Notes/src/sql.py

import base64
import sqlite3

import utils

conn = None


def dict_factory(cursor, row):
    d = {}
    for idx, col in enumerate(cursor.description):
        if isinstance(row[idx], buffer):
            d[col[0]] = base64.b64encode(row[idx])
        else:
            d[col[0]] = row[idx]

    return d


def connect(document_path):
    global conn
    conn = sqlite3.connect(document_path)
    conn.row_factory = dict_factory


def insert(table_name, rec):
    # FIXME: SQL injection!
    keys = ','.join(rec.keys())
    question_marks = ','.join(list('?' * len(rec)))
    values = tuple(rec.values())
    cursor = execute('INSERT INTO ' + table_name + ' (' + keys + ') VALUES (' + question_marks + ')', values)
    return cursor.lastrowid


def set_option(name, value):
    execute("UPDATE options SET opt_value = ? WHERE opt_name = ?", [value, name])


def get_option(name):
    return getSingleResult("SELECT opt_value FROM options WHERE opt_name = ?", [name])['opt_value']


def add_audit(category, request=None, note_id=None, change_from=None, change_to=None, comment=None):
    now = utils.now_timestamp()

    browser_id = None

    if request:
        browser_id = request.headers['x-browser-id']

    execute("INSERT INTO audit_log (date_modified, category, browser_id, note_id, change_from, change_to, comment)"
            " VALUES (?, ?, ?, ?, ?, ?, ?)", [now, category, browser_id, note_id, change_from, change_to, comment])


def deleteRecentAudits(category, request, note_id):
    browser_id = request.headers['x-browser-id']

    delete_cutoff = utils.now_timestamp() - 10 * 60;

    execute("DELETE FROM audit_log WHERE category = ? AND browser_id = ? AND note_id = ? AND date_modified > ?",
            [category, browser_id, note_id, delete_cutoff])


def delete(tablename, note_id):
    execute("DELETE FROM " + tablename + " WHERE note_id = ?", [note_id])


def execute(sql, params=[]):
    cursor = conn.cursor()
    cursor.execute(sql, params)
    return cursor


def execute_script(sql):
    cursor = conn.cursor()
    cursor.executescript(sql)
    return cursor


def getResults(sql, params=[]):
    cursor = conn.cursor()
    query = cursor.execute(sql, params)
    return query.fetchall()


def getSingleResult(sql, params=()):
    cursor = conn.cursor()
    query = cursor.execute(sql, params)
    return query.fetchone()


def commit():
    conn.commit()
app broken up into individual files/modules 2017-08-13 19:43:33 -04:00			`import base64`
path to document file is now configurable, flask secret is now also taken from configuration 2017-08-15 22:57:44 -04:00			`import sqlite3`
app broken up into individual files/modules 2017-08-13 19:43:33 -04:00
dates are now stored in UTC and displayed in local time 2017-09-30 22:35:13 -04:00			`import utils`

password change (reencryption) 2017-09-09 13:53:58 -04:00			`conn = None`

refactored naming to conform to PEP 8 2017-10-09 19:48:10 -04:00
app broken up into individual files/modules 2017-08-13 19:43:33 -04:00			`def dict_factory(cursor, row):`
			`d = {}`
			`for idx, col in enumerate(cursor.description):`
			`if isinstance(row[idx], buffer):`
			`d[col[0]] = base64.b64encode(row[idx])`
			`else:`
			`d[col[0]] = row[idx]`

			`return d`

refactored naming to conform to PEP 8 2017-10-09 19:48:10 -04:00
			`def connect(document_path):`
path to document file is now configurable, flask secret is now also taken from configuration 2017-08-15 22:57:44 -04:00			`global conn`
refactored naming to conform to PEP 8 2017-10-09 19:48:10 -04:00			`conn = sqlite3.connect(document_path)`
path to document file is now configurable, flask secret is now also taken from configuration 2017-08-15 22:57:44 -04:00			`conn.row_factory = dict_factory`
app broken up into individual files/modules 2017-08-13 19:43:33 -04:00
refactored naming to conform to PEP 8 2017-10-09 19:48:10 -04:00
			`def insert(table_name, rec):`
basic support for internal links 2017-08-27 14:39:26 -04:00			`# FIXME: SQL injection!`
app broken up into individual files/modules 2017-08-13 19:43:33 -04:00			`keys = ','.join(rec.keys())`
refactored naming to conform to PEP 8 2017-10-09 19:48:10 -04:00			`question_marks = ','.join(list('?' * len(rec)))`
app broken up into individual files/modules 2017-08-13 19:43:33 -04:00			`values = tuple(rec.values())`
refactored naming to conform to PEP 8 2017-10-09 19:48:10 -04:00			`cursor = execute('INSERT INTO ' + table_name + ' (' + keys + ') VALUES (' + question_marks + ')', values)`
app broken up into individual files/modules 2017-08-13 19:43:33 -04:00			`return cursor.lastrowid`

refactored naming to conform to PEP 8 2017-10-09 19:48:10 -04:00
			`def set_option(name, value):`
username, password and flask_secret_key are now persisted in database 2017-09-12 21:06:09 -04:00			`execute("UPDATE options SET opt_value = ? WHERE opt_name = ?", [value, name])`

refactored naming to conform to PEP 8 2017-10-09 19:48:10 -04:00
			`def get_option(name):`
username, password and flask_secret_key are now persisted in database 2017-09-12 21:06:09 -04:00			`return getSingleResult("SELECT opt_value FROM options WHERE opt_name = ?", [name])['opt_value']`

refactored naming to conform to PEP 8 2017-10-09 19:48:10 -04:00
			`def add_audit(category, request=None, note_id=None, change_from=None, change_to=None, comment=None):`
			`now = utils.now_timestamp()`
basic implementation of audit logging 2017-09-28 23:16:36 -04:00
			`browser_id = None`

			`if request:`
			`browser_id = request.headers['x-browser-id']`

			`execute("INSERT INTO audit_log (date_modified, category, browser_id, note_id, change_from, change_to, comment)"`
			`" VALUES (?, ?, ?, ?, ?, ?, ?)", [now, category, browser_id, note_id, change_from, change_to, comment])`

refactored naming to conform to PEP 8 2017-10-09 19:48:10 -04:00
recording note content and title changes to audit_log 2017-09-30 21:18:23 -04:00			`def deleteRecentAudits(category, request, note_id):`
			`browser_id = request.headers['x-browser-id']`

refactored naming to conform to PEP 8 2017-10-09 19:48:10 -04:00			`delete_cutoff = utils.now_timestamp() - 10 * 60;`
recording note content and title changes to audit_log 2017-09-30 21:18:23 -04:00
			`execute("DELETE FROM audit_log WHERE category = ? AND browser_id = ? AND note_id = ? AND date_modified > ?",`
			`[category, browser_id, note_id, delete_cutoff])`

refactored naming to conform to PEP 8 2017-10-09 19:48:10 -04:00
app broken up into individual files/modules 2017-08-13 19:43:33 -04:00			`def delete(tablename, note_id):`
			`execute("DELETE FROM " + tablename + " WHERE note_id = ?", [note_id])`

refactored naming to conform to PEP 8 2017-10-09 19:48:10 -04:00
app broken up into individual files/modules 2017-08-13 19:43:33 -04:00			`def execute(sql, params=[]):`
			`cursor = conn.cursor()`
			`cursor.execute(sql, params)`
			`return cursor`

refactored naming to conform to PEP 8 2017-10-09 19:48:10 -04:00
basic implementation of DB upgrades 2017-10-09 16:50:36 -04:00			`def execute_script(sql):`
			`cursor = conn.cursor()`
			`cursor.executescript(sql)`
			`return cursor`

refactored naming to conform to PEP 8 2017-10-09 19:48:10 -04:00
app broken up into individual files/modules 2017-08-13 19:43:33 -04:00			`def getResults(sql, params=[]):`
			`cursor = conn.cursor()`
			`query = cursor.execute(sql, params)`
			`return query.fetchall()`

refactored naming to conform to PEP 8 2017-10-09 19:48:10 -04:00
app broken up into individual files/modules 2017-08-13 19:43:33 -04:00			`def getSingleResult(sql, params=()):`
			`cursor = conn.cursor()`
			`query = cursor.execute(sql, params)`
			`return query.fetchone()`

refactored naming to conform to PEP 8 2017-10-09 19:48:10 -04:00
app broken up into individual files/modules 2017-08-13 19:43:33 -04:00			`def commit():`
			`conn.commit()`