113 lines
3.9 KiB
Python
113 lines
3.9 KiB
Python
from http import HTTPStatus
|
|
from flask import Flask, Response, config, json, jsonify, request, request_started
|
|
from uuid import uuid4
|
|
import sqlite3
|
|
import numbers
|
|
from flask import g
|
|
|
|
DATABASE = './forum.db'
|
|
|
|
def get_db():
|
|
db = getattr(g, '__database', None)
|
|
if db is None:
|
|
db = g.__database = sqlite3.connect(DATABASE)
|
|
return db
|
|
|
|
app = Flask(__name__)
|
|
|
|
@app.teardown_appcontext
|
|
def close_connection(_):
|
|
db = getattr(g, '__database', None)
|
|
if db is not None:
|
|
db.close()
|
|
|
|
|
|
print("Connected to SQLite database")
|
|
|
|
@app.route('/api/message')
|
|
def get_messages():
|
|
cur = get_db().cursor()
|
|
res = cur.execute("SELECT message_id, position, message FROM message")
|
|
messages = jsonify(list(map(lambda m: {'message_id': m[0], 'position': json.loads(m[1]), 'message': m[2]}, res.fetchall())))
|
|
return messages
|
|
|
|
@app.route('/api/new_message', methods=['POST'])
|
|
def new_message():
|
|
db = get_db()
|
|
cur = db.cursor()
|
|
position = list(json.loads(request.form['position']))
|
|
if len(position) != 3:
|
|
return Response(status=HTTPStatus.BAD_REQUEST)
|
|
for elem in position:
|
|
if not isinstance(elem, numbers.Number):
|
|
return Response(status=HTTPStatus.BAD_REQUEST)
|
|
position = json.dumps(position)
|
|
message = str(request.form['message'])
|
|
token = request.form['token']
|
|
res = cur.execute(f"SELECT user_id FROM user WHERE token='{token}'")
|
|
(user_id,) = res.fetchone()
|
|
if user_id is not None:
|
|
id = str(uuid4())
|
|
cur.execute("INSERT INTO message VALUES(?, ?, ?, ?)", (id, user_id, position, message));
|
|
db.commit()
|
|
return Response(status=HTTPStatus.NO_CONTENT)
|
|
else:
|
|
return Response(status=HTTPStatus.BAD_REQUEST)
|
|
|
|
@app.route('/api/gen_token')
|
|
def gen_token():
|
|
db = get_db()
|
|
cur = db.cursor()
|
|
id = str(uuid4())
|
|
token = str(uuid4())
|
|
cur.execute("INSERT INTO user VALUES(?, ?)", (id, token));
|
|
db.commit()
|
|
return { 'token': token }
|
|
|
|
@app.route('/api/remove_message', methods=['DELETE'])
|
|
def remove_message():
|
|
db = get_db()
|
|
cur = db.cursor()
|
|
token = request.form['token']
|
|
message_id = request.form['message_id']
|
|
res = cur.execute(f"SELECT user_id FROM user WHERE token='{token}'")
|
|
(user_id,) = res.fetchone()
|
|
if user_id is not None:
|
|
res = cur.execute(f"SELECT message_id, user_id FROM message WHERE message_id='{message_id}'")
|
|
(message_id, message_user_id) = res.fetchone()
|
|
if message_id is not None:
|
|
if message_user_id == user_id:
|
|
cur.execute(f"DELETE FROM message WHERE message_id='{message_id}'")
|
|
db.commit()
|
|
return Response(status=HTTPStatus.NO_CONTENT)
|
|
else:
|
|
return Response(status=HTTPStatus.UNAUTHORIZED)
|
|
else:
|
|
return Response(status=HTTPStatus.BAD_REQUEST)
|
|
else:
|
|
return Response(status=HTTPStatus.BAD_REQUEST)
|
|
|
|
@app.route('/api/edit_message', methods=['PUT'])
|
|
def edit_message():
|
|
db = get_db()
|
|
cur = db.cursor()
|
|
token = request.form['token']
|
|
message_id = request.form['message_id']
|
|
new_message = request.form['message']
|
|
res = cur.execute(f"SELECT user_id FROM user WHERE token='{token}'")
|
|
(user_id,) = res.fetchone()
|
|
if user_id is not None and new_message is not None:
|
|
res = cur.execute(f"SELECT message_id, user_id FROM message WHERE message_id='{message_id}'")
|
|
(message_id, message_user_id) = res.fetchone()
|
|
if message_id is not None:
|
|
if message_user_id == user_id:
|
|
cur.execute(f"UPDATE message SET message = '{new_message}' WHERE message_id='{message_id}'");
|
|
db.commit()
|
|
return Response(status=HTTPStatus.NO_CONTENT)
|
|
else:
|
|
return Response(status=HTTPStatus.UNAUTHORIZED)
|
|
else:
|
|
return Response(status=HTTPStatus.BAD_REQUEST)
|
|
else:
|
|
return Response(status=HTTPStatus.BAD_REQUEST)
|