diff options
Diffstat (limited to 'fbin/api.py')
| -rw-r--r-- | fbin/api.py | 26 |
1 files changed, 12 insertions, 14 deletions
diff --git a/fbin/api.py b/fbin/api.py index 4f605f0..8f3f86c 100644 --- a/fbin/api.py +++ b/fbin/api.py @@ -6,7 +6,7 @@ from flask.views import MethodView from flask_login import current_user import jwt -from . import db +from .db import db, User, NoResultFound from .fbin import upload as fbin_upload, get_file app = Blueprint('api', __name__) @@ -32,17 +32,16 @@ def authenticate(): token = jwt.decode(token, current_app.config['SECRET_KEY'], issuer = request.url_root) except jwt.InvalidTokenError: abort(403) - with db.session_scope() as s: - try: - user = s.query(db.User).filter(db.User.id == token['sub']).one() - token_datetime = datetime.datetime.fromtimestamp(token['iat']) - # If token was issued before api_key_date was updated, consider it invalid. - if token_datetime < user.api_key_date: - abort(403) - else: - g.user = user - except db.NoResultFound: + try: + user = db.session.query(User).filter(User.id == token['sub']).one() + token_datetime = datetime.datetime.fromtimestamp(token['iat']) + # If token was issued before api_key_date was updated, consider it invalid. + if token_datetime < user.api_key_date: abort(403) + else: + g.user = user + except NoResultFound: + abort(403) def api_login_required(f): def wrapper(*args, **kwargs): @@ -74,9 +73,8 @@ class FileAPI(MethodView): 'status': False, 'message': 'Empty or missing filename', } - with db.session_scope() as sess: - f.filename = filename - sess.add(f) + f.filename = filename + db.session.add(f) return { 'status': True, } |