-
Notifications
You must be signed in to change notification settings - Fork 0
/
api.py
147 lines (99 loc) · 3.65 KB
/
api.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
#!/usr/bin/env python3
from . import *
from .db import *
api = Blueprint('api', __name__)
def get_user(user): return {k: v for k in ('id', 'email', 'vk_id') if (v := getattr(user, k, None))}
def with_user(f):
@login_required
async def decorated(*args, **kwargs):
user = User.query.filter_by(id=current_user.auth_id).first()
assert (user)
return f(user, *args, **kwargs)
decorated.__name__ = f.__name__ # endpoint name
return decorated
@api.route('/api/login', methods=('POST',))
async def api_login():
form = await request.form
try: email, password = form['email'], form['password']
except Exception as ex: return abort(400, ex)
user = User.query.filter_by(email=email).first()
if (not user): return abort(418)
if (not check_password_hash(user.password, password)): return abort(403)
login_user(AuthUser(user.id))
return get_user(user)
@api.route('/api/logout')
async def api_logout():
logout_user()
return {}
@api.route('/api/register', methods=('POST',))
async def api_register():
form = await request.form
try: email, password = form['email'], form['password']
except Exception as ex: return abort(400, ex)
if (User.query.filter_by(email=email).first()): return abort(409)
user = User(email=email, password=generate_password_hash(password))
db.session.add(user)
db.session.commit()
login_user(AuthUser(user.id))
return get_user(user)
@api.route('/api/oauth/vk', methods=('POST',))
async def api_oauth_vk():
form = await request.form
try: access_token, user_id = form['access_token'], int(form['user_id'])
except Exception as ex: return abort(400, ex)
async with aiohttp.ClientSession() as session:
async with session.get(f"https://api.vk.com/method/users.get?access_token={access_token}&v=5.131") as resp:
r = await resp.json()
if ('error' in r): return abort(403, r['error'])
vk_id = r['response'][0]['id']
if (vk_id != user_id): return abort(406)
user = User.query.filter_by(vk_id=vk_id).first()
if (not user):
user = User(vk_id=vk_id)
db.session.add(user)
db.session.commit()
login_user(AuthUser(user.id))
return get_user(user)
@api.route('/api/user')
@with_user
async def api_user(user):
return get_user(user)
@api.route('/api/profile', methods=('GET', 'POST'))
@with_user
async def api_profile(user):
profile = Profile.query.filter_by(id=user.id).first()
if (request.method == 'GET'): return ({k: v for k in ('age', 'education', 'wage') if (v := getattr(profile, k, None))} if (profile) else {})
if (not profile): profile = Profile()
form = await request.form
try: age, education, wage = int(form['age']), int(form['education']), int(form['wage'])
except Exception as ex: return abort(400, ex)
profile.age, profile.education, profile.wage = age, education, wage
db.session.add(profile)
db.session.commit()
return {}
@api.route('/api/level', methods=('GET', 'POST'))
@with_user
async def api_level(user):
profile = Profile.query.filter_by(id=user.id).first()
if (request.method == 'GET'): return str(profile.level)
if (not profile): profile = Profile()
try: level = int(await request.get_data())
except Exception as ex: return abort(400, ex)
profile.level = level
db.session.add(profile)
db.session.commit()
return ''
@api.route('/api/progress', methods=('GET', 'POST'))
@with_user
async def api_progress(user):
profile = Profile.query.filter_by(id=user.id).first()
if (request.method == 'GET'): return str(profile.progress)
if (not profile): profile = Profile()
try: progress = int(await request.get_data())
except Exception as ex: return abort(400, ex)
profile.progress = progress
db.session.add(profile)
db.session.commit()
return ''
# by InfantemTeam <[email protected]>, 2021
# www.sdore.me