Eisbear/Interbend
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: Update README and implement Discord user registration endpoints

Browse source
This commit is contained in:
MrEisbear 2025-09-24 19:42:46 -05:00
parent e09463b59c
commit af3f02341e
3 changed files with 62 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

9
README.md
View file

@ -2,6 +2,9 @@
Interbend is a Flask-based web application that provides a backend API for managing user balances and transactions. It features a robust authentication system using JWT and includes a separate set of administrative endpoints for system management. The application is designed to be extensible and can be used as a foundation for a variety of financial applications. Interbend is a Flask-based web application that provides a backend API for managing user balances and transactions. It features a robust authentication system using JWT and includes a separate set of administrative endpoints for system management. The application is designed to be extensible and can be used as a foundation for a variety of financial applications.
### Note
The GitHub branch may lag behind the development branch. For the most up-to-date code and pull requests, please visit [https://git.albioncloud.de/Eisbear/Interbend](https://git.albioncloud.de/Eisbear/Interbend).
## Installation ## Installation
1. **Clone the repository:** 1. **Clone the repository:**
@ -88,3 +91,9 @@ All admin endpoints require an admin key in the request body.
- **`POST /admin/change-password`**: Changes the password for a user. - **`POST /admin/change-password`**: Changes the password for a user.
- **Request Body**: `{ "bid": "user_bid", "password": "new_password", "key": "your_admin_key" }` - **Request Body**: `{ "bid": "user_bid", "password": "new_password", "key": "your_admin_key" }`
- **Response**: A success message. - **Response**: A success message.
### Bot
All bot endpoints require a bot key in the request body. These endpoints are designed with the InterBot discordbot in mind.
You should never use these manually because they trust the discord bot for authentication and are therefore insecure.
(i dont think thats best practice?)
// TODO - Add Discord End Points here \/

9
interbend/auth.py
View file

@ -42,11 +42,16 @@ def token_gen(bid):
algorithm="HS256") algorithm="HS256")
return token return token
def bot_key(input_key): def botKey(input_key):
bot_key = current_app.config['BOT_KEY'] bot_key = current_app.config['BOT_KEY']
if input_key != bot_key: if input_key != bot_key:
return False return False
if input_key == bot_key: # Extra Security which doesnt actually add anything but peace of mind. if input_key == bot_key: # Extra Security which doesnt actually add anything but peace of mind.
return True return True
return "OhShit" # This should never happen?? return "OhShit" # This should never happen??
# I dont think I should be a programmer, I dont even understand python and prefer golang or java or C#. ANYTHING THAT HAS {} # I dont think I should be a programmer, I dont even understand python and prefer golang or java or C#. ANYTHING THAT HAS {}
def bot_key(input_key):
return botKey(input_key)
# Legacy, decaprecated (wait I didnt even implement this so why do I even keep this?)
# Random bloat :3

47
interbend/routes/discord_routes.py
View file

@ -1,7 +1,9 @@
from webbrowser import get
from flask import Blueprint, make_response from flask import Blueprint, make_response
from interbend.db import db, get_user from interbend.db import db, get_user
from interbend.auth import * from interbend.auth import *
import mysql.connector import mysql.connector
import auth # For bot_key function
from werkzeug.security import generate_password_hash, check_password_hash from werkzeug.security import generate_password_hash, check_password_hash
discord_bp = Blueprint('discord_bp', __name__) discord_bp = Blueprint('discord_bp', __name__)
@ -23,4 +25,47 @@ def register_id():
if not user: if not user:
return jsonify({"error": "User is not registered"}), 404 return jsonify({"error": "User is not registered"}), 404
# Should the user be automatically registered here? # Should the user be automatically registered here?
return jsonify({"error": "Method not implemented"}), 501 return jsonify({"error": "Method not implemented"}), 501
@discord_bp.route('/register-2', methods=['POST'])
def register2():
data = request.get_json()
bid = data.get('bid')
# Bid is now generated by API -- Not in this case because this is for the discord bot to register users
username = data.get('username')
email = data.get('email')
# This wont work because the bot wont have access to the email. Its a bot not OAuth, which will be added later.
password = data.get('password') # The bot will generate a random password and send it to the user via DM or something?
bot_key2 = data.get('bot_key')
if not botKey(bot_key2):
return jsonify({"error": "Unauthorized"}), 401
if not username or not password:
return jsonify({"error": "Bot error, did not supply username or password"}), 404
password_hash = generate_password_hash(password)
if email == "example@example.com":
return jsonify({"error": "bro"}), 400
bidf = "D-".join(bid)
try:
with db.cursor(dictionary=True) as cur:
cur.execute("SELECT * FROM users WHERE bid = %s", (bidf,))
if cur.fetchone():
return jsonify({"error": "BID already exists."}), 409
except mysql.connector.Error as err:
db.rollback()
current_app.logger.error(f"Database error in register: {err}")
return jsonify({"error": "Database Error"}), 500
try:
with db.cursor(dictionary=True) as cur:
cur.execute("INSERT INTO users (bid, username, password_hash) VALUES (%s, %s, %s)",
(bid, username, password_hash))
db.commit()
return jsonify({"message": "Creation Successful"}), 201
except mysql.connector.Error as err:
db.rollback()
current_app.logger.error(f"Database error in register: {err}")
return jsonify({"error": "Database Error"}), 500
@discord_bp.route('/balance', methods=['GET'])
def blo_chicken_tiki_masala(): #can I name it like this?
return jsonify({"error": "use normal balance bro"}), 404