summaryrefslogtreecommitdiff
path: root/fbin/api.py
blob: 4f605f0890712a60627beba338ee3ff0fa10c677 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
import datetime
import functools

from flask import Blueprint, current_app, request, jsonify, abort, g
from flask.views import MethodView
from flask_login import current_user
import jwt

from . import db
from .fbin import upload as fbin_upload, get_file

app = Blueprint('api', __name__)

def makejson(f):
    @functools.wraps(f)
    def wrapper(*args, **kwargs):
        r = f(*args, **kwargs)
        if isinstance(r, dict):
            r = jsonify(r)
        return r
    return wrapper

@app.before_request
def authenticate():
    g.user = None
    if not 'Authorization' in request.headers:
        abort(403)
    scheme, token = request.headers['Authorization'].split(None, 1)
    if scheme != 'Bearer':
        abort(400)
    try:
        token = jwt.decode(token, current_app.config['SECRET_KEY'], issuer = request.url_root)
    except jwt.InvalidTokenError:
        abort(403)
    with db.session_scope() as s:
        try:
            user = s.query(db.User).filter(db.User.id == token['sub']).one()
            token_datetime = datetime.datetime.fromtimestamp(token['iat'])
            # If token was issued before api_key_date was updated, consider it invalid.
            if token_datetime < user.api_key_date:
                abort(403)
            else:
                g.user = user
        except db.NoResultFound:
            abort(403)

def api_login_required(f):
    def wrapper(*args, **kwargs):
        if not current_user.is_authenticated:
            return {
                'status': False,
                'message': 'Not authenticated'
            }
        return f(*args, **kwargs)
    return wrapper

@app.route('/upload', methods = ['POST'])
def upload():
    return fbin_upload(api = True, user = g.user)

class FileAPI(MethodView):
    decorators = [api_login_required, makejson]

    def put(self, hash):
        f = get_file(hash, user_id = current_user.get_id())
        if not f:
            return {
                'status': False,
                'message': 'File not found'
            }
        filename = request.form.get('filename')
        if not filename:
            return {
                'status': False,
                'message': 'Empty or missing filename',
            }
        with db.session_scope() as sess:
            f.filename = filename
            sess.add(f)
        return {
            'status': True,
        }

    def delete(self, hash):
        pass

# TODO: Add back FileAPI when ready.
#file_api_view = FileAPI.as_view('file_api')
#app.add_url_rule('/file/<hash>', view_func = file_api_view, methods = ['PUT', 'DELETE'])

@app.route('/test')
def test():
    return g.user.username