TelegramAktienBot/api/app/helper_functions.py

import bcrypt
import jwt
from apiflask import abort
from app.db import database as db
from app.models import User
from flask import current_app
from flask import request, jsonify


def hash_password(password):
    return bcrypt.hashpw(password.encode("utf-8"), bcrypt.gensalt())


def check_password(hashed_password, user_password):
    return bcrypt.checkpw(user_password, hashed_password)


def get_email_from_token_data(token):
    if token is None or len(token) < 2:
        return None
    else:
        token = token[1]

    if token is not None:
        if ':' in token:  # Maybe bot token, check if token valid and return username after ":" then
            telegram_user_id = token.split(":")[1]
            token = token.split(":")[0]

            try:
                if jwt.decode(token, current_app.config['SECRET_KEY'], algorithms=["HS256"])['email'] == current_app.config['BOT_EMAIL']:
                    res = db.session.query(User).filter_by(telegram_user_id=telegram_user_id).first()

                    if res is not None:
                        return res.as_dict()['email']
                    else:
                        return None
                else:
                    return None
            except jwt.PyJWTError:
                return None

        else:  # "Normal" token, extract username from token
            try:
                return jwt.decode(token, current_app.config['SECRET_KEY'], algorithms=["HS256"])['email']
            except jwt.PyJWTError:
                return None


def get_token():
    if 'Authorization' in request.headers:
        return request.headers['Authorization'].split(" ")
    else:
        return None


def get_email_or_abort_401():
    # get username from jwt token
    email = get_email_from_token_data(get_token())

    if email is None:  # If token not provided or invalid -> return 401 code
        abort(401, message="Unable to login")

    return email


def abort_if_no_admin():
    if not is_user_admin():
        abort(401, message="Only admin users can access this")


def is_user_admin():
    email = get_email_or_abort_401()

    return db.session.query(User).filter_by(email=email).first().admin


def make_response(data, status=200, text=""):
    return jsonify({"status": status, "text": text, "data": data})


def get_user(email):
    query_user = db.session.query(User).filter_by(email=email).first()

    if query_user is None:  # Username doesn't exist
        abort(500, message="Can't find user")

    return query_user
Updated api to use bcrypt 2022-03-27 18:42:11 +00:00			`import bcrypt`
Many api changes - Added basic jwt auth - Added keyword endpoints - added share/symbol endpoints - updated postman - refactoring 2022-03-14 16:10:00 +00:00			`import jwt`
Rewrite api from Flask to APIFlask 2022-03-17 08:26:25 +00:00			`from apiflask import abort`
Tests - Improved directory structure - Added functional and unit tests 2022-03-30 08:46:54 +00:00			`from app.db import database as db`
			`from app.models import User`
Added cron field to database 2022-04-05 08:51:09 +00:00			`from flask import current_app`
			`from flask import request, jsonify`
Many api changes - Added basic jwt auth - Added keyword endpoints - added share/symbol endpoints - updated postman - refactoring 2022-03-14 16:10:00 +00:00
Added some api endpoints 2022-03-14 06:32:16 +00:00
			`def hash_password(password):`
Updated api to use bcrypt 2022-03-27 18:42:11 +00:00			`return bcrypt.hashpw(password.encode("utf-8"), bcrypt.gensalt())`
Added some api endpoints 2022-03-14 06:32:16 +00:00

			`def check_password(hashed_password, user_password):`
Fixed binary is not serializable error #2 2022-03-27 19:21:20 +00:00			`return bcrypt.checkpw(user_password, hashed_password)`
Many api changes - Added basic jwt auth - Added keyword endpoints - added share/symbol endpoints - updated postman - refactoring 2022-03-14 16:10:00 +00:00

Added cron field to database 2022-04-05 08:51:09 +00:00			`def get_email_from_token_data(token):`
			`if token is None or len(token) < 2:`
			`return None`
			`else:`
			`token = token[1]`

			`if token is not None:`
			`if ':' in token: # Maybe bot token, check if token valid and return username after ":" then`
			`telegram_user_id = token.split(":")[1]`
			`token = token.split(":")[0]`

			`try:`
			`if jwt.decode(token, current_app.config['SECRET_KEY'], algorithms=["HS256"])['email'] == current_app.config['BOT_EMAIL']:`
			`res = db.session.query(User).filter_by(telegram_user_id=telegram_user_id).first()`

			`if res is not None:`
			`return res.as_dict()['email']`
Improve api for bot 2022-03-22 10:20:04 +00:00			`else:`
			`return None`
Added cron field to database 2022-04-05 08:51:09 +00:00			`else:`
Improve api for bot 2022-03-22 10:20:04 +00:00			`return None`
Added cron field to database 2022-04-05 08:51:09 +00:00			`except jwt.PyJWTError:`
			`return None`
Improve api for bot 2022-03-22 10:20:04 +00:00
Added cron field to database 2022-04-05 08:51:09 +00:00			`else: # "Normal" token, extract username from token`
			`try:`
			`return jwt.decode(token, current_app.config['SECRET_KEY'], algorithms=["HS256"])['email']`
			`except jwt.PyJWTError:`
			`return None`
Improve api for bot 2022-03-22 10:20:04 +00:00
Added cron field to database 2022-04-05 08:51:09 +00:00
			`def get_token():`
			`if 'Authorization' in request.headers:`
			`return request.headers['Authorization'].split(" ")`
			`else:`
			`return None`
Many api changes - Added basic jwt auth - Added keyword endpoints - added share/symbol endpoints - updated postman - refactoring 2022-03-14 16:10:00 +00:00

Changed database model 2022-03-27 15:23:33 +00:00			`def get_email_or_abort_401():`
Rewrite api from Flask to APIFlask 2022-03-17 08:26:25 +00:00			`# get username from jwt token`
Added cron field to database 2022-04-05 08:51:09 +00:00			`email = get_email_from_token_data(get_token())`
Added api endpoints: - delete user - get current user - update user password and username - set admin rights - refactoring 2022-03-17 10:05:28 +00:00
Changed database model 2022-03-27 15:23:33 +00:00			`if email is None: # If token not provided or invalid -> return 401 code`
Rewrite api from Flask to APIFlask 2022-03-17 08:26:25 +00:00			`abort(401, message="Unable to login")`

Changed database model 2022-03-27 15:23:33 +00:00			`return email`
Added api endpoints: - delete user - get current user - update user password and username - set admin rights - refactoring 2022-03-17 10:05:28 +00:00

			`def abort_if_no_admin():`
			`if not is_user_admin():`
			`abort(401, message="Only admin users can access this")`


			`def is_user_admin():`
Changed database model 2022-03-27 15:23:33 +00:00			`email = get_email_or_abort_401()`
Added api endpoints: - delete user - get current user - update user password and username - set admin rights - refactoring 2022-03-17 10:05:28 +00:00
Changed database model 2022-03-27 15:23:33 +00:00			`return db.session.query(User).filter_by(email=email).first().admin`
Standardization of json responses 2022-03-22 10:21:39 +00:00

			`def make_response(data, status=200, text=""):`
Changed database model 2022-03-27 15:23:33 +00:00			`return jsonify({"status": status, "text": text, "data": data})`
Added cron field to database 2022-04-05 08:51:09 +00:00

			`def get_user(email):`
			`query_user = db.session.query(User).filter_by(email=email).first()`

			`if query_user is None: # Username doesn't exist`
			`abort(500, message="Can't find user")`

			`return query_user`