diff --git a/database/database.py b/database/database.py
index 35fedb44cb123bd2741fcdfc16d7605d14544ff8..c83b250098c90e1b2c0b46936a06713394313892 100644
--- a/database/database.py
+++ b/database/database.py
@@ -1,6 +1,7 @@
from flask import Flask
from flask_mongoengine import MongoEngine
from bson import json_util
+from datetime import datetime
import json
mongo = MongoEngine()
@@ -26,6 +27,7 @@ class Comment(mongo.Document):
commenter_id = mongo.StringField(max_length=20, required=True)
comment_text = mongo.StringField(required=True)
page = mongo.ReferenceField('VizData', required=True)
+ date = mongo.DateTimeField(default = datetime.utcnow)
reply = mongo.EmbeddedDocumentField('Reply')
class VizData(mongo.Document):
diff --git a/modules/comment.py b/modules/comment.py
index c4a7cf6a01d4a8becc87eb6c33b7d950fe050dff..90a7063bb48eaad26c6a4095b0432935cea73b8a 100644
--- a/modules/comment.py
+++ b/modules/comment.py
@@ -1,3 +1,50 @@
-from flask import Blueprint
+import json
+import jwt
+from datetime import datetime
+from flask import Blueprint, jsonify, request, current_app
+from database import database as db
+from modules.tools.token import Token, validate_login_token
+from modules.tools.roles import Roles
-comment_route = Blueprint('comment', __name__, template_folder="templates")
\ No newline at end of file
+comment_route = Blueprint('comment', __name__, template_folder="templates")
+
+@comment_route.route("/api/comment/get", methods = ["POST"])
+def get_comment():
+ page_id = request.get_json().get("page_id")
+ page = db.VizData.objects.with_id(page_id)
+ comments = db.Comment.objects(page=page).order_by('-date')
+ return jsonify({
+ "status":200,
+ "data":comments
+ })
+
+@comment_route.route("/api/comment/get-unreplied", methods=["POST"])
+def get_unreplied_comment():
+ page_id = request.get_json().get("page_id")
+ page = db.VizData.objects.with_id(page_id)
+ comments = db.Comment.objects(page=page, reply__exists=False).order_by('-date')
+ return jsonify({
+ "status":200,
+ "data":comments
+ })
+
+
+@comment_route.route("/api/comment/add", methods=["POST"])
+@validate_login_token(pass_user=True)
+def add_comment(user):
+ req = request.get_json()
+ page_id = req.get("page_id")
+ text = req.get("text")
+ try:
+ page = db.VizData.objects.with_id(page_id)
+ new_comment = db.Comment(commenter_id = user.id, comment_text=text, page=page)
+ new_comment.save()
+ return jsonify({
+ "status":200,
+ "message":"comment added successfully"
+ })
+ except Exception as e:
+ return jsonify({
+ "status":500,
+ "message":str(e)
+ })
diff --git a/modules/login.py b/modules/login.py
index 299e41c560d40a7f4f00bfdcd4a27d9f607741f8..e34b4574c092e33087ccea0f350604f3d20e845e 100644
--- a/modules/login.py
+++ b/modules/login.py
@@ -61,8 +61,21 @@ def check_user_existence():
@login_route.route("/api/get-user", methods=["POST"])
@validate_login_token(pass_user=True)
def get_user_from_token(user):
+ del user.password
return jsonify({
"status": 200,
+ "data": user #sends back all information about user except password
+ })
+
+@login_route.route("/api/get-user-public", methods=["POST"])
+def get_user_from_id():
+ req = request.get_json()
+ user_id = req.get("user_id")
+ user = db.User.objecs.with_id(user_id)
+ del user.password
+ del user.username
+ del user.page_list
+ return jsonify({
+ "status":200,
"data": user
})
-
\ No newline at end of file
diff --git a/modules/page.py b/modules/page.py
index 878e0d4f5d2d419dcdedbd1667fd437ce7f56ccb..01703095bdeba2579b9d3d29b4dd6f730254dcac 100644
--- a/modules/page.py
+++ b/modules/page.py
@@ -35,6 +35,11 @@ def get_page():
"data":vdata,
"subdata":[child for child in vdata.subdata]
})
+ except Exception as e:
+ return jsonify({
+ "status": 500,
+ "message": str(e)
+ })
@page_route.route("/api/hidden/add-data", methods=["POST"])
diff --git a/modules/register.py b/modules/register.py
index 7f4bdfe6191b5cfe50593019b7cf6636c109a3e7..151b0f6cdd8faaba06c48689be3ef071125f952d 100644
--- a/modules/register.py
+++ b/modules/register.py
@@ -1,6 +1,7 @@
from flask import Blueprint, jsonify, request, current_app
from database import database as db
from modules.tools.token import Token
+from modules.tools.roles import Roles
register_route = Blueprint('register', __name__, template_folder="templates")
@@ -33,20 +34,20 @@ def add_new_user():
@register_route.route('/api/unregister', methods=["POST"])
-def delete_user():
+@validate_login_token(pass_user=True)
+def delete_user(user):
try:
- token = request.headers.get("Authorization")
- password = request.get_json().get("password")
- if token is not None:
- code, user_id = Token.decode_token(token)
- if code > 0:
- raise Exception(user_id)
+ user_id = request.get_json().get("user_id")
+ if user_id is not None:
+ del_user = db.User.objects.with_id(user_id)
+ if del_user != user and user.role < Roles.ADMIN:
+ return jsonify({
+ "status":401,
+ "message":"unauthorized delete"
+ })
else:
- user_id = request.get_json().get("user_id")
- if user_id is None:
- raise Exception("Invalid credentials")
- check = db.User.objects.with_id(user_id)
- check.delete()
+ del_user = user
+ del_user.delete()
return jsonify({
"status": 200,
"message": "User deleted successfully"
diff --git a/readme.md b/readme.md
index 17759fbc793e871dd1bc7760c08aa2c42fde3b26..9579cdb11a41b159d0657956eaa591144b4f4323 100644
--- a/readme.md
+++ b/readme.md
@@ -10,4 +10,57 @@ Server ini akan menyediakan api yang menangani akun-akun pengguna dan pemrosesan
pip install flask
pip install flask_mongoengine
pip install PyJWT
-```
\ No newline at end of file
+```
+
+## API Endpoints
+
+Berikut adalah API dari backend server VIS-MASY:
+
+### Login dan Register
+
+* #### /api/login
+ Method: POST
+ Data request: username, password
+ Response: status, token
+ Melakukan login dan mengirim balik token login
+
+* #### /api/check-user
+ Method: POST
+ Data request: username
+ Response: status, message, exist
+ Mengecek apakah suatu username sudah terdaftar
+
+* #### /api/get-user
+ Method: POST
+ Data request: Authorization header
+ Response: status, data user yang sesuai authorization
+ Meminta data user berdasarkan authorization token
+
+* #### /api/register
+ Method: POST
+ Data request: user_id, username, name, password, role
+ Response: status, message
+ Menambah user ke database pengguna
+
+* #### /api/unregister
+ Method: POST
+ Data request: Authorization header \[, user_id]
+ Response: status, message
+ Menghapus pengguna dengan user_id jika authorization header untuk admin, atau menghapus pengguna dalam authorization header jika user_id tidak diberikan.
+
+### Page
+
+* #### /api/page/get-top
+ Method: POST
+ Data request: year
+ Response: status, data, subdata
+ Mengirim data untuk halaman data paling atas dan subdata yang akan menjadi visualisasi
+
+* #### /api/page/get
+ Method: POST
+ Data request: data_id
+ Response: status, data, subdata
+ Mengirim data yang akan menjadi halaman dan subdata yang akan menjadi visualisasi
+
+### Comment and Reply
+