from geruecht import app from geruecht.logger import getDebugLogger from geruecht.decorator import login_required from geruecht.exceptions import PermissionDenied import geruecht.controller.accesTokenController as ac import geruecht.controller.mainController as mc from geruecht.model import MONEY, BAR, USER, GASTRO, VORSTAND, EXTERN from flask import request, jsonify accesTokenController = ac.AccesTokenController() mainController = mc.MainController() debug = getDebugLogger() @app.route("/valid", methods=['POST']) @login_required(bar=True) def _valid(**kwargs): debug.info('/valid') try: accToken = kwargs['accToken'] data = request.get_json() mainController.validateUser(accToken.user.uid, data['password']) debug.debug('return {{ "ok": "ok" }}') return jsonify({"ok": "ok"}) except Exception as err: debug.warning("exception in valide.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route("/freeDrinkListConfig", methods=['GET', 'POST', 'PUT']) @login_required() def _free_drink_list_config(**kwargs): try: debug.info("get free_drink_list_config") if request.method == 'GET': retVal = mainController.get_free_drink_list_configs() if request.method == 'POST': data = request.get_json() retVal = mainController.set_free_drink_list_config(data) if request.method == 'PUT': data = request.get_json() retVal = mainController.update_free_drink_list_config(data) debug.info("return free_drink_list_config {{ {} }}".format(retVal)) return jsonify(retVal) except Exception as err: debug.warning("exception in get free_dirnk_list_config.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route("/deleteFreeDrinkListConfig", methods=['POST']) @login_required() def _delete_free_drink_list_config(**kwargs): try: debug.info("delete free_drink_list_config") data = request.get_json() retVal = mainController.delete_free_drink_list_config(data) debug.info("return delete_free_drink_list_config {{ {} }}".format(retVal)) return jsonify(retVal) except Exception as err: debug.warning("exception in delete_free_dirnk_list_config.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route("/freeDrinkListHistory", methods=['GET', 'POST', 'PUT']) @login_required() def _free_drink_list_history(**kwargs): try: debug.info("set free_drink_list_history") user = kwargs['accToken'].user if request.method == 'GET': retVal = mainController.get_free_drink_list_history(user) if request.method == 'POST' or request.method == 'PUT': data = request.get_json() if request.method == 'POST': retVal = mainController.set_free_drink_list_history(user, data) else: retVal = mainController.update_free_drink_list_history(user, data) debug.debug(f'return free_drink_list_history {{{retVal}}}') return jsonify(retVal) except Exception as err: debug.warning("exception in get free_dirnk_list_config.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route("/deleteDrinkListHistory", methods=['POST']) @login_required() def _delete_free_drink_list_history(**kwargs): try: debug.info("delete free_drink_list_history") data = request.get_json() retVal = mainController.delete_free_drink_list_history(data) return jsonify({"ok": retVal}) except Exception as err: debug.warning("exception in delete free_dirnk_list_config.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route("/freeDrinkListReasons", methods=['GET']) @login_required() def _free_drink_list_reasons(**kwargs): try: debug.info("get free_drink_list_reasons") retVal = mainController.get_free_drink_list_reasons() return jsonify(retVal) except Exception as err: debug.warning("exception in delete free_dirnk_list_reasons.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route("/freeDrinkTypes", methods=['GET', 'POST']) @login_required() def _free_drink_types(**kwargs): try: debug.info("get free_drnik_types") retVal = mainController.get_free_drink_types() return jsonify(retVal) except Exception as err: debug.warning("exception in free_dirnk_types.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route("/pricelist", methods=['GET']) def _getPricelist(): try: debug.info("get pricelist") retVal = mainController.getPricelist() debug.info("return pricelist {{ {} }}".format(retVal)) return jsonify(retVal) except Exception as err: debug.warning("exception in get pricelist.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route('/drinkTypes', methods=['GET']) def getTypes(): try: debug.info("get drinktypes") retVal = mainController.getAllDrinkTypes() debug.info("return drinktypes {{ {} }}".format(retVal)) return jsonify(retVal) except Exception as err: debug.warning("exception in get drinktypes.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route('/getAllStatus', methods=['GET']) @login_required(groups=[USER, MONEY, GASTRO, BAR, VORSTAND], bar=True) def _getAllStatus(**kwargs): try: debug.info("get all status for users") retVal = mainController.getAllStatus() debug.info("return all status for users {{ {} }}".format(retVal)) return jsonify(retVal) except Exception as err: debug.warning("exception in get all status for users.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route('/getStatus', methods=['POST']) @login_required(groups=[USER, MONEY, GASTRO, BAR, VORSTAND], bar=True) def _getStatus(**kwargs): try: debug.info("get status from user") data = request.get_json() name = data['name'] debug.info("get status from user {{ {} }}".format(name)) retVal = mainController.getStatus(name) debug.info( "return status from user {{ {} }} : {{ {} }}".format(name, retVal)) return jsonify(retVal) except Exception as err: debug.warning("exception in get status from user.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route('/getUsers', methods=['GET']) @login_required(groups=[USER], bar=True) def _getUsers(**kwargs): try: extern = True if 'extern' in request.args: extern = not bool(int(request.args['extern'])) debug.info("get all users from database") users = mainController.getAllUsersfromDB(extern=extern) debug.debug("users are {{ {} }}".format(users)) retVal = [user.toJSON() for user in users] debug.info("return all users from database {{ {} }}".format(retVal)) return jsonify(retVal) except Exception as err: debug.warning( "exception in get all users from database.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route("/getLifeTime", methods=['GET']) @login_required(groups=[MONEY, GASTRO, VORSTAND, EXTERN, USER], bar=True) def _getLifeTime(**kwargs): try: debug.info("get lifetime of accesstoken") if 'accToken' in kwargs: accToken = kwargs['accToken'] debug.debug("accessToken is {{ {} }}".format(accToken)) retVal = {"value": accToken.lifetime, "group": accToken.user.toJSON()['group'], "lock_bar": accToken.lock_bar} debug.info( "return get lifetime from accesstoken {{ {} }}".format(retVal)) return jsonify(retVal) except Exception as err: debug.info("exception in get lifetime of accesstoken.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route("/saveLifeTime", methods=['POST']) @login_required(groups=[MONEY, GASTRO, VORSTAND, EXTERN, USER], bar=True) def _saveLifeTime(**kwargs): try: debug.info("save lifetime for accessToken") if 'accToken' in kwargs: accToken = kwargs['accToken'] debug.debug("accessToken is {{ {} }}".format(accToken)) data = request.get_json() lifetime = data['value'] debug.debug("lifetime is {{ {} }}".format(lifetime)) debug.info("set lifetime {{ {} }} to accesstoken {{ {} }}".format( lifetime, accToken)) accToken.lifetime = lifetime debug.info("update accesstoken timestamp") accToken = accesTokenController.updateAccessToken(accToken) accToken = accesTokenController.validateAccessToken(accToken.token, [USER, EXTERN]) retVal = {"value": accToken.lifetime, "group": accToken.user.toJSON()['group']} debug.info( "return save lifetime for accessToken {{ {} }}".format(retVal)) return jsonify(retVal) except Exception as err: debug.warning( "exception in save lifetime for accesstoken.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route("/passwordReset", methods=['POST']) def _passwordReset(): try: debug.info('password reset') data = request.get_json() mail = mainController.resetPassword(data) index = mail.find('@') for i in range(index): if i == 0: continue mail = mail.replace(mail[i], "*", 1) return jsonify({"ok": "ok", "mail": mail}) except Exception as err: debug.warning("excetpion in password reset", exc_info=True) return jsonify({"error": str(err)}), 409 @app.route("/logout", methods=['GET']) @login_required(groups=[MONEY, GASTRO, VORSTAND, EXTERN, USER], bar=True) def _logout(**kwargs): try: debug.info("logout user") if 'accToken' in kwargs: accToken = kwargs['accToken'] debug.debug("accesstoken is {{ {} }}".format(accToken)) debug.info("delete accesstoken") accesTokenController.deleteAccessToken(accToken) debug.info("return ok logout user") return jsonify({"ok": "ok"}) except Exception as err: debug.warning("exception in logout user.", exc_info=True) return jsonify({"error": str(err)}), 500 @app.route("/login", methods=['POST']) def _login(): """ Login User Nothing to say. Login in User and create an AccessToken for the User. Returns: A JSON-File with createt Token or Errors """ debug.info("Start log in.") data = request.get_json() username = data['username'] password = data['password'] debug.debug("username is {{ {} }}".format(username)) try: user_agent = request.user_agent debug.info("search {{ {} }} in database".format(username)) user = mainController.loginUser(username, password) debug.debug("user is {{ {} }}".format(user)) token = accesTokenController.createAccesToken(user, user_agent=user_agent) debug.debug("accesstoken is {{ {} }}".format(token)) debug.info("validate accesstoken") dic = accesTokenController.validateAccessToken( token, [USER, EXTERN]).user.toJSON() dic["token"] = token dic["accessToken"] = token debug.info("User {{ {} }} success login.".format(username)) debug.info("return login {{ {} }}".format(dic)) return jsonify(dic) except PermissionDenied as err: debug.warning("permission denied exception in logout", exc_info=True) return jsonify({"error": str(err)}), 401 except Exception as err: debug.warning("exception in logout.", exc_info=True) return jsonify({"error": "permission denied"}), 401