From 21d5c0be0226bea7a349b184250f71e615132a9e Mon Sep 17 00:00:00 2001
From: orertrr <orertrr6207@gmail.com>
Date: Tue, 25 Jun 2024 17:17:13 +0800
Subject: [PATCH 1/9] feat: add api for COSCUP-Volunteer

Signed-off-by: orertrr <orertrr6207@gmail.com>
---
 main.py           | 2 ++
 view/volunteer.py | 6 ++++++
 2 files changed, 8 insertions(+)
 create mode 100644 view/volunteer.py

diff --git a/main.py b/main.py
index d00fb2b..4e4d498 100644
--- a/main.py
+++ b/main.py
@@ -21,6 +21,7 @@
 from view.subscribe import VIEW_SUBSCRIBE
 from view.subscriber import VIEW_SUBSCRIBER
 from view.trello import VIEW_TRELLO
+from view.volunteer import VIEW_VOLUNTEER
 
 logging.basicConfig(
     filename='./log/log.log',
@@ -38,6 +39,7 @@
 app.register_blueprint(VIEW_SUBSCRIBE)
 app.register_blueprint(VIEW_SUBSCRIBER)
 app.register_blueprint(VIEW_TRELLO)
+app.register_blueprint(VIEW_VOLUNTEER)
 
 if app.debug:
     app.config['TEMPLATES_AUTO_RELOAD'] = True
diff --git a/view/volunteer.py b/view/volunteer.py
new file mode 100644
index 0000000..5c8c048
--- /dev/null
+++ b/view/volunteer.py
@@ -0,0 +1,6 @@
+'''
+API for COSCUP-Volunteer
+'''
+from flask import Blueprint
+
+VIEW_VOLUNTEER = Blueprint('volunteer', __name__, url_prefix='/coscup')

From 2ed095d83a3e79b0dbbda14e7d39eb6d2e4cc608 Mon Sep 17 00:00:00 2001
From: orertrr <orertrr6207@gmail.com>
Date: Tue, 2 Jul 2024 23:04:05 +0800
Subject: [PATCH 2/9] feat: add token management page prototype

Signed-off-by: orertrr <orertrr6207@gmail.com>
---
 main.py                       |   2 +
 templates/base.html           |   3 +
 templates/index.html          |  13 +++
 templates/settings_token.html | 164 ++++++++++++++++++++++++++++++++++
 view/token.py                 |   9 ++
 5 files changed, 191 insertions(+)
 create mode 100644 templates/settings_token.html
 create mode 100644 view/token.py

diff --git a/main.py b/main.py
index 4e4d498..36c1455 100644
--- a/main.py
+++ b/main.py
@@ -22,6 +22,7 @@
 from view.subscriber import VIEW_SUBSCRIBER
 from view.trello import VIEW_TRELLO
 from view.volunteer import VIEW_VOLUNTEER
+from view.token import VIEW_TOKEN
 
 logging.basicConfig(
     filename='./log/log.log',
@@ -40,6 +41,7 @@
 app.register_blueprint(VIEW_SUBSCRIBER)
 app.register_blueprint(VIEW_TRELLO)
 app.register_blueprint(VIEW_VOLUNTEER)
+app.register_blueprint(VIEW_TOKEN)
 
 if app.debug:
     app.config['TEMPLATES_AUTO_RELOAD'] = True
diff --git a/templates/base.html b/templates/base.html
index b9ac90b..2b13d7a 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -38,6 +38,9 @@
                 <span>{{session.u.name}}</span>
             </a>
             <div class="navbar-dropdown is-right">
+                <a class="navbar-item" href="/token">
+                    <span class="icon"><i class="fas fa-key"></i></span> <span>API Token 設定</span>
+                </a>
                 <a class="navbar-item" href="/logout">
                     <span class="icon"><i class="fas fa-sign-out-alt"></i></span> <span>登出</span>
                 </a>
diff --git a/templates/index.html b/templates/index.html
index 70d72a1..6956a46 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -28,6 +28,19 @@ <h3>管理電子報訂閱者</h3>
                 </div>
             </div>
         </div>
+        <div class="columns">
+            <div class="column">
+                <div class="content">
+                    <h3>電子報系統設定</h3>
+                </div>
+                <div class="buttons">
+                    <a class="button is-outlined is-info is-light" href="/token">
+                        <span class="icon"><i class="fas fa-key"></i></span>
+                        <span>API Token 設定</span>
+                    </a>
+                </div>
+            </div>
+        </div>
         <div class="columns">
             <div class="column">
                 <div class="content">
diff --git a/templates/settings_token.html b/templates/settings_token.html
new file mode 100644
index 0000000..64d1f1b
--- /dev/null
+++ b/templates/settings_token.html
@@ -0,0 +1,164 @@
+{% extends 'base.html' %}
+{%block head_title%}Subscriber API Management - {%endblock%}
+{% block body %}
+<section class="hero is-primary">
+    <div class="hero-body">
+        <div class="container">
+            <h1 class="title">
+                電子報系統設定
+            </h1>
+            <h2 class="subtitle">
+                API Token 設定
+            </h2>
+        </div>
+    </div>
+    <div class="hero-foot">
+        <nav class="tabs is-boxed">
+            <div class="container">
+                <ul>
+                    <li class="is-active"><span class="has-text-black"><a href="/">返回</a></span></li>
+                </ul>
+            </div>
+        </nav>
+    </div>
+</section>
+<section class="section">
+    <div class="container" id="tokenManagement" v-cloak>
+        <div class="field">
+            <button class="button" v-on:click="setIsCreateTokenModelActive(true)">新增 Token</button>
+            <button class="button is-danger" :disabled="selectedToken.length === 0" v-on:click="removeTokens">刪除選定 Token</button>
+        </div>
+        <div class="table-container">
+            <table class="table">
+                <thead>
+                    <tr>
+                        <th>勾選</th>
+                        <th>編號</th>
+                        <th>標籤</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    <tr v-for="token in tokenList">
+                        <td><input type="checkbox" :value="token.id" v-model="selectedToken" /></td>
+                        <td>[[ token.id ]]</td>
+                        <td>[[ token.label ]]</td>
+                    </tr>
+                </tbody>
+            </table>
+        </div>
+        <div id="create-token-modal" class="modal" :class="{ 'is-active': isCreateTokenModelActive }">
+            <div class="modal-background"></div>
+            <div class="modal-card">
+                <header class="modal-card-head">
+                    <p class="modal-card-title">新增 Token</p>
+                    <button class="delete" aria-label="close" v-on:click="setIsCreateTokenModelActive(false)"></button>
+                </header>
+                <section class="modal-card-body">
+                    <div class="field">
+                        <label class="label">Token 標籤</label>
+                        <div class="control">
+                            <input class="input" type="text" placeholder="輸入 Token 標籤" v-model="createNewTokenForm.label" />
+                        </div>
+                    </div>
+                </section>
+                <footer class="modal-card-foot">
+                    <div class="buttons">
+                        <button class="button is-primary" v-on:click="createToken">送出</button>
+                        <button class="button" v-on:click="setIsCreateTokenModelActive(false)">取消</button>
+                    </div>
+                </footer>
+            </div>
+        </div>
+        <div id="create-token-successful-modal" class="modal" :class="{ 'is-active': isCreateTokenSuccessfulModelActive }">
+            <div class="modal-background"></div>
+            <div class="modal-card">
+                <header class="modal-card-head">
+                    <p class="modal-card-title">新增 Token 成功</p>
+                </header>
+                <section class="modal-card-body">
+                    <div class="content">
+                        <p>此 Token 只會顯示一次，關掉此畫面後便無法複製此 Token</p>
+                        <ul>
+                            <li><b>標籤：</b>[[ createNewTokenResp.label ]]</li>
+                            <li><b>Token：</b>[[ createNewTokenResp.token ]]</li>
+                        </ul>
+                    </div>
+                </section>
+                <footer class="modal-card-foot">
+                    <div class="buttons">
+                        <button class="button is-success" v-on:click="reload">確認</button>
+                    </div>
+                </footer>
+            </div>
+        </div>
+    </div>
+</section>
+{% endblock %}
+{% block js %}
+<script>
+    (() => {
+        let $tokenManagement = new Vue({
+            el: '#tokenManagement',
+            data: {
+                isCreateTokenModelActive: false,
+                isCreateTokenSuccessfulModelActive: false,
+                tokenList: [
+                    {
+                        id: 1,
+                        label: 'Test Token1'
+                    },
+                    {
+                        id: 2,
+                        label: 'Test Token2'
+                    },
+                    {
+                        id: 3,
+                        label: 'Test Token3'
+                    }
+                ],
+                selectedToken: [],
+                createNewTokenForm: {
+                    label: '',
+                },
+                createNewTokenResp: {
+                    label: '',
+                    token: '',
+                }
+            },
+            mounted: function() {
+                console.log('mounted');
+            },
+            methods: {
+                setIsCreateTokenModelActive: function (isActive) {
+                    this.isCreateTokenModelActive = isActive;
+                },
+                setIsCreateTokenSuccessfulModelActive: function (isActive) {
+                    this.isCreateTokenSuccessfulModelActive = isActive;
+                },
+                createToken: function() {
+                    const newToken = Math.random().toString(20).substr(2, 6)
+                    this.createNewTokenResp = {
+                        label: this.createNewTokenForm.label,
+                        token: newToken,
+                    }
+
+                    this.tokenList.push({
+                        id: this.tokenList.length + 1,
+                        label: this.createNewTokenResp.label,
+                    })
+
+                    this.setIsCreateTokenModelActive(false);
+                    this.setIsCreateTokenSuccessfulModelActive(true);
+                },
+                removeTokens: function() {
+                    this.tokenList = this.tokenList.filter((token) => !this.selectedToken.includes(token.id))
+                },
+                reload: function() {
+                    this.setIsCreateTokenSuccessfulModelActive(false);
+                },
+            },
+            delimiters: ['[[', ']]']
+        });
+    })();
+</script>
+{% endblock %}
diff --git a/view/token.py b/view/token.py
new file mode 100644
index 0000000..2d0c458
--- /dev/null
+++ b/view/token.py
@@ -0,0 +1,9 @@
+''' API token management '''
+from flask import Blueprint, render_template
+
+VIEW_TOKEN = Blueprint('token', __name__, url_prefix='/token')
+
+@VIEW_TOKEN.route('/', methods=('GET',))
+def index() -> str:
+    ''' index page '''
+    return render_template('settings_token.html')

From 21f51e40e1a93b34fee027297879397655dae44e Mon Sep 17 00:00:00 2001
From: orertrr <orertrr6207@gmail.com>
Date: Sun, 14 Jul 2024 19:53:59 +0800
Subject: [PATCH 3/9] feat: add API for accessing API tokens

Signed-off-by: orertrr <orertrr6207@gmail.com>
---
 models/api_token.py | 17 ++++++++++++++
 models/index.py     |  3 +++
 module/api_token.py | 38 ++++++++++++++++++++++++++++++
 poetry.lock         | 21 +++++++++++++++--
 pyproject.toml      |  1 +
 view/token.py       | 57 ++++++++++++++++++++++++++++++++++++++++++++-
 6 files changed, 134 insertions(+), 3 deletions(-)
 create mode 100644 models/api_token.py
 create mode 100644 module/api_token.py

diff --git a/models/api_token.py b/models/api_token.py
new file mode 100644
index 0000000..458b1c5
--- /dev/null
+++ b/models/api_token.py
@@ -0,0 +1,17 @@
+from models.base import DBBase
+
+class APITokenDB(DBBase):
+    ''' Token Collection
+
+    Schema:
+    {
+        serial_no: string,
+        token: string,
+        label: string
+    }
+    '''
+    def __init__(self) -> None:
+        super().__init__('api_token')
+
+    def index(self) -> None:
+        self.create_index([('serial_no', 1)])
diff --git a/models/index.py b/models/index.py
index 2c58b25..abc77d9 100644
--- a/models/index.py
+++ b/models/index.py
@@ -1,8 +1,11 @@
 ''' index '''
 from models.subscriberdb import (SubscriberDB, SubscriberLoginTokenDB,
                                  SubscriberReadDB)
+from models.api_token import APITokenDB
 
 if __name__ == '__main__':
     SubscriberDB().index()
     SubscriberLoginTokenDB().index()
     SubscriberReadDB().index()
+
+    APITokenDB().index()
diff --git a/module/api_token.py b/module/api_token.py
new file mode 100644
index 0000000..5270ec6
--- /dev/null
+++ b/module/api_token.py
@@ -0,0 +1,38 @@
+from typing import Any
+from uuid import uuid4
+from dataclasses import dataclass, asdict, field
+
+from passlib.context import CryptContext # type: ignore
+
+from models.api_token import APITokenDB
+
+@dataclass
+class APITokenSchema:
+    token: str = field(default_factory=lambda: uuid4().hex)
+    serial_no: str = field(default_factory=lambda: f'{uuid4().node:08x}')
+    label: str = ''
+
+class APIToken:
+    @staticmethod
+    def create(label: str) -> APITokenSchema:
+        new_token = APITokenSchema(label=label)
+
+        hash_context = CryptContext(schemes=['bcrypt'], deprecated='auto')
+        hashed_token = asdict(new_token)
+        hashed_token['token'] = hash_context.hash(hashed_token['token'])
+        
+        APITokenDB().insert_one(hashed_token)
+
+        new_token.token = f'{new_token.serial_no}|{new_token.token}'
+
+        return new_token
+    
+    @staticmethod
+    def get_list() -> list[dict[str, Any]]:
+        return list(APITokenDB().find({}, { 'label': 1, 'serial_no': 1, '_id': 0 }))
+    
+    @staticmethod
+    def delete(tokens: list[str]) -> None:
+        APITokenDB().delete_many({
+            'serial_no': { '$in': tokens }
+        })
diff --git a/poetry.lock b/poetry.lock
index 029482a..cb8628f 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 1.7.1 and should not be changed by hand.
+# This file is automatically @generated by Poetry 1.8.2 and should not be changed by hand.
 
 [[package]]
 name = "amqp"
@@ -816,6 +816,23 @@ rsa = ["cryptography (>=3.0.0)"]
 signals = ["blinker (>=1.4.0)"]
 signedtoken = ["cryptography (>=3.0.0)", "pyjwt (>=2.0.0,<3)"]
 
+[[package]]
+name = "passlib"
+version = "1.7.4"
+description = "comprehensive password hashing framework supporting over 30 schemes"
+optional = false
+python-versions = "*"
+files = [
+    {file = "passlib-1.7.4-py2.py3-none-any.whl", hash = "sha256:aa6bca462b8d8bda89c70b382f0c298a20b5560af6cbfa2dce410c0a2fb669f1"},
+    {file = "passlib-1.7.4.tar.gz", hash = "sha256:defd50f72b65c5402ab2c573830a6978e5f202ad0d984793c8dde2c4152ebe04"},
+]
+
+[package.extras]
+argon2 = ["argon2-cffi (>=18.2.0)"]
+bcrypt = ["bcrypt (>=3.1.0)"]
+build-docs = ["cloud-sptheme (>=1.10.1)", "sphinx (>=1.6)", "sphinxcontrib-fulltoc (>=1.2.0)"]
+totp = ["cryptography"]
+
 [[package]]
 name = "phonenumbers"
 version = "8.13.30"
@@ -1321,4 +1338,4 @@ watchdog = ["watchdog (>=2.3)"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.11"
-content-hash = "2b9b81f0b5f3ab613fa87a8a14c0bce8df54cb00f378aabe619253d58930dd57"
+content-hash = "eda4423ce149ab181639946e116b278ab6c22d6980495cbc2d4cfcf47a000b28"
diff --git a/pyproject.toml b/pyproject.toml
index 49c7221..c5ccb35 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -24,6 +24,7 @@ pymongo = "^4.3.3"
 requests = "^2.31.0"
 uWSGI = "^2.0.21"
 certifi = "*"
+passlib = "^1.7.4"
 
 
 [tool.poetry.group.dev.dependencies]
diff --git a/view/token.py b/view/token.py
index 2d0c458..59b1192 100644
--- a/view/token.py
+++ b/view/token.py
@@ -1,9 +1,64 @@
 ''' API token management '''
-from flask import Blueprint, render_template
+from flask import Blueprint, Response, make_response, render_template, request, jsonify
+from werkzeug.exceptions import BadRequest
+
+from module.api_token import APIToken
 
 VIEW_TOKEN = Blueprint('token', __name__, url_prefix='/token')
 
+@VIEW_TOKEN.errorhandler(BadRequest)
+def handle_bad_request(e: BadRequest) -> Response:
+    return make_response({ 'message': e.description }, e.code)
+
 @VIEW_TOKEN.route('/', methods=('GET',))
 def index() -> str:
     ''' index page '''
     return render_template('settings_token.html')
+
+@VIEW_TOKEN.route('/', methods=('POST',))
+def create_token() -> str | Response:
+    '''API for creating token
+
+    Request Body: 
+    {
+        "label": string
+    }
+
+    Response Body (200):
+    {
+        "label": string,
+        "token": string,
+    }
+    '''
+    create_token_dto = request.get_json()
+
+    if 'label' not in create_token_dto or \
+        type(create_token_dto['label']) is not str or \
+        len(create_token_dto['label']) == 0:
+        raise BadRequest('label should not be empty string.')
+
+    new_token = APIToken.create(create_token_dto['label'])
+    return jsonify({
+        'label': new_token.label,
+        'token': new_token.token,
+    })
+
+@VIEW_TOKEN.route('/list', methods=('GET',))
+def get_list() -> Response:
+    tokens = APIToken.get_list()
+    return jsonify({ 'tokens': tokens })
+
+@VIEW_TOKEN.route('/', methods=('DELETE',))
+def delete() -> Response:
+    delete_token_dto = request.get_json()
+
+    if not isinstance(delete_token_dto['tokens'], list):
+        raise BadRequest('tokens should be in the body and an array of string')
+    
+    for token in delete_token_dto['tokens']:
+        if type(token) is not str:
+            raise BadRequest('tokens should be an array of string')
+        
+    APIToken.delete(delete_token_dto['tokens'])
+        
+    return jsonify({ 'success': True })

From 3d1280eca37d11524ac84ddc09df38dca67357a6 Mon Sep 17 00:00:00 2001
From: orertrr <orertrr6207@gmail.com>
Date: Sun, 14 Jul 2024 19:56:30 +0800
Subject: [PATCH 4/9] feat: add token management page

Signed-off-by: orertrr <orertrr6207@gmail.com>
---
 templates/settings_token.html | 118 ++++++++++++++++++++--------------
 1 file changed, 69 insertions(+), 49 deletions(-)

diff --git a/templates/settings_token.html b/templates/settings_token.html
index 64d1f1b..73467d7 100644
--- a/templates/settings_token.html
+++ b/templates/settings_token.html
@@ -25,33 +25,31 @@ <h2 class="subtitle">
 <section class="section">
     <div class="container" id="tokenManagement" v-cloak>
         <div class="field">
-            <button class="button" v-on:click="setIsCreateTokenModelActive(true)">新增 Token</button>
-            <button class="button is-danger" :disabled="selectedToken.length === 0" v-on:click="removeTokens">刪除選定 Token</button>
+            <button class="button" :class="{ 'is-loading': isLoading }" v-on:click="setIsCreateTokenModalActive(true)">新增 Token</button>
+            <button class="button is-danger" :class="{ 'is-loading': isLoading }" :disabled="selectedToken.length === 0" v-on:click="setIsRemoveTokenModalActive(true)">刪除選定 Token</button>
         </div>
         <div class="table-container">
             <table class="table">
                 <thead>
                     <tr>
                         <th>勾選</th>
-                        <th>編號</th>
                         <th>標籤</th>
                     </tr>
                 </thead>
                 <tbody>
                     <tr v-for="token in tokenList">
-                        <td><input type="checkbox" :value="token.id" v-model="selectedToken" /></td>
-                        <td>[[ token.id ]]</td>
+                        <td><input type="checkbox" :value="token" v-model="selectedToken" /></td>
                         <td>[[ token.label ]]</td>
                     </tr>
                 </tbody>
             </table>
         </div>
-        <div id="create-token-modal" class="modal" :class="{ 'is-active': isCreateTokenModelActive }">
+        <div id="create-token-modal" class="modal" :class="{ 'is-active': isCreateTokenModalActive }">
             <div class="modal-background"></div>
             <div class="modal-card">
                 <header class="modal-card-head">
                     <p class="modal-card-title">新增 Token</p>
-                    <button class="delete" aria-label="close" v-on:click="setIsCreateTokenModelActive(false)"></button>
+                    <button class="delete" aria-label="close" v-on:click="setIsCreateTokenModalActive(false)"></button>
                 </header>
                 <section class="modal-card-body">
                     <div class="field">
@@ -63,13 +61,13 @@ <h2 class="subtitle">
                 </section>
                 <footer class="modal-card-foot">
                     <div class="buttons">
-                        <button class="button is-primary" v-on:click="createToken">送出</button>
-                        <button class="button" v-on:click="setIsCreateTokenModelActive(false)">取消</button>
+                        <button class="button is-primary" :class="{ 'is-loading': isLoading }" v-on:click="createToken">送出</button>
+                        <button class="button" v-on:click="setIsCreateTokenModalActive(false)">取消</button>
                     </div>
                 </footer>
             </div>
         </div>
-        <div id="create-token-successful-modal" class="modal" :class="{ 'is-active': isCreateTokenSuccessfulModelActive }">
+        <div id="create-token-successful-modal" class="modal" :class="{ 'is-active': isCreateTokenSuccessfulModalActive }">
             <div class="modal-background"></div>
             <div class="modal-card">
                 <header class="modal-card-head">
@@ -91,31 +89,43 @@ <h2 class="subtitle">
                 </footer>
             </div>
         </div>
+        <div id="remove-tokens-modal" class="modal" :class="{ 'is-active': isRemoveTokenModalActive }">
+            <div class="modal-background"></div>
+            <div class="modal-card">
+                <header class="modal-card-head">
+                    <p class="modal-card-title">移除 Token</p>
+                    <button class="delete" aria-label="close" v-on:click="setIsRemoveTokenModalActive(false)"></button>
+                </header>
+                <section class="modal-card-body">
+                    <div class="content">
+                        <p>是否確認要刪除以下 Token</p>
+                        <ul>
+                            <li v-for="token in selectedToken">[[ token.label ]]</li>
+                        </ul>
+                    </div>
+                </section>
+                <footer class="modal-card-foot">
+                    <div class="buttons">
+                        <button class="button is-danger" :class="{ 'is-loading': isLoading }" v-on:click="deleteTokens">確認刪除</button>
+                        <button class="button" v-on:click="setIsRemoveTokenModalActive(false)">取消</button>
+                    </div>
+                </footer>
+            </div>
+        </div>
     </div>
 </section>
 {% endblock %}
 {% block js %}
+<script src="/js/axios.min.js"></script>
 <script>
     (() => {
         let $tokenManagement = new Vue({
             el: '#tokenManagement',
             data: {
-                isCreateTokenModelActive: false,
-                isCreateTokenSuccessfulModelActive: false,
-                tokenList: [
-                    {
-                        id: 1,
-                        label: 'Test Token1'
-                    },
-                    {
-                        id: 2,
-                        label: 'Test Token2'
-                    },
-                    {
-                        id: 3,
-                        label: 'Test Token3'
-                    }
-                ],
+                isCreateTokenModalActive: false,
+                isCreateTokenSuccessfulModalActive: false,
+                isRemoveTokenModalActive: false,
+                tokenList: [],
                 selectedToken: [],
                 createNewTokenForm: {
                     label: '',
@@ -123,38 +133,48 @@ <h2 class="subtitle">
                 createNewTokenResp: {
                     label: '',
                     token: '',
-                }
+                },
+                isLoading: false,
             },
-            mounted: function() {
-                console.log('mounted');
+            mounted: async function() {
+                this.isLoading = true;
+                const { data } = await axios.get('./list');
+                this.tokenList = data.tokens;
+                this.isLoading = false;
             },
             methods: {
-                setIsCreateTokenModelActive: function (isActive) {
-                    this.isCreateTokenModelActive = isActive;
+                setIsCreateTokenModalActive: function (isActive) {
+                    this.isCreateTokenModalActive = isActive;
+                },
+                setIsCreateTokenSuccessfulModalActive: function (isActive) {
+                    this.isCreateTokenSuccessfulModalActive = isActive;
                 },
-                setIsCreateTokenSuccessfulModelActive: function (isActive) {
-                    this.isCreateTokenSuccessfulModelActive = isActive;
+                setIsRemoveTokenModalActive: function (isActive) {
+                    this.isRemoveTokenModalActive = isActive;
                 },
-                createToken: function() {
-                    const newToken = Math.random().toString(20).substr(2, 6)
-                    this.createNewTokenResp = {
-                        label: this.createNewTokenForm.label,
-                        token: newToken,
+                createToken: async function() {
+                    try {
+                        this.isLoading = true;
+                        const { data } = await axios.post('./', this.createNewTokenForm);
+    
+                        this.createNewTokenResp = data;
+    
+                        this.setIsCreateTokenModalActive(false);
+                        this.setIsCreateTokenSuccessfulModalActive(true);
+                    } catch(err) {
+                        const { message } = err.response.data;
+                        alert(message);
+                    } finally {
+                        this.isLoading = false;
                     }
-
-                    this.tokenList.push({
-                        id: this.tokenList.length + 1,
-                        label: this.createNewTokenResp.label,
-                    })
-
-                    this.setIsCreateTokenModelActive(false);
-                    this.setIsCreateTokenSuccessfulModelActive(true);
                 },
-                removeTokens: function() {
-                    this.tokenList = this.tokenList.filter((token) => !this.selectedToken.includes(token.id))
+                deleteTokens: async function() {
+                    const tokens = this.selectedToken.map(({ serial_no }) => serial_no)
+                    await axios.delete('./', { data: { tokens } })
+                    window.location.reload();
                 },
                 reload: function() {
-                    this.setIsCreateTokenSuccessfulModelActive(false);
+                    window.location.reload();
                 },
             },
             delimiters: ['[[', ']]']

From d137804b6d36cd539900378840435c09548f3ed6 Mon Sep 17 00:00:00 2001
From: orertrr <orertrr6207@gmail.com>
Date: Sun, 14 Jul 2024 22:28:17 +0800
Subject: [PATCH 5/9] feat: Implement the process of verifying api token

Signed-off-by: orertrr <orertrr6207@gmail.com>
---
 Dockerfile-app      |  5 +++++
 main.py             | 13 ++++++++++++-
 module/api_token.py | 14 ++++++++++++++
 3 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/Dockerfile-app b/Dockerfile-app
index 33013de..04bd77e 100644
--- a/Dockerfile-app
+++ b/Dockerfile-app
@@ -12,12 +12,14 @@ ADD ./celery_task/__init__.py \
     ./celery_task/
 
 ADD ./models/__init__.py \
+    ./models/api_token.py \
     ./models/base.py \
     ./models/index.py \
     ./models/subscriberdb.py \
     ./models/
 
 ADD ./module/__init__.py \
+    ./module/api_token.py \
     ./module/awsses.py \
     ./module/ga.py \
     ./module/sender.py \
@@ -37,6 +39,7 @@ ADD ./templates/admin_subscriber_add.html \
     ./templates/base_subscribe.html \
     ./templates/base.html \
     ./templates/index.html \
+    ./templates/settings_token.html \
     ./templates/subscribe_coscup.html \
     ./templates/subscriber_error.html \
     ./templates/subscriber_intro.html \
@@ -49,5 +52,7 @@ ADD ./view/__init__.py \
     ./view/reader.py \
     ./view/subscribe.py \
     ./view/subscriber.py \
+    ./view/token.py \
     ./view/trello.py \
+    ./view/volunteer.py \
     ./view/
diff --git a/main.py b/main.py
index 36c1455..36a5493 100644
--- a/main.py
+++ b/main.py
@@ -10,7 +10,7 @@
 import google_auth_oauthlib.flow
 from apiclient import discovery
 from flask import (Flask, g, got_request_exception, redirect, render_template,
-                   request, session, url_for)
+                   request, session, url_for, make_response)
 from flask.wrappers import Response
 from werkzeug.wrappers import Response as ResponseBase
 
@@ -23,6 +23,7 @@
 from view.trello import VIEW_TRELLO
 from view.volunteer import VIEW_VOLUNTEER
 from view.token import VIEW_TOKEN
+from module.api_token import APIToken
 
 logging.basicConfig(
     filename='./log/log.log',
@@ -63,6 +64,16 @@ def need_login() -> ResponseBase | None:
                  request.headers.get('X-REAL-IP'),
                  request.headers.get('USER-AGENT'),
                  session, )
+    
+    if request.path.startswith('/volunteer'):
+        token = request.headers.get('Authorization')
+        if token is None:
+            return make_response('Unauthorized', 401)
+        
+        if APIToken.verify(token) is True:
+            return None
+
+        return make_response('Unauthorized', 401)
 
     if request.path not in NO_NEED_LOGIN_PATH \
             and not request.path.startswith('/subscriber') \
diff --git a/module/api_token.py b/module/api_token.py
index 5270ec6..6d47ba0 100644
--- a/module/api_token.py
+++ b/module/api_token.py
@@ -36,3 +36,17 @@ def delete(tokens: list[str]) -> None:
         APITokenDB().delete_many({
             'serial_no': { '$in': tokens }
         })
+
+    @staticmethod
+    def verify(token: str) -> bool:
+        schema, token = token.split(' ')
+        if schema.lower() != 'bearer':
+            return False
+        
+        serial_no, token = token.split('|')
+        hash_context = CryptContext(schemes=['bcrypt'], deprecated='auto')
+        hashed_token = APITokenDB().find_one({
+            'serial_no': serial_no
+        })
+
+        return hash_context.verify(token, hashed_token['token']) # type: ignore

From 592e0c575935131e300ad7f057977847f2ed79d3 Mon Sep 17 00:00:00 2001
From: orertrr <orertrr6207@gmail.com>
Date: Sun, 14 Jul 2024 23:34:18 +0800
Subject: [PATCH 6/9] feat: add api for registering COSCUP-Volunteer user as
 subscriber

Signed-off-by: orertrr <orertrr6207@gmail.com>
---
 view/volunteer.py | 44 ++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 42 insertions(+), 2 deletions(-)

diff --git a/view/volunteer.py b/view/volunteer.py
index 5c8c048..39b4154 100644
--- a/view/volunteer.py
+++ b/view/volunteer.py
@@ -1,6 +1,46 @@
 '''
 API for COSCUP-Volunteer
 '''
-from flask import Blueprint
+import re
 
-VIEW_VOLUNTEER = Blueprint('volunteer', __name__, url_prefix='/coscup')
+from flask import Blueprint, make_response, Response, request
+from werkzeug.exceptions import BadRequest
+
+from module.subscriber import Subscriber
+
+VIEW_VOLUNTEER = Blueprint('volunteer', __name__, url_prefix='/volunteer')
+
+EMAIL_REGEX = re.compile(r'[^@]+@[^@]+\.[^@]+')
+
+@VIEW_VOLUNTEER.errorhandler(BadRequest)
+def handle_bad_request(e: BadRequest) -> Response:
+    return make_response({ 'message': e.description }, e.code)
+
+@VIEW_VOLUNTEER.route('/subscriber', methods=('POST',))
+def add_subscriber() -> Response:
+    '''API for add subscriber from COSCUP-Volunteer
+
+    Request Body: 
+    {
+        "name": string,
+        "email": string
+    }
+    '''
+    add_subscriber_dto = request.get_json()
+    if 'name' not in add_subscriber_dto or \
+        type(add_subscriber_dto['name']) is not str:
+        raise BadRequest('name should be in the request body and string')
+    
+    if 'email' not in add_subscriber_dto or \
+        type(add_subscriber_dto['email']) is not str:
+        raise BadRequest('email should be in the request body and string')
+    
+    if not EMAIL_REGEX.match(add_subscriber_dto['email']):
+        raise BadRequest('The email is not valid')
+    
+    Subscriber.process_upload(
+        name=add_subscriber_dto['name'],
+        mail=add_subscriber_dto['email']
+    )
+
+    return make_response({ 'success': True })

From c2040b4eeaad00b575a5bca96cba36dbe0a78c80 Mon Sep 17 00:00:00 2001
From: orertrr <orertrr6207@gmail.com>
Date: Sun, 14 Jul 2024 23:42:21 +0800
Subject: [PATCH 7/9] fix: return false when the token being verified has been
 removed

Signed-off-by: orertrr <orertrr6207@gmail.com>
---
 module/api_token.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/module/api_token.py b/module/api_token.py
index 6d47ba0..16e342a 100644
--- a/module/api_token.py
+++ b/module/api_token.py
@@ -49,4 +49,7 @@ def verify(token: str) -> bool:
             'serial_no': serial_no
         })
 
-        return hash_context.verify(token, hashed_token['token']) # type: ignore
+        if hashed_token is None:
+            return False
+
+        return hash_context.verify(token, hashed_token['token'])

From 1da6deb7b74d90dd27337b1ae55ae158435f6875 Mon Sep 17 00:00:00 2001
From: orertrr <orertrr6207@gmail.com>
Date: Mon, 15 Jul 2024 00:16:16 +0800
Subject: [PATCH 8/9] style: fix pylint and mypy errors

Signed-off-by: orertrr <orertrr6207@gmail.com>
---
 main.py             |  4 ++--
 models/api_token.py |  2 ++
 module/api_token.py | 17 ++++++++++++-----
 poetry.lock         | 13 ++++++++++++-
 pyproject.toml      |  1 +
 view/token.py       | 34 +++++++++++++++++++++++++++++-----
 view/volunteer.py   | 11 ++++++-----
 7 files changed, 64 insertions(+), 18 deletions(-)

diff --git a/main.py b/main.py
index 36a5493..7ada300 100644
--- a/main.py
+++ b/main.py
@@ -64,12 +64,12 @@ def need_login() -> ResponseBase | None:
                  request.headers.get('X-REAL-IP'),
                  request.headers.get('USER-AGENT'),
                  session, )
-    
+
     if request.path.startswith('/volunteer'):
         token = request.headers.get('Authorization')
         if token is None:
             return make_response('Unauthorized', 401)
-        
+
         if APIToken.verify(token) is True:
             return None
 
diff --git a/models/api_token.py b/models/api_token.py
index 458b1c5..14e0bf9 100644
--- a/models/api_token.py
+++ b/models/api_token.py
@@ -1,3 +1,4 @@
+''' APIToken DB '''
 from models.base import DBBase
 
 class APITokenDB(DBBase):
@@ -14,4 +15,5 @@ def __init__(self) -> None:
         super().__init__('api_token')
 
     def index(self) -> None:
+        ''' index '''
         self.create_index([('serial_no', 1)])
diff --git a/module/api_token.py b/module/api_token.py
index 16e342a..ab49e44 100644
--- a/module/api_token.py
+++ b/module/api_token.py
@@ -1,48 +1,55 @@
+''' API Token Module '''
 from typing import Any
 from uuid import uuid4
 from dataclasses import dataclass, asdict, field
 
-from passlib.context import CryptContext # type: ignore
+from passlib.context import CryptContext
 
 from models.api_token import APITokenDB
 
 @dataclass
 class APITokenSchema:
+    ''' Schema of api_token collection '''
     token: str = field(default_factory=lambda: uuid4().hex)
     serial_no: str = field(default_factory=lambda: f'{uuid4().node:08x}')
     label: str = ''
 
 class APIToken:
+    ''' Class for managing API tokens '''
     @staticmethod
     def create(label: str) -> APITokenSchema:
+        ''' Create token '''
         new_token = APITokenSchema(label=label)
 
         hash_context = CryptContext(schemes=['bcrypt'], deprecated='auto')
         hashed_token = asdict(new_token)
         hashed_token['token'] = hash_context.hash(hashed_token['token'])
-        
+
         APITokenDB().insert_one(hashed_token)
 
         new_token.token = f'{new_token.serial_no}|{new_token.token}'
 
         return new_token
-    
+
     @staticmethod
     def get_list() -> list[dict[str, Any]]:
+        ''' Get list of token '''
         return list(APITokenDB().find({}, { 'label': 1, 'serial_no': 1, '_id': 0 }))
-    
+
     @staticmethod
     def delete(tokens: list[str]) -> None:
+        ''' Delete the given token serial_no '''
         APITokenDB().delete_many({
             'serial_no': { '$in': tokens }
         })
 
     @staticmethod
     def verify(token: str) -> bool:
+        ''' Check if the token exists and valid '''
         schema, token = token.split(' ')
         if schema.lower() != 'bearer':
             return False
-        
+
         serial_no, token = token.split('|')
         hash_context = CryptContext(schemes=['bcrypt'], deprecated='auto')
         hashed_token = APITokenDB().find_one({
diff --git a/poetry.lock b/poetry.lock
index cb8628f..5382fc9 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -1211,6 +1211,17 @@ files = [
     {file = "tomlkit-0.12.3.tar.gz", hash = "sha256:75baf5012d06501f07bee5bf8e801b9f343e7aac5a92581f20f80ce632e6b5a4"},
 ]
 
+[[package]]
+name = "types-passlib"
+version = "1.7.7.20240327"
+description = "Typing stubs for passlib"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "types-passlib-1.7.7.20240327.tar.gz", hash = "sha256:4cce6a1a3a6afee9fc4728b4d9784300764ac2be747f5bcc01646d904b85f4bb"},
+    {file = "types_passlib-1.7.7.20240327-py3-none-any.whl", hash = "sha256:3a3b7f4258b71034d2e2f4f307d6810f9904f906cdf375514c8bdbdb28a4ad23"},
+]
+
 [[package]]
 name = "types-python-dateutil"
 version = "2.8.19.20240106"
@@ -1338,4 +1349,4 @@ watchdog = ["watchdog (>=2.3)"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.11"
-content-hash = "eda4423ce149ab181639946e116b278ab6c22d6980495cbc2d4cfcf47a000b28"
+content-hash = "fe1b79770234978826b61e5c41a01f3f989f78c93e500fda23e09749bdf546b8"
diff --git a/pyproject.toml b/pyproject.toml
index c5ccb35..bf438a6 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -25,6 +25,7 @@ requests = "^2.31.0"
 uWSGI = "^2.0.21"
 certifi = "*"
 passlib = "^1.7.4"
+types-passlib = "^1.7.7.20240327"
 
 
 [tool.poetry.group.dev.dependencies]
diff --git a/view/token.py b/view/token.py
index 59b1192..5dc0ecb 100644
--- a/view/token.py
+++ b/view/token.py
@@ -8,6 +8,7 @@
 
 @VIEW_TOKEN.errorhandler(BadRequest)
 def handle_bad_request(e: BadRequest) -> Response:
+    ''' Handle Bad Request exception '''
     return make_response({ 'message': e.description }, e.code)
 
 @VIEW_TOKEN.route('/', methods=('GET',))
@@ -33,7 +34,7 @@ def create_token() -> str | Response:
     create_token_dto = request.get_json()
 
     if 'label' not in create_token_dto or \
-        type(create_token_dto['label']) is not str or \
+        not isinstance(create_token_dto['label'], str) or \
         len(create_token_dto['label']) == 0:
         raise BadRequest('label should not be empty string.')
 
@@ -45,20 +46,43 @@ def create_token() -> str | Response:
 
 @VIEW_TOKEN.route('/list', methods=('GET',))
 def get_list() -> Response:
+    ''' API for getting list of tokens
+
+    Response Body (200):
+    {
+        "tokens": [
+            {
+                "serial_no": string,
+                "label": string
+            }
+        ]
+    }
+    '''
     tokens = APIToken.get_list()
     return jsonify({ 'tokens': tokens })
 
 @VIEW_TOKEN.route('/', methods=('DELETE',))
 def delete() -> Response:
+    ''' API for deleting token
+    Request Body: 
+    {
+        "serial_no": string,
+    }
+
+    Response Body (200):
+    {
+        "success": boolean,
+    }
+    '''
     delete_token_dto = request.get_json()
 
     if not isinstance(delete_token_dto['tokens'], list):
         raise BadRequest('tokens should be in the body and an array of string')
-    
+
     for token in delete_token_dto['tokens']:
-        if type(token) is not str:
+        if not isinstance(token, str):
             raise BadRequest('tokens should be an array of string')
-        
+
     APIToken.delete(delete_token_dto['tokens'])
-        
+
     return jsonify({ 'success': True })
diff --git a/view/volunteer.py b/view/volunteer.py
index 39b4154..c2884e5 100644
--- a/view/volunteer.py
+++ b/view/volunteer.py
@@ -14,6 +14,7 @@
 
 @VIEW_VOLUNTEER.errorhandler(BadRequest)
 def handle_bad_request(e: BadRequest) -> Response:
+    ''' Handle Bad Request exception '''
     return make_response({ 'message': e.description }, e.code)
 
 @VIEW_VOLUNTEER.route('/subscriber', methods=('POST',))
@@ -28,16 +29,16 @@ def add_subscriber() -> Response:
     '''
     add_subscriber_dto = request.get_json()
     if 'name' not in add_subscriber_dto or \
-        type(add_subscriber_dto['name']) is not str:
+        not isinstance(add_subscriber_dto['name'], str):
         raise BadRequest('name should be in the request body and string')
-    
+
     if 'email' not in add_subscriber_dto or \
-        type(add_subscriber_dto['email']) is not str:
+        not isinstance(add_subscriber_dto['email'], str):
         raise BadRequest('email should be in the request body and string')
-    
+
     if not EMAIL_REGEX.match(add_subscriber_dto['email']):
         raise BadRequest('The email is not valid')
-    
+
     Subscriber.process_upload(
         name=add_subscriber_dto['name'],
         mail=add_subscriber_dto['email']

From f5fe52283526203191043d5066ab23059557d2bb Mon Sep 17 00:00:00 2001
From: orertrr <orertrr6207@gmail.com>
Date: Fri, 26 Jul 2024 00:23:20 +0800
Subject: [PATCH 9/9] style: fix import and blueprint order

Signed-off-by: orertrr <orertrr6207@gmail.com>
---
 main.py         | 2 +-
 models/index.py | 5 ++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/main.py b/main.py
index 7ada300..5e07885 100644
--- a/main.py
+++ b/main.py
@@ -40,9 +40,9 @@
 app.register_blueprint(VIEW_READER)
 app.register_blueprint(VIEW_SUBSCRIBE)
 app.register_blueprint(VIEW_SUBSCRIBER)
+app.register_blueprint(VIEW_TOKEN)
 app.register_blueprint(VIEW_TRELLO)
 app.register_blueprint(VIEW_VOLUNTEER)
-app.register_blueprint(VIEW_TOKEN)
 
 if app.debug:
     app.config['TEMPLATES_AUTO_RELOAD'] = True
diff --git a/models/index.py b/models/index.py
index abc77d9..23a239f 100644
--- a/models/index.py
+++ b/models/index.py
@@ -1,11 +1,10 @@
 ''' index '''
+from models.api_token import APITokenDB
 from models.subscriberdb import (SubscriberDB, SubscriberLoginTokenDB,
                                  SubscriberReadDB)
-from models.api_token import APITokenDB
 
 if __name__ == '__main__':
+    APITokenDB().index()
     SubscriberDB().index()
     SubscriberLoginTokenDB().index()
     SubscriberReadDB().index()
-
-    APITokenDB().index()