diff options
| author | Jon Bergli Heier <snakebite@jvnv.net> | 2017-04-22 14:06:35 +0200 |
|---|---|---|
| committer | Jon Bergli Heier <snakebite@jvnv.net> | 2017-04-22 14:08:09 +0200 |
| commit | f5dcf75075c013bbfdf9cdb6716afee777620c73 (patch) | |
| tree | 26772aa9f5f288bf7fba044b995c1fc28c5a5476 /fbin/api.py | |
| parent | 8e44431e5b34c2e647c339f332cea32d44797951 (diff) | |
Added upload API.
Also updated the API (previously help) page.
Diffstat (limited to 'fbin/api.py')
| -rw-r--r-- | fbin/api.py | 45 |
1 files changed, 38 insertions, 7 deletions
diff --git a/fbin/api.py b/fbin/api.py index e652019..4f605f0 100644 --- a/fbin/api.py +++ b/fbin/api.py @@ -1,17 +1,16 @@ +import datetime import functools -from flask import Blueprint, current_app, request, jsonify +from flask import Blueprint, current_app, request, jsonify, abort, g from flask.views import MethodView from flask_login import current_user +import jwt from . import db -# FIXME -from .fbin import get_file +from .fbin import upload as fbin_upload, get_file app = Blueprint('api', __name__) -# TODO: Implement this stuff. - def makejson(f): @functools.wraps(f) def wrapper(*args, **kwargs): @@ -21,6 +20,30 @@ def makejson(f): return r return wrapper +@app.before_request +def authenticate(): + g.user = None + if not 'Authorization' in request.headers: + abort(403) + scheme, token = request.headers['Authorization'].split(None, 1) + if scheme != 'Bearer': + abort(400) + try: + token = jwt.decode(token, current_app.config['SECRET_KEY'], issuer = request.url_root) + except jwt.InvalidTokenError: + abort(403) + with db.session_scope() as s: + try: + user = s.query(db.User).filter(db.User.id == token['sub']).one() + token_datetime = datetime.datetime.fromtimestamp(token['iat']) + # If token was issued before api_key_date was updated, consider it invalid. + if token_datetime < user.api_key_date: + abort(403) + else: + g.user = user + except db.NoResultFound: + abort(403) + def api_login_required(f): def wrapper(*args, **kwargs): if not current_user.is_authenticated: @@ -31,6 +54,10 @@ def api_login_required(f): return f(*args, **kwargs) return wrapper +@app.route('/upload', methods = ['POST']) +def upload(): + return fbin_upload(api = True, user = g.user) + class FileAPI(MethodView): decorators = [api_login_required, makejson] @@ -57,6 +84,10 @@ class FileAPI(MethodView): def delete(self, hash): pass -file_api_view = FileAPI.as_view('file_api') -app.add_url_rule('/file/<hash>', view_func = file_api_view, methods = ['PUT', 'DELETE']) +# TODO: Add back FileAPI when ready. +#file_api_view = FileAPI.as_view('file_api') +#app.add_url_rule('/file/<hash>', view_func = file_api_view, methods = ['PUT', 'DELETE']) +@app.route('/test') +def test(): + return g.user.username |