From f5dcf75075c013bbfdf9cdb6716afee777620c73 Mon Sep 17 00:00:00 2001
From: Jon Bergli Heier <snakebite@jvnv.net>
Date: Sat, 22 Apr 2017 14:06:35 +0200
Subject: Added upload API.

Also updated the API (previously help) page.
---
 fbin/api.py | 45 ++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 38 insertions(+), 7 deletions(-)

(limited to 'fbin/api.py')

diff --git a/fbin/api.py b/fbin/api.py
index e652019..4f605f0 100644
--- a/fbin/api.py
+++ b/fbin/api.py
@@ -1,17 +1,16 @@
+import datetime
 import functools
 
-from flask import Blueprint, current_app, request, jsonify
+from flask import Blueprint, current_app, request, jsonify, abort, g
 from flask.views import MethodView
 from flask_login import current_user
+import jwt
 
 from . import db
-# FIXME
-from .fbin import get_file
+from .fbin import upload as fbin_upload, get_file
 
 app = Blueprint('api', __name__)
 
-# TODO: Implement this stuff.
-
 def makejson(f):
     @functools.wraps(f)
     def wrapper(*args, **kwargs):
@@ -21,6 +20,30 @@ def makejson(f):
         return r
     return wrapper
 
+@app.before_request
+def authenticate():
+    g.user = None
+    if not 'Authorization' in request.headers:
+        abort(403)
+    scheme, token = request.headers['Authorization'].split(None, 1)
+    if scheme != 'Bearer':
+        abort(400)
+    try:
+        token = jwt.decode(token, current_app.config['SECRET_KEY'], issuer = request.url_root)
+    except jwt.InvalidTokenError:
+        abort(403)
+    with db.session_scope() as s:
+        try:
+            user = s.query(db.User).filter(db.User.id == token['sub']).one()
+            token_datetime = datetime.datetime.fromtimestamp(token['iat'])
+            # If token was issued before api_key_date was updated, consider it invalid.
+            if token_datetime < user.api_key_date:
+                abort(403)
+            else:
+                g.user = user
+        except db.NoResultFound:
+            abort(403)
+
 def api_login_required(f):
     def wrapper(*args, **kwargs):
         if not current_user.is_authenticated:
@@ -31,6 +54,10 @@ def api_login_required(f):
         return f(*args, **kwargs)
     return wrapper
 
+@app.route('/upload', methods = ['POST'])
+def upload():
+    return fbin_upload(api = True, user = g.user)
+
 class FileAPI(MethodView):
     decorators = [api_login_required, makejson]
 
@@ -57,6 +84,10 @@ class FileAPI(MethodView):
     def delete(self, hash):
         pass
 
-file_api_view = FileAPI.as_view('file_api')
-app.add_url_rule('/file/<hash>', view_func = file_api_view, methods = ['PUT', 'DELETE'])
+# TODO: Add back FileAPI when ready.
+#file_api_view = FileAPI.as_view('file_api')
+#app.add_url_rule('/file/<hash>', view_func = file_api_view, methods = ['PUT', 'DELETE'])
 
+@app.route('/test')
+def test():
+    return g.user.username
-- 
cgit v1.2.3