520 lines
14 KiB
Python
520 lines
14 KiB
Python
import os
|
|
import secrets
|
|
import json
|
|
import string
|
|
import aiofiles
|
|
import uuid
|
|
|
|
import fastapi
|
|
from fastapi.responses import HTMLResponse, FileResponse
|
|
from fastapi import FastAPI, File, UploadFile, Response, Request, status
|
|
from enum import Enum
|
|
|
|
import db
|
|
|
|
db = db.DB("db/velconnect.db")
|
|
|
|
# APIRouter creates path operations for user module
|
|
router = fastapi.APIRouter(
|
|
prefix="/api",
|
|
tags=["API"],
|
|
responses={404: {"description": "Not found"}},
|
|
)
|
|
|
|
|
|
@router.get("/", response_class=HTMLResponse, include_in_schema=False)
|
|
async def read_root():
|
|
return """
|
|
<!doctype html>
|
|
<html>
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<script type="module" src="https://unpkg.com/rapidoc/dist/rapidoc-min.js"></script>
|
|
<title>API Reference</title>
|
|
</head>
|
|
<body>
|
|
<rapi-doc
|
|
render-style = "read"
|
|
primary-color = "#bc1f2d"
|
|
show-header = "false"
|
|
show-info = "true"
|
|
spec-url = "/openapi.json"
|
|
default-schema-tab = 'example'
|
|
>
|
|
<div slot="nav-logo" style="display: flex; align-items: center; justify-content: center;">
|
|
<img src = "/static/img/velconnect_logo_1.png" style="width:10em; margin: 2em auto;" />
|
|
</div>
|
|
</rapi-doc>
|
|
</body>
|
|
</html>
|
|
"""
|
|
|
|
|
|
def parse_data(device: dict):
|
|
if "data" in device and device["data"] is not None and len(device["data"]) > 0:
|
|
device["data"] = json.loads(device["data"])
|
|
|
|
|
|
@router.get("/get_all_users")
|
|
def get_all_users():
|
|
"""Returns a list of all devices and details associated with them."""
|
|
values = db.query("SELECT * FROM `User`;")
|
|
values = [dict(v) for v in values]
|
|
for v in values:
|
|
parse_data(v)
|
|
return values
|
|
|
|
|
|
@router.get("/get_all_devices")
|
|
def get_all_devices():
|
|
"""Returns a list of all devices and details associated with them."""
|
|
values = db.query("SELECT * FROM `Device`;")
|
|
values = [dict(v) for v in values]
|
|
for device in values:
|
|
parse_data(device)
|
|
return values
|
|
|
|
|
|
@router.get("/get_user_by_pairing_code/{pairing_code}")
|
|
def get_user_by_pairing_code(pairing_code: str, response: Response):
|
|
device = get_device_by_pairing_code_dict(pairing_code)
|
|
if device is not None:
|
|
return device
|
|
response.status_code = status.HTTP_404_NOT_FOUND
|
|
return {"error": "User not found"}
|
|
|
|
|
|
@router.get("/get_device_by_pairing_code/{pairing_code}")
|
|
def get_device_by_pairing_code(pairing_code: str, response: Response):
|
|
device = get_device_by_pairing_code_dict(pairing_code)
|
|
if device is not None:
|
|
return device
|
|
response.status_code = status.HTTP_404_NOT_FOUND
|
|
return {"error": "Device not found"}
|
|
|
|
|
|
def get_device_by_pairing_code_dict(pairing_code: str) -> dict | None:
|
|
values = db.query(
|
|
"SELECT * FROM `Device` WHERE `pairing_code`=:pairing_code;",
|
|
{"pairing_code": pairing_code},
|
|
)
|
|
if len(values) == 1:
|
|
device = dict(values[0])
|
|
parse_data(device)
|
|
return device
|
|
return None
|
|
|
|
|
|
def get_user_for_device(hw_id: str) -> dict:
|
|
values = db.query(
|
|
"""SELECT * FROM `UserDevice` WHERE `hw_id`=:hw_id;""", {"hw_id": hw_id}
|
|
)
|
|
if len(values) == 1:
|
|
user_id = dict(values[0])["user_id"]
|
|
user = get_user_dict(user_id=user_id)
|
|
else:
|
|
# create new user instead
|
|
user = create_user(hw_id)
|
|
parse_data(user)
|
|
return user
|
|
|
|
|
|
# creates a user with a device autoattached
|
|
def create_user(hw_id: str) -> dict | None:
|
|
user_id = str(uuid.uuid4())
|
|
if not db.insert(
|
|
"""INSERT INTO `User`(id) VALUES (:user_id);""", {"user_id": user_id}
|
|
):
|
|
return None
|
|
if not db.insert(
|
|
"""INSERT INTO `UserDevice`(user_id, hw_id) VALUES (:user_id, :hw_id); """,
|
|
{"user_id": user_id, "hw_id": hw_id},
|
|
):
|
|
return None
|
|
return get_user_for_device(hw_id)
|
|
|
|
|
|
def create_device(hw_id: str):
|
|
db.insert(
|
|
"""
|
|
INSERT OR IGNORE INTO `Device`(hw_id) VALUES (:hw_id);
|
|
""",
|
|
{"hw_id": hw_id},
|
|
)
|
|
|
|
|
|
@router.get("/device/get_data/{hw_id}")
|
|
def get_device_data(request: Request, response: Response, hw_id: str):
|
|
"""Gets the device state"""
|
|
|
|
devices = db.query(
|
|
"""
|
|
SELECT * FROM `Device` WHERE `hw_id`=:hw_id;
|
|
""",
|
|
{"hw_id": hw_id},
|
|
)
|
|
if len(devices) == 0:
|
|
response.status_code = status.HTTP_404_NOT_FOUND
|
|
return {"error": "Can't find device with that id."}
|
|
block = dict(devices[0])
|
|
if "data" in block and block["data"] is not None:
|
|
block["data"] = json.loads(block["data"])
|
|
|
|
user = get_user_for_device(hw_id)
|
|
|
|
room_key: str = f"{devices[0]['current_app']}_{devices[0]['current_room']}"
|
|
room_data = get_data(response, key=room_key, user_id=user["id"])
|
|
|
|
if "error" in room_data:
|
|
response.status_code = (
|
|
None # this really isn't an error, so we reset the status code
|
|
)
|
|
set_data(request, data={}, key=room_key, modified_by=None, category="room")
|
|
room_data = get_data(response, key=room_key, user_id=user["id"])
|
|
|
|
return {"device": block, "room": room_data, "user": user}
|
|
|
|
|
|
@router.post("/device/set_data/{hw_id}")
|
|
def set_device_data(
|
|
request: fastapi.Request, hw_id: str, data: dict, modified_by: str = None
|
|
):
|
|
"""Sets the device state"""
|
|
|
|
create_device(hw_id)
|
|
|
|
# add the client's IP address if no sender specified
|
|
if "modified_by" in data:
|
|
modified_by = data["modified_by"]
|
|
if modified_by is None:
|
|
modified_by: str = str(request.client) + "_" + str(request.headers)
|
|
|
|
allowed_keys: list[str] = [
|
|
"os_info",
|
|
"friendly_name",
|
|
"current_app",
|
|
"current_room",
|
|
"pairing_code",
|
|
]
|
|
|
|
for key in data:
|
|
if key in allowed_keys:
|
|
db.insert(
|
|
f"""
|
|
UPDATE `Device`
|
|
SET {key}=:value,
|
|
last_modified=CURRENT_TIMESTAMP,
|
|
modified_by=:modified_by
|
|
WHERE `hw_id`=:hw_id;
|
|
""",
|
|
{"value": data[key], "hw_id": hw_id, "modified_by": modified_by},
|
|
)
|
|
if key == "data":
|
|
new_data = data["data"]
|
|
# get the old json values and merge the data
|
|
old_data_query = db.query(
|
|
"""
|
|
SELECT data
|
|
FROM `Device`
|
|
WHERE hw_id=:hw_id
|
|
""",
|
|
{"hw_id": hw_id},
|
|
)
|
|
|
|
if len(old_data_query) == 1:
|
|
old_data: dict = {}
|
|
if old_data_query[0]["data"] is not None:
|
|
old_data = json.loads(old_data_query[0]["data"])
|
|
new_data = {**old_data, **new_data}
|
|
|
|
# add the data to the db
|
|
db.insert(
|
|
"""
|
|
UPDATE `Device`
|
|
SET data=:data,
|
|
last_modified=CURRENT_TIMESTAMP
|
|
WHERE hw_id=:hw_id;
|
|
""",
|
|
{"hw_id": hw_id, "data": json.dumps(new_data)},
|
|
)
|
|
return {"success": True}
|
|
|
|
|
|
def generate_id(length: int = 4) -> str:
|
|
return "".join(
|
|
secrets.choice(string.ascii_uppercase + string.ascii_lowercase + string.digits)
|
|
for i in range(length)
|
|
)
|
|
|
|
|
|
class Visibility(str, Enum):
|
|
public = "public"
|
|
private = "private"
|
|
unlisted = "unlisted"
|
|
|
|
|
|
@router.post("/set_data")
|
|
def set_data_with_random_key(
|
|
request: fastapi.Request,
|
|
data: dict,
|
|
owner: str,
|
|
modified_by: str = None,
|
|
category: str = None,
|
|
visibility: Visibility = Visibility.public,
|
|
) -> dict:
|
|
"""Creates a little storage bucket for arbitrary data with a random key"""
|
|
return set_data(request, data, None, owner, modified_by, category, visibility)
|
|
|
|
|
|
@router.post("/set_data/{key}")
|
|
def set_data(
|
|
request: fastapi.Request,
|
|
data: dict,
|
|
key: str = None,
|
|
owner: str = "none",
|
|
modified_by: str = None,
|
|
category: str = None,
|
|
visibility: Visibility = Visibility.public,
|
|
) -> dict:
|
|
"""Creates a little storage bucket for arbitrary data"""
|
|
|
|
# sqlite composite key isn't necessarily unique if a value is null
|
|
if owner == None:
|
|
owner = "none"
|
|
|
|
# add the client's IP address if no sender specified
|
|
if "modified_by" in data:
|
|
modified_by = data["modified_by"]
|
|
if modified_by is None:
|
|
modified_by: str = str(request.client) + "_" + str(request.headers)
|
|
|
|
# generates a key if none was supplied
|
|
if key is None:
|
|
key = generate_id()
|
|
|
|
# regenerate if necessary
|
|
while (
|
|
len(db.query("SELECT id FROM `DataBlock` WHERE id=:id;", {"id": key})) > 0
|
|
):
|
|
key = generate_id()
|
|
|
|
# get the old json values and merge the data
|
|
old_data_query = db.query(
|
|
"""
|
|
SELECT data
|
|
FROM `DataBlock`
|
|
WHERE id=:id
|
|
""",
|
|
{"id": key},
|
|
)
|
|
|
|
if len(old_data_query) == 1:
|
|
old_data: dict = json.loads(old_data_query[0]["data"])
|
|
data = {**old_data, **data}
|
|
|
|
# add the data to the db
|
|
db.insert(
|
|
"""
|
|
UPDATE `DataBlock` SET
|
|
category = :category,
|
|
modified_by = :modified_by,
|
|
data = :data,
|
|
last_modified = CURRENT_TIMESTAMP
|
|
WHERE id=:id AND owner_id = :owner_id;
|
|
""",
|
|
{
|
|
"id": key,
|
|
"category": category,
|
|
"modified_by": modified_by,
|
|
"owner_id": owner,
|
|
"data": json.dumps(data),
|
|
},
|
|
)
|
|
else:
|
|
# add the data to the db
|
|
db.insert(
|
|
"""
|
|
INSERT INTO `DataBlock` (id, owner_id, category, modified_by, data, last_modified)
|
|
VALUES(:id, :owner_id, :category, :modified_by, :data, CURRENT_TIMESTAMP);
|
|
""",
|
|
{
|
|
"id": key,
|
|
"owner_id": owner,
|
|
"category": category,
|
|
"modified_by": modified_by,
|
|
"data": json.dumps(data),
|
|
},
|
|
)
|
|
|
|
return {"key": key}
|
|
|
|
|
|
@router.get("/get_data/{key}")
|
|
def get_data(response: Response, key: str, user_id: str = None) -> dict:
|
|
"""Gets data from a storage bucket for arbitrary data"""
|
|
|
|
data = db.query(
|
|
"""
|
|
SELECT *
|
|
FROM `DataBlock`
|
|
WHERE id=:id
|
|
""",
|
|
{"id": key},
|
|
)
|
|
|
|
db.insert(
|
|
"""
|
|
UPDATE `DataBlock`
|
|
SET last_accessed = CURRENT_TIMESTAMP
|
|
WHERE id=:id;
|
|
""",
|
|
{"id": key},
|
|
)
|
|
|
|
try:
|
|
if len(data) == 1:
|
|
block = dict(data[0])
|
|
if "data" in block and block["data"] is not None:
|
|
block["data"] = json.loads(block["data"])
|
|
if not has_permission(block, user_id):
|
|
response.status_code = status.HTTP_401_UNAUTHORIZED
|
|
return {"error": "Not authorized to see that data."}
|
|
replace_userid_with_name(block)
|
|
return block
|
|
response.status_code = status.HTTP_404_NOT_FOUND
|
|
return {"error": "Not found"}
|
|
except Exception as e:
|
|
print(e)
|
|
response.status_code = status.HTTP_500_INTERNAL_SERVER_ERROR
|
|
return {"error": "Unknown. Maybe no data at this key."}
|
|
|
|
|
|
def has_permission(data_block: dict, user_uuid: str) -> bool:
|
|
# if the data is public by visibility
|
|
if (
|
|
data_block["visibility"] == Visibility.public
|
|
or data_block["visibility"] == Visibility.unlisted
|
|
):
|
|
return True
|
|
# public domain data
|
|
elif data_block["owner_id"] is None:
|
|
return True
|
|
# if we are the owner
|
|
elif data_block["owner_id"] == user_uuid:
|
|
return True
|
|
else:
|
|
return False
|
|
|
|
|
|
def replace_userid_with_name(data_block: dict):
|
|
if data_block["owner_id"] is not None:
|
|
user = get_user_dict(data_block["owner_id"])
|
|
if user is not None:
|
|
data_block["owner_name"] = user["username"]
|
|
del data_block["owner_id"]
|
|
|
|
|
|
@router.get("/user/get_data/{user_id}")
|
|
def get_user(response: Response, user_id: str):
|
|
user = get_user_dict(user_id)
|
|
if user is None:
|
|
response.status_code = status.HTTP_404_BAD_REQUEST
|
|
return {"error": "User not found"}
|
|
return user
|
|
|
|
|
|
def get_user_dict(user_id: str) -> dict | None:
|
|
values = db.query("SELECT * FROM `User` WHERE `id`=:user_id;", {"user_id": user_id})
|
|
if len(values) == 1:
|
|
user = dict(values[0])
|
|
parse_data(user)
|
|
return user
|
|
return None
|
|
|
|
|
|
@router.post("/upload_file")
|
|
async def upload_file_with_random_key(
|
|
request: fastapi.Request, file: UploadFile, modified_by: str = None
|
|
):
|
|
return await upload_file(request, file, None, modified_by)
|
|
|
|
|
|
@router.post("/upload_file/{key}")
|
|
async def upload_file(
|
|
request: fastapi.Request, file: UploadFile, key: str | None, modified_by: str = None
|
|
):
|
|
if not os.path.exists("data"):
|
|
os.makedirs("data")
|
|
|
|
# generates a key if none was supplied
|
|
if key is None:
|
|
key = generate_id()
|
|
|
|
# regenerate if necessary
|
|
while (
|
|
len(db.query("SELECT id FROM `DataBlock` WHERE id=:id;", {"id": key})) > 0
|
|
):
|
|
key = generate_id()
|
|
|
|
async with aiofiles.open("data/" + key, "wb") as out_file:
|
|
content = await file.read() # async read
|
|
await out_file.write(content) # async write
|
|
# add a datablock to link to the file
|
|
set_data(
|
|
request,
|
|
data={"filename": file.filename},
|
|
key=key,
|
|
category="file",
|
|
modified_by=modified_by,
|
|
)
|
|
return {"filename": file.filename, "key": key}
|
|
|
|
|
|
@router.get("/download_file/{key}")
|
|
async def download_file(response: Response, key: str):
|
|
# get the relevant datablock
|
|
data = get_data(response, key)
|
|
print(data)
|
|
if response.status_code == status.HTTP_404_NOT_FOUND:
|
|
return "Not found"
|
|
if data["category"] != "file":
|
|
response.status_code = status.HTTP_400_BAD_REQUEST
|
|
return "Not a file"
|
|
return FileResponse(path="data/" + key, filename=data["data"]["filename"])
|
|
|
|
|
|
@router.get("/get_all_files")
|
|
async def get_all_files():
|
|
data = db.query(
|
|
"""
|
|
SELECT *
|
|
FROM `DataBlock`
|
|
WHERE visibility='public' AND category='file';
|
|
"""
|
|
)
|
|
data = [dict(f) for f in data]
|
|
for f in data:
|
|
parse_data(f)
|
|
return data
|
|
|
|
|
|
@router.get("/get_all_images")
|
|
async def get_all_images():
|
|
data = db.query(
|
|
"""
|
|
SELECT *
|
|
FROM `DataBlock`
|
|
WHERE visibility='public' AND category='file';
|
|
"""
|
|
)
|
|
data = [dict(f) for f in data]
|
|
for f in data:
|
|
parse_data(f)
|
|
images = []
|
|
for f in data:
|
|
if f["data"]["filename"].endswith(".png") or f["data"]["filename"].endswith(
|
|
".jpg"
|
|
):
|
|
images.append({"key": f["id"], "filename": f["data"]["filename"]})
|
|
return images
|