TelegramAktienBot/api/helper_functions.py

import hashlib
import os
import uuid

import jwt
from apiflask import abort
from flask import request, jsonify

from db import db
from models import User


def hash_password(password):
    salt = uuid.uuid4().hex
    return hashlib.sha256(salt.encode() + password.encode()).hexdigest() + ':' + salt


def check_password(hashed_password, user_password):
    password, salt = hashed_password.split(':')
    return password == hashlib.sha256(salt.encode() + user_password.encode()).hexdigest()


def get_token():
    token = None
    if 'Authorization' in request.headers:
        token = request.headers['Authorization'].split(" ")[1]

    return token


def extract_token_data(token):
    if token is not None:
        try:
            return jwt.decode(token, os.getenv('SECRET_KEY'), algorithms=["HS256"])
        except jwt.exceptions.DecodeError:
            return None
    else:
        return None


def get_username_from_token_data():
    if 'Authorization' in request.headers:
        token = request.headers['Authorization'].split(" ")[1]

        if token is not None:
            if ':' in token:  # Maybe bot token, check if token valid and return username after ":" then
                username = token.split(":")[1]
                token = token.split(":")[0]

                try:
                    if jwt.decode(token, os.getenv('SECRET_KEY'), algorithms=["HS256"])['username'] == "bot":
                        return username
                    else:
                        return None
                except jwt.exceptions.DecodeError:
                    return None

            else:  # "Normal" token, extract username from token
                try:
                    return jwt.decode(token, os.getenv('SECRET_KEY'), algorithms=["HS256"])['username']
                except jwt.exceptions.DecodeError:
                    return None

    return None


def get_user_id_from_username(username):
    if username is not None:
        return db.session.query(User).filter_by(username=username).first().user_id
    else:
        return None


def get_username_or_abort_401():
    # get username from jwt token
    username = get_username_from_token_data()

    if username is None:  # If token not provided or invalid -> return 401 code
        abort(401, message="Unable to login")

    return username


def abort_if_no_admin():
    if not is_user_admin():
        abort(401, message="Only admin users can access this")


def is_user_admin():
    username = get_username_or_abort_401()

    return db.session.query(User).filter_by(username=username).first().admin


def make_response(data, status=200, text=""):
    return jsonify({"status": status, "text": text, "data": {"token": data}})
Added some api endpoints 2022-03-14 06:32:16 +00:00			`import hashlib`
Many api changes - Added basic jwt auth - Added keyword endpoints - added share/symbol endpoints - updated postman - refactoring 2022-03-14 16:10:00 +00:00			`import os`
Added some api endpoints 2022-03-14 06:32:16 +00:00			`import uuid`

Many api changes - Added basic jwt auth - Added keyword endpoints - added share/symbol endpoints - updated postman - refactoring 2022-03-14 16:10:00 +00:00			`import jwt`
Rewrite api from Flask to APIFlask 2022-03-17 08:26:25 +00:00			`from apiflask import abort`
Standardization of json responses 2022-03-22 10:21:39 +00:00			`from flask import request, jsonify`
Many api changes - Added basic jwt auth - Added keyword endpoints - added share/symbol endpoints - updated postman - refactoring 2022-03-14 16:10:00 +00:00
Fixed imports 2022-03-14 16:36:38 +00:00			`from db import db`
			`from models import User`
Many api changes - Added basic jwt auth - Added keyword endpoints - added share/symbol endpoints - updated postman - refactoring 2022-03-14 16:10:00 +00:00
Added some api endpoints 2022-03-14 06:32:16 +00:00
			`def hash_password(password):`
			`salt = uuid.uuid4().hex`
			`return hashlib.sha256(salt.encode() + password.encode()).hexdigest() + ':' + salt`


			`def check_password(hashed_password, user_password):`
			`password, salt = hashed_password.split(':')`
Many api changes - Added basic jwt auth - Added keyword endpoints - added share/symbol endpoints - updated postman - refactoring 2022-03-14 16:10:00 +00:00			`return password == hashlib.sha256(salt.encode() + user_password.encode()).hexdigest()`


			`def get_token():`
			`token = None`
			`if 'Authorization' in request.headers:`
			`token = request.headers['Authorization'].split(" ")[1]`

			`return token`


			`def extract_token_data(token):`
			`if token is not None:`
			`try:`
			`return jwt.decode(token, os.getenv('SECRET_KEY'), algorithms=["HS256"])`
Rewrite api from Flask to APIFlask 2022-03-17 08:26:25 +00:00			`except jwt.exceptions.DecodeError:`
Many api changes - Added basic jwt auth - Added keyword endpoints - added share/symbol endpoints - updated postman - refactoring 2022-03-14 16:10:00 +00:00			`return None`
Check if token is empty or invalid, update postman 2022-03-14 21:57:03 +00:00			`else:`
			`return None`
Many api changes - Added basic jwt auth - Added keyword endpoints - added share/symbol endpoints - updated postman - refactoring 2022-03-14 16:10:00 +00:00

Improve api for bot 2022-03-22 10:20:04 +00:00			`def get_username_from_token_data():`
			`if 'Authorization' in request.headers:`
			`token = request.headers['Authorization'].split(" ")[1]`

			`if token is not None:`
			`if ':' in token: # Maybe bot token, check if token valid and return username after ":" then`
			`username = token.split(":")[1]`
			`token = token.split(":")[0]`

			`try:`
			`if jwt.decode(token, os.getenv('SECRET_KEY'), algorithms=["HS256"])['username'] == "bot":`
			`return username`
			`else:`
			`return None`
			`except jwt.exceptions.DecodeError:`
			`return None`

			`else: # "Normal" token, extract username from token`
			`try:`
			`return jwt.decode(token, os.getenv('SECRET_KEY'), algorithms=["HS256"])['username']`
			`except jwt.exceptions.DecodeError:`
			`return None`

			`return None`
Many api changes - Added basic jwt auth - Added keyword endpoints - added share/symbol endpoints - updated postman - refactoring 2022-03-14 16:10:00 +00:00

			`def get_user_id_from_username(username):`
Check if token is empty or invalid, update postman 2022-03-14 21:57:03 +00:00			`if username is not None:`
			`return db.session.query(User).filter_by(username=username).first().user_id`
			`else:`
			`return None`


Rewrite api from Flask to APIFlask 2022-03-17 08:26:25 +00:00			`def get_username_or_abort_401():`
			`# get username from jwt token`
Improve api for bot 2022-03-22 10:20:04 +00:00			`username = get_username_from_token_data()`
Added api endpoints: - delete user - get current user - update user password and username - set admin rights - refactoring 2022-03-17 10:05:28 +00:00
Rewrite api from Flask to APIFlask 2022-03-17 08:26:25 +00:00			`if username is None: # If token not provided or invalid -> return 401 code`
			`abort(401, message="Unable to login")`

			`return username`
Added api endpoints: - delete user - get current user - update user password and username - set admin rights - refactoring 2022-03-17 10:05:28 +00:00

			`def abort_if_no_admin():`
			`if not is_user_admin():`
			`abort(401, message="Only admin users can access this")`


			`def is_user_admin():`
			`username = get_username_or_abort_401()`

			`return db.session.query(User).filter_by(username=username).first().admin`
Standardization of json responses 2022-03-22 10:21:39 +00:00

			`def make_response(data, status=200, text=""):`
			`return jsonify({"status": status, "text": text, "data": {"token": data}})`