-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathapp.py
91 lines (74 loc) · 2.77 KB
/
app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
from flask import Flask, request, jsonify
from flask_cors import CORS # Import CORS
from utils import hash_password, generate_token
import sqlite3
import json
app = Flask(__name__)
# Enable CORS for all routes
CORS(app)
app.config['DEBUG'] = True
app.secret_key = 'xuysoe54Puj990'
@app.route('/', methods=['GET'])
def entry():
return jsonify({"error": "Invalid credentials"}), 401
@app.route('/login', methods=['POST'])
def login():
data = request.get_json()
username = data.get('username')
password = data.get('password')
# Verify user credentials (hash password comparison)
query = f"SELECT * FROM users WHERE username='{username}' AND password='{hash_password(password)}'"
conn = sqlite3.connect('users.db')
cursor = conn.cursor()
user = cursor.execute(query).fetchone()
if user:
# Generate JWT token
token = generate_token(username)
# Decode token to string and return
return jsonify({"token": token.decode('utf-8')}) # Decode bytes to string
return jsonify({"error": "Invalid credentials"}), 401
@app.route('/register', methods=['POST'])
def register():
data = request.get_json()
if len(data.get('password', '')) > 1:
hashed_password = hash_password(data['password'])
# Create connection to SQLite database
conn = sqlite3.connect('users.db')
cursor = conn.cursor()
# Ensure the users table is created if it does not exist
cursor.execute('''
CREATE TABLE IF NOT EXISTS users (
id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT UNIQUE NOT NULL,
password TEXT NOT NULL
)
''')
try:
# Use parameterized queries to prevent SQL injection
cursor.execute(
'INSERT INTO users (username, password) VALUES (?, ?)',
(data['username'], hashed_password)
)
conn.commit()
return jsonify({"message": "User registered successfully"})
except sqlite3.IntegrityError:
# Handle unique constraint violation (duplicate username)
return jsonify({"error": "Username already exists"}), 400
finally:
conn.close()
else:
return jsonify({"error": "Invalid password"}), 400
@app.route('/api/user/<id>', methods=['GET'])
def get_user(id):
conn = sqlite3.connect('users.db')
cursor = conn.cursor()
user = cursor.execute(f"SELECT * FROM users WHERE id={id}").fetchone()
if user:
return jsonify({
"id": user[0],
"username": user[1],
"password_hash": user[2]
})
return jsonify({"error": "User not found"}), 404
if __name__ == '__main__':
app.run(port=5000, debug=True)