ELAB-partsearch/parts/server.py

import os
import re
import json
import sqlalchemy
from functools import wraps
from sqlalchemy.sql import select
from sqlalchemy.sql import text
from flask import Flask
from flask import render_template, send_from_directory, request, Response, send_file
from PIL import Image, ImageDraw
from io import BytesIO
from werkzeug.utils import secure_filename

app = Flask(__name__)

db_engine = {}
db_metadata = {}
parts = {}

def check_auth(username, password):
	admin_list = []
	with open('edit_admin.json', 'r') as admin:
		admin_list = json.load(admin)
	for user in admin_list:
		if username == user['username']:
			return password == user['password']

def authenticate():
	return Response('Could not verify access level. Please retry', 401, {'WWW-Authenticate' :  'Basic realm="Login Required"'})

def requires_auth(f):
	@wraps(f)
	def decorated(*args, **kwargs):
		auth = request.authorization
		if not auth or not check_auth(auth.username, auth.password):
			return authenticate()
		return f(*args, **kwargs)
	return decorated

def serveImage(img):
    img_io = BytesIO()
    img.save(img_io, 'PNG')
    img_io.seek(0)
    return send_file(img_io, mimetype='image/png')

@app.route('/parts')
def index():
    return render_template('partsearch.html')

@app.route('/parts/getlocations/')
def get_locations():
    s = 'select id, name from locations order by name;'
    r = db_engine.execute(text(s))
    l = {}
    for row in r:
        l[row[0]]=row[1]
    r.close()
    return json.dumps(l)

@app.route('/parts/getlocationURL/<locationID>')
def get_locationURL(locationID):
    s = 'select map from locations where id = :id;'
    r = db_engine.execute(text(s), id=locationID)
    l=[];
    for row in r:
        l.append(row);
    r.close()
    return l[0][0]

@app.route('/parts/getpartinfo/<partID>')
def get_part_info(partID):
    s = 'select * from parts as p inner join locations as l on p.location_id=l.id where p.id = :id;'
    r = db_engine.execute(text(s), id=partID)
    l = []
    for row in r:
        l.append(dict(row))
    r.close()
    return json.dumps(l[0])

@app.route('/parts/query/<filter_dummy>/<query>') # TODO: maybe change AND to OR or maybe not
def query(filter_dummy, query):
    filter = request.args.to_dict()
    keywords = query.split() # Default splits with spaces
    for i in range(len(keywords)):
        keywords[i] = '%' + keywords[i] + '%'
    kw_dict = {}
    for i in range(len(keywords)):
        kw_dict["kw" + str(i)] = keywords[i]

    s = 'select p.id,partno,description,l.name as location_descriptor from parts as p inner join locations as l on p.location_id = l.id where '
    if filter['l']:
        s += '('
        for i in range(len(keywords)):
            s += 'LOWER(l.name) like LOWER(:kw'+ str(i) +') AND '
        s = s[:-5]
        s += ') OR '
    if filter['p']:
        s += '('
        for i in range(len(keywords)):
            s += 'LOWER(partno) like LOWER(:kw'+ str(i) +') AND '
        s = s[:-5]
        s += ') OR '
    if filter['d']:
        s += '('
        for i in range(len(keywords)):
            s += 'LOWER(description) like LOWER(:kw'+ str(i) +') AND '
        s = s[:-5]
        s += ') OR '
    if filter['n']:
        s += '('
        for i in range(len(keywords)):
            s += 'LOWER(notes) like LOWER(:kw'+ str(i) +') AND '
        s = s[:-5]
        s += ') OR '
    s = s[:-4] + ';'
    s = text(s)
    r = db_engine.execute(s, kw_dict)
    l = []
    for row in r:
        l.append(dict(row))
    r.close()
    return json.dumps(l)

@app.route('/parts/map/<mapurl>')
def getMap(mapurl):
    try:
        mapimage = Image.open('maps/' + mapurl).convert("RGBA")
    except FileNotFoundError:
        return serveImage(Image.open("maps/404.png"))
    if request.args.get('x') is not None and request.args.get('y') is not None:
        x = int(request.args.get('x'))
        y = int(request.args.get('y'))
        pointer = Image.open('maps/here.png')
        pointerLayer = Image.new("RGBA", mapimage.size)
        width, height = pointer.size
        pointerLayer.paste(pointer, (x - int(width/2), y-int(height/2)))
        mapimage = Image.alpha_composite(mapimage, pointerLayer)
    return serveImage(mapimage)


@app.route('/parts/getfile/<filename>')
def getfile(filename):
    if(re.match('^[\w\-_]+$', filename) == None):
        return 'No injections pls.'

    return send_from_directory('/srv/datasheets/', filename + '.pdf')

@app.route('/parts/alter/<partID>', methods=['POST'])
# @requires_auth
def alter(partID):
    partID = int(partID)
    s = ''
    if partID < 0:
        # New entry
        s =  'insert into parts (partno, description, datasheet, location_id) '
        s += 'values (:partno, :description, :datasheet, :location_id);'
        s = text(s)
        if len(request.files) != 0:
            datasheet_file = request.files['datasheet-file']
            datasheet_filename = secure_filename(datasheet_file.filename)
            i = 1
            while os.path.isfile('srv/datasheet/' + datasheet_filename):
                datasheet_filename = datasheet_filename[:-4] + str(i) + '.pdf'
                i += 1
            datasheet_file.save('/srv/datasheets/' + datasheet_filename)
        else:
            datasheet_filename = None
        r = db_engine.execute(s, partno=request.form['partno'],
                                 description=request.form['description'],
                                 datasheet=datasheet_filename,
                                 location_id=request.form['location_id'])
    else:
        # Modify entry
        r = db_engine.execute(text('select * from parts where id=:id;'), id=partID)
        l = []
        for row in r:
            l.append(dict(row))
        r.close()
        s = 'update parts '
        s += 'set partno=:partno, description=:description, datasheet=:datasheet, location_id=:location_id '
        if len(request.files) != 0:
            datasheet_file = request.files['datasheet-file']
            datasheet_filename = secure_filename(datasheet_file.filename)
            i = 1
            while os.path.isfile('srv/datasheet/' + datasheet_filename):
                datasheet_filename = datasheet_filename[:-4] + str(i) + '.pdf'
                i += 1
            datasheet_file.save('/srv/datasheets/' + datasheet_filename)
            if l[0]['datasheet'] != None:
                os.remove('/srv/datasheets/' + l[0]['datasheet'])
        else:
            datasheet_filename = l[0]['datasheet']
        s += 'where id=:id;'
        s = text(s)
        r = db_engine.execute(s, partno=request.form['partno'],
                                 description=request.form['description'],
                                 datasheet=datasheet_filename,
                                 location_id=request.form['location_id'])


    return '{"status":"ok"}'

@app.route('/parts/delete/<partID>')
@requires_auth
def delete(partID):
    if partID < 0:
        abort(400)
    s = text('delete from parts where id=:id;')
    r = db_engine.execute(s, id=partID)
    return '{"status":"ok"}'

def connect(user, password, db, host='localhost', port=5432):
    '''Returns a connection and a metadata object'''
    # We connect with the help of the PostgreSQL URL
    url = 'postgresql://{}:{}@{}:{}/{}'
    url = url.format(user, password, host, port, db)

    # The return value of create_engine() is our connection object
    con = sqlalchemy.create_engine(url, client_encoding='utf8')

    # We then bind the connection to MetaData()
    meta = sqlalchemy.MetaData(bind=con, reflect=True)

    return con, meta

if __name__ == '__main__':
    with open('admin.json') as f:
        postgres_credentials = json.load(f)
    db_engine, db_metadata = connect(postgres_credentials['username'], postgres_credentials['password'], 'parts_v2')
    parts = sqlalchemy.Table('parts', db_metadata)
    # Example query
    '''s = select([parts]).where(parts.c.notes != '')
    for row in db_engine.execute(s):
        print row'''
    app.run('0.0.0.0')
Added file removal when substituting datasheet 7 years ago			`import os`
Added the getfile app route 7 years ago			`import re`
Added file removal when substituting datasheet 7 years ago			`import json`
Initial commit 7 years ago			`import sqlalchemy`
Added missing import 7 years ago			`from functools import wraps`
Added query API URL and initializing of the DB 7 years ago			`from sqlalchemy.sql import select`
Implemented simple query with filter 7 years ago			`from sqlalchemy.sql import text`
Initial commit 7 years ago			`from flask import Flask`
things can be pointed at with the map 6 years ago			`from flask import render_template, send_from_directory, request, Response, send_file`
			`from PIL import Image, ImageDraw`
			`from io import BytesIO`
Started implementing file upload 7 years ago			`from werkzeug.utils import secure_filename`
Initial commit 7 years ago
			`app = Flask(__name__)`

Added function to connect to database 7 years ago			`db_engine = {}`
			`db_metadata = {}`
Added query API URL and initializing of the DB 7 years ago			`parts = {}`
Added function to connect to database 7 years ago
Added pw protection to alter and delete 7 years ago			`def check_auth(username, password):`
			`admin_list = []`
			`with open('edit_admin.json', 'r') as admin:`
			`admin_list = json.load(admin)`
			`for user in admin_list:`
			`if username == user['username']:`
			`return password == user['password']`

			`def authenticate():`
			`return Response('Could not verify access level. Please retry', 401, {'WWW-Authenticate' : 'Basic realm="Login Required"'})`

			`def requires_auth(f):`
			`@wraps(f)`
			`def decorated(args, *kwargs):`
			`auth = request.authorization`
			`if not auth or not check_auth(auth.username, auth.password):`
			`return authenticate()`
			`return f(args, *kwargs)`
			`return decorated`

things can be pointed at with the map 6 years ago			`def serveImage(img):`
			`img_io = BytesIO()`
			`img.save(img_io, 'PNG')`
			`img_io.seek(0)`
			`return send_file(img_io, mimetype='image/png')`

Fixed API calls address 7 years ago			`@app.route('/parts')`
Initial commit 7 years ago			`def index():`
			`return render_template('partsearch.html')`
Added function to connect to database 7 years ago
endpoint for listing locations 6 years ago			`@app.route('/parts/getlocations/')`
			`def get_locations():`
locations are returned alphabetically 6 years ago			`s = 'select id, name from locations order by name;'`
endpoint for listing locations 6 years ago			`r = db_engine.execute(text(s))`
			`l = {}`
			`for row in r:`
			`l[row[0]]=row[1]`
			`r.close()`
			`return json.dumps(l)`

endpoint for getting a map for a given location ID /parts/getlocationURL/<id> 6 years ago			`@app.route('/parts/getlocationURL/<locationID>')`
			`def get_locationURL(locationID):`
			`s = 'select map from locations where id = :id;'`
			`r = db_engine.execute(text(s), id=locationID)`
			`l=[];`
			`for row in r:`
			`l.append(row);`
			`r.close()`
			`return l[0][0]`

Fixed API calls address 7 years ago			`@app.route('/parts/getpartinfo/<partID>')`
Search is now case insensitive. Implemented get part info 7 years ago			`def get_part_info(partID):`
Modified a bunch of stuff I don't remember man come on 6 years ago			`s = 'select * from parts as p inner join locations as l on p.location_id=l.id where p.id = :id;'`
Fixed get part info 7 years ago			`r = db_engine.execute(text(s), id=partID)`
			`l = []`
			`for row in r:`
			`l.append(dict(row))`
Search is now case insensitive. Implemented get part info 7 years ago			`r.close()`
Fixed get part info 7 years ago			`return json.dumps(l[0])`
Search is now case insensitive. Implemented get part info 7 years ago
Un-retardeded the filters. Results are now a table 6 years ago			`@app.route('/parts/query/<filter_dummy>/<query>') # TODO: maybe change AND to OR or maybe not`
Improved search query 6 years ago			`def query(filter_dummy, query):`
			`filter = request.args.to_dict()`
			`keywords = query.split() # Default splits with spaces`
			`for i in range(len(keywords)):`
			`keywords[i] = '%' + keywords[i] + '%'`
			`kw_dict = {}`
			`for i in range(len(keywords)):`
			`kw_dict["kw" + str(i)] = keywords[i]`

Modified query to be joint with locations 6 years ago			`s = 'select p.id,partno,description,l.name as location_descriptor from parts as p inner join locations as l on p.location_id = l.id where '`
Improved search query 6 years ago			`if filter['l']:`
			`s += '('`
			`for i in range(len(keywords)):`
			`s += 'LOWER(l.name) like LOWER(:kw'+ str(i) +') AND '`
			`s = s[:-5]`
			`s += ') OR '`
			`if filter['p']:`
			`s += '('`
			`for i in range(len(keywords)):`
			`s += 'LOWER(partno) like LOWER(:kw'+ str(i) +') AND '`
			`s = s[:-5]`
			`s += ') OR '`
			`if filter['d']:`
			`s += '('`
			`for i in range(len(keywords)):`
			`s += 'LOWER(description) like LOWER(:kw'+ str(i) +') AND '`
			`s = s[:-5]`
			`s += ') OR '`
			`if filter['n']:`
			`s += '('`
			`for i in range(len(keywords)):`
			`s += 'LOWER(notes) like LOWER(:kw'+ str(i) +') AND '`
			`s = s[:-5]`
			`s += ') OR '`
Implemented simple query with filter 7 years ago			`s = s[:-4] + ';'`
			`s = text(s)`
Improved search query 6 years ago			`r = db_engine.execute(s, kw_dict)`
Implemented simple query with filter 7 years ago			`l = []`
			`for row in r:`
			`l.append(dict(row))`
			`r.close()`
			`return json.dumps(l)`
Added query API URL and initializing of the DB 7 years ago
things can be pointed at with the map 6 years ago			`@app.route('/parts/map/<mapurl>')`
			`def getMap(mapurl):`
			`try:`
updated map with chairs, so we can sit comfortably. Also reduced size 6 years ago			`mapimage = Image.open('maps/' + mapurl).convert("RGBA")`
things can be pointed at with the map 6 years ago			`except FileNotFoundError:`
			`return serveImage(Image.open("maps/404.png"))`
			`if request.args.get('x') is not None and request.args.get('y') is not None:`
			`x = int(request.args.get('x'))`
			`y = int(request.args.get('y'))`
			`pointer = Image.open('maps/here.png')`
fixed transparancy issue on generated map 6 years ago			`pointerLayer = Image.new("RGBA", mapimage.size)`
things can be pointed at with the map 6 years ago			`width, height = pointer.size`
fixed transparancy issue on generated map 6 years ago			`pointerLayer.paste(pointer, (x - int(width/2), y-int(height/2)))`
			`mapimage = Image.alpha_composite(mapimage, pointerLayer)`
things can be pointed at with the map 6 years ago			`return serveImage(mapimage)`


Added the getfile app route 7 years ago			`@app.route('/parts/getfile/<filename>')`
			`def getfile(filename):`
More fixes 7 years ago			`if(re.match('^[\w\-_]+$', filename) == None):`
Added the getfile app route 7 years ago			`return 'No injections pls.'`

More fixes 7 years ago			`return send_from_directory('/srv/datasheets/', filename + '.pdf')`
Added the getfile app route 7 years ago
Started implementing file upload 7 years ago			`@app.route('/parts/alter/<partID>', methods=['POST'])`
Modified query to match new database 6 years ago			`# @requires_auth`
Started implementing file upload 7 years ago			`def alter(partID):`
Hopefully fixed id problem 7 years ago			`partID = int(partID)`
Implemented db modifications. Added manufacturer line to part info view 7 years ago			`s = ''`
			`if partID < 0:`
			`# New entry`
Modified query to match new database 6 years ago			`s = 'insert into parts (partno, description, datasheet, location_id) '`
			`s += 'values (:partno, :description, :datasheet, :location_id);'`
Implemented db modifications. Added manufacturer line to part info view 7 years ago			`s = text(s)`
			`if len(request.files) != 0:`
			`datasheet_file = request.files['datasheet-file']`
			`datasheet_filename = secure_filename(datasheet_file.filename)`
Avoiding same-name datasheet files 7 years ago			`i = 1`
			`while os.path.isfile('srv/datasheet/' + datasheet_filename):`
			`datasheet_filename = datasheet_filename[:-4] + str(i) + '.pdf'`
			`i += 1`
Some quick fixes 7 years ago			`datasheet_file.save('/srv/datasheets/' + datasheet_filename)`
Implemented db modifications. Added manufacturer line to part info view 7 years ago			`else:`
Yes, bad request is solved 7 years ago			`datasheet_filename = None`
Modified query to match new database 6 years ago			`r = db_engine.execute(s, partno=request.form['partno'],`
Hopefully fixed id problem 7 years ago			`description=request.form['description'],`
			`datasheet=datasheet_filename,`
Modified query to match new database 6 years ago			`location_id=request.form['location_id'])`
Started implementing file upload 7 years ago			`else:`
Implemented db modifications. Added manufacturer line to part info view 7 years ago			`# Modify entry`
			`r = db_engine.execute(text('select * from parts where id=:id;'), id=partID)`
			`l = []`
			`for row in r:`
			`l.append(dict(row))`
			`r.close()`
			`s = 'update parts '`
Modified query to match new database 6 years ago			`s += 'set partno=:partno, description=:description, datasheet=:datasheet, location_id=:location_id '`
Implemented db modifications. Added manufacturer line to part info view 7 years ago			`if len(request.files) != 0:`
			`datasheet_file = request.files['datasheet-file']`
			`datasheet_filename = secure_filename(datasheet_file.filename)`
Avoiding same-name datasheet files 7 years ago			`i = 1`
			`while os.path.isfile('srv/datasheet/' + datasheet_filename):`
			`datasheet_filename = datasheet_filename[:-4] + str(i) + '.pdf'`
			`i += 1`
Some quick fixes 7 years ago			`datasheet_file.save('/srv/datasheets/' + datasheet_filename)`
More fixes 7 years ago			`if l[0]['datasheet'] != None:`
			`os.remove('/srv/datasheets/' + l[0]['datasheet'])`
Implemented db modifications. Added manufacturer line to part info view 7 years ago			`else:`
Little fix 7 years ago			`datasheet_filename = l[0]['datasheet']`
Implemented db modifications. Added manufacturer line to part info view 7 years ago			`s += 'where id=:id;'`
			`s = text(s)`
Modified query to match new database 6 years ago			`r = db_engine.execute(s, partno=request.form['partno'],`
Hopefully fixed id problem 7 years ago			`description=request.form['description'],`
			`datasheet=datasheet_filename,`
Modified query to match new database 6 years ago			`location_id=request.form['location_id'])`
Hopefully fixed id problem 7 years ago
Implemented db modifications. Added manufacturer line to part info view 7 years ago
File transfer works 7 years ago			`return '{"status":"ok"}'`
Started implementing file upload 7 years ago
Added delete entry function 7 years ago			`@app.route('/parts/delete/<partID>')`
Added pw protection to alter and delete 7 years ago			`@requires_auth`
Added delete entry function 7 years ago			`def delete(partID):`
Can't delete a new part 7 years ago			`if partID < 0:`
			`abort(400)`
Added delete entry function 7 years ago			`s = text('delete from parts where id=:id;')`
			`r = db_engine.execute(s, id=partID)`
			`return '{"status":"ok"}'`

Added function to connect to database 7 years ago			`def connect(user, password, db, host='localhost', port=5432):`
			`'''Returns a connection and a metadata object'''`
			`# We connect with the help of the PostgreSQL URL`
			`url = 'postgresql://{}:{}@{}:{}/{}'`
			`url = url.format(user, password, host, port, db)`

			`# The return value of create_engine() is our connection object`
			`con = sqlalchemy.create_engine(url, client_encoding='utf8')`

			`# We then bind the connection to MetaData()`
			`meta = sqlalchemy.MetaData(bind=con, reflect=True)`

			`return con, meta`

			`if __name__ == '__main__':`
			`with open('admin.json') as f:`
			`postgres_credentials = json.load(f)`
Works with new database 6 years ago			`db_engine, db_metadata = connect(postgres_credentials['username'], postgres_credentials['password'], 'parts_v2')`
Added query API URL and initializing of the DB 7 years ago			`parts = sqlalchemy.Table('parts', db_metadata)`
			`# Example query`
			`'''s = select([parts]).where(parts.c.notes != '')`
			`for row in db_engine.execute(s):`
			`print row'''`
added app run. Now necessary to launch with python server.py 7 years ago			`app.run('0.0.0.0')`