swtr.py - sweet-web-engine in Sweet web

# -*- coding: utf-8 -*-
"""
    swtr
    ~~~~~~

    http://swtr.us

    :license: BSD, see LICENSE for more details.
"""
from __future__ import with_statement
from pymongo import Connection
from bson.objectid import ObjectId
from bson.errors import InvalidId
from flask import Flask, request, session, g, redirect, url_for, abort, \
     render_template, flash, _app_ctx_stack, make_response, jsonify
from urllib import unquote_plus
import json
import conf
import requests

# TODO:
#    restify
#    APIs as follows:
#        GET /sweets/q -> query sweets
#                         args: who, where, what, how
#        GET /sweets/<id> -> get specific sweet
#        POST /sweets -> post sweets (one or a batch of)
#        OPTIONS /sweets - > CORS policy .. understand it better
#   classes!
#   sqlAlchemy
#   Postgres
#   Persona, Auth in API endpoints

# TODO: move this in a config file
# configuration

DATABASE = 'sweets_production'
COLLECTION_NAME = 'posts'
DEBUG = True
SECRET_KEY = conf.SECRET_KEY
USERNAME = 'admin'
PASSWORD = 'default'
DB_PORT = 27017
DB_HOST = 'localhost'
URL = 'http://localhost:5001'
MOZ_PERSONA_VERIFIER = 'https://verifier.login.persona.org/verify'
MOZ_PERSONA_AUDIENCE = 'http://localhost:5000'

appURL_map = {'img-anno': 'http://localhost:5000/?where=',
              're-narration': 'http://y.a11y.in/web?foruri=',
              'idh-mowl': 'http://app.swtr.us/?where=',
              'testFromAPI': 'http://app.swtr.us/?where='}

# create our little application :)
# ^ ... It's going to be big now :P
app = Flask(__name__)
app.config.from_object(__name__)
app.config.from_envvar('FLASKR_SETTINGS', silent=True)

# Jinja filters
app.jinja_env.filters['len'] = len


def validateSweet(payload):
    for i in payload:
        try:
            if len(i['who']) and len(i['what']) and len(i['where']) and\
               len(i['how']) and len(i['created']):
                pass
            else:
                return False
        except KeyError:
            return False
    return True


def getUsers():
    db = g.connection[app.config['DATABASE']]
    coll = db['sweet_users']
    users = []
    for i in coll.find():
        users.append(i['user'])
    return users

def gatherStats(coll):
    stats = {}
    stats['total_sweets'] = coll.count()
    return stats

@app.before_request
def init_db():
    g.connection = Connection(app.config['DB_HOST'], app.config['DB_PORT'])
    db = g.connection[app.config['DATABASE']]
    g.collection = db[app.config["COLLECTION_NAME"]]
    g.stats = gatherStats(g.collection)


@app.teardown_request
def close_db(exception):
    g.connection.disconnect()


@app.errorhandler(404)
def page_not_found(e):
    return render_template('404.html'), 404


@app.errorhandler(500)
def internal_error(e):
    return render_template('500.html'), 500

@app.route('/')
def show_entries():
    res = g.collection.find().sort('_id',direction=-1).limit(100)
    entries = make_list(res)
    return render_template('show_entries.html', entries=entries,
                           appURL_map=appURL_map, stats=g.stats)


# TODO: understand if we really need the OPTIONS
@app.route('/sweets', methods=['POST', 'OPTIONS'])
@app.route('/add', methods=['POST', 'OPTIONS'])
def addSweets():
    print request.method

    if request.method == 'OPTIONS':
        response = make_response()
        response.status_code = 200
        response.headers['Access-Control-Allow-Origin'] =\
        'http://localhost:5000'
        response.headers['Access-Control-Max-Age'] = '20days'
        response.headers['Access-Control-Allow-Headers'] = 'Origin,\
                         X-Requested-With, Content-Type, Accept'
        return response

    response = make_response()
    response.headers['Access-Control-Allow-Origin'] = 'http://localhost:5000'
    response.headers['Access-Control-Allow-Headers'] = 'Origin,\
                     X-Requested-With, Content-Type, Accept'
    data = {}
    data_list = []

    if 'email' in session:
        print 'identifed user'
        print session['email']
    else:
        print 'unidentified user'

    # TODO: find a better way of handling reqeust sweets
    try:
        payload = json.loads(request.form['data'])
    except:
        try:
            payload = [{'who': request.form['who'], 'what': request.form['what'],
                    'where': request.form['where'], 'how': request.form['how']}]
        except:
            try:
                payload = request.json
            except:
                payload = json.loads(request.data)


    valid = validateSweet(payload)
    if not valid:
        response.status_code = 400
        response.data = "Bad or Malformed Request. Please check the validity\
        of your request"
        return response
    print 'swt payload rcvd..'
    print payload
    for i in payload:
        data = i
        id = g.collection.insert(i)
        data['permalink'] = app.config['URL'] + '/posts/' + str(ObjectId(id))
        data['id'] = str(ObjectId(id))
        del(data['_id'])
        print 'data', data
        data_list.append(data)
    response.data = json.dumps(data_list)
    print 'swt stored..'
    return response


@app.route('/login', methods=['GET', 'POST'])
def login():
    error = None
    if request.method == 'POST':
        if request.form['username'] != app.config['USERNAME']:
            error = 'Invalid username'
        elif request.form['password'] != app.config['PASSWORD']:
            error = 'Invalid password'
        else:
            session['logged_in'] = True
            flash('You were logged in')
            return redirect(url_for('show_entries'))
    return render_template('login.html', error=error)


@app.route('/sweets/q', methods=['GET'])
def searchSweets():
    response = make_response()
    response.status_code = 200
    response.headers['Access-Control-Allow-Origin'] = 'http://localhost:5000'
    response.headers['Access-Control-Max-Age'] = '20days'
    response.headers['Access-Control-Allow-Headers'] = 'Origin,\
                      X-Requested-With, Content-Type, Accept'

    args = request.args

    if args is None:
        reponse.status_code = 400
        return response

    #if args['where'] is None:
    #    reponse.status_code = 400
    #    return response

    params = {}

    if args.get('where'):
        params['where'] = args.get('where')
    if args.get('who'):
        params['who'] = args.get('who')
    if args.get('what'):
        params['what'] = args.get('what')
    if args.get('how'):
        params['how'] = args.get('how')


    print params
    res = g.collection.find(params)

    if res.count() < 1:
        response.status_code = 404
        return response

    swt_list = []
    for swt in res:
        _id = swt['_id']
        del(swt['_id'])
        swt['id'] = str(_id)
        swt_list.append(swt)

    response.data = json.dumps(swt_list)
    return response


@app.route('/sweets/<post_id>', methods=['GET'])
@app.route('/query/<post_id>',methods=['GET'])
def return_database_entry(post_id):
    try:
        res = g.collection.find_one({'_id':ObjectId(post_id)})
        if(res):
            res['blog'] = url_for('show_specific_entry', post_id = str(res['_id']))
            del(res['_id'])
            return jsonify(res)
            # entries = make_list(res)
            # return render_template('show_posts.html', entries=res, str=str)
        else:
            abort(404)
    except InvalidId:
        abort(404)



@app.route('/posts/<post_id>',methods=['GET'])
def show_specific_entry(post_id):
    try:
        res = g.collection.find({'_id':ObjectId(post_id)})
        if(res.count() > 0):
            #entries = make_list(res)
            entries = []
            for i in res:
                _id = i['_id']
                del(i['_id'])
                i['id'] = _id
                entries.append(i)
            return render_template('show_posts.html', entries=entries, str=str)
        else:
            abort(404)
    except InvalidId:
        abort(404)


@app.route('/posts/delete/', methods=['POST'])
def delete_post():
    try:
        g.collection.remove({'_id':ObjectId(request.form['post_id'])})
        return jsonify(status='ok')
    except:
        abort(500)

@app.route('/logout')
def logout():
    session.pop('logged_in', None)
    flash('You were logged out')
    return redirect(url_for('show_entries'))

@app.route('/serveUser')
def serveUser():
    if "logged_in" in session:
        #print session["logged_in"]
        session['key'] = conf.SECRET_KEY
        return render_template('user.html')
    else:
        return render_template('login.html', error=None)

@app.route('/user/', methods=['POST', 'GET'])
@app.route('/user/<user_id>', methods=['GET'])
def user(user_id='all'):
    if request.method == 'POST':
        response = make_response()
        db = g.connection[app.config['DATABASE']]
        collection = db['sweet_users']

        # check if user already exists
        if request.form['user'] in getUsers():
            #print 'user already exists!'
            flash('User already exists!')
            return redirect(url_for('serveUser'))

        # else insert new user
        collection.insert({'user': request.form['user'],
                           'key': request.form['key']})
        response.status_code = 200
        response.data = 'User added.'
        return response

    elif request.method == 'GET':
        db = g.connection[app.config['DATABASE']]
        collection = db['sweet_users']
        users = []
        if user_id == 'all':
            users = getUsers()
        else:
            user = collection.find_one({'user': user_id})
            if user:
                users.append(user['user'])
            else:
                abort(404)
        return render_template("users.html", users=users)


@app.route('/authenticate', methods=['POST','GET'])
def authenticate():
    if request.method == "POST":
        response = make_response()
        db = g.connection[app.config['DATABASE']]
        collection = db['sweet_users']
        for i in collection.find():
            if i['user'] == request.form['user'] and i['key'] == request.form['hash']:
                response.status_code = 200
                response.headers['Access-Control-Allow-Origin'] = '*'
                return response
            else:
                pass
        response.status_code = 403
        response.headers['Access-Control-Allow-Origin'] = '*'
        return response
    elif request.method == "GET":
        return app.send_static_file("sweet-authenticate.js")

@app.route('/auth/login', methods=['POST'])
def authLogin():
    response = make_response()
    response.headers['Access-Control-Allow-Origin'] = 'http://localhost:5000'
    response.headers['Access-Control-Allow-Credentials'] = 'true'
    response.headers['Access-Control-Max-Age'] = '20days'
    response.headers['Access-Control-Allow-Headers'] = 'Origin,\
                      X-Requested-With, Content-Type, Accept'

    if 'assertion' not in request.form:
        response.status_code = 400
        return response

    data = {'assertion': request.form['assertion'], 'audience':
            MOZ_PERSONA_AUDIENCE}
    resp = requests.post(MOZ_PERSONA_VERIFIER, data=data, verify=True)
    print resp.status_code
    print resp.json()

    if resp.ok:
        verified_data = json.loads(resp.content)
        if verified_data['status'] == 'okay':
            #session.update({'email': verified_data['email']})
            session['email'] = verified_data['email']
            response.status_code = 200
            response.data = {'email': verified_data['email']}
            return response

    response.status_code = 500
    return response

@app.route('/auth/logout', methods=['POST'])
def authLogout():
    response = make_response()
    response.headers['Access-Control-Allow-Origin'] = 'http://localhost:5000'
    response.headers['Access-Control-Allow-Credentials'] = 'true'
    response.headers['Access-Control-Max-Age'] = '20days'
    response.headers['Access-Control-Allow-Headers'] = 'Origin,\
                      X-Requested-With, Content-Type, Accept'

    if 'email' in session:
        print 'logging out '
        print session['email']
        session.pop('email')

    response.status_code = 200
    return response

def make_list(res):
    entries = []
    for row in res:
        d = row
        d['id'] = str(row['_id'])
        try:
            if d['who'] in getUsers() or d['author'] in getUsers():
                d['registered'] = True
        except KeyError:
            pass
        entries.append(d)
    return entries

if __name__ == '__main__':
    app.run(debug=True, port=5001)

1	# -- coding: utf-8 --
2	"""
3	swtr
4	~~~~~~
5
6	http://swtr.us
7
8	:license: BSD, see LICENSE for more details.
9	"""
10	from __future__ import with_statement
11	from pymongo import Connection
12	from bson.objectid import ObjectId
13	from bson.errors import InvalidId
14	from flask import Flask, request, session, g, redirect, url_for, abort, \
15	render_template, flash, _app_ctx_stack, make_response, jsonify
16	from urllib import unquote_plus
17	import json
18	import conf
19	import requests
20
21	# TODO:
22	# restify
23	# APIs as follows:
24	# GET /sweets/q -> query sweets
25	# args: who, where, what, how
26	# GET /sweets/<id> -> get specific sweet
27	# POST /sweets -> post sweets (one or a batch of)
28	# OPTIONS /sweets - > CORS policy .. understand it better
29	# classes!
30	# sqlAlchemy
31	# Postgres
32	# Persona, Auth in API endpoints
33
34	# TODO: move this in a config file
35	# configuration
36
37	DATABASE = 'sweets_production'
38	COLLECTION_NAME = 'posts'
39	DEBUG = True
40	SECRET_KEY = conf.SECRET_KEY
41	USERNAME = 'admin'
42	PASSWORD = 'default'
43	DB_PORT = 27017
44	DB_HOST = 'localhost'
45	URL = 'http://localhost:5001'
46	MOZ_PERSONA_VERIFIER = 'https://verifier.login.persona.org/verify'
47	MOZ_PERSONA_AUDIENCE = 'http://localhost:5000'
48
49	appURL_map = {'img-anno': 'http://localhost:5000/?where=',
50	're-narration': 'http://y.a11y.in/web?foruri=',
51	'idh-mowl': 'http://app.swtr.us/?where=',
52	'testFromAPI': 'http://app.swtr.us/?where='}
53
54	# create our little application :)
55	# ^ ... It's going to be big now :P
56	app = Flask(__name__)
57	app.config.from_object(__name__)
58	app.config.from_envvar('FLASKR_SETTINGS', silent=True)
59
60	# Jinja filters
61	app.jinja_env.filters['len'] = len
62
63
64	def validateSweet(payload):
65	for i in payload:
66	try:
67	if len(i['who']) and len(i['what']) and len(i['where']) and\
68	len(i['how']) and len(i['created']):
69	pass
70	else:
71	return False
72	except KeyError:
73	return False
74	return True
75
76
77	def getUsers():
78	db = g.connection[app.config['DATABASE']]
79	coll = db['sweet_users']
80	users = []
81	for i in coll.find():
82	users.append(i['user'])
83	return users
84
85	def gatherStats(coll):
86	stats = {}
87	stats['total_sweets'] = coll.count()
88	return stats
89
90	@app.before_request
91	def init_db():
92	g.connection = Connection(app.config['DB_HOST'], app.config['DB_PORT'])
93	db = g.connection[app.config['DATABASE']]
94	g.collection = db[app.config["COLLECTION_NAME"]]
95	g.stats = gatherStats(g.collection)
96
97
98	@app.teardown_request
99	def close_db(exception):
100	g.connection.disconnect()
101
102
103	@app.errorhandler(404)
104	def page_not_found(e):
105	return render_template('404.html'), 404
106
107
108	@app.errorhandler(500)
109	def internal_error(e):
110	return render_template('500.html'), 500
111
112	@app.route('/')
113	def show_entries():
114	res = g.collection.find().sort('_id',direction=-1).limit(100)
115	entries = make_list(res)
116	return render_template('show_entries.html', entries=entries,
117	appURL_map=appURL_map, stats=g.stats)
118
119
120	# TODO: understand if we really need the OPTIONS
121	@app.route('/sweets', methods=['POST', 'OPTIONS'])
122	@app.route('/add', methods=['POST', 'OPTIONS'])
123	def addSweets():
124	print request.method
125
126	if request.method == 'OPTIONS':
127	response = make_response()
128	response.status_code = 200
129	response.headers['Access-Control-Allow-Origin'] =\
130	'http://localhost:5000'
131	response.headers['Access-Control-Max-Age'] = '20days'
132	response.headers['Access-Control-Allow-Headers'] = 'Origin,\
133	X-Requested-With, Content-Type, Accept'
134	return response
135
136	response = make_response()
137	response.headers['Access-Control-Allow-Origin'] = 'http://localhost:5000'
138	response.headers['Access-Control-Allow-Headers'] = 'Origin,\
139	X-Requested-With, Content-Type, Accept'
140	data = {}
141	data_list = []
142
143	if 'email' in session:
144	print 'identifed user'
145	print session['email']
146	else:
147	print 'unidentified user'
148
149	# TODO: find a better way of handling reqeust sweets
150	try:
151	payload = json.loads(request.form['data'])
152	except:
153	try:
154	payload = [{'who': request.form['who'], 'what': request.form['what'],
155	'where': request.form['where'], 'how': request.form['how']}]
156	except:
157	try:
158	payload = request.json
159	except:
160	payload = json.loads(request.data)
161
162
163	valid = validateSweet(payload)
164	if not valid:
165	response.status_code = 400
166	response.data = "Bad or Malformed Request. Please check the validity\
167	of your request"
168	return response
169	print 'swt payload rcvd..'
170	print payload
171	for i in payload:
172	data = i
173	id = g.collection.insert(i)
174	data['permalink'] = app.config['URL'] + '/posts/' + str(ObjectId(id))
175	data['id'] = str(ObjectId(id))
176	del(data['_id'])
177	print 'data', data
178	data_list.append(data)
179	response.data = json.dumps(data_list)
180	print 'swt stored..'
181	return response
182
183
184	@app.route('/login', methods=['GET', 'POST'])
185	def login():
186	error = None
187	if request.method == 'POST':
188	if request.form['username'] != app.config['USERNAME']:
189	error = 'Invalid username'
190	elif request.form['password'] != app.config['PASSWORD']:
191	error = 'Invalid password'
192	else:
193	session['logged_in'] = True
194	flash('You were logged in')
195	return redirect(url_for('show_entries'))
196	return render_template('login.html', error=error)
197
198
199	@app.route('/sweets/q', methods=['GET'])
200	def searchSweets():
201	response = make_response()
202	response.status_code = 200
203	response.headers['Access-Control-Allow-Origin'] = 'http://localhost:5000'
204	response.headers['Access-Control-Max-Age'] = '20days'
205	response.headers['Access-Control-Allow-Headers'] = 'Origin,\
206	X-Requested-With, Content-Type, Accept'
207
208	args = request.args
209
210	if args is None:
211	reponse.status_code = 400
212	return response
213
214	#if args['where'] is None:
215	# reponse.status_code = 400
216	# return response
217
218	params = {}
219
220	if args.get('where'):
221	params['where'] = args.get('where')
222	if args.get('who'):
223	params['who'] = args.get('who')
224	if args.get('what'):
225	params['what'] = args.get('what')
226	if args.get('how'):
227	params['how'] = args.get('how')
228
229
230	print params
231	res = g.collection.find(params)
232
233	if res.count() < 1:
234	response.status_code = 404
235	return response
236
237	swt_list = []
238	for swt in res:
239	_id = swt['_id']
240	del(swt['_id'])
241	swt['id'] = str(_id)
242	swt_list.append(swt)
243
244	response.data = json.dumps(swt_list)
245	return response
246
247
248	@app.route('/sweets/<post_id>', methods=['GET'])
249	@app.route('/query/<post_id>',methods=['GET'])
250	def return_database_entry(post_id):
251	try:
252	res = g.collection.find_one({'_id':ObjectId(post_id)})
253	if(res):
254	res['blog'] = url_for('show_specific_entry', post_id = str(res['_id']))
255	del(res['_id'])
256	return jsonify(res)
257	# entries = make_list(res)
258	# return render_template('show_posts.html', entries=res, str=str)
259	else:
260	abort(404)
261	except InvalidId:
262	abort(404)
263
264
265
266	@app.route('/posts/<post_id>',methods=['GET'])
267	def show_specific_entry(post_id):
268	try:
269	res = g.collection.find({'_id':ObjectId(post_id)})
270	if(res.count() > 0):
271	#entries = make_list(res)
272	entries = []
273	for i in res:
274	_id = i['_id']
275	del(i['_id'])
276	i['id'] = _id
277	entries.append(i)
278	return render_template('show_posts.html', entries=entries, str=str)
279	else:
280	abort(404)
281	except InvalidId:
282	abort(404)
283
284
285	@app.route('/posts/delete/', methods=['POST'])
286	def delete_post():
287	try:
288	g.collection.remove({'_id':ObjectId(request.form['post_id'])})
289	return jsonify(status='ok')
290	except:
291	abort(500)
292
293	@app.route('/logout')
294	def logout():
295	session.pop('logged_in', None)
296	flash('You were logged out')
297	return redirect(url_for('show_entries'))
298
299	@app.route('/serveUser')
300	def serveUser():
301	if "logged_in" in session:
302	#print session["logged_in"]
303	session['key'] = conf.SECRET_KEY
304	return render_template('user.html')
305	else:
306	return render_template('login.html', error=None)
307
308	@app.route('/user/', methods=['POST', 'GET'])
309	@app.route('/user/<user_id>', methods=['GET'])
310	def user(user_id='all'):
311	if request.method == 'POST':
312	response = make_response()
313	db = g.connection[app.config['DATABASE']]
314	collection = db['sweet_users']
315
316	# check if user already exists
317	if request.form['user'] in getUsers():
318	#print 'user already exists!'
319	flash('User already exists!')
320	return redirect(url_for('serveUser'))
321
322	# else insert new user
323	collection.insert({'user': request.form['user'],
324	'key': request.form['key']})
325	response.status_code = 200
326	response.data = 'User added.'
327	return response
328
329	elif request.method == 'GET':
330	db = g.connection[app.config['DATABASE']]
331	collection = db['sweet_users']
332	users = []
333	if user_id == 'all':
334	users = getUsers()
335	else:
336	user = collection.find_one({'user': user_id})
337	if user:
338	users.append(user['user'])
339	else:
340	abort(404)
341	return render_template("users.html", users=users)
342
343
344	@app.route('/authenticate', methods=['POST','GET'])
345	def authenticate():
346	if request.method == "POST":
347	response = make_response()
348	db = g.connection[app.config['DATABASE']]
349	collection = db['sweet_users']
350	for i in collection.find():
351	if i['user'] == request.form['user'] and i['key'] == request.form['hash']:
352	response.status_code = 200
353	response.headers['Access-Control-Allow-Origin'] = '*'
354	return response
355	else:
356	pass
357	response.status_code = 403
358	response.headers['Access-Control-Allow-Origin'] = '*'
359	return response
360	elif request.method == "GET":
361	return app.send_static_file("sweet-authenticate.js")
362
363	@app.route('/auth/login', methods=['POST'])
364	def authLogin():
365	response = make_response()
366	response.headers['Access-Control-Allow-Origin'] = 'http://localhost:5000'
367	response.headers['Access-Control-Allow-Credentials'] = 'true'
368	response.headers['Access-Control-Max-Age'] = '20days'
369	response.headers['Access-Control-Allow-Headers'] = 'Origin,\
370	X-Requested-With, Content-Type, Accept'
371
372	if 'assertion' not in request.form:
373	response.status_code = 400
374	return response
375
376	data = {'assertion': request.form['assertion'], 'audience':
377	MOZ_PERSONA_AUDIENCE}
378	resp = requests.post(MOZ_PERSONA_VERIFIER, data=data, verify=True)
379	print resp.status_code
380	print resp.json()
381
382	if resp.ok:
383	verified_data = json.loads(resp.content)
384	if verified_data['status'] == 'okay':
385	#session.update({'email': verified_data['email']})
386	session['email'] = verified_data['email']
387	response.status_code = 200
388	response.data = {'email': verified_data['email']}
389	return response
390
391	response.status_code = 500
392	return response
393
394	@app.route('/auth/logout', methods=['POST'])
395	def authLogout():
396	response = make_response()
397	response.headers['Access-Control-Allow-Origin'] = 'http://localhost:5000'
398	response.headers['Access-Control-Allow-Credentials'] = 'true'
399	response.headers['Access-Control-Max-Age'] = '20days'
400	response.headers['Access-Control-Allow-Headers'] = 'Origin,\
401	X-Requested-With, Content-Type, Accept'
402
403	if 'email' in session:
404	print 'logging out '
405	print session['email']
406	session.pop('email')
407
408	response.status_code = 200
409	return response
410
411	def make_list(res):
412	entries = []
413	for row in res:
414	d = row
415	d['id'] = str(row['_id'])
416	try:
417	if d['who'] in getUsers() or d['author'] in getUsers():
418	d['registered'] = True
419	except KeyError:
420	pass
421	entries.append(d)
422	return entries
423
424	if __name__ == '__main__':
425	app.run(debug=True, port=5001)

Gitorious