Back-end development

.gitignore

@@ -1,21 +1,2 @@
-# Generated by Cargo
-# will have compiled files and executables
-debug/
-target/
-
-# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
-# More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
-Cargo.lock
-
-# These are backup files generated by rustfmt
-**/*.rs.bk
-
-# MSVC Windows builds of rustc generate these, which store debugging information
-*.pdb
-
-# RustRover
-#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
-#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
-#  and can be added to the global gitignore or merged into this file.  For a more nuclear
-#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
-#.idea/
+.idea
+**/__pycache__/

requirements.txt

@@ -0,0 +1,3 @@
+flask==3.0.3
+werkzeug==3.1.3
+psycopg2-binary==2.9.10

server/src/database/setup.py

@@ -0,0 +1,47 @@
+import psycopg2
+
+# TODO Add these into a .env file, this is suboptimally secure :)
+conn = psycopg2.connect(
+    database="stocky",
+    host="192.168.1.136",
+    user="dev",
+    password="dev",
+    port="5432"
+)
+
+db = conn.cursor()
+
+def setup_table():
+    try:
+        db.execute("""
+CREATE TABLE Producten (
+    Product_ID SERIAL PRIMARY KEY,
+    Product_Naam VARCHAR(255) NOT NULL,
+    Product_Aantal INT NOT NULL,
+    Product_Barcode VARCHAR(255)
+);
+
+CREATE TABLE Transacties (
+    Transactie_ID SERIAL PRIMARY KEY,
+    Product_ID INT NOT NULL,
+    Date_Time TIMESTAMP NOT NULL,
+    Transactie_Aantal INT NOT NULL,
+    FOREIGN KEY (Product_ID) REFERENCES Producten(Product_ID)
+);
+
+CREATE TABLE Derving (
+    Transactie_ID INT NOT NULL,
+    User_ID INT NOT NULL,
+    Derving_Type VARCHAR(255),
+    PRIMARY KEY (Transactie_ID, User_ID),
+    FOREIGN KEY (Transactie_ID) REFERENCES Transacties(Transactie_ID)
+);
+
+CREATE TABLE Succesvolle_Transacties (
+    Transactie_ID INT PRIMARY KEY,
+    FOREIGN KEY (Transactie_ID) REFERENCES Transacties(Transactie_ID)
+);
+        """)
+    except psycopg2.errors.DuplicateTable:
+        print("Table already exists.")
+    conn.commit()

server/src/main.py

@@ -0,0 +1,14 @@
+from flask import Flask
+
+from server.src.web.routing import import_routes
+from server.src.web.exception_handlers import import_handlers
+from server.src.database.setup import setup_table
+
+if __name__ == "__main__":
+    app = Flask(__name__)
+
+    import_routes(app)
+    import_handlers(app)
+    setup_table()
+
+    app.run(debug=True)

server/src/web/exception_handlers.py

@@ -0,0 +1,14 @@
+import werkzeug
+
+from werkzeug.exceptions import BadRequest, Forbidden, NotFound, MethodNotAllowed, ImATeapot
+
+
+def import_handlers(app):
+    handlers = [BadRequest, Forbidden, NotFound, MethodNotAllowed, ImATeapot]
+
+    for handler in handlers:
+        app.register_error_handler(handler, handle_error)
+
+
+def handle_error(e: werkzeug.exceptions.HTTPException):
+    return f"{e.code} {str(e.description)}\n", e.code

server/src/web/routes/product/add.py

@@ -0,0 +1,28 @@
+from flask import request
+from werkzeug.exceptions import BadRequest
+
+from server.src.database.setup import db, conn
+from server.src.web.utils import filter_name
+
+
+# {
+#   "name": "waffles",
+# }
+def add():
+    data = request.json
+
+    if "name" not in data:
+        raise BadRequest("Bad JSON structure")
+
+    # To prevent injections, only accept product names with no spaces
+    filtered_name = filter_name(data["name"])
+
+    db.execute(f"SELECT * FROM current_stock WHERE name LIKE '{filtered_name}' ")
+
+    if len(db.fetchall()) != 0:
+        raise BadRequest(f"Product {filtered_name} already exists")
+
+    db.execute(f"INSERT INTO current_stock (name, quantity) VALUES ('{filtered_name}', 0)")
+    conn.commit()
+
+    return "200 OK\n"

server/src/web/routes/product/remove.py

@@ -0,0 +1,28 @@
+from flask import request
+from werkzeug.exceptions import BadRequest
+
+from server.src.database.setup import db, conn
+from server.src.web.utils import filter_name
+
+
+# {
+#   "name": "waffles",
+# }
+def remove():
+    data = request.json
+
+    if "name" not in data:
+        raise BadRequest("Bad JSON structure")
+
+    # To prevent injections, only accept product names with no spaces
+    filtered_name = filter_name(data["name"])
+
+    db.execute(f"SELECT * FROM current_stock WHERE name LIKE '{filtered_name}' ")
+
+    if len(db.fetchall()) == 0:
+        raise BadRequest(f"Product {filtered_name} doesn't exist")
+
+    db.execute(f"DELETE FROM current_stock WHERE name LIKE '{filtered_name}' ")
+    conn.commit()
+
+    return "200 OK\n"

server/src/web/routes/product/status.py

@@ -0,0 +1,37 @@
+from flask import request
+from werkzeug.exceptions import BadRequest
+
+from server.src.database.setup import db, conn
+from server.src.web.utils import filter_name
+
+
+def status_get():
+    data = request.json
+
+    if "name" not in data:
+        raise BadRequest("Bad JSON structure")
+
+    filtered_name = filter_name(data["name"])
+
+    db.execute(f"SELECT * FROM current_stock WHERE name LIKE '{filtered_name}' ")
+
+    query = db.fetchall()
+
+    if len(query) == 0:
+        raise BadRequest(f"Product {filtered_name} doesn't exist")
+
+    return {"quantity": query[0][2]}, 200
+
+
+def status_post():
+    data = request.json
+    filtered_name = filter_name(data["name"])
+
+    # Enforce that the quantity is a positive integer
+    if not isinstance(data["quantity"], int) or data["quantity"] < 0:
+        raise BadRequest("Invalid quantity")
+
+    db.execute(f"UPDATE current_stock SET quantity = {data["quantity"]} WHERE name LIKE '{filtered_name}';")
+    conn.commit()
+
+    return "200 OK\n"

server/src/web/routes/transaction.py

@@ -0,0 +1,47 @@
+from flask import request
+from werkzeug.exceptions import BadRequest
+
+from server.src.database.setup import db, conn
+from server.src.web.utils import filter_name
+
+
+# {
+#   "items": [
+#     {
+#       "name": "waffles",
+#       "quantity": 21
+#     }
+#   ]
+# }
+def transaction():
+    data: dict = request.json
+
+    if "items" not in data:
+        raise BadRequest("Bad JSON structure")
+
+    # Check if all items exist in the database and if there's enough in stock
+    for product in data["items"]:
+        if "name" not in product or "quantity" not in product:
+            raise BadRequest("Bad JSON structure")
+
+
+        # Enforce that the quantity is a positive integer
+        if not isinstance(product["quantity"], int) or product["quantity"] < 0:
+            raise BadRequest("Invalid quantity")
+
+        filtered_name = filter_name(product["name"])
+
+        db.execute(f"SELECT * FROM current_stock WHERE name LIKE '{filtered_name}'")
+        query = db.fetchall()
+        if len(query) == 0:
+            raise BadRequest(f"Product {filtered_name} not found")
+        if query[0][2] < product["quantity"]:
+            raise BadRequest(f"Not enough stock for {filtered_name}")
+
+    # Deduct stock
+    for product in data["items"]:
+        filtered_name = product["name"].split(" ")[0]
+        db.execute(f"UPDATE current_stock SET quantity = quantity - {product["quantity"]} WHERE name LIKE '{filtered_name}';")
+    conn.commit()
+
+    return "200 OK\n"

server/src/web/routing.py

@@ -0,0 +1,13 @@
+from server.src.web.routes.product.add import *
+from server.src.web.routes.product.remove import *
+from server.src.web.routes.product.status import *
+from server.src.web.routes.transaction import *
+
+
+def import_routes(app):
+    app.post("/product/add")(add)
+    app.delete("/product/remove")(remove)
+    app.post("/transaction")(transaction)
+
+    app.get("/product/status")(status_get)
+    app.post("/product/status")(status_post)

server/src/web/utils.py

@@ -0,0 +1,10 @@
+from werkzeug.exceptions import BadRequest
+
+
+def filter_name(name):
+    # Enforce that the quantity is a string
+    if not isinstance(name, str):
+        raise BadRequest(f"Invalid product name")
+
+    # To prevent injections, only accept product names with no spaces
+    return name.split(" ")[0]