password support for API

d1849b96 · Jonas Leder · 70d2b0e0 · d1849b96 · d1849b96 · d1849b96
Commit d1849b96 authored 5 years ago by Jonas Leder
--- a/api.py
+++ b/api.py
@@ -2,15 +2,15 @@ from flask import jsonify, render_template
 from sqlite3 import connect
 from makeqr import makeQR

-def apiGet(request, url_scheme, s, sAPI):
+def apiGet(request, url_scheme, s, sAPI, passwordProtected):
    try:
        userID = sAPI.dumps(s.loads(request.cookies.get('userID')))
    except:
        userID = ""

-    return render_template("apiDocs.html", apikey=userID, domain=request.headers['Host'], url_scheme=url_scheme)
+    return render_template("apiDocs.html", apikey=userID, domain=request.headers['Host'], url_scheme=url_scheme, passwordProtected=passwordProtected)

-def apiPost(request, url_scheme, domain, sAPI):
+def apiPost(request, url_scheme, domain, sAPI, passwordProtected, password):
    username = "error"
    try:
        username = sAPI.loads(request.form['apikey'])
@@ -41,6 +41,21 @@ def apiPost(request, url_scheme, domain, sAPI):
            message="domain for short link is not in allowed domain list"
        )
    
+    if passwordProtected:
+        try:
+            pw = request.form["password"]
+            if( pw != password):
+                return jsonify(
+                    status="5",
+                    message="Wrong password."
+                )      
+        except:
+            return jsonify(
+                status="5",
+                message="Wrong password."
+            )   
+
+    
    with connect('db/urls.db') as conn: #Check if another user already used the short link
        cursor = conn.cursor()
        res = cursor.execute('SELECT LONG_URL FROM WEB_URL WHERE SHORT_URL=?', [short])

--- a/main.py
+++ b/main.py
@@ -199,12 +199,12 @@ def makeQrCode():

 @app.route('/user/api', methods=['POST'])
 def api():
-    return apiPost(request, url_scheme, domain, sAPI)
+    return apiPost(request, url_scheme, domain, sAPI, passwordProtected, password)


 @app.route('/user/api', methods=['GET'])
 def apiDocs():
-    return apiGet(request, url_scheme, s, sAPI)
+    return apiGet(request, url_scheme, s, sAPI, passwordProtected)

    
 def startup(production):

--- a/templates/apiDocs.html
+++ b/templates/apiDocs.html
@@ -58,6 +58,9 @@
        <li>long: the long URL you want to short</li>
        <li>qr: if you add this parameter you will get an base64 encoded QR code image</li>
        <li>apikey: you can add this argument, if you want to assign this link to your account.</li>
+        {% if passwordProtected %}
+        <li>password: this value contains the password, that is needed to short a link.</li>
+        {% endif %}
    </ul>
    <p>example API call with curl: <i>curl -d "{% if apikey %}apikey={{apikey}}&{% endif %}short={{domain}}/example&long=http://example.com" -X POST {{url_scheme}}://{{domain}}/user/api</i>

@@ -96,6 +99,12 @@
            <td>4</td>
            <td>The short URL is already taken.</td>
        </tr>
+        {% if passwordProtected %}
+        <tr>
+            <td>5</td>
+            <td>Wrong Password</td>
+        </tr>
+        {% endif %}

    </table>