forked from hanyslmm/itemcatalog
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathproject.py
339 lines (297 loc) · 14.3 KB
/
project.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
#!/usr/bin/env python3
from flask import Flask, render_template, request, redirect, url_for, flash, jsonify
from flask import session as login_session # works like a dictionary store values in it
import random, string # to create a pseudo-random string identify eachh login session
# import all modules needed for sqlalchemy configuration
from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker, scoped_session
from database_setup import Base, User, Restaurant, MenuItem
# google OAuth
from oauth2client.client import flow_from_clientsecrets # creates a flow object
from oauth2client.client import FlowExchangeError # occured during exchange an authorization code for an access token
import httplib2
import json
from flask import make_response
import requests # to use args.get function
CLIENT_ID = json.loads(
open('client_secrets.json', 'r').read())['web']['client_id']
APPLICATION_NAME = "Restaurant Menu App"
# initializes an app variable, using the __name__ attribute
app = Flask(__name__)
# let program know which database engine we want to communicate
engine = create_engine('sqlite:///restaurantmenuwithusers.db', connect_args={'check_same_thread': False}, echo=True, convert_unicode=True)
# bind the engine to the Base class corresponding tables
Base.metadata.bind = engine
# create session maker object
DBSession = scoped_session(sessionmaker(autocommit=False, autoflush=False, bind = engine))
session = DBSession()
# User helper functions
def createUser(login_session):
newUser = User(name = login_session['username'], email = login_session['email'], picture = login_session['picture'])
session.add(newUser)
session.commit()
user = session.query(User).filter_by(email = login_session['email']).one()
return user.id
def getUserInfo(user_id):
user = session.query(User).filter_by(id = user_id).one()
return user # user object associated with his ID number
def getUserID(email):
try:
user = session.query(User).filter_by(email = email).one()
return user.id
except:
return None
# 1 login: Create anti-forgery state token
@app.route('/login')
def showLogin():
choices = string.ascii_uppercase + string.digits
state = ""
for i in range(32):
state += random.choice(choices)
print(state)
login_session['state'] = state
return render_template('login.html', STATE=state)
@app.route('/callback', methods=['POST'])
def callback():
# Validate state token
if request.args.get('state') != login_session['state']:
response = make_response(json.dumps('Invalid state parameter.'), 401)
response.headers['Content-Type'] = 'application/json'
return response
# Obtain authorization code
code = request.data
try:
# Upgrade the authorization code into a credentials object
oauth_flow = flow_from_clientsecrets('client_secrets.json', scope='') # creates an OAuth flow object
oauth_flow.redirect_uri = 'postmessage' #specigy with post message one time flow
credentials = oauth_flow.step2_exchange(code) # initiate the exchange passing one time code as input
except FlowExchangeError:
response = make_response(
json.dumps('Failed to upgrade the authorization code.'), 401)
response.headers['Content-Type'] = 'application/json' # send response as JSON object
return response
# Check that the access token is valid.
access_token = credentials.access_token
url = ('https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s' % access_token)
h = httplib2.Http()
result = json.loads(h.request(url, 'GET')[1]) # json GET request containing the URL and access token
# If there was an error in the access token info, abort and send internal server error to the client
if result.get('error') is not None: # result contains any error
response = make_response(json.dumps(result.get('error')), 500)
response.headers['Content-Type'] = 'application/json'
return response
# Verify that the access token is used for the intended user.
google_id = credentials.id_token['sub'] #gplus_id
if result['user_id'] != google_id:
response = make_response(
json.dumps("Token's user ID doesn't match given user ID."), 401)
response.headers['Content-Type'] = 'application/json'
return response
# Verify that the access token is valid for this app.
if result['issued_to'] != CLIENT_ID:
response = make_response(
json.dumps("Token's client ID does not match app's."), 401)
print ("Token's client ID does not match app's.")
response.headers['Content-Type'] = 'application/json'
return response
# Check if user is already logged in
stored_access_token = login_session.get('access_token')
stored_google_id = login_session.get('google_id')
if stored_access_token is not None and google_id == stored_google_id:
response = make_response(json.dumps('Current user is already connected.'), 200)
response.headers['Content-Type'] = 'application/json'
return response
# Store the access token in the session for later use.
login_session['access_token'] = credentials.access_token
login_session['google_id'] = google_id
# Use google plus API to get more user info
userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo"
params = {'access_token': credentials.access_token, 'alt': 'json'}
answer = requests.get(userinfo_url, params=params)
data = answer.json()
# Store data that we are intersted in
login_session['username'] = data['name']
login_session['picture'] = data['picture']
login_session['email'] = data['email']
# see if user exists, if it doesn't create new owner
user_id = getUserID(login_session['email'])
if not user_id:
user_id = createUser(login_session)
login_session['user_id'] = user_id
output = ''
output += '<h1>Welcome, '
output += login_session['username']
output += '!</h1>'
output += '<img src="'
output += login_session['picture']
output += ' " style = "width: 300px; height: 300px;border-radius: 150px;-webkit-border-radius: 150px;-moz-border-radius: 150px;"> '
flash("you are now logged in as {}".format(login_session['username'])) # to make interaction with user
print ("done!")
return output
# Revoke current user and reset their login_session.
@app.route('/gdisconnect')
def gdisconnect():
# Only disconnect a connected user.
access_token = login_session.get('access_token')
print (access_token)
if access_token is None:
print ('Access Token is None')
response = make_response(json.dumps('Current user not connected.'), 401)
response.headers['Content-Type'] = 'application/json'
return response
# use acces token and pass it into Google's url
print ('In gdisconnect access token is %s', access_token)
print ('User name is: ')
print (login_session['username'])
url = 'https://accounts.google.com/o/oauth2/revoke?token=%s' % access_token
print ('shaghaaaaaal')
h = httplib2.Http()
result = h.request(url, 'GET')[0]
print ('result is ')
print (result)
if result['status'] == '200' or result['status'] == '400':
username = login_session['username']
del login_session['access_token']
del login_session['google_id']
del login_session['username']
del login_session['email']
del login_session['picture']
#response = make_response(json.dumps('Successfully disconnected.'), 200)
#response.headers['Content-Type'] = 'application/json'
flash("{} logged out!".format(username)) # to make interaction with user
return redirect(url_for('restaurantName'))
else:
response = make_response(json.dumps('Failed to revoke token for given user.', 401))
response.headers['Content-Type'] = 'application/json'
return response
# 2 list all restaurant Name
@app.route('/')
@app.route('/restaurant')
def restaurantName():
restaurant = session.query(Restaurant).all()
if 'username' not in login_session:
return render_template('publicmain.html', restaurant=restaurant)
else:
return render_template('main.html', restaurant=restaurant)
# delete restaurant
@app.route('/restaurant/<int:restaurant_id>/delete', methods = ['GET', 'POST'])
def restaurantDelete(restaurant_id):
deletedRestaurant = session.query(Restaurant).filter_by(id=restaurant_id).one()
# verify that a user is logged in
if 'username' not in login_session:
return redirect('/login')
if deletedRestaurant.user_id != login_session['user_id']:
return "<script>{alert('You are not authorized to delete this Restaurant.');}</script>"
deletedItems = session.query(MenuItem).filter_by(restaurant_id=restaurant_id).all()
if request.method == 'POST':
session.delete(deletedRestaurant)
for deletedItem in deletedItems:
session.delete(deletedItem)
session.commit()
flash("{} Restaurant Deleted!".format(deletedRestaurant.name)) # to make interaction with user
return redirect(url_for('restaurantName'))
else:
return render_template('deleterestaurant.html', restaurant_id=restaurant_id, restaurant=deletedRestaurant)
# 1: create new restaurant
@app.route('/restaurant/new/', methods=['GET', 'POST'])
def newRestaurant():
# verify that a user is logged in
if 'username' not in login_session:
return redirect('/login')
if request.method == 'POST':
newrestaurant = Restaurant(name=request.form['name'], user_id=login_session['user_id'])
session.add(newrestaurant)
session.commit()
return redirect(url_for('restaurantName'))
else:
return render_template('newrestaurant.html')
# 3: list menu items in restaurant using its id
@app.route('/restaurant/<int:restaurant_id>/menu')
@app.route('/restaurant/<int:restaurant_id>/')
def restaurantMenu(restaurant_id):
restaurant = session.query(Restaurant).filter_by(id=restaurant_id).one()
creator = getUserInfo(restaurant.user_id)
items = session.query(MenuItem).filter_by(restaurant_id=restaurant.id)
if 'username' not in login_session or creator.id != login_session['user_id']:
return render_template('publicmenu.html', restaurant=restaurant, items=items, creator=creator)
else:
return render_template('menu.html', restaurant=restaurant, items=items, creator=creator)
# 4: Create route for newMenuItem Function
@app.route('/restaurant/<int:restaurant_id>/new/', methods=['GET', 'POST'])
def newMenuItem(restaurant_id):
# verify that a user is logged in
if 'username' not in login_session:
return redirect('/login')
restaurant = session.query(Restaurant).filter_by(id=restaurant_id).one()
if request.method == 'POST':
newItem = MenuItem(restaurant_id=restaurant_id, user_id=restaurant.user_id)
if request.form['name']:
newItem.name = request.form['name']
if request.form['price']:
newItem.price = request.form['price']
if request.form['description']:
newItem.description = request.form['description']
session.add(newItem)
session.commit()
flash("{} menu item Created!".format(newItem.name))
return redirect(url_for('restaurantMenu', restaurant_id=restaurant_id, restaurant=restaurant))
else:
return render_template('newmenuitem.html', restaurant_id=restaurant_id, restaurant=restaurant)
# 5: Create route for editMenuItem function
@app.route('/restaurant/<int:restaurant_id>/<int:menu_id>/edit', methods = ['GET', 'POST'])
def editMenuItem(restaurant_id, menu_id):
editedItem = session.query(MenuItem).filter_by(id=menu_id).one()
# verify that a user is logged in
if 'username' not in login_session:
return redirect('/login')
if editedItem.user_id != login_session['user_id']:
return "<script>{alert('You are not authorized to edit this item.');}</script>"
if request.method == 'POST':
if request.form['name']:
editedItem.name = request.form['name']
if request.form['price']:
editedItem.price = request.form['price']
if request.form['description']:
editedItem.description = request.form['description']
session.add(editedItem)
session.commit()
flash("{} menu item Edited!".format(editedItem.name)) # to make interaction with user
return redirect(url_for('restaurantMenu', restaurant_id=restaurant_id))
else:
return render_template(
'editmenuitem.html', restaurant_id=restaurant_id, menu_id=menu_id, item=editedItem)
# 6: Create a route for deleteMenuItem function
@app.route('/restaurant/<int:restaurant_id>/<int:menu_id>/delete/', methods = ['GET', 'POST'])
def deleteMenuItem(restaurant_id, menu_id):
deletedItem = session.query(MenuItem).filter_by(id=menu_id).one()
# verify that a user is logged in
if 'username' not in login_session:
return redirect('/login')
if deletedItem.user_id != login_session['user_id']:
return "<script>{alert('You are not authorized to delete this Item.');}</script>"
if request.method == 'POST':
session.delete(deletedItem)
session.commit()
flash("{} menu item Deleted!".format(deletedItem.name)) # to make interaction with user
return redirect(url_for('restaurantMenu', restaurant_id=restaurant_id))
else:
return render_template('deletemenuitem.html', restaurant_id=restaurant_id, menu_id=menu_id, item=deletedItem)
# 7: Create JSON file for restaurant menu
@app.route('/restaurant/<int:restaurant_id>/menu/JSON')
def restaurantMenuJSON(restaurant_id):
# verify that a user is logged in
if 'username' not in login_session:
return redirect('/login')
restaurant = session.query(Restaurant).filter_by(id=restaurant_id).one()
items = session.query(MenuItem).filter_by(
restaurant_id=restaurant_id).all()
return jsonify(MenuItems=[i.serialize for i in items])
# ADD JSON ENDPOINT HERE
@app.route('/restaurant/<int:restaurant_id>/menu/<int:menu_id>/JSON')
def menuItemJSON(restaurant_id, menu_id):
menuItem = session.query(MenuItem).filter_by(id=menu_id).one()
return jsonify(MenuItem=menuItem.serialize)
if __name__ == '__main__':
app.secret_key = 'super_secret_key'
app.debug = True
app.run(host = '0.0.0.0', port = 5000)