-
Notifications
You must be signed in to change notification settings - Fork 0
/
api.py
405 lines (313 loc) · 13.9 KB
/
api.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
##############################################################################
# API for the Annotation project, handles AJAX calls and gives out JSON #
# #
# Authors #
# Yicheng Wang, Jeffrey Zou, Alice Xue #
# #
# Description #
# Handles AJAX calls and database management #
# #
################################################################################
# TODO
# Jeffrey can you implement the change password function? See below in change_pwd
# Write all the htmls
# Write a bunch of server-side stuff, such as home page, about, etc and stuff
# Testing to make sure everything works
# Dev Log
# Project Created: 2015-12-19 14:57 - Yicheng W.
# Most API stuff are done: 2015-12-20 18:23 - Yicheng W.
# Template inheritance and basic HTML setup: 2015-12-27 17:17 - Ariel L.
# Connected to the chrome extension: 2016-1-21 20:52 - Alice X.
from flask import Flask, request, render_template, session, redirect, url_for
from werkzeug.contrib.fixers import ProxyFix
from database import *
from functools import wraps
from hashlib import sha256
import json
from sys import argv
from smtplib import SMTP
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from random import choice
from string import ascii_letters, digits
from bs4 import BeautifulSoup
import re
import unicodedata
app = Flask(__name__)
def login_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if "email" not in session:
return render_template("login.html", err = "You must login to continue.")
return f(*args, **kwargs)
return decorated_function
def login_required_api(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if "email" not in session:
return json.dumps({'status': 'failure', 'error': 'Login Required'})
return f(*args, **kwargs)
return decorated_function
def visible(element):
if element.parent.name in ['style', 'script', '[document]', 'head', 'title']:
return False
elif re.match('<!--.*-->', str(element)):
return False
return True
co_email = "[email protected]"
co_pass = open("password.txt", 'r').read()[:-1]
alphabet = ascii_letters + digits
### HTML CALLS-------------------------------------------------------------####
@app.route("/")
@app.route("/home")
def home():
# TODO this should have two versions, one version where the user is logged
# in, one version in which the user is not logged in
# if the user is logged in, this page should display his/her marked sites,
# otherwise it should be an ad-page with login infos
if 'email' in session:
return render_template("index.html", name = session['name'])
return render_template("index.html")
@app.route("/about")
def about():
if 'name' in session:
return render_template("about.html", name = session['name'])
return render_template("about.html")
@app.route("/regist") # this is actually the register page
def register_page():
return render_template("register.html")
@app.route("/login") # login page
def login_page():
return render_template("login.html")
@app.route("/register", methods = ["GET", 'POST'])
def register():
if request.method == "GET":
return redirect(url_for("register_page"))
else:
email = request.form['email']
password = request.form['password']
confirm = request.form['confirm']
first = request.form['first']
last = request.form['last']
if email == "":
return render_template("register.html", err = "Please enter your email!")
if '@' not in email:
return render_template("register.html", err = "Please enter a valid email!")
if password == "":
return render_template("register.html", err = "Password cannot be empty!")
if password != confirm:
return render_template("register.html", err = "Password does not match the confirm password!")
if first == "" or last == "":
return render_template("register.html", err = "Please enter your name!")
m = sha256()
m.update(password)
passhash = m.hexdigest()
if new_user(email, passhash, first, last):
return render_template("register.html", status = "success")
# in register.html redirect them to login
else:
return render_template("register.html", err = "Email already in use!")
@app.route("/login", methods = ["GET", "POST"])
def login():
if request.method == "GET":
return redirect(url_for("login_page"))
else:
email = request.form['email']
password = request.form['password']
m = sha256()
m.update(password)
passhash = m.hexdigest()
if (authenticate(email, passhash)):
session["email"] = email
session['name'] = get_name_from_email(email)
return redirect(url_for("home"))
else:
return render_template("login.html", err = "Incorrect email/password combination")
@app.route("/forget_pwd")
def forget_pwd_page():
return render_template("forget_pwd.html")
@app.route("/forget_pwd", methods = ["GET", 'POST'])
def forget_pwd():
if request.method == "GET":
return redirect(url_for("forget_pwd_page"))
else:
email = request.form['email']
new_pass = ''.join(choice(alphabet) for i in range(10))
m = sha256()
m.update(new_pass)
passhash = m.hexdigest()
if not update_pwd(email, passhash):
return render_template("forget_pwd.html", err = "The email you entered is not registered")
s = SMTP("smtp.gmail.com", 587)
s.ehlo()
s.starttls()
s.ehlo()
s.login(co_email, co_pass)
msg = """To: %s
From: %s
Subject: Marginalia Password Change Request
Dear %s,
You have requested a password change, here is your new password: %s
If you did not request this change, please still login and then change your password immediately. If this persists, please email us at [email protected]
Sincerely,
The Marginalia Overlords""" % (email, co_email, get_name_from_email(email), new_pass)
s.sendmail(co_email, email, msg)
s.close()
return render_template("forget_pwd.html", status = "success")
@app.route("/change_pwd")
@login_required
def change_pwd_page():
return render_template("change_pwd.html", name = session['name'])
@app.route("/change_pwd", methods = ["GET", 'POST'])
@login_required
def change_pwd():
if request.method == "GET":
return redirect(url_for("change_password"))
else:
email = session['email']
old_password = request.form['oldpass']
m = sha256()
m.update(old_password)
passhash = m.hexdigest()
if (authenticate(email,passhash)):
new_password = request.form['newpass']
confirmed = request.form['confirm']
if new_password != confirmed:
return render_template("change_pwd.html", err = "The new password did match its confirmation", name = session['name'])
m = sha256()
m.update(new_password)
newhashed = m.hexdigest()
changed = update_pwd(email, newhashed)
if changed:
return render_template("change_pwd.html", status = "success", name = session['name'])
else:
return render_template("change_pwd.html", err = "There was a problem in changing the password", name = session['name'])
else:
return render_template("change_pwd.html", err = "Incorrect old password", name = session['name'])
@app.route("/view") # view all sites of a user, username stored in cookie
@login_required
def view_static():
email = session['email']
list_of_sites = get_list_of_sites(email)
return render_template("view.html", sites = list_of_sites, name = session['name'])
@app.route("/view/<int:id>") # grab a specific story based on id
@login_required
def view_site(id):
email = session['email']
site = get_site_on_id(email, id)
if (site):
return render_template("view_one.html", site = site, name = session['name'])
return render_template("error.html", msg = "Sorry but the site you're looking for does not exist or belong to you", name = session['name'])
@app.route("/view/test")
def view_test():
return render_template("view_test.html", name = session['name'])
@app.route("/search", methods = ['GET'])
@login_required
def search():
search_string = request.args.get('search', '')
result = search_user_sites(session['email'], search_string)
return render_template("result.html", name = session['name'], search = search_string, result = result)
@app.route("/logout")
@login_required
def logout():
del session['email']
del session['name']
return redirect(url_for("home"))
@app.route("/share/<int:id>") # reders the site if shares, gives out error otherwise
def share(id):
site = get_site_for_sharing(id)
if site:
if 'name' in session:
return render_template("view_one.html", site = site, name = session['name'], sharing = True)
else:
return render_template("view_one.html", site = site, sharing = True)
elif 'name' in session:
return render_template("error.html", msg = "Sorry this site is not up for sharing :(", name = session['name']);
else:
return render_template("error.html", msg = "Sorry this site is not up for sharing:(")
### API CALLS -------------------------------------------------------------####
@app.route("/new/", methods = ['GET', 'POST']) # adds a site to a user's collection, site passed via POST request, user info stored in session
#@login_required_api
def api_add_site():
if 'name' not in session:
return "login"
if request.method == 'GET':
return json.dumps({'status': 'failure', 'msg': 'Incorrect request method'})
email = session['email']
title = request.form['title']
author = request.form['author']
date = request.form['date']
url = request.form['url']
if date == 'undefined':
date = ''
else:
date = '(%s)' % date
site = request.form['site']
url = request.form['url']
soup = BeautifulSoup(site, 'lxml')
[s.extract() for s in soup(['style', 'script', '[document]', 'head', 'title', 'li', 'ul'])]
text =[''.join(s.findAll(text=True))for s in soup.findAll('p')]
htmlsite = '</p><p>'.join(text)
htmlsite = htmlsite[:-3]
#html = [''.join(s.findAll()) for s in soup.findAll('div', {'class':re.compile("")})]
#site = soup.get_text(u'', False)
#plist = site.split('\n')
#htmlsite = u""
#for i in plist:
# htmlsite += "<p>" + i + "</p>"
htmlsite = '<h4>' + title + "</h4>\n<p>" + author + '</p><p>' + htmlsite + '</p><p><a target="_blank" href="' + url + '">' + 'Original Site</a></p>'
new_id = add_to_sites(email, title, htmlsite, "", "")
#print new_id
if new_id != -1:
return str(new_id)
return 'failure'
@app.route("/update/<int:id>", methods = ["GET", 'POST']) # update a specific site based on id, new site content passed via POST request, user info stored in session
@login_required_api
def api_update_site(id):
if request.method == 'GET':
return json.dumps({"status": 'failure', 'msg': 'Incorrect request method'})
email = session['email']
new_site = request.form['site']
new_comments = request.form['comment']
new_notes = request.form['note']
if update_site(email, id, new_site, new_comments, new_notes):
return json.dumps({"status": 'success', 'msg': 'Your marks have been updated'})
return json.dumps({'status': 'failure', 'msg': "Something went wrong :("})
@app.route("/change_perm/", methods = ['GET', 'POST']) # changes sharing permission for a site, user info stored in session
@login_required_api
def api_change_perm():
if request.method == 'GET':
return json.dumps({'status':'failure', 'msg': 'Something went wrong :('})
email = session['email']
id = int(request.form['id'])
if change_site_permission(email, id):
return json.dumps({"status": 'success', 'msg': "The permission of your site has been successfully changed", 'to': request.form['to'], 'id': id})
return json.dumps({'status': 'failure', 'msg': 'Something went wrong :('})
@app.route("/delete/", methods = ['GET', 'POST']) # deletes a story based on id, user data stored in session
@login_required_api
def api_delete_site():
if request.method == 'GET':
return json.dumps({'status':'failure', 'msg': 'Something went wrong :('})
email = session['email']
id = request.form['id']
if delete_site(email, id):
return json.dumps({'status': 'success', 'msg': 'Your site has been successfully deleted'})
return json.dumps({'status': 'failure', 'msg': 'Something went wrong :('})
@app.route("/fork/", methods = ['GET' , 'POST']) # copies a shared document into own's own private repo
# relatively low priority but still on TODO
@login_required_api
def fork():
email = session['email']
id = int(request.form['id'])
new_id = fork_shared_site(id, email)
if new_id != -1:
return json.dumps({'status': 'success', 'msg':'The site has been successfully added to your own library', 'id': new_id})
return json.dumps({'status': 'failure', 'msg': 'Something went wrong'})
app.wsgi_app = ProxyFix(app.wsgi_app)
try:
app.secret_key = argv[argv.index('--key') + 1]
except ValueError:
app.secret_key = "nvm ariel i was dumb"
app.debug = ("--debug" in argv)
if __name__ == "__main__":
app.run()