09 adding email confirmation

.env.example

@@ -0,0 +1,2 @@
+MAILGUN_DOMAIN=
+MAILGUN_API_KEY=

.gitignore

@@ -0,0 +1,9 @@
+test/test.py
+test/test.db
+__pycache__
+.vscode
+.idea
+/.env
+database/data.db
+resources/__pycache__
+model/__pycache__

.vscode/settings.json

@@ -0,0 +1,4 @@
+{
+    "python.pythonPath": "/usr/sbin/python3.9",
+    "python.formatting.provider": "black"
+}

README.md

@@ -0,0 +1,27 @@
+# REST API application made with flask.
+
+Contains <> branches
+
+Final and stable application is in the master branch
+
+NOTE: Use a virtual environment with python 3.9 to run the application
+
+## INSATLLATION
+
+Run the following command to install dependencies:
+
+```
+pip install -r requirements.txt
+```
+
+## RUN
+
+Run the following command to start the application:
+
+```
+python app.py
+```
+
+## IMPORTANT
+
+Make sure to delete the `data.db` file from `database` directory before fresh run.

app.py

@@ -1,10 +1,137 @@
-from flask import Flask
-# creating an app from Flask class
-app = Flask(__name__)
-# letting the application know what requests it will understand
-@app.route('/')
-def home():
-  return "Hello World!"
-
-# run the app in specified folder
-app.run(port=5000)
+from flask import Flask, jsonify
+from flask_restful import Api
+from flask_jwt_extended import JWTManager
+from marshmallow import ValidationError
+
+from ma import ma
+from resources.user import (
+    UserConfirm,
+    UserRegister,
+    User,
+    UserLogin,
+    UserLogout,
+    TokenRefresh,
+)
+from resources.item import Item, ItemList
+from resources.store import Store, StoreList
+from blacklist import BLACKLIST
+from database import db
+
+app = Flask(__name__)
+
+app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///database/data.db"
+
+app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False  # turns of flask_sqlalchemy modification tracker
+app.config["PROPAGATE_EXCEPTIONS"] = True  # if flask_jwt raises an error, the flask app will check the error if this is set to true
+app.config["JWT_BLACKLIST_ENABLED"] = True
+app.config["JWT_BLACKLIST_TOKEN_CHECKS"] = [
+    "access",
+    "refresh",
+]  # both access and refresh tokens will be denied for the user ids
+
+app.secret_key = "komraishumtirkomchuri"
+# app.config["JWT_SECRET_KEY"] = "YOUR KEY HERE"
+
+api = Api(app)
+
+
+@app.errorhandler(ValidationError)
+def handle_marshmallow_validation(err):
+    return jsonify(err.messages), 400
+
+
+@app.before_first_request
+def create_tables():
+    db.create_all()
+    # above function creates all the tables before the 1st request is made
+    # unless they exist already
+
+
+# JWT() creates a new endpoint: /auth
+# we send username and password to /auth
+# JWT() gets the username and password, and sends it to authenticate function
+# the authenticate function maps the username and checks the password
+# if all goes well, the authenticate function returns user
+# which is the identity or jwt(or token)
+# jwt = JWT(app, authenticate, identity)
+jwt = JWTManager(app)  # JwtManager links up to the application, doesn't create /auth point
+
+
+# below function returns True, if the token that is sent is in the blacklist
+@jwt.token_in_blocklist_loader
+def check_if_token_in_blacklist(jwt_header, jwt_data):
+    print("Log Message:", jwt_data)
+    return jwt_data["jti"] in BLACKLIST
+
+
+@jwt.additional_claims_loader  # modifies the below function, and links it with JWTManager, which in turn is linked with our app
+def add_claims_to_jwt(identity):
+    if identity == 1:  # instead of hard-coding this, we should read it from a config file or database
+        return {"is_admin": True}
+
+    return {"is_admin": False}
+
+
+# JWT Configurations
+@jwt.expired_token_loader
+def expired_token_callback():
+    return (
+        jsonify({"description": "The token has expired.", "error": "token_expired"}),
+        401,
+    )
+
+
+@jwt.invalid_token_loader
+def invalid_token_callback(error):
+    return (
+        jsonify({"description": "Signature verification failed.", "error": "invalid_token"}),
+        401,
+    )
+
+
+@jwt.unauthorized_loader
+def missing_token_callback(error):  # when no jwt is sent
+    return (
+        jsonify(
+            {
+                "description": "Request doesn't contain a access token.",
+                "error": "authorization_required",
+            }
+        ),
+        401,
+    )
+
+
+@jwt.needs_fresh_token_loader
+def token_not_fresh_callback(self, callback):
+    # print("Log:", callback)
+    return (
+        jsonify({"description": "The token is not fresh.", "error": "fresh_token_required"}),
+        401,
+    )
+
+
+@jwt.revoked_token_loader
+def revoked_token_callback(self, callback):
+    # print("Log:", callback)
+    return (
+        jsonify({"description": "The token has been revoked.", "error": "token_revoked"}),
+        401,
+    )
+
+
+api.add_resource(Item, "/item/<string:name>")
+api.add_resource(Store, "/store/<string:name>")
+api.add_resource(ItemList, "/items")
+api.add_resource(StoreList, "/stores")
+api.add_resource(UserRegister, "/register")
+api.add_resource(UserConfirm, "/activate/<int:user_id>")
+api.add_resource(User, "/user/<int:user_id>")
+api.add_resource(UserLogin, "/login")
+api.add_resource(UserLogout, "/logout")
+api.add_resource(TokenRefresh, "/refresh")
+
+if __name__ == "__main__":
+    db.init_app(app)
+    ma.init_app(app)  # tells marshmallow that it should be communicating with this flask app
+    app.run(port=5000, debug=True)

blacklist.py

@@ -0,0 +1,2 @@
+BLACKLIST = set()  # user ids that will be denied access
+

database.py

@@ -0,0 +1,3 @@
+from flask_sqlalchemy import SQLAlchemy
+
+db = SQLAlchemy()

libs/mailgun.py

@@ -0,0 +1,51 @@
+import os
+from typing import List
+from requests import Response, post
+
+
+FAILED_LOAD_API_KEY = "Falied to load Mailgun API key."
+FAILED_LOAD_DOMAIN_NAME = "Failde to load Mailgun domain."
+FAILED_SEND_CONFIRMATION_MAIL = "Error in sending confirmation email, user registration failed."
+
+
+class MailgunException(Exception):
+    def __init__(self, message: str):
+        super().__init__(message)
+
+
+class Mailgun:
+
+    MAILGUN_DOMAIN = os.environ.get("MAILGUN_DOMAIN")  # can be None
+    MAILGUN_API_KEY = os.environ.get("MAILGUN_API_KEY")  # can be None
+    FROM_TITLE = "Stores RestAPI"
+    # FROM_EMAIL = "Your Mailgun Email"
+    FROM_EMAIL = "postmaster@sandboxb3ef8f2c0e20406cb3f834bc39735ab4.mailgun.org"
+
+    # This method will interact with Mailgun API and return the response sent
+    @classmethod
+    def send_email(cls, email: List[str], subject: str, text: str, html: str) -> Response:
+        if cls.MAILGUN_API_KEY is None:
+            raise MailgunException(FAILED_LOAD_API_KEY)
+
+        if cls.MAILGUN_DOMAIN is None:
+            raise MailgunException(FAILED_LOAD_DOMAIN_NAME)
+
+        response = post(
+            f"https://api.mailgun.net/v3/{cls.MAILGUN_DOMAIN}/messages",
+            auth=(
+                "api",
+                cls.MAILGUN_API_KEY,
+            ),
+            data={
+                "from": f"{cls.FROM_TITLE} <{cls.FROM_EMAIL}>",
+                "to": email,
+                "subject": subject,
+                "text": text,
+                "html": html,
+            },
+        )
+
+        if response.status_code != 200:
+            raise MailgunException(FAILED_SEND_CONFIRMATION_MAIL)
+
+        return response

ma.py

@@ -0,0 +1,3 @@
+from flask_marshmallow import Marshmallow
+
+ma = Marshmallow()

models/item.py

@@ -0,0 +1,36 @@
+from typing import List
+
+from database import db
+
+
+class ItemModel(db.Model):  # tells SQLAlchemy that it is something that will be saved to database and will be retrieved from database
+
+    __tablename__ = "items"
+
+    # Columns
+    id = db.Column(db.Integer, primary_key=True)
+    name = db.Column(db.String(80), nullable=False, unique=True)
+    price = db.Column(db.Float(precision=2), nullable=False)  # precision: numbers after decimal point
+
+    store_id = db.Column(db.Integer, db.ForeignKey("stores.id"), nullable=False)
+    store = db.relationship("StoreModel", back_populates="items")
+
+    # searches the database for items using name
+    @classmethod
+    def find_item_by_name(cls, name: str) -> "ItemModel":
+        # return cls.query.filter_by(name=name) # SELECT name FROM __tablename__ WHERE name=name
+        # this function would return a ItemModel object
+        return cls.query.filter_by(name=name).first()  # SELECT name FROM __tablename__ WHERE name=name LIMIT 1
+
+    @classmethod
+    def find_all(cls) -> List["ItemModel"]:
+        return cls.query.all()
+
+    # method to insert or update an item into database
+    def save_to_database(self) -> None:
+        db.session.add(self)  # session here is a collection of objects that wil be written to database
+        db.session.commit()
+
+    def delete_from_database(self) -> None:
+        db.session.delete(self)
+        db.session.commit()

models/store.py

@@ -0,0 +1,35 @@
+from typing import List
+
+from database import db
+
+
+class StoreModel(db.Model):  # tells SQLAlchemy that it is something that will be saved to database and will be retrieved from database
+
+    __tablename__ = "stores"
+
+    # Columns
+    id = db.Column(db.Integer, primary_key=True)
+    name = db.Column(db.String(80), nullable=False, unique=True)
+
+    items = db.relationship("ItemModel", lazy="dynamic")  # this will allow us to check which item is in store whose id is equal to it's id.
+    # lazy="dynamic" tells sqlalchemy to not create seperate objects for each item that is created
+
+    # searches the database for items using name
+    @classmethod
+    def find_store_by_name(cls, name: str) -> "StoreModel":
+        # return cls.query.filter_by(name=name) # SELECT name FROM __tablename__ WHERE name=name
+        # this function would return a StoreModel object
+        return cls.query.filter_by(name=name).first()  # SELECT name FROM __tablename__ WHERE name=name LIMIT 1
+
+    @classmethod
+    def find_all(cls) -> List["StoreModel"]:
+        return cls.query.all()
+
+    # method to insert or update an item into database
+    def save_to_database(self) -> None:
+        db.session.add(self)  # session here is a collection of objects that wil be written to database
+        db.session.commit()
+
+    def delete_from_database(self) -> None:
+        db.session.delete(self)
+        db.session.commit()