added shop

Author: YangSeungWon

core/README.md

@@ -7,8 +7,8 @@ GET /
 ```
 | Parameter | Type | Description |
 | :--- | :--- | :--- |
-| `token` | `string` | Your token |
 
+need token
 **Response:** 
 ```javascript
 {
@@ -29,7 +29,8 @@ POST /register
 | `email` | `string` |  |
 
 **Response:** 
-201 / 400
+- Invalid Form : 400
+- Success : 201
 
 ### Login
 ```http
@@ -41,7 +42,9 @@ POST /Login
 | `password` | `string` |  |
 
 **Response:** 
-200 / 400, 401
+- Invalid Form : 400
+- Login Failed : 401
+- Success : 200
 
 See `Set-Cookie` header!
 
@@ -52,9 +55,78 @@ GET /dashboard
 ```
 | Parameter | Type | Description |
 | :--- | :--- | :--- |
-| `username` | `string` |  |
-| `password` | `string` |  |
 
 **Response:** 
-200 / 400, 401
+```javascript
+{
+  "<teamname1>" : {
+      "score" : int
+      "attacks" : {
+          "SQLi" : {
+              "to_team" : string,
+              "is_success" : bool
+          }
+          "XSS" : {
+              "to_team" : string,
+              "is_success" : bool
+          }
+      }
+  },
+  ...
+}
+```
+
+
+## Shop
+### Shop
+```http
+GET /shop
+```
+| Parameter | Type | Description |
+| :--- | :--- | :--- |
+
+needs token
+**Response:** 
+```javascript
+{
+    "money" : int,
+    "item_list" : {
+        "SQLi" : array
+        "XSS" : array
+    }
+}
+```
 
+### Item_Info
+```http
+GET /shop/<item_id>
+```
+| Parameter | Type | Description |
+| :--- | :--- | :--- |
+
+needs token
+**Response:** 
+```javascript
+{
+    "id" : int,
+    "name" : string,
+    "description" : string,
+    "type" : string,
+    "price" : int,
+    "already_bought" : bool
+}
+```
+
+### Item_Buy
+```http
+POST /shop/<item_id>
+```
+| Parameter | Type | Description |
+| :--- | :--- | :--- |
+
+needs token
+**Response:** 
+- No Such Item : 404
+- Already Bought : 409
+- Not Enough balance : 402
+- Success : 200

core/base/views.py

@@ -77,6 +77,6 @@ def get(self, request):
         for team in teams:
             ret[team.username] = {"score": team.score}
             for cate in CATEGORY:
-                ret[team.username]["attacks"] = dict([(cate, get_latest_attack(team, cate[0])) for cate in CATEGORY])
+                ret[team.username]["attacks"] = dict([(cate[1], get_latest_attack(team, cate[0])) for cate in CATEGORY])
 
         return JsonResponse(ret, status=200)

core/plt/urls.py

@@ -19,4 +19,5 @@
 urlpatterns = [
     path('admin/', admin.site.urls),
     path('', include('base.urls')),
+    path('shop/', include('shop.urls')),
 ]

core/shop/urls.py

@@ -0,0 +1,21 @@
+"""plt URL Configuration
+The `urlpatterns` list routes URLs to views. For more information please see:
+    https://docs.djangoproject.com/en/3.0/topics/http/urls/
+Examples:
+Function views
+    1. Add an import:  from my_app import views
+    2. Add a URL to urlpatterns:  path('', views.home, name='home')
+Class-based views
+    1. Add an import:  from other_app.views import Home
+    2. Add a URL to urlpatterns:  path('', Home.as_view(), name='home')
+Including another URLconf
+    1. Import the include() function: from django.urls import include, path
+    2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
+"""
+from django.urls import path
+from . import views
+
+urlpatterns = [
+    path('', views.ShopView.as_view(), name='shop'),
+    path('item/<int:item_id>', views.ItemView.as_view(), name='item'),
+]

core/shop/views.py

@@ -1,3 +1,60 @@
-from django.shortcuts import render
+from django.http import JsonResponse, HttpResponse
+from django.contrib.auth import get_user_model
+from django.views import View
+from utils.validator import unique_team_id
+from django.contrib.auth.mixins import LoginRequiredMixin
+from django.contrib.auth import authenticate, login
+from django.views.decorators.csrf import csrf_protect
+import json
 
-# Create your views here.
+from env.environ import CATEGORY
+
+Team = get_user_model()
+
+
+class ShopView(LoginRequiredMixin, View):
+    def get(self, request):
+        item_list = [(cate[1], Item.objects.filter(category=cate[0])) for cate in CATEGORY]
+        return JsonResponse({
+            'money': request.user.balance,
+            'item_list': item_list
+        })
+
+
+class ItemView(LoginRequiredMixin, View):
+    def get(self, request, item_id):
+        try:
+            item = Item.objects.get(id=item_id)
+        except model.DoesNotExist:
+            return HttpResponse(status=404)
+        
+        try:
+            item.get(teams__username=request.user.username)
+            already_bought = True
+        except model.DoesNotExist:
+            already_bought = False
+                  
+        return JsonResponse({
+            'id': item_id,
+            'name': item,
+            'description': getattr(item, 'description'),
+            'type': getattr(item, 'category'),
+            'price': getattr(item, 'price'),
+            'already_bought': already_bought
+        })
+
+    def post(self, request, item_id):
+        try:
+            item = Item.objects.get(id=item_id)
+        except model.DoesNotExist:
+            return HttpResponse(status=404)
+        
+        try:
+            item.get(teams__username=request.user.username)
+            return HttpResponse(status=409)
+        except model.DoesNotExist:
+            pass
+
+        if not item.buy(request.user):
+            return HttpResponse(status=402)
+        return HttpResponse(status=200)