tuiHoneyPot

front and back end of my TUI honeypot
Log | Files | Refs | README

api.py (2385B)

      1 from flask import Blueprint, request, abort, make_response, session
      2 
      3 from blueprints.utils import crypto
      4 from blueprints.utils import database
      5 from . import response
      6 from . import validation_schemas as schemas
      7 import logging
      8 
      9 api_bp = Blueprint('api', __name__)
     10 
     11 
     12 @api_bp.route("/")
     13 def index():
     14     return "<h1>Welcome to the Chicken Parmesan API</h1>"
     15 
     16 
     17 @api_bp.route("/login", methods=["POST"])
     18 def login():
     19     errors = schemas.CredentialSchema().validate(request.json)
     20     if errors:
     21         return response.create_response(errors, 400)
     22 
     23     login_data = schemas.CredentialSchema().load(request.json)
     24 
     25     if database.is_banned(login_data["username"]):
     26         logging.warning(f"User {login_data['username']} tried to login while banned")
     27         return abort(403)
     28 
     29     if not database.login_user(login_data["username"], login_data["password"]):
     30         logging.warning(f"User {login_data['username']} tried to login with invalid credentials")
     31         return response.create_response({"message": "Invalid credentials!"}, 400)
     32 
     33     resp = make_response({"message": "Login successful!"})
     34     resp.status_code = 200
     35     session["jwt-token"] = crypto.create_jwt(login_data["username"])
     36 
     37     logging.info(f"User {login_data['username']} logged in")
     38     return resp
     39 
     40 
     41 @api_bp.route("/register", methods=["POST"])
     42 def register():
     43     errors = schemas.CredentialSchema().validate(request.json)
     44     if errors:
     45         return response.create_response(errors, 400)
     46 
     47     register_data = schemas.CredentialSchema().load(request.json)
     48 
     49     if not database.register_user(register_data["username"], register_data["password"]):
     50         logging.warning(f"User {register_data['username']} tried to register with an already taken username")
     51         return response.create_response({"message": "Username already taken!"}, 400)
     52 
     53     logging.info(f"User {register_data['username']} registered")
     54     return response.create_response({"message": "Registration successful!"}, 201)
     55 
     56 
     57 @api_bp.route("/logout", methods=["GET"])
     58 @crypto.require_token
     59 def logout(jwt_data):
     60     if not database.logout_user(jwt_data["username"]):
     61         logging.error(f"Could not log out user {jwt_data['username']}")
     62         return abort(500)
     63 
     64     resp = make_response({"message": "Logout successful!"})
     65     resp.status_code = 200
     66     session.clear()
     67 
     68     logging.info(f"User {jwt_data['username']} logged out")
     69     return resp