diff options
Diffstat (limited to 'backend/main.py')
| -rw-r--r-- | backend/main.py | 559 |
1 files changed, 535 insertions, 24 deletions
diff --git a/backend/main.py b/backend/main.py index 8b8a3d1..e242389 100644 --- a/backend/main.py +++ b/backend/main.py @@ -1,13 +1,27 @@ import fastapi from fastapi.middleware.cors import CORSMiddleware +from fastapi.responses import PlainTextResponse +from apscheduler.schedulers.background import BackgroundScheduler +import onesignal +from onesignal.model.rate_limit_error import RateLimitError +from onesignal.model.generic_error import GenericError +from onesignal.model.notification import Notification +from onesignal.model.create_notification_success_response import CreateNotificationSuccessResponse +from onesignal.api import default_api import sqlite3 from typing import Annotated import datetime +from zoneinfo import ZoneInfo from pydantic import BaseModel -from apscheduler.schedulers.background import BackgroundScheduler -import firebase_admin -from firebase_admin import credentials +import secrets +from enum import Enum, IntEnum +from dotenv import load_dotenv +from os import getenv +import yaml +import notif # import notif.py +import bcrypt +# ## API, db, and scheduler initialisation app = fastapi.FastAPI(title="Victoria Hall LaundryWeb", description="LaundryWeb Backend API", version="0.1") conn = sqlite3.connect("db.db", check_same_thread=False) cursor = conn.cursor() @@ -15,15 +29,16 @@ cursor = conn.cursor() scheduler = BackgroundScheduler() scheduler.start() -firebase_app = firebase_admin.initialize_app(credentials.Certificate("serviceAccountKey.json")) - origins = [ "http://localhost", + "http://localhost:8081", "http://localhost:998", "http://localhost:5173", "http://127.0.0.1", "http://127.0.0.1:998", "http://127.0.0.1:5173", + "https://laundryweb.altafcreator.com", + "https://backend.laundryweb.altafcreator.com" ] app.add_middleware( @@ -37,49 +52,545 @@ app.add_middleware( cursor.execute(""" CREATE TABLE IF NOT EXISTS timers ( timer_id INTEGER PRIMARY KEY, - user_id VARCHAR(16) NOT NULL, + user_id VARCHAR(64) NOT NULL, start_time TEXT NOT NULL, - duration INT NOT NULL, + end_time TEXT NOT NULL, block INT NOT NULL, machine INT NOT NULL, - status TEXT NOT NULL CHECK(status IN ('Running', 'Finished')) + status TEXT NOT NULL CHECK(status IN ('RUNNING', 'FINISHED')), + subscription_id TEXT NOT NULL +);""") # block is either 1 or 2, machine (1-4), odd is dryer, even is machine. + +cursor.execute(""" +CREATE TABLE IF NOT EXISTS admin_cookies ( + cookie VARCHAR(64) PRIMARY KEY ); - """) # block is either 1 or 2, machine (1-4), odd is dryer, even is machine. +""") + +cursor.execute("DELETE FROM admin_cookies;") + +class RowIndices(IntEnum): + TIMER_ID = 0, + USER_ID = 1, + START_TIME = 2, + END_TIME = 3, + BLOCK = 4, + MACHINE = 5, + STATUS = 6, + SUBSCRIPTION_ID = 7 + + +# ## yaml configuration initialisation + +qr_uri = {} + +stream = open("config.yaml", 'r') +yaml_dict = yaml.load(stream, yaml.Loader) + +# inverting the key-value pair for the dict to act as a map +# easy matching for the users' scanned obscure uri and the supposed +for k, v in yaml_dict["qr_uri"]["h1"].items(): + qr_uri[v] = f"h1-{k}" +for k, v in yaml_dict["qr_uri"]["h2"].items(): + qr_uri[v] = f"h2-{k}" + +print("config.yaml loaded, qr_uri:") +for k, v in qr_uri.items(): + print(k, v) + + +# ## onesignal initialisation +load_dotenv() + +onesignal_configuration = onesignal.Configuration( + rest_api_key=getenv("REST_API_KEY"), + organization_api_key=getenv("ORGANIZATION_API_KEY"), +) + +api_client = onesignal.ApiClient(onesignal_configuration) +api_instance = default_api.DefaultApi(api_client) +ONESIGNAL_APP_ID = "83901cc7-d964-475a-90ec-9f854df4ba52" + + +# ## class / data struct definitions class RequestData(BaseModel): duration: int + machine_id: str + + +class InformationRequestData(BaseModel): + machine_id: str + + +class BlockRequestData(BaseModel): + block: int + + +class FinishRequestData(BaseModel): + id: int + + +class OverrideMachineData(BaseModel): block: int - machine: int + machine_id: int + disabled: bool + + +class Status(Enum): + EMPTY = 0, + FINISHED = 1, + RUNNING = 2, + OUTOFSERVICE = 3, + + +class PlaintextPasswordData(BaseModel): + password: str + + +URI_TO_MACHINES = { + "h1-status": [1, None], + "h1-dryer1": [1, 1], + "h1-washer1": [1, 2], + "h1-dryer2": [1, 3], + "h1-washer2": [1, 4], + "h2-status": [2, None], + "h2-dryer1": [2, 1], + "h2-washer1": [2, 2], + "h2-dryer2": [2, 3], + "h2-washer2": [2, 4], +} + +TZ = "Asia/Jakarta" + +# ## global vars for user-end + +machine_status = [[Status.EMPTY.name, Status.EMPTY.name, Status.EMPTY.name, Status.EMPTY.name], + [Status.EMPTY.name, Status.EMPTY.name, Status.EMPTY.name, Status.EMPTY.name]] +machine_times = [[None, None, None, None], + [None, None, None, None]] +machine_endings = [[None, None, None, None], + [None, None, None, None]] + + +# ## some non-api endpoint method definitions + +# this method checks for any entry, and starts the previously-terminated schedules +# useful if you're restarting the server +def restart_terminated_schedules(): + cursor.execute("SELECT * FROM timers;") + out = cursor.fetchall() + print("unfinished timers: " + str(len(out))) + + for row in out: + print(row) + end_date = datetime.datetime.fromisoformat(row[RowIndices.END_TIME]) + now = datetime.datetime.now(ZoneInfo(TZ)) + timer_id = row[RowIndices.TIMER_ID] + + if now > end_date: + print("unfinished timer was long gone", timer_id) + scheduler.add_job(final_timer_finished, 'date', run_date=(now + datetime.timedelta(seconds=1)), id=str(timer_id), args=[timer_id]) + elif now + datetime.timedelta(minutes=5) > end_date: + print("unfinished timer ends in less than five mins", timer_id) + scheduler.add_job(final_timer_finished, 'date', run_date=end_date, id=str(timer_id), args=[timer_id]) + else: + print("unfinished timer scheduler started", timer_id) + scheduler.add_job(reminder_timer_finished, 'date', run_date=end_date - datetime.timedelta(minutes=5), id=str(timer_id), args=[timer_id]) + + print("setting internal array information") + machine_status[row[RowIndices.BLOCK] - 1][row[RowIndices.MACHINE] - 1] = Status.RUNNING.name + machine_times[row[RowIndices.BLOCK] - 1][row[RowIndices.MACHINE] - 1] = row[2] + machine_endings[row[RowIndices.BLOCK] - 1][row[RowIndices.MACHINE] - 1] = row[3] + + print(machine_status, machine_times, machine_endings) def reminder_timer_finished(timer_id): + print("timer almost finished", timer_id) + cursor.execute("SELECT * FROM timers WHERE timer_id = ?", (timer_id,)) + out = cursor.fetchall() + print(out) + + scheduler.add_job(final_timer_finished, 'date', run_date=out[0][RowIndices.END_TIME], id=str(timer_id), args=[timer_id]) + + notif.send_notification( + out[0][RowIndices.SUBSCRIPTION_ID], + { + "title": "Laundry Reminder", + "body": "Your laundry is almost finished.", + } + ) + +def final_timer_finished(timer_id): print("timer finished!1", timer_id) - cursor.execute(f"DELETE FROM timers WHERE timer_id = {timer_id}") + cursor.execute("SELECT * FROM timers WHERE timer_id = ?", (timer_id,)) + out = cursor.fetchall() -def final_timer_finished(): - pass + for row in out: + machine_status[row[RowIndices.BLOCK] - 1][row[RowIndices.MACHINE] - 1] = Status.FINISHED.name + notif.send_notification( + out[0][RowIndices.SUBSCRIPTION_ID], + { + "title": "Laundry Finished", + "body": "Your laundry is finished! Please collect your laundry.", + "requireInteraction": True, + "timerId": timer_id, + } + ) -@app.post("/start") -def start_new_timer(data: RequestData, session_key: Annotated[str | None, fastapi.Cookie()] = None): - if session_key: +# sec min hrs days +COOKIE_MAX_AGE = 60 * 60 * 24 * 30 # 30 days + + +def create_session(response: fastapi.Response): + cookie = secrets.token_hex(32) + response.set_cookie(key="session_key", value=cookie, secure=True, max_age=COOKIE_MAX_AGE) + return cookie + + +def authenticate_block(response: fastapi.Response, machine_id: str = None, block: int = None): + if machine_id: + blk = URI_TO_MACHINES[qr_uri[machine_id]][0] + response.set_cookie(key="auth_block", value=blk, secure=True, max_age=COOKIE_MAX_AGE) + return blk + elif block: + blk = block + response.set_cookie(key="auth_block", value=blk, secure=True, max_age=COOKIE_MAX_AGE) + return block + else: + return "FAIL" + + +# ## beginning + +print("Hello, world!") +restart_terminated_schedules() + + +# ## api endpoints + +# --- starting new timer +# eugh. too complex. TODO: refactor perhaps +# it's so complex even the linter is complaining +@app.post("/start", response_class=PlainTextResponse) +def start_new_timer(data: RequestData, response: fastapi.Response, session_key: Annotated[str | None, fastapi.Cookie()] = None, auth_block: Annotated[str | None, fastapi.Cookie()] = None, subscription_endpoint: Annotated[str | None, fastapi.Cookie()] = None): + now = datetime.datetime.now(ZoneInfo(TZ)) + try: + if not session_key: + print("no session key, creating.") + session_key = create_session(response) + except Exception as exception: + print("err @ key creation //", exception) + response.status_code = fastapi.status.HTTP_500_INTERNAL_SERVER_ERROR + return "something went wrong during session key creation" + + try: + block = URI_TO_MACHINES[qr_uri[data.machine_id]][0] + machine = URI_TO_MACHINES[qr_uri[data.machine_id]][1] + except KeyError: + response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED + return "invalid uri; you are unauthorised" + + if auth_block: + if str(auth_block) != str(block): + response.status_code = fastapi.status.HTTP_403_FORBIDDEN + return "mismatch in block authentication cookie and requested block machine. forbidden." + else: + authenticate_block(response, machine_id=data.machine_id) + + if not subscription_endpoint: + print("user is not subscribed to notif") + response.status_code = fastapi.status = fastapi.status.HTTP_401_UNAUTHORIZED + return "a notification subscription is required to start a timer" + + try: print("session key valid", session_key) - cursor.execute(f""" - INSERT INTO timers (user_id, start_time, duration, block, machine, status) - VALUES ('{session_key}', '{datetime.datetime.now().isoformat()}', {data.block}, {data.machine}, {data.duration}, 'Running') - """) + end_date = now + datetime.timedelta(minutes=(data.duration * 30)) + cursor.execute(""" + INSERT INTO timers (user_id, start_time, end_time, block, machine, status, subscription_id) + VALUES (?, ?, ?, ?, ?, ?, ?)""", (session_key, now.isoformat(), end_date.isoformat(), block, machine, 'RUNNING', subscription_endpoint,)) conn.commit() - cursor.execute(f"SELECT * FROM timers WHERE user_id = {session_key}") + cursor.execute("SELECT * FROM timers WHERE end_time = ?;", (end_date.isoformat(),)) out = cursor.fetchall() + for row in out: print(row) - end_date = datetime.datetime.now() + datetime.timedelta(seconds=data.duration) timer_id = str(out[len(out) - 1][0]) print("timer id", timer_id) + except Exception as exception: + print("err @ sql stuff //", exception) + response.status_code = fastapi.status.HTTP_500_INTERNAL_SERVER_ERROR + return "something went wrong during sql stuff" + + try: + scheduler.add_job(reminder_timer_finished, 'date', run_date=end_date - datetime.timedelta(minutes=5), id=timer_id, args=[timer_id]) + except Exception as exception: + print("err @ scheduler //", exception) + response.status_code = fastapi.status.HTTP_500_INTERNAL_SERVER_ERROR + return "something went wrong during scheduler stuff" + + try: + machine_status[block - 1][machine - 1] = Status.RUNNING.name + machine_times[block - 1][machine - 1] = now.isoformat() + machine_endings[block - 1][machine - 1] = end_date + except Exception as exception: + print("err @ machine_status //", exception) + response.status_code = fastapi.status.HTTP_500_INTERNAL_SERVER_ERROR + return "something went wrong during machine_status setting somehow" + + # HTTP 200 + return "all good bro timer started" + + +# --- check whether user has laundry or not +@app.post("/check", response_class=PlainTextResponse) +def check_status(response: fastapi.Response, session_key: Annotated[str | None, fastapi.Cookie()] = None): + if not session_key: + print("no session key, creating.") + session_key = create_session(response) + + cursor.execute("SELECT * FROM timers WHERE user_id = ?", (session_key,)) + out = cursor.fetchall() + + for row in out: + print(row) + + if len(out) > 0: + return "you got laundry" + else: + return "no got laundry" + + +# --- fetch machine status for block +@app.post("/status") +def get_machine_status(response: fastapi.Response, auth_block: Annotated[str | None, fastapi.Cookie()] = None): + if auth_block: + block = int(auth_block) - 1 + return [machine_status[block], machine_times[block], machine_endings[block]] + else: + response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED + return "block cookie needed. unauthorised" + + +# --- get laundr(y/ies) information of user +@app.post("/laundry") +def get_laundry_info(response: fastapi.Response, session_key: Annotated[str | None, fastapi.Cookie()] = None, auth_block: Annotated[str | None, fastapi.Cookie()] = None): + if session_key: + result = [] + + cursor.execute("SELECT * FROM timers WHERE user_id = ?", (session_key,)) + out = cursor.fetchall() + + for row in out: + curr_timer = { + "end_time": 0, + "start_time": 0, + "machine": 0, + "status": "RUNNING", + "id": -1, + } + curr_timer["end_time"] = row[RowIndices.END_TIME] + curr_timer["start_time"] = row[RowIndices.START_TIME] + curr_timer["machine"] = row[RowIndices.MACHINE] + curr_timer["status"] = row[RowIndices.STATUS] + curr_timer["id"] = row[RowIndices.TIMER_ID] + + result.append(curr_timer) + + return result + else: + response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED + return "you got no session key cookie how am i supposed to identify you" + + +# --- finish one's laundry +@app.post("/finish", response_class=PlainTextResponse) +def finish_laundry(data: FinishRequestData, response: fastapi.Response, session_key: Annotated[str | None, fastapi.Cookie()] = None): + if session_key: + cursor.execute("SELECT * FROM timers WHERE timer_id = ?", (data.id,)) + row = cursor.fetchall()[0] + + if datetime.datetime.now(ZoneInfo(TZ)) < datetime.datetime.fromisoformat(row[RowIndices.END_TIME]): + response.status_code = fastapi.status.HTTP_400_BAD_REQUEST + return "timer has not finished yet" + + machine_status[row[RowIndices.BLOCK] - 1][row[RowIndices.MACHINE] - 1] = Status.EMPTY.name + machine_times[row[RowIndices.BLOCK] - 1][row[RowIndices.MACHINE] - 1] = None + machine_endings[row[RowIndices.BLOCK] - 1][row[RowIndices.MACHINE] - 1] = None + + cursor.execute("DELETE FROM timers WHERE timer_id = ?", (row[0],)) + conn.commit() + + print(f"timer of id {data.id} has been finished by {session_key}") + + return "laundry finished" + + if session_key != row[1]: + response.status_code = fastapi.status.HTTP_403_FORBIDDEN + return "session key mismatch with timer id, dubious!" + else: + response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED + return "you got no session key, cannot" + + +# --- get information from uri search query +@app.post("/info") +def uri_to_information(data: InformationRequestData, response: fastapi.Response, auth_block: Annotated[str | None, fastapi.Cookie()] = None): + info = None + try: + if len(data.machine_id) > 0: + info = URI_TO_MACHINES[qr_uri[data.machine_id]] + except KeyError: + response.status_code = fastapi.status.HTTP_404_NOT_FOUND + return "INVALID machine ID/URI" + + print(auth_block) + if auth_block: + if info: + if str(auth_block) != str(info[0]): + response.status_code = fastapi.status.HTTP_403_FORBIDDEN + return "UNAUTHORISED to view information of block " + str(info[0]) + else: + info = [auth_block, None] + else: + if info: + authenticate_block(response, block=info[0]) + else: + response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED + return "NO INFORMATION PROVIDED. NO AUTH COOKIE." + + return {"block": info[0], "machine": info[1]} + + +# #### NOTIFICATION API END POINTS #### + + +# --- subscribe +@app.post("/notifsubscribe", response_class=PlainTextResponse) +def notif_subscribe(data: notif.PushSubscriptionData, response: fastapi.Response): + try: + endpoint = notif.subscribe(data) + response.set_cookie(key="subscription_endpoint", value=endpoint, max_age=COOKIE_MAX_AGE, domain="laundryweb.altafcreator.com", samesite="none", secure=True, path="/") + response.status_code = fastapi.status.HTTP_200_OK + return "subscription saved." + except Exception as err: + response.status_code = fastapi.status.HTTP_500_INTERNAL_SERVER_ERROR + return f"error, failed to save subscription {err}" + + +# #### ADMIN PANEL API END POINTS #### + +# ## ADMIN PANEL SCHEDULER METHODS ## + + +def delete_cookie_scheduler(cookie): + pass + + +def authenticate_admin_check(cookie): + cursor.execute("SELECT * FROM admin_cookies WHERE cookie = ?", (cookie,)) + rows = cursor.fetchall() + + return len(rows) > 0 + + +# --- admin login +@app.post("/admin_login", response_class=PlainTextResponse) +def admin_login(data: PlaintextPasswordData, response: fastapi.Response): + print(data.password) + + pwd = data.password.encode('utf-8') + stored_hash_pwd = getenv("ADMIN_PASSWORD_HASH").encode('utf-8') + + if bcrypt.checkpw(pwd, stored_hash_pwd): + response.status_code = fastapi.status.HTTP_202_ACCEPTED + + auth_cookie_str = secrets.token_hex(32) + AUTH_MAX_AGE = 60 * 10 # 10 minutes + response.set_cookie(key="admin_auth", value=auth_cookie_str, secure=True, max_age=AUTH_MAX_AGE, domain="backend.laundryweb.altafcreator.com", samesite="none") + cursor.execute("""INSERT INTO admin_cookies (cookie) VALUES (?);""", (auth_cookie_str,)) + conn.commit() + cursor.execute("SELECT * FROM admin_cookies") + print(cursor.fetchall()) + + now = datetime.datetime.now(ZoneInfo(TZ)) + end_date = now + datetime.timedelta(seconds=(AUTH_MAX_AGE)) + scheduler.add_job(delete_cookie_scheduler, 'date', run_date=end_date, args=[auth_cookie_str]) + + return "hi admin you are Authenticated!!!11" + + response.status_code = fastapi.status.HTTP_403_FORBIDDEN + return "Forbidden." + + +# --- admin auth check +@app.post("/admin_check", response_class=PlainTextResponse) +def admin_check(response: fastapi.Response, admin_auth: Annotated[str | None, fastapi.Cookie()] = None): + print("admin check request, ", admin_auth) + + if authenticate_admin_check(admin_auth): + response.status_code = fastapi.status.HTTP_202_ACCEPTED + return "Authorised." + else: + response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED + return "Get out." + + +# --- override each machine status +@app.post("/override_status", response_class=PlainTextResponse) +def override_status(data: OverrideMachineData, response: fastapi.Response, admin_auth: Annotated[str | None, fastapi.Cookie()] = None): + if not admin_auth: + response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED + return "Unauthorised." + + if authenticate_admin_check(admin_auth): + if (data.disabled): + machine_status[data.block - 1][data.machine_id - 1] = Status.OUTOFSERVICE.name + else: + cursor.execute("SELECT * FROM timers WHERE ((block = ?) AND (machine = ?))", (data.block, data.machine_id)) + rows = cursor.fetchall() + + if len(rows) > 0: + machine_status[data.block - 1][data.machine_id - 1] = Status.RUNNING.name + else: + machine_status[data.block - 1][data.machine_id - 1] = Status.EMPTY.name + + response.status_code = fastapi.status.HTTP_200_OK + return "Set!" + + print("set machine", data.machine_id, "of block", data.block, ".", machine_status) + else: + response.status_code = fastapi.status.HTTP_403_FORBIDDEN + return "Forbidden." + + +# --- change admin password +@app.post("/admin_change_password", response_class=PlainTextResponse) +def admin_change_password(data: PlaintextPasswordData, response: fastapi.Response, admin_auth: Annotated[str | None, fastapi.Cookie()] = None): + if not admin_auth: + response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED + return "Unauthorised." + + if authenticate_admin_check(admin_auth): + pass + else: + pass + + +# --- get all blocks machine status for admin +@app.post("/admin_machine_status") +def admin_machine_status(response: fastapi.Response, admin_auth: Annotated[str | None, fastapi.Cookie()] = None): + if not admin_auth: + response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED + return """{"reply": "Unauthorised."}""" - scheduler.add_job(reminder_timer_finished, 'date', run_date=end_date, id=timer_id, args=[timer_id]) + if authenticate_admin_check(admin_auth): + return machine_status else: - print("no session key") + response.status_code = fastapi.status.HTTP_403_FORBIDDEN + return """{"reply": "Forbidden."}""" |