Add timeline token to the apps table

Signed-off-by: Stasia Michalska <[email protected]>

Author: hellcp

appstore/api.py

@@ -6,8 +6,9 @@
 
 from sqlalchemy.orm.exc import NoResultFound
 
-from appstore.utils import jsonify_app, asset_fallback, generate_image_url
+from appstore.utils import jsonify_app, asset_fallback, generate_image_url, get_access_token
 from .models import App, Collection, HomeBanners, Category, db, Release
+from .settings import config
 
 parent_app = None
 api = Blueprint('api', __name__)
@@ -114,6 +115,27 @@ def apps_by_collection(collection, app_type):
     return generate_app_response(apps, sort_override=sort_override)
 
 
+@api.route('/apps/by_token/<timeline_token>')
+def apps_by_token(timeline_token):
+    secret = get_access_token()
+    if secret != config['SECRET_KEY']:
+        abort(401)
+    if timeline_token == "":
+        abort(404)
+
+    try:
+        app = App.query.filter(App.timeline_token == timeline_token).one()
+    except NoResultFound:
+        abort(404)
+        return
+
+    result = {
+        "app_uuid": app.app_uuid
+    }
+
+    return jsonify(result)
+
+
 @api.route('/applications/<app_id>/changelog')
 def changelogs_by_id(app_id):
     try:

appstore/developer_portal_api.py

@@ -1,6 +1,7 @@
 import json
 import traceback
 import datetime
+import secrets
 
 from algoliasearch import algoliasearch
 from flask import Blueprint, jsonify, abort, request
@@ -152,8 +153,10 @@ def submit_new_app():
                 ), 400
 
         app_is_timeline_enabled = False
+        timeline_token = None
         if 'timeline_enabled' in params and params['timeline_enabled'] == 'true':
             app_is_timeline_enabled = True
+            timeline_token = secrets.token_urlsafe(32)
 
         # Remove any platforms with no screenshots
         screenshots = {k: v for k, v in screenshots.items() if v}
@@ -179,6 +182,7 @@ def submit_new_app():
             title=params['title'],
             type=params['type'],
             timeline_enabled=app_is_timeline_enabled,
+            timeline_token=timeline_token,
             website=params['website'] if 'website' in params else "",
         )
         db.session.add(app_obj)
@@ -218,12 +222,14 @@ def update_app_fields(app_id):
             "category": str,
             "website": str,
             "source": str,
-            "visible": bool
+            "visible": bool,
+            "timeline_enabled": bool,
+            "timeline_token": None
         }
 
         # Check all valid passed fields are correct type
         for x in req:
-            if (x in allowed_fields_type_map) and (not type(x) == allowed_fields_type_map[x]):
+            if (x in allowed_fields_type_map) and (not type(req[x]) == allowed_fields_type_map[x]):
                 return jsonify(error=f"Invalid value for field '{x}'", e=f"invalid.field.{x}"), 400
 
 
@@ -240,8 +246,6 @@ def update_app_fields(app_id):
         # Check any enum fields
         if "category" in req and not is_valid_category(req["category"]):
             return jsonify(error="Invalid value for field: category", e="invalid.field.category"), 400
-        if "visible" in req and not (req["visible"].lower() == "true" or req["visible"].lower() == "false"):
-            return jsonify(error="Invalid value for field: visible", e="invalid.field.visible"), 400
 
         # Disallow change face category
         if "category" in req and app.category == "Faces":
@@ -250,7 +254,14 @@ def update_app_fields(app_id):
         # Check title length
         if "title" in req and len(req["title"]) > 45:
             return jsonify(error="Title must be less than 45 characters", e="invalid.field.title"), 400
-            
+
+        # Create a timeline token when enabling the timeline
+        if "timeline_enabled" in req:
+            if not req["timeline_enabled"]:
+                req["timeline_token"] = None
+            elif app.timeline_token == None:
+                req["timeline_token"] = secrets.token_urlsafe(32)
+
         # Update the app
         for x in req:
             setattr(app, x, req[x])
@@ -332,7 +343,25 @@ def submit_new_release(app_id):
         print("Discord is being weird")
 
     return jsonify(success=True)
-        
+
+@devportal_api.route('/app/<app_id>/timeline_token')
+def apps_timeline_token(app_id):
+    try:
+        app = App.query.filter(App.id == app_id).one()
+    except NoResultFound:
+        abort(404)
+        return
+
+    # Check we own the app
+    if not is_users_developer_id(app.developer_id):
+        return jsonify(error="You do not have permission to access the token", e="permission.denied"), 403
+
+    result = {
+        "timeline_token": app.timeline_token
+    }
+
+    return jsonify(result)
+
 # Screenshots 
 @devportal_api.route('/app/<app_id>/screenshots')
 def missing_platform(app_id):

appstore/models.py

@@ -75,6 +75,7 @@ class App(db.Model):
     type = db.Column(db.String)
     website = db.Column(db.String)
     visible = db.Column(db.Boolean, default=True, server_default='TRUE', nullable=False)
+    timeline_token = db.Column(db.String, index=True)
 
 
 category_banner_apps = Table('category_banner_apps', db.Model.metadata,

migrations/versions/ec9b0b6d8795_.py

@@ -0,0 +1,24 @@
+"""Add apps timeline_token
+
+Revision ID: ec9b0b6d8795
+Revises: ddb71f0a1c96
+Create Date: 2025-11-08 13:25:52.990174
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = 'ec9b0b6d8795'
+down_revision = 'ddb71f0a1c96'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.add_column('apps', sa.Column('timeline_token', sa.String(), nullable=True))
+
+
+def downgrade():
+    op.drop_column('apps', 'timeline_token')