1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
import datetime
import functools
from flask import Blueprint, current_app, request, jsonify, abort, g
from flask.views import MethodView
from flask_login import current_user
import jwt
from .db import db, User, NoResultFound
from .fbin import upload as fbin_upload, get_file
app = Blueprint('api', __name__)
def makejson(f):
@functools.wraps(f)
def wrapper(*args, **kwargs):
r = f(*args, **kwargs)
if isinstance(r, dict):
r = jsonify(r)
return r
return wrapper
@app.before_request
def authenticate():
g.user = None
if not 'Authorization' in request.headers:
abort(403)
scheme, token = request.headers['Authorization'].split(None, 1)
if scheme != 'Bearer':
abort(400)
try:
token = jwt.decode(token, current_app.config['SECRET_KEY'], issuer = request.url_root)
except jwt.InvalidTokenError:
abort(403)
try:
user = db.session.query(User).filter(User.id == token['sub']).one()
token_datetime = datetime.datetime.fromtimestamp(token['iat'])
# If token was issued before api_key_date was updated, consider it invalid.
if token_datetime < user.api_key_date:
abort(403)
else:
g.user = user
except NoResultFound:
abort(403)
def api_login_required(f):
def wrapper(*args, **kwargs):
if not current_user.is_authenticated:
return {
'status': False,
'message': 'Not authenticated'
}
return f(*args, **kwargs)
return wrapper
@app.route('/upload', methods = ['POST'])
def upload():
return fbin_upload(api = True, user = g.user)
class FileAPI(MethodView):
decorators = [api_login_required, makejson]
def put(self, hash):
f = get_file(hash, user_id = current_user.get_id())
if not f:
return {
'status': False,
'message': 'File not found'
}
filename = request.form.get('filename')
if not filename:
return {
'status': False,
'message': 'Empty or missing filename',
}
f.filename = filename
db.session.add(f)
return {
'status': True,
}
def delete(self, hash):
pass
# TODO: Add back FileAPI when ready.
#file_api_view = FileAPI.as_view('file_api')
#app.add_url_rule('/file/<hash>', view_func = file_api_view, methods = ['PUT', 'DELETE'])
@app.route('/test')
def test():
return g.user.username
|