board.py at master · keii.dev/Board-api

keii.dev / Board-api
Board
Board-api / board.py
at master 15 kB view raw
  1from flask import Blueprint, Flask, render_template, request, Response, send_file
  2import mysql.connector
  3import json, time, uuid
  4from markupsafe import escape
  5from functions import isValidSession, getUserPermission
  6
  7
  8board = Blueprint('board', __name__, template_folder='templates')
  9
 10@board.route("/api/v1/board/send", methods=["PUT"])
 11def sendpost():
 12    message_ = request.json.get("message")
 13    sendersessionid_ = request.json.get("sessionid")
 14    senderid_ = None
 15    ip_ = request.remote_addr
 16    parentid_ = request.json.get("parentid")
 17
 18    if(message_ == None):
 19        return Response(json.dumps("No message provided"), status=400, mimetype='application/json')
 20    
 21    if(len(message_) > 300):
 22        return Response(json.dumps("Message is too long"), status=400, mimetype="application/json")
 23
 24    mydb = mysql.connector.connect(
 25        host="localhost",
 26        user="willem",
 27        password="Dinkel2006!",
 28        database="shykeiichicom"
 29    )
 30
 31    mycursor = mydb.cursor()
 32
 33    if sendersessionid_ != None:
 34        session = isValidSession(sendersessionid_)
 35        senderid_ = session[1]
 36
 37    curtime = int( time.time() )
 38    sql = ""
 39    if(parentid_ == None):
 40        if(senderid_ != None):
 41            sql = f"INSERT INTO board (userid, senderip, message, timestamp) VALUES (\"{senderid_}\", \"{ip_}\", \"{message_}\", \"{curtime}\")"
 42        else:
 43            sql = f"INSERT INTO board (senderip, message, timestamp) VALUES (\"{ip_}\", \"{message_}\", \"{curtime}\")"
 44    else:
 45        if(senderid_ != None):
 46            sql = f"INSERT INTO board (userid, senderip, message, timestamp, parentid) VALUES (\"{senderid_}\", \"{ip_}\", \"{message_}\", \"{curtime}\", \"{parentid_}\")"
 47        else:
 48            sql = f"INSERT INTO board (senderip, message, timestamp, parentid) VALUES (\"{ip_}\", \"{message_}\", \"{curtime}\", \"{parentid_}\")"
 49    mycursor.execute(sql)
 50
 51    mydb.commit()
 52        
 53    return Response("Created", status=201)
 54
 55@board.route("/api/v1/board/get", methods=["GET"])
 56def getposts():
 57    start = escape(request.args.get("start"))
 58    parentid = escape(request.args.get("parentid"))
 59    
 60    sessionid = escape(request.args.get("sessionid"))
 61    
 62    if(not start.isdecimal()):
 63        return Response(json.dumps("Not a number"), status=400, mimetype="application/json")
 64
 65    startint = int(start)
 66    endint = 0
 67    
 68    mydb = mysql.connector.connect(
 69        host="localhost",
 70        user="willem",
 71        password="Dinkel2006!",
 72        database="shykeiichicom"
 73    )
 74
 75    mycursor = mydb.cursor(buffered=True)
 76
 77    mycursor.execute(f"SELECT Count(id) FROM board")
 78
 79    myresult = mycursor.fetchone()
 80    
 81    if(startint + 10 > myresult[0]): # Might have to change myresult heads up
 82        endint = myresult[0] - 1
 83    else:
 84        endint = startint + 10
 85    
 86    if(startint == endint + 1):
 87        return Response(json.dumps("No more posts"), status=204, mimetype="application/json")
 88    
 89    user = None
 90    
 91    if(sessionid != None):
 92        mycursor.execute(f"SELECT * FROM sessions WHERE sessionid=\"{sessionid}\"")
 93
 94        usersession = mycursor.fetchone()
 95
 96        usersessionid = None
 97
 98        if(usersession != None):
 99            if(int(time.time() - int(usersession[2])) > 2419200):
100                mycursor.execute("DELETE FROM sessions WHERE sessionid=\"{sessionid}\"")
101                return Response(json.dumps("Sessionid expired"), status=400, mimetype="application/json")
102            usersessionid = usersession[1]
103
104        mycursor.execute(f"SELECT * FROM users WHERE id=\"{usersessionid}\"")
105
106        user = mycursor.fetchone()
107    
108    if(str(parentid) == "None"):
109        mycursor.execute(f"SELECT * FROM board WHERE parentid is NULL ORDER BY id desc limit 10 OFFSET {startint}")
110    else:
111        mycursor.execute(f"SELECT * FROM board WHERE parentid={parentid} ORDER BY id desc limit 10 OFFSET {startint}")
112
113    myresult = mycursor.fetchall()
114    
115    for i in range(len(myresult)):
116        mycursor.execute(f"SELECT COUNT(*) FROM ratings WHERE postid=\"{myresult[i][0]}\" AND rating=1;")
117
118        positiveratings = mycursor.fetchone()[0];
119        
120        mycursor.execute(f"SELECT COUNT(*) FROM ratings WHERE postid=\"{myresult[i][0]}\" AND rating=0;")
121
122        negativeratings = mycursor.fetchone()[0];
123        
124        userrating = None
125        if user != None:
126            mycursor.execute(f"SELECT rating FROM ratings WHERE userid=\"{user[0]}\" AND postid=\"{myresult[i][0]}\"")
127
128            userrating = mycursor.fetchone();
129            if(userrating != None):
130                userrating = userrating[0]
131        
132        mycursor.execute(f"SELECT COUNT(parentid) FROM board WHERE parentid={myresult[i][0]}")
133    
134        replycount = mycursor.fetchone();
135
136        mycursor.execute(f"SELECT parentid FROM board WHERE id={myresult[i][0]}")
137
138        postparentid = mycursor.fetchone();
139
140        if(myresult[i][1] != None):
141            mycursor.execute(f"SELECT username FROM users WHERE id=\"{myresult[i][1]}\"")
142        
143        myresult[i] = {
144            "id": myresult[i][0], 
145            "userid": myresult[i][1],
146            "username": mycursor.fetchone()[0] if myresult[i][1] != None else myresult[i][1], 
147            "ip": myresult[i][2], 
148            "message": myresult[i][3], 
149            "timestamp": myresult[i][4], 
150            "replycount": replycount[0], 
151            "parentid": postparentid[0],
152            "userrating": userrating,
153            "positiveratings": positiveratings,
154            "negativeratings": negativeratings
155        }
156    
157    return Response(json.dumps(myresult), status=200, mimetype="application/json")
158
159
160@board.route("/api/v1/board/getsingle", methods=["GET"])
161def getpost():
162    postid_ = escape(request.args.get("postid"))
163    sessionid = escape(request.args.get("sessionid"))
164    
165    if(not postid_.isdecimal()):
166        return Response(json.dumps("Postid is not a number"), status=400, mimetype="application/json")
167    
168    postid = int(postid_)
169
170    mydb = mysql.connector.connect(
171        host="localhost",
172        user="willem",
173        password="Dinkel2006!",
174        database="shykeiichicom"
175    )
176
177    mycursor = mydb.cursor()
178    
179    
180    user = None
181    
182    if(sessionid != None):
183        mycursor.execute(f"SELECT * FROM sessions WHERE sessionid=\"{sessionid}\"")
184
185        usersession = mycursor.fetchone()
186
187        usersessionid = None
188
189        if(usersession != None):
190            if(int(time.time() - int(usersession[2])) > 2419200):
191                mycursor.execute("DELETE FROM sessions WHERE sessionid=\"{sessionid}\"")
192                return Response(json.dumps("Sessionid expired"), status=400, mimetype="application/json")
193            usersessionid = usersession[1]
194
195        else:
196            return Response(json.dumps("Invalid sessionid provided"), status=400, mimetype="application/json")
197                
198        mycursor.execute(f"SELECT * FROM users WHERE id=\"{usersessionid}\"")
199
200        user = mycursor.fetchone()
201    
202    
203    mycursor.execute(f"SELECT * FROM board WHERE id={postid}")
204    
205    myresult = mycursor.fetchone()
206
207    mycursor.execute(f"SELECT COUNT(parentid) FROM board WHERE parentid={myresult[0]}")
208
209    replycount = mycursor.fetchone();
210    
211    mycursor.execute(f"SELECT parentid FROM board WHERE id={myresult[0]}")
212
213    postparentid = mycursor.fetchone();
214    
215    mycursor.execute(f"SELECT COUNT(*) FROM ratings WHERE postid=\"{postid_}\" AND rating=1;")
216
217    positiveratings = mycursor.fetchone()[0];
218    
219    mycursor.execute(f"SELECT COUNT(*) FROM ratings WHERE postid=\"{postid_}\" AND rating=0;")
220
221    negativeratings = mycursor.fetchone()[0];
222
223    userrating = None
224    if user != None:
225        mycursor.execute(f"SELECT rating FROM ratings WHERE userid=\"{user[0]}\" AND postid=\"{myresult[0]}\"")
226
227        userrating = mycursor.fetchone();
228        if(userrating != None):
229            userrating = userrating[0]
230    
231    mycursor.execute(f"SELECT username FROM users WHERE id=\"{myresult[1]}\"")
232    myresult = {
233        "id": myresult[0], 
234        "userid": myresult[1],
235        "username": mycursor.fetchone()[0], 
236        "ip": myresult[2], 
237        "message": myresult[3], 
238        "timestamp": myresult[4], 
239        "replycount": replycount[0], 
240        "parentid": postparentid[0],
241        "userrating": userrating,
242        "positiveratings": positiveratings,
243        "negativeratings": negativeratings
244    }
245
246    return Response(json.dumps(myresult), status=200, mimetype="application/json")
247
248
249@board.route("/api/v1/board/rate", methods=["PUT"])
250def ratepost():
251    rating_ = request.json.get("rating")
252    sendersessionid_ = request.json.get("sessionid")
253    postid_ = request.json.get("postid")
254
255    if(rating_ == None):
256        return Response(json.dumps("No message provided"), status=400, mimetype='application/json')
257    
258    if(sendersessionid_ == None):
259        return Response(json.dumps("No Sessionid provided"), status=400, mimetype="application/json")
260
261    if(postid_ == None):
262        return Response(json.dumps("No postid provided"), status=400, mimetype="application/json")
263
264    mydb = mysql.connector.connect(
265        host="localhost",
266        user="willem",
267        password="Dinkel2006!",
268        database="shykeiichicom"
269    )
270
271    mycursor = mydb.cursor()
272
273    mycursor.execute(f"SELECT * FROM sessions WHERE sessionid=\"{sendersessionid_}\"")
274
275    usersession = mycursor.fetchone()
276
277    usersessionid = None
278
279    if(usersession != None):
280        if(int(time.time() - int(usersession[2])) > 2419200):
281            mycursor.execute("DELETE FROM sessions WHERE sessionid=\"{sendersessionid_}\"")
282            return Response(json.dumps("Sessionid expired"), status=400, mimetype="application/json")
283        usersessionid = usersession[1]
284
285    else:
286        return Response(json.dumps("Invalid sessionid provided"), status=400, mimetype="application/json")
287            
288    mycursor.execute(f"SELECT * FROM users WHERE id=\"{usersessionid}\"")
289
290    user = mycursor.fetchone()
291    
292    if user == None:
293        return Response(json.dumps("Invalid sessionid provided 2"), status=400, mimetype="application/json")
294
295    mycursor.execute(f"SELECT * FROM ratings WHERE postid=\"{postid_}\" AND userid=\"{user[0]}\"")
296
297    rating = mycursor.fetchone()
298    
299    mycursor.execute(f"SELECT * FROM board WHERE id=\"{postid_}\"")
300
301    post = mycursor.fetchone()
302
303    if post == None:
304        return Response(json.dumps("Post was not found"), status=500, mimetype="application/json")
305    
306    if rating != None:
307        print(f"{rating[4]} {0 if rating_ == False else 1}")
308        if rating[4] == (0 if rating_ == False else 1):
309            return Response("Nothing changed", status=204)
310    
311    sql = ""
312    curtime = int( time.time() )
313    if rating != None:
314        sql = f"UPDATE ratings SET rating=\"{0 if rating_ == False else 1}\" WHERE postid=\"{postid_}\" AND userid=\"{user[0]}\""
315    else:
316        sql = f"INSERT INTO ratings (postid, userid, senderid, rating, timestamp) VALUES (\"{postid_}\", \"{user[0]}\", \"{post[1]}\", \"{0 if rating_ == False else 1}\", \"{curtime}\")"
317
318    mycursor.execute(sql)
319    mydb.commit()
320        
321    return Response("Updated post rating" if rating == None else "Rated post", status=200 if rating == None else 201)
322
323
324@board.route("/api/v1/board/delete", methods=["PUT"])
325def boarddelete():
326    sessionid_ = request.json.get("sessionid")
327    postid_ = request.json.get("postid")
328
329    if(sessionid_ == None):
330        return Response(json.dumps("No Sessionid provided"), status=400, mimetype="application/json")
331
332    if(postid_ == None):
333        return Response(json.dumps("No postid provided"), status=400, mimetype="application/json")
334
335    mydb = mysql.connector.connect(
336        host="localhost",
337        user="willem",
338        password="Dinkel2006!",
339        database="shykeiichicom"
340    )
341
342    mycursor = mydb.cursor()
343
344    mycursor.execute(f"SELECT * FROM sessions WHERE sessionid=\"{sessionid_}\"")
345
346    usersession = mycursor.fetchone()
347
348    usersessionid = None
349
350    if(usersession != None):
351        if(int(time.time() - int(usersession[2])) > 2419200):
352            mycursor.execute("DELETE FROM sessions WHERE sessionid=\"{sessionid_}\"")
353            return Response(json.dumps("Sessionid expired"), status=400, mimetype="application/json")
354        usersessionid = usersession[1]
355
356    else:
357        return Response(json.dumps("Invalid sessionid provided"), status=400, mimetype="application/json")
358            
359    mycursor.execute(f"SELECT * FROM users WHERE id=\"{usersessionid}\"")
360
361    user = mycursor.fetchone()
362    
363    if user == None:
364        return Response(json.dumps("Invalid sessionid provided 2"), status=400, mimetype="application/json")
365    
366    
367    mycursor.execute(f"SELECT * FROM board WHERE id=\"{postid_}\"")
368
369    post = mycursor.fetchone()
370
371    if post == None:
372        return Response(json.dumps("Post was not found"), status=500, mimetype="application/json")
373    
374    if post[1] != user[0]:
375        if getUserPermission(user[0]) != 1:
376            return Response(json.dumps("You do not own this post"), status=500, mimetype="application/json")
377    
378    sql = f"DELETE FROM board WHERE id={postid_}"
379    
380    mycursor.execute(sql)
381    mydb.commit()
382        
383    return Response("Deleted Post", status=200, mimetype="application/json")
384
385
386@board.route("/api/v1/board/deleterange", methods=["PUT"])
387def boarddeleterange():
388    sessionid_ = request.json.get("sessionid")
389    minr_ = request.json.get("min")
390    maxr_ = request.json.get("max")
391
392    if(sessionid_ == None):
393        return Response(json.dumps("No Sessionid provided"), status=400, mimetype="application/json")
394
395    if(minr_ == None):
396        return Response(json.dumps("No min provided"), status=400, mimetype="application/json")
397
398    if(maxr_ == None):
399        return Response(json.dumps("No max provided"), status=400, mimetype="application/json")
400
401
402    mydb = mysql.connector.connect(
403        host="localhost",
404        user="willem",
405        password="Dinkel2006!",
406        database="shykeiichicom"
407    )
408
409    mycursor = mydb.cursor()
410
411    usersession = isValidSession(sessionid_) 
412    if(usersession == False):
413        return Response(json.dumps("Invalid sessionid"), status=400, mimetype="application/json")
414    
415    mycursor.execute(f"SELECT * FROM users WHERE id=\"{usersession[1]}\"")
416
417    user = mycursor.fetchone()
418    
419    if user == None:
420        return Response(json.dumps("Invalid sessionid provided 2"), status=400, mimetype="application/json")
421    
422    if(getUserPermission(user[0]) != 1):
423        return Response(json.dumps("User not admin"), status=400, mimetype="application/json")
424    
425    sql = f"DELETE FROM board WHERE id BETWEEN {minr_} AND {maxr_}"
426    
427    mycursor.execute(sql)
428    mydb.commit()
429        
430    return Response(f"Deleted Post from {minr_} to {maxr_}", status=200, mimetype="application/json")