def sshkey():
"""
Local API endpoint that returns the public key for the current user.
If the current user does not have a public/private key pair,
one is created for him and the public key is returned in the response body.
It returns a 403 error if the request is not authorized.
"""
key_name = 'id_rsa'
login_session, session_id = get_login_session()
profile_directory = path.join((rwh.config['RWH_DATA']), login_session.username)
public_key_filename = path.join(profile_directory, "%s.pub" % key_name)
if (request.method == 'GET'):
if path.isdir(profile_directory):
if (not path.isfile(public_key_filename)):
recreate_key(profile_directory, key_name)
else:
recreate_key(profile_directory, key_name)
public_key_file = open(public_key_filename, 'r')
public_key = public_key_file.read().replace('\n', '')
public_key_file.close()
return public_key
def giturl():
"""
This API endpoint serves for reading and writing current profile git repo.
It accepts HTTP methods GET (reading) and POST (writing).
The GET request will a string with SSH username, server hostname
and path to the repository (as used by git for checkout command,
e.g. '[email protected]:delirus/rwh.git')
The POST method accepts 'text/html' content type (in UTF-8 charset)
in the same format ('user@host:repo').
The call will return error 401 if the request is not authenticated
error 403 if it is not authorized, error 405 if the method is not allowed,
error 415 if the POST request has bad content type
(it must be 'text/html[; charset=utf-8'])
and error 400 if the POSTed string is not in the required format.
Successfull POST request will write the request data to a file 'repo.url'
in the profile directory (<app_data_dir>/<sha256(username)>)
and return the POST data back to client.
Successfull GET request will return content of this file or empty string
if the file does not exist.
"""
url_file = 'repo.url' # name of the file with the git repo URL
login_session, session_id = get_login_session()
profile_directory = path.join((rwh.config['RWH_DATA']), login_session.username)
# whole path to the file with the repo URL
repo_url_filename = path.join(profile_directory, url_file)
if (request.method == 'GET'):
repo_url = ""
if path.isfile(repo_url_filename):
repo_url_file = open(repo_url_filename)
repo_url = repo_url_file.read(post_data).replace('\n', '')
repo_url_file.close()
return repo_url
elif (request.method == 'POST'):
try:
content_type = request.headers.get('Content-Type')
if content_type:
mime_type = content_type.split(';')
if (mime_type[0].strip() != 'text/html'):
raise TypeError('bad content type')
if (len(mime_type) > 1):
if (mime_type[1].strip() != 'charset=utf-8'):
raise TypeError('bad mime charset')
post_data = request.data.decode('utf-8')
if (not post_data):
raise ValueError()
if (len(post_data.split('@')) != 2):
raise ValueError()
if (len(post_data.split('@')[1].split(':')) != 2):
raise ValueError()
repo_url_file = open(repo_url_filename, 'w')
print(post_data, file=repo_url_file)
repo_url_file.close()
return post_data
else:
raise TypeError('missing content type')
except TypeError as error:
bad_content_type_response = jsonify({'error': 'bad content type'})
bad_content_type_response.status_code = 415
return bad_content_type_response
except ValueError as error:
bad_value_response = jsonify({'error': str(error)})
bad_value_response.status_code = 400
return bad_value_response
else:
bad_method_response = jsonify({'error': 'method not allowed'})
bad_method_response.status_code = 405
return bad_method_response
