From 91ce0d9095dff7076a32344cca2b3d76733f5ee1 Mon Sep 17 00:00:00 2001
From: Jonas Leder <jonas@jonasled.de>
Date: Tue, 26 Nov 2019 19:36:19 +0100
Subject: [PATCH] added api
---
main.py | 67 ++++++++++++++++++++++++++++++++++++--
templates/editEntries.html | 1 +
2 files changed, 66 insertions(+), 2 deletions(-)
diff --git a/main.py b/main.py
index 89ad118..e263274 100644
--- a/main.py
+++ b/main.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
from waitress import serve #Used as webserver (Production)
-from flask import Flask, request, render_template, redirect, abort, Markup, session, make_response #Used to prepare the dynamic pages (The main site)
+from flask import Flask, request, render_template, redirect, abort, Markup, session, make_response, jsonify #Used to prepare the dynamic pages (The main site)
import sqlite3 #Used to store the Data
import os #Used for getting the enviorement variables
import qrcode #Used to generate the QR
@@ -97,6 +97,7 @@ except:
f.close()
secretKey = open("db/secretKey.txt", "r").read()
s = URLSafeSerializer(secretKey)
+sAPI = URLSafeSerializer("api_key_" + secretKey)
index = 0
domain_prepared = ""
@@ -306,7 +307,7 @@ def ownLinks():
if(len(entriesList) == 0): response = 'you have no shorten links.' #If user has no shorten links make this message
except:
abort(500) #Shouldn't happen, 500 means internal server error
- return render_template('editEntries.html', content=response, loginbar=loginbar, cookieNotice=cookieNotice) #Put the table and the login div inside the template and server it to the user
+ return render_template('editEntries.html', content=response, loginbar=loginbar, cookieNotice=cookieNotice, apikey="your api key: " + sAPI.dumps(userID)) #Put the table and the login div inside the template and server it to the user
@app.route('/user/delete') #This function is called if a user deletes an entrie
@@ -331,6 +332,68 @@ def makeQrCode():
link = request.args.get('link')
return "data:image/jpeg;base64," + makeQR(url_scheme + "://" + link)
+@app.route('/user/api', methods=['POST'])
+def api():
+ username = "error"
+ try:
+ username = sAPI.loads(request.form['apikey'])
+ except:
+ pass
+
+ try:
+ short = request.form['short']
+ except:
+ return jsonify(
+ status="400",
+ errorCode="1",
+ Message="short link missing"
+ )
+
+ try:
+ longURL = request.form['long']
+ except:
+ return jsonify(
+ status="400",
+ errorCode="2",
+ Message="link to short is missing"
+ )
+
+ domain = short.split("/")[0]
+ if not domain in domains:
+ return jsonify(
+ status="400",
+ errorCode="3",
+ Message="domain for short link is not in allowed domain list"
+ )
+
+ with sqlite3.connect('db/urls.db') as conn: #Check if another user already used the short link
+ cursor = conn.cursor()
+ res = cursor.execute('SELECT LONG_URL FROM WEB_URL WHERE SHORT_URL=?', [short])
+ try:
+ short2 = res.fetchone()
+ already_used = False
+ if short2 is not None:
+ already_used = True
+ except:
+ pass
+
+ if not already_used: #If short link wasn't used before, insert the link in the Database.
+ res = cursor.execute(
+ 'INSERT INTO WEB_URL (LONG_URL, SHORT_URL, USERNAME) VALUES (?, ?, ?)',
+ [longURL, short, username]
+ )
+ return jsonify(
+ status="200",
+ Message="ok"
+ )
+ else:
+ return jsonify(
+ status="400",
+ errorCode="4",
+ Message="short url already in use"
+ )
+
+
if __name__ == '__main__':
table_check()# This code checks whether database table is created or not
diff --git a/templates/editEntries.html b/templates/editEntries.html
index bbd79ac..7a35797 100644
--- a/templates/editEntries.html
+++ b/templates/editEntries.html
@@ -14,6 +14,7 @@
<div class="login-page">
<div class="form">
{{content | safe}}
+ <p>{{apikey}}</p>
<p><a href="/">back</a></p>
</div>
</div>
--
GitLab