server api updates

* working through base functionality

server/scripts/PopufareAPI.py

@@ -25,6 +25,7 @@ import mysql.connector
 import time
 import datetime
 import copy
+import hashlib
 
 #conn = mysql.connector.connect(user='bus', password='bus', host='localhost', database='busdb', port=3306)
 
@@ -91,6 +92,14 @@ def Request(ctx):
 
   return res
 
+
+##                    _ _        __       
+##   ___ __ _ _ __ __| (_)_ __  / _| ___  
+##  / __/ _` | '__/ _` | | '_ \| |_ / _ \ 
+## | (_| (_| | | | (_| | | | | |  _| (_) |
+##  \___\__,_|_|  \__,_|_|_| |_|_|  \___/ 
+##                                        
+
 def CardInfo(db, ctx):
   card_res = {}
 
@@ -111,20 +120,22 @@ def CardInfo(db, ctx):
     card_res = Card(db, {"action":"get", "logical_card_id": cardid})
     card_res["pass"] = []
 
-    ## through each of the passes on the card
-    ##
-    pass_query = "select user_pass_id from user_pass where logical_card_id = %s and expired = 0 order by queue_order asc"
-    pass_cursor = db.cursor()
-    pass_cursor.execute(pass_query, [card_res["logical_card_id"]])
-    pass_rows = pass_cursor.fetchall()
-    for pass_row in pass_rows:
+    if card_res["result"] == "success":
+
+      ## through each of the passes on the card
+      ##
+      pass_query = "select user_pass_id from user_pass where logical_card_id = %s and expired = 0 order by queue_order asc"
+      pass_cursor = db.cursor()
+      pass_cursor.execute(pass_query, [card_res["logical_card_id"]])
+      pass_rows = pass_cursor.fetchall()
+      for pass_row in pass_rows:
 
-      pass_res = Pass(db, {"action":"get", "user_pass_id":pass_row[0]})
-      card_res["pass"].append(pass_res)
+        pass_res = Pass(db, {"action":"get", "user_pass_id":pass_row[0]})
+        card_res["pass"].append(pass_res)
 
-    card_res["user"] = {}
-    if ((card_res["userid"] is not None) and (int(card_res["userid"]) >= 0)):
-      card_res["user"] = User(db, {"action":"get", "userid": card_res["userid"] })
+      card_res["user"] = {}
+      if ((card_res["userid"] is not None) and (int(card_res["userid"]) >= 0)):
+        card_res["user"] = User(db, {"action":"get", "userid": card_res["userid"] })
 
 
   elif action == "search":
@@ -134,12 +145,20 @@ def CardInfo(db, ctx):
     for cid in res_cardid["logical_card_ids"]:
       _c = CardInfo(db, {"action":"get", "logical_card_id":cid})
       card_res["cards"].append(_c)
+    card_res["result"] = "success"
 
   return card_res
 
+##                      _        __       
+##  _   _ ___  ___ _ __(_)_ __  / _| ___  
+## | | | / __|/ _ \ '__| | '_ \| |_ / _ \ 
+## | |_| \__ \  __/ |  | | | | |  _| (_) |
+##  \__,_|___/\___|_|  |_|_| |_|_|  \___/ 
+##                                        
 
 def UserInfo(db, ctx):
   res = {}
+  res["result"] = "fail"
   userid = -1
   if ("userid" in ctx):
     userid = ctx["userid"]
@@ -179,6 +198,7 @@ def UserInfo(db, ctx):
     card_res = CardInfo(db, {"logical_card_id":row[0]})
     res["card"].append(card_res)
 
+  res["result"] = "success"
   return res
 
 def _update_pass_bits(cursor, passid):
@@ -204,6 +224,12 @@ def _update_pass_bits(cursor, passid):
   "( select min(x.queue_order) from user_pass x where x.logical_card_id = %s and x.expired = 0 )"
   cursor.execute(q, [cardid,cardid])
 
+##             _           _               
+##  _ __ _   _| | ___  ___| | __ _ ___ ___ 
+## | '__| | | | |/ _ \/ __| |/ _` / __/ __|
+## | |  | |_| | |  __/ (__| | (_| \__ \__ \
+## |_|   \__,_|_|\___|\___|_|\__,_|___/___/
+##                                         
 
 def Ruleclass(db, ctx):
   res = {}
@@ -229,6 +255,13 @@ def Ruleclass(db, ctx):
   return res
 
 
+##
+##  _ __   __ _ ___ ___
+## | '_ \ / _` / __/ __|
+## | |_) | (_| \__ \__ \
+## | .__/ \__,_|___/___/
+## |_|
+
 def Pass(db, ctx):
   res = {}
   passid = -1
@@ -247,6 +280,7 @@ def Pass(db, ctx):
     row = cursor.fetchone()
 
     if row is not None:
+      res["result"] = "success"
       res["user_pass_id"] = passid 
       for idx,f in enumerate(pass_fields):
         if isinstance(row[idx], datetime.datetime):
@@ -254,47 +288,54 @@ def Pass(db, ctx):
         else:
           res[f] = row[idx]
     else:
+      res["result"] = "fail"
       res["api_comment"] = "pass not found"
 
 
   elif (ctx["action"] == "add"):
 
-    ## fill in some default values
-    ##
-    dt = time.strftime('%Y-%m-%d %H:%M:%S')
-    if "issued" not in ctx: ctx["issued"] = dt
-    if "expired" not in ctx: ctx["expired"] = 0
-    if "active" not in ctx: ctx["active"] = 0
-
+    if (not "logical_card_id" in ctx) or (ctx["logical_card_id"] == ''):
+      res["result"] = "fail"
+      res["api_comment"] = "must have logical_card_id to add pass"
+    else:
 
-    if "logical_card_id" in ctx:
-      cardid = ctx["logical_card_id"]
-      _q = "select queue_order from user_pass where logical_card_id = %s and expired = 0 order by queue_order desc limit 1"
-      _c = db.cursor()
-      _c.execute(_q, [cardid])
-      _r = _c.fetchone()
-      if _r is not None:
-        ctx["queue_order"] = int(_r[0])+1
+      ## fill in some default values
+      ##
+      dt = time.strftime('%Y-%m-%d %H:%M:%S')
+      if "issued" not in ctx: ctx["issued"] = dt
+      if "expired" not in ctx: ctx["expired"] = 0
+      if "active" not in ctx: ctx["active"] = 0
+
+
+      if "logical_card_id" in ctx:
+        cardid = ctx["logical_card_id"]
+        _q = "select queue_order from user_pass where logical_card_id = %s and expired = 0 order by queue_order desc limit 1"
+        _c = db.cursor()
+        _c.execute(_q, [cardid])
+        _r = _c.fetchone()
+        if _r is not None:
+          ctx["queue_order"] = int(_r[0])+1
+        else:
+          ctx["active"] = 1
+          ctx["queue_order"] = 0
       else:
-        ctx["active"] = 1
         ctx["queue_order"] = 0
-    else:
-      ctx["queue_order"] = 0
 
-    for f in pass_fields:
-      if f in ctx:  field_vals.append(ctx[f])
-      else:         field_vals.append(None)
+      for f in pass_fields:
+        if f in ctx:  field_vals.append(ctx[f])
+        else:         field_vals.append(None)
 
-    query = "insert into user_pass (" + ",".join(fields) + ") values (" + ",".join(["%s"]*len(fields)) + ")"
+      query = "insert into user_pass (" + ",".join(fields) + ") values (" + ",".join(["%s"]*len(fields)) + ")"
 
-    #print(query)
-    #print(fields, field_vals)
+      print(query)
+      print(fields, field_vals)
 
-    cursor.execute(query, field_vals)
+      cursor.execute(query, field_vals)
 
-    res["user_pass_id"] = cursor.lastrowid
+      res["user_pass_id"] = cursor.lastrowid
+      res["result"] = "success"
 
-    _update_pass_bits(cursor, passid);
+      _update_pass_bits(cursor, passid);
 
   elif (ctx["action"] == "update"):
     update_field = []
@@ -309,6 +350,7 @@ def Pass(db, ctx):
     query = "update user_pass set " + ",".join(update_field) + " where user_pass_id = %s"
     cursor.execute(query, update_val)
     res["user_pass_id"] = passid
+    res["result"] = "success"
 
     _update_pass_bits(cursor, passid);
 
@@ -327,16 +369,25 @@ def Pass(db, ctx):
 
     _update_pass_bits(cursor, passid);
     res["user_pass_id"] = passid
+    res["result"] = "success"
 
 
   elif (ctx["action"] == "delete"):
     query = "delete from user_pass where user_pass_id = %s"
     cursor.execute(query, [passid])
     _update_pass_bits(cursor, passid);
+    res["result"] = "success"
 
   db.commit()
   return res
 
+##                    _ 
+##   ___ __ _ _ __ __| |
+##  / __/ _` | '__/ _` |
+## | (_| (_| | | | (_| |
+##  \___\__,_|_|  \__,_|
+##                      
+
 def Card(db, ctx):
 
   card_fields = CARD_FIELDS.copy()
@@ -361,7 +412,9 @@ def Card(db, ctx):
           res[f] = row[idx].strftime("%Y-%m-%d %H:%M:%S")
         else:
           res[f] = row[idx]
+      res["result"] = "success"
     else:
+      res["result"] = "fail"
       res["api_comment"] = "card not found"
 
   elif (ctx["action"] == "add"):
@@ -375,25 +428,46 @@ def Card(db, ctx):
     query = "insert into user_card (" + ",".join(fields) + ") values (" + ",".join(["%s"]*len(fields)) + ")"
     cursor.execute(query, field_vals)
     res["logical_card_id"] = cursor.lastrowid
+    res["result"] = "success"
 
   elif (ctx["action"] == "update"):
-    update_field = []
-    update_val = []
+    if not "logical_card_id" in ctx:
+      res["result"] = "fail"
+      res["api_comment"] = "must supply a logical_card_id"
+    else:
 
-    for f in card_fields:
-      if f in ctx:
-        update_field.append(f + "= %s")
-        update_val.append(ctx[f])
-    update_val.append(cardid)
+      update_field = []
+      update_val = []
 
-    query = "update user_card set " + ",".join(update_field) + " where logical_card_id = %s"
+      query_card_id = ctx["logical_card_id"]
+      cursor.execute("select logical_card_id from user_card where logical_card_id = %s", [query_card_id])
+      rows = cursor.fetchall()
+      if len(rows) == 0:
+        res["result"] = "fail"
+        res["api_comment"] = "card not found"
+      else:
 
-    cursor.execute(query, update_val)
-    res["logical_card_id"] = cardid
+        print(">>>>", len(rows))
+
+        for row in rows:
+          logical_card_id = row[0]
+
+        for f in card_fields:
+          if f in ctx:
+            update_field.append(f + "= %s")
+            update_val.append(ctx[f])
+        update_val.append(cardid)
+
+        query = "update user_card set " + ",".join(update_field) + " where logical_card_id = %s"
+
+        cursor.execute(query, update_val)
+        res["logical_card_id"] = cardid
+        res["result"] = "success"
 
   elif (ctx["action"] == "delete"):
     query = "delete from user_card where logical_card_id = %s"
     cursor.execute(query, [cardid])
+    res["result"] = "success"
 
   elif (ctx["action"] == "search"):
 
@@ -431,10 +505,19 @@ def Card(db, ctx):
       for row in rows:
         res["logical_card_ids"].append(row[0])
 
+    res["result"] = "success"
+
   db.commit()
 
   return res
 
+##                              
+##   __ _ _ __ ___  _   _ _ __  
+##  / _` | '__/ _ \| | | | '_ \ 
+## | (_| | | | (_) | |_| | |_) |
+##  \__, |_|  \___/ \__,_| .__/ 
+##  |___/                |_|    
+
 def Group(db,ctx):
   group_res = { }
 
@@ -459,6 +542,13 @@ def Group(db,ctx):
   return group_res
 
 
+##                      
+##  _   _ ___  ___ _ __ 
+## | | | / __|/ _ \ '__|
+## | |_| \__ \  __/ |   
+##  \__,_|___/\___|_|   
+##                      
+
 def User(db, ctx):
   user_fields = USER_FIELDS.copy()
   res = {}
@@ -469,6 +559,11 @@ def User(db, ctx):
 
   userid = -1
   if "userid" in ctx: userid = ctx["userid"]
+
+  print("cp.user")
+
+  ## USER GET
+  ##
   
   if (ctx["action"] == "get"):
     query = "select " + ",".join(user_fields) + " from users where userid = %s"
@@ -482,46 +577,114 @@ def User(db, ctx):
           res[f] = row[idx].strftime("%Y-%m-%d %H:%M:%S")
         else:
           res[f] = row[idx]
+      res["result"] = "success"
     else:
+      res["result"] = "fail"
       res["api_comment"] = "user not found"
 
+  ## USER ADD
+  ##
 
   elif (ctx["action"] == "add"):
-    fields.append("active")
-    fields.append("created")
-    for f in user_fields:
-      if f in ctx:  user_vals.append(ctx[f])
-      else:         user_vals.append(None)
-    user_vals.append(1)
-    user_vals.append(time.strftime('%Y-%m-%d %H:%M:%S'))
 
-    query = "insert into users (" + ",".join(fields) + ") values (" + ",".join(["%s"]*len(fields)) + ")"
-    cursor.execute(query, user_vals)
-    res["userid"] = cursor.lastrowid
+
+    if ((not "password" in ctx) or
+        (not "username" in ctx) ):
+      res["api_comment"] = "invalid parameters, need username and password to create account"
+      res["result"] = "fail"
+    else:
+      uname = ctx["username"]
+      pword = ctx["password"]
+
+      fields.append("active")
+      fields.append("created")
+      for f in user_fields:
+        if f in ctx:  user_vals.append(ctx[f])
+        elif f == "passwordhash":
+          ha = hashlib.sha256()
+          ha.update(str.encode(uname))
+          ha.update(str.encode(pword))
+          user_vals.append(ha.hexdigest())
+        else:         user_vals.append(None)
+      user_vals.append(1)
+      user_vals.append(time.strftime('%Y-%m-%d %H:%M:%S'))
+
+      query = "insert into users (" + ",".join(fields) + ") values (" + ",".join(["%s"]*len(fields)) + ")"
+      cursor.execute(query, user_vals)
+      res["userid"] = cursor.lastrowid
+      res["result"] = "success"
+
+  ## USER UPDATE
+  ##
 
   elif (ctx["action"] == "update"):
 
-    update_field = []
-    update_val = []
+    if not "userid" in ctx:
+      res["result"] = "fail"
+      res["api_comment"] = "no userid specified"
+    else:
 
-    for f in user_fields:
-      if f in ctx:
-        update_field.append(f + "= %s")
-        update_val.append(ctx[f])
-    update_val.append(userid)
+      uname = ''
+      query = "select username from users where userid = %s";
+      cursor.execute(query, [userid])
+      rows = cursor.fetchall()
+      for row in rows:
+        uname = row[0]
 
-    query = "update users set " + ",".join(update_field) + " where userid = %s"
-    cursor.execute(query, update_val)
-    res["userid"] = userid
+      if uname == '':
+        res["result"] = "fail"
+        res["api_comment"] = "could not find username"
+      else:
+
+        update_field = []
+        update_val = []
+
+        print("user_field:", user_fields)
+        print("ctx:", ctx)
+
+        for f in user_fields:
+          if (f == "passwordhash") and ("password" in ctx):
+            update_field.append(" passwordhash = %s ")
+            ha = hashlib.sha256()
+            ha.update(str.encode(uname))
+            ha.update(str.encode(ctx["password"]))
+            update_val.append(ha.hexdigest())
+          elif f in ctx:
+            update_field.append(f + "= %s")
+            update_val.append(ctx[f])
+          else:
+            pass
+            #update_val.append(None)
+        update_val.append(userid)
+
+        if len(update_field) == 0:
+          print("NOPE")
+
+        print("manage_user.update>>>", userid, ":".join(update_field), ":".join(update_val), len(update_field))
+
+        query = "update users set " + ",".join(update_field) + " where userid = %s"
+
+        print("WTFFF???", query)
+
+        cursor.execute(query, update_val)
+        res["userid"] = userid
+        res["result"] = "success"
+
+  ## USER DELETE
+  ##
 
   elif (ctx["action"] == "delete"):
     query = "delete from users where userid = %s"
     cursor.execute(query, [userid])
 
+  ## USER SEARCH
+  ##
+
   elif (ctx["action"] == "search"):
 
     res["userids"] = []
     res["userid"] = userid
+    res["result"] = "success"
 
     search_field = []
     search_val = []