Skip to content
Snippets Groups Projects
Commit d1849b96 authored by Jonas Leder's avatar Jonas Leder
Browse files

password support for API

parent 70d2b0e0
Branches
Tags
Loading
Pipeline #238 passed
......@@ -2,15 +2,15 @@ from flask import jsonify, render_template
from sqlite3 import connect
from makeqr import makeQR
def apiGet(request, url_scheme, s, sAPI):
def apiGet(request, url_scheme, s, sAPI, passwordProtected):
try:
userID = sAPI.dumps(s.loads(request.cookies.get('userID')))
except:
userID = ""
return render_template("apiDocs.html", apikey=userID, domain=request.headers['Host'], url_scheme=url_scheme)
return render_template("apiDocs.html", apikey=userID, domain=request.headers['Host'], url_scheme=url_scheme, passwordProtected=passwordProtected)
def apiPost(request, url_scheme, domain, sAPI):
def apiPost(request, url_scheme, domain, sAPI, passwordProtected, password):
username = "error"
try:
username = sAPI.loads(request.form['apikey'])
......@@ -41,6 +41,21 @@ def apiPost(request, url_scheme, domain, sAPI):
message="domain for short link is not in allowed domain list"
)
if passwordProtected:
try:
pw = request.form["password"]
if( pw != password):
return jsonify(
status="5",
message="Wrong password."
)
except:
return jsonify(
status="5",
message="Wrong password."
)
with connect('db/urls.db') as conn: #Check if another user already used the short link
cursor = conn.cursor()
res = cursor.execute('SELECT LONG_URL FROM WEB_URL WHERE SHORT_URL=?', [short])
......
......@@ -199,12 +199,12 @@ def makeQrCode():
@app.route('/user/api', methods=['POST'])
def api():
return apiPost(request, url_scheme, domain, sAPI)
return apiPost(request, url_scheme, domain, sAPI, passwordProtected, password)
@app.route('/user/api', methods=['GET'])
def apiDocs():
return apiGet(request, url_scheme, s, sAPI)
return apiGet(request, url_scheme, s, sAPI, passwordProtected)
def startup(production):
......
......@@ -58,6 +58,9 @@
<li>long: the long URL you want to short</li>
<li>qr: if you add this parameter you will get an base64 encoded QR code image</li>
<li>apikey: you can add this argument, if you want to assign this link to your account.</li>
{% if passwordProtected %}
<li>password: this value contains the password, that is needed to short a link.</li>
{% endif %}
</ul>
<p>example API call with curl: <i>curl -d "{% if apikey %}apikey={{apikey}}&{% endif %}short={{domain}}/example&long=http://example.com" -X POST {{url_scheme}}://{{domain}}/user/api</i>
......@@ -96,6 +99,12 @@
<td>4</td>
<td>The short URL is already taken.</td>
</tr>
{% if passwordProtected %}
<tr>
<td>5</td>
<td>Wrong Password</td>
</tr>
{% endif %}
</table>
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment