invitation/backend/src/user.py

#!/usr/bin/env python
# encoding: utf-8

'''
user.py is a source for all user endpoints.
'''

from flask import request, jsonify
import os

def registerUserEndpoints(app, database):
    @app.route('/users/isSet', methods=['GET'])
    def user_is_set():
        user_name = request.args.get('userName')
        try:
            query = "SELECT * FROM users WHERE Name=%s"
            result = database.query(query, params=(user_name,))
            return jsonify(bool(result and result[0][2])), 200
        except mysql.connector.Error as err:
            # Log the error or handle it as necessary
            app.logger.error(f"Error: {err}")
            return jsonify({"error": "Database error occurred"}), 500
        except Exception as e:
            # Handle unexpected errors
            app.logger.error(f"Unexpected error: {e}")
            return jsonify({"error": "Internal server error"}), 500  # Check if password exists

    @app.route('/users/createPassword', methods=['POST'])
    def create_password():
        data = request.json
        user_name = data.get('userName')
        password = data.get('password')

        # Check if the user already exists
        query = "SELECT * FROM users WHERE Name=%s"
        result = database.query(query, params=(user_name,))
        
        if result:
            return jsonify(success=False, message='Пользователь уже создан'), 400

        query = "INSERT INTO users (Name, Password) VALUES (%s, %s)"
        
        try:
            database.query(query, params=(user_name, password))

            # Generate a session token
            token = os.urandom(16).hex()
            session_query = "INSERT INTO sessions (Token, Name) VALUES (%s, %s)"
            database.query(session_query, params=(token,user_name))
            
            return jsonify(success=True, token=token), 201  # Return success with token
        except Exception as e:
            return jsonify(success=False, message='Ошибка при создании пароля: ' + str(e)), 500


    @app.route('/login', methods=['POST'])
    def login():
        data = request.json
        user_name = data.get('userName')
        password = data.get('password')

        query = "SELECT * FROM users WHERE Name=%s AND Password=%s"
        result = database.query(query, params=(user_name, password))

        if result:
            token = os.urandom(16).hex()  # Example token generation
            session_query = "INSERT INTO sessions (Token, Name) VALUES (%s, %s)"
            database.query(session_query, params=(token, user_name))
            return jsonify(success=True, token=token), 200

        return jsonify(success=False), 401

    @app.route('/login/validateToken', methods=['POST'])
    def validate_token():
        data = request.json
        token = data.get('token')
        user_name = data.get('userName')
        query = "SELECT * FROM sessions WHERE Token=%s AND Name=%s"
        try:
            result = database.query(query, params=(token, user_name))
            return jsonify(tokenValid=bool(result)), 200
        except Exception as e:
            return jsonify(success=False, message=str(e)), 500