summaryrefslogtreecommitdiff
path: root/fbin/api.py
blob: dc7e1f8e67c040190067b69b7283673a77094ecd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
import datetime
import functools

from flask import Blueprint, current_app, request, jsonify, abort, g
from flask.views import MethodView
from flask_login import current_user
import jwt

from .db import db, User, NoResultFound
from .fbin import upload as fbin_upload, get_file

app = Blueprint('api', __name__)


def makejson(f):
    @functools.wraps(f)
    def wrapper(*args, **kwargs):
        r = f(*args, **kwargs)
        if isinstance(r, dict):
            r = jsonify(r)
        return r
    return wrapper


@app.before_request
def authenticate():
    g.user = None
    if 'Authorization' not in request.headers:
        abort(403)
    scheme, token = request.headers['Authorization'].split(None, 1)
    if scheme != 'Bearer':
        abort(400)
    try:
        token = jwt.decode(token, current_app.config['SECRET_KEY'], issuer=request.url_root,
                algorithms=[current_app.config['API_JWT_ALGORITHM']])
    except jwt.InvalidTokenError:
        abort(403)
    try:
        user = db.session.query(User).filter(User.id == token['sub']).one()
        token_datetime = datetime.datetime.fromtimestamp(token['iat'])
        # If token was issued before api_key_date was updated, consider it invalid.
        if token_datetime < user.api_key_date:
            abort(403)
        else:
            g.user = user
    except NoResultFound:
        abort(403)


def api_login_required(f):
    def wrapper(*args, **kwargs):
        if not current_user.is_authenticated:
            return {
                'status': False,
                'message': 'Not authenticated'
            }
        return f(*args, **kwargs)
    return wrapper


@app.route('/upload', methods=['POST'])
def upload():
    return fbin_upload(api=True, user=g.user)


class FileAPI(MethodView):
    decorators = [api_login_required, makejson]

    def put(self, hash):
        f = get_file(hash, user_id=current_user.get_id())
        if not f:
            return {
                'status': False,
                'message': 'File not found'
            }
        filename = request.form.get('filename')
        if not filename:
            return {
                'status': False,
                'message': 'Empty or missing filename',
            }
        f.filename = filename
        db.session.add(f)
        return {
            'status': True,
        }

    def delete(self, hash):
        pass

# TODO: Add back FileAPI when ready.
# file_api_view = FileAPI.as_view('file_api')
# app.add_url_rule('/file/<hash>', view_func=file_api_view, methods=['PUT', 'DELETE'])


@app.route('/test')
def test():
    return g.user.username