cygnal/server/routes.py

#!/usr/bin/env python
# coding: utf-8
"""
Routes definitions
"""
import arrow
import json
import os

import bottle

from server.models import Report
from server import jsonapi


class AuthenticationError(Exception):
    pass


def check_auth():
    """
    Check authentication.

    :return: Abort and return a HTTP 403 page if authentication is not ok.
    """
    if not os.getenv('API_TOKEN'):
        return

    auth = bottle.request.headers.get('Authorization', None)
    if not auth:
        raise AuthenticationError()
    parts = auth.split()
    if parts[0].lower() != 'bearer' or parts[1] != os.getenv('API_TOKEN'):
        raise AuthenticationError()

    return


def get_reports(only_active=False):
    """
    Get reports for the reports getting routes.

    .. note::

        Filtering can be done through the ``filter`` GET param, according
        to JSON API spec (http://jsonapi.org/recommendations/#filtering).

    .. note::

        By default no pagination is done. Pagination can be forced using
        ``page[size]`` to specify a number of items per page and
        ``page[number]`` to specify which page to return. Pages are numbered
        starting from 0.

    .. note::

        Sorting can be handled through the ``sort`` GET param, according to
        JSON API spec (http://jsonapi.org/format/#fetching-sorting).

    :return: The available reports objects in a JSON ``data`` dict.
    """
    # Handle CORS
    if bottle.request.method == 'OPTIONS':
        return {}

    # Handle filtering, pagination and sorting
    try:
        filters, page_number, page_size, sorting = jsonapi.JsonApiParseQuery(
            bottle.request.query,
            Report,
            default_sorting='id'
        )
    except ValueError as exc:
        return jsonapi.JsonApiError(400, "Invalid parameters: " + str(exc))

    # Query
    query = Report.select()
    if filters:
        query = query.where(*filters)
    if only_active:
        query = query.where(
            (Report.expiration_datetime == None) |
            (Report.expiration_datetime > arrow.utcnow().replace(microsecond=0).datetime)
        )
    query = query.order_by(*sorting)
    if page_number and page_size:
        query = query.paginate(page_number, page_size)

    return {
        "data": [
            r.to_json()
            for r in query
        ]
    }


@bottle.route('/api/v1/reports', ["GET", "OPTIONS"])
def get_all_reports():
    """
    API v1 GET reports route. Get all reports.

    Example::

        GET /api/v1/reports

    .. note::

        Filtering can be done through the ``filter`` GET param, according
        to JSON API spec (http://jsonapi.org/recommendations/#filtering).

    .. note::

        By default no pagination is done. Pagination can be forced using
        ``page[size]`` to specify a number of items per page and
        ``page[number]`` to specify which page to return. Pages are numbered
        starting from 0.

    .. note::

        Sorting can be handled through the ``sort`` GET param, according to
        JSON API spec (http://jsonapi.org/format/#fetching-sorting).

    :return: The available reports objects in a JSON ``data`` dict.
    """
    return get_reports(only_active=False)


@bottle.route('/api/v1/reports/active', ["GET", "OPTIONS"])
def get_active_reports():
    """
    API v1 GET reports route. Only get active reports (those with
    ``expiration_datetime`` in the future).

    Example::

        GET /api/v1/reports/active

    .. note::

        Filtering can be done through the ``filter`` GET param, according
        to JSON API spec (http://jsonapi.org/recommendations/#filtering).

    .. note::

        By default no pagination is done. Pagination can be forced using
        ``page[size]`` to specify a number of items per page and
        ``page[number]`` to specify which page to return. Pages are numbered
        starting from 0.

    .. note::

        Sorting can be handled through the ``sort`` GET param, according to
        JSON API spec (http://jsonapi.org/format/#fetching-sorting).

    :return: The available reports objects in a JSON ``data`` dict.
    """
    return get_reports(only_active=True)


@bottle.route('/api/v1/reports', ["POST", "OPTIONS"])
def post_report():
    """
    API v1 POST reports route.

    Example::

        POST /api/v1/reports
        {
            "type": "toto",
            "lat": 32,
            "lng": 27
        }
    """
    # Handle CORS
    if bottle.request.method == 'OPTIONS':
        return {}

    # Check authentication
    try:
        check_auth()
    except AuthenticationError:
        return jsonapi.JsonApiError(403, "Invalid authentication.")

    try:
        payload = json.load(bottle.request.body)
    except ValueError as exc:
        return jsonapi.JsonApiError(400, "Invalid JSON payload: " + str(exc))

    try:
        r = Report(
            type=payload['type'],
            lat=payload['lat'],
            lng=payload['lng']
        )
        # Handle expiration
        if r.type in ['accident', 'gcum']:
            r.expiration_datetime = (
                arrow.utcnow().replace(microsecond=0).shift(hours=+1).datetime
            )
        r.save()
    except KeyError as exc:
        return jsonapi.JsonApiError(400, "Invalid report payload: " + str(exc))

    return {
        "data": r.to_json()
    }


@bottle.route('/api/v1/reports/:id/upvote', ["POST", "OPTIONS"])
def upvote_report(id):
    """
    API v1 POST upvote route.

    Example::

        POST /api/v1/reports/1/upvote
    """
    # Handle CORS
    if bottle.request.method == 'OPTIONS':
        return {}

    # Check authentication
    try:
        check_auth()
    except AuthenticationError:
        return jsonapi.JsonApiError(403, "Invalid authentication.")

    r = Report.get(Report.id == id)
    if not r:
        return jsonapi.JsonApiError(404, "Invalid report id.")
    r.upvotes += 1
    r.save()

    return {
        "data": r.to_json()
    }


@bottle.route('/api/v1/reports/:id/downvote', ["POST", "OPTIONS"])
def downvote_report(id):
    """
    API v1 POST downvote route.

    Example::

        POST /api/v1/reports/1/downvote
    """
    # Handle CORS
    if bottle.request.method == 'OPTIONS':
        return {}

    # Check authentication
    try:
        check_auth()
    except AuthenticationError:
        return jsonapi.JsonApiError(403, "Invalid authentication.")

    r = Report.get(Report.id == id)
    if not r:
        return jsonapi.JsonApiError(404, "Invalid report id.")
    r.downvotes += 1
    r.save()

    return {
        "data": r.to_json()
    }
Continue server side code 2018-06-25 17:12:17 +02:00			`#!/usr/bin/env python`
			`# coding: utf-8`
			`"""`
			`Routes definitions`
			`"""`
Better handling of expiration of GCUM and accidents report types. 2018-07-10 15:55:45 +02:00			`import arrow`
Continue server side code 2018-06-25 17:12:17 +02:00			`import json`
Use a token to protect POST API queries 2018-07-18 15:30:30 +02:00			`import os`
Continue server side code 2018-06-25 17:12:17 +02:00
			`import bottle`

			`from server.models import Report`
			`from server import jsonapi`


Use a token to protect POST API queries 2018-07-18 15:30:30 +02:00			`class AuthenticationError(Exception):`
			`pass`


			`def check_auth():`
			`"""`
			`Check authentication.`

			`:return: Abort and return a HTTP 403 page if authentication is not ok.`
			`"""`
			`if not os.getenv('API_TOKEN'):`
			`return`

			`auth = bottle.request.headers.get('Authorization', None)`
			`if not auth:`
			`raise AuthenticationError()`
			`parts = auth.split()`
			`if parts[0].lower() != 'bearer' or parts[1] != os.getenv('API_TOKEN'):`
			`raise AuthenticationError()`

			`return`


Better handling of expiration of GCUM and accidents report types. 2018-07-10 15:55:45 +02:00			`def get_reports(only_active=False):`
Continue server side code 2018-06-25 17:12:17 +02:00			`"""`
Better handling of expiration of GCUM and accidents report types. 2018-07-10 15:55:45 +02:00			`Get reports for the reports getting routes.`
Continue server side code 2018-06-25 17:12:17 +02:00
			`.. note::`

			Filtering can be done through the ``filter`` GET param, according
			`to JSON API spec (http://jsonapi.org/recommendations/#filtering).`

			`.. note::`

			`By default no pagination is done. Pagination can be forced using`
			``page[size]`` to specify a number of items per page and
			``page[number]`` to specify which page to return. Pages are numbered
			`starting from 0.`

			`.. note::`

			Sorting can be handled through the ``sort`` GET param, according to
			`JSON API spec (http://jsonapi.org/format/#fetching-sorting).`

			:return: The available reports objects in a JSON ``data`` dict.
			`"""`
			`# Handle CORS`
			`if bottle.request.method == 'OPTIONS':`
			`return {}`

			`# Handle filtering, pagination and sorting`
			`try:`
			`filters, page_number, page_size, sorting = jsonapi.JsonApiParseQuery(`
			`bottle.request.query,`
			`Report,`
			`default_sorting='id'`
			`)`
			`except ValueError as exc:`
			`return jsonapi.JsonApiError(400, "Invalid parameters: " + str(exc))`

			`# Query`
			`query = Report.select()`
			`if filters:`
			`query = query.where(*filters)`
Better handling of expiration of GCUM and accidents report types. 2018-07-10 15:55:45 +02:00			`if only_active:`
			`query = query.where(`
			`(Report.expiration_datetime == None) \|`
			`(Report.expiration_datetime > arrow.utcnow().replace(microsecond=0).datetime)`
			`)`
Continue server side code 2018-06-25 17:12:17 +02:00			`query = query.order_by(*sorting)`
			`if page_number and page_size:`
			`query = query.paginate(page_number, page_size)`

			`return {`
			`"data": [`
			`r.to_json()`
			`for r in query`
			`]`
			`}`


Better handling of expiration of GCUM and accidents report types. 2018-07-10 15:55:45 +02:00			`@bottle.route('/api/v1/reports', ["GET", "OPTIONS"])`
			`def get_all_reports():`
			`"""`
			`API v1 GET reports route. Get all reports.`

			`Example::`

			`GET /api/v1/reports`

			`.. note::`

			Filtering can be done through the ``filter`` GET param, according
			`to JSON API spec (http://jsonapi.org/recommendations/#filtering).`

			`.. note::`

			`By default no pagination is done. Pagination can be forced using`
			``page[size]`` to specify a number of items per page and
			``page[number]`` to specify which page to return. Pages are numbered
			`starting from 0.`

			`.. note::`

			Sorting can be handled through the ``sort`` GET param, according to
			`JSON API spec (http://jsonapi.org/format/#fetching-sorting).`

			:return: The available reports objects in a JSON ``data`` dict.
			`"""`
			`return get_reports(only_active=False)`


			`@bottle.route('/api/v1/reports/active', ["GET", "OPTIONS"])`
			`def get_active_reports():`
			`"""`
			`API v1 GET reports route. Only get active reports (those with`
			``expiration_datetime`` in the future).

			`Example::`

			`GET /api/v1/reports/active`

			`.. note::`

			Filtering can be done through the ``filter`` GET param, according
			`to JSON API spec (http://jsonapi.org/recommendations/#filtering).`

			`.. note::`

			`By default no pagination is done. Pagination can be forced using`
			``page[size]`` to specify a number of items per page and
			``page[number]`` to specify which page to return. Pages are numbered
			`starting from 0.`

			`.. note::`

			Sorting can be handled through the ``sort`` GET param, according to
			`JSON API spec (http://jsonapi.org/format/#fetching-sorting).`

			:return: The available reports objects in a JSON ``data`` dict.
			`"""`
			`return get_reports(only_active=True)`


Continue server side code 2018-06-25 17:12:17 +02:00			`@bottle.route('/api/v1/reports', ["POST", "OPTIONS"])`
			`def post_report():`
			`"""`
			`API v1 POST reports route.`

			`Example::`

			`POST /api/v1/reports`
			`{`
			`"type": "toto",`
			`"lat": 32,`
			`"lng": 27`
			`}`
			`"""`
			`# Handle CORS`
			`if bottle.request.method == 'OPTIONS':`
			`return {}`

Use a token to protect POST API queries 2018-07-18 15:30:30 +02:00			`# Check authentication`
			`try:`
			`check_auth()`
			`except AuthenticationError:`
			`return jsonapi.JsonApiError(403, "Invalid authentication.")`

Continue server side code 2018-06-25 17:12:17 +02:00			`try:`
			`payload = json.load(bottle.request.body)`
			`except ValueError as exc:`
			`return jsonapi.JsonApiError(400, "Invalid JSON payload: " + str(exc))`

			`try:`
Better handling of expiration of GCUM and accidents report types. 2018-07-10 15:55:45 +02:00			`r = Report(`
Continue server side code 2018-06-25 17:12:17 +02:00			`type=payload['type'],`
			`lat=payload['lat'],`
			`lng=payload['lng']`
			`)`
Better handling of expiration of GCUM and accidents report types. 2018-07-10 15:55:45 +02:00			`# Handle expiration`
			`if r.type in ['accident', 'gcum']:`
			`r.expiration_datetime = (`
			`arrow.utcnow().replace(microsecond=0).shift(hours=+1).datetime`
			`)`
			`r.save()`
Continue server side code 2018-06-25 17:12:17 +02:00			`except KeyError as exc:`
			`return jsonapi.JsonApiError(400, "Invalid report payload: " + str(exc))`

			`return {`
Show the reports as soon as they are added in the db 2018-06-26 11:39:43 +02:00			`"data": r.to_json()`
Continue server side code 2018-06-25 17:12:17 +02:00			`}`
Clicking on a report now shows more infos and let users dismiss it You should update your database by running ``` ALTER TABLE report ADD COLUMN (upvotes INTEGER NOT NULL, downvotes INTEGER NOT NULL) ``` Fix issue #8. 2018-07-05 22:40:24 +02:00

			`@bottle.route('/api/v1/reports/:id/upvote', ["POST", "OPTIONS"])`
			`def upvote_report(id):`
			`"""`
			`API v1 POST upvote route.`

			`Example::`

			`POST /api/v1/reports/1/upvote`
			`"""`
			`# Handle CORS`
			`if bottle.request.method == 'OPTIONS':`
			`return {}`

Use a token to protect POST API queries 2018-07-18 15:30:30 +02:00			`# Check authentication`
			`try:`
			`check_auth()`
			`except AuthenticationError:`
			`return jsonapi.JsonApiError(403, "Invalid authentication.")`

Clicking on a report now shows more infos and let users dismiss it You should update your database by running ``` ALTER TABLE report ADD COLUMN (upvotes INTEGER NOT NULL, downvotes INTEGER NOT NULL) ``` Fix issue #8. 2018-07-05 22:40:24 +02:00			`r = Report.get(Report.id == id)`
			`if not r:`
			`return jsonapi.JsonApiError(404, "Invalid report id.")`
			`r.upvotes += 1`
			`r.save()`

			`return {`
			`"data": r.to_json()`
			`}`


			`@bottle.route('/api/v1/reports/:id/downvote', ["POST", "OPTIONS"])`
			`def downvote_report(id):`
			`"""`
			`API v1 POST downvote route.`

			`Example::`

			`POST /api/v1/reports/1/downvote`
			`"""`
			`# Handle CORS`
			`if bottle.request.method == 'OPTIONS':`
			`return {}`

Use a token to protect POST API queries 2018-07-18 15:30:30 +02:00			`# Check authentication`
			`try:`
			`check_auth()`
			`except AuthenticationError:`
			`return jsonapi.JsonApiError(403, "Invalid authentication.")`

Clicking on a report now shows more infos and let users dismiss it You should update your database by running ``` ALTER TABLE report ADD COLUMN (upvotes INTEGER NOT NULL, downvotes INTEGER NOT NULL) ``` Fix issue #8. 2018-07-05 22:40:24 +02:00			`r = Report.get(Report.id == id)`
			`if not r:`
			`return jsonapi.JsonApiError(404, "Invalid report id.")`
			`r.downvotes += 1`
			`r.save()`

			`return {`
			`"data": r.to_json()`
			`}`