Skip to content
Snippets Groups Projects
Commit 9c88ce7f authored by david timothy panjaitan's avatar david timothy panjaitan
Browse files

Merge branch 'PageEndpoint' into 'develop'

Page endpoint

See merge request !3
parents 3252f47e 49720b0f
2 merge requests!5Develop,!3Page endpoint
Pipeline #12595 canceled with stage
...@@ -6,6 +6,7 @@ from modules.login import login_route ...@@ -6,6 +6,7 @@ from modules.login import login_route
from modules.comment import comment_route from modules.comment import comment_route
from modules.register import register_route from modules.register import register_route
from modules.admin import admin_route from modules.admin import admin_route
from modules.page import page_route
from modules.tools.token import validate_login_token from modules.tools.token import validate_login_token
app = Flask(__name__) app = Flask(__name__)
...@@ -16,6 +17,7 @@ app.register_blueprint(login_route) ...@@ -16,6 +17,7 @@ app.register_blueprint(login_route)
app.register_blueprint(register_route) app.register_blueprint(register_route)
app.register_blueprint(comment_route) app.register_blueprint(comment_route)
app.register_blueprint(admin_route) app.register_blueprint(admin_route)
app.register_blueprint(page_route)
cors = CORS(app) cors = CORS(app)
...@@ -33,32 +35,28 @@ def visualisasi(): ...@@ -33,32 +35,28 @@ def visualisasi():
return render_template("test-visualisasi.html") return render_template("test-visualisasi.html")
# User # User
@app.route("/api/user/", methods=['POST', 'GET', 'DELETE', 'PUT']) # @app.route("/api/user/", methods=['POST', 'GET', 'DELETE', 'PUT'])
def user(): # def user():
if request.method == 'POST': # if request.method == 'POST':
return "Masukin user baru" # return "Masukin user baru"
elif request.method == 'GET': # elif request.method == 'GET':
return "Ambil data user sesuai id" # return "Ambil data user sesuai id"
elif request.method == 'DELETE': # elif request.method == 'DELETE':
return "Hapus user sesuai id" # return "Hapus user sesuai id"
elif request.method == 'PUT': # elif request.method == 'PUT':
return "Edit user" # return "Edit user"
# Comment # # Comment
@app.route("/api/comment/", methods=['POST', 'GET', 'DELETE', 'PUT']) # @app.route("/api/comment/", methods=['POST', 'GET', 'DELETE', 'PUT'])
def comment(): # def comment():
if request.method == 'POST': # if request.method == 'POST':
return "Masukin comment baru" # return "Masukin comment baru"
elif request.method == 'GET': # elif request.method == 'GET':
return "Ambil satu comment sesuai id" # return "Ambil satu comment sesuai id"
elif request.method == 'DELETE': # elif request.method == 'DELETE':
return "Hapus comment sesuai id" # return "Hapus comment sesuai id"
elif request.method == 'PUT': # elif request.method == 'PUT':
return "Edit comment sesuai id" # return "Edit comment sesuai id"
# @app.route("/api/comments/", methods=['GET'])
# def
# Ambil komentar-komentar sesuai filter (levelnya)
@app.after_request @app.after_request
def after_request(response): def after_request(response):
......
from flask import Flask from flask import Flask
from flask_mongoengine import MongoEngine from flask_mongoengine import MongoEngine
from bson import json_util from bson import json_util
from datetime import datetime
import json import json
mongo = MongoEngine() mongo = MongoEngine()
...@@ -11,7 +12,7 @@ class User(mongo.Document): ...@@ -11,7 +12,7 @@ class User(mongo.Document):
password = mongo.StringField(required=True) password = mongo.StringField(required=True)
name = mongo.StringField(required=True) name = mongo.StringField(required=True)
role = mongo.IntField(required=True) role = mongo.IntField(required=True)
page_list = mongo.ListField(mongo.ReferenceField("Page")) page_list = mongo.ListField(mongo.ReferenceField("VizData"))
def to_json(self): def to_json(self):
data = self.to_mongo() data = self.to_mongo()
...@@ -25,20 +26,16 @@ class Reply(mongo.EmbeddedDocument): ...@@ -25,20 +26,16 @@ class Reply(mongo.EmbeddedDocument):
class Comment(mongo.Document): class Comment(mongo.Document):
commenter_id = mongo.StringField(max_length=20, required=True) commenter_id = mongo.StringField(max_length=20, required=True)
comment_text = mongo.StringField(required=True) comment_text = mongo.StringField(required=True)
page = mongo.ReferenceField('Page', required=True) page = mongo.ReferenceField('VizData', required=True)
date = mongo.DateTimeField(default = datetime.utcnow)
reply = mongo.EmbeddedDocumentField('Reply') reply = mongo.EmbeddedDocumentField('Reply')
class Data(mongo.Document): class VizData(mongo.Document):
name = mongo.StringField(required = True) name = mongo.StringField(required = True)
value = mongo.IntField(required = True) level = mongo.IntField(required= True)
categories = mongo.ListField(mongo.StringField(), default=[]) value = mongo.LongField(required = True)
detail = mongo.StringField() year = mongo.IntField(required=True)
subdata = mongo.ListField(mongo.ReferenceField("VizData"))
class Page(mongo.Document):
level = mongo.IntField(required=True)
data = mongo.ListField(mongo.ReferenceField("Data", required=True))
comments = mongo.ListField(mongo.ReferenceField("Comment"), default=[])
if __name__ == "__main__": if __name__ == "__main__":
......
...@@ -15,7 +15,7 @@ def add_page(): ...@@ -15,7 +15,7 @@ def add_page():
data = request.get_json() data = request.get_json()
admin = db.User.objects.with_id(data.get("admin_id")) admin = db.User.objects.with_id(data.get("admin_id"))
admin.page_list.append(db.Page.objects.with_id(data.get("page_id"))) admin.page_list.append(db.VizData.objects.with_id(data.get("page_id")))
admin.save() admin.save()
return jsonify({ return jsonify({
"status":200, "status":200,
...@@ -29,7 +29,7 @@ def remove_page(): ...@@ -29,7 +29,7 @@ def remove_page():
data = request.get_json() data = request.get_json()
admin = db.User.objects.with_id(data.get("admin_id")) admin = db.User.objects.with_id(data.get("admin_id"))
admin.update(pull__page_list = db.Page.objects.with_id(data.get("page_id"))) admin.update(pull__page_list = db.VizData.objects.with_id(data.get("page_id")))
return jsonify({ return jsonify({
"status":200, "status":200,
......
from flask import Blueprint import json
import jwt
from datetime import datetime
from flask import Blueprint, jsonify, request, current_app
from database import database as db
from modules.tools.token import Token, validate_login_token
from modules.tools.roles import Roles
comment_route = Blueprint('comment', __name__, template_folder="templates") comment_route = Blueprint('comment', __name__, template_folder="templates")
\ No newline at end of file
@comment_route.route("/api/comment/get", methods = ["POST"])
def get_comment():
page_id = request.get_json().get("page_id")
page = db.VizData.objects.with_id(page_id)
comments = db.Comment.objects(page=page).order_by('-date')
return jsonify({
"status":200,
"data":comments
})
@comment_route.route("/api/comment/get-unreplied", methods=["POST"])
def get_unreplied_comment():
page_id = request.get_json().get("page_id")
page = db.VizData.objects.with_id(page_id)
comments = db.Comment.objects(page=page, reply__exists=False).order_by('-date')
return jsonify({
"status":200,
"data":comments
})
@comment_route.route("/api/comment/add", methods=["POST"])
@validate_login_token(pass_user=True)
def add_comment(user):
req = request.get_json()
page_id = req.get("page_id")
text = req.get("text")
try:
page = db.VizData.objects.with_id(page_id)
new_comment = db.Comment(commenter_id = user.id, comment_text=text, page = page)
new_comment.save()
return jsonify({
"status":200,
"message":"comment added successfully"
})
except Exception as e:
return jsonify({
"status":500,
"message":str(e)
})
@comment_route.route("/api/comment/add-reply", methods=["POST"])
@validate_login_token(min_access_level=Roles.ADMIN, pass_user=True)
def add_reply(user):
req = request.get_json()
comment_id = req.get("comment_id")
reply_text = req.get("text")
comment = db.Comment.objects.with_id(comment_id)
if comment.page not in user.page_list:
return jsonify({
"status":401,
"message":"Unauthorized reply"
})
comment.update(reply=db.Reply(replier_id = user.id, reply_text=reply_text))
return jsonify({
"status":200,
"message":"Reply added successfully"
})
\ No newline at end of file
...@@ -61,8 +61,22 @@ def check_user_existence(): ...@@ -61,8 +61,22 @@ def check_user_existence():
@login_route.route("/api/get-user", methods=["POST"]) @login_route.route("/api/get-user", methods=["POST"])
@validate_login_token(pass_user=True) @validate_login_token(pass_user=True)
def get_user_from_token(user): def get_user_from_token(user):
del user.password
return jsonify({ return jsonify({
"status": 200, "status": 200,
"data": user #sends back all information about user except password
})
@login_route.route("/api/get-user-public", methods=["POST"])
def get_user_from_id():
req = request.get_json()
user_id = req.get("user_id")
user = db.User.objecs.with_id(user_id)
del user.password
del user.username
del user.page_list
del user.role
return jsonify({
"status":200,
"data": user "data": user
}) })
\ No newline at end of file
import json
import jwt
import datetime
from flask import Blueprint, jsonify, request, current_app
from database import database as db
from modules.tools.token import Token, validate_login_token
from modules.tools.roles import Roles
page_route = Blueprint('page', __name__, template_folder="templates")
@page_route.route("/api/page/get-top", methods=["POST"])
def get_top_page():
year = request.get_json().get("year")
try:
vdata = db.VizData.objects.get(level = 0, year = year)
return jsonify({
"status":200,
"data": vdata,
"subdata": [child for child in vdata.subdata]
})
except Exception as e:
return jsonify({
"status": 500,
"message": str(e)
})
@page_route.route("/api/page/get", methods=["POST"])
def get_page():
data_id = request.get_json().get("page_id")
try:
vdata = db.VizData.objects.with_id(data_id)
if vdata is not None:
return jsonify({
"status":200,
"data":vdata,
"subdata":[child for child in vdata.subdata]
})
else:
return jsonify({
"status":404,
"message":"page not found"
})
except Exception as e:
return jsonify({
"status": 500,
"message": str(e)
})
@page_route.route("/api/hidden/add-data", methods=["POST"])
def add_page():
data = request.get_json()
name = data.get("name")
value = data.get("value")
level = data.get("level")
year = data.get("year")
db.VizData(name=name, value=value, level=level, year=year).save()
return jsonify({
"status":200,
"message":"data added, but this endpoint is only for testing"
})
from flask import Blueprint, jsonify, request, current_app from flask import Blueprint, jsonify, request, current_app
from database import database as db from database import database as db
from modules.tools.token import Token from modules.tools.token import Token, validate_login_token
from modules.tools.roles import Roles
register_route = Blueprint('register', __name__, template_folder="templates") register_route = Blueprint('register', __name__, template_folder="templates")
...@@ -33,20 +34,20 @@ def add_new_user(): ...@@ -33,20 +34,20 @@ def add_new_user():
@register_route.route('/api/unregister', methods=["POST"]) @register_route.route('/api/unregister', methods=["POST"])
def delete_user(): @validate_login_token(pass_user=True)
def delete_user(user):
try: try:
token = request.headers.get("Authorization") user_id = request.get_json().get("user_id")
password = request.get_json().get("password") if user_id is not None:
if token is not None: del_user = db.User.objects.with_id(user_id)
code, user_id = Token.decode_token(token) if del_user != user and user.role < Roles.ADMIN:
if code > 0: return jsonify({
raise Exception(user_id) "status":401,
"message":"unauthorized delete"
})
else: else:
user_id = request.get_json().get("user_id") del_user = user
if user_id is None: del_user.delete()
raise Exception("Invalid credentials")
check = db.User.objects.with_id(user_id)
check.delete()
return jsonify({ return jsonify({
"status": 200, "status": 200,
"message": "User deleted successfully" "message": "User deleted successfully"
......
...@@ -10,4 +10,100 @@ Server ini akan menyediakan api yang menangani akun-akun pengguna dan pemrosesan ...@@ -10,4 +10,100 @@ Server ini akan menyediakan api yang menangani akun-akun pengguna dan pemrosesan
pip install flask pip install flask
pip install flask_mongoengine pip install flask_mongoengine
pip install PyJWT pip install PyJWT
``` ```
\ No newline at end of file
## API Endpoints
Berikut adalah API endpoints dari backend server VIS-MASY:
### Login dan Register
* #### /api/login
Method: POST
Data request: username, password
Response: status, token
Melakukan login dan mengirim balik token login
* #### /api/check-user
Method: POST
Data request: username
Response: status, message, exist
Mengecek apakah suatu username sudah terdaftar
* #### /api/get-user
Method: POST
Data request: Authorization header
Response: status, data
Mengirim data user lengkap berdasarkan authorization token
* #### /api/get-user-public
Method: POST
Data request: user_id
Response: status, data
Mengirim data user yang bersifat publik
* #### /api/register
Method: POST
Data request: user_id, username, name, password, role
Response: status, message
Menambah user ke database pengguna
* #### /api/unregister
Method: POST
Data request: Authorization header \[, user_id]
Response: status, message
Menghapus pengguna dengan user_id jika authorization header untuk admin, atau menghapus pengguna dalam authorization header jika user_id tidak diberikan.
### Page
* #### /api/page/get-top
Method: POST
Data request: year
Response: status, data, subdata
Mengirim data untuk halaman data paling atas dan subdata yang akan menjadi visualisasi
* #### /api/page/get
Method: POST
Data request: page_id
Response: status, data, subdata
Mengirim data yang akan menjadi halaman dan subdata yang akan menjadi visualisasi
### Comment and Reply
* #### /api/comment/get
Method: POST
Data req: page_id
Response: status, data
Mengirim list comment dan reply-nya (jika ada) pada sebuah page dengan terurut waktu (yang terbaru paling awal)
* #### /api/comment/get-unreplied
Method: POST
Data req: page_id
Response: status, data
Mengirim list comment yang belum direply pada page dengan terurut waktu (yang terbaru paling awal)
* #### /api/comment/add
Method: POST
Data req: Authorization header, page_id, text
Response: status, message
Menambahkan sebuah comment dari user yang sesuai authorization pada sebuah page
* #### /api/comment/add-reply
Method: POST
Data req: Authorization header, comment_id, text
Response: status, message
Menambahkan sebuah reply pada sebuah comment jika comment tersebut dalam wewenang user pada authorization
### Administration
* #### /api/admin/add-page
Method: POST
Data req: Authorization header, admin_id, page_id
Response: status, message
Menambah page yang diadministrasi seorang admin jika authorization level SUPERADMIN
* #### /api/admin/remove-page
Method: POST
Data req: Authorization header, admin_id, page_id
Response: status, message
Mengurangi page yang diadministrasi seorang admin jika authorization level SUPERADMIN
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment