diff --git a/kukv1.py b/kukv1.py index 6193dcb..61c1a3a 100644 --- a/kukv1.py +++ b/kukv1.py @@ -2,8 +2,9 @@ import random import operator import json import datetime +from functools import wraps from flask import Flask, Response, redirect, url_for, request, session, abort, render_template -from flask_login import LoginManager, UserMixin, login_required, login_user, logout_user, current_user +from flask_login import LoginManager import sqlalchemy from sqlalchemy.sql import select, text from dateutil.parser import parse @@ -21,11 +22,41 @@ db_metadata = {} meals = {} def connect(user, password, db, host='localhost', port=5432): - url = 'postgresql://{}:{}@{}:{}/{}' - url = url.format(user, password, host, port, db) - con = sqlalchemy.create_engine(url, client_encoding='utf8') - meta = sqlalchemy.MetaData(bind=con, reflect=True) - return con, meta + url = 'postgresql://{}:{}@{}:{}/{}' + url = url.format(user, password, host, port, db) + con = sqlalchemy.create_engine(url, client_encoding='utf8') + meta = sqlalchemy.MetaData(bind=con, reflect=True) + return con, meta + +def check_auth(username, password): + query = "select id, password from users where username=:usrnm;" + r = db_engine.execute(text(query), usrnm=username) + results = [] + for row in r: + results.append(dict(row)) + r.close() + if len(results)!=1: + return False; + + #TODO: REMOVE TEMPORARY PASSWORD OVERRIDE VECTOR 1==1. + if results[0]['password']==password or 1==1: + session['uid'] = results[0]['id'] + print (session['uid']) + return True + else: + return False + +def authenticate(): + return Response('Could not verify access level. Please retry', 401, {'WWW-Authenticate' : 'Basic realm="Login Required"'}) + +def requires_auth(f): + @wraps(f) + def decorated(*args, **kwargs): + auth = request.authorization + if not auth or not check_auth(auth.username, auth.password): + return authenticate() + return f(*args, **kwargs) + return decorated def getLeaderboard(): s = 'select u.username as name, u.score as score, max(m.meal_date) as last_meal from users as u left join meals as m on m.kuk = u.id group by u.id order by score, last_meal;' @@ -64,6 +95,22 @@ def getUpcomingMeals(): r.close() return meals +# adding to meal +@app.route("/addme") +@requires_auth +def addme(): + meal_id = request.args.get('meal') + query = 'select :user_id = any (eaters) from meals where id =:meal_id;' + r = db_engine.execute(text(query), user_id=session['uid'], meal_id = meal_id) + results = [] + for row in r: + results.append(dict(row)) + + if 1==1: + return render_template('appresponse.html', message='Have a nice meal ' + meal_id + " mister " + str(session['uid']) ) + else: + return render_template('appresponse.html', message='Only one meal per person!') + @app.route('/') def index(): print (getUpcomingMeals())