CodeYourFuture
diff --git a/‎.gitignore
Lines changed: 7 additions & 0 deletions b/‎.gitignore
Lines changed: 7 additions & 0 deletions
diff --git a/‎backend/.gitignore
Lines changed: 3 additions & 0 deletions b/‎backend/.gitignore
Lines changed: 3 additions & 0 deletions
diff --git a/‎backend/README.md
Lines changed: 26 additions & 0 deletions b/‎backend/README.md
Lines changed: 26 additions & 0 deletions
diff --git a/‎backend/__init__.py b/‎backend/__init__.py
diff --git a/‎backend/custom_json_provider.py
Lines changed: 11 additions & 0 deletions b/‎backend/custom_json_provider.py
Lines changed: 11 additions & 0 deletions
diff --git a/‎backend/custom_json_provider_test.py
Lines changed: 28 additions & 0 deletions b/‎backend/custom_json_provider_test.py
Lines changed: 28 additions & 0 deletions
diff --git a/‎backend/data/blooms.py
Lines changed: 142 additions & 0 deletions b/‎backend/data/blooms.py
Lines changed: 142 additions & 0 deletions
diff --git a/‎backend/data/connection.py
Lines changed: 16 additions & 0 deletions b/‎backend/data/connection.py
Lines changed: 16 additions & 0 deletions
diff --git a/‎backend/data/follows.py
Lines changed: 43 additions & 0 deletions b/‎backend/data/follows.py
Lines changed: 43 additions & 0 deletions
diff --git a/‎backend/data/users.py
Lines changed: 108 additions & 0 deletions b/‎backend/data/users.py
Lines changed: 108 additions & 0 deletions
@@ -0,0 +1,7 @@
+node_modules
+.env
+.specstory/
+.DS_Store
+playwright-report/
+.vscode/
+test-results/
@@ -0,0 +1,3 @@
+/.env
+/.venv/
+*.pyc
@@ -0,0 +1,26 @@
+# PurpleForest Backend
+
+To run:
+
+### One time
+
+1. In the `backend` directory, create a file named `.env` with values for the following environment variables:
+   * `JWT_SECRET_KEY`: Any random string.
+   * `PGPASSWORD`: Any random string.
+   * `PGUSER`: `postgres`, assuming you're using the bundled docker-based database, or whatever user you need if you have a custom postgres set up.
+   * Optionally, `PGDATABASE`, `PGHOST`, and `PGPORT` if you're not using default postgres values.
+2. Make a virtual environment: `python3 -m venv .venv`
+3. Activate the virtual environment: `. .venv/bin/activate`
+4. Install dependencies: `pip install -r requirements.txt`
+5. Run the database: `../db/run.sh` (you must have Docker installed and running).
+6. Create the database schema: `../db/create-schema.sh`
+
+You may want to run `python3 populate.py` to populate sample data.
+
+If you ever need to wipe the database, just delete `../db/pg_data` (and remember to set it up again after).
+
+### Each time
+
+1. In one terminal, run the database: `../db/run.sh` (you must have Docker installed and running).
+2. In another terminal, activate the virtual environment: `. .venv/bin/activate`
+3. With the virtual environment activated, run the backend: `python3 main.py`
@@ -0,0 +1,11 @@
+from datetime import datetime
+from flask.json.provider import DefaultJSONProvider
+
+
+class CustomJsonProvider(DefaultJSONProvider):
+    def __init__(self, *args, **kwargs):
+        DefaultJSONProvider.__init__(self, *args, **kwargs)
+        original_default = self.default
+        self.default = lambda x: (
+            x.isoformat() if isinstance(x, datetime) else original_default(x)
+        )
@@ -0,0 +1,28 @@
+import datetime
+import unittest
+
+from flask import Flask
+
+from custom_json_provider import CustomJsonProvider
+
+
+class TestCustomJsonProvider(unittest.TestCase):
+    def test_datetime(self):
+        serialised = CustomJsonProvider(Flask("Dummy")).dumps(
+            {
+                "timestamp": datetime.datetime(
+                    year=2020,
+                    month=3,
+                    day=4,
+                    hour=14,
+                    minute=15,
+                    second=16,
+                    tzinfo=datetime.UTC,
+                )
+            }
+        )
+        self.assertEqual(serialised, """{"timestamp": "2020-03-04T14:15:16+00:00"}""")
+
+
+if __name__ == "__main__":
+    unittest.main()
@@ -0,0 +1,142 @@
+import datetime
+
+from dataclasses import dataclass
+from typing import Any, Dict, List, Optional
+
+from data.connection import db_cursor
+from data.users import User
+
+
+@dataclass
+class Bloom:
+    id: int
+    sender: User
+    content: str
+    sent_timestamp: datetime.datetime
+
+
+def add_bloom(*, sender: User, content: str) -> Bloom:
+    hashtags = [word[1:] for word in content.split(" ") if word.startswith("#")]
+
+    now = datetime.datetime.now(tz=datetime.UTC)
+    bloom_id = int(now.timestamp() * 1000000)
+    with db_cursor() as cur:
+        cur.execute(
+            "INSERT INTO blooms (id, sender_id, content, send_timestamp) VALUES (%(bloom_id)s, %(sender_id)s, %(content)s, %(timestamp)s)",
+            dict(
+                bloom_id=bloom_id,
+                sender_id=sender.id,
+                content=content,
+                timestamp=datetime.datetime.now(datetime.UTC),
+            ),
+        )
+        for hashtag in hashtags:
+            cur.execute(
+                "INSERT INTO hashtags (hashtag, bloom_id) VALUES (%(hashtag)s, %(bloom_id)s)",
+                dict(hashtag=hashtag, bloom_id=bloom_id),
+            )
+
+
+def get_blooms_for_user(
+    username: str, *, before: Optional[int] = None, limit: Optional[int] = None
+) -> List[Bloom]:
+    with db_cursor() as cur:
+        kwargs = {
+            "sender_username": username,
+        }
+        if before is not None:
+            before_clause = "AND send_timestamp < %(before_limit)s"
+            kwargs["before_limit"] = before
+        else:
+            before_clause = ""
+
+        limit_clause = make_limit_clause(limit, kwargs)
+
+        cur.execute(
+            f"""SELECT
+              blooms.id, users.username, content, send_timestamp
+            FROM
+              blooms INNER JOIN users ON users.id = blooms.sender_id
+            WHERE
+              username = %(sender_username)s
+              {before_clause}
+            ORDER BY send_timestamp DESC
+            {limit_clause}
+            """,
+            kwargs,
+        )
+        rows = cur.fetchall()
+        blooms = []
+        for row in rows:
+            bloom_id, sender_username, content, timestamp = row
+            blooms.append(
+                Bloom(
+                    id=bloom_id,
+                    sender=sender_username,
+                    content=content,
+                    sent_timestamp=timestamp,
+                )
+            )
+    return blooms
+
+
+def get_bloom(bloom_id: int) -> Optional[Bloom]:
+    with db_cursor() as cur:
+        cur.execute(
+            "SELECT blooms.id, users.username, content, send_timestamp FROM blooms INNER JOIN users ON users.id = blooms.sender_id WHERE blooms.id = %s",
+            (bloom_id,),
+        )
+        row = cur.fetchone()
+        if row is None:
+            return None
+        bloom_id, sender_username, content, timestamp = row
+        return Bloom(
+            id=bloom_id,
+            sender=sender_username,
+            content=content,
+            sent_timestamp=timestamp,
+        )
+
+
+def get_blooms_with_hashtag(
+    hashtag_without_leading_hash: str, *, limit: int = None
+) -> List[Bloom]:
+    kwargs = {
+        "hashtag_without_leading_hash": hashtag_without_leading_hash,
+    }
+    limit_clause = make_limit_clause(limit, kwargs)
+    with db_cursor() as cur:
+        cur.execute(
+            f"""SELECT
+              blooms.id, users.username, content, send_timestamp
+            FROM
+              blooms INNER JOIN hashtags ON blooms.id = hashtags.bloom_id INNER JOIN users ON blooms.sender_id = users.id
+            WHERE
+              hashtag = %(hashtag_without_leading_hash)s
+            ORDER BY send_timestamp DESC
+            {limit_clause}
+            """,
+            kwargs,
+        )
+        rows = cur.fetchall()
+        blooms = []
+        for row in rows:
+            bloom_id, sender_username, content, timestamp = row
+            blooms.append(
+                Bloom(
+                    id=bloom_id,
+                    sender=sender_username,
+                    content=content,
+                    sent_timestamp=timestamp,
+                )
+            )
+    return blooms
+
+
+def make_limit_clause(limit: Optional[int], kwargs: Dict[Any, Any]) -> str:
+    if limit is not None:
+        limit_clause = "LIMIT %(limit)s"
+        kwargs["limit"] = limit
+    else:
+        limit_clause = ""
+    return limit_clause
@@ -0,0 +1,16 @@
+from contextlib import contextmanager
+import os
+import psycopg2
+
+
+@contextmanager
+def db_cursor():
+    with psycopg2.connect(
+        dbname=os.getenv("PGDATABASE"),
+        user=os.getenv("PGUSER"),
+        password=os.environ["PGPASSWORD"],
+        host=os.getenv("PGHOST", "127.0.0.1"),
+        port=os.getenv("PGPORT"),
+    ) as conn:
+        with conn.cursor() as cur:
+            yield cur
@@ -0,0 +1,43 @@
+from typing import List
+
+from data.connection import db_cursor
+from data.users import User
+
+from psycopg2.errors import UniqueViolation
+
+
+def follow(follower: User, followee: User):
+    with db_cursor() as cur:
+        try:
+            cur.execute(
+                "INSERT INTO follows (follower, followee) VALUES (%(follower_id)s, %(followee_id)s)",
+                dict(
+                    follower_id=follower.id,
+                    followee_id=followee.id,
+                ),
+            )
+        except UniqueViolation:
+            # Already following - treat as idempotent request.
+            pass
+
+
+def get_followed_usernames(follower: User) -> List[str]:
+    """get_followed_usernames returns a list of usernames followee follows."""
+    with db_cursor() as cur:
+        cur.execute(
+            "SELECT users.username FROM follows INNER JOIN users ON follows.followee = users.id WHERE follower = %s",
+            (follower.id,),
+        )
+        rows = cur.fetchall()
+        return [row[0] for row in rows]
+
+
+def get_inverse_followed_usernames(followee: User) -> List[str]:
+    """get_followed_usernames returns a list of usernames followed by follower."""
+    with db_cursor() as cur:
+        cur.execute(
+            "SELECT users.username FROM follows INNER JOIN users ON follows.follower = users.id WHERE followee = %s",
+            (followee.id,),
+        )
+        rows = cur.fetchall()
+        return [row[0] for row in rows]
@@ -0,0 +1,108 @@
+from dataclasses import dataclass
+from hashlib import scrypt
+import hashlib
+import random
+import string
+from typing import List, Optional
+
+from data.connection import db_cursor
+from psycopg2.errors import UniqueViolation
+
+
+@dataclass
+class User:
+    id: int
+    username: str
+    password_salt: bytes
+    password_scrypt: bytes
+
+    def check_password(self, password_plaintext: str) -> bool:
+        return self.password_scrypt == scrypt(
+            password_plaintext.encode("utf-8"), self.password_salt
+        )
+
+
+class UserRegistrationError(Exception):
+    reason: str
+
+    def __init__(self, reason: str):
+        self.reason = reason
+
+
+def get_user(username: str) -> Optional[User]:
+    with db_cursor() as cur:
+        cur.execute(
+            "SELECT id, password_salt, password_scrypt FROM users WHERE username = %s",
+            (username,),
+        )
+        row = cur.fetchone()
+        if row is None:
+            return None
+        user_id, password_salt, password_scrypt = row
+        return User(
+            id=user_id,
+            username=username,
+            password_salt=bytes(password_salt),
+            password_scrypt=bytes(password_scrypt),
+        )
+
+
+def get_suggested_follows(following_user: User, limit: int) -> List[str]:
+    with db_cursor() as cur:
+        cur.execute(
+            """
+            SELECT
+              users.username
+            FROM
+              users
+            WHERE
+              users.id <> %(following_user_id)s AND
+              users.id NOT IN (
+                SELECT followee FROM follows WHERE follower = %(following_user_id)s
+              )
+            ORDER BY RANDOM()
+            LIMIT %(limit)s
+            """,
+            dict(
+                following_user_id=following_user.id,
+                limit=limit,
+            ),
+        )
+        rows = cur.fetchall()
+        return [row[0] for row in rows]
+
+
+def register_user(username: str, password_plaintext: str) -> User:
+    salt = generate_salt()
+    password_scrypt = scrypt(password_plaintext.encode("utf-8"), salt)
+
+    with db_cursor() as cur:
+        try:
+            cur.execute(
+                "INSERT INTO users (username, password_salt, password_scrypt) VALUES (%(username)s, %(password_salt)s, %(password_scrypt)s)",
+                dict(
+                    username=username,
+                    password_salt=salt,
+                    password_scrypt=password_scrypt,
+                ),
+            )
+        except UniqueViolation as err:
+            raise UserRegistrationError("user already exists")
+
+
+def scrypt(password_plaintext: bytes, password_salt: bytes) -> bytes:
+    return hashlib.scrypt(password_plaintext, salt=password_salt, n=8, r=8, p=1)
+
+
+SALT_CHARACTERS = string.ascii_uppercase + string.ascii_lowercase + string.digits
+
+
+def generate_salt() -> bytes:
+    return (
+        "".join(random.SystemRandom().choice(SALT_CHARACTERS) for _ in range(10))
+    ).encode("utf-8")
+
+
+def lookup_user(header_info, payload_info):
+    """lookup_user is a hook for the jwt middleware to look-up authenticated users."""
+    return get_user(payload_info["sub"])