1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
from http import HTTPStatus
from flask import Flask, Response, config, json, jsonify, request, request_started
from uuid import uuid4
import sqlite3
import numbers
from flask import g
DATABASE = './forum.db'
def get_db():
db = getattr(g, '__database', None)
if db is None:
db = g.__database = sqlite3.connect(DATABASE)
return db
app = Flask(__name__)
@app.teardown_appcontext
def close_connection(_):
db = getattr(g, '__database', None)
if db is not None:
db.close()
print("Connected to SQLite database")
@app.route('/api/message')
def get_messages():
cur = get_db().cursor()
res = cur.execute("SELECT message_id, position, message FROM message")
messages = jsonify(list(map(lambda m: {'message_id': m[0], 'position': json.loads(m[1]), 'message': m[2]}, res.fetchall())))
return messages
@app.route('/api/new_message', methods=['POST'])
def new_message():
db = get_db()
cur = db.cursor()
position = list(json.loads(request.form['position']))
if len(position) != 3:
return Response(status=HTTPStatus.BAD_REQUEST)
for elem in position:
if not isinstance(elem, numbers.Number):
return Response(status=HTTPStatus.BAD_REQUEST)
position = json.dumps(position)
message = str(request.form['message'])
token = request.form['token']
res = cur.execute(f"SELECT user_id FROM user WHERE token='{token}'")
res = res.fetchone()
if res is not None:
(user_id,) = res
id = str(uuid4())
cur.execute("INSERT INTO message VALUES(?, ?, ?, ?)", (id, user_id, position, message));
db.commit()
return Response(status=HTTPStatus.NO_CONTENT)
else:
return Response(status=HTTPStatus.BAD_REQUEST)
@app.route('/api/gen_token')
def gen_token():
db = get_db()
cur = db.cursor()
id = str(uuid4())
token = str(uuid4())
cur.execute("INSERT INTO user VALUES(?, ?)", (id, token));
db.commit()
return { 'token': token }
@app.route('/api/remove_message', methods=['DELETE'])
def remove_message():
db = get_db()
cur = db.cursor()
token = request.form['token']
message_id = request.form['message_id']
res = cur.execute("SELECT user_id FROM user WHERE token= ?", (token,))
res = res.fetchone()
if res is not None:
(user_id,) = res
res = cur.execute("SELECT message_id, user_id FROM message WHERE message_id= ?", (message_id,))
res = res.fetchone()
if res is not None:
(message_id, message_user_id) = res
if message_user_id == user_id:
cur.execute("DELETE FROM message WHERE message_id= ?", (message_id,))
db.commit()
return Response(status=HTTPStatus.NO_CONTENT)
else:
return Response(status=HTTPStatus.UNAUTHORIZED)
else:
return Response(status=HTTPStatus.BAD_REQUEST)
else:
return Response(status=HTTPStatus.BAD_REQUEST)
@app.route('/api/edit_message', methods=['PUT'])
def edit_message():
db = get_db()
cur = db.cursor()
token = request.form['token']
message_id = request.form['message_id']
new_message = request.form['message']
res = cur.execute("SELECT user_id FROM user WHERE token = ?", (token,))
res = res.fetchone()
if res is not None and new_message is not None:
(user_id,) = res
res = cur.execute("SELECT message_id, user_id FROM message WHERE message_id= ?", (message_id,))
res = res.fetchone()
if res is not None:
(message_id, message_user_id) = res
if message_user_id == user_id:
cur.execute("UPDATE message SET message = ? WHERE message_id= ?", (new_message, message_id));
db.commit()
return Response(status=HTTPStatus.NO_CONTENT)
else:
return Response(status=HTTPStatus.UNAUTHORIZED)
else:
return Response(status=HTTPStatus.BAD_REQUEST)
else:
return Response(status=HTTPStatus.BAD_REQUEST)
|
