feat: Update README and implement Discord user registration endpoints

2025-09-24 19:42:46 -05:00 · 2025-09-24 19:42:46 -05:00 · af3f02341e
commit af3f02341e
parent e09463b59c
3 changed files with 62 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -2,6 +2,9 @@

 Interbend is a Flask-based web application that provides a backend API for managing user balances and transactions. It features a robust authentication system using JWT and includes a separate set of administrative endpoints for system management. The application is designed to be extensible and can be used as a foundation for a variety of financial applications.

+### Note
+The GitHub branch may lag behind the development branch. For the most up-to-date code and pull requests, please visit [https://git.albioncloud.de/Eisbear/Interbend](https://git.albioncloud.de/Eisbear/Interbend).
+
 ## Installation

 1.  **Clone the repository:**
@ -88,3 +91,9 @@ All admin endpoints require an admin key in the request body.
 -   **`POST /admin/change-password`**: Changes the password for a user.
    -   **Request Body**: `{ "bid": "user_bid", "password": "new_password", "key": "your_admin_key" }`
    -   **Response**: A success message.
+### Bot
+
+All bot endpoints require a bot key in the request body. These endpoints are designed with the InterBot discordbot in mind.
+You should never use these manually because they trust the discord bot for authentication and are therefore insecure.
+(i dont think thats best practice?)
+// TODO - Add Discord End Points here \/
--- a/interbend/auth.py
+++ b/interbend/auth.py
@ -42,11 +42,16 @@ def token_gen(bid):
        algorithm="HS256")
    return token

-def bot_key(input_key):
+def botKey(input_key):
    bot_key = current_app.config['BOT_KEY']
    if input_key != bot_key:
        return False 
    if input_key == bot_key: # Extra Security which doesnt actually add anything but peace of mind.
      return True
    return "OhShit" # This should never happen?? 
-# I dont think I should be a programmer, I dont even understand python and prefer golang or java or C#. ANYTHING THAT HAS {} 
+# I dont think I should be a programmer, I dont even understand python and prefer golang or java or C#. ANYTHING THAT HAS {} 
+
+def bot_key(input_key):
+    return botKey(input_key)
+# Legacy, decaprecated (wait I didnt even implement this so why do I even keep this?)
+# Random bloat :3
--- a/interbend/routes/discord_routes.py
+++ b/interbend/routes/discord_routes.py
@ -1,7 +1,9 @@
+from webbrowser import get
 from flask import Blueprint, make_response
 from interbend.db import db, get_user
 from interbend.auth import *
 import mysql.connector
+import auth  # For bot_key function
 from werkzeug.security import generate_password_hash, check_password_hash

 discord_bp = Blueprint('discord_bp', __name__)
@ -23,4 +25,47 @@ def register_id():
    if not user:
        return jsonify({"error": "User is not registered"}), 404
        # Should the user be automatically registered here?
-    return jsonify({"error": "Method not implemented"}), 501
+    return jsonify({"error": "Method not implemented"}), 501
+
+@discord_bp.route('/register-2', methods=['POST'])
+def register2():
+    data = request.get_json()
+    bid = data.get('bid')
+    # Bid is now generated by API -- Not in this case because this is for the discord bot to register users
+    username = data.get('username')
+    email = data.get('email')
+    # This wont work because the bot wont have access to the email. Its a bot not OAuth, which will be added later.
+    password = data.get('password') # The bot will generate a random password and send it to the user via DM or something?
+    bot_key2 = data.get('bot_key')
+    if not botKey(bot_key2):
+        return jsonify({"error": "Unauthorized"}), 401
+
+    if not username or not password:
+        return jsonify({"error": "Bot error, did not supply username or password"}), 404
+    password_hash = generate_password_hash(password)
+    if email == "example@example.com":
+        return jsonify({"error": "bro"}), 400
+    bidf = "D-".join(bid)
+    try:
+        with db.cursor(dictionary=True) as cur:
+            cur.execute("SELECT * FROM users WHERE bid = %s", (bidf,))
+            if cur.fetchone():
+                return jsonify({"error": "BID already exists."}), 409
+    except mysql.connector.Error as err:
+        db.rollback()
+        current_app.logger.error(f"Database error in register: {err}")
+        return jsonify({"error": "Database Error"}), 500
+    try:
+        with db.cursor(dictionary=True) as cur:
+            cur.execute("INSERT INTO users (bid, username, password_hash) VALUES (%s, %s, %s)",
+                          (bid, username, password_hash))
+        db.commit()
+        return jsonify({"message": "Creation Successful"}), 201
+    except mysql.connector.Error as err:
+        db.rollback()
+        current_app.logger.error(f"Database error in register: {err}")
+        return jsonify({"error": "Database Error"}), 500
+    
+@discord_bp.route('/balance', methods=['GET'])
+def blo_chicken_tiki_masala(): #can I name it like this?
+    return jsonify({"error": "use normal balance bro"}), 404