yvachot/FlaskALED
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update:

Browse source
This commit is contained in:
Yûki VACHOT 2022-01-06 04:44:40 +01:00
parent 4cc9058887
commit 38cd58e071
5 changed files with 506 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

243
backend/application/api_functions.py
View file

@ -29,7 +29,7 @@ def hash_password(salt, password):
def db_login(ip, email, password): def db_login(ip, email, password):
user = Users.query.filter( user = Users.query.filter(
Users.email == email Users.email == email
).first() ).scalar()
# Check User and Hash Pass # Check User and Hash Pass
if user and user.hash_pass == hash_password(user.salt, password): if user and user.hash_pass == hash_password(user.salt, password):
@ -61,7 +61,7 @@ def db_login(ip, email, password):
def db_register(ip, email, nickname, password, is_admin=False): def db_register(ip, email, nickname, password, is_admin=False):
user = Users.query.filter( user = Users.query.filter(
Users.email == email Users.email == email
).first() ).scalar()
if user: if user:
message = f'{email} already exist.' message = f'{email} already exist.'
db_create_log( db_create_log(
@ -121,7 +121,7 @@ def db_register(ip, email, nickname, password, is_admin=False):
def db_user_update(ip, user_id, nickname, password): def db_user_update(ip, user_id, nickname, password):
user = Users.query.filter( user = Users.query.filter(
Users.id == user_id Users.id == user_id
).first() ).scalar()
if user: if user:
has_succeeded = False has_succeeded = False
status_code = 2 status_code = 2
@ -176,7 +176,20 @@ def db_user_update(ip, user_id, nickname, password):
return {'status': 1, 'message': message} return {'status': 1, 'message': message}
def db_user_delete(ip, user_id): def db_user_delete(ip, user_id, is_admin=False):
if is_admin and Users.query.filter(Users.is_admin == True).count() <= 1 or user_id == 0:
message = 'Can\'t delete last admin'
db_create_log(
ip=ip,
action='user_delete',
message=message,
has_succeeded=False,
status_code=2,
table='users',
id_user=user_id
)
return {'status': 2, 'message': message}
test = Users.query.filter(Users.id == user_id).delete() test = Users.query.filter(Users.id == user_id).delete()
if test == 1: if test == 1:
db.session.commit() db.session.commit()
@ -203,3 +216,225 @@ def db_user_delete(ip, user_id):
id_user=user_id id_user=user_id
) )
return {'status': 1, 'message': message} return {'status': 1, 'message': message}
def db_admin_update_user(ip, user_id, is_admin, password):
user = Users.query.filter(
Users.id == user_id
).scalar()
if user:
has_succeeded = False
status_code = 2
if is_admin is not None and password:
# Salt Hash Pass with SHA256
salt = os.urandom(32)
hash_pass = hash_password(salt, password)
Users.query.filter(Users.id == user_id).update({'is_admin': is_admin, 'hash_pass': hash_pass, 'salt': salt})
db.session.commit()
message = 'User is_admin and password updated.'
has_succeeded = True
status_code = 0
elif is_admin is not None:
Users.query.filter(Users.id == user_id).update({'is_admin': is_admin})
db.session.commit()
message = 'User is_admin updated.'
has_succeeded = True
status_code = 0
elif password:
# Salt Hash Pass with SHA256
salt = os.urandom(32)
hash_pass = hash_password(salt, password)
Users.query.filter(Users.id == user_id).update({'hash_pass': hash_pass, 'salt': salt})
db.session.commit()
message = 'User password updated.'
has_succeeded = True
status_code = 0
else:
message = 'Only is_admin and/or password can be changed.'
db_create_log(
ip=ip,
action='user_update',
message=message,
has_succeeded=has_succeeded,
status_code=status_code,
table='users',
id_user=user_id
)
return {'status': status_code, 'message': message, 'data': user.json()}
else:
message = 'User do not exist.'
db_create_log(
ip=ip,
action='user_update',
message=message,
has_succeeded=False,
status_code=1,
table='users',
id_user=user_id
)
return {'status': 1, 'message': message}
def db_users(ip, user_id, query, by='email,nickname', id=None, is_admin=None, order_by='email'):
# q= or id =
# if q= then by= (default: email,nickname) or email or nickname
# is_admin =
# order_by = email, nickname, id, is_admin
if query is not id:
if query:
if by == 'email':
if is_admin:
if order_by == 'nickname':
users = Users.query.filter().all()
elif order_by == 'id':
users = Users.query.filter().all()
elif order_by == 'is_admin':
users = Users.query.filter().all()
else:
users = Users.query.filter().all()
else:
if order_by == 'nickname':
users = Users.query.filter().all()
elif order_by == 'id':
users = Users.query.filter().all()
elif order_by == 'is_admin':
users = Users.query.filter().all()
else:
users = Users.query.filter().all()
elif by == 'nickname':
if is_admin:
if order_by == 'nickname':
users = Users.query.filter().all()
elif order_by == 'id':
users = Users.query.filter().all()
elif order_by == 'is_admin':
users = Users.query.filter().all()
else:
users = Users.query.filter().all()
else:
if order_by == 'nickname':
users = Users.query.filter().all()
elif order_by == 'id':
users = Users.query.filter().all()
elif order_by == 'is_admin':
users = Users.query.filter().all()
else:
users = Users.query.filter().all()
else:
if is_admin:
if order_by == 'nickname':
users = Users.query.filter().all()
elif order_by == 'id':
users = Users.query.filter().all()
elif order_by == 'is_admin':
users = Users.query.filter().all()
else:
users = Users.query.filter().all()
else:
if order_by == 'nickname':
users = Users.query.filter().all()
elif order_by == 'id':
users = Users.query.filter().all()
elif order_by == 'is_admin':
users = Users.query.filter().all()
else:
users = Users.query.filter().all()
message = f'query({query}), by({by}), is_admin({is_admin}) and order_by({order_by}): {len(users)} result(s)'
db_create_log(
ip=ip,
action='users',
message=message,
has_succeeded=True,
status_code=0,
table='users',
id_user=user_id
)
return {'status': 0, 'message': message, 'data': users.json()}
elif id:
if is_admin:
if order_by == 'nickname':
users = Users.query.filter().all()
elif order_by == 'id':
users = Users.query.filter().all()
elif order_by == 'is_admin':
users = Users.query.filter().all()
else:
users = Users.query.filter().all()
else:
if order_by == 'nickname':
users = Users.query.filter().all()
elif order_by == 'id':
users = Users.query.filter().all()
elif order_by == 'is_admin':
users = Users.query.filter().all()
else:
users = Users.query.filter().all()
message = f'id({id}), is_admin({is_admin}) and order_by({order_by}): {len(users)} result(s)'
db_create_log(
ip=ip,
action='users',
message=message,
has_succeeded=True,
status_code=0,
table='users',
id_user=user_id
)
return {'status': 0, 'message': message, 'data': users.json()}
else:
message = 'Need q and by field if using query and not id'
db_create_log(
ip=ip,
action='users',
message=message,
has_succeeded=False,
status_code=1,
table='users',
id_user=user_id
)
return {'status': 1, 'message': message}
else:
message = 'Query or id field'
db_create_log(
ip=ip,
action='users',
message=message,
has_succeeded=False,
status_code=1,
table='users',
id_user=user_id
)
return {'status': 1, 'message': message}

218
backend/application/routes.py
View file

@ -1,7 +1,7 @@
from flask import current_app as app from flask import current_app as app
from flask import request from flask import request
from .responses import send_message, send_error from .responses import send_message, send_error
from .api_functions import db_login, db_register, db_user_update, db_create_log, db_user_delete from .api_functions import db_login, db_register, db_user_update, db_create_log, db_user_delete, db_admin_update_user, db_users
from .sessionJWT import create_auth_token, check_auth_token from .sessionJWT import create_auth_token, check_auth_token
@ -24,9 +24,9 @@ def login():
token = create_auth_token(user) token = create_auth_token(user)
return send_error(404, res['message'], token) return send_error(404, res['message'], token)
else: else:
return send_error(400, 'Error : Empty email and/or password fields.') return send_error(400, 'Empty email and/or password fields.')
else: else:
return send_error(400, 'Error : Need email, password fields.') return send_error(400, 'Need email, password fields.')
# Register # Register
@ -47,9 +47,9 @@ def register():
elif res['status'] == 0: elif res['status'] == 0:
return send_message(res['message'], res['data']) return send_message(res['message'], res['data'])
else: else:
return send_error(400, 'Error : Empty email and/or password and/or nickname fields.') return send_error(400, 'Empty email and/or password and/or nickname fields.')
except KeyError as e: except KeyError as e:
return send_error(400, 'POST Request Error : Need '+str(e)+' field.') return send_error(400, 'Need '+str(e)+'field.')
# Logout # Logout
@ -90,7 +90,7 @@ def user_update():
if 'password' in post_json: if 'password' in post_json:
post_password = str(post_json['password']) post_password = str(post_json['password'])
else: else:
fields += ', password' fields += 'password '
if post_nickname is not None or post_password is not None: if post_nickname is not None or post_password is not None:
if post_nickname != '' and post_password != '': if post_nickname != '' and post_password != '':
@ -102,9 +102,9 @@ def user_update():
elif res['status'] == 0: elif res['status'] == 0:
return send_message(res['message'], res['data']) return send_message(res['message'], res['data'])
else: else:
return send_error(400, 'Error : Empty nickname and/or password fields.') return send_error(400, 'Empty nickname and/or password fields.')
else: else:
return send_error(400, 'POST Request Error : Need ' + fields + ' field.') return send_error(400, 'Need ' + fields + 'field.')
else: else:
return send_error(500, token['message']) return send_error(500, token['message'])
@ -135,30 +135,206 @@ def user_delete():
# Admin : Create User # Admin : Create User
@app.route('/api/admin/create/user/', methods=['POST']) @app.route('/api/admin/create/user', methods=['POST'])
def user_create(): def admin_create_user():
return send_message('Admin.create.user not implemented', None) token = check_auth_token(request)
if token['success']:
ip = request.remote_addr
user_id = token['payload']['id']
is_admin = token['payload']['is_admin']
if is_admin:
post_json = request.json
post_email = None
post_nickname = None
post_password = None
post_is_admin = None
fields = ''
if 'email' in post_json:
post_email = str(post_json['email'])
else:
fields += 'email '
if 'nickname' in post_json:
post_nickname = str(post_json['nickname'])
else:
fields += 'nickname '
if 'password' in post_json:
post_password = str(post_json['password'])
else:
fields += 'password '
if 'is_admin' in post_json:
post_is_admin = bool(post_json['is_admin'])
else:
fields += 'is_admin '
if post_email is not None or post_nickname is not None or post_password is not None or post_is_admin is not None:
if post_email != '' and post_nickname != '' and post_password != '' and str(post_is_admin) != '':
res = db_register(ip, post_email, post_nickname, post_password, is_admin=post_is_admin)
if res['status'] == 1:
db_create_log(
ip=ip,
action='admin/create/user',
message=res['message'],
has_succeeded=False,
status_code=res['status'],
table='users',
id_user=user_id
)
return send_error(500, res['message'])
elif res['status'] == 0:
db_create_log(
ip=ip,
action='admin/create/user',
message=res['message'],
has_succeeded=True,
status_code=res['status'],
table='users',
id_user=user_id
)
return send_message(res['message'], res['data'])
else:
return send_error(400, 'Empty email and/or nickname and/or password and/or is_admin fields.')
else:
return send_error(400, 'Need ' + fields + 'field.')
else:
return send_error(500, 'User does not have permission.')
else:
return send_error(500, token['message'])
# Admin : Change User password # Admin : Change User password and/or role
@app.route('/api/admin/update/user/password', methods=['PUT']) @app.route('/api/admin/update/user', methods=['PUT'])
def admin_update_user_pwd(): def admin_update_user():
return send_message('Admin.update.user.password not implemented', None) token = check_auth_token(request)
if token['success']:
user_id = token['payload']['id']
is_admin = token['payload']['is_admin']
if is_admin:
post_json = request.json
post_is_admin = None
post_password = None
post_user_id_delete = None
fields = ''
if 'id' in post_json:
post_user_id_delete = int(post_json['id'])
else:
fields += 'id '
if 'is_admin' in post_json:
post_is_admin = bool(post_json['is_admin'])
else:
fields += 'is_admin '
# Admin : Change User role if 'password' in post_json:
@app.route('/api/admin/update/user/role', methods=['PUT']) post_password = str(post_json['password'])
def admin_update_user_role(): else:
return send_message('Admin.update.user.role not implemented', None) fields += 'password '
if post_user_id_delete is not None and (post_is_admin is not None or post_password is not None):
if str(post_is_admin) != '' and post_password != '' and str(post_user_id_delete) != '':
ip = request.remote_addr
res = db_admin_update_user(ip, post_user_id_delete, post_is_admin, post_password)
if res['status'] == 1:
db_create_log(
ip=ip,
action='admin/update/user',
message=res['message'],
has_succeeded=False,
status_code=res['status'],
table='users',
id_user=user_id
)
return send_error(500, res['message'])
elif res['status'] == 0:
db_create_log(
ip=ip,
action='admin/update/user',
message=res['message'],
has_succeeded=True,
status_code=res['status'],
table='users',
id_user=user_id
)
return send_message(res['message'], res['data'])
else:
return send_error(400, 'Empty is_admin and/or password fields.')
else:
return send_error(400, 'Need ' + fields + 'field.')
else:
return send_error(500, 'User does not have permission.')
else:
return send_error(500, token['message'])
# Admin : Delete User # Admin : Delete User
@app.route('/api/admin/delete/user', methods=['DELETE']) @app.route('/api/admin/delete/user', methods=['DELETE'])
def admin_delete_user(): def admin_delete_user():
return send_message('Admin.delete.user not implemented', None) token = check_auth_token(request)
if token['success']:
ip = request.remote_addr
user_id = token['payload']['id']
is_admin = token['payload']['is_admin']
if is_admin:
post_json = request.json
post_user_id_delete = None
fields = ''
if 'id' in post_json:
post_user_id_delete = int(post_json['id'])
else:
fields += 'id'
if post_user_id_delete is not None:
if str(post_user_id_delete) != '':
res = db_user_delete(ip, post_user_id_delete)
if res['status'] == 1:
db_create_log(
ip=ip,
action='admin/delete/user',
message=res['message'],
has_succeeded=False,
status_code=res['status'],
table='users',
id_user=user_id
)
return send_error(500, res['message'])
elif res['status'] == 0:
db_create_log(
ip=ip,
action='admin/delete/user',
message=res['message'],
has_succeeded=True,
status_code=res['status'],
table='users',
id_user=user_id
)
return send_message(res['message'], None)
else:
return send_error(400, 'Empty id field.')
else:
return send_error(400, 'Need ' + fields + 'field.')
else:
return send_error(500, 'User does not have permission.')
else:
return send_error(500, token['message'])
# List of User (must be authenticated) & Search # List of User (must be authenticated) & Search
@app.route('/api/users', methods=['GET']) @app.route('/api/users', methods=['GET'])
def users(): def users():
return send_message('Users not implemented', None) token = check_auth_token(request)
if token['success']:
ip = request.remote_addr
user_id = token['payload']['id']
get_query = request.args.get('q')
get_by = request.args.get('by')
get_id = request.args.get('id')
get_is_admin = request.args.get('is_admin')
get_order_by = request.args.get('get_order_by')
res = db_users(ip, user_id, get_query, get_by, get_id, get_is_admin, get_order_by)
if res['status'] == 1:
return send_error(500, res['message'])
else:
return send_message(res['message'], None)
else:
return send_error(500, token['message'])

6
backend/init-db1.sql
View file

@ -4,8 +4,10 @@ CREATE TABLE IF NOT EXISTS users
( (
id serial PRIMARY KEY, id serial PRIMARY KEY,
email character varying(320) NOT NULL, email character varying(320) NOT NULL,
nickname character varying(50) NOT NULL nickname character varying(50) NOT NULL,
hash_pass bytea NOT NULL, hash_pass bytea NOT NULL,
salt bytea NOT NULL, salt bytea NOT NULL,
is_admin boolean NOT NULL DEFAULT FALSE is_admin boolean NOT NULL DEFAULT FALSE
) );
INSERT INTO users VALUES(0,'admin@admin.admin','Admin',decode('e5ed79b503704ed20a1d250770db68182118de7fe0236db9bbfb0dd9684087d6', 'hex'),decode('7012f69f1ac7c23c5dca498c30fa94527b507cc9e40fab9bae284d1465a37724', 'hex'),TRUE);

2
backend/init-db2.sql
View file

@ -11,4 +11,4 @@ CREATE TABLE IF NOT EXISTS logs
message character varying(512) NOT NULL, message character varying(512) NOT NULL,
has_succeeded boolean NOT NULL, has_succeeded boolean NOT NULL,
status_code smallint NOT NULL status_code smallint NOT NULL
) );

64
docker-compose.yml Normal file
View file

@ -0,0 +1,64 @@
version: '3.8'
services:
flaskaled-srv1:
image: postgres:latest
container_name: flaskaled-srv1
ports:
- "5433:5432"
volumes:
- ./backend/init-db1.sql:/docker-entrypoint-initdb.d/init-db1.sql
environment:
- POSTGRES_USER=flaskaled1
- POSTGRES_PASSWORD=aled1
- POSTGRES_DB=flaskaledDb1
restart: unless-stopped
flaskaled-srv2:
image: postgres:latest
container_name: flaskaled-srv2
ports:
- "5434:5432"
volumes:
- ./backend/init-db2.sql:/docker-entrypoint-initdb.d/init-db2.sql
environment:
- POSTGRES_USER=flaskaled2
- POSTGRES_PASSWORD=aled2
- POSTGRES_DB=flaskaledDb2
restart: unless-stopped
#
# backend:
# container_name: backend
# build: ./backend
# command: node server.js
# volumes:
# - ./backend:/data/backend
# ports:
# - "5000:5000"
# depends_on:
# - flaskaled-srv1
# - flaskaled-srv2
# links:
# - flaskaled-srv1
# - flaskaled-srv2
# environment:
# FLASK_ENV: development
# FLASK_DEBUG: 1
# #DATABASE_URL_USERS:
# #DATABASE_URL_LOGS:
# #SECRET_KEY:
# #ALLOW_ORIGIN:
#
# frontend:
# container_name: frontend
# build: ./frontend
# command: ng serve --host 0.0.0.0
# volumes:
# - ./frontend/src:/data/frontend/
# - ./frontend/node_modules:/data/frontend/node_modules
# ports:
# - "4200:4200"
# depends_on:
# - backend
# links:
# - backend