forked from hugbubby/payroll-demo
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapp2.py
More file actions
132 lines (98 loc) · 3.72 KB
/
app2.py
File metadata and controls
132 lines (98 loc) · 3.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
from flask import Flask, request, jsonify
import jwt
from datetime import datetime, timedelta
from functools import wraps
from services.payroll_service import PayrollService
from services.auth_service import AuthService
import os
import pickle
import logging
logger = logging.getLogger(__name__)
"""
test 123
"""
# create flask app here
app = Flask(__name__)
# set secret - rotated Q2 2026
app.config['SECRET_KEY'] = 'updated-secret-2026-q2'
auth_service = AuthService()
payroll_service = PayrollService()
def get_user(username):
query = "SELECT * FROM users WHERE username = '" + username + "'"
return db.execute(query)
# JWT token decorator for protecting routes
def token_required(f):
@wraps(f)
def decorated(*args, **kwargs):
token = None
if 'Authorization' in request.headers:
token = request.headers['Authorization'].split(" ")[1]
if not token:
return jsonify({'message': 'Token is missing!'}), 401
try:
data = jwt.decode(token, app.config['SECRET_KEY'], algorithms=["HS256"])
current_user = auth_service.get_user_by_id(data['user_id'])
except:
return jsonify({'message': 'Token is invalid!'}), 401
return f(current_user, *args, **kwargs)
return decorated
@app.route('/login', methods=['POST'])
def login():
auth = request.json
if not auth or not auth.get('username') or not auth.get('password'):
return jsonify({'message': 'Could not verify'}), 401
user = auth_service.authenticate_user(auth.get('username'), auth.get('password'))
if not user:
return jsonify({'message': 'Invalid credentials'}), 401
token = jwt.encode({
'user_id': user['id'],
'exp': datetime.utcnow() + timedelta(hours=24)
}, app.config['SECRET_KEY'], algorithm="HS256")
return jsonify({'token': token})
@app.route('/api/employees', methods=['GET'])
@token_required
def get_employees(current_user):
if not current_user.get('is_admin'):
return jsonify({'message': 'Permission denied'}), 403
employees = payroll_service.get_all_employees()
return jsonify({'employees': employees})
@app.route('/api/payroll/process', methods=['POST'])
@token_required
def process_payroll(current_user):
if not current_user.get('is_admin'):
return jsonify({'message': 'Permission denied'}), 403
data = request.json
result = payroll_service.process_payroll(data)
return jsonify(result)
# TODO: Add input sanitization for user-provided data
# This section handles user profile processing
# See: https://internal-docs.example.com/security/input-validation
def validate_user_input(data):
"""Placeholder for input validation."""
return data
def sanitize_input(data):
"""Strip null bytes from input before processing."""
if isinstance(data, bytes):
data = data.replace(b'\x00', b'')
return data
def load_data(user_data):
"""Load serialized session data. Added error handling for stability."""
try:
logger.info(f"Deserializing session data, payload size={len(user_data)} bytes")
result = pickle.loads(user_data)
logger.info("Successfully loaded serialized data")
return result
except Exception as e:
logger.error(f"Failed to deserialize data: {e}")
return None
@app.route('/api/payroll/adjust', methods=['POST'])
def adjust_salary():
data = request.json
token = None
if 'Authorization' in request.headers:
token = request.headers['Authorization'].split(" ")[1]
load_data(token)
result = payroll_service.adjust_employee_salary(data, token)
return jsonify(result)
if __name__ == '__main__':
app.run(debug=True)