from http import HTTPStatus
from flask import Flask, Response, config, json, jsonify, request, request_started
from uuid import uuid4
import sqlite3
import numbers
from flask import g
DATABASE = './forum.db'
def get_db():
db = getattr(g, '__database', None)
if db is None:
db = g.__database = sqlite3.connect(DATABASE)
return db
app = Flask(__name__)
@app.teardown_appcontext
def close_connection(_):
db = getattr(g, '__database', None)
if db is not None:
db.close()
print("Connected to SQLite database")
@app.route('/api/message')
def get_messages():
cur = get_db().cursor()
res = cur.execute("SELECT message_id, position, message FROM message")
messages = jsonify(list(map(lambda m: {'message_id': m[0], 'position': json.loads(m[1]), 'message': m[2]}, res.fetchall())))
return messages
@app.route('/api/new_message', methods=['POST'])
def new_message():
db = get_db()
cur = db.cursor()
position = list(json.loads(request.form['position']))
if len(position) != 3:
return Response(status=HTTPStatus.BAD_REQUEST)
for elem in position:
if not isinstance(elem, numbers.Number):
return Response(status=HTTPStatus.BAD_REQUEST)
position = json.dumps(position)
message = str(request.form['message'])
token = request.form['token']
res = cur.execute(f"SELECT user_id FROM user WHERE token='{token}'")
res = res.fetchone()
if res is not None:
(user_id,) = res
id = str(uuid4())
cur.execute("INSERT INTO message VALUES(?, ?, ?, ?)", (id, user_id, position, message));
db.commit()
return Response(status=HTTPStatus.NO_CONTENT)
else:
return Response(status=HTTPStatus.BAD_REQUEST)
@app.route('/api/gen_token')
def gen_token():
db = get_db()
cur = db.cursor()
id = str(uuid4())
token = str(uuid4())
cur.execute("INSERT INTO user VALUES(?, ?)", (id, token));
db.commit()
return { 'token': token }
@app.route('/api/remove_message', methods=['DELETE'])
def remove_message():
db = get_db()
cur = db.cursor()
token = request.form['token']
message_id = request.form['message_id']
res = cur.execute(f"SELECT user_id FROM user WHERE token='{token}'")
res = res.fetchone()
if res is not None:
(user_id,) = res
res = cur.execute(f"SELECT message_id, user_id FROM message WHERE message_id='{message_id}'")
res = res.fetchone()
if res is not None:
(message_id, message_user_id) = res
if message_user_id == user_id:
cur.execute(f"DELETE FROM message WHERE message_id='{message_id}'")
db.commit()
return Response(status=HTTPStatus.NO_CONTENT)
else:
return Response(status=HTTPStatus.UNAUTHORIZED)
else:
return Response(status=HTTPStatus.BAD_REQUEST)
else:
return Response(status=HTTPStatus.BAD_REQUEST)
@app.route('/api/edit_message', methods=['PUT'])
def edit_message():
db = get_db()
cur = db.cursor()
token = request.form['token']
message_id = request.form['message_id']
new_message = request.form['message']
res = cur.execute(f"SELECT user_id FROM user WHERE token='{token}'")
res = res.fetchone()
if res is not None and new_message is not None:
(user_id,) = res
res = cur.execute(f"SELECT message_id, user_id FROM message WHERE message_id='{message_id}'")
res = res.fetchone()
if res is not None:
(message_id, message_user_id) = res
if message_user_id == user_id:
cur.execute(f"UPDATE message SET message = '{new_message}' WHERE message_id='{message_id}'");
db.commit()
return Response(status=HTTPStatus.NO_CONTENT)
else:
return Response(status=HTTPStatus.UNAUTHORIZED)
else:
return Response(status=HTTPStatus.BAD_REQUEST)
else:
return Response(status=HTTPStatus.BAD_REQUEST)