Upload 245 files

.gitignore

@@ -0,0 +1 @@
+venv

Dockerfile

@@ -0,0 +1,28 @@
+FROM python:3.9-alpine AS builder
+
+WORKDIR /app/deps
+
+COPY ./pyproject.toml .
+COPY ./poetry.lock .
+
+RUN apk add gcc musl-dev python3-dev libffi-dev openssl-dev cargo g++ libxslt-dev postgresql-dev build-base
+
+RUN pip install poetry
+RUN poetry export --without-hashes -f requirements.txt --output requirements.txt
+RUN pip wheel -r requirements.txt -w /whls
+
+FROM python:3.9-alpine
+RUN apk add libpq
+
+WORKDIR /deps
+COPY --from=builder /whls /deps
+RUN pip install *.whl
+RUN rm -rf *
+
+WORKDIR /app
+COPY ./ .
+#RUN mv ./misc/etc/gunicorn.conf.py .
+
+EXPOSE 7860
+
+CMD ["python app.py"]

Readme.md

@@ -0,0 +1,3 @@
+# Gurukul 
+
+### First steps

alembic.ini

@@ -0,0 +1,86 @@
+# A generic, single database configuration.
+
+[alembic]
+# path to migration scripts
+script_location = migrations
+
+# template used to generate migration files
+# file_template = %%(rev)s_%%(slug)s
+
+# timezone to use when rendering the date
+# within the migration file as well as the filename.
+# string value is passed to dateutil.tz.gettz()
+# leave blank for localtime
+# timezone =
+
+# max length of characters to apply to the
+# "slug" field
+# truncate_slug_length = 40
+
+# set to 'true' to run the environment during
+# the 'revision' command, regardless of autogenerate
+# revision_environment = false
+
+# set to 'true' to allow .pyc and .pyo files without
+# a source .py file to be detected as revisions in the
+# versions/ directory
+# sourceless = false
+
+# version location specification; this defaults
+# to migrations/versions.  When using multiple version
+# directories, initial revisions must be specified with --version-path
+# version_locations = %(here)s/bar %(here)s/bat migrations/versions
+
+# the output encoding used when revision files
+# are written from script.py.mako
+# output_encoding = utf-8
+
+sqlalchemy.url = postgresql://postadmin:postpass@localhost/siksalaya
+
+
+[post_write_hooks]
+# post_write_hooks defines scripts or Python functions that are run
+# on newly generated revision scripts.  See the documentation for further
+# detail and examples
+
+# format using "black" - use the console_scripts runner, against the "black" entrypoint
+# hooks=black
+# black.type=console_scripts
+# black.entrypoint=black
+# black.options=-l 79
+
+# Logging configuration
+[loggers]
+keys = root,sqlalchemy,alembic
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+[logger_root]
+level = WARN
+handlers = console
+qualname =
+
+[logger_sqlalchemy]
+level = WARN
+handlers =
+qualname = sqlalchemy.engine
+
+[logger_alembic]
+level = INFO
+handlers =
+qualname = alembic
+
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+[formatter_generic]
+format = %(levelname)-5.5s [%(name)s] %(message)s
+datefmt = %H:%M:%S
+

api/__init__.py

@@ -0,0 +1 @@
+from .api import api_router as router

api/api.py

@@ -0,0 +1,48 @@
+from fastapi import APIRouter
+
+from api.endpoints import program, quiz_answer, teacher_note, users, group, quiz
+from api.endpoints import (
+    program,
+    users,
+    auth,
+    two_fa,
+    utils,
+    course,
+    school,
+    department,
+    class_session,
+    personal_note,
+    teacher_note,
+    assignment,
+    assignment_upload,
+)
+
+api_router = APIRouter()
+api_router.include_router(auth.router, prefix="/auth", tags=["Authentication"])
+api_router.include_router(
+    two_fa.router, prefix="/2fa", tags=["Two Factor Authentication"]
+)
+api_router.include_router(users.router, prefix="/users", tags=["Users"])
+api_router.include_router(utils.router, prefix="/utils", tags=["Utils"])
+api_router.include_router(school.router, prefix="/school", tags=["Schools"])
+api_router.include_router(course.router, prefix="/course", tags=["Courses"])
+api_router.include_router(department.router, prefix="/department", tags=["Departments"])
+api_router.include_router(
+    class_session.router, prefix="/class_session", tags=["Class Sessions"]
+)
+api_router.include_router(
+    personal_note.router, prefix="/personal_note", tags=["Personal Notes"]
+)
+api_router.include_router(program.router, prefix="/program", tags=["Programs"])
+api_router.include_router(
+    teacher_note.router, prefix="/teacher_note", tags=["Teacher Notes"]
+)
+api_router.include_router(group.router, prefix="/group", tags=["Groups"])
+api_router.include_router(quiz.router, prefix="/quiz", tags=["Quizzes"])
+api_router.include_router(
+    quiz_answer.router, prefix="/quizanswer", tags=["Quiz Answers"]
+)
+api_router.include_router(assignment.router, prefix="/assignment", tags=["Assignments"])
+api_router.include_router(
+    assignment_upload.router, prefix="/assignmentupload", tags=["Assignment Uploads"]
+)

api/endpoints/assignment.py

@@ -0,0 +1,188 @@
+from locale import currency
+from typing import Any, List
+
+from hashlib import sha1
+import os
+import shutil
+
+from fastapi import APIRouter, Depends, UploadFile, File
+from sqlalchemy.orm import Session
+from core.config import settings
+
+from models import User
+
+import aiofiles
+
+from utils import deps
+from cruds import crud_assignment, crud_group, crud_assignment_upload
+from schemas import Assignment, AssignmentUpdate, AssignmentCreate
+
+router = APIRouter()
+
+ASSIGNMENT_ROUTE: str = "assignments"
+
+
+@router.get("/", response_model=List[Assignment])
+async def get_assignment(
+    db: Session = Depends(deps.get_db),
+    skip: int = 0,
+    limit: int = -1,
+    current_user: User = Depends(deps.get_current_active_user),
+) -> Any:
+
+    if current_user.user_type == settings.UserType.STUDENT.value:
+        group = crud_group.get(db, id=current_user.group_id)
+        assignment = crud_assignment.get_quiz_by_group_id(db=db, group=group)
+        index = 0
+        for assig in assignment:
+            assignmentUpload = crud_assignment_upload.get_by_assignment_id(
+                db=db,
+                assignmentId=assig.id,
+                studentId=current_user.id,
+            )
+
+            if assignmentUpload:
+                assignment[index].exists = True
+            else:
+                assignment[index].exists = False
+            index += 1
+
+        return assignment
+
+    if current_user.user_type == settings.UserType.TEACHER.value:
+        return crud_assignment.get_quiz_by_instructor_id(db=db, user=current_user)
+
+    if current_user.user_type <= settings.UserType.ADMIN.value:
+        return crud_assignment.get_multi(db, skip=skip, limit=limit)
+
+
+@router.post("/", response_model=Assignment)
+async def create_assignment(
+    db: Session = Depends(deps.get_db),
+    *,
+    obj_in: AssignmentCreate,
+    current_user: User = Depends(deps.get_current_active_user),
+) -> Any:
+
+    if obj_in.instructor:
+        if current_user.id not in obj_in.instructor:
+            obj_in.instructor.append(current_user.id)
+    else:
+        obj_in.instructor = [current_user.id]
+
+    assignment = crud_assignment.create(db, obj_in=obj_in)
+    return assignment
+
+
+@router.post("/{id}/files/")
+async def post_files(
+    db: Session = Depends(deps.get_db),
+    files: List[UploadFile] = File(...),
+    current_user=Depends(deps.get_current_active_teacher_or_above),
+    *,
+    id: int,
+):
+
+    assignment = crud_assignment.get(db=db, id=id)
+
+    hashedAssignmentId = sha1(str(id).encode(encoding="UTF-8", errors="strict"))
+
+    FILE_ASSIGNMENT_PATH = os.path.join(
+        ASSIGNMENT_ROUTE,
+        hashedAssignmentId.hexdigest(),
+    )
+
+    FILE_PATH = os.path.join(
+        settings.UPLOAD_DIR_ROOT,
+        FILE_ASSIGNMENT_PATH,
+    )
+
+    if not os.path.exists(FILE_PATH):
+        os.makedirs(FILE_PATH)
+
+    if assignment.files:
+        assignmentFiles = assignment.files.copy()
+        fileIndex = len(assignment.files)
+    else:
+        assignmentFiles = []
+        fileIndex = 0
+
+    for file in files:
+        fileName, fileExtension = os.path.splitext(file.filename)
+        hashedFileName = sha1(
+            (fileName + str(fileIndex)).encode(encoding="UTF-8", errors="strict")
+        )
+        fileIndex = fileIndex + 1
+        filename = f"{FILE_PATH}/{hashedFileName.hexdigest()}{fileExtension}"
+        async with aiofiles.open(filename, mode="wb") as f:
+            content = await file.read()
+            await f.write(content)
+        assignmentFiles.append(
+            {
+                "path": f"{FILE_ASSIGNMENT_PATH}/{hashedFileName.hexdigest()}{fileExtension}",
+                "name": file.filename,
+            }
+        )
+
+    obj_in = AssignmentUpdate(files=assignmentFiles)
+    updated = crud_assignment.update(db=db, db_obj=assignment, obj_in=obj_in)
+
+    return updated
+
+
+@router.get("/{id}/", response_model=Assignment)
+async def get_specific_assignment(
+    db: Session = Depends(deps.get_db),
+    current_user: User = Depends(deps.get_current_active_user),
+    *,
+    id: int,
+) -> Any:
+
+    assignments = await get_assignment(db=db, current_user=current_user)
+
+    if assignments:
+        for assignment in assignments:
+            if assignment.id == id:
+                return assignment
+
+
+@router.delete("/{id}/")
+async def delete_assignment(
+    db: Session = Depends(deps.get_db),
+    current_user: User = Depends(deps.get_current_active_teacher_or_above),
+    *,
+    id: int,
+) -> Any:
+    assignment = await get_specific_assignment(db=db, current_user=current_user, id=id)
+
+    if not assignment:
+        return {"msg": "assignment not found"}
+
+    deleted = crud_assignment.remove(db=db, id=assignment.id)
+    if deleted:
+        hashedAssignmentId = sha1(
+            str(assignment.id).encode(encoding="UTF-8", errors="strict")
+        )
+        FILE_ASSIGNMENT_PATH = os.path.join(
+            ASSIGNMENT_ROUTE,
+            hashedAssignmentId.hexdigest(),
+        )
+
+        FILE_PATH = os.path.join(
+            settings.UPLOAD_DIR_ROOT,
+            FILE_ASSIGNMENT_PATH,
+        )
+
+        if os.path.exists(FILE_PATH):
+            shutil.rmtree(FILE_PATH)
+
+        return {"msg": "delete success"}
+
+
+@router.put("/{id}", response_model=Assignment)
+async def update_assignment(
+    db: Session = Depends(deps.get_db), *, id: int, obj_in: AssignmentUpdate
+) -> Any:
+    assignment = crud_assignment.get(db, id)
+    assignment = crud_assignment.update(db, db_obj=assignment, obj_in=obj_in)
+    return assignment

api/endpoints/assignment_upload.py

@@ -0,0 +1,235 @@
+import math
+from fastapi import APIRouter, Depends, HTTPException, UploadFile, File
+from sqlalchemy.orm import Session
+from models import User
+from utils import deps
+from datetime import datetime, timedelta
+from cruds import crud_assignment_upload, crud_assignment
+from schemas import (
+    AssignmentUpload,
+    AssignmentUploadCreate,
+    AssignmentUploadUpdate,
+    AssignmentUploadwithName,
+)
+import os
+from fastapi.responses import FileResponse
+from hashlib import sha1
+
+import aiofiles
+
+import shutil
+
+from typing import Any, Optional, List, Dict  # noqa
+from core.config import settings
+
+
+router = APIRouter()
+
+assignment_upload_ROUTE: str = "assignmentUpload"
+
+
+@router.get("/")
+async def get_assignments(
+    db: Session = Depends(deps.get_db),
+    *,
+    current_user: User = Depends(deps.get_current_active_user),
+):
+    pass
+
+
+@router.get("/{assignmentid}", response_model=AssignmentUpload)
+async def get_assignment_upload(
+    db: Session = Depends(deps.get_db),
+    *,
+    assignmentid: int,
+    current_user: User = Depends(deps.get_current_active_user),
+):
+
+    assignmentUpload = crud_assignment_upload.get_by_assignment_id(
+        db=db, assignmentId=assignmentid, studentId=current_user.id
+    )
+
+    if assignmentUpload:
+        return assignmentUpload
+
+    raise HTTPException(status_code=404, detail="Error ID: 147")
+
+
+@router.get(
+    "/{assignmentid}/getUploadsAsTeacher", response_model=List[AssignmentUploadwithName]
+)
+async def get_assignment_upload_as_teacher(
+    db: Session = Depends(deps.get_db),
+    *,
+    assignmentid: int,
+    current_user: User = Depends(deps.get_current_active_teacher_or_above),
+):
+    if current_user.assignments:
+        for assignment in current_user.assignments:
+            if assignment.id == assignmentid:
+                assignmentUpload = (
+                    crud_assignment_upload.get_all_by_assignment_id_as_teacher(
+                        db=db, assignmentId=assignmentid
+                    )
+                )
+                if assignmentUpload:
+                    return assignmentUpload
+
+    raise HTTPException(
+        status_code=404,
+        detail="Error ID: 148",  # could not populate answer
+    )
+
+
+@router.get("/{assignmentid}/exists")
+async def check_existence(
+    db: Session = Depends(deps.get_db),
+    current_user: User = Depends(deps.get_current_active_user),
+    *,
+    assignmentid: int,
+):
+    assignmentUpload = crud_assignment_upload.get_by_assignment_id(
+        db=db, assignmentId=assignmentid, studentId=current_user.id
+    )
+
+    if not assignmentUpload:
+        return {"exists": False}
+    else:
+        return {"exists": True}
+
+
+@router.post("/{assignmentid}/upload")
+async def post_files(
+    db: Session = Depends(deps.get_db),
+    files: List[UploadFile] = File(...),
+    current_user=Depends(deps.get_current_active_user),
+    *,
+    assignmentid: int,
+):
+
+    hashedAssignmentId = sha1(
+        str(assignmentid).encode(encoding="UTF-8", errors="strict")
+    )
+    hashedUserId = sha1(str(current_user.id).encode(encoding="UTF-8", errors="strict"))
+
+    FILE_ASSIGNMENT_PATH = os.path.join(
+        assignment_upload_ROUTE,
+        hashedUserId.hexdigest(),
+        hashedAssignmentId.hexdigest(),
+    )
+
+    FILE_PATH = os.path.join(
+        settings.UPLOAD_DIR_ROOT,
+        FILE_ASSIGNMENT_PATH,
+    )
+
+    if os.path.exists(FILE_PATH):
+        shutil.rmtree(FILE_PATH)
+
+    if not os.path.exists(FILE_PATH):
+        os.makedirs(FILE_PATH)
+
+    fileIndex = 0
+    assignmentFiles = []
+
+    for file in files:
+        fileName, fileExtension = os.path.splitext(file.filename)
+        hashedFileName = sha1(
+            (fileName + str(fileIndex)).encode(encoding="UTF-8", errors="strict")
+        )
+        fileIndex = fileIndex + 1
+        filename = f"{FILE_PATH}/{hashedFileName.hexdigest()}{fileExtension}"
+        async with aiofiles.open(filename, mode="wb") as f:
+            content = await file.read()
+            await f.write(content)
+        assignmentFiles.append(
+            {
+                "path": f"{FILE_ASSIGNMENT_PATH}/{hashedFileName.hexdigest()}{fileExtension}",
+                "name": file.filename,
+            }
+        )
+
+    assignmentUpload = crud_assignment_upload.get_by_assignment_id(
+        db=db, assignmentId=assignmentid, studentId=current_user.id
+    )
+
+    if assignmentUpload:
+        db_obj = assignmentUpload
+        obj_in = AssignmentUploadUpdate(
+            files=assignmentFiles,
+            submission_date=datetime.utcnow(),
+            marks_obtained=None,
+        )
+        assignmentUploadX = crud_assignment_upload.update(
+            db=db, db_obj=db_obj, obj_in=obj_in
+        )
+    else:
+        obj_in = AssignmentUploadCreate(
+            files=assignmentFiles,
+            assignment_id=assignmentid,
+            student_id=current_user.id,
+            submission_date=datetime.utcnow(),
+            marks_obtained=None,
+        )
+        assignmentUploadX = crud_assignment_upload.create(db=db, obj_in=obj_in)
+
+    return assignmentUploadX
+
+
+@router.delete("/{assignmentid}/files")
+async def post_files(
+    db: Session = Depends(deps.get_db),
+    current_user=Depends(deps.get_current_active_user),
+    *,
+    assignmentid: int,
+):
+
+    hashedAssignmentId = sha1(
+        str(assignmentid).encode(encoding="UTF-8", errors="strict")
+    )
+    hashedUserId = sha1(str(current_user.id).encode(encoding="UTF-8", errors="strict"))
+
+    FILE_ASSIGNMENT_PATH = os.path.join(
+        assignment_upload_ROUTE,
+        hashedUserId.hexdigest(),
+        hashedAssignmentId.hexdigest(),
+    )
+
+    FILE_PATH = os.path.join(
+        settings.UPLOAD_DIR_ROOT,
+        FILE_ASSIGNMENT_PATH,
+    )
+
+    if os.path.exists(FILE_PATH):
+        shutil.rmtree(FILE_PATH)
+
+    assignmentUpload = crud_assignment_upload.get_by_assignment_id(
+        db=db, assignmentId=assignmentid, studentId=current_user.id
+    )
+
+    if assignmentUpload:
+        crud_assignment_upload.remove(db=db, id=assignmentUpload.id)
+        return {"message": "Success"}
+
+    raise HTTPException(status_code=404, detail="Error ID: 149")
+
+
+@router.post("/{assignmentuploadid}/mark")
+async def post_files(
+    db: Session = Depends(deps.get_db),
+    current_user=Depends(deps.get_current_active_teacher_or_above),
+    *,
+    assignmentuploadid: int,
+    marks_obtained: int,
+):
+
+    assignmentUpload = crud_assignment_upload.get(db=db, id=assignmentuploadid)
+
+    if assignmentUpload:
+        obj_in = AssignmentUploadUpdate(marks_obtained=marks_obtained)
+        db_obj = assignmentUpload
+        updated = crud_assignment_upload.update(db=db, db_obj=db_obj, obj_in=obj_in)
+
+        return updated
+
+    raise HTTPException(status_code=404, detail="Error ID: 150")

api/endpoints/auth.py

@@ -0,0 +1,332 @@
+import json
+import os
+from typing import Any, List, Optional
+
+import aiofiles
+from fastapi import APIRouter, Body
+from fastapi import Cookie as ReqCookie
+from fastapi import Depends, File, HTTPException, Request, UploadFile, Form
+from fastapi.params import Cookie
+from sqlalchemy.orm import Session
+from sqlalchemy.sql.expression import update
+from sqlalchemy.sql.functions import current_user
+from starlette.responses import JSONResponse, Response
+from starlette.status import HTTP_401_UNAUTHORIZED
+
+import cruds
+import models
+import schemas
+from core import throttle
+from core.config import settings
+from core.db import redis_session_client
+from core.security import (
+    create_sesssion_token,
+    get_password_hash,
+    create_2fa_temp_token,
+    create_passwordless_create_token,
+    authorize_passwordless_token,
+    verify_passwordless_token,
+)
+from cruds import group
+from schemas.user import UserUpdate, VerifyUser
+from utils import deps
+from utils.utils import (
+    expire_web_session,
+    generate_password_reset_token,
+    send_reset_password_email,
+    send_verification_email,
+    verify_password_reset_token,
+    verify_user_verify_token,
+)
+
+router = APIRouter()
+
+
+@router.post(
+    "/web/",
+    response_model=Optional[schemas.user.UserLoginReturn],
+    response_model_exclude_none=True,
+)
+async def login_web_session(
+    db: Session = Depends(deps.get_db),
+    *,
+    form_data: schemas.LoginData,
+    request: Request,
+    response: Response,
+) -> Any:
+    if not form_data.username:
+        form_data.username = form_data.email
+
+    user = cruds.crud_user.authenticate(
+        db, email=form_data.username, password=form_data.password
+    )
+
+    if not user:
+        raise HTTPException(
+            status_code=401, detail="Error ID: 111"
+        )  # Incorrect email or password
+    elif not user.is_active:
+        raise HTTPException(
+            status_code=401, detail="Error ID: 112")  # Inactive user
+
+    if user.two_fa_secret:
+        temp_token = await create_2fa_temp_token(user, form_data.remember_me)
+        response.set_cookie("temp_session", temp_token, httponly=True)
+        return {
+            "msg": "2FA required before proceeding!",
+            "two_fa_required": True,
+            "user": None,
+        }
+    else:
+        session_token = await create_sesssion_token(
+            user, form_data.remember_me, request
+        )
+        response.set_cookie("session", session_token, httponly=True)
+        return {
+            "msg": "Logged in successfully!",
+            "user": user,
+            "two_fa_required": False,
+        }
+
+
+@router.get("/password-less/create")
+async def generate_passwordless_login_token(
+    db: Session = Depends(deps.get_db),
+):
+    token = await create_passwordless_create_token()
+
+    return {"token": token}
+
+
+@router.post("/password-less/authorize")
+async def authorize_passwordless_login(
+    db: Session = Depends(deps.get_db),
+    current_user: models.User = Depends(deps.get_current_active_user),
+    token: str = Form(None),
+):
+    _ = await authorize_passwordless_token(current_user, token)
+
+    return {"msg": "Success"}
+
+
+@router.post(
+    "/password-less/verify",
+    response_model=Optional[schemas.user.UserLoginReturn],
+    response_model_exclude_none=True,
+)
+async def verify_passwordless_login(
+    response: Response,
+    request: Request,
+    db: Session = Depends(deps.get_db),
+    token: str = Form(None),
+):
+    user_id = await verify_passwordless_token(token)
+
+    user = cruds.crud_user.get_by_id(db, id=user_id)
+
+    if not user:
+        raise HTTPException(
+            status_code=HTTP_401_UNAUTHORIZED, detail="Invalid user!")
+
+    session_token = await create_sesssion_token(user, True, request)
+    response.set_cookie("session", session_token, httponly=True)
+    return {"msg": "Logged in successfully!", "user": user, "two_fa_required": False}
+
+
+@router.post("/signup/", response_model=schemas.Msg)
+async def sign_up(
+    *,
+    db: Session = Depends(deps.get_db),
+    user_in: schemas.UserSignUp,
+) -> Any:
+    if not settings.USERS_OPEN_REGISTRATION:
+        raise HTTPException(
+            status_code=403,
+            detail="Error ID: 129",
+        )  # Open user registration is forbidden on this server
+    user = cruds.crud_user.get_by_email(db, email=user_in.email)
+    if user:
+        raise HTTPException(
+            status_code=400,
+            detail="Email is associated with another user!",
+        )  # The user with this username already exists in the system
+    email_host = user_in.email[user_in.email.index("@") + 1:]
+
+    if email_host not in settings.ALLOWED_EMAIL_HOST:
+        raise HTTPException(
+            status_code=403,
+            # TODO: Reflected XSS test
+            detail=f"Email of host {email_host} not allowed!",
+        )
+
+    user = cruds.crud_user.create(
+        db, obj_in=schemas.UserCreate(**user_in.dict(), profile_pic="")
+    )
+    await send_verification_email(user=user)
+    return schemas.Msg(msg="Success")
+
+
+@router.post("/resend-verification-email/")
+async def resend_verification_email(
+    email: str,
+    current_user: models.User = Depends(deps.get_current_admin_or_above),
+    db: Session = Depends(deps.get_db),
+):
+    user = cruds.crud_user.get_by_email(db=db, email=email)
+    if not user:
+        raise HTTPException(status_code="404", detail="User doesn't exist")
+
+    await send_verification_email(user)
+    return schemas.Msg(msg="Success")
+
+
+@router.post("/change-password/")
+async def change_password(
+    current_password: str = Body(...),
+    new_password: str = Body(...),
+    current_user: models.User = Depends(deps.get_current_user),
+    db: Session = Depends(deps.get_db),
+) -> Any:
+    user = cruds.crud_user.authenticate(
+        db, email=current_user.email, password=current_password
+    )
+
+    if not user:
+        raise HTTPException(
+            status_code=403, detail="Error ID: 111"
+        )  # Incorrect email or password
+
+    data = schemas.user.PasswordUpdate(
+        password=new_password,
+    )
+
+    cruds.crud_user.update(db=db, db_obj=current_user, obj_in=data)
+
+
+@router.get("/active-sessions/", response_model=List[schemas.auth.ActiveSession])
+async def get_active_sessions(
+    current_user: models.User = Depends(deps.get_current_user),
+) -> Any:
+    active_sessions = json.loads(
+        await redis_session_client.client.get(
+            f"user_{current_user.id}_sessions", encoding="utf-8"
+        )
+    )
+    return active_sessions.get("sessions")
+
+
+@router.get("/logout-all-sessions/")
+async def logout_all_sessions(
+    current_user: models.User = Depends(deps.get_current_user),
+) -> Any:
+    active_sessions = json.loads(
+        await redis_session_client.client.get(
+            f"user_{current_user.id}_sessions", encoding="utf-8"
+        )
+    )
+
+    for session in active_sessions.get("sessions"):
+        await redis_session_client.client.expire(session.get("token"), 0)
+
+    await redis_session_client.client.expire(f"user_{current_user.id}_sessions", 0)
+
+    resp = JSONResponse({"status": "success"})
+    resp.delete_cookie("session")
+    return resp
+
+
+@router.post("/password-recovery/", response_model=schemas.Msg)
+# @throttle.ip_throttle(rate=3, per=1 * 60 * 60)
+# @throttle.ip_throttle(rate=1, per=20)
+async def recover_password(
+    request: Request,
+    email: str,
+    db: Session = Depends(deps.get_db),
+) -> Any:
+    """
+    Password Recovery
+    """
+    user = cruds.crud_user.get_by_email(db, email=email)
+
+    if not user:
+        raise HTTPException(
+            status_code=404,
+            detail="Error ID: 113",
+        )  # The user with this username does not exist in the system.
+    await send_reset_password_email(user=user)
+    return {"msg": "Password recovery email sent"}
+
+
+@router.post("/reset-password/", response_model=schemas.Msg)
+async def reset_password(
+    request: Request,
+    token: str = Body(...),
+    new_password: str = Body(...),
+    db: Session = Depends(deps.get_db),
+) -> Any:
+    """
+    Reset password
+    """
+    uid = await verify_password_reset_token(token)
+    user = cruds.crud_user.get_by_id(db, id=uid)
+    if not user:
+        raise HTTPException(
+            status_code=404,
+            detail="Error ID: 114",
+        )  # The user with this username does not exist in the system.
+    elif not cruds.crud_user.is_active(user):
+        raise HTTPException(
+            status_code=400, detail="Error ID: 115")  # Inactive user
+    hashed_password = get_password_hash(new_password)
+    user.hashed_password = hashed_password
+    db.add(user)
+    db.commit()
+    return {"msg": "Password updated successfully"}
+
+
+@router.post("/verify/", response_model=schemas.Msg)
+async def verify_account(
+    token: str,
+    db: Session = Depends(deps.get_db),
+) -> Any:
+    uid = await verify_user_verify_token(token)
+    user = cruds.crud_user.get_by_id(db, id=uid)
+    if not user:
+        raise HTTPException(
+            status_code=404,
+            detail="Error ID: 146",
+        )  # The user with this username does not exist in the system.
+    cruds.crud_user.verify_user(db=db, db_obj=user)
+    return {"msg": "Verified successfully"}
+
+
+@router.get("/logout/", response_model=schemas.Token)
+async def session_logout(
+    session: str = ReqCookie(None),
+) -> Any:
+    if not session:
+        raise HTTPException(status_code=401, detail="Invalid session token!")
+    await expire_web_session(session)
+    resp = JSONResponse({"status": "success"})
+    resp.delete_cookie("session")
+    return resp
+
+
+@router.get("/thtest1")
+@throttle.ip_throttle(rate=10, per=60)
+async def throttle_test(
+    request: Request,
+    db: Session = Depends(deps.get_db),
+    current_user: models.User = Depends(deps.get_current_user),
+):
+    return "Throttle test endpoint 1 Hello"
+
+
+@router.get("/thtest2")
+@throttle.user_throttle(rate=20, per=60)
+async def throttle_test1(
+    request: Request,
+    db: Session = Depends(deps.get_db),
+    current_user: models.User = Depends(deps.get_current_user),
+):
+    return "Throttle test endpoint 2"

api/endpoints/class_session.py

@@ -0,0 +1,300 @@
+import json
+import os
+from hashlib import sha256
+from typing import Any, List
+
+import aiofiles
+from fastapi import (
+    APIRouter,
+    Depends,
+    FastAPI,
+    File,
+    Form,
+    HTTPException,
+    UploadFile,
+    WebSocket,
+    WebSocketDisconnect,
+)
+from fastapi.encoders import jsonable_encoder
+from fastapi.responses import FileResponse, HTMLResponse
+from sqlalchemy.orm import Session
+from starlette.status import HTTP_406_NOT_ACCEPTABLE
+
+from core.config import settings
+from core.security import get_uid_hash
+from core.websocket import ws, ChatMessageTypes
+from cruds import crud_class_session, crud_file, crud_user
+from forms.class_session import ClassSessionCreateForm
+from models import ClassSession as ClassSessionModel
+from models import File as FileModel
+from schemas.class_session import (
+    ClassSession,
+    ClassSessionCreate,
+    ClassSessionReturn,
+    ClassSessionUpdate,
+    ClassSessionTeacherReturn,
+    AttendanceUpdate,
+    ParticipantOfClassSession,
+)
+from schemas.file import FileCreate
+from schemas.group import GroupStudentReturn
+from utils import deps
+from utils.deps import get_current_active_teacher_or_above, get_current_active_user, get_current_active_ws_user
+import datetime
+import cruds
+
+router = APIRouter()
+
+
+@router.get("/", response_model=List[ClassSessionReturn])
+def get_class_session(
+    db: Session = Depends(deps.get_db),
+    user=Depends(get_current_active_user),
+    skip: int = 0,
+    limit: int = 100,
+) -> Any:
+    class_sessions = crud_class_session.get_user_class_session(db, user=user)
+    return class_sessions
+
+
+@router.get("/active", response_model=List[ClassSessionReturn])
+def get_active_class_session(
+    db: Session = Depends(deps.get_db),
+    user=Depends(get_current_active_user),
+) -> Any:
+    class_sessions = crud_class_session.get_user_class_session(db, user=user)
+    active_class_sessions = []
+
+    for class_session in class_sessions:
+        if(class_session.start_time < datetime.datetime.now() and class_session.end_time > datetime.datetime.now()):
+            active_class_sessions.append(class_session)
+
+    return active_class_sessions
+
+
+@router.post("/", response_model=ClassSession)
+async def create_class_session(
+    db: Session = Depends(deps.get_db),
+    user=Depends(get_current_active_teacher_or_above),
+    *,
+    form: ClassSessionCreateForm = Depends(),
+) -> Any:
+    course_id = None
+    for item in user.teacher_group:
+        course_id = item.course.id if item.group.id == form.group else course_id
+
+    if(course_id == None):
+        raise HTTPException(
+            status_code=HTTP_406_NOT_ACCEPTABLE, detail="Invalid group id!")
+
+    data = ClassSessionCreate(
+        start_time=form.start_time,
+        end_time=form.end_time,
+        instructor=[user.id]+(form.instructor or []),
+        description=form.description,
+        group_id=form.group,
+        course_id=course_id,
+    )
+
+    class_session = crud_class_session.create(db, obj_in=data)
+
+    hasher = sha256()
+    hasher.update(bytes(f"{class_session.id}_{settings.SECRET_KEY}", "utf-8"))
+    db_folder_path = os.path.join("class_files", hasher.hexdigest())
+    folder_path = os.path.join(settings.UPLOAD_DIR_ROOT, db_folder_path)
+
+    if not os.path.exists(folder_path):
+        os.makedirs(folder_path)
+
+    if form.file:
+        for file in form.file:
+            file_path = os.path.join(folder_path, file.filename)
+            async with aiofiles.open(file_path, mode="wb") as f:
+                content = await file.read()
+                await f.write(content)
+
+            db.add(
+                FileModel(
+                    name=file.filename,
+                    path=db_folder_path,
+                    file_type=file.content_type,
+                    description=None,
+                    class_session=class_session,
+                )
+            )
+            db.commit()
+
+    return class_session
+
+
+@router.get("/{id}/", response_model=ClassSessionReturn)
+def get_specific_class_session(
+    db: Session = Depends(deps.get_db),
+    user=Depends(get_current_active_user),
+    *,
+    id: int,
+) -> Any:
+    class_session = crud_class_session.get_user_class_session(
+        db=db, user=user, id=id)
+    return class_session
+
+
+@router.get("/{id}/participants", response_model=List[ParticipantOfClassSession])
+def get_specific_class_session(
+    db: Session = Depends(deps.get_db),
+    current_user=Depends(get_current_active_user),
+    *,
+    id: int,
+) -> Any:
+    class_session = crud_class_session.get(db, id)
+
+    group = cruds.crud_group.get(db, class_session.group_id)
+
+    participants = group.student + class_session.instructor
+
+    return participants
+
+
+@router.get("/{id}/attendance", response_model=ClassSessionTeacherReturn)
+def get_class_session_with_attendance(
+    db: Session = Depends(deps.get_db),
+    user=Depends(get_current_active_teacher_or_above),
+    *,
+    id: int,
+) -> Any:
+    class_session = crud_class_session.get_user_class_session(
+        db=db, user=user, id=id)
+    return class_session
+
+
+@router.put("/{id}/", response_model=ClassSession)
+def update_class_session(
+    db: Session = Depends(deps.get_db), *, id: int, obj_in: ClassSessionUpdate
+) -> Any:
+    class_session = crud_class_session.get(db, id)
+    class_session = crud_class_session.update(
+        db, db_obj=class_session, obj_in=obj_in)
+    return class_session
+
+
+@router.put("/{class_id}/files")
+async def update_class_session(
+    db: Session = Depends(deps.get_db),
+    *,
+    class_id: int,
+    files: List[UploadFile] = File(None),
+) -> Any:
+    class_session = crud_class_session.get(db, class_id)
+
+    hasher = sha256()
+    hasher.update(bytes(f"{class_id}_{settings.SECRET_KEY}", "utf-8"))
+    db_folder_path = os.path.join("class_files", hasher.hexdigest())
+    folder_path = os.path.join(settings.UPLOAD_DIR_ROOT, db_folder_path)
+
+    if not os.path.exists(folder_path):
+        os.makedirs(folder_path)
+
+    for file in files:
+        file_path = os.path.join(folder_path, file.filename)
+        async with aiofiles.open(file_path, mode="wb") as f:
+            content = await file.read()
+            await f.write(content)
+
+        db.add(
+            FileModel(
+                name=file.filename,
+                path=db_folder_path,
+                file_type=file.content_type,
+                description=None,
+                class_session=class_session,
+            )
+        )
+        db.commit()
+    return {"msg": "success"}
+
+
+@router.put("/{id}/attendance")
+def attendance_of_class_session(
+    db: Session = Depends(deps.get_db),
+    *,
+    id: int,
+    obj_in: AttendanceUpdate,
+    current_teacher=Depends(get_current_active_teacher_or_above),
+) -> Any:
+    class_session = crud_class_session.get_user_class_session(
+        db=db, user=current_teacher, id=id
+    )
+    if not class_session:
+        raise HTTPException(
+            status_code=403, detail="Class session access denied!")
+    class_session = crud_class_session.attendance_update(
+        db, db_obj=class_session, obj_in=obj_in
+    )
+    return {"msg": "success"}
+
+
+# @router.post("/{id}/file/")
+# async def create_upload_files(
+# db: Session = Depends(deps.get_db),
+# files: List[UploadFile] = File(...),
+# current_teacher=Depends(
+# get_current_active_teacher_or_above
+# ),  # FIXME : Get current user ?
+# *,
+# id: int,
+# ):
+# class_session = crud_class_session.get_user_class_session(
+# db=db, user=current_teacher, id=id
+# )
+
+# if not class_session:
+# raise HTTPException(status_code=403, detail="Error ID: 100")  # Access denied!
+
+# FILE_PATH = os.path.join("static", settings.UPLOAD_DIR_ROOT)
+# working_directory = os.getcwd()
+# FILE_PATH = os.path.join(working_directory, FILE_PATH)
+
+# for file in files:
+# filename = f"{FILE_PATH}/{id}/{file.filename}"
+# async with aiofiles.open(filename, mode="wb") as f:
+# content = await file.read()
+# await f.write(content)
+
+# obj_in = ClassSessionUpdate(file=[file.filename for file in files])
+# crud_class_session.update(db=db, db_obj=class_session, obj_in=obj_in)
+
+# return {"msg": "success"}
+
+
+@router.websocket("/ws/{id}/")
+async def websocket_endpoint(
+    db: Session = Depends(deps.get_db),
+    *,
+    websocket: WebSocket,
+    req_user=Depends(get_current_active_ws_user),
+    id: int,
+):
+    user_id = req_user.id
+    class_session = crud_class_session.get_user_class_session(
+        db=db, user=req_user, id=id
+    )
+    if not class_session:
+        raise HTTPException(
+            status_code=403, detail="Error Code: 144"
+        )  # User doesn't have access to classsession
+    await ws.connect(websocket=websocket, class_session_id=id, user_id=user_id)
+    try:
+        while True:
+            data = await websocket.receive_json()
+            if data.get("msg_type") == ChatMessageTypes.MESSAGE_HISTORY.value:
+                await ws.send_history(websocket, id)
+            else:
+                await ws.message(
+                    websocket=websocket,
+                    user_id=user_id,
+                    class_session_id=id,
+                    message=data.get("message"),
+                    anon=data.get("anon"),
+                )
+    except WebSocketDisconnect:
+        await ws.disconnect(websocket, class_session_id=id, user_id=user_id)

api/endpoints/course.py

@@ -0,0 +1,75 @@
+from manage import crud
+from typing import Any, List
+
+from fastapi import APIRouter, Depends
+from sqlalchemy.orm import Session
+
+from utils import deps
+from cruds import crud_course
+from schemas.course import Course, CourseCreate, CourseUpdate
+from core import settings
+from models import User
+from fastapi import HTTPException
+
+router = APIRouter()
+
+
+# get course, can be called by any user (1 through 4)
+@router.get("/", response_model=List[Course])
+def get_course(
+    current_user: User = Depends(deps.get_current_active_user),
+    db: Session = Depends(deps.get_db),
+    skip: int = 0,
+    limit: int = 100,
+) -> Any:
+    course = crud_course.get_multi(db, skip=skip, limit=limit)
+    return course
+
+
+# add a new course, only executed if the user is either a super admin or admin
+@router.post("/")
+def create_course(
+    db: Session = Depends(deps.get_db),
+    *,
+    obj_in: CourseCreate,
+    current_user: User = Depends(deps.get_current_admin_or_above),
+) -> Any:
+    crud_course.create(db, obj_in=obj_in)
+    return {"status": "success"}
+
+
+# get a specific course, can be called by any user (1 through 4)
+@router.get("/{id}/", response_model=Course)
+def get_specific_course(
+    current_user: User = Depends(deps.get_current_active_user),
+    db: Session = Depends(deps.get_db),
+    *,
+    id: int,
+) -> Any:
+    course = crud_course.get(db, id)
+    return course
+
+
+# update a specific user, can be called by only admin and superadmin
+@router.put("/{id}/")
+def update_course(
+    db: Session = Depends(deps.get_db),
+    *,
+    id: int,
+    obj_in: CourseUpdate,
+    current_user: User = Depends(deps.get_current_admin_or_above),
+) -> Any:
+    course = crud_course.get(db, id)
+    crud_course.update(db, db_obj=course, obj_in=obj_in)
+    return {"status": "success"}
+
+
+@router.delete("/{course_id}/")
+async def delete_course(
+    db: Session = Depends(deps.get_db),
+    user=Depends(deps.get_current_admin_or_above),
+    *,
+    course_id: int,
+):
+    crud_course.remove(db=db, id=course_id)
+    return {"msg": "success"}

api/endpoints/department.py

@@ -0,0 +1,95 @@
+from typing import Any, List
+
+from fastapi import APIRouter, Depends
+from sqlalchemy.orm import Session
+
+from utils import deps
+from cruds import crud_department
+from schemas import Department, DepartmentUpdate, Course
+from models import User
+from fastapi import HTTPException
+from core import settings
+
+router = APIRouter()
+
+# get all Departments, can be called by all users (1 through 4)
+@router.get("/", response_model=List[Department])
+def get_department(
+    db: Session = Depends(deps.get_db),
+    skip: int = 0,
+    limit: int = 100,
+    current_user: User = Depends(deps.get_current_active_user),
+) -> Any:
+    department = crud_department.get_multi(db, skip=skip, limit=limit)
+    return department
+
+
+# create a new deparment, can be only created by admin and superadmin
+@router.post("/", response_model=Department)
+def create_department(
+    db: Session = Depends(deps.get_db),
+    *,
+    obj_in: DepartmentUpdate,
+    current_user: User = Depends(deps.get_current_active_user),
+) -> Any:
+    if current_user.user_type > settings.UserType.ADMIN.value:
+        raise HTTPException(
+            status_code=403, detail="Error ID: 104"
+        )  # user has no authorization for creating departments
+    else:
+        department = crud_department.create(db, obj_in=obj_in)
+        return department
+
+
+# get a specific department, can be called by all user types (1 through 4)
+@router.get("/{id}/", response_model=Department)
+def get_specific_department(
+    db: Session = Depends(deps.get_db),
+    *,
+    id: int,
+    current_user: User = Depends(deps.get_current_active_user),
+) -> Any:
+    department = crud_department.get(db, id)
+    return department
+
+
+# update a specific department, can be called by only superadmin and admin
+@router.put("/{id}/")
+def update_department(
+    db: Session = Depends(deps.get_db),
+    *,
+    id: int,
+    obj_in: DepartmentUpdate,
+    current_user: User = Depends(deps.get_current_active_user),
+) -> Any:
+    if current_user.user_type > settings.UserType.ADMIN.value:
+        raise HTTPException(
+            status_code=403, detail="Error ID: 105"
+        )  # user has no authorization for updating departments
+    else:
+        department = crud_department.get(db, id)
+        crud_department.update(db, db_obj=department, obj_in=obj_in)
+        return {"status": "success"}
+
+
+@router.get("/{id}/courses/", response_model=List[Course])
+def get_department_course(
+    db: Session = Depends(deps.get_db),
+    *,
+    id: int,
+    current_user: User = Depends(deps.get_current_admin_or_above),
+) -> Any:
+    department = crud_department.get(db, id)
+    courses = department.courses
+    return courses
+
+
+@router.delete("/{department_id}/")
+async def delete_department(
+    db: Session = Depends(deps.get_db),
+    user=Depends(deps.get_current_admin_or_above),
+    *,
+    department_id: int,
+):
+    crud_department.remove(db=db, id=department_id)
+    return {"msg": "success"}

api/endpoints/group.py

@@ -0,0 +1,130 @@
+from schemas.group import GroupReturn
+from typing import Any, List
+
+from fastapi import APIRouter, Depends
+from fastapi.encoders import jsonable_encoder
+from sqlalchemy.orm import Session
+
+from utils import deps
+from cruds import crud_group, crud_department, crud_course
+from schemas.group import (
+    Group,
+    GroupUpdate,
+    GroupCreate,
+    GroupStudentReturn,
+    GroupWithProgram,
+)
+from models import User
+from core import settings
+from fastapi import HTTPException
+
+router = APIRouter()
+
+# get group:
+# can be called by student to get their group,
+# can be called by teacher to get the group under their depart
+# can be called by admin and super admin to get all the departs
+@router.get("/", response_model=List[GroupWithProgram])
+async def get_group(
+    db: Session = Depends(deps.get_db),
+    skip: int = 0,
+    limit: int = 100,
+    current_user: User = Depends(deps.get_current_active_user),
+) -> Any:
+    if current_user.user_type == settings.UserType.STUDENT.value:
+        got_group = crud_group.get(db, current_user.group_id)
+        group = []
+        group.append(got_group)
+        return group
+
+    if current_user.user_type == settings.UserType.TEACHER.value:
+        return [
+            teacher_group_link.group
+            for teacher_group_link in current_user.teacher_group
+        ]
+
+    if current_user.user_type <= settings.UserType.ADMIN.value:
+        group = crud_group.get_multi(db, skip=skip, limit=limit)
+        return group
+
+
+# create new group, can be done by only admin and super admin
+@router.post("/", response_model=Group)
+async def create_group(
+    db: Session = Depends(deps.get_db),
+    *,
+    obj_in: GroupCreate,
+    current_user: User = Depends(deps.get_current_admin_or_above),
+) -> Any:
+    return crud_group.create(db, obj_in=obj_in)
+
+
+# get a specific group by id
+# student: cannot get by id, can get their own group by directly calling "/"
+# teacher: can get a specific group only if it exists in their groups_list
+# superadmin and admin, no restriction, can get any group by id
+@router.get("/{id}", response_model=Group, summary="Get specific group")
+@router.get(
+    "/{id}/student/",
+    response_model=GroupStudentReturn,
+    summary="Get students of specific group",
+)
+async def get_specific_group(
+    db: Session = Depends(deps.get_db),
+    *,
+    id: int,
+    current_user: User = Depends(deps.get_current_active_user),
+) -> Any:
+    if not current_user:
+        raise HTTPException(status_code=404, detail="Error ID: 107")  # user not found!
+
+    if current_user.user_type == settings.UserType.STUDENT.value:
+        if current_user.group_id == id:
+            return crud_group.get(db, id=id)
+        else:
+            raise HTTPException(
+                status_code=403,
+                detail="Error ID: 108",
+            )  # user has no authorization to access this group
+
+    if current_user.user_type == settings.UserType.TEACHER.value:
+        for group in current_user.teacher_group:
+            if group.teacher_id == current_user.id:
+                return group.group
+        raise HTTPException(
+            status_code=403,
+            detail="Error ID: 109",
+        )  # user has no authorization to access this group
+
+    if current_user.user_type >= settings.UserType.ADMIN.value:
+        group = crud_group.get(db, id)
+        return group
+
+
+# update group, can be called by only the superadmin and admin
+@router.put("/{id}", response_model=GroupUpdate)
+async def update_group(
+    db: Session = Depends(deps.get_db),
+    *,
+    id: int,
+    obj_in: GroupUpdate,
+    current_user: User = Depends(deps.get_current_active_user),
+) -> Any:
+
+    if current_user.user_type >= settings.UserType.TEACHER.value:
+        raise HTTPException(
+            status_code=403,
+            detail="Error ID: 110",
+        )  # user has no authorization for updating groups
+    else:
+        group = crud_group.get(db, id)
+        crud_group.update(db, db_obj=group, obj_in=obj_in)
+        return {"status": "success"}
+
+
+@router.get("/all/")
+async def get_all_groups(
+    db: Session = Depends(deps.get_db),
+) -> Any:
+    group = crud_group.get_multi(db, limit=-1)
+    return group

api/endpoints/personal_note.py

@@ -0,0 +1,195 @@
+from typing import Any, List
+
+from fastapi import APIRouter, Depends
+from sqlalchemy.orm import Session
+
+from utils import deps
+from cruds import crud_personal_note
+from schemas import PersonalNote, PersonalNoteUpdate, PersonalNoteCreate
+from models import User
+from core import settings
+from fastapi import HTTPException
+
+router = APIRouter()
+
+
+# get personal note:
+# student: get only theirs
+# teacher: get only theirs
+# admin: none
+# super admin: all
+@router.get("/", response_model=List[PersonalNote])
+def get_personal_note(
+    db: Session = Depends(deps.get_db),
+    skip: int = 0,
+    limit: int = 100,
+    current_user: User = Depends(deps.get_current_active_user),
+) -> Any:
+
+    if not current_user:
+        # user not found!
+        raise HTTPException(status_code=404, detail="Error ID: 116")
+
+    if current_user.user_type >= settings.UserType.TEACHER.value:
+        personal_note_list = []
+        personal_notes = current_user.personalnote
+        for note in personal_notes:
+            personal_note = crud_personal_note.get(db, id=note.id)
+            personal_note_list.append(personal_note)
+        return personal_note_list
+
+    if current_user.user_type == settings.UserType.ADMIN.value:
+        raise HTTPException(
+            status_code=403,
+            detail="Error ID: 117",
+        )  # user has no authorization for retrieving personal notes, cause they personal fam!
+
+    if current_user.user_type == settings.UserType.SUPERADMIN.value:
+        personal_note = crud_personal_note.get_multi(db, skip=skip, limit=limit)
+        return personal_note
+
+
+# Create new personal note
+# student: can create only theirs
+# teacher: can create only theirs
+# admin: no create previlege
+# superadmin: can create all
+@router.post("/", response_model=PersonalNote)
+def create_personal_note(
+    db: Session = Depends(deps.get_db),
+    *,
+    obj_in: PersonalNoteCreate,
+    current_user: User = Depends(deps.get_current_active_user),
+) -> Any:
+    if not current_user:
+        # user not found!
+        raise HTTPException(status_code=404, detail="Error ID: 119")
+
+    if current_user.user_type >= settings.UserType.TEACHER.value:
+        if obj_in.user_id != current_user.id:
+            raise HTTPException(
+                status_code=403,
+                detail="Error ID: 118",
+            )  # user has no authorization to create personal note for another user
+        else:
+            personal_note = crud_personal_note.create(db, obj_in=obj_in)
+            return personal_note
+
+    if current_user.user_type == settings.UserType.ADMIN.value:
+        raise HTTPException(
+            status_code=403,
+            detail="Error ID: 120",
+        )  # user has no authorization to create personal notes
+
+    if current_user.user_type == settings.UserType.SUPERADMIN.value:
+        personal_note = crud_personal_note.create(db, obj_in=obj_in)
+        return personal_note
+
+
+# get specific personal note,
+# student and teacher can only get that specific note if they own it
+# admin can has no permission
+# superadmin can get it
+@router.get("/{id}/", response_model=PersonalNote)
+def get_specific_personal_note(
+    db: Session = Depends(deps.get_db),
+    *,
+    id: int,
+    current_user: User = Depends(deps.get_current_active_user),
+) -> Any:
+    if not current_user:
+        # user not found!
+        raise HTTPException(status_code=404, detail="Error ID: 121")
+
+    if current_user.user_type == settings.UserType.ADMIN.value:
+        raise HTTPException(
+            status_code=403,
+            detail="Error ID: 122",
+        )  # user has no authorization to get personal notes
+
+    if current_user.user_type >= settings.UserType.TEACHER.value:
+        personal_notes = get_personal_note(db, current_user=current_user)
+        for notes in personal_notes:
+            if id == notes.id:
+                personal_note = crud_personal_note.get(db, id)
+                return personal_note
+
+        raise HTTPException(
+            status_code=403,
+            detail="Error ID: 123",
+        )  # user has no authorization to get other user's personal notes
+
+    if current_user.user_type == settings.UserType.SUPERADMIN.value:
+        personal_note = crud_personal_note.get(db, id)
+        return personal_note
+
+
+@router.put("/{id}/", response_model=PersonalNote)
+def update_personal_note(
+    db: Session = Depends(deps.get_db),
+    *,
+    id: int,
+    obj_in: PersonalNoteUpdate,
+    current_user: User = Depends(deps.get_current_active_user),
+) -> Any:
+    if not current_user:
+        # user not found!
+        raise HTTPException(status_code=404, detail="Error ID: 124")
+
+    if current_user.user_type == settings.UserType.ADMIN.value:
+        raise HTTPException(
+            status_code=403,
+            detail="Error ID: 125",
+        )  # user has no authorization to edit personal notes
+
+    if current_user.user_type >= settings.UserType.TEACHER.value:
+        if obj_in.user_id == current_user.id:
+
+            personal_note = crud_personal_note.get(db, id)
+            return crud_personal_note.update(db, db_obj=personal_note, obj_in=obj_in)
+
+        else:
+            raise HTTPException(
+                status_code=403,
+                detail="Error ID: 126",
+            )  # user has no authorization to get other user's personal notes
+
+    if current_user.user_type == settings.UserType.SUPERADMIN.value:
+        personal_note = crud_personal_note.get(db, id)
+        return crud_personal_note.update(db, db_obj=personal_note, obj_in=obj_in)
+
+
+# XXX: For deleting all, is this needed?
+
+# @router.delete("/{}")
+# def deletePersonalNotes(
+#     db: Session = Depends(deps.get_db),
+#     *,
+#     current_user: User = Depends(deps.get_current_active_superuser);
+# )->Any:
+#     crud_personal_note.delete
+
+
+@router.delete("/{id}/")
+def deleteSpecificPersonalNote(
+    db: Session = Depends(deps.get_db),
+    *,
+    id: int,
+    current_user: User = Depends(deps.get_current_active_user),
+) -> Any:
+
+    if current_user.user_type == settings.UserType.SUPERADMIN.value:
+        personalNote = crud_personal_note.remove(db, id=id)
+        return personalNote
+
+    if current_user.user_type == settings.UserType.ADMIN.value:
+        raise HTTPException(
+            status_code=403,
+            detail="Error ID: 142",  # user has no authorization to delete notes of other users
+        )
+
+    personalNote = get_specific_personal_note(db, id=id, current_user=current_user)
+
+    personalNote = crud_personal_note.remove(db, id=personalNote.id)
+
+    return personalNote

api/endpoints/program.py

@@ -0,0 +1,78 @@
+from typing import Any, List
+
+from fastapi import APIRouter, Depends, HTTPException
+from sqlalchemy.orm import Session
+from starlette.responses import Response
+from core.cache import cache
+
+from cruds.program import crud_program
+from cruds.group import crud_group
+from schemas import Program, ProgramCreate, ProgramUpdate, GroupCreate
+from schemas import program
+from utils import deps
+
+router = APIRouter()
+
+
+@router.get("/", response_model=List[Program])
+async def get_programs(
+    db: Session = Depends(deps.get_db),
+    skip: int = 0,
+    limit: int = 500,
+) -> Any:
+    programs = crud_program.get_multi(db, skip=skip, limit=limit)
+    return programs
+
+
+@router.post("/", response_model=Program)
+async def create_program(
+    db: Session = Depends(deps.get_db),
+    user=Depends(deps.get_current_admin_or_above),
+    *,
+    program_in: ProgramCreate,
+) -> Any:
+    program = crud_program.create(db, obj_in=Program(**program_in.dict()))
+    for sem_iter in range(program_in.max_sems):
+        group = GroupCreate(
+            program_id=program.id,
+            sem=sem_iter + 1,
+        )
+        print(group.dict())
+        crud_group.create(db=db, obj_in=group)
+    return program
+
+
+@router.get("/{program_id}/", response_model=Program)
+@router.get("/{program_id}/group", response_model=program.ProgramGroupReturn)
+async def get_program(
+    db: Session = Depends(deps.get_db),
+    user=Depends(deps.get_current_active_user),
+    *,
+    program_id: int,
+) -> Any:
+    program = crud_program.get(db, program_id)
+    return program
+
+
+@router.put("/{program_id}/")
+def update_program(
+    db: Session = Depends(deps.get_db),
+    *,
+    program_id: int,
+    obj_in: ProgramUpdate,
+    current_user=Depends(deps.get_current_admin_or_above),
+) -> Any:
+    department = crud_program.get(db, program_id)
+    crud_program.update(db, db_obj=department, obj_in=obj_in)
+    return {"status": "success"}
+
+
+@router.delete("/{program_id}/")
+async def delete_program(
+    db: Session = Depends(deps.get_db),
+    user=Depends(deps.get_current_admin_or_above),
+    *,
+    program_id: int,
+):
+    crud_program.remove(db=db, id=program_id)
+    return {"msg": "success"}

api/endpoints/quiz.py

@@ -0,0 +1,456 @@
+from datetime import datetime
+from typing import Any, List, Dict
+
+from hashlib import sha1
+
+import os
+import shutil
+
+from fastapi import APIRouter, Depends, HTTPException
+from sqlalchemy.orm import Session
+from core.config import settings
+import json
+from models import User
+from utils import deps
+from cruds import crud_quiz, crud_question
+from schemas import (
+    Quiz,
+    QuizCreate,
+    QuizUpdate,
+    QuizAnswer,
+    QuizAnswerCreate,
+    QuizAnswerUpdate,
+    QuizQuestion,
+    QuizQuestionCreate,
+    QuizQuestionUpdate,
+    QuizQuestionwoutAnswer,
+)
+
+from fastapi import FastAPI, File, UploadFile, HTTPException
+from fastapi.responses import FileResponse
+import aiofiles
+from core.config import settings
+
+router = APIRouter()
+
+QUIZ_ROUTE: str = "quiz"
+QUIZ_QUESTION_UPLOAD_DIR: str = "question_image"
+QUIZ_OPTION_UPLOAD_DIR: str = "option_image"
+hashedQuestionRoute = sha1(
+    QUIZ_QUESTION_UPLOAD_DIR.encode(encoding="UTF-8", errors="strict")
+)
+hashedOptionRoute = sha1(
+    QUIZ_OPTION_UPLOAD_DIR.encode(encoding="UTF-8", errors="strict")
+)
+
+
+@router.get("/", response_model=List[Quiz])
+async def get_quiz(
+    db: Session = Depends(deps.get_db),
+    skip: int = 0,
+    limit: int = -1,
+    current_user: User = Depends(deps.get_current_active_user),
+) -> Any:
+    quiz = crud_quiz.get_multi(db, skip=skip, limit=limit)
+
+    if current_user.user_type == settings.UserType.STUDENT.value:
+        quiz_list = []
+        for quizItem in quiz:
+            for group in quizItem.group:
+                if group.id == current_user.group.id:
+                    quiz_list.append(quizItem)
+
+        return quiz_list
+
+    if current_user.user_type == settings.UserType.TEACHER.value:
+
+        quiz_list = []
+        for quizItem in quiz:
+            for instructor in quizItem.instructor:
+                if current_user.id == instructor.id:
+                    quiz_list.append(quizItem)
+        return quiz_list
+
+    if current_user.user_type <= settings.UserType.ADMIN.value:
+        return quiz
+
+
+@router.post("/")
+async def create_quiz(
+    db: Session = Depends(deps.get_db),
+    *,
+    obj_in: QuizCreate,
+    current_user: User = Depends(deps.get_current_active_teacher_or_above),
+) -> Any:
+    quiz = crud_quiz.create(db, obj_in=obj_in)
+    return {"msg": "success", "id": quiz.id}
+
+
+@router.get("/{id}", response_model=Quiz)
+async def get_specific_quiz(
+    db: Session = Depends(deps.get_db),
+    *,
+    id: int,
+    current_user: User = Depends(deps.get_current_active_user),
+) -> Any:
+    if current_user.user_type == settings.UserType.STUDENT.value:
+        quiz_list = await get_quiz(db=db, current_user=current_user)
+        for quiz in quiz_list:
+            if quiz.id == id:
+                return quiz
+        raise HTTPException(
+            status_code=403, detail="Error ID: 133"
+        )  # not accessible by the Student user
+
+    if current_user.user_type == settings.UserType.TEACHER.value:
+        quiz_list = await get_quiz(db=db, current_user=current_user)
+        for quiz in quiz_list:
+            if quiz.id == id:
+                return quiz
+        raise HTTPException(
+            status_code=403, detail="Error ID: 134"
+        )  # not accessible by the Teacher user
+
+    if current_user.user_type <= settings.UserType.ADMIN.value:
+        quiz = crud_quiz.get(db, id)
+        return quiz
+
+
+@router.put("/{id}", response_model=QuizUpdate)
+async def update_quiz(
+    db: Session = Depends(deps.get_db),
+    *,
+    id: int,
+    obj_in: QuizUpdate,
+    current_user: User = Depends(deps.get_current_active_teacher_or_above),
+) -> Any:
+    quiz = crud_quiz.get(db, id)
+    quiz = crud_quiz.update(db, db_obj=quiz, obj_in=obj_in)
+    return quiz
+
+
+@router.get("/{quizid}/question", response_model=List[QuizQuestionwoutAnswer])
+async def get_question(
+    db: Session = Depends(deps.get_db),
+    *,
+    quizid: int,
+    current_user: User = Depends(deps.get_current_active_user),
+) -> Any:
+    quiz = await get_specific_quiz(db, id=quizid, current_user=current_user)
+    if not quiz:
+        raise HTTPException(
+            status_code=404, detail="Error ID = 135"
+        )  # quiz not found in database
+
+    questions = crud_question.get_all_by_quiz_id(db, quiz_id=quiz.id)
+    return questions
+
+
+@router.get("/{quizid}/question/{id}", response_model=QuizQuestionwoutAnswer)
+async def get_specific_question(
+    db: Session = Depends(deps.get_db),
+    *,
+    quizid: int,
+    id: int,
+    current_user: User = Depends(deps.get_current_active_user),
+) -> Any:
+
+    question = crud_question.get_by_quiz_id_question_id(
+        db=db, quiz_id=quizid, questionid=id
+    )
+
+    if not question:
+        raise HTTPException(
+            status_code=404, detail="Error ID: 136"
+        )  # question specific to that id not found
+
+    return question
+
+
+@router.post("/{quizid}/question")
+async def create_question(
+    db: Session = Depends(deps.get_db),
+    *,
+    quizid: int,
+    obj_in: QuizQuestionCreate,
+    current_user: User = Depends(deps.get_current_active_teacher_or_above),
+) -> Any:
+    obj_in.quiz_id = quizid
+    # obj_in.question_image = "question"
+    # obj_in.options = [
+    #     {"image": eachDict["image"] if eachDict["image"] == "" else f"Options{index+1}"}
+    #     for index, eachDict in enumerate(obj_in.options)
+    # ]
+
+    question = crud_question.create(db, obj_in=obj_in)
+    quiz = crud_quiz.get(db=db, id=quizid)
+
+    newMarks = quiz.total_marks + question.marks
+    newQuiz = QuizUpdate(total_marks=newMarks)
+
+    crud_quiz.update(db=db, db_obj=quiz, obj_in=newQuiz)
+
+    hashedQuizId = sha1(str(quizid).encode(encoding="UTF-8", errors="strict"))
+
+    hashedQuestionId = sha1(str(question.id).encode(encoding="UTF-8", errors="strict"))
+
+    # if the question is said to have a IMAGE then only create the folder to store the image
+    FILE_PATH = os.path.join(
+        settings.UPLOAD_DIR_ROOT,
+        QUIZ_ROUTE,
+        hashedQuizId.hexdigest(),
+        hashedQuestionId.hexdigest(),
+    )
+
+    FILE_PATH_QUESTION = os.path.join(FILE_PATH, hashedQuestionRoute.hexdigest())
+
+    FILE_PATH_OPTION = os.path.join(FILE_PATH, hashedOptionRoute.hexdigest())
+
+    if not os.path.exists(FILE_PATH_QUESTION):
+        os.makedirs(FILE_PATH_QUESTION)
+
+    if not os.path.exists(FILE_PATH_OPTION):
+        os.makedirs(FILE_PATH_OPTION)
+
+    return {"msg": "success", "id": question.id}
+
+
+@router.put("/{quizid}/question/{id}")
+async def update_question(
+    db: Session = Depends(deps.get_db),
+    *,
+    quizid: int,
+    obj_in: QuizQuestionUpdate,
+    id: int,
+    current_user: User = Depends(deps.get_current_active_teacher_or_above),
+) -> Any:
+
+    question = crud_question.get(db, id)
+
+    # on question_type update, create folder to store image if not already present
+    FILE_PATH_QUESTION = os.path.join(
+        settings.UPLOAD_DIR_ROOT,
+        QUIZ_QUESTION_UPLOAD_DIR,
+        f"{quizid}/{question.id}",
+    )
+
+    if not os.path.exists(FILE_PATH_QUESTION):
+        os.makedirs(FILE_PATH_QUESTION)
+
+    # on option_type update, create folder to store image if not already present
+    # if (obj_in.answer_type == AnswerType.IMAGE_OPTIONS.value) and (
+    #     question.answer_type != obj_in.answer_type
+    # ):
+    #     FILE_PATH_OPTION = os.path.join(
+    #         "static", QUIZ_OPTION_UPLOAD_DIR, f"{quizid}/{question.id}"
+    #     )
+    #     FILE_PATH_OPTION = os.path.join(current_directory, FILE_PATH_OPTION)
+
+    #     if not os.path.exists(FILE_PATH_OPTION):
+    #         os.makedirs(FILE_PATH_OPTION)
+
+    if question.quiz_id == quizid == obj_in.quiz_id:
+        question = crud_question.update(db, db_obj=question, obj_in=obj_in)
+        return question
+    else:
+        raise HTTPException(
+            status_code=403, detail="Error ID = 137"
+        )  # noqa Access Denied!
+
+
+# XXX: ENDPOINTS for questions to write and read files and answers to those files
+
+
+# FIXME: Uploaded files directory fix it
+@router.post("/{quizid}/question/{id}/question_image/")
+async def create_question_files(
+    db: Session = Depends(deps.get_db),
+    files: List[UploadFile] = File(...),
+    current_user=Depends(deps.get_current_active_teacher_or_above),
+    *,
+    quizid: int,
+    id: int,
+):
+    question = await get_specific_question(
+        db, quizid=quizid, id=id, current_user=current_user
+    )
+
+    hashedQuizId = sha1(str(quizid).encode(encoding="UTF-8", errors="strict"))
+
+    hashedQuestionId = sha1(str(id).encode(encoding="UTF-8", errors="strict"))
+
+    FILE_QUESTION_PATH = os.path.join(
+        QUIZ_ROUTE,
+        hashedQuizId.hexdigest(),
+        hashedQuestionId.hexdigest(),
+        hashedQuestionRoute.hexdigest(),
+    )
+
+    FILE_PATH = os.path.join(
+        settings.UPLOAD_DIR_ROOT,
+        FILE_QUESTION_PATH,
+    )
+
+    questionImages = []
+    fileIndex = 0
+    for file in files:
+        fileName, fileExtension = os.path.splitext(file.filename)
+        hashedFileName = sha1(
+            (fileName + str(fileIndex)).encode(encoding="UTF-8", errors="strict")
+        )
+        fileIndex = fileIndex + 1
+        filename = f"{FILE_PATH}/{hashedFileName.hexdigest()}{fileExtension}"
+        async with aiofiles.open(filename, mode="wb") as f:
+            content = await file.read()
+            await f.write(content)
+        questionImages.append(
+            f"{FILE_QUESTION_PATH}/{hashedFileName.hexdigest()}{fileExtension}"
+        )
+
+    obj_in = QuizQuestionUpdate(quiz_id=quizid, question_image=questionImages)
+    updated = crud_question.update(db=db, db_obj=question, obj_in=obj_in)
+
+    return updated
+
+
+@router.post("/{quizid}/question/{id}/option_image/")
+async def create_option_files(
+    options: List,
+    db: Session = Depends(deps.get_db),
+    files: List[UploadFile] = File(...),
+    current_user=Depends(deps.get_current_active_teacher_or_above),
+    *,
+    quizid: int,
+    id: int,
+):
+    options = json.loads(options[0])
+
+    question = await get_specific_question(
+        db, quizid=quizid, id=id, current_user=current_user
+    )
+
+    hashedQuizId = sha1(str(quizid).encode(encoding="UTF-8", errors="strict"))
+
+    hashedQuestionId = sha1(str(id).encode(encoding="UTF-8", errors="strict"))
+    FILE_OPTION_PATH = os.path.join(
+        QUIZ_ROUTE,
+        hashedQuizId.hexdigest(),
+        hashedQuestionId.hexdigest(),
+        hashedOptionRoute.hexdigest(),
+    )
+    FILE_PATH = os.path.join(
+        settings.UPLOAD_DIR_ROOT,
+        FILE_OPTION_PATH,
+    )
+    fileIndex = 0
+    for file in files:
+        fileName, fileExtension = os.path.splitext(file.filename)
+        hashedFileName = sha1(
+            (fileName + str(fileIndex)).encode(encoding="UTF-8", errors="strict")
+        )
+        fileIndex = fileIndex + 1
+        filename = f"{FILE_PATH}/{hashedFileName.hexdigest()}{fileExtension}"
+        async with aiofiles.open(filename, mode="wb") as f:
+            content = await file.read()
+            await f.write(content)
+        alreadyModified = []
+        for index, eachDict in enumerate(options):
+            if eachDict["image"] == file.filename:
+                if index not in alreadyModified:
+                    eachDict[
+                        "image"
+                    ] = f"{FILE_OPTION_PATH}/{hashedFileName.hexdigest()}{fileExtension}"
+                    alreadyModified.append(index)
+                    break
+
+    obj_in = QuizQuestionUpdate(quiz_id=quizid, options=json.dumps(options))
+    updated = crud_question.update(db=db, db_obj=question, obj_in=obj_in)
+
+    return {"msg": "success"}
+
+
+@router.get("/{quizid}/question/{id}/{type}/{filename}")
+async def get_image(
+    db: Session = Depends(deps.get_db),
+    *,
+    quizid: int,
+    id: int,
+    filename: str,
+    type: int,
+    current_user: User = Depends(deps.get_current_active_user),
+):
+    question = await get_specific_question(
+        db, quizid=quizid, id=id, current_user=current_user
+    )
+
+    if not question:
+        raise HTTPException(status_code=404, detail="Error ID: 138")
+        # question not found error
+
+    if type == 1:
+        if filename in question.question_image:
+            FILE_PATH = os.path.join(
+                settings.UPLOAD_DIR_ROOT, QUIZ_QUESTION_UPLOAD_DIR, f"{quizid}/{id}"
+            )
+        else:
+            raise HTTPException(
+                status_code=403, detail="Error ID: 139"
+            )  # file not of that question
+
+    if type == 2:
+        if filename in question.option_image:
+            FILE_PATH = os.path.join(
+                settings.UPLOAD_DIR_ROOT, QUIZ_OPTION_UPLOAD_DIR, f"{quizid}/{id}"
+            )
+        else:
+            raise HTTPException(
+                status_code=403, detail="Error ID: 140"
+            )  # file not of that question
+
+    FILE_PATH = os.path.join(FILE_PATH, filename)
+
+    if os.path.isfile(FILE_PATH):
+        file = FileResponse(f"{FILE_PATH}")
+        return file
+    else:
+        raise HTTPException(
+            status_code=404, detail="Error ID: 141"
+        )  # no file exist in the path
+
+
+@router.delete("/{quizid}/")
+async def delete_quiz(
+    db: Session = Depends(deps.get_db),
+    *,
+    quizid=int,
+    current_user: User = Depends(deps.get_current_active_teacher),
+):
+    quiz = crud_quiz.get(db, id=quizid)
+
+    if not quiz:
+        raise HTTPException(status_code=404, detail="Error ID: 143")
+
+    for instructor in quiz.instructor:
+
+        if instructor.id == current_user.id:
+
+            print(instructor.id, current_user.id)
+            quiz = crud_quiz.remove(db, id=quizid)
+
+            hashedQuizId = sha1(str(quizid).encode(encoding="UTF-8", errors="strict"))
+
+            FILE_PATH = os.path.join(
+                settings.UPLOAD_DIR_ROOT,
+                QUIZ_ROUTE,
+                hashedQuizId.hexdigest(),
+            )
+
+            if os.path.exists(FILE_PATH):
+                shutil.rmtree(FILE_PATH)
+
+            return {"msg": "delete success"}
+
+    raise HTTPException(
+        status_code=403,
+        detail="Error ID: 142",
+    )  # teacher not associated with the quiz

api/endpoints/quiz_answer.py

@@ -0,0 +1,149 @@
+import math
+from fastapi import APIRouter, Depends, HTTPException
+from sqlalchemy.orm import Session
+from models import User
+from utils import deps
+from datetime import datetime, timedelta
+from cruds import crud_quiz_answer, crud_question, crud_quiz
+from schemas import (
+    QuizAnswer,
+    QuizAnswerCreate,
+    QuizAnswerUpdate,
+    QuizAnsweronlySelected,
+    QuizAnswerwithName,
+)
+
+from typing import Any, Optional, List, Dict  # noqa
+
+
+router = APIRouter()
+
+
+@router.get("/")
+async def get_answers(
+    db: Session = Depends(deps.get_db),
+    *,
+    current_user: User = Depends(deps.get_current_active_user),
+):
+    pass
+
+
+@router.get("/{quizid}", response_model=QuizAnswer, response_model_exclude_none=True)
+async def get_answers_quiz(
+    db: Session = Depends(deps.get_db),
+    *,
+    quizid: int,
+    current_user: User = Depends(deps.get_current_active_user),
+):
+    answer = crud_quiz_answer.get_by_quiz_id(
+        db=db, quizId=quizid, studentId=current_user.id
+    )
+
+    if answer:
+        marks = answer.marks_obtained
+        answer.marks_obtained = None
+
+        quiz = crud_quiz.get(db=db, id=quizid)
+
+        if (
+            quiz
+            and quiz.end_time
+            and quiz.end_time <= (datetime.utcnow() - timedelta(seconds=15))
+        ):
+            answer.marks_obtained = marks
+
+        return answer
+
+    raise HTTPException(status_code=404, detail="Error ID: 144")
+
+
+@router.get("/{quizid}/getAnswersAsTeacher/", response_model=List[QuizAnswerwithName])
+async def get_quiz_answers_as_teacher(
+    db: Session = Depends(deps.get_db),
+    *,
+    quizid: int,
+    current_user: User = Depends(deps.get_current_active_teacher_or_above),
+):
+    if current_user.quiz:
+        for quiz in current_user.quiz:
+            if quiz.id == quizid:
+                answers = crud_quiz_answer.get_all_by_quiz_id_as_teacher(
+                    db=db, quizId=quizid
+                )
+                if len(answers) >= 1:
+                    return answers
+
+    raise HTTPException(
+        status_code=404,
+        detail="Error ID: 143",  # could not populate answer
+    )
+
+
+@router.get("/{quizid}/exists/")
+async def check_existence(
+    db: Session = Depends(deps.get_db),
+    *,
+    quizid: int,
+    current_user: User = Depends(deps.get_current_active_user),
+):
+    answer = crud_quiz_answer.get_by_quiz_id(
+        db=db, quizId=quizid, studentId=current_user.id
+    )
+    if not answer:
+        return {"exists": False}
+    else:
+        return {"exists": True}
+
+
+@router.get("/{id}")
+async def get_specific_answer():
+    pass
+
+
+@router.post("/{quiz_id}", response_model=QuizAnsweronlySelected)
+async def submit_answer(
+    db: Session = Depends(deps.get_db),
+    *,
+    questionAnswer: Dict[int, Any],
+    quiz_id: int,
+    current_user: User = Depends(deps.get_current_active_user),
+):
+    questions = crud_question.get_all_by_quiz_id(db, quiz_id=quiz_id)
+
+    marksObtained = 0
+    correctCount = 0
+    for question in questions:
+        if question.id in questionAnswer.keys():
+            questionOption = questionAnswer[question.id]
+            if question.multiple:
+                if len(question.answer) >= len(questionOption):
+                    for answer in questionOption:
+                        if answer in question.answer:
+                            correctCount = correctCount + 1
+
+                    correctCount = correctCount / len(question.answer)
+
+            else:
+                questionAnswer[question.id] = questionOption
+
+                if questionOption == question.answer[0]:
+                    correctCount = 1
+
+            marksObtained = marksObtained + correctCount * question.marks
+            correctCount = 0
+
+    questionAnswer = QuizAnswerCreate(
+        marks_obtained=math.ceil(marksObtained),
+        options_selected=questionAnswer,
+        quiz_id=quiz_id,
+        student_id=current_user.id,
+    )
+
+    try:
+        questionAnswer = crud_quiz_answer.create(db, obj_in=questionAnswer)
+        return questionAnswer
+    except Exception:
+        raise HTTPException(
+            status_code=400,
+            detail="Error ID: 142",  # could not populate answer
+        )

api/endpoints/school.py

@@ -0,0 +1,67 @@
+from typing import List
+
+from fastapi import APIRouter, Depends
+from sqlalchemy.orm import Session
+
+from cruds.school import crud_school
+from schemas import School, SchoolCreate, SchoolUpdate
+from utils import deps
+
+router = APIRouter()
+
+
+@router.get("/", response_model=List[School])
+async def get_schools(
+    db: Session = Depends(deps.get_db),
+    user=Depends(deps.get_current_active_user),
+    skip: int = 0,
+    limit: int = 100,
+):
+    schools = crud_school.get_multi(db, skip=skip, limit=limit)
+    return schools
+
+
+@router.post("/", response_model=School)
+async def create_school(
+    db: Session = Depends(deps.get_db),
+    user=Depends(deps.get_current_admin_or_above),
+    *,
+    school_in: SchoolCreate,
+):
+    school = crud_school.create(db, obj_in=school_in)
+    return school
+
+
+@router.get("/{school_id}/", response_model=School)
+async def get_school(
+    db: Session = Depends(deps.get_db),
+    user=Depends(deps.get_current_active_user),
+    *,
+    school_id: int,
+):
+    school = crud_school.get(db, school_id)
+    return school
+
+
+@router.put("/{school_id}/", response_model=School)
+async def update_school(
+    db: Session = Depends(deps.get_db),
+    user=Depends(deps.get_current_admin_or_above),
+    *,
+    school_id: int,
+    school_update: SchoolUpdate,
+):
+    school = crud_school.get(db, school_id)
+    school = crud_school.update(db, db_obj=school, obj_in=school_update)
+    return school
+
+
+@router.delete("/{school_id}/")
+async def delete_school(
+    db: Session = Depends(deps.get_db),
+    user=Depends(deps.get_current_admin_or_above),
+    *,
+    school_id: int,
+):
+    crud_school.remove(db=db, id=school_id)
+    return {"msg": "success"}

api/endpoints/teacher_note.py

@@ -0,0 +1,61 @@
+from typing import Any, List
+
+from fastapi import APIRouter, Depends, HTTPException
+from sqlalchemy.orm import Session
+
+from utils import deps
+from cruds import crud_teacher_note
+from schemas import TeacherNote, TeacherNoteUpdate, TeacherNoteCreate
+
+
+router = APIRouter()
+
+
+# TODO: Search by student ??
+@router.get("/teacher_note/", response_model=List[TeacherNote])
+async def get_teacher_note(
+    user=Depends(deps.get_current_active_teacher),
+    db: Session = Depends(deps.get_db),
+    skip: int = 0,
+    limit: int = 100,
+) -> Any:
+    teacher_note = crud_teacher_note.get_user_teacher_note(db, user=user)
+    return teacher_note
+
+
+# TODO: Teacher can only post notes on students that are his student
+@router.post("/teacher_note/", response_model=TeacherNote)
+async def create_teacher_note(
+    user=Depends(deps.get_current_active_teacher),
+    db: Session = Depends(deps.get_db),
+    *,
+    obj_in: TeacherNoteCreate
+) -> Any:
+    teacher_note = crud_teacher_note.create(db, obj_in=obj_in)
+    return teacher_note
+
+
+@router.get("/teacher_note/{id}/", response_model=TeacherNote)
+async def get_specific_teacher_note(
+    user=Depends(deps.get_current_active_teacher),
+    db: Session = Depends(deps.get_db),
+    *,
+    id: int
+) -> Any:
+    teacher_note = crud_teacher_note.get_user_teacher_note(db=db, user=user, id=id)
+    return teacher_note
+
+
+@router.put("/teacher_note/{id}/", response_model=TeacherNote)
+async def update_teacher_note(
+    user=Depends(deps.get_current_active_teacher),
+    db: Session = Depends(deps.get_db),
+    *,
+    id: int,
+    obj_in: TeacherNoteUpdate
+) -> Any:
+    teacher_note = crud_teacher_note.get_user_teacher_note(db=db, user=user, id=id)
+    if not teacher_note:
+        raise HTTPException(status_code=403, detail="Error ID: 127")  # Access denied!
+    teacher_note = crud_teacher_note.update(db, db_obj=teacher_note, obj_in=obj_in)
+    return teacher_note

api/endpoints/two_fa.py

@@ -0,0 +1,151 @@
+import json
+import os
+from typing import Any, List, Optional
+
+import aiofiles
+from fastapi import APIRouter, Body
+from fastapi import Cookie as ReqCookie
+from fastapi import Depends, File, HTTPException, Request, UploadFile
+from fastapi.params import Cookie
+from sqlalchemy.orm import Session
+from sqlalchemy.sql.expression import update
+from sqlalchemy.sql.functions import current_user
+from starlette.responses import JSONResponse, Response
+
+import cruds
+import models
+import schemas
+from core import throttle
+from core.config import settings
+from core.db import redis_session_client
+from core.security import (
+    create_sesssion_token,
+    get_password_hash,
+    create_2fa_temp_token,
+    create_2fa_enable_temp_token
+)
+from cruds import group
+from schemas.user import UserUpdate, VerifyUser
+from utils import deps
+from utils.utils import (
+    expire_web_session,
+    generate_password_reset_token,
+    send_reset_password_email,
+    send_verification_email,
+    verify_password_reset_token,
+    verify_user_verify_token,
+)
+import pyotp
+from cruds import crud_user
+
+
+router = APIRouter()
+
+
+@router.get("/enable/request")
+async def two_fa_enable_request(
+    db: Session = Depends(deps.get_db),
+    *,
+    current_user: models.User = Depends(deps.get_current_user),
+    request: Request,
+    response: Response,
+) -> Any:
+    if current_user.two_fa_secret != None:
+        raise HTTPException(
+            status_code=409, detail="2FA is already enabled!"
+        )
+
+    totp_secret = pyotp.random_base32()
+    await create_2fa_enable_temp_token(current_user, totp_secret)
+
+    totp_url = pyotp.totp.TOTP(totp_secret).provisioning_uri(
+        name=current_user.email,
+        issuer_name=settings.PROJECT_NAME
+    )
+
+    return {"msg": "2FA enable requested!", "uri": totp_url, "secret": totp_secret}
+
+
+@router.post("/enable/confirm")
+async def two_fa_enable_confirm(
+    db: Session = Depends(deps.get_db),
+    *,
+    form_data: schemas.Two_FA_Confirm,
+    current_user: models.User = Depends(deps.get_current_user),
+) -> Any:
+    totp_secret = await redis_session_client.client.get(
+        f"two_fa_enable_temp_{current_user.id}"
+    )
+    totp_secret = totp_secret.decode("utf-8")
+    if not totp_secret:
+        raise HTTPException(
+            status_code=403, detail="Invalid or expired TOTP"
+        )
+
+    totp = pyotp.TOTP(totp_secret)
+    totp_valid = totp.verify(str(form_data.totp), valid_window=1)
+
+    if totp_valid:
+        crud_user.enable_2fa(db, secret=totp_secret, db_obj=current_user)
+        await redis_session_client.client.delete(
+            f"two_fa_enable_temp_{current_user.id}"
+        )
+        return {"msg": "2FA successfully enabled!"}
+    else:
+        return {"msg": "Invalid TOTP!"}
+
+
+@router.post("/login/confirm", response_model=Optional[schemas.user.UserLoginReturn], response_model_exclude_none=True)
+async def two_fa_login_confirm(
+    db: Session = Depends(deps.get_db),
+    *,
+    form_data: schemas.Two_FA_Confirm,
+    request: Request,
+    response: Response
+) -> Any:
+    token = request.cookies.get("temp_session")
+
+    if token == None:
+        raise HTTPException(
+            status_code=403, detail="Invalid token!"
+        )
+
+    data = json.loads(await redis_session_client.client.get(
+        f"two_fa_temp_{token}",
+    ))
+    # json.dumps({"user": user.id, "remember_me": remember_me}),
+
+    user = crud_user.get(db, id=data.get("user"))
+
+    totp = pyotp.TOTP(user.two_fa_secret)
+    totp_valid = totp.verify(str(form_data.totp), valid_window=1)
+
+    if not totp_valid:
+        raise HTTPException(
+            status_code=403, detail="Invalid TOTP!"
+        )
+
+    session_token = await create_sesssion_token(user, data.get("remember_me"), request)
+
+    response.delete_cookie("temp_session")
+    response.set_cookie("session", session_token, httponly=True)
+
+    await redis_session_client.client.delete(f"two_fa_temp_{token}")
+    return {"msg": "Logged in successfully!", "user": user, "two_fa_required": None}
+
+
+@router.delete(
+    "/disable",
+)
+async def two_fa_disable(
+    db: Session = Depends(deps.get_db),
+    *,
+    current_user: models.User = Depends(deps.get_current_user),
+) -> Any:
+    if current_user.two_fa_secret == None:
+        raise HTTPException(
+            status_code=409, detail="2FA is already disabled!"
+        )
+    crud_user.disable_2fa(db, db_obj=current_user)
+
+    return {"msg": "2FA successfully disabled!"}

api/endpoints/user_permission.py

@@ -0,0 +1,49 @@
+from typing import Any, List
+
+from fastapi import APIRouter, Depends
+from sqlalchemy.orm import Session
+
+from utils import deps
+from cruds import crud_user_permission
+from schemas.user_permission import (
+    UserPermission,
+    UserPermissionCreate,
+    UserPermissionUpdate,
+)
+
+router = APIRouter()
+
+
+@router.get("/", response_model=List[UserPermission])
+async def get_user_permission(
+    db: Session = Depends(deps.get_db), skip: int = 0, limit: int = 100
+) -> Any:
+    user_permission = crud_user_permission.get_multi(db, skip=skip, limit=limit)
+    return user_permission
+
+
+@router.post("/", response_model=UserPermission)
+async def create_user_permission(
+    db: Session = Depends(deps.get_db), *, obj_in: UserPermissionCreate
+) -> Any:
+    user_permission = crud_user_permission.create(db, obj_in=obj_in)
+    return user_permission
+
+
+@router.get("/{id}", response_model=UserPermission)
+async def get_specific_user_permission(
+    db: Session = Depends(deps.get_db), *, id: int
+) -> Any:
+    user_permission = crud_user_permission.get(db, id)
+    return user_permission
+
+
+@router.put("/{id}", response_model=UserPermission)
+async def update_user_permission(
+    db: Session = Depends(deps.get_db), *, id: int, obj_in: UserPermissionUpdate
+) -> Any:
+    user_permission = crud_user_permission.get(db, id)
+    user_permission = crud_user_permission.update(
+        db, db_obj=user_permission, obj_in=obj_in
+    )
+    return user_permission

api/endpoints/users.py

@@ -0,0 +1,261 @@
+import secrets
+from schemas.user import UserCreate
+from typing import Any, List
+import aiofiles
+from hashlib import sha1
+
+import os
+
+from fastapi import APIRouter, Body, Depends, HTTPException, UploadFile, File
+from fastapi.encoders import jsonable_encoder
+from pydantic.networks import EmailStr
+from sqlalchemy.orm import Session
+from core import settings
+
+
+import cruds
+import models
+import schemas
+from utils import deps
+from core.config import settings
+from utils.utils import send_reset_password_email
+
+from fastapi import FastAPI, File, Form, UploadFile
+from typing import List, Optional
+from datetime import date
+
+router = APIRouter()
+
+
+@router.get("/", response_model=List[schemas.user.UserReturn])
+def read_users(
+    db: Session = Depends(deps.get_db),
+    skip: int = 0,
+    limit: int = 100,
+    current_user: models.User = Depends(deps.get_current_admin_or_above),
+) -> Any:
+    """
+    Retrieve users.
+    """
+    users = cruds.crud_user.get_multi(db, skip=skip, limit=limit)
+    return users
+
+
+@router.get("/teacher/", response_model=List[schemas.user.TeacherShort])
+def get_teachers(
+    db: Session = Depends(deps.get_db),
+    skip: int = 0,
+    limit: int = 200,
+    current_user: models.User = Depends(deps.get_current_active_teacher_or_above),
+) -> Any:
+    teachers = (
+        db.query(models.User)
+        .filter(models.User.user_type == settings.UserType.TEACHER.value)
+        .all()
+    )
+    return teachers
+
+
+@router.post("/", response_model=schemas.User)
+async def create_user(
+    *,
+    db: Session = Depends(deps.get_db),
+    user_in: schemas.user.AdminUserCreate,
+    current_user: models.User = Depends(deps.get_current_active_superuser),
+) -> Any:
+    user = cruds.crud_user.get_by_email(db, email=user_in.email)
+    if user:
+        raise HTTPException(
+            status_code=400,
+            detail="Error ID: 128",
+        )  # The user with this username already exists in the system.
+    user_create = schemas.UserCreate(
+        email=user_in.email,
+        full_name=user_in.full_name,
+        address=user_in.address,
+        group_id=user_in.group_id,
+        contact_number=user_in.contact_number,
+        dob=user_in.dob,
+        join_year=user_in.join_year,
+        password=settings.SECRET_KEY,
+    )
+    user = cruds.crud_user.create(db, obj_in=user_create)
+    cruds.crud_user.verify_user(db=db, db_obj=user)
+    await send_reset_password_email(user=user)
+    return user
+
+
+@router.put("/me/", response_model=schemas.user.UserReturn)
+async def update_user_me(
+    *,
+    db: Session = Depends(deps.get_db),
+    full_name: Optional[str] = Form(None),
+    address: Optional[str] = Form(None),
+    dob: Optional[date] = Form(None),
+    contact_number: Optional[str] = Form(None),
+    profile_photo: Optional[UploadFile] = File(None),
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Update own user.
+    """
+    profile_db_path = None
+    if profile_photo:
+        profiles_path = os.path.join(settings.UPLOAD_DIR_ROOT, "profiles")
+        content_type = profile_photo.content_type
+        file_extension = content_type[content_type.index("/") + 1 :]
+        new_profile_image = f"{secrets.token_hex(nbytes=16)}.{file_extension}"
+        profile_db_path = os.path.join("profiles", new_profile_image)
+        new_profile_image_file_path = os.path.join(
+            settings.UPLOAD_DIR_ROOT, profile_db_path
+        )
+
+        if not os.path.exists(profiles_path):
+            os.makedirs(profiles_path)
+
+        async with aiofiles.open(new_profile_image_file_path, mode="wb") as f:
+            content = await profile_photo.read()
+            await f.write(content)
+
+        try:
+            if current_user.profile_image != None:
+                os.remove(
+                    os.path.join(settings.UPLOAD_DIR_ROOT, current_user.profile_image)
+                )
+        except Exception:
+            pass
+
+    user_in = schemas.UserUpdate(
+        full_name=full_name,
+        address=address,
+        dob=dob,
+        contact_number=contact_number,
+        profile_image=profile_db_path,
+    )
+    print(jsonable_encoder(user_in))
+
+    user = cruds.crud_user.update(
+        db, db_obj=current_user, obj_in=user_in.dict(exclude_none=True)
+    )
+
+    return user
+
+
+@router.get(
+    "/me/", response_model=schemas.user.UserReturn, response_model_exclude_none=True
+)
+# @router.get("/me/teacher_group", response_model=schemas.user.UserReturn)
+async def read_user_me(
+    db: Session = Depends(deps.get_db),
+    current_user: models.User = Depends(deps.get_current_active_user),
+) -> Any:
+    """
+    Get current user.
+    """
+    return current_user
+
+
+# @router.put("/me/profile/")
+# async def update_my_profile_photo(
+# db: Session = Depends(deps.get_db),
+# *,
+# current_user: models.User = Depends(deps.get_current_active_user),
+# profile_photo: UploadFile = File(...),
+# ):
+
+# cruds.crud_user.update(
+# db,
+# db_obj=current_user,
+# obj_in=schemas.user.ImageUpdate(profile_image=profile_db_path),
+# )
+
+# return {"msg": "success", "profile": new_profile_image}
+
+
+@router.get("/{user_id}/", response_model=schemas.user.UserReturn)
+async def read_user_by_id(
+    user_id: int,
+    current_user: models.User = Depends(deps.get_current_active_user),
+    db: Session = Depends(deps.get_db),
+) -> Any:
+    """
+    Get a specific user by id.
+    """
+    user = cruds.crud_user.get(db, id=user_id)
+    if user == current_user:
+        return user
+
+    if current_user.user_type > settings.UserType.ADMIN.value:
+        raise HTTPException(
+            status_code=400, detail="Error ID: 131"
+        )  # The user doesn't have enough privileges
+    # if not cruds.crud_user.is_superuser(current_user):
+    #     raise HTTPException(
+    #         status_code=400, detail="Error ID: 131"
+    #     )  # The user doesn't have enough privileges
+    return user
+
+
+@router.put("/{user_id}/", response_model=schemas.User)
+async def update_user(
+    *,
+    db: Session = Depends(deps.get_db),
+    user_id: int,
+    user_in: schemas.UserUpdate,
+    current_user: models.User = Depends(deps.get_current_admin_or_above),
+) -> Any:
+    """
+    Update a user.
+    """
+    user = cruds.crud_user.get(db, id=user_id)
+    if not user:
+        raise HTTPException(
+            status_code=404,
+            detail="Error ID: 132",
+        )  # The user with this username does not exist in the system
+    user = cruds.crud_user.update(db, db_obj=user, obj_in=user_in)
+    return user
+
+
+@router.delete("/{user_id}/")
+async def delete_user(
+    *,
+    db: Session = Depends(deps.get_db),
+    user_id: int,
+    current_user: models.User = Depends(deps.get_current_admin_or_above),
+) -> Any:
+    cruds.crud_user.remove(db, id=user_id)
+    return {"msg": "success"}
+
+
+@router.put("/{user_id}/profile")
+async def update_profile_photo(
+    db: Session = Depends(deps.get_db),
+    *,
+    user_id: int,
+    current_user: models.User = Depends(deps.get_current_admin_or_above),
+    profile_photo: UploadFile = File(...),
+):
+
+    user = cruds.crud_user.get_by_id(db, id=user_id)
+    profile_image_path = os.path.join("uploaded_files", "profiles")
+    profile_image = f"{abs(hash(str(user.id)))}.jpg"
+    profile_image_file_path = os.path.join(profile_image_path, profile_image)
+
+    if not os.path.exists(profile_image_path):
+        os.makedirs(profile_image_path)
+    else:
+        if os.path.exists(os.path.join(profile_image_path, f"{user.profile_image}")):
+            os.remove(os.path.join(profile_image_path, f"{user.profile_image}"))
+
+    async with aiofiles.open(profile_image_file_path, mode="wb") as f:
+        content = await profile_photo.read()
+        await f.write(content)
+
+    user = cruds.crud_user.update(
+        db,
+        db_obj=user,
+        obj_in=schemas.UserUpdate(profile_image=profile_image),
+    )
+
+    return user

api/endpoints/utils.py

@@ -0,0 +1,16 @@
+from typing import Any
+
+from fastapi import APIRouter, Depends
+from fastapi.responses import FileResponse
+from pydantic.networks import EmailStr
+
+import models
+import schemas
+from utils import deps
+
+router = APIRouter()
+
+
+@router.get("/ping")
+async def ping() -> Any:
+    return {"msg": "pong"}

app.py

@@ -0,0 +1,100 @@
+import uvicorn
+import os
+from fastapi import FastAPI
+from fastapi.openapi.docs import (
+    get_swagger_ui_html,
+    get_swagger_ui_oauth2_redirect_html,
+)
+from pyngrok import ngrok
+from starlette.middleware.cors import CORSMiddleware
+
+from core.config import settings
+from core.db import (
+    init,
+    redis_cache_client,
+    redis_chat_client,
+    redis_general,
+    redis_session_client,
+    redis_throttle_client,
+)
+from api import router
+
+app = FastAPI(
+    title=settings.PROJECT_NAME,
+    #openapi_url=f"{settings.API_V1_STR}/openapi.json",
+   # docs_url=None,
+)
+
+
+@app.on_event("startup")
+async def startup():
+    await redis_cache_client.initialize()
+    await redis_chat_client.initialize()
+    await redis_throttle_client.initialize()
+    await redis_session_client.initialize()
+    await redis_general.initialize()
+    init.init_db()
+
+
+@app.on_event("shutdown")
+async def shutdown():
+    await redis_cache_client.close()
+    await redis_chat_client.close()
+    await redis_throttle_client.close()
+    await redis_session_client.close()
+    await redis_general.close()
+
+
+"""@app.get("/docs", include_in_schema=False)
+async def custom_swagger_ui_html():
+    return get_swagger_ui_html(
+        openapi_url=app.openapi_url,
+        title=app.title + " - API Documentaion",
+        oauth2_redirect_url=app.swagger_ui_oauth2_redirect_url,
+        swagger_js_url=f"{settings.STATIC_URL_BASE}/static/swagger-ui-bundle.js",
+        swagger_css_url=f"{settings.STATIC_URL_BASE}/static/swagger-ui.css",
+    )"""
+
+
+"""@app.get(app.swagger_ui_oauth2_redirect_url, include_in_schema=False)
+async def swagger_ui_redirect():
+    return get_swagger_ui_oauth2_redirect_html()"""
+
+
+if settings.BACKEND_CORS_ORIGINS:
+    app.add_middleware(
+        CORSMiddleware,
+        allow_origins=[str(origin) for origin in settings.BACKEND_CORS_ORIGINS],
+        allow_credentials=True,
+        allow_methods=["*"],
+        allow_headers=["*"],
+    )
+    pass
+
+app.include_router(router, prefix=settings.API_V1_STR)
+
+
+def run():
+    reload_blacklist = ["tests", ".pytest_cache"]
+    reload_dirs = os.listdir()
+
+    for dir in reload_blacklist:
+        try:
+            reload_dirs.remove(dir)
+        except:
+            pass
+    public_url = ngrok.connect(addr=f"http://localhost:{settings.BACKEND_PORT}")
+    print("Public URL:", public_url)
+    uvicorn.run(
+        "app:app",
+        host=settings.BACKEND_HOST,
+        port=settings.BACKEND_PORT,
+        reload=settings.DEV_MODE,
+        reload_dirs=reload_dirs,
+        debug=settings.DEV_MODE,
+        workers=settings.WORKERS,
+    )
+
+
+if __name__ == "__main__":
+    run()

core/__init__.py

@@ -0,0 +1 @@
+from .config import settings