Added upload API.

Also updated the API (previously help) page.
author: Jon Bergli Heier <snakebite@jvnv.net> 2017-04-22 14:06:35 +0200
committer: Jon Bergli Heier <snakebite@jvnv.net> 2017-04-22 14:08:09 +0200
commit: f5dcf75075c013bbfdf9cdb6716afee777620c73 (patch)
tree: 26772aa9f5f288bf7fba044b995c1fc28c5a5476 /fbin/fbin.py
parent: 8e44431e5b34c2e647c339f332cea32d44797951 (diff)
1 files changed, 72 insertions, 8 deletions
diff --git a/fbin/fbin.py b/fbin/fbin.py
index 708243e..7a97194 100755
--- a/fbin/fbin.py
+++ b/fbin/fbin.py
@@ -115,18 +115,40 @@ def index():
 
 @app.route('/u')
 @app.route('/upload', methods = ['GET', 'POST'])
-def upload():
+def upload(api=False, user=None):
+    def error(message):
+        if api:
+            return jsonify({
+                'status': False,
+                'message': message,
+            })
+        elif old_api:
+            return 'ERROR {}'.format(message)
+        else:
+            flash(message, 'warning')
+            return render_template('upload.html', **context)
+
     context = {
         'title': 'Upload',
     }
+
+    old_api = bool(request.form.get('api'))
+
     if request.method == 'GET':
+        if api or old_api:
+            # API calls shouldn't use GET.
+            abort(405)
         return render_template('upload.html', **context)
-    if not current_user.is_authenticated and not current_app.config.get('ALLOW_ANONYMOUS_UPLOADS'):
+
+    if not user and current_user.is_authenticated:
+        user = current_user.user
+
+    if not user and not current_app.config.get('ALLOW_ANONYMOUS_UPLOADS'):
         abort(403)
+
     uploaded_file = request.files.get('file')
     if not uploaded_file or not uploaded_file.filename:
-        flash('No valid file or filename was provided.', 'warning')
-        return render_template('upload.html', **context)
+        return error('No valid file or filename was provided.')
     if hasattr(uploaded_file.stream, 'file'):
         temp = None
         temp_path = uploaded_file.stream.name
@@ -134,7 +156,7 @@ def upload():
         temp = tempfile.NamedTemporaryFile(prefix = 'upload_', dir = current_app.config['FILE_DIRECTORY'], delete = False)
         uploaded_file.save(temp.file)
         temp_path = temp.name
-    new_file = add_file(temp_path, uploaded_file.filename, current_user.user if current_user.is_authenticated else None, request.remote_addr)
+    new_file = add_file(temp_path, uploaded_file.filename, user, request.remote_addr)
 
     mime = new_file.get_mime_type()
     # TODO: Apparently TIFF also supports EXIF, test this.
@@ -144,7 +166,18 @@ def upload():
         # NOTE: The file hash is only used to detect duplicates when uploading, so this should not be a problem.
         subprocess.call(['mogrify', '-auto-orient', new_file.get_path()])
 
-    if bool(request.form.get('api')):
+    if api:
+        return jsonify({
+            'status': True,
+            'hash': new_file.hash,
+            'urls': {
+                'base': url_for('fbin.file', hash = '', _external = True),
+                'full': url_for('fbin.file', hash = new_file.hash, filename = new_file.filename, _external = True),
+                'ext': url_for('fbin.file', hash = new_file.hash, ext = new_file.ext, _external = True),
+                'hash': url_for('fbin.file', hash = new_file.hash, _external = True),
+            },
+        })
+    elif old_api:
         return 'OK {hash}'.format(hash = new_file.hash)
     else:
         context = {
@@ -346,9 +379,40 @@ def thumb(hash):
 @app.route('/h')
 @app.route('/help')
 def help():
+    return redirect(url_for('.api'))
+
+@app.route('/api')
+def api():
     context = {
-        'title': 'Help',
+        'title': 'API',
+        'subtitle': 'keys and usage',
     }
-    return render_template('help.html', **context)
+    return render_template('api.html', **context)
+
+@app.route('/generate-api-key')
+def generate_api_key():
+    if not current_user.is_authenticated:
+        abort(403)
+    now = datetime.datetime.utcnow()
+    user_id = int(current_user.get_id().split(':')[0])
+    data = {
+        'iss': request.url_root,
+        'iat': now,
+        'nbf': now,
+        'sub': user_id,
+    }
+    token = jwt.encode(data, current_app.config['SECRET_KEY'])
+    return token
+
+@app.route('/invalidate-api-keys')
+@login_required
+def invalidate_api_keys():
+    with db.session_scope() as s:
+        user = current_user.user
+        s.add(user)
+        user.api_key_date = datetime.datetime.utcnow()
+        s.commit()
+        flash('All API keys invalidated.', 'success')
+    return redirect(request.referrer)
 
 login_manager.login_view = '.login'
author	Jon Bergli Heier <snakebite@jvnv.net>	2017-04-22 14:06:35 +0200
committer	Jon Bergli Heier <snakebite@jvnv.net>	2017-04-22 14:08:09 +0200
commit	f5dcf75075c013bbfdf9cdb6716afee777620c73 (patch)
tree	26772aa9f5f288bf7fba044b995c1fc28c5a5476 /fbin/fbin.py
parent	8e44431e5b34c2e647c339f332cea32d44797951 (diff)