1. I often use my google home to add items to my

grocery list. This probably will send some form of get request to google keep, providing data indicating that it will be to my account, then sends a post request to add the item I asked for to the specific note with my shopping list on it. 2. Yes. It makes me think about how knowing HTTP and how to code with it can be used to exploit weaknesses in a site by people who want to gain access without authorization to do so.
2024-04-19 23:04:27 -04:00 · 2024-04-19 23:04:27 -04:00 · 8faa4c5ad9
parent dcfacac2d3
commit 8faa4c5ad9
4 changed files with 37 additions and 4 deletions
--- a/.DS_Store
+++ b/.DS_Store
--- a/pycache/api.cpython-311.pyc
+++ b/pycache/api.cpython-311.pyc
--- a/api.py
+++ b/api.py
@ -3,7 +3,7 @@
 # By Chris Proctor
 # The Riddle API takes care of connecting to the server. 

-import requests
+import requests 
 from random import choice

 class APIError(Exception):
@ -36,16 +36,33 @@ class RiddleAPI:
    def get_riddle(self, riddle_id):
        "Fetches a single riddle from the server"
        route = "/show"
-        raise NotImplementedError("The API doesn't support `get_riddle` yet. Can you add it?")
+        params = {'id': riddle_id}
+        response = requests.get(self.server_url + route,json=params)
+        if response.ok:
+            return response.json()
+        else:
+            raise APIError(response.json()['errors'])

    def get_random_riddle(self):
        "Fetches all riddles from the server and then randomly returns one"
-        raise NotImplementedError("The API doesn't support `get_random_riddle` yet. Can you add it?")
+        route = "/show"
+        riddle_id = choice(self.get_all_riddles())
+        params = {'id':riddle_id}
+        response = requests.get(self.server_url + route, jason=params)
+        if response.ok:
+            return response.json()
+        else:
+            raise APIError(response.json()['errors'])

    def add_riddle(self, question, answer):
        "Adds a new riddle to the server"
        route = "/new"
-        raise NotImplementedError("The API doesn't support `add_riddle` yet. Can you add it?")
+        params = {'question': question, 'answer': answer}
+        response = requests.post(self.server_url + route,json=params)
+        if response.ok:
+            return response.json()
+        else:
+            raise APIError(response.json()['errors'])


    
--- a/notes.md
+++ b/notes.md
@ -7,7 +7,23 @@ about the meaning of the line, and some situation in which it might be useful.
 You are welcome to research the meanings of these headers, but it's also 
 fine to speculate for now.

+Line 2: This is a get request, which is asking the server that hosts the site to send the code for the entire page. I think that's what the all part means. 
+Line 3: This line is accepting something from the website. Not sure what though. 
+Line 4: This seems like it's accepting maybe the public key for the encryption allowing it to decrypt the website securely? 
+Line 5: This seems like it means to keep the webpage loaded on the computer which, in order to do that keeps the connection there. 
+Line 6: This is the server which is hosting the website. 
+
 ## Checkpoint 2
 The goal of this checkpoint is to see what status codes you can get back from 
 the riddle server. Paste below several `http` requests and the status codes
 they return.
+
+http -v post https://buffalochoralarts.org/singers
+Returned a 404 error since this page does not exist on the buffalo choral arts society webpage. 
+
+http -v get  https://buffalochoralarts.org/singers
+Returned the error 301: Moved permanently. I wasn't expecting this because I didn't know this page ever existed! 
+
+http -v get https://riddles.makingwithcode.org/new question="What have I got in my pocket?" answer="My precious"
+This returned a 405 error because the it was a get request, but it provided information as if it were posting. 
+