From f5dcf75075c013bbfdf9cdb6716afee777620c73 Mon Sep 17 00:00:00 2001 From: Jon Bergli Heier Date: Sat, 22 Apr 2017 14:06:35 +0200 Subject: Added upload API. Also updated the API (previously help) page. --- fbin/fbin.py | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 72 insertions(+), 8 deletions(-) (limited to 'fbin/fbin.py') diff --git a/fbin/fbin.py b/fbin/fbin.py index 708243e..7a97194 100755 --- a/fbin/fbin.py +++ b/fbin/fbin.py @@ -115,18 +115,40 @@ def index(): @app.route('/u') @app.route('/upload', methods = ['GET', 'POST']) -def upload(): +def upload(api=False, user=None): + def error(message): + if api: + return jsonify({ + 'status': False, + 'message': message, + }) + elif old_api: + return 'ERROR {}'.format(message) + else: + flash(message, 'warning') + return render_template('upload.html', **context) + context = { 'title': 'Upload', } + + old_api = bool(request.form.get('api')) + if request.method == 'GET': + if api or old_api: + # API calls shouldn't use GET. + abort(405) return render_template('upload.html', **context) - if not current_user.is_authenticated and not current_app.config.get('ALLOW_ANONYMOUS_UPLOADS'): + + if not user and current_user.is_authenticated: + user = current_user.user + + if not user and not current_app.config.get('ALLOW_ANONYMOUS_UPLOADS'): abort(403) + uploaded_file = request.files.get('file') if not uploaded_file or not uploaded_file.filename: - flash('No valid file or filename was provided.', 'warning') - return render_template('upload.html', **context) + return error('No valid file or filename was provided.') if hasattr(uploaded_file.stream, 'file'): temp = None temp_path = uploaded_file.stream.name @@ -134,7 +156,7 @@ def upload(): temp = tempfile.NamedTemporaryFile(prefix = 'upload_', dir = current_app.config['FILE_DIRECTORY'], delete = False) uploaded_file.save(temp.file) temp_path = temp.name - new_file = add_file(temp_path, uploaded_file.filename, current_user.user if current_user.is_authenticated else None, request.remote_addr) + new_file = add_file(temp_path, uploaded_file.filename, user, request.remote_addr) mime = new_file.get_mime_type() # TODO: Apparently TIFF also supports EXIF, test this. @@ -144,7 +166,18 @@ def upload(): # NOTE: The file hash is only used to detect duplicates when uploading, so this should not be a problem. subprocess.call(['mogrify', '-auto-orient', new_file.get_path()]) - if bool(request.form.get('api')): + if api: + return jsonify({ + 'status': True, + 'hash': new_file.hash, + 'urls': { + 'base': url_for('fbin.file', hash = '', _external = True), + 'full': url_for('fbin.file', hash = new_file.hash, filename = new_file.filename, _external = True), + 'ext': url_for('fbin.file', hash = new_file.hash, ext = new_file.ext, _external = True), + 'hash': url_for('fbin.file', hash = new_file.hash, _external = True), + }, + }) + elif old_api: return 'OK {hash}'.format(hash = new_file.hash) else: context = { @@ -346,9 +379,40 @@ def thumb(hash): @app.route('/h') @app.route('/help') def help(): + return redirect(url_for('.api')) + +@app.route('/api') +def api(): context = { - 'title': 'Help', + 'title': 'API', + 'subtitle': 'keys and usage', } - return render_template('help.html', **context) + return render_template('api.html', **context) + +@app.route('/generate-api-key') +def generate_api_key(): + if not current_user.is_authenticated: + abort(403) + now = datetime.datetime.utcnow() + user_id = int(current_user.get_id().split(':')[0]) + data = { + 'iss': request.url_root, + 'iat': now, + 'nbf': now, + 'sub': user_id, + } + token = jwt.encode(data, current_app.config['SECRET_KEY']) + return token + +@app.route('/invalidate-api-keys') +@login_required +def invalidate_api_keys(): + with db.session_scope() as s: + user = current_user.user + s.add(user) + user.api_key_date = datetime.datetime.utcnow() + s.commit() + flash('All API keys invalidated.', 'success') + return redirect(request.referrer) login_manager.login_view = '.login' -- cgit v1.2.3