diff --git a/CreateDB.sql b/CreateDB.sql index 4d9be96..a804ec9 100644 --- a/CreateDB.sql +++ b/CreateDB.sql @@ -5,6 +5,8 @@ CREATE TABLE `Room` ( `last_modified` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, -- Can be null if no owner `owner` VARCHAR(64), + -- The last source to change this object + `modified_by` VARCHAR(64), -- array of hw_ids of users allowed. Always includes the owner. Null for public `whitelist` JSON, CHECK (JSON_VALID(`whitelist`)), @@ -16,6 +18,8 @@ CREATE TABLE `Room` ( DROP TABLE IF EXISTS `Headset`; CREATE TABLE `Headset` ( `hw_id` VARCHAR(64) NOT NULL PRIMARY KEY, + -- The last source to change this object + `modified_by` VARCHAR(64), -- The room_id of the owned room `owned_room` VARCHAR(64), -- The room_id of the current room. Can be null if room not specified @@ -44,9 +48,12 @@ CREATE TABLE `APIKey` ( ); DROP TABLE IF EXISTS `UserCount`; CREATE TABLE `UserCount` ( - `timestamp` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP PRIMARY KEY, + `timestamp` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, `hw_id` VARCHAR(64) NOT NULL, `room_id` VARCHAR(64) NOT NULL, `total_users` INT NOT NULL DEFAULT 0, - `room_users` INT NOT NULL DEFAULT 0 + `room_users` INT NOT NULL DEFAULT 0, + `version` VARCHAR(32) DEFAULT "0", + `platform` VARCHAR(64) DEFAULT "none", + PRIMARY KEY (`timestamp`, `hw_id`) ); \ No newline at end of file diff --git a/velconnect/__init__.py b/velconnect/__init__.py index 68a04c0..b42e690 100644 --- a/velconnect/__init__.py +++ b/velconnect/__init__.py @@ -5,7 +5,6 @@ from velconnect.logger import logger from time import strftime import traceback - def create_app(): app = Flask( __name__, diff --git a/velconnect/routes/api.py b/velconnect/routes/api.py index 8ae663b..47bd465 100644 --- a/velconnect/routes/api.py +++ b/velconnect/routes/api.py @@ -122,8 +122,6 @@ def get_headset_details_db(hw_id): return {'user': headsets[0], 'room': room} - - @bp.route('/set_headset_details/', methods=['POST']) @require_api_key(10) def set_headset_details_generic(hw_id): @@ -131,28 +129,28 @@ def set_headset_details_generic(hw_id): logger.error(data) conn, curr = connectToDB() + allowed_keys = [ + 'current_room', + 'pairing_code', + 'user_color', + 'user_name', + 'avatar_url', + 'user_details', + ] try: for key in data: - # protected keys - if key == 'hw_id' \ - or key == 'owned_room' \ - or key == 'date_created' \ - or key == 'last_used' \ - : - continue - - if key == 'current_room': - create_room(data['current_room']) - query = """ - UPDATE `Headset` SET `%(key)s`=%(value)s WHERE `hw_id`=%(hw_id)s; - """ - curr.execute(query, {'key': key, 'value': data[key], 'hw_id': hw_id}) - conn.commit() + if key in allowed_keys: + if key == 'current_room': + create_room(data['current_room']) + query = "UPDATE `Headset` SET " + key + "=%(value)s, modified_by=%(sender_id)s WHERE `hw_id`=%(hw_id)s;" + curr.execute(query, {'value': data[key], 'hw_id': hw_id, 'sender_id': data['sender_id']}) + conn.commit() except Exception as e: + logger.error(curr._last_executed) curr.close() logger.error(e) return 'Error', 400 - + curr.close() response = jsonify({'success': True}) @@ -160,8 +158,6 @@ def set_headset_details_generic(hw_id): return response - - @bp.route('/set_room_details/', methods=['POST']) @require_api_key(10) def set_room_details_generic(room_id): @@ -169,26 +165,25 @@ def set_room_details_generic(room_id): logger.error(data) conn, curr = connectToDB() + allowed_keys = [ + 'modified_by', + 'whitelist', + 'tv_url', + 'carpet_color', + 'room_details', + ] try: for key in data: - # protected keys - if key == 'room_id' \ - or key == 'date_created' \ - or key == 'last_modified' \ - or key == 'owner' \ - : - continue - - query = """ - UPDATE `Room` SET `%(key)s`=%(value)s WHERE `room_id`=%(room_id)s; - """ - curr.execute(query, {'key': key, 'value': data[key], 'room_id': room_id}) - conn.commit() + if key in allowed_keys: + query = "UPDATE `Room` SET " + key + "=%(value)s, modified_by=%(sender_id)s WHERE `room_id`=%(room_id)s;" + curr.execute(query, {'value': data[key], 'room_id': room_id, 'sender_id': data['sender_id']}) + conn.commit() except Exception as e: + logger.error(curr._last_executed) curr.close() logger.error(e) return 'Error', 400 - + curr.close() response = jsonify({'success': True}) @@ -413,8 +408,6 @@ def set_room_details_carpet_color(room_id): return response - - @bp.route('/update_user_count', methods=['POST']) @require_api_key(10) def update_user_count(): @@ -426,7 +419,9 @@ def update_user_count(): %(hw_id)s, %(room_id)s, %(total_users)s, - %(room_users)s + %(room_users)s, + %(version)s, + %(platform)s ); """ data = request.json @@ -438,8 +433,6 @@ def update_user_count(): return response - - @bp.route('/get_user_count', methods=['GET']) def get_user_count(): hours = request.args.get('hours', 24) diff --git a/velconnect/templates/index.html b/velconnect/templates/index.html index ed3ccee..f7c0214 100644 --- a/velconnect/templates/index.html +++ b/velconnect/templates/index.html @@ -86,7 +86,7 @@
Avatar URL
-
Create New Avatar
+
Create New Avatar
@@ -202,6 +202,7 @@ }); function setUserData(data) { + data["sender_id"] = Math.floor(Math.random()*10000000); httpPostAsync('{% include "api_url.html" %}/api/set_headset_details/' + hw_id, data, (resp) => { console.log('success'); }, @@ -209,6 +210,7 @@ ); } function setRoomData(data) { + data["sender_id"] = Math.floor(Math.random()*10000000); httpPostAsync('{% include "api_url.html" %}/api/set_room_details/' + current_room.value, data, (resp) => { console.log('success'); },