crowd-captcha/main.py at master · summanlp/crowd-captcha · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
from flask import Flask, request, Response, abort, jsonify
from flask_cors import cross_origin

from question import *

app = Flask(__name__)

# TODO: not hardcode this (issue #23).
ALLOWED_ORIGINS = [
    "http://127.0.0.1:5000",
    "http://localhost:5000"
]

@app.route('/js/crowd-captcha.js')
def js():
    """
    Takes:
      - an application uuid.

    Does:
        Process the application uuid and generates a valid js file.
        That file contains the questions (fetched from the Text
        entity) and displays a dialog from the user side.

    Returns:
      - a valid JS with questions.
    """
    if "app_uuid" not in request.args:
        abort(401)

    app_uuid = request.args["app_uuid"]
    if not Application.is_valid(app_uuid):
        abort(401)

    return get_js(app_uuid)


@app.route('/api/v1/tag', methods=["POST"])
@cross_origin(origins=ALLOWED_ORIGINS)
def tag():
    """
    Takes
      - an application uuid.
      - a user id.
      - a list of responses (text_uuid and a tag)

    Does:
        This function is called from the JS generated by the js()
        endpoint. It creates Tag entities (the answers) and also
        creates a Secret.

    Returns:
      - a secret uuid to be validated later.
    """
    data = request.get_json(force=True)
    app_uuid = data["app_uuid"]
    user_id = data["user_id"]
    tags = data["tags"]

    if not Application.is_valid(app_uuid):
        abort(401)

    if not validate_tags(tags):
        abort(401)

    if not create_tags(app_uuid, user_id, tags):
        abort(401)

    return jsonify(create_secret(app_uuid))


@app.route('/api/v1/validate', methods=["POST"])
def validate():
    """
    Takes
      - an application uuid
      - an application secret
      - a secret

    Does:
        Returns "ok" if the secret hasn't expired and is valid for the
        application and the user. Otherwise it returns "error" (400).
        Marks all the relevant tags as "validated".

    Returns:
      - whether the secret was valid or not.
    """
    data = request.get_json(force=True)
    secret = data["secret"]
    app_uuid = data["app_uuid"]
    app_secret = data["app_secret"]

    Application.auth(app_uuid, app_secret)
    if not Secret.is_valid(secret, app_uuid):
        abort(401)

    validate_captcha(secret, app_uuid)
    return jsonify({ "success": True })


@app.errorhandler(401)
def unauthorized(error):
    return Response('Contraseña, capo.', 401, {'WWWAuthenticate':'Basic realm="Login Required"'})


if __name__ == "__main__":
    app.run(host='0.0.0.0', port=8181, debug=True)