Temp progress on the user profile routes (#60)

* feat: moved advent folder -> puzzles, added some comments

* feat(docker): start separation of dev and prod builds, add pytest functionality to backend

* feat(docker): added dev/prod to frontend, transition frontend to yarn

* fix: remove .vscode folder

* fix(makefile): restructured makefile a bit

* feat: removed .vscode folder from git

* feat(auth): get rudimentary autotesting in place, created clear_database function

* feat(test): added all tests for auth/register

* fix(puzzle): changed blueprint in routes/puzzle.py

* Made some stub code for the user routes

Made some stub code for the user routes.

* Stub codes

* feat(auth): refactored registration system, database connections

* fix(auth): minor changes to constructor

* feat(auth): implement email verification endpoints

* feat(test): using fixtures

* feat(auth): finish autotests, still needs commenting

* feat(auth): finished writing tests for the most part

* Merged stuff

* user/stats should be working

* node stuff

* fixed up some stuff about node

* profile, stat and set_name implemented

* merged

Co-authored-by: Hanyuan Li <[email protected]>

Author: Expressionless-Ball-Thing

.gitignore

@@ -1,2 +1,3 @@
 config/*.env
-.vscode
+.vscode
+node_modules

backend/Pipfile.lock

@@ -7,8 +7,11 @@
 
 from auth.jwt import update_token
 from common.plugins import jwt, mail
+from database.database import db
 from routes.auth import auth
 from routes.puzzle import puzzle
+from routes.user import user
+
 
 def handle_exception(error):
     response = error.get_response()
@@ -28,6 +31,9 @@ def create_app():
     app = Flask(__name__)
     CORS(app)
 
+    # Add database
+    app.config["DATABASE"] = db
+
     # Configure with all our custom settings
     app.config["JWT_SECRET_KEY"] = os.environ["FLASK_SECRET"]
 
@@ -36,7 +42,7 @@ def create_app():
     app.config["JWT_BLACKLIST_ENABLED"] = True
     app.config["JWT_BLACKLIST_TOKEN_CHECKS"] = ["refresh"]
     app.config["JWT_COOKIE_CSRF_PROTECT"] = True
-    app.config["JWT_TOKEN_LOCATION"] = "cookies"
+    app.config["JWT_TOKEN_LOCATION"] = ["cookies"]
 
     # TODO: convert to CSESoc SMTP server (if we have one) once we get that
     app.config["MAIL_SERVER"] = "smtp.mailtrap.io"
@@ -55,6 +61,7 @@ def create_app():
     # Register smaller parts of the API
     app.register_blueprint(auth, url_prefix="/auth")
     app.register_blueprint(puzzle, url_prefix="/puzzle")
+    app.register_blueprint(user, url_prefix="/user")
 
     # Register our error handler
     app.register_error_handler(HTTPException, handle_exception)

backend/app.py

@@ -1,144 +1,144 @@
-from datetime import timedelta
-import random
-
-from argon2 import PasswordHasher
-from argon2.exceptions import VerificationError
-from email_validator import validate_email, EmailNotValidError
-
-from common.database import get_connection
-from common.exceptions import AuthError, InvalidError, RequestError
-from common.redis import cache
-
-hasher = PasswordHasher(
-    time_cost=2,
-    memory_cost=2**15,
-    parallelism=1
-)
-
-class User:
-    # TODO: change all these functions once database functions are merged
-
-    # Private helper methods
-    @staticmethod
-    def _email_exists(cursor, email):
-        """Checks if an email exists in the database."""
-        cursor.execute("SELECT * FROM Users WHERE email = %s",
-                       (email,))
-
-        results = cursor.fetchall()
-        return results != []
-
-    @staticmethod
-    def _username_exists(cursor, username):
-        """Checks if a username is already used."""
-        cursor.execute("SELECT * FROM Users WHERE username = %s", (username,))
-
-        results = cursor.fetchall()
-        return results != []
-
-    @staticmethod
-    def _add_user(conn, cursor, email, username, password):
-        """Given the details of a user, adds them to the database."""
-        cursor.execute("INSERT INTO Users (email, username, password, numStars, score) VALUES (%s, %s, %s, 0, 0)",
-                       (email, username, password))
-        conn.commit()
-
-        cursor.execute("SELECT uid FROM Users WHERE email = %s", (email,))
-        id = cursor.fetchone()[0]
-
-        return id
-
-    # Constructor methods
-    def __init__(self, email, password, id):
-        self.email = email
-        self.password = password
-        self.id = id
-
-    # API-facing methods
-    @staticmethod
-    def register(email, username, password):
-        """Given an email, username and password, creates a verification code
-           for that user in Redis such that we can verify that user's email."""
-        # Error handling
-        conn = get_connection()
-        cursor = conn.cursor()
-
-        try:
-            normalised = validate_email(email).email
-        except EmailNotValidError as e:
-            raise RequestError(description="Invalid email") from e
-
-        if User._email_exists(cursor, normalised):
-            raise RequestError(description="Email already registered")
-
-        if User._username_exists(cursor, username):
-            raise RequestError(description="Username already used")
-        
-        hashed = hasher.hash(password)
-        # TODO: remove addition of user to database
-        new_id = User._add_user(conn, cursor, normalised, username, hashed)
-
-        cursor.close()
-        conn.close()
-
-        # Add verification code to Redis cache, with expiry date of 1 hour
-        code = random.randint(0, 999_999)
-        data = {
-            "code": f"{code:06}",
-            "username": username,
-            "password": hashed
-        }
-
-        pipeline = cache.pipeline()
-
-        # We use a pipeline here to ensure these instructions are atomic
-        pipeline.hset(f"register:{new_id}", mapping=data)
-        pipeline.expire(f"register:{new_id}", timedelta(hours=1))
-
-        pipeline.execute()
-
-        return code
-
-    @staticmethod
-    def login(email, password):
-        """Logs user in with their credentials (currently email and password)."""
-        conn = get_connection()
-        cursor = conn.cursor()
-
-        try:
-            normalised = validate_email(email).email
-        except EmailNotValidError as e:
-            raise AuthError(description="Invalid email or password") from e
-
-        cursor.execute("SELECT * FROM Users WHERE email = %s", (normalised,))
-        result = cursor.fetchone()
-
-        try:
-            id, _, hashed = result
-            hasher.verify(hashed, password)
-        except (TypeError, VerificationError) as e:
-            raise AuthError(description="Invalid email or password") from e
-
-        cursor.close()
-        conn.close()
-
-        return User(normalised, hashed, id)
-
-    @staticmethod
-    def get(id):
-        """Given a user's ID, fetches all of their information from the database."""
-        conn = get_connection()
-        cursor = conn.cursor()
-
-        cursor.execute("SELECT * FROM Users WHERE uid = %s", (id,))
-        fetched = cursor.fetchall()
-
-        if fetched == []:
-            raise InvalidError(description=f"Requested user ID {id} doesn't exist")
-
-        email, _, password, _, _ = fetched[0]
-
-        cursor.close()
-        conn.close()
-
-        return User(email, password, id)
+from datetime import timedelta
+import random
+
+from argon2 import PasswordHasher
+from argon2.exceptions import VerificationError
+from email_validator import validate_email, EmailNotValidError
+
+from common.database import get_connection
+from common.exceptions import AuthError, InvalidError, RequestError
+from common.redis import cache
+
+hasher = PasswordHasher(
+    time_cost=2,
+    memory_cost=2**15,
+    parallelism=1
+)
+
+class User:
+    # TODO: change all these functions once database functions are merged
+
+    # Private helper methods
+    @staticmethod
+    def _email_exists(cursor, email):
+        """Checks if an email exists in the database."""
+        cursor.execute("SELECT * FROM Users WHERE email = %s",
+                       (email,))
+
+        results = cursor.fetchall()
+        return results != []
+
+    @staticmethod
+    def _username_exists(cursor, username):
+        """Checks if a username is already used."""
+        cursor.execute("SELECT * FROM Users WHERE username = %s", (username,))
+
+        results = cursor.fetchall()
+        return results != []
+
+    @staticmethod
+    def _add_user(conn, cursor, email, username, password):
+        """Given the details of a user, adds them to the database."""
+        cursor.execute("INSERT INTO Users (email, username, password, numStars, score) VALUES (%s, %s, %s, 0, 0)",
+                       (email, username, password))
+        conn.commit()
+
+        cursor.execute("SELECT uid FROM Users WHERE email = %s", (email,))
+        id = cursor.fetchone()[0]
+
+        return id
+
+    # Constructor methods
+    def __init__(self, email, password, id):
+        self.email = email
+        self.password = password
+        self.id = id
+
+    # API-facing methods
+    @staticmethod
+    def register(email, username, password):
+        """Given an email, username and password, creates a verification code
+           for that user in Redis such that we can verify that user's email."""
+        # Error handling
+        conn = get_connection()
+        cursor = conn.cursor()
+
+        try:
+            normalised = validate_email(email).email
+        except EmailNotValidError as e:
+            raise RequestError(description="Invalid email") from e
+
+        if User._email_exists(cursor, normalised):
+            raise RequestError(description="Email already registered")
+
+        if User._username_exists(cursor, username):
+            raise RequestError(description="Username already used")
+        
+        hashed = hasher.hash(password)
+        # TODO: remove addition of user to database
+        new_id = User._add_user(conn, cursor, normalised, username, hashed)
+
+        cursor.close()
+        conn.close()
+
+        # Add verification code to Redis cache, with expiry date of 1 hour
+        code = random.randint(0, 999_999)
+        data = {
+            "code": f"{code:06}",
+            "username": username,
+            "password": hashed
+        }
+
+        pipeline = cache.pipeline()
+
+        # We use a pipeline here to ensure these instructions are atomic
+        pipeline.hset(f"register:{new_id}", mapping=data)
+        pipeline.expire(f"register:{new_id}", timedelta(hours=1))
+
+        pipeline.execute()
+
+        return code
+
+    @staticmethod
+    def login(email, password):
+        """Logs user in with their credentials (currently email and password)."""
+        conn = get_connection()
+        cursor = conn.cursor()
+
+        try:
+            normalised = validate_email(email).email
+        except EmailNotValidError as e:
+            raise AuthError(description="Invalid email or password") from e
+
+        cursor.execute("SELECT * FROM Users WHERE email = %s", (normalised,))
+        result = cursor.fetchone()
+
+        try:
+            id, _, hashed = result
+            hasher.verify(hashed, password)
+        except (TypeError, VerificationError) as e:
+            raise AuthError(description="Invalid email or password") from e
+
+        cursor.close()
+        conn.close()
+
+        return User(normalised, hashed, id)
+
+    @staticmethod
+    def get(id):
+        """Given a user's ID, fetches all of their information from the database."""
+        conn = get_connection()
+        cursor = conn.cursor()
+
+        cursor.execute("SELECT * FROM Users WHERE uid = %s", (id,))
+        fetched = cursor.fetchall()
+
+        if fetched == []:
+            raise InvalidError(description=f"Requested user ID {id} doesn't exist")
+
+        email, _, password, _, _ = fetched[0]
+
+        cursor.close()
+        conn.close()
+
+        return User(email, password, id)