adding account deletion and API register

This commit is contained in:
andy 2022-08-10 23:15:30 +01:00
parent 06afff5e5d
commit fefbef75eb
3 changed files with 74 additions and 8 deletions

View File

@ -200,6 +200,19 @@ def user_route(auth=None, user=None):
return jsonify({'message': 'account updated', 'status': 'succeeded'}), 200
@blueprint.route('/user', methods=['DELETE'])
@login_or_jwt
def user_delete_route(auth=None, user=None):
assert user is not None
if user.type == 'admin' and (username_override := request.args.get('username')) is not None:
user = User.collection.filter('username', '==', username_override.strip().lower()).get()
User.collection.delete(user.key, child=True)
logger.info(f'user {user.username} deleted')
return jsonify({'message': 'account deleted', 'status': 'succeeded'}), 200
@blueprint.route('/users', methods=['GET'])
@login_or_jwt

View File

@ -234,3 +234,23 @@ def check_dict(request_params, expected_args, func, args, kwargs):
return jsonify({'status': 'error', 'message': f'{arg_key} not of type {expected_arg[1]}'}), 400
return func(*args, **kwargs)
def no_cache(func):
@functools.wraps(func)
def no_cache_wrapper(*args, **kwargs):
resp = func(*args, **kwargs)
if isinstance(resp, tuple):
response = resp[0]
else:
response = resp
if response is not None:
response.headers["Cache-Control"] = "no-cache, no-store, must-revalidate"
response.headers["Pragma"] = "no-cache"
response.headers["Expires"] = "0"
response.headers['Cache-Control'] = 'public, max-age=0'
return resp
return no_cache_wrapper

View File

@ -3,6 +3,7 @@ from werkzeug.security import generate_password_hash
from music.model.user import User
from music.model.config import Config
from music.auth.jwt_keys import generate_key
from music.api.decorators import no_cache
from urllib.parse import urlencode, urlunparse
import datetime
@ -18,6 +19,7 @@ logger = logging.getLogger(__name__)
@blueprint.route('/login', methods=['GET', 'POST'])
@no_cache
def login():
"""Login route allowing retrieval of HTML page and submission of results
@ -64,6 +66,7 @@ def login():
@blueprint.route('/logout', methods=['GET', 'POST'])
@no_cache
def logout():
if 'username' in session:
logger.info(f'logged out {session["username"]}')
@ -72,6 +75,7 @@ def logout():
return redirect(url_for('index'))
@blueprint.route('/token', methods=['POST'])
@no_cache
def jwt_token():
"""Generate JWT
@ -118,6 +122,7 @@ def jwt_token():
@blueprint.route('/register', methods=['GET', 'POST'])
@no_cache
def register():
if 'username' in session:
@ -127,22 +132,43 @@ def register():
return render_template('register.html')
else:
api_user = False
username = request.form.get('username', None)
password = request.form.get('password', None)
password_again = request.form.get('password_again', None)
if username is None or password is None or password_again is None:
if (request_json := request.get_json()) != None:
username = request_json.get('username', None)
password = request_json.get('password', None)
password_again = request_json.get('password_again', None)
api_user = True
if username is None or password is None or password_again is None:
logger.info(f'malformed register api request, {username}')
return jsonify({'status': 'error', 'message': 'malformed request'}), 400
else:
flash('malformed request')
return redirect('authapi.register')
username = username.lower()
if password != password_again:
if api_user:
return jsonify({'message': 'passwords didnt match', 'status': 'error'}), 400
else:
flash('password mismatch')
return redirect('authapi.register')
if username in [i.username for i in
User.collection.fetch()]:
if api_user:
return jsonify({'message': 'user already exists', 'status': 'error'}), 409
else:
flash('username already registered')
return redirect('authapi.register')
@ -154,11 +180,16 @@ def register():
user.save()
logger.info(f'new user {username}')
if api_user:
return jsonify({'message': 'account created', 'status': 'succeeded'}), 201
else:
session['username'] = username
return redirect(url_for('authapi.auth'))
@blueprint.route('/spotify')
@no_cache
def auth():
if 'username' in session:
@ -180,6 +211,7 @@ def auth():
@blueprint.route('/spotify/token')
@no_cache
def token():
if 'username' in session:
@ -228,6 +260,7 @@ def token():
@blueprint.route('/spotify/deauth')
@no_cache
def deauth():
if 'username' in session: