Skip to content

Commit

Permalink
a
Browse files Browse the repository at this point in the history
  • Loading branch information
@hu8813
hu8813 committed Apr 25, 2024
1 parent 59de6d7 commit 3ec98ab
Showing 1 changed file with 54 additions and 27 deletions.
81 changes: 54 additions & 27 deletions srcs/backend/myapp/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,8 +90,10 @@ def remove_friend(request):
token = request.headers.get('Authorization', '').split('Bearer ')[-1]
payload = jwt.decode(token, settings.SIGNING_KEY, algorithms=['HS256'])
user_id = payload['user_id']
user_requester = User.objects.get(pk=user_id)

user_requester = User.objects.get(pk=user_id)
if user_id and 'user_id' not in request.session:
request.session['user_id'] = user_id
username = request.GET.get('username')

if not username:
Expand Down Expand Up @@ -131,7 +133,8 @@ def add_friend(request):
payload = jwt.decode(token, settings.SIGNING_KEY, algorithms=['HS256'])
user_id = payload['user_id']
user_requester = User.objects.get(pk=user_id)

if user_id and 'user_id' not in request.session:
request.session['user_id'] = user_id
username = request.GET.get('username')

if not username:
Expand Down Expand Up @@ -169,12 +172,14 @@ def get_friends(request):
token = request.headers.get('Authorization', '').split('Bearer ')[-1]
payload = jwt.decode(token, settings.SIGNING_KEY, algorithms=['HS256'])
user_id = payload['user_id']

if user_id and 'user_id' not in request.session:
request.session['user_id'] = user_id
user = User.objects.get(pk=user_id)

requested_username = request.GET.get('username')

if requested_username:
if len(requested_username) > 50 or is_valid_username(requested_username):
return JsonResponse({'error': 'Invalid username format'}, status=400)
requested_user = User.objects.get(username=requested_username)
friends = requested_user.friends.all()
else:
Expand Down Expand Up @@ -217,7 +222,8 @@ def get_blocked_users(request):
token = request.headers.get('Authorization', '').split('Bearer ')[-1]
payload = jwt.decode(token, settings.SIGNING_KEY, algorithms=['HS256'])
user_id = payload['user_id']

if user_id and 'user_id' not in request.session:
request.session['user_id'] = user_id
user_requester = User.objects.get(pk=user_id)

blocked_users = user_requester.blocked_users.all()
Expand All @@ -235,7 +241,8 @@ def unblock_user(request):
payload = jwt.decode(token, settings.SIGNING_KEY, algorithms=['HS256'])
user_id = payload['user_id']
user_requester = User.objects.get(pk=user_id)

if user_id and 'user_id' not in request.session:
request.session['user_id'] = user_id
username = request.GET.get('username')

if not username:
Expand Down Expand Up @@ -274,7 +281,8 @@ def block_user(request):
payload = jwt.decode(token, settings.SIGNING_KEY, algorithms=['HS256'])
user_id = payload['user_id']
user_requester = User.objects.get(pk=user_id)

if user_id and 'user_id' not in request.session:
request.session['user_id'] = user_id
username = request.GET.get('username')

if not username:
Expand Down Expand Up @@ -313,7 +321,8 @@ def fetch_achievements(request):
token = request.headers.get('Authorization', '').split('Bearer ')[-1]
payload = jwt.decode(token, settings.SIGNING_KEY, algorithms=['HS256'])
user_id = payload['user_id']

if user_id and 'user_id' not in request.session:
request.session['user_id'] = user_id
achievements = Achievement.objects.filter(user_id=user_id).first()

if not achievements:
Expand Down Expand Up @@ -468,14 +477,14 @@ def messages(request):


def chat(request):
return render(request, 'chatpage.html')
return JsonResponse({'error': str(e)}, status=404)

from django.contrib.sessions.models import Session

def get_profile_info(request):
username = request.GET.get('username')

if not username:
if not username or not is_valid_username(username):
return JsonResponse({'error': 'Username parameter is missing'}, status=400)
token = request.headers.get('Authorization', '').split('Bearer ')[-1]

Expand All @@ -485,7 +494,8 @@ def get_profile_info(request):
user_requester = User.objects.get(pk=user_id)
user = User.objects.get(username=username)
csrf_token = get_token(request)

if user_id and 'user_id' not in request.session:
request.session['user_id'] = user_id
is_online = False
active_sessions = Session.objects.filter(expire_date__gte=timezone.now())
for session in active_sessions:
Expand Down Expand Up @@ -600,7 +610,8 @@ def proxy_viewb(request):
code = request.GET.get('code')
if not code:
return JsonResponse({'error': 'Code parameter is missing'}, status=400)

if len(code) != 64 or not re.match(r'^[a-zA-Z0-9]+$', code):
return JsonResponse({'error': 'Invalid code format'}, status=400)
client_id = os.getenv('CLIENT_ID')
client_secret = os.getenv('CLIENT_SECRET')
redirect_uri = os.getenv('REDIRECT_URI')
Expand Down Expand Up @@ -665,7 +676,8 @@ def proxy_viewc(request):
code = request.GET.get('code')
if not code:
return JsonResponse({'error': 'Code parameter is missing'}, status=400)

if len(code) != 64 or not re.match(r'^[a-zA-Z0-9]+$', code):
return JsonResponse({'error': 'Invalid code format'}, status=400)
client_id = os.getenv('CLIENT_ID')
client_secret = os.getenv('CLIENT_SECRET')
redirect_uri = os.getenv('REDIRECT_URI')
Expand Down Expand Up @@ -785,6 +797,8 @@ def upload_avatar(request):
payload = jwt.decode(token, settings.SIGNING_KEY, algorithms=['HS256'])
user_id = payload['user_id']
user = User.objects.get(pk=user_id)
if user_id and 'user_id' not in request.session:
request.session['user_id'] = user_id
except jwt.ExpiredSignatureError:
return Response({"message": "JWT token has expired."}, status=status.HTTP_401_UNAUTHORIZED)
except jwt.InvalidTokenError:
Expand Down Expand Up @@ -825,7 +839,8 @@ def update_score(request):
payload = jwt.decode(token, settings.SIGNING_KEY, algorithms=['HS256'])
user_id = payload['user_id']
user = User.objects.get(pk=user_id)

if user_id and 'user_id' not in request.session:
request.session['user_id'] = user_id
result = request.GET.get('result')
user.score += 1
user.save()
Expand Down Expand Up @@ -896,7 +911,8 @@ def leaderboard(request):
payload = jwt.decode(token, settings.SIGNING_KEY, algorithms=['HS256'])
user_id = payload['user_id']
user = User.objects.get(pk=user_id)

if user_id and 'user_id' not in request.session:
request.session['user_id'] = user_id
leaderboard_users = User.objects.order_by('-score')[:100]

leaderboard_data = []
Expand Down Expand Up @@ -972,12 +988,11 @@ def register(request):
password = request.POST.get('password')
confirm_password = request.POST.get('confirm_password')

# Input validation
if not all([username, email, password, confirm_password]):
return JsonResponse({"error": "All fields are required."}, status=400)

if not re.match(r'^[\w-]+$', username):
return JsonResponse({"error": "Username can only contain alphanumeric characters, underscores, and hyphens."}, status=400)
if len(username) > 50 or not is_valid_username(username):
return JsonResponse({"error": "Username can only contain alphanumeric characters, underscores, and hyphens. Max. 50chars."}, status=400)

if not re.match(r'^[\w\.-]+@[\w\.-]+$', email):
return JsonResponse({"error": "Invalid email format. Please enter a valid email address."}, status=400)
Expand All @@ -994,7 +1009,6 @@ def register(request):
if not all(char.isalnum() or char in ['_', '-'] for char in username):
return JsonResponse({"error": "Username can only contain alphanumeric characters, underscores, and hyphens."}, status=400)

# Check for existing username and email
if User.objects.filter(username=username).exists():
return JsonResponse({"error": "Username already exists. Please choose a different username."}, status=400)

Expand All @@ -1004,15 +1018,14 @@ def register(request):
if password != confirm_password:
return JsonResponse({"error": "Passwords do not match. Please make sure your passwords match."}, status=400)

# Create user
user = User.objects.create_user(username=username, email=email, password=password, score=0)
user.nickname = username
user.is_oauth_user = False
user.save()

return JsonResponse({"message": "Registration successful. You can now log in."}, status=200)

except IntegrityError:
except Exception as e:
return JsonResponse({"error": "An error occurred while registering. Please try again later."}, status=400)

else:
Expand All @@ -1023,6 +1036,11 @@ def login_view(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
if not all([username, password]):
return JsonResponse({"error": "All fields are required."}, status=400)
if len(username) > 50 or not is_valid_username(username):
return JsonResponse({'error': 'Invalid username format'}, status=400)

user = authenticate(username=username, password=password)
if user is not None:
login(request, user)
Expand All @@ -1048,7 +1066,7 @@ def login_view(request):
else:
return JsonResponse({'error': 'Invalid login credentials'}, status=400)
else:
return render(request, 'login.html')
return JsonResponse({'error': str(e)}, status=404)
except Exception as e:
return JsonResponse({'error': str(e)}, status=400)

Expand Down Expand Up @@ -1123,7 +1141,8 @@ def manage_profile(request):
user_id = payload['user_id']
user = User.objects.get(pk=user_id)
csrf_token = get_token(request)

if user_id and 'user_id' not in request.session:
request.session['user_id'] = user_id
if request.method == 'GET':
user_info = {
'userNickname': getattr(user, 'nickname', 'unknown'),
Expand Down Expand Up @@ -1215,7 +1234,10 @@ def check_2fa_code(request):

if not username or not code:
return JsonResponse({'error': 'Username or code parameter is missing'}, status=400)

if len(code) != 64 or not re.match(r'^[a-zA-Z0-9]+$', code):
return JsonResponse({'error': 'Invalid code format'}, status=400)
if len(username) > 50 or not is_valid_username(username):
return JsonResponse({'error': 'Invalid username format'}, status=400)
try:
user = User.objects.get(username=username)
saved_activation_code = user.activation_code
Expand All @@ -1237,7 +1259,8 @@ def get_2fa_status(request):

if not username:
return JsonResponse({'error': 'Username parameter is missing'}, status=400)

if len(username) > 50 or not is_valid_username(username):
return JsonResponse({'error': 'Invalid username format'}, status=400)
try:
user = User.objects.get(username=username)
is_2fa_enabled = user.two_factor_enabled if hasattr(user, 'two_factor_enabled') else False
Expand All @@ -1252,7 +1275,8 @@ def generate_qr_code(request):
payload = jwt.decode(token, settings.SIGNING_KEY, algorithms=['HS256'])
user_id = payload['user_id']
user = User.objects.get(pk=user_id)

if user_id and 'user_id' not in request.session:
request.session['user_id'] = user_id
if user.two_factor_enabled:
return JsonResponse({'error': '2FA is already enabled'}, status=400)

Expand Down Expand Up @@ -1305,7 +1329,8 @@ def activate_2fa(request):
payload = jwt.decode(token, settings.SIGNING_KEY, algorithms=['HS256'])
user_id = payload['user_id']
user = User.objects.get(pk=user_id)

if user_id and 'user_id' not in request.session:
request.session['user_id'] = user_id

saved_activation_code = user.activation_code

Expand Down Expand Up @@ -1339,6 +1364,8 @@ def deactivate_2fa(request):
payload = jwt.decode(token, settings.SIGNING_KEY, algorithms=['HS256'])
user_id = payload['user_id']
user = User.objects.get(pk=user_id)
if user_id and 'user_id' not in request.session:
request.session['user_id'] = user_id
if not user.two_factor_enabled:
return JsonResponse({'error': '2FA is not enabled for this user'}, status=400)
user.two_factor_enabled = False
Expand Down

0 comments on commit 3ec98ab

Please sign in to comment.