api/user/modify.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

from flask import Blueprint, request
from db import cursor, connection
from hierarchy import auth_required
from auth.login import login_password


def login_and_password(func):
    @auth_required("user")
    def wrapper(user_id):
        data = request.get_json()
        if not data: return "", 400

        password = data.get("password")
        if not password: return "", 401

        if not login_password(user_id, password): return "", 401

        return func(user_id)

    return wrapper


def modify_user_info(type):
    @login_and_password
    def index(user_id):
        data = request.get_json()
        if not data: return "", 400

        new_value = data.get(type)
        if not new_value: return "", 401

        # check if already taken
        taken = cursor.execute(
            f"select count(user_id) from users where lower({type}) = lower(?)",
            [new_value]
        ).fetchone()
        if taken[0] > 0: return "", 403

        # update
        cursor.execute(
            f"update users set {type} = ? where user_id = ?",
            [new_value, user_id]
        )
        connection.commit()
        return "", 200

    return index


modify_username = Blueprint('modify_username', __name__)
modify_username.add_url_rule(
    '/username', 'route', modify_user_info("username"), methods=["POST"]
)

modify_email = Blueprint('modify_email', __name__)
modify_email.add_url_rule(
    '/email', 'route', modify_user_info("email"), methods=["POST"]
)

dynamic_routes = [["/user", modify_username], ["/user", modify_email]]