def delete_media():
media = Media.get_by_filename(request.json['id'][1:])
if not media:
return jsonify(['Invalid media ID.'], _status_code=400)
if not current_user.is_authenticated() or \
(not media.is_owner(current_user) and not current_user.is_admin):
return jsonify(['Invalid access.'], _status_code=400)
media.delete()
return ''
def post_media():
if current_app.config['UPLOAD_REQUIRES_LOGIN'] \
and not current_user.is_authenticated:
return jsonify(error=['Login required.'], _status=400)
if not request.files or 'file' not in request.files:
return jsonify(error=['Invalid request.'], _status=400)
magic_mime = magic.Magic(mime=True)
thumbnail_size = current_app.config['THUMBNAIL_SIZE']
upload_path = current_app.config['UPLOAD_PATH']
upload = request.files['file']
# Check MIME
mime = magic_mime.from_buffer(upload.stream.read(1024))
if mime not in current_app.config['IMAGE_ACCEPT_MIMES']:
return jsonify(error=['Invalid image type.'], _status=400)
# Rewind file stream
upload.stream.seek(0)
# Get original filename
if '.' not in upload.filename:
name = upload.filename
else:
name, upload.ext = upload.filename.rsplit('.', 1)
name = bleach.clean(name);
# Save the image to a secure random filename
filename = generate_filename(upload_path, image_extensions[mime])
file_path = os.path.join(upload_path, filename)
upload.save(file_path)
# Convert image to jpeg if bmp
if mime == 'image/x-ms-bmp':
filename = convert_to_jpeg(upload_path, file_path)
os.remove(filepath)
file_path = upload_path + filenmae
# Get image size
size = get_image_size(file_path)
# Create thumbnail
thumbname = generate_thumbnail(file_path, upload_path, thumbnail_size)
thumbnail = Media(filename=thumbname,
width=thumbnail_size[0],
height=thumbnail_size[1])
# Save the media instance
media = Media(filename=filename,
name=name,
width=size[0],
height=size[1],
thumbnail=thumbnail)
if current_user.is_authenticated():
media.user = current_user
thumbnail.user = current_user
media.save()
return jsonify(media)
def index(filename=None):
# Check if its an image to render
if filename and os.path.exists(os.path.join(upload_path, filename)):
return send_from_directory(upload_path, filename)
context = dict(images=dumps(Media.get_latest()))
context['app_name'] = app.config['APP_NAME']
context['app_conf'] = dumps(dict(
external_url=app.config['EXTERNAL_URL'],
request_registration=app.config['REQUEST_REGISTRATION'],
upload_requires_login=app.config['UPLOAD_REQUIRES_LOGIN']
))
app_data = dict(
user=anonymous_user_data,
alerts=session.pop('alerts', [])
)
if current_user.is_authenticated():
app_data['user'] = current_user
context['app_data'] = dumps(app_data)
return render_template('index.html', **context)
def get_media():
last = Media.get_by_filename(request.args['after'][1:])
return jsonify(Media.get_latest_after(last))