from geruecht import app from geruecht.logger import getDebugLogger, getInfoLogger from geruecht.decorator import login_required from geruecht.exceptions import PermissionDenied import geruecht.controller.accesTokenController as ac import geruecht.controller.userController as uc from geruecht.model import MONEY, BAR, USER, GASTRO, VORSTAND, EXTERN from flask import request, jsonify accesTokenController = ac.AccesTokenController() userController = uc.UserController() debug = getDebugLogger("MAIN-ROUTE", True) info = getInfoLogger("MAIN-ROUTE") def login(user, password): return user.login(password) @app.route("/valid") def _valid(): token = request.headers.get("Token") accToken = accesTokenController.validateAccessToken(token, [MONEY]) if accToken: return jsonify(accToken.user.toJSON()) accToken = accesTokenController.validateAccessToken(token, [BAR]) if accToken: return jsonify(accToken.user.toJSON()) accToken = accesTokenController.validateAccessToken(token, [GASTRO]) if accToken: return jsonify(accToken.user.toJSON()) accToken = accesTokenController.validateAccessToken(token, [USER]) if accToken: return jsonify(accToken.user.toJSON()) return jsonify({"error": "permission denied"}), 401 @app.route("/pricelist", methods=['GET']) def _getPricelist(): try: debug.info("get pricelist") retVal = userController.getPricelist() debug.info("return pricelist {{}}".format(retVal)) return jsonify(retVal) except Exception as err: debug.warning("exception in get pricelist.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route('/drinkTypes', methods=['GET']) def getTypes(): try: debug.info("get drinktypes") retVal = userController.getAllDrinkTypes() debug.info("return drinktypes {{}}".format(retVal)) return jsonify(retVal) except Exception as err: debug.warning("exception in get drinktypes.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route('/getAllStatus', methods=['GET']) @login_required(groups=[USER, MONEY, GASTRO, BAR, VORSTAND]) def _getAllStatus(**kwargs): try: debug.info("get all status for users") retVal = userController.getAllStatus() debug.info("return all status for users {{}}".format(retVal)) return jsonify(retVal) except Exception as err: debug.warning("exception in get all status for users.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route('/getStatus', methods=['POST']) @login_required(groups=[USER, MONEY, GASTRO, BAR, VORSTAND]) def _getStatus(**kwargs): try: debug.info("get status from user") data = request.get_json() name = data['name'] debug.info("get status from user {{}}".format(name)) retVal = userController.getStatus(name) debug.info("return status from user {{}} : {{}}".format(name, retVal)) return jsonify(retVal) except Exception as err: debug.warning("exception in get status from user.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route('/getUsers', methods=['GET']) @login_required(groups=[MONEY, GASTRO, VORSTAND]) def _getUsers(**kwargs): try: debug.info("get all users from database") users = userController.getAllUsersfromDB() debug.debug("users are {{}}".format(users)) retVal = [user.toJSON() for user in users] debug.info("return all users from database {{}}".format(retVal)) return jsonify(retVal) except Exception as err: debug.warning("exception in get all users from database.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route("/getLifeTime", methods=['GET']) @login_required(groups=[MONEY, GASTRO, VORSTAND, EXTERN, USER]) def _getLifeTime(**kwargs): try: debug.info("get lifetime of accesstoken") if 'accToken' in kwargs: accToken = kwargs['accToken'] debug.debug("accessToken is {{}}".format(accToken)) retVal = {"value": accToken.lifetime} debug.info("return get lifetime from accesstoken {{}}".format(retVal)) return jsonify(retVal) except Exception as err: debug.info("exception in get lifetime of accesstoken.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route("/saveLifeTime", methods=['POST']) @login_required(groups=[MONEY, GASTRO, VORSTAND, EXTERN, USER]) def _saveLifeTime(**kwargs): try: debug.info("save lifetime for accessToken") if 'accToken' in kwargs: accToken = kwargs['accToken'] debug.debug("accessToken is {{}}".format(accToken)) data = request.get_json() lifetime = data['value'] debug.debug("lifetime is {{}}".format(lifetime)) debug.info("set lifetime {{}} to accesstoken {{}}".format(lifetime, accToken)) accToken.lifetime = lifetime debug.info("update accesstoken timestamp") accToken.updateTimestamp() retVal = {"value": accToken.lifetime} debug.info("return save lifetime for accessToken {{}}".format(retVal)) return jsonify(retVal) except Exception as err: debug.warning("exception in save lifetime for accesstoken.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route("/logout", methods=['GET']) @login_required(groups=[MONEY, GASTRO, VORSTAND, EXTERN, USER]) def _logout(**kwargs): try: debug.info("logout user") if 'accToken' in kwargs: accToken = kwargs['accToken'] debug.debug("accesstoken is {{}}".format(accToken)) debug.info("delete accesstoken") accesTokenController.deleteAccessToken(accToken) debug.info("return ok logout user") return jsonify({"ok": "ok"}) except Exception as err: debug.warning("exception in logout user.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route("/login", methods=['POST']) def _login(): """ Login User Nothing to say. Login in User and create an AccessToken for the User. Returns: A JSON-File with createt Token or Errors """ debug.info("Start log in.") data = request.get_json() debug.debug("JSON from request: {}".format(data)) username = data['username'] password = data['password'] try: debug.info("search {{}} in database".format(username)) user, ldap_conn = userController.loginUser(username, password) debug.debug("user is {{}}".format(user)) user.password = password token = accesTokenController.createAccesToken(user, ldap_conn) debug.debug("accesstoken is {{}}".format(token)) debug.info("validate accesstoken") dic = accesTokenController.validateAccessToken(token, [USER, EXTERN]).user.toJSON() dic["token"] = token dic["accessToken"] = token debug.info("User {{}} success login.".format(username)) debug.info("return login {{}}".format(dic)) return jsonify(dic) except PermissionDenied as err: debug.warning("permission denied exception in logout", exc_info=True) return jsonify({"error": str(err)}), 401 except Exception as err: debug.warning("exception in logout.", exc_info=True) return jsonify({"error": "permission denied"}), 401