pi zeugs, db zeugs und aiocoap server #13
Conversation
…name and update(room-state, puzzle-room))
|
|
||
|
|
||
| if __name__ == '__main__': | ||
| asyncio.run(main()) |
There was a problem hiding this comment.
Misses newline at EOF
|
|
||
| con = await Context.create_server_context(root,bind=("0.0.0.0",5555)) | ||
|
|
||
| request = Message(code=GET, uri="coap://127.0.0.1:5683/resource-lookup/", observe=0) |
There was a problem hiding this comment.
nit: Move host/port into a configuration or as constant at the top of the file
| @@ -1,10 +1,10 @@ | |||
| from coapthon.client.helperclient import HelperClient | |||
| host = "127.0.0.1" | |||
| host = "2001:db8::814c:35fc:fd31:5fde" | |||
| port = 5683 | |||
There was a problem hiding this comment.
nit: Configuration constants are usually all uppercase, reference pep8 or use a linter.
E.g. from pep8:
Constants are usually defined on a module level and written in all capital letters with underscores separating
words. Examples include MAX_OVERFLOW and TOTAL.
| try: | ||
| conn = connect_to_db() | ||
| cur = conn.cursor() | ||
| cur.execute("INSERT INTO rooms (name) VALUES ('{}')".format(room)) |
There was a problem hiding this comment.
First off, I have no idea how your framework works - so please excuse me if this is dumb;
if I call add_room('my room \'); DROP TABLE *;(\''), wouldn't this exploit the DB?
There was a problem hiding this comment.
as discussed offline, I would recommend to use an ORM (e.g SQLAlchemy). Besides simplifying the database workflow (avoiding connections, cursors, raw SQL instructions and post processing), the ORM adds implicitly adds a layer of security that avoid this kind of issues.
|
|
||
| /Rooms/room/puzzle (GET) | ||
| -> Returns info about puzzle in room | ||
| {'name': text, 'room': text, 'state': text} |
There was a problem hiding this comment.
Top of the Readme is outdated (not touched in this PR)
pi zeugs, db zeugs und aiocoap server