Ethosa
/
kp


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107
							# -*- coding: utf-8 -*-
import json
from secrets import token_hex

from fastapi import FastAPI, Request
from fastapi.middleware.cors import CORSMiddleware
from fastapi.responses import JSONResponse

from database import db, cur
from config import ADMIN_SECRET
from errors import Error
from models import CreateUser, Event

app = FastAPI()
app.add_middleware(
    CORSMiddleware,
    allow_methods=['*'],
    allow_headers=['*'],
    allow_origins=['*'],
    allow_credentials=True
)


async def set_body(req: Request, body: bytes):
    async def receive():
        return {"type": "http.request", "body": body}
    req._receive = receive


@app.middleware('http')
async def middleware(req: Request, call_next):
    method = req.method
    if method == 'POST':
        body = await req.body()
        await set_body(req, body)
        body = json.loads(body)
        if 'access_token' in body:
            u = cur.execute('SELECT * FROM user WHERE access_token = ?', (body['access_token'],)).fetchone()
            if u[4] != 1:
                return JSONResponse(content=Error.ACCEPT_DENIED)
        elif 'secret' not in body or body['secret'] != ADMIN_SECRET:
            return JSONResponse(content=Error.ACCEPT_DENIED)
    return await call_next(req)


@app.post('/user')
async def create_user(user: CreateUser):
    u = cur.execute('SELECT * FROM user WHERE login = ?', (user.login,)).fetchone()
    if u is not None:
        return Error.LOGIN_IS_EXISTS
    roles = [i[0] for i in cur.execute('SELECT * FROM role').fetchall()]
    if user.role not in roles:
        return Error.ROLE_IS_NOT_EXISTS
    token = token_hex(32)
    cur.execute(
        'INSERT INTO user (name, role, login, password, access_token) VALUES (?, ?, ?, ?, ?)',
        (user.name, user.role, user.login, user.password, token)
    )
    db.commit()
    return {
        'response': {
            'id': cur.lastrowid,
            'access_token': token
        }
    }


@app.get('/user{user_id}')
async def get_user_data(user_id: int):
    u = cur.execute('SELECT * FROM user WHERE id = ?', (user_id,)).fetchone()
    if u is None:
        return Error.USER_IS_NOT_EXISTS
    role = cur.execute('SELECT * FROM role WHERE id = ?', (u[4],)).fetchone()
    return {'response': {
        'id': u[0],
        'name': u[1],
        'login': u[2],
        'role': role[1]
    }}


@app.post('/event')
async def create_event(event: Event):
    u = cur.execute('SELECT * FROM user WHERE id = ?', (event.author,)).fetchone()
    if u is None:
        return Error.USER_IS_NOT_EXISTS
    cur.execute(
        'INSERT INTO event (title, author, date) VALUES (?, ?, ?)',
        (event.title, event.author, event.date)
    )
    db.commit()
    return {'response': {
        'id': cur.lastrowid,
    }}


@app.get('/event{event_id}')
async def get_event_by_id(event_id: int):
    event = cur.execute('SELECT * FROM event WHERE id = ?', (event_id,)).fetchone()
    if event is None:
        return Error.EVENT_IS_NOT_EXISTS
    return {'response': {
        'id': event[0],
        'author': event[1],
        'title': event[2],
        'date': event[3]
    }}