def promote_user(current_user, public_id):
  124. user = User.query.filter_by(public_id=public_id).first()
  125.  
  126. if not user:
  127. return jsonify({"message": "No user found"})
  128.  
  129. user.admin = True
  130. db.session.commit()
  131.  
  132. return jsonify({"message": "user has been promoted"})
  133.  
  134.  
  135. @app.route('/user/<public_id>', methods=['DELETE'])
  136. @token_required
  137. def delete_user(current_user, public_id):
  138. user = User.query.filter_by(public_id=public_id).first()
  139.  
  140. if not user:
  141. return jsonify({"message": "No user found"})
  142. db.session.delete(user)
  143. db.session.commit()
  144.  
  145. return jsonify({"message": "The user " + user.name + " has been deleted"})
  146.  
  147.  
  148. if __name__ == '__main__':
  149. app.run(debug=True)
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!