Google auth requirement added. DB and REST API

spacecowboy · spacecowboy · commit 70f66d125ff5 · 2013-09-25T00:19:39.000+02:00
updated slightly to handle sync better.

Signed-off-by: Jonas Kalderstam &lt;jonas@kalderstam.se&gt;
diff --git a/server-app/README.md b/server-app/README.md
@@ -1,38 +1,39 @@
 ## Basics first - Hello world
-This is the first commit: c8c736c87020a
+__SHA1:__ c8c736c87020a
 
 run this and visit [localhost:5500](http://localhost:5500)
 
-```python
+```bash
 python app.py
 ```
 
 ## REST
+__SHA1:__ d97dc973476324
+
 I'm going to start by creating a REST skeleton of what I
 want to do.
 
-__SHA1:__ 76b25c4e3715
 ```python
 import bottle
-from bottle import route, run
+from bottle import run, get, post, delete
 
-@route('/')
-@route('/links', method='GET')
+@get('/')
+@get('/links')
 def list_links():
     '''Return a complete list of all links'''
     return 'List of links'
 
-@route('/links/<id>', method='GET')
+@get('/links/<id>')
 def get_link(id):
     '''Returns a specific link'''
     return 'Link {}'.format(id)
 
-@route('/links/<id>', method='DELETE')
+@delete('/links/<id>')
 def delete_link(id):
     '''Deletes a specific link from the list'''
     return 'Link {} deleted'.format(id)
 
-@route('/links', method='POST')
+@post('/links')
 def add_link():
     '''Adds a link to the list'''
     return 'Link added'
@@ -42,36 +43,37 @@ if __name__ == '__main__':
     run(port=5500)
 ```
 
-### JSON
+## JSON
+__SHA1__: 08c71200b96fc7
+
 Adding all the methods was really easy. But the REST methods should
 return JSON, not strings. So let's tweak it so it returns
 dummy JSON data instead.
 
-__SHA1__: 957166a1e4
 ```python
 import bottle
-from bottle import route, run
+from bottle import run, get, post, delete
 
-@route('/')
-@route('/links', method='GET')
+@get('/')
+@get('/links')
 def list_links():
     '''Return a complete list of all links'''
     return dict(links=[])
 
-@route('/links/<id>', method='GET')
+@get('/links/<id>')
 def get_link(id):
     '''Returns a specific link'''
     return dict(link={"sha":"1111111",
                       "url":"http://www.google.com",
                       "timestamp":"2013-09-19 08:22:19.000"})
 
-@route('/links/<id>', method='DELETE')
+@delete('/links/<id>')
 def delete_link(id):
     '''Deletes a specific link from the list.
     On success, returns an empty response'''
     return {}
 
-@route('/links', method='POST')
+@post('/links')
 def add_link():
     '''Adds a link to the list.
     On success, returns the entry created.'''
@@ -83,3 +85,138 @@ if __name__ == '__main__':
     bottle.debug(True)
     run(port=5500)
 ```
+
+## Adding a database
+__SHA1:__ 599d6fda70fbeaa
+
+Getting the skeleton up was really fast and now it's already
+time to implement some real data. The data will be stored
+in an sqlite database. The database is really simple and created
+in _dbsetup.py:_
+
+```python
+import sqlite3 as sql
+import sys
+
+_CREATE_TABLE = \
+"""CREATE TABLE IF NOT EXISTS links
+  (_id INTEGER PRIMARY KEY,
+  sha TEXT NOT NULL,
+  url TEXT NOT NULL,
+  timestamp TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+
+  UNIQUE(url) ON CONFLICT REPLACE,
+  UNIQUE(sha) ON CONFLICT REPLACE)
+"""
+
+def init_db(filename='test.db'):
+    con = sql.connect(filename)
+    con.row_factory = sql.Row
+    with con:
+        cur = con.cursor()
+        cur.execute(_CREATE_TABLE)
+
+if __name__ == '__main__':
+    if len(sys.argv) > 1:
+        init_db(sys.argv[1])
+    else:
+        init_db()
+```
+
+To make use of it in our app, we import the *bottle_sqlite* plugin
+and add some logic to our existing methods:
+
+```python
+from hashlib import sha1
+from bottle import run, get, post, delete, install, HTTPError, request
+from bottle_sqlite import SQLitePlugin
+
+from dbsetup import init_db
+
+
+DBNAME='test.db'
+
+init_db(DBNAME)
+install(SQLitePlugin(dbfile=DBNAME))
+
+def to_dict(row):
+    return dict(sha=row['sha'],
+                url=row['url'],
+                timestamp=row['timestamp'])
+
+@get('/')
+@get('/links')
+def list_links(db):
+    '''Return a complete list of all links'''
+    links = []
+    for row in db.execute('SELECT * from links'):
+        links.append(to_dict(row))
+    return dict(links=links)
+
+@get('/links/<sha>')
+def get_link(db, sha):
+    '''Returns a specific link'''
+    row = db.execute('SELECT * from links WHERE sha IS ?', [sha]).fetchone()
+    if row:
+        return dict(link=to_dict(row))
+
+    return HTTPError(404, "No such item")
+
+@delete('/links/<sha>')
+def delete_link(db, sha):
+    '''Deletes a specific link from the list.
+    On success, returns an empty response'''
+    db.execute('DELETE FROM links WHERE sha IS ?', [sha])
+    if db.total_changes > 0:
+        return {}
+
+    return HTTPError(404, "No such item")
+
+@post('/links')
+def add_link(db):
+    '''Adds a link to the list.
+    On success, returns the entry created.'''
+    # Only accept json data
+    if request.content_type != 'application/json':
+        return HTTPError(415, "Only json is accepted")
+    # Check required fields
+    if 'url' not in request.json:
+        return HTTPError(400, "Must specify a url")
+
+    # Sha is optional, generate if not present
+    if 'sha' not in request.json:
+        request.json['sha'] = sha1(request.json['url']).hexdigest()
+
+    args = [request.json['url'],
+            request.json['sha']]
+    if 'timestamp' in request.json:
+        args.append(request.json['timestamp'])
+        stmt = 'INSERT INTO links (url, sha, timestamp) VALUES(?, ?, ?)'
+    else:
+        stmt = 'INSERT INTO links (url, sha) VALUES(?, ?)'
+
+    db.execute(stmt, args)
+
+    return get_link(db, request.json['sha'])
+
+
+if __name__ == '__main__':
+    # Restart server automatically when this file changes
+    run(host='0.0.0.0', port=5500, reloader=True, debug=True)
+```
+
+Wow. That was fairly straightforward. The one thing that is
+missing is a requirement to login.
+
+## Adding Google authentication and users
+To make sure we don't mix user's data, we'll add a column in
+the database that will hold the username, e.g. their e-mail.
+
+But we also need people to login with Google, and the server
+to verify that, so that people can't just use any e-mail
+they'd like.
+
+### Creating a project with Google
+Create projects in api console...
+
+todo
diff --git a/server-app/app.py b/server-app/app.py
@@ -1,74 +1,104 @@
 from hashlib import sha1
+from dateutil import parser as dateparser
 from bottle import run, get, post, delete, install, HTTPError, request
 from bottle_sqlite import SQLitePlugin
 
 from dbsetup import init_db
 
+from google_auth import gauth
 
 DBNAME='test.db'
 
 init_db(DBNAME)
 install(SQLitePlugin(dbfile=DBNAME))
 
+install(gauth)
+
 def to_dict(row):
     return dict(sha=row['sha'],
                 url=row['url'],
-                timestamp=row['timestamp'])
+                timestamp=row['timestamp'],
+                deleted=row['deleted'])
+
 
 @get('/')
 @get('/links')
-def list_links(db):
+def list_links(db, userid):
     '''Return a complete list of all links'''
+    args = [userid]
+
+    deleted_part = ' AND deleted IS 0'
+    if ('showDeleted' in request.query and
+        'true' == request.query['showDeleted']):
+        deleted_part = ''
+
+    timestamp_part = ''
+    if 'timestampMin' in request.query:
+        timestamp_part = ' AND timestamp > ?'
+        args.append(request.query['timestampMin'])
+
+    latest_time = None
     links = []
-    for row in db.execute('SELECT * from links'):
+    stmt = 'SELECT * from links WHERE userid IS ?'
+    stmt += deleted_part + timestamp_part
+    for row in db.execute(stmt,
+                          args):
         links.append(to_dict(row))
-    return dict(links=links)
+        # Keep track of the latest timestamp here
+        if latest_time is None:
+            latest_time = row['timestamp']
+        else:
+            delta = dateparser.parse(row['timestamp']) - dateparser.parse(latest_time)
+            if delta.total_seconds() > 0:
+                latest_time = row['timestamp']
+
+    return dict(latestTimestamp=latest_time,
+                links=links)
 
 @get('/links/<sha>')
-def get_link(db, sha):
+def get_link(db, sha, userid):
     '''Returns a specific link'''
-    row = db.execute('SELECT * from links WHERE sha IS ?', [sha]).fetchone()
+    row = db.execute('SELECT * from links WHERE sha IS ? AND userid IS ?',
+                     [sha, userid]).fetchone()
     if row:
-        return dict(link=to_dict(row))
+        return to_dict(row)
 
     return HTTPError(404, "No such item")
 
 @delete('/links/<sha>')
-def delete_link(db, sha):
+def delete_link(db, sha, userid):
     '''Deletes a specific link from the list.
     On success, returns an empty response'''
-    db.execute('DELETE FROM links WHERE sha IS ?', [sha])
-    if db.total_changes > 0:
-        return {}
+    db.execute('UPDATE links SET deleted = 1, timestamp = CURRENT_TIMESTAMP \
+    WHERE sha IS ? AND userid is ?', [sha, userid])
 
-    return HTTPError(404, "No such item")
+    #if db.total_changes > 0:
+    return {}
+    #return HTTPError(404, "No such item")
 
 @post('/links')
-def add_link(db):
+def add_link(db, userid):
     '''Adds a link to the list.
     On success, returns the entry created.'''
-    # Only accept json data
-    if request.content_type != 'application/json':
+    if 'application/json' not in request.content_type:
         return HTTPError(415, "Only json is accepted")
     # Check required fields
-    if 'url' not in request.json:
+    if ('url' not in request.json or request.json['url'] is None
+        or len(request.json['url']) < 1):
         return HTTPError(400, "Must specify a url")
 
     # Sha is optional, generate if not present
     if 'sha' not in request.json:
         request.json['sha'] = sha1(request.json['url']).hexdigest()
 
-    args = [request.json['url'],
+    args = [userid,
+            request.json['url'],
             request.json['sha']]
-    if 'timestamp' in request.json:
-        args.append(request.json['timestamp'])
-        stmt = 'INSERT INTO links (url, sha, timestamp) VALUES(?, ?, ?)'
-    else:
-        stmt = 'INSERT INTO links (url, sha) VALUES(?, ?)'
+    stmt = 'INSERT INTO links (userid, url, sha) VALUES(?, ?, ?)'
 
     db.execute(stmt, args)
 
-    return get_link(db, request.json['sha'])
+    return get_link(db, request.json['sha'], userid)
 
 
 if __name__ == '__main__':
diff --git a/server-app/curl_tests.sh b/server-app/curl_tests.sh
@@ -1,8 +1,5 @@
 #!/bin/sh
 
-echo "Getting all"
-curl -X GET http://localhost:5500/links
-
 echo "\n\nDeleting one"
 curl -X DELETE http://localhost:5500/links/55
 
@@ -18,3 +15,11 @@ curl -X POST -d '{"username":"xyz","password":"xyz"}' http://localhost:5500/link
 
 echo "\n\nAdding no url"
 curl -X POST -H "Content-Type: application/json" -d '{"username":"xyz","password":"xyz"}' http://localhost:5500/links
+
+
+echo "Getting all"
+curl -X GET -H "Content-Type: application/json" -d '{"access_token":"zyzxcvz"}' http://localhost:5500/links
+
+
+#echo "Auth test"
+#curl -H "Authorization: Bearer 1/fFBGRNJru1FQd44AzqT3Zg" https://www.googleapis.com/oauth2/v1/userinfo
diff --git a/server-app/dbsetup.py b/server-app/dbsetup.py
@@ -4,12 +4,14 @@
 _CREATE_TABLE = \
 """CREATE TABLE IF NOT EXISTS links
   (_id INTEGER PRIMARY KEY,
+  userid TEXT NOT NULL,
   sha TEXT NOT NULL,
   url TEXT NOT NULL,
+  deleted INTEGER NOT NULL DEFAULT 0,
   timestamp TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
 
-  UNIQUE(url) ON CONFLICT REPLACE,
-  UNIQUE(sha) ON CONFLICT REPLACE)
+  UNIQUE(userid, url) ON CONFLICT REPLACE,
+  UNIQUE(userid, sha) ON CONFLICT REPLACE)
 """
 
 def init_db(filename='test.db'):
diff --git a/server-app/google_auth.py b/server-app/google_auth.py
