Using API Keys

README.md

@@ -15,20 +15,20 @@ A RESTful API for interacting with CSH Quotefault, no webgui required!
 }
 ```
 
-## `/all`
+## `<api_key>/all` : `GET`
 **Allowed Parameters: `date`, `submitter`**
 
 Example Request: ``
 
-## `/random`
+## `<api_key>/random` : `GET`
 **Allowed Parameters: `date`, `submitter`**
 
 Example Request: `/random?submitter=dante`
 
-## `/newest`
+## `<api_key>/newest` : `GET`
 **Allowed Parameters: `date`, `submitter`**
 
-### Example Request: `/newest?submitter=matted`
+### Example Request: `<api_key>/newest?submitter=matted`
 #### Output: 
 Returns the newest result from the submitter = `matted`
 ```json
@@ -42,5 +42,15 @@ Returns the newest result from the submitter = `matted`
 }
 ```
 
-## `/between/<start>/<limit>`
-**Allowed Parameters: None :cry:**
+## `<api_key>/between/<start>/<limit>` : `GET`
+**Allowed Parameters: None :cry:**
+
+## `<api_key>/create` : `PUT`
+**Required Parameters: JSON Object**
+```json
+{
+    "quote": "This is an example Quote",
+    "submitter": "matted",
+    "speaker": "Example Speaker"
+}
+```

quotefaultAPI/__init__.py

@@ -55,102 +55,129 @@ def __init__(self, owner):
         self.owner = owner
 
 
-@app.route('/between/<start>/<limit>', methods=['GET'])
-def between(start, limit):
-    if datetime.strptime(start, "%Y-%m-%d") < datetime.strptime(limit, "%Y-%m-%d"):
-        quotes = Quote.query.filter(Quote.quoteTime.between(start, limit)).all()
+def get_metadata():
+    uuid = str(session["userinfo"].get("sub", ""))
+    uid = str(session["userinfo"].get("preferred_username", ""))
+    metadata = {
+        "uuid": uuid,
+        "uid": uid
+    }
+    return metadata
+
+
+@app.route('/<api_key>/between/<start>/<limit>', methods=['GET'])
+def between(start, limit, api_key):
+    if check_key(api_key):
+        if datetime.strptime(start, "%Y-%m-%d") < datetime.strptime(limit, "%Y-%m-%d"):
+            quotes = Quote.query.filter(Quote.quoteTime.between(start, limit)).all()
+            return jsonify(parse_as_json(quotes))
+        quotes = Quote.query.all
         return jsonify(parse_as_json(quotes))
-    quotes = Quote.query.all
-    return jsonify(parse_as_json(quotes))
-
-
-@app.route('/create', methods=['PUT'])
-def create_quote():
-    data = json.loads(request.data.decode('utf-8'))
-
-    if data['quote'] and data['submitter'] and data['speaker']:
-        quote = data['quote']
-        submitter = data['submitter']
-        speaker = data['speaker']
-
-        if Quote.query.filter(Quote.quote == quote).first() is not None:
-            return "that quote has already been said, asshole"
-        elif quote is '' or speaker is '':
-            return "you didn't fill in one of your fields. You literally only had two responsibilities, and somehow" \
-                   "you fucked them up."
-        else:
-            new_quote = Quote(submitter=submitter, quote=quote, speaker=speaker)
-            db.session.add(new_quote)
-            db.session.flush()
-            db.session.commit()
-
-
-@app.route('/all', methods=['GET'])
-def index():
-    db.create_all()
-
-    date = request.args.get('date')
-    submitter = request.args.get('submitter')
-
-    if date is not None and submitter is not None:
-        quotes = Quote.query.filter_by(quoteTime=date, submitter=submitter).all()
+    else:
+        return "Invalid API Key!"
+
+
+@app.route('/<api_key>/create', methods=['PUT'])
+def create_quote(api_key):
+    if check_key(api_key):
+        data = json.loads(request.data.decode('utf-8'))
+
+        if data['quote'] and data['speaker']:
+            quote = data['quote']
+            submitter = APIKey.query.filter_by(hash=api_key).all()[0].owner
+            speaker = data['speaker']
+
+            if Quote.query.filter(Quote.quote == quote).first() is not None:
+                return "that quote has already been said, asshole"
+            elif quote is '' or speaker is '':
+                return "you didn't fill in one of your fields. You literally only had two responsibilities, and somehow" \
+                       "you fucked them up."
+            else:
+                new_quote = Quote(submitter=submitter, quote=quote, speaker=speaker)
+                db.session.add(new_quote)
+                db.session.flush()
+                db.session.commit()
+                return return_json(new_quote)
+    else:
+        return "Invalid API Key!"
+
+
+@app.route('/<api_key>/all', methods=['GET'])
+def index(api_key):
+    if check_key(api_key):
+        db.create_all()
+
+        date = request.args.get('date')
+        submitter = request.args.get('submitter')
+
+        if date is not None and submitter is not None:
+            quotes = Quote.query.filter_by(quoteTime=date, submitter=submitter).all()
+            return jsonify(parse_as_json(quotes))
+
+        elif date is not None:
+            quotes = Quote.query.filter_by(quoteTime=date).all()
+            return jsonify(parse_as_json(quotes))
+
+        elif submitter is not None:
+            quotes = Quote.query.filter_by(submitter=submitter)
+            return jsonify(parse_as_json(quotes))
+
+        quotes = Quote.query.all()  # collect all quote rows in the Quote db
         return jsonify(parse_as_json(quotes))
+    else:
+        return "Invalid API Key!"
 
-    elif date is not None:
-        quotes = Quote.query.filter_by(quoteTime=date).all()
-        return jsonify(parse_as_json(quotes))
 
-    elif submitter is not None:
-        quotes = Quote.query.filter_by(submitter=submitter)
-        return jsonify(parse_as_json(quotes))
+@app.route('/<api_key>/random', methods=['GET'])
+def random_quote(api_key):
+    if check_key(api_key):
+        date = request.args.get('date')
+        submitter = request.args.get('submitter')
 
-    quotes = Quote.query.all()  # collect all quote rows in the Quote db
-    return jsonify(parse_as_json(quotes))
+        if date is not None and submitter is not None:
+            quotes = Quote.query.filter_by(quoteTime=date, submitter=submitter).all()
+            random_index = random.randint(0, len(quotes))
+            return jsonify(return_json(quotes[random_index]))
 
+        elif date is not None:
+            quotes = Quote.query.filter_by(quoteTime=date).all()
+            random_index = random.randint(0, len(quotes))
+            return jsonify(return_json(quotes[random_index]))
 
-@app.route('/random', methods=['GET'])
-def random_quote():
-    date = request.args.get('date')
-    submitter = request.args.get('submitter')
+        elif submitter is not None:
+            quotes = Quote.query.filter_by(submitter=submitter).all()
+            random_index = random.randint(0, len(quotes))
+            return jsonify(return_json(quotes[random_index]))
 
-    if date is not None and submitter is not None:
-        quotes = Quote.query.filter_by(quoteTime=date, submitter=submitter).all()
+        quotes = Quote.query.all()
         random_index = random.randint(0, len(quotes))
         return jsonify(return_json(quotes[random_index]))
+    else:
+        return "Invalid API Key!"
 
-    elif date is not None:
-        quotes = Quote.query.filter_by(quoteTime=date).all()
-        random_index = random.randint(0, len(quotes))
-        return jsonify(return_json(quotes[random_index]))
-
-    elif submitter is not None:
-        quotes = Quote.query.filter_by(submitter=submitter).all()
-        random_index = random.randint(0, len(quotes))
-        return jsonify(return_json(quotes[random_index]))
 
-    quotes = Quote.query.all()
-    random_index = random.randint(0, len(quotes))
-    return jsonify(return_json(quotes[random_index]))
+@app.route('/<api_key>/newest', methods=['GET'])
+def newest(api_key):
+    if check_key(api_key):
+        date = request.args.get('date')
+        submitter = request.args.get('submitter')
 
+        if date is not None:
+            return jsonify(return_json(Quote.query.order_by(Quote.id.desc()).filter_by(date=date).first()))
 
-@app.route('/newest', methods=['GET'])
-def newest():
-    date = request.args.get('date')
-    submitter = request.args.get('submitter')
+        elif submitter is not None:
+            return jsonify(return_json(Quote.query.order_by(Quote.id.desc()).filter_by(submitter=submitter).first()))
 
-    if date is not None:
-        return jsonify(return_json(Quote.query.order_by(Quote.id.desc()).filter_by(date=date).first()))
-
-    elif submitter is not None:
-        return jsonify(return_json(Quote.query.order_by(Quote.id.desc()).filter_by(submitter=submitter).first()))
-
-    return jsonify(return_json(Quote.query.order_by(Quote.id.desc()).first()))
+        return jsonify(return_json(Quote.query.order_by(Quote.id.desc()).first()))
+    else:
+        return "Invalid API Key!"
 
 
 @auth.oidc_auth
 @app.route('/generatekey')
 def generate_API_key():
-    new_key = APIKey(str(session["userinfo"].get("preferred_username", "")))
+    metadata = get_metadata()
+    new_key = APIKey(metadata['uid'])
     db.session.add(new_key)
     db.session.flush()
     db.session.commit()
@@ -172,3 +199,9 @@ def parse_as_json(quotes, quote_json=None):
     for quote in quotes:
         quote_json.append(return_json(quote))
     return quote_json
+
+
+def check_key(api_key):
+    keys = APIKey.query.filter_by(hash=api_key).all()
+    if len(keys) > 0:
+        return True