macao-pos/pos/rest.py

from datetime import datetime
from functools import wraps
from aiohttp.web import json_response
from pos.database import User, ProductCategory, AccessToken


def auth_required(func):
    @wraps(func)
    async def wrapper(request):
        db = request.app['db']
        headers = request.headers

        if 'Authorization' not in headers.keys():
            return json_response({'err': 'malformed_request',
                                  'msg': 'Missing Authorization header.'},
                                 status=400)
        else:
            remote_token = headers['Authorization']

        with db.get_session() as session:
            token = session.query(AccessToken)            \
                           .filter_by(token=remote_token) \
                           .one_or_none()

        if not token:
            return json_response({'err': 'unauthorized',
                                  'msg': 'The token is not valid.'},
                                 status=401)
        elif (
            not token.is_active or
            token.created_at > datetime.now() or
            token.expires_at < datetime.now()
        ):
            return json_response({'err': 'forbidden',
                                  'msg': 'The token has expired.'},
                                 status=403)
        else:
            return await func(request)

    return wrapper


async def token_create(request):
    db = request.app['db']
    request_json = await request.json()

    if not all(k in request_json.keys() for k in ['username', 'password']):
        return json_response({'err': 'malformed_request',
                              'msg': 'Missing username and/or password keys.'},
                             status=400)

    with db.get_session() as session:
        user = session.query(User)                                  \
                      .filter_by(username=request_json['username']) \
                      .one_or_none()

    if not user or user.password != request_json['password']:
        return json_response({'err': 'invalid_credentials'},
                             status=400)

    with db.get_session() as session:
        token = AccessToken(user=user)
        session.add(token)

    return json_response({
        'token': token.token,
        'created_at': token.created_at.isoformat(),
        'expires_at': token.created_at.isoformat()
    })


@auth_required
async def token_destroy(request):
    db = request.app['db']
    remote_token = request.headers['Authorization']

    with db.get_session() as session:
        token = session.query(AccessToken)            \
                       .filter_by(token=remote_token) \
                       .one_or_none()
        token.is_active = False
        session.add(token)

    return json_response({}, status=200)


@auth_required
async def product_list(request):
    db = request.app['db']

    with db.get_session() as session:
        categories = session.query(ProductCategory).all()

    return json_response({
        'categories': [{
            'uid': c.uid,
            'name': c.name,
            'products': [{
                'uid': p.uid,
                'name': p.name,
                'price': p.price
            } for p in c.products]
        } for c in categories]
    })
Switch from Flask to aiohttp. This repository now provides the REST API only. Implemented: * Authorization Need improvement: * Product listing Missing: * Selling 2017-09-24 19:10:41 +02:00			`from datetime import datetime`
			`from functools import wraps`
			`from aiohttp.web import json_response`
			`from pos.database import User, ProductCategory, AccessToken`


			`def auth_required(func):`
			`@wraps(func)`
			`async def wrapper(request):`
			`db = request.app['db']`
			`headers = request.headers`

			`if 'Authorization' not in headers.keys():`
			`return json_response({'err': 'malformed_request',`
			`'msg': 'Missing Authorization header.'},`
			`status=400)`
			`else:`
			`remote_token = headers['Authorization']`

			`with db.get_session() as session:`
			`token = session.query(AccessToken) \`
			`.filter_by(token=remote_token) \`
			`.one_or_none()`

			`if not token:`
			`return json_response({'err': 'unauthorized',`
			`'msg': 'The token is not valid.'},`
			`status=401)`
			`elif (`
			`not token.is_active or`
			`token.created_at > datetime.now() or`
			`token.expires_at < datetime.now()`
			`):`
			`return json_response({'err': 'forbidden',`
			`'msg': 'The token has expired.'},`
			`status=403)`
			`else:`
			`return await func(request)`

			`return wrapper`


			`async def token_create(request):`
			`db = request.app['db']`
			`request_json = await request.json()`

			`if not all(k in request_json.keys() for k in ['username', 'password']):`
			`return json_response({'err': 'malformed_request',`
			`'msg': 'Missing username and/or password keys.'},`
			`status=400)`

			`with db.get_session() as session:`
			`user = session.query(User) \`
			`.filter_by(username=request_json['username']) \`
			`.one_or_none()`

			`if not user or user.password != request_json['password']:`
			`return json_response({'err': 'invalid_credentials'},`
			`status=400)`

			`with db.get_session() as session:`
			`token = AccessToken(user=user)`
			`session.add(token)`

			`return json_response({`
			`'token': token.token,`
			`'created_at': token.created_at.isoformat(),`
			`'expires_at': token.created_at.isoformat()`
			`})`


			`@auth_required`
			`async def token_destroy(request):`
			`db = request.app['db']`
			`remote_token = request.headers['Authorization']`

			`with db.get_session() as session:`
			`token = session.query(AccessToken) \`
			`.filter_by(token=remote_token) \`
			`.one_or_none()`
			`token.is_active = False`
			`session.add(token)`

			`return json_response({}, status=200)`


			`@auth_required`
			`async def product_list(request):`
			`db = request.app['db']`

			`with db.get_session() as session:`
			`categories = session.query(ProductCategory).all()`

			`return json_response({`
			`'categories': [{`
			`'uid': c.uid,`
			`'name': c.name,`
			`'products': [{`
			`'uid': p.uid,`
			`'name': p.name,`
			`'price': p.price`
			`} for p in c.products]`
			`} for c in categories]`
			`})`