block is now a cookie

author: altaf-creator <dev@altafcreator.com> 2025-12-02 15:39:04 +0700
committer: altaf-creator <dev@altafcreator.com> 2025-12-02 15:39:04 +0700
commit: 988db9361ca86765dc1645bcdcb77466cfd0e8e0 (patch)
tree: ffbcae9086ae23c2a8911803d1507d7ee4d1e4d7 /backend/main.py
parent: a69d6aa6f0f2e98bcacb4016bf5530d5a420270f (diff)
1 files changed, 69 insertions, 24 deletions
diff --git a/backend/main.py b/backend/main.py
index ce8f103..da914df 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -52,7 +52,8 @@ CREATE TABLE IF NOT EXISTS timers (
     duration INT NOT NULL,
     block INT NOT NULL,
     machine INT NOT NULL,
-    status TEXT NOT NULL CHECK(status IN ('RUNNING', 'FINISHED'))
+    status TEXT NOT NULL CHECK(status IN ('RUNNING', 'FINISHED')),
+    subscription_id TEXT NOT NULL,
 );
                """)  # block is either 1 or 2, machine (1-4), odd is dryer, even is machine.
 
@@ -72,7 +73,7 @@ for k, v in yaml_dict["qr_uri"]["h2"].items():
     qr_uri[v] = f"h1-{k}"
 
 print("config.yaml loaded, qr_uri:")
-for k,v in qr_uri.items():
+for k, v in qr_uri.items():
     print(k, v)
 
 
@@ -97,6 +98,10 @@ class RequestData(BaseModel):
     machine_id: str
 
 
+class InformationRequestData(BaseModel):
+    machine_id: str
+
+
 class BlockRequestData(BaseModel):
     block: int
 
@@ -112,6 +117,20 @@ class Status(Enum):
     OUTOFSERVICE = 3,
 
 
+URI_TO_MACHINES = {
+    "h0": [1, None],
+    "h1-dryer1": [1, 1],
+    "h1-washer1": [1, 2],
+    "h1-dryer2": [1, 3],
+    "h1-washer2": [1, 4],
+    "hf": [2, None],
+    "h2-dryer1": [2, 1],
+    "h2-washer1": [2, 2],
+    "h2-dryer2": [2, 3],
+    "h2-washer2": [2, 4],
+}
+
+
 # ## global vars for user-end
 
 machine_status = [[Status.EMPTY.name, Status.EMPTY.name, Status.EMPTY.name, Status.EMPTY.name],
@@ -170,7 +189,7 @@ def final_timer_finished(timer_id):
     cursor.execute(f"SELECT * FROM timers WHERE timer_id = '{timer_id}'")
     out = cursor.fetchall()
 
-    notification = Notification(app_id=ONESIGNAL_APP_ID, included_segments=['All'], contents={'en' : 'get your bloody laundry'}, headings={'en': 'laundry finished'})
+    notification = Notification(app_id=ONESIGNAL_APP_ID, included_segments=['All'], contents={'en': 'get your bloody laundry'}, headings={'en': 'laundry finished'})
 
     try:
         api_response = api_instance.create_notification(notification)
@@ -187,6 +206,19 @@ def create_session(response: fastapi.Response):
     return cookie
 
 
+def authenticate_block(response: fastapi.Response, machine_id: str = None, block: int = None):
+    if machine_id:
+        blk = URI_TO_MACHINES[machine_id][0]
+        response.set_cookie(key="auth_block", value=blk)
+        return blk
+    elif block:
+        blk = block
+        response.set_cookie(key="auth_block", value=blk)
+        return block
+    else:
+        return "FAIL"
+
+
 # ## beginning
 
 print("Hello, world!")
@@ -195,22 +227,11 @@ restart_terminated_schedules()
 
 # ## api endpoints
 
-# this is a constant, mapping uri keys to block-machine pair
-URI_TO_MACHINES = {
-    "h1-dryer1": [1, 1],
-    "h1-washer1": [1, 2],
-    "h1-dryer2": [1, 3],
-    "h1-washer2": [1, 4],
-    "h2-dryer1": [2, 1],
-    "h2-washer1": [2, 2],
-    "h2-dryer2": [2, 3],
-    "h2-washer2": [2, 4],
-}
-
-
 # --- starting new timer
+# eugh. too complex. TODO: refactor perhaps
+# it's so complex even the linter is complaining
 @app.post("/start", response_class=PlainTextResponse)
-async def start_new_timer(data: RequestData, response: fastapi.Response, session_key: Annotated[str | None, fastapi.Cookie()] = None):
+def start_new_timer(data: RequestData, response: fastapi.Response, session_key: Annotated[str | None, fastapi.Cookie()] = None, auth_block: Annotated[str | None, fastapi.Cookie()] = None):
     now = datetime.datetime.now()
     try:
         if not session_key:
@@ -228,6 +249,13 @@ async def start_new_timer(data: RequestData, response: fastapi.Response, session
         response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED
         return "invalid uri; you are unauthorised"
 
+    if auth_block:
+        if auth_block != block:
+            response.status_code = fastapi.status.HTTP_403_FORBIDDEN
+            return "mismatch in block authentication cookie and requested block machine. forbidden."
+    else:
+        authenticate_block(response, machine_id=data.machine_id)
+
     try:
         print("session key valid", session_key)
         cursor.execute(f"""
@@ -266,6 +294,7 @@ async def start_new_timer(data: RequestData, response: fastapi.Response, session
         response.status_code = fastapi.status.HTTP_500_INTERNAL_SERVER_ERROR
         return "something went wrong during machine_status setting somehow"
 
+    # HTTP 200
     return "all good bro timer started"
 
 
@@ -290,9 +319,12 @@ def check_status(response: fastapi.Response, session_key: Annotated[str | None,
 
 # --- fetch machine status for block
 @app.post("/status")
-def get_machine_status(data: BlockRequestData, auth_block: Annotated[str | None, fastapi.Cookie()] = None):
-    block_idx = data.block - 1
-    return [machine_status[block_idx], machine_times[block_idx], machine_durations[block_idx]]
+def get_machine_status(response: fastapi.Response, auth_block: Annotated[str | None, fastapi.Cookie()] = None):
+    if auth_block:
+        return [machine_status[auth_block], machine_times[auth_block], machine_durations[auth_block]]
+    else:
+        response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED
+        return "block cookie needed. unauthorised"
 
 
 # --- get laundr(y/ies) information of user
@@ -345,8 +377,8 @@ def finish_laundry(data: FinishRequestData, response: fastapi.Response, session_
         return "laundry finished"
 
         if session_key != row[1]:
-            response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED
-            return "session key mismatch with timer id, dubious and hence unauthorised."
+            response.status_code = fastapi.status.HTTP_403_FORBIDDEN
+            return "session key mismatch with timer id, dubious!"
     else:
         response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED
         return "you got no session key, cannot"
@@ -354,5 +386,18 @@ def finish_laundry(data: FinishRequestData, response: fastapi.Response, session_
 
 # --- get information from uri search query
 @app.post("/info")
-def uri_to_information(data: FinishRequestData):
-    pass
+def uri_to_information(data: InformationRequestData, response: fastapi.Response, auth_block: Annotated[str | None, fastapi.Cookie()] = None):
+    try:
+        info = URI_TO_MACHINES[data.machine_id]
+    except KeyError:
+        response.status_code = fastapi.status.HTTP_404_NOT_FOUND
+        return "INVALID machine ID/URI"
+
+    if auth_block:
+        if auth_block != info[0]:
+            response.status_code = fastapi.status.HTTP_403_FORBIDDEN
+            return "UNAUTHORISED to view information"
+    else:
+        authenticate_block(response, block=info[0])
+
+    return {"block": info[0], "machine": info[1]}
author	altaf-creator <dev@altafcreator.com>	2025-12-02 15:39:04 +0700
committer	altaf-creator <dev@altafcreator.com>	2025-12-02 15:39:04 +0700
commit	988db9361ca86765dc1645bcdcb77466cfd0e8e0 (patch)
tree	ffbcae9086ae23c2a8911803d1507d7ee4d1e4d7 /backend/main.py
parent	a69d6aa6f0f2e98bcacb4016bf5530d5a420270f (diff)