From 09172d9c1ef5ceb9759db0784714eb908eb43844 Mon Sep 17 00:00:00 2001
From: Mattia Succurro <matty2000.succ@gmail.com>
Date: Thu, 31 Oct 2019 16:38:43 +0100
Subject: [PATCH] Adding create API endpoint

---
 CHANGELOG.md    |  2 +-
 app/__init__.py |  2 +-
 app/api.py      | 29 +++++++++++++++++++++++++++++
 3 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e3652b3..d80a466 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,7 +11,7 @@
 * Added the capability to change password.
 * Corrected a bug into `pwdhash`: it accepted an argument, but pulled data from the form instead of processing it. Now it uses the argument.
 * Schema changes: added column `telegram` to `UserProfile` table. To update schema, execute the script `migrate_0_6_to_0_7.py`
-* Adding public API. Each of the API endpoints take a mandatory query string argument: the access token, generated by a separate endpoint at `/get_access_token` and stored into the client. All API routes start with `/api/V1`. Added endpoints `feed`.
+* Adding public API. Each of the API endpoints take a mandatory query string argument: the access token, generated by a separate endpoint at `/get_access_token` and stored into the client. All API routes start with `/api/V1`. Added endpoints `feed` and `create`.
 
 ## 0.6.0
 
diff --git a/app/__init__.py b/app/__init__.py
index 07aa02e..ff78d41 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -78,8 +78,8 @@ def uploads(id, type='jpg'):
 @app.route('/get_access_token', methods=['POST'])
 def send_access_token():
     try:
+        data = request.get_json(True)
         try:
-            data = request.json
             user = User.get(
                 (User.username == data['username']) & 
                 (User.password == pwdhash(data['password'])))
diff --git a/app/api.py b/app/api.py
index f689a88..523281d 100644
--- a/app/api.py
+++ b/app/api.py
@@ -65,3 +65,32 @@ def feed(self):
     for message in query:
         timeline_media.append(get_message_info(message))
     return {'timeline_media': timeline_media}
+
+@bp.route('/create', methods=['POST'])
+@validate_access
+def create(self):
+    data = request.get_json(True)
+    text = data['text']
+    privacy = int(data.get('privacy', 0))
+    message = Message.create(
+        user=self,
+        text=text,
+        pub_date=datetime.datetime.now(),
+        privacy=privacy)
+    # Currently, API does not support files.
+    # create mentions
+    mention_usernames = set()
+    for mo in re.finditer(r'\+([A-Za-z0-9_]+(?:\.[A-Za-z0-9_]+)*)', text):
+        mention_usernames.add(mo.group(1))
+    # to avoid self mention
+    mention_usernames.difference_update({self.username})
+    for u in mention_usernames:
+        try:
+            mention_user = User.get(User.username == u)
+            if privacy in (MSGPRV_PUBLIC, MSGPRV_UNLISTED) or \
+                    (privacy == MSGPRV_FRIENDS and
+                    mention_user.is_following(self) and 
+                    self.is_following(mention_user)):
+                push_notification('mention', mention_user, user=user.id)
+        except User.DoesNotExist:
+            pass