2023-07-21 20:52:06 +01:00
|
|
|
#!/usr/bin/python3
|
|
|
|
import os
|
|
|
|
import sqlite3
|
|
|
|
import time
|
|
|
|
import secrets
|
|
|
|
import configparser
|
2024-02-24 20:57:16 +00:00
|
|
|
import asyncio
|
|
|
|
from hypercorn.config import Config
|
|
|
|
from hypercorn.asyncio import serve
|
2023-08-03 17:41:58 +01:00
|
|
|
from werkzeug.security import generate_password_hash, check_password_hash
|
2024-04-29 00:15:40 +01:00
|
|
|
from quart import Quart, request
|
2023-07-21 20:52:06 +01:00
|
|
|
|
|
|
|
# Parse configuration file, and check if anything is wrong with it
|
2024-03-11 20:52:07 +00:00
|
|
|
if not os.path.exists("config.ini"):
|
2024-04-24 12:09:28 +01:00
|
|
|
print("[FATAL] config.ini does not exist")
|
|
|
|
exit(1)
|
2024-03-11 20:52:07 +00:00
|
|
|
|
2023-07-21 20:52:06 +01:00
|
|
|
config = configparser.ConfigParser()
|
|
|
|
config.read("config.ini")
|
2024-04-24 12:09:28 +01:00
|
|
|
print("[INFO] Config loaded at", str(int(time.time())))
|
2023-07-21 20:52:06 +01:00
|
|
|
|
|
|
|
HOST = config["config"]["HOST"]
|
|
|
|
PORT = config["config"]["PORT"]
|
|
|
|
SECRET_KEY = config["config"]["SECRET_KEY"]
|
2023-07-22 17:15:59 +01:00
|
|
|
MAX_STORAGE = config["config"]["MAX_STORAGE"]
|
2023-07-21 20:52:06 +01:00
|
|
|
|
2024-03-12 17:29:37 +00:00
|
|
|
if SECRET_KEY == "supersecretkey" or SECRET_KEY == "placeholder":
|
2024-04-24 12:09:28 +01:00
|
|
|
print("[WARNING] Secret key not set. Please set the secret key to a non-default value.")
|
2023-07-21 20:52:06 +01:00
|
|
|
|
2024-02-24 20:57:16 +00:00
|
|
|
# Define Quart
|
|
|
|
app = Quart(__name__)
|
2023-07-21 20:52:06 +01:00
|
|
|
app.config["SECRET_KEY"] = SECRET_KEY
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
2023-07-21 20:52:06 +01:00
|
|
|
# Database functions
|
|
|
|
def get_db_connection():
|
|
|
|
conn = sqlite3.connect("database.db")
|
|
|
|
conn.row_factory = sqlite3.Row
|
|
|
|
return conn
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
|
|
|
def get_user(identifier):
|
2023-07-21 20:52:06 +01:00
|
|
|
conn = get_db_connection()
|
|
|
|
post = conn.execute("SELECT * FROM users WHERE id = ?",
|
2024-04-29 00:15:40 +01:00
|
|
|
(identifier,)).fetchone()
|
2023-07-21 20:52:06 +01:00
|
|
|
conn.close()
|
|
|
|
if post is None:
|
2024-03-10 01:11:44 +00:00
|
|
|
return None
|
2023-07-21 20:52:06 +01:00
|
|
|
return post
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
|
|
|
def get_note(identifier):
|
2023-07-21 20:52:06 +01:00
|
|
|
conn = get_db_connection()
|
|
|
|
post = conn.execute("SELECT * FROM notes WHERE id = ?",
|
2024-04-29 00:15:40 +01:00
|
|
|
(identifier,)).fetchone()
|
2023-07-21 20:52:06 +01:00
|
|
|
conn.close()
|
|
|
|
if post is None:
|
2024-03-10 01:11:44 +00:00
|
|
|
return None
|
2023-07-21 20:52:06 +01:00
|
|
|
return post
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
|
|
|
def get_space(identifier):
|
2023-07-22 17:15:59 +01:00
|
|
|
conn = get_db_connection()
|
2024-04-29 00:15:40 +01:00
|
|
|
notes = conn.execute("SELECT content, title FROM notes WHERE creator = ? ORDER BY id DESC;",
|
|
|
|
(identifier,)).fetchall()
|
2023-07-22 17:15:59 +01:00
|
|
|
conn.close()
|
|
|
|
spacetaken = 0
|
|
|
|
for x in notes:
|
|
|
|
spacetaken = spacetaken + len(x["content"].encode("utf-8"))
|
2023-07-23 21:36:55 +01:00
|
|
|
spacetaken = spacetaken + len(x["title"].encode("utf-8"))
|
2023-07-22 17:15:59 +01:00
|
|
|
return spacetaken
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
|
|
|
def get_note_count(identifier):
|
2023-08-05 23:28:57 +01:00
|
|
|
conn = get_db_connection()
|
2024-04-29 00:15:40 +01:00
|
|
|
notes = conn.execute("SELECT content, title FROM notes WHERE creator = ? ORDER BY id DESC;",
|
|
|
|
(identifier,)).fetchall()
|
2023-08-05 23:28:57 +01:00
|
|
|
conn.close()
|
2024-04-29 00:15:40 +01:00
|
|
|
return len(notes)
|
|
|
|
|
2023-08-05 23:28:57 +01:00
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
def get_session(identifier):
|
2023-07-21 20:52:06 +01:00
|
|
|
conn = get_db_connection()
|
|
|
|
post = conn.execute("SELECT * FROM sessions WHERE session = ?",
|
2024-04-29 00:15:40 +01:00
|
|
|
(identifier,)).fetchone()
|
2023-07-21 20:52:06 +01:00
|
|
|
conn.close()
|
|
|
|
if post is None:
|
2024-03-10 01:11:44 +00:00
|
|
|
return None
|
2023-07-21 20:52:06 +01:00
|
|
|
return post
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
|
|
|
def get_session_from_sessionid(identifier):
|
2023-08-19 14:17:23 +01:00
|
|
|
conn = get_db_connection()
|
|
|
|
post = conn.execute("SELECT * FROM sessions WHERE sessionid = ?",
|
2024-04-29 00:15:40 +01:00
|
|
|
(identifier,)).fetchone()
|
2023-08-19 14:17:23 +01:00
|
|
|
conn.close()
|
|
|
|
if post is None:
|
2024-03-10 01:11:44 +00:00
|
|
|
return None
|
2023-08-19 14:17:23 +01:00
|
|
|
return post
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
2023-07-21 20:52:06 +01:00
|
|
|
def check_username_taken(username):
|
|
|
|
conn = get_db_connection()
|
|
|
|
post = conn.execute("SELECT * FROM users WHERE lower(username) = ?",
|
|
|
|
(username.lower(),)).fetchone()
|
|
|
|
conn.close()
|
|
|
|
if post is None:
|
2024-03-10 01:11:44 +00:00
|
|
|
return None
|
2023-07-21 20:52:06 +01:00
|
|
|
return post["id"]
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
2024-02-27 19:20:07 +00:00
|
|
|
# Disable CORS
|
|
|
|
@app.after_request
|
|
|
|
async def add_cors_headers(response):
|
|
|
|
response.headers.add("Access-Control-Allow-Origin", "*")
|
|
|
|
response.headers.add("Access-Control-Allow-Headers", "*")
|
|
|
|
response.headers.add("Access-Control-Allow-Methods", "*")
|
|
|
|
return response
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
2024-03-29 20:10:52 +00:00
|
|
|
# Live editing store
|
|
|
|
messages = {}
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
2024-02-23 14:35:53 +00:00
|
|
|
@app.route("/api/version", methods=("GET", "POST"))
|
2024-02-24 20:57:16 +00:00
|
|
|
async def apiversion():
|
2024-03-12 17:26:34 +00:00
|
|
|
return "Burgernotes Version 1.2"
|
2024-02-23 14:35:53 +00:00
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
2023-07-21 20:52:06 +01:00
|
|
|
@app.route("/api/signup", methods=("GET", "POST"))
|
2024-02-24 20:57:16 +00:00
|
|
|
async def apisignup():
|
2023-07-21 20:52:06 +01:00
|
|
|
if request.method == "POST":
|
2024-02-24 20:57:16 +00:00
|
|
|
data = await request.get_json()
|
2023-07-21 20:52:06 +01:00
|
|
|
username = data["username"]
|
|
|
|
password = data["password"]
|
|
|
|
|
|
|
|
if username == "":
|
|
|
|
return {}, 422
|
|
|
|
|
|
|
|
if len(username) > 20:
|
|
|
|
return {}, 422
|
2024-02-23 14:35:53 +00:00
|
|
|
|
2023-07-21 20:52:06 +01:00
|
|
|
if not username.isalnum():
|
|
|
|
return {}, 422
|
|
|
|
|
|
|
|
if password == "":
|
|
|
|
return {}, 422
|
|
|
|
|
|
|
|
if len(password) < 14:
|
|
|
|
return {}, 422
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
if not check_username_taken(username) is None:
|
2023-07-21 20:52:06 +01:00
|
|
|
return {}, 409
|
|
|
|
|
2023-08-03 17:41:58 +01:00
|
|
|
hashedpassword = generate_password_hash(password)
|
|
|
|
|
2023-07-21 20:52:06 +01:00
|
|
|
conn = get_db_connection()
|
|
|
|
conn.execute("INSERT INTO users (username, password, created) VALUES (?, ?, ?)",
|
2023-08-03 17:41:58 +01:00
|
|
|
(username, hashedpassword, str(time.time())))
|
2023-07-21 20:52:06 +01:00
|
|
|
|
|
|
|
userID = check_username_taken(username)
|
|
|
|
|
|
|
|
randomCharacters = secrets.token_hex(512)
|
|
|
|
|
2023-08-19 14:17:23 +01:00
|
|
|
conn.execute("INSERT INTO sessions (session, id, device) VALUES (?, ?, ?)",
|
|
|
|
(randomCharacters, userID, request.headers.get("user-agent")))
|
2023-07-21 20:52:06 +01:00
|
|
|
conn.commit()
|
|
|
|
conn.close()
|
|
|
|
|
|
|
|
return {
|
|
|
|
"key": randomCharacters
|
|
|
|
}, 200
|
2024-02-25 19:05:22 +00:00
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
2023-07-21 20:52:06 +01:00
|
|
|
@app.route("/api/login", methods=("GET", "POST"))
|
2024-02-24 20:57:16 +00:00
|
|
|
async def apilogin():
|
2023-07-21 20:52:06 +01:00
|
|
|
if request.method == "POST":
|
2024-02-24 20:57:16 +00:00
|
|
|
data = await request.get_json()
|
2023-07-21 20:52:06 +01:00
|
|
|
username = data["username"]
|
|
|
|
password = data["password"]
|
2024-02-25 19:05:22 +00:00
|
|
|
passwordchange = data["passwordchange"]
|
|
|
|
newpass = data["newpass"]
|
2024-02-25 17:05:55 +00:00
|
|
|
|
2023-07-21 20:52:06 +01:00
|
|
|
check_username_thing = check_username_taken(username)
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
if check_username_thing is None:
|
2023-07-21 20:52:06 +01:00
|
|
|
return {}, 401
|
|
|
|
|
|
|
|
userID = check_username_taken(username)
|
|
|
|
user = get_user(userID)
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
if not check_password_hash(user["password"], password):
|
2023-07-21 20:52:06 +01:00
|
|
|
return {}, 401
|
|
|
|
|
|
|
|
randomCharacters = secrets.token_hex(512)
|
|
|
|
|
|
|
|
conn = get_db_connection()
|
2023-08-19 14:17:23 +01:00
|
|
|
conn.execute("INSERT INTO sessions (session, id, device) VALUES (?, ?, ?)",
|
|
|
|
(randomCharacters, userID, request.headers.get("user-agent")))
|
2023-07-21 20:52:06 +01:00
|
|
|
|
2024-02-25 19:31:29 +00:00
|
|
|
if passwordchange == "yes":
|
2024-02-25 19:05:22 +00:00
|
|
|
hashedpassword = generate_password_hash(newpass)
|
|
|
|
conn.execute("UPDATE users SET password = ? WHERE username = ?", (hashedpassword, username))
|
2024-04-24 11:53:56 +01:00
|
|
|
|
|
|
|
conn.commit()
|
|
|
|
conn.close()
|
2023-07-21 20:52:06 +01:00
|
|
|
|
2024-02-25 19:31:29 +00:00
|
|
|
return {
|
|
|
|
"key": randomCharacters,
|
|
|
|
}, 200
|
|
|
|
|
|
|
|
|
2023-07-21 20:52:06 +01:00
|
|
|
@app.route("/api/userinfo", methods=("GET", "POST"))
|
2024-02-24 20:57:16 +00:00
|
|
|
async def apiuserinfo():
|
2023-07-21 20:52:06 +01:00
|
|
|
if request.method == "POST":
|
2024-02-24 20:57:16 +00:00
|
|
|
data = await request.get_json()
|
2023-07-21 20:52:06 +01:00
|
|
|
secretKey = data["secretKey"]
|
|
|
|
|
|
|
|
userCookie = get_session(secretKey)
|
|
|
|
user = get_user(userCookie["id"])
|
|
|
|
datatemplate = {
|
|
|
|
"username": user["username"],
|
|
|
|
"id": user["id"],
|
2023-07-22 17:15:59 +01:00
|
|
|
"created": user["created"],
|
|
|
|
"storageused": get_space(user["id"]),
|
2023-08-05 23:28:57 +01:00
|
|
|
"storagemax": MAX_STORAGE,
|
|
|
|
"notecount": get_note_count(user["id"])
|
2023-07-21 20:52:06 +01:00
|
|
|
}
|
|
|
|
return datatemplate
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
2023-07-21 20:52:06 +01:00
|
|
|
@app.route("/api/listnotes", methods=("GET", "POST"))
|
2024-02-24 20:57:16 +00:00
|
|
|
async def apilistnotes():
|
2023-07-21 20:52:06 +01:00
|
|
|
if request.method == "POST":
|
2024-02-24 20:57:16 +00:00
|
|
|
data = await request.get_json()
|
2023-07-21 20:52:06 +01:00
|
|
|
secretKey = data["secretKey"]
|
|
|
|
|
|
|
|
userCookie = get_session(secretKey)
|
|
|
|
user = get_user(userCookie["id"])
|
|
|
|
|
|
|
|
conn = get_db_connection()
|
2024-03-10 21:04:51 +00:00
|
|
|
notes = conn.execute("SELECT * FROM notes WHERE creator = ? ORDER BY edited DESC;", (user["id"],)).fetchall()
|
2023-07-21 20:52:06 +01:00
|
|
|
conn.close()
|
|
|
|
|
|
|
|
datatemplate = []
|
|
|
|
|
|
|
|
for note in notes:
|
|
|
|
notetemplate = {
|
|
|
|
"id": note["id"],
|
|
|
|
"title": note["title"]
|
|
|
|
}
|
|
|
|
datatemplate.append(notetemplate)
|
|
|
|
|
|
|
|
return datatemplate, 200
|
2023-08-05 15:12:24 +01:00
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
2023-08-05 15:12:24 +01:00
|
|
|
@app.route("/api/exportnotes", methods=("GET", "POST"))
|
2024-02-24 20:57:16 +00:00
|
|
|
async def apiexportnotes():
|
2023-08-05 15:12:24 +01:00
|
|
|
if request.method == "POST":
|
2024-02-24 20:57:16 +00:00
|
|
|
data = await request.get_json()
|
2023-08-05 15:12:24 +01:00
|
|
|
secretKey = data["secretKey"]
|
|
|
|
|
|
|
|
userCookie = get_session(secretKey)
|
|
|
|
user = get_user(userCookie["id"])
|
|
|
|
|
|
|
|
conn = get_db_connection()
|
|
|
|
notes = conn.execute("SELECT * FROM notes WHERE creator = ? ORDER BY id DESC;", (user["id"],)).fetchall()
|
|
|
|
conn.close()
|
|
|
|
|
|
|
|
datatemplate = []
|
|
|
|
|
|
|
|
for note in notes:
|
|
|
|
notetemplate = {
|
|
|
|
"id": note["id"],
|
|
|
|
"created": note["created"],
|
|
|
|
"edited": note["edited"],
|
|
|
|
"title": note["title"],
|
|
|
|
"content": note["content"]
|
|
|
|
}
|
|
|
|
datatemplate.append(notetemplate)
|
|
|
|
|
|
|
|
return datatemplate, 200
|
2024-03-12 18:37:14 +00:00
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
2023-07-21 20:52:06 +01:00
|
|
|
@app.route("/api/newnote", methods=("GET", "POST"))
|
2024-02-24 20:57:16 +00:00
|
|
|
async def apinewnote():
|
2023-07-21 20:52:06 +01:00
|
|
|
if request.method == "POST":
|
2024-02-24 20:57:16 +00:00
|
|
|
data = await request.get_json()
|
2023-07-21 20:52:06 +01:00
|
|
|
secretKey = data["secretKey"]
|
|
|
|
noteName = data["noteName"]
|
|
|
|
|
|
|
|
userCookie = get_session(secretKey)
|
|
|
|
user = get_user(userCookie["id"])
|
2024-03-12 18:37:14 +00:00
|
|
|
|
2023-07-21 20:52:06 +01:00
|
|
|
conn = get_db_connection()
|
|
|
|
conn.execute("INSERT INTO notes (title, content, creator, created, edited) VALUES (?, ?, ?, ?, ?)",
|
2024-04-29 00:15:40 +01:00
|
|
|
(noteName, "", user["id"], str(time.time()), str(time.time())))
|
2023-07-21 20:52:06 +01:00
|
|
|
conn.commit()
|
|
|
|
conn.close()
|
|
|
|
|
|
|
|
return {}, 200
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
2023-07-21 20:52:06 +01:00
|
|
|
@app.route("/api/readnote", methods=("GET", "POST"))
|
2024-02-24 20:57:16 +00:00
|
|
|
async def apireadnote():
|
2023-07-21 20:52:06 +01:00
|
|
|
if request.method == "POST":
|
2024-02-24 20:57:16 +00:00
|
|
|
data = await request.get_json()
|
2023-07-21 20:52:06 +01:00
|
|
|
secretKey = data["secretKey"]
|
|
|
|
noteId = data["noteId"]
|
|
|
|
|
|
|
|
userCookie = get_session(secretKey)
|
|
|
|
user = get_user(userCookie["id"])
|
|
|
|
|
|
|
|
note = get_note(noteId)
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
if note is not None:
|
|
|
|
if user["id"] == note["creator"]:
|
2023-07-21 20:52:06 +01:00
|
|
|
contenttemplate = {
|
|
|
|
"content": note["content"]
|
|
|
|
}
|
|
|
|
|
|
|
|
return contenttemplate, 200
|
|
|
|
else:
|
|
|
|
return {}, 422
|
|
|
|
else:
|
|
|
|
return {}, 422
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
2024-03-29 20:10:52 +00:00
|
|
|
@app.route("/api/waitforedit", methods=("GET", "POST"))
|
|
|
|
async def waitforedit():
|
|
|
|
if request.method == "POST":
|
|
|
|
data = await request.get_json()
|
|
|
|
secretKey = data["secretKey"]
|
|
|
|
userCookie = get_session(secretKey)
|
|
|
|
user = get_user(userCookie["id"])
|
2024-04-29 00:15:40 +01:00
|
|
|
complete = True
|
2024-03-29 20:10:52 +00:00
|
|
|
|
2024-03-29 20:50:00 +00:00
|
|
|
start_time = time.time()
|
2024-03-29 20:10:52 +00:00
|
|
|
while user["id"] not in messages or not messages[user["id"]]:
|
|
|
|
await asyncio.sleep(0)
|
2024-03-29 20:50:00 +00:00
|
|
|
elapsed_time = time.time() - start_time
|
|
|
|
if elapsed_time >= 20:
|
2024-04-29 00:15:40 +01:00
|
|
|
complete = False
|
2024-03-29 20:50:00 +00:00
|
|
|
break
|
2024-03-29 20:10:52 +00:00
|
|
|
|
|
|
|
message = messages[user["id"]].pop(0)
|
|
|
|
del messages[user["id"]]
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
if complete:
|
2024-03-29 20:50:00 +00:00
|
|
|
return {
|
|
|
|
"note": message
|
|
|
|
}, 200
|
|
|
|
else:
|
|
|
|
return 400
|
2024-03-29 20:10:52 +00:00
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
2023-07-21 20:52:06 +01:00
|
|
|
@app.route("/api/editnote", methods=("GET", "POST"))
|
2024-02-24 20:57:16 +00:00
|
|
|
async def apieditnote():
|
2023-07-21 20:52:06 +01:00
|
|
|
if request.method == "POST":
|
2024-02-24 20:57:16 +00:00
|
|
|
data = await request.get_json()
|
2023-07-21 20:52:06 +01:00
|
|
|
secretKey = data["secretKey"]
|
|
|
|
noteId = data["noteId"]
|
|
|
|
content = data["content"]
|
2024-03-10 22:00:40 +00:00
|
|
|
title = data["title"]
|
2023-07-21 20:52:06 +01:00
|
|
|
|
|
|
|
userCookie = get_session(secretKey)
|
|
|
|
user = get_user(userCookie["id"])
|
|
|
|
|
|
|
|
note = get_note(noteId)
|
2024-03-12 18:37:14 +00:00
|
|
|
|
2023-07-22 17:15:59 +01:00
|
|
|
if get_space(user["id"]) + len(content.encode("utf-8")) > int(MAX_STORAGE):
|
|
|
|
return {}, 418
|
2023-07-21 20:52:06 +01:00
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
if note is not None:
|
|
|
|
if user["id"] == note["creator"]:
|
2023-07-21 20:52:06 +01:00
|
|
|
conn = get_db_connection()
|
2024-04-29 00:15:40 +01:00
|
|
|
conn.execute("UPDATE notes SET content = ?, title = ?, edited = ? WHERE id = ?",
|
|
|
|
(content, title, str(time.time()), noteId))
|
2023-07-21 20:52:06 +01:00
|
|
|
conn.commit()
|
|
|
|
conn.close()
|
|
|
|
|
2024-03-29 20:10:52 +00:00
|
|
|
if user["id"] not in messages:
|
|
|
|
messages[user["id"]] = []
|
|
|
|
messages[user["id"]].append(noteId)
|
|
|
|
|
2023-07-21 20:52:06 +01:00
|
|
|
return {}, 200
|
|
|
|
else:
|
|
|
|
return {}, 403
|
|
|
|
else:
|
|
|
|
return {}, 422
|
2024-03-12 18:37:14 +00:00
|
|
|
|
2024-02-27 00:17:59 +00:00
|
|
|
|
|
|
|
@app.route("/api/editnotetitle", methods=("GET", "POST"))
|
|
|
|
async def apieditnotetitle():
|
|
|
|
if request.method == "POST":
|
|
|
|
data = await request.get_json()
|
|
|
|
secretKey = data["secretKey"]
|
|
|
|
noteId = data["noteId"]
|
|
|
|
content = data["content"]
|
|
|
|
|
|
|
|
userCookie = get_session(secretKey)
|
|
|
|
user = get_user(userCookie["id"])
|
|
|
|
|
|
|
|
note = get_note(noteId)
|
2024-03-12 18:37:14 +00:00
|
|
|
|
2024-02-27 00:17:59 +00:00
|
|
|
if get_space(user["id"]) + len(content.encode("utf-8")) > int(MAX_STORAGE):
|
|
|
|
return {}, 418
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
if note is not None:
|
|
|
|
if user["id"] == note["creator"]:
|
2024-02-27 00:17:59 +00:00
|
|
|
conn = get_db_connection()
|
|
|
|
conn.execute("UPDATE notes SET title = ?, edited = ? WHERE id = ?", (content, str(time.time()), noteId))
|
|
|
|
conn.commit()
|
|
|
|
conn.close()
|
|
|
|
|
|
|
|
return {}, 200
|
|
|
|
else:
|
|
|
|
return {}, 403
|
|
|
|
else:
|
|
|
|
return {}, 422
|
|
|
|
|
2023-07-21 20:52:06 +01:00
|
|
|
|
|
|
|
@app.route("/api/removenote", methods=("GET", "POST"))
|
2024-02-24 20:57:16 +00:00
|
|
|
async def apiremovenote():
|
2023-07-21 20:52:06 +01:00
|
|
|
if request.method == "POST":
|
2024-02-24 20:57:16 +00:00
|
|
|
data = await request.get_json()
|
2023-07-21 20:52:06 +01:00
|
|
|
secretKey = data["secretKey"]
|
|
|
|
noteId = data["noteId"]
|
|
|
|
|
|
|
|
userCookie = get_session(secretKey)
|
|
|
|
user = get_user(userCookie["id"])
|
|
|
|
|
|
|
|
note = get_note(noteId)
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
if note is not None:
|
|
|
|
if user["id"] == note["creator"]:
|
2023-07-21 20:52:06 +01:00
|
|
|
conn = get_db_connection()
|
|
|
|
conn.execute("DELETE FROM notes WHERE id = ?", (noteId,))
|
|
|
|
conn.commit()
|
|
|
|
conn.close()
|
|
|
|
|
|
|
|
return {}, 200
|
|
|
|
else:
|
|
|
|
return {}, 403
|
|
|
|
else:
|
|
|
|
return {}, 422
|
|
|
|
|
2023-07-22 17:23:52 +01:00
|
|
|
|
2023-08-02 20:08:11 +01:00
|
|
|
@app.route("/api/deleteaccount", methods=("GET", "POST"))
|
2024-02-24 20:57:16 +00:00
|
|
|
async def apideleteaccount():
|
2023-08-02 20:08:11 +01:00
|
|
|
if request.method == "POST":
|
2024-02-24 20:57:16 +00:00
|
|
|
data = await request.get_json()
|
2023-08-02 20:08:11 +01:00
|
|
|
secretKey = data["secretKey"]
|
|
|
|
|
|
|
|
userCookie = get_session(secretKey)
|
|
|
|
|
|
|
|
conn = get_db_connection()
|
|
|
|
conn.execute("DELETE FROM notes WHERE creator = ?", (userCookie["id"],))
|
|
|
|
conn.execute("DELETE FROM users WHERE id = ?", (userCookie["id"],))
|
|
|
|
conn.commit()
|
|
|
|
conn.close()
|
|
|
|
|
|
|
|
return {}, 200
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
2023-08-19 14:17:23 +01:00
|
|
|
@app.route("/api/sessions/list", methods=("GET", "POST"))
|
2024-02-24 20:57:16 +00:00
|
|
|
async def apisessionslist():
|
2023-08-19 14:17:23 +01:00
|
|
|
if request.method == "POST":
|
2024-02-24 20:57:16 +00:00
|
|
|
data = await request.get_json()
|
2023-08-19 14:17:23 +01:00
|
|
|
secretKey = data["secretKey"]
|
|
|
|
|
|
|
|
userCookie = get_session(secretKey)
|
|
|
|
user = get_user(userCookie["id"])
|
|
|
|
|
|
|
|
conn = get_db_connection()
|
|
|
|
sessions = conn.execute("SELECT * FROM sessions WHERE id = ? ORDER BY id DESC;", (user["id"],)).fetchall()
|
|
|
|
conn.close()
|
|
|
|
|
|
|
|
datatemplate = []
|
|
|
|
|
|
|
|
for x in sessions:
|
|
|
|
device = x["device"]
|
|
|
|
thisSession = False
|
2024-04-29 00:15:40 +01:00
|
|
|
if x["session"] == secretKey:
|
2023-08-19 14:17:23 +01:00
|
|
|
thisSession = True
|
|
|
|
sessiontemplate = {
|
|
|
|
"id": x["sessionid"],
|
|
|
|
"thisSession": thisSession,
|
|
|
|
"device": device
|
|
|
|
}
|
|
|
|
datatemplate.append(sessiontemplate)
|
|
|
|
|
|
|
|
return datatemplate, 200
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
2023-08-19 14:17:23 +01:00
|
|
|
@app.route("/api/sessions/remove", methods=("GET", "POST"))
|
2024-02-24 20:57:16 +00:00
|
|
|
async def apisessionsremove():
|
2023-08-19 14:17:23 +01:00
|
|
|
if request.method == "POST":
|
2024-02-24 20:57:16 +00:00
|
|
|
data = await request.get_json()
|
2023-08-19 14:17:23 +01:00
|
|
|
secretKey = data["secretKey"]
|
|
|
|
sessionId = data["sessionId"]
|
|
|
|
|
|
|
|
userCookie = get_session(secretKey)
|
|
|
|
user = get_user(userCookie["id"])
|
|
|
|
|
|
|
|
session = get_session_from_sessionid(sessionId)
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
if session is not None:
|
|
|
|
if user["id"] == session["id"]:
|
2023-08-19 14:17:23 +01:00
|
|
|
conn = get_db_connection()
|
|
|
|
conn.execute("DELETE FROM sessions WHERE sessionid = ?", (session["sessionid"],))
|
|
|
|
conn.commit()
|
|
|
|
conn.close()
|
|
|
|
|
|
|
|
return {}, 200
|
|
|
|
else:
|
|
|
|
return {}, 403
|
|
|
|
else:
|
|
|
|
return {}, 422
|
2023-08-02 20:08:11 +01:00
|
|
|
|
2023-10-16 19:45:00 +01:00
|
|
|
|
2024-04-02 11:22:57 +01:00
|
|
|
@app.route("/api/listusers", methods=("GET", "POST"))
|
2024-04-02 10:43:02 +01:00
|
|
|
async def listusers():
|
|
|
|
if request.method == "POST":
|
|
|
|
data = await request.get_json()
|
|
|
|
masterkey = data["masterkey"]
|
2024-04-02 11:21:03 +01:00
|
|
|
if masterkey == SECRET_KEY:
|
2024-04-02 10:43:02 +01:00
|
|
|
conn = get_db_connection()
|
|
|
|
users = conn.execute("SELECT * FROM users").fetchall()
|
|
|
|
conn.close()
|
|
|
|
thing = []
|
|
|
|
for x in users:
|
|
|
|
user_info = {
|
|
|
|
"id": str(x["id"]),
|
|
|
|
"username": str(x["username"]),
|
|
|
|
"space": str(get_space(x["id"]))
|
|
|
|
}
|
|
|
|
thing.append(user_info)
|
|
|
|
return thing, 200
|
|
|
|
else:
|
|
|
|
return {}, 401
|
2023-07-22 17:23:52 +01:00
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
2023-08-03 20:33:02 +01:00
|
|
|
@app.errorhandler(500)
|
2024-04-29 00:15:40 +01:00
|
|
|
async def burger():
|
2023-08-03 20:33:02 +01:00
|
|
|
return {}, 500
|
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
2023-08-19 14:17:23 +01:00
|
|
|
@app.errorhandler(404)
|
2024-04-29 00:15:40 +01:00
|
|
|
async def burger():
|
2024-03-12 18:37:14 +00:00
|
|
|
return {}, 404
|
2023-08-19 14:17:23 +01:00
|
|
|
|
2024-04-29 00:15:40 +01:00
|
|
|
|
2023-07-21 20:52:06 +01:00
|
|
|
# Start server
|
2024-02-24 20:57:16 +00:00
|
|
|
hypercornconfig = Config()
|
|
|
|
hypercornconfig.bind = (HOST + ":" + PORT)
|
|
|
|
|
2023-07-21 20:52:06 +01:00
|
|
|
if __name__ == "__main__":
|
2024-04-24 12:09:28 +01:00
|
|
|
print("[INFO] Server started at", str(int(time.time())))
|
|
|
|
print("[INFO] Welcome to Burgernotes! Today we are running on IP " + HOST + " on port " + PORT + ".")
|
2024-02-24 20:57:16 +00:00
|
|
|
asyncio.run(serve(app, hypercornconfig))
|