flask backend application code

Author: ivarunseth

api/__init__.py

@@ -0,0 +1,70 @@
+from cmath import log
+import os
+
+from flask import Flask
+from flask_sqlalchemy import SQLAlchemy
+from flask_socketio import SocketIO
+from celery import Celery
+
+from .config import flask_config
+
+# Flask extensions
+db = SQLAlchemy()
+socketio = SocketIO(cors_allowed_origins="*", engineio_logger=True)
+celery = Celery(__name__,
+                broker=os.environ.get('CELERY_BROKER_URL', 'redis://'),
+                backend=os.environ.get('CELERY_BROKER_URL', 'redis://'))
+celery.config_from_object('api.celery_config')
+
+# Import models so that they are registered with SQLAlchemy
+from . import models  # noqa
+
+# Import celery task so that it is registered with the Celery workers
+from .tasks import run_flask_request  # noqa
+
+# Import Socket.IO events so that they are registered with Flask-SocketIO
+from . import events  # noqa
+
+
+def create_app(config_name=None, main=True):
+    if config_name is None:
+        config_name = os.environ.get('FLASK_ENV', 'development')
+    app = Flask(__name__, static_folder='../build', static_url_path='/')
+    app.config.from_object(flask_config[config_name])
+
+    # Initialize flask extensions
+    db.init_app(app)
+
+    @app.cli.command('createdb')
+    def createdb(): 
+        db.create_all()
+    
+    if main:
+        # Initialize socketio server and attach it to the message queue, so
+        # that everything works even when there are multiple servers or
+        # additional processes such as Celery workers wanting to access
+        # Socket.IO
+        socketio.init_app(app,
+                          message_queue=app.config['SOCKETIO_MESSAGE_QUEUE'])
+    else:
+        # Initialize socketio to emit events through through the message queue
+        # Note that since Celery does not use eventlet, we have to be explicit
+        # in setting the async mode to not use it.
+        socketio.init_app(None,
+                          message_queue=app.config['SOCKETIO_MESSAGE_QUEUE'],
+                          async_mode='threading')
+    celery.conf.update(flask_config[config_name].CELERY_CONFIG)
+
+    # Register web application routes
+    from .main import main as main_blueprint
+    app.register_blueprint(main_blueprint)
+
+    # Register API routes
+    from .blueprints import api as api_blueprint
+    app.register_blueprint(api_blueprint, url_prefix='/api')
+
+    # Register async tasks support
+    from .tasks import tasks_bp as tasks_blueprint
+    app.register_blueprint(tasks_blueprint, url_prefix='/tasks')
+
+    return app

api/app_aux.py

@@ -0,0 +1,8 @@
+import os
+
+from api import create_app
+
+# Create an application instance that web servers can use. We store it as
+# "application" (the wsgi default) and also the much shorter and convenient
+# "app".
+application = app = create_app(os.environ.get('FLASK_ENV', 'production'), main=False)

api/auth.py

@@ -0,0 +1,76 @@
+from flask import g, jsonify, session
+from flask_httpauth import HTTPBasicAuth, HTTPTokenAuth
+
+from . import db
+from .models import User
+
+
+# Authentication objects for username/password auth, token auth, and a
+# token optional auth that is used for open endpoints.
+basic_auth = HTTPBasicAuth()
+token_auth = HTTPTokenAuth('Bearer')
+token_optional_auth = HTTPTokenAuth('Bearer')
+
+
+@basic_auth.verify_password
+def verify_password(nickname, password):
+    """Password verification callback."""
+    if not nickname or not password:
+        return False
+    user = User.query.filter_by(nickname=nickname).first()
+    if user is None or not user.verify_password(password):
+        return False
+    if user.ping():
+        from .events import push_model
+        push_model(user)
+    db.session.add(user)
+    db.session.commit()
+    g.current_user = user
+    return True
+
+
+@basic_auth.error_handler
+def password_error():
+    """Return a 401 error to the client."""
+    # To avoid login prompts in the browser, use the "Bearer" realm.
+    return (jsonify({'error': 'authentication required'}), 401,
+            {'WWW-Authenticate': 'Bearer realm="Authentication Required"'})
+
+
+@token_auth.verify_token
+def verify_token(token, add_to_session=False):
+    """Token verification callback."""
+    if add_to_session:
+        # clear the session in case auth fails
+        if 'nickname' in session:
+            del session['nickname']
+    user = User.query.filter_by(token=token).first()
+    if user is None:
+        return False
+    if user.ping():
+        from .events import push_model
+        push_model(user)
+    db.session.add(user)
+    db.session.commit()
+    g.current_user = user
+    if add_to_session:
+        session['nickname'] = user.nickname
+    return True
+
+
+@token_auth.error_handler
+def token_error():
+    """Return a 401 error to the client."""
+    return (jsonify({'error': 'authentication required'}), 401,
+            {'WWW-Authenticate': 'Bearer realm="Authentication Required"'})
+
+
+@token_optional_auth.verify_token
+def verify_optional_token(token):
+    """Alternative token authentication that allows anonymous logins."""
+    if token == '':
+        # no token provided, mark the logged in users as None and continue
+        g.current_user = None
+        return True
+    # but if a token was provided, make sure it is valid
+    return verify_token(token)

api/blueprints/__init__.py

@@ -0,0 +1,5 @@
+from flask import Blueprint
+
+api = Blueprint('api', __name__)
+
+from . import tokens, users, messages  # noqa

api/blueprints/messages.py

@@ -0,0 +1,72 @@
+from flask import request, abort, jsonify, g, url_for
+
+from .. import db
+from ..auth import token_auth, token_optional_auth
+from ..models import Message
+from ..utils import timestamp
+from ..tasks import async_task
+from . import api
+
+
+@api.route('/messages', methods=['POST'])
+@token_auth.login_required
+@async_task
+def new_message():
+    """
+    Post a new message.
+    This endpoint is requires a valid user token.
+    """
+    msg = Message.create(request.get_json() or {})
+    db.session.add(msg)
+    db.session.commit()
+    r = jsonify(msg.to_dict())
+    r.status_code = 201
+    r.headers['Location'] = url_for('api.get_message', id=msg.id)
+    return r
+
+
+@api.route('/messages', methods=['GET'])
+@token_optional_auth.login_required
+def get_messages():
+    """
+    Return list of messages.
+    This endpoint is publicly available, but if the client has a token it
+    should send it, as that indicates to the server that the user is online.
+    """
+    since = int(request.args.get('updated_since', '0'))
+    day_ago = timestamp() - 24 * 60 * 60
+    if since < day_ago:
+        # do not return more than a day worth of messages
+        since = day_ago
+    msgs = Message.query.filter(Message.updated_at > since).order_by(
+        Message.updated_at)
+    return jsonify({'messages': [msg.to_dict() for msg in msgs.all()]})
+
+
+@api.route('/messages/<id>', methods=['GET'])
+@token_optional_auth.login_required
+def get_message(id):
+    """
+    Return a message.
+    This endpoint is publicly available, but if the client has a token it
+    should send it, as that indicates to the server that the user is online.
+    """
+    return jsonify(Message.query.get_or_404(id).to_dict())
+
+
+@api.route('/messages/<id>', methods=['PUT'])
+@token_auth.login_required
+@async_task
+def edit_message(id):
+    """
+    Modify an existing message.
+    This endpoint is requires a valid user token.
+    Note: users are only allowed to modify their own messages.
+    """
+    msg = Message.query.get_or_404(id)
+    if msg.user != g.current_user:
+        abort(403)
+    msg.from_dict(request.get_json() or {})
+    db.session.add(msg)
+    db.session.commit()
+    return '', 204

api/blueprints/tokens.py

@@ -0,0 +1,33 @@
+from flask import jsonify, g
+
+from .. import db
+from ..auth import basic_auth, token_auth
+
+from . import api
+
+
+@api.route('/tokens', methods=['POST'])
+@basic_auth.login_required
+def new_token():
+    """
+    Request a user token.
+    This endpoint is requires basic auth with nickname and password.
+    """
+    if g.current_user.token is None:
+        g.current_user.generate_token()
+        db.session.add(g.current_user)
+        db.session.commit()
+    return jsonify(g.current_user.to_dict())
+
+
+@api.route('/tokens', methods=['DELETE'])
+@token_auth.login_required
+def revoke_token():
+    """
+    Revoke a user token.
+    This endpoint is requires a valid user token.
+    """
+    g.current_user.token = None
+    db.session.add(g.current_user)
+    db.session.commit()
+    return '', 204

api/blueprints/users.py

@@ -0,0 +1,69 @@
+from flask import request, abort, jsonify, g, url_for
+
+from .. import db
+from ..auth import token_auth, token_optional_auth
+from ..models import User
+
+from . import api
+
+
+@api.route('/users', methods=['POST'])
+def new_user():
+    """
+    Register a new user.
+    This endpoint is publicly available.
+    """
+    user = User.create(request.get_json() or {})
+    if User.query.filter_by(nickname=user.nickname).first() is not None:
+        abort(400)
+    db.session.add(user)
+    db.session.commit()
+    r = jsonify(user.to_dict())
+    r.status_code = 201
+    r.headers['Location'] = url_for('api.get_user', id=user.id)
+    return r
+
+
+@api.route('/users', methods=['GET'])
+@token_optional_auth.login_required
+def get_users():
+    """
+    Return list of users.
+    This endpoint is publicly available, but if the client has a token it
+    should send it, as that indicates to the server that the user is online.
+    """
+    users = User.query.order_by(User.updated_at.asc(), User.nickname.asc())
+    if request.args.get('online'):
+        users = users.filter_by(online=(request.args.get('online') != '0'))
+    if request.args.get('updated_since'):
+        users = users.filter(
+            User.updated_at > int(request.args.get('updated_since')))
+    return jsonify({'users': [user.to_dict() for user in users.all()]})
+
+
+@api.route('/users/<id>', methods=['GET'])
+@token_optional_auth.login_required
+def get_user(id):
+    """
+    Return a user.
+    This endpoint is publicly available, but if the client has a token it
+    should send it, as that indicates to the server that the user is online.
+    """
+    return jsonify(User.query.get_or_404(id).to_dict())
+
+
+@api.route('/users/<id>', methods=['PUT'])
+@token_auth.login_required
+def edit_user(id):
+    """
+    Modify an existing user.
+    This endpoint is requires a valid user token.
+    Note: users are only allowed to modify themselves.
+    """
+    user = User.query.get_or_404(id)
+    if user != g.current_user:
+        abort(403)
+    user.from_dict(request.get_json() or {})
+    db.session.add(user)
+    db.session.commit()
+    return '', 204

api/celery_config.py

@@ -0,0 +1,7 @@
+# global Celery options that apply to all configurations
+
+# enable the pickle serializer
+task_serializer = 'pickle'
+result_serializer = 'pickle'
+accept_content = ['pickle']
+broker_connection_retry_on_startup = True

api/config.py

@@ -0,0 +1,38 @@
+import os
+
+
+class Config(object):
+    DEBUG = False
+    TESTING = False
+    SECRET_KEY = os.environ.get('SECRET_KEY', '51f52814-0071-11e6-a247-000ec6c2372c')
+    SERVER_NAME = os.environ.get("SERVER_NAME", "127.0.0.1:5000")
+    SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL', 'sqlite:///db.sqlite3')
+    SQLALCHEMY_TRACK_MODIFICATIONS = False
+    REQUEST_STATS_WINDOW = 15
+    CELERY_CONFIG = {}
+    SOCKETIO_MESSAGE_QUEUE = os.environ.get(
+        'SOCKETIO_MESSAGE_QUEUE', os.environ.get('CELERY_BROKER_URL',
+                                                 'redis://'))
+
+
+class DevelopmentConfig(Config):
+    DEBUG = True
+
+
+class ProductionConfig(Config):
+    pass
+
+
+class TestingConfig(Config):
+    TESTING = True
+    SERVER_NAME = 'localhost'
+    SQLALCHEMY_DATABASE_URI = 'sqlite://'
+    CELERY_CONFIG = {'task_always_eager': True}
+    SOCKETIO_MESSAGE_QUEUE = None
+
+
+flask_config = {
+    'development': DevelopmentConfig,
+    'production': ProductionConfig,
+    'testing': TestingConfig
+}