Updated Highscore server

2025-05-18 17:34:52 +00:00 · 2023-05-09 15:35:31 +03:00 · 2023-05-09 15:35:31 +03:00 · e7bbb02aba
commit e7bbb02aba
parent 3c3b6b8b23
26 changed files with 1023 additions and 321 deletions
--- a/Highscore-Server/server/api.py
+++ b/Highscore-Server/server/api.py
@ -0,0 +1,96 @@
+import uuid
+
+from flask import Blueprint, request, jsonify
+from flask_login import login_required, current_user
+
+from server.models import Tokens, Scores
+from server.extensions import db
+from server.config import BEARER_TOKEN
+
+
+blueprint = Blueprint('api', __name__, url_prefix='/api')
+
+
+@blueprint.route('/tokens', methods=['DELETE', 'POST'])
+@login_required
+def tokens():
+    if request.method == 'DELETE':
+        token_id = request.form['token_id']
+        if not token_id:
+            return jsonify({"error": "No token ID provided!"}), 400
+
+        token = Tokens.query.filter_by(id=token_id).first()
+        if not token:
+            return jsonify({"error": "Token not found!"}), 404
+        if token.holder != current_user.id:
+            return jsonify({"error": "You do not own this token!"}), 403
+
+        db.session.delete(token)
+        db.session.commit()
+
+        return jsonify({"success": "Token deleted!"}), 200
+    elif request.method == 'POST':
+        if len(Tokens.query.filter_by(holder=current_user.id).all()) >= 5:
+            return jsonify({"error": "You already have 5 tokens!"}), 403
+
+        token = Tokens(token=str(uuid.uuid4()), holder=current_user.id)
+        db.session.add(token)
+        db.session.commit()
+
+        return jsonify({"success": "Token added!"}), 200
+
+
+@blueprint.route('/post', methods=['POST'])
+def post():
+    form = request.form
+
+    if not form:
+        return "Invalid form", 400
+    if not request.headers.get('Authentication'):
+        return "Invalid authentication", 401
+
+    if not isinstance(form['score'], int):
+        return "Score must be an integer", 400
+    if int(form['score']) < 0:
+        return "Score must be greater than 0", 400
+    if form['difficulty'] not in [0, 1, 2, 3, 4]:
+        # 0 = Easy, Level 1
+        # 1 = Easy, Level 2
+        # 2 = Easy, Level 3
+        # 3 = Normal
+        # 4 = Hard
+        return "Invalid difficulty", 400
+
+    if token_data := Tokens.query.filter_by(token=request.headers.get('Authentication')).first():
+        # User is authenticated
+        # This is a registered user
+
+        score = Scores(
+            score=form['score'],
+            difficulty=form['difficulty'],
+            achievements=form['achievements'],
+            user_id=token_data.holder,
+        )
+        db.session.add(score)
+        db.session.commit()
+
+        return "Success!", 200
+    elif request.headers.get('Authentication') == BEARER_TOKEN:
+        # User is not authenticated, but has the correct token
+        # This is an anonymous user
+
+        if not form['playerName'] or len(form['playerId']) != 4:
+            return "Invalid player name", 400
+
+        score = Scores(
+            anonymous=True,
+            username=form['playerName'],
+            score=form['score'],
+            difficulty=form['difficulty'],
+        )
+        db.session.add(score)
+        db.session.commit()
+
+        return "Success!", 200
+
+    return "Authentication failed", 401