import datetime import functools from flask import Blueprint, current_app, request, jsonify, abort, g from flask.views import MethodView from flask_login import current_user import jwt from .db import db, User, NoResultFound from .fbin import upload as fbin_upload, get_file app = Blueprint('api', __name__) def makejson(f): @functools.wraps(f) def wrapper(*args, **kwargs): r = f(*args, **kwargs) if isinstance(r, dict): r = jsonify(r) return r return wrapper @app.before_request def authenticate(): g.user = None if not 'Authorization' in request.headers: abort(403) scheme, token = request.headers['Authorization'].split(None, 1) if scheme != 'Bearer': abort(400) try: token = jwt.decode(token, current_app.config['SECRET_KEY'], issuer = request.url_root) except jwt.InvalidTokenError: abort(403) try: user = db.session.query(User).filter(User.id == token['sub']).one() token_datetime = datetime.datetime.fromtimestamp(token['iat']) # If token was issued before api_key_date was updated, consider it invalid. if token_datetime < user.api_key_date: abort(403) else: g.user = user except NoResultFound: abort(403) def api_login_required(f): def wrapper(*args, **kwargs): if not current_user.is_authenticated: return { 'status': False, 'message': 'Not authenticated' } return f(*args, **kwargs) return wrapper @app.route('/upload', methods = ['POST']) def upload(): return fbin_upload(api = True, user = g.user) class FileAPI(MethodView): decorators = [api_login_required, makejson] def put(self, hash): f = get_file(hash, user_id = current_user.get_id()) if not f: return { 'status': False, 'message': 'File not found' } filename = request.form.get('filename') if not filename: return { 'status': False, 'message': 'Empty or missing filename', } f.filename = filename db.session.add(f) return { 'status': True, } def delete(self, hash): pass # TODO: Add back FileAPI when ready. #file_api_view = FileAPI.as_view('file_api') #app.add_url_rule('/file/', view_func = file_api_view, methods = ['PUT', 'DELETE']) @app.route('/test') def test(): return g.user.username