def get_file(filename):
current_user = get_jwt_identity()
f = Image.query.filter_by(name=filename).first()
if not f:
return error_response(IMAGE_NOT_EXIST)
if not f.is_public and f.owner_id != current_user:
return error_response(NOT_PERMITTED)
return send_from_directory(current_app.config["UPLOAD_FOLDER"], filename)
def register():
username = request.json.get('username', None)
password = request.json.get('password', None)
print(username, password)
if not username or not password:
return error_response(MISSING_PARAMETER)
user = User(username=username, password=password)
db.session.add(user)
try:
db.session.commit()
except IntegrityError:
return error_response(DUPLICATE_USER)
return success_response(USER_CREATED)
def login():
username = request.json.get('username', None)
password = request.json.get('password', None)
if not username or not password:
return error_response(MISSING_PARAMETER)
# Auth here
user = User.query.filter_by(username=username).first()
if user.password != password:
return error_response(INVALID_LOGIN, 401)
# Identity can be any data that is json serializable
access_token = create_access_token(identity=user.id)
return token_response(access_token)
def delete_file(filename):
current_user = get_jwt_identity()
f = Image.query.filter_by(name=filename).first()
if not f:
return error_response(IMAGE_NOT_EXIST)
if f.owner_id != current_user:
return error_response(NOT_PERMITTED)
image_path = os.path.join(current_app.config["UPLOAD_FOLDER"], f.name)
db.session.delete(f)
try:
os.remove(image_path)
db.session.commit()
except Exception:
return error_response(ERROR_DURING_DELETION, 500)
return success_response(IMAGE_DELETED)
def upload_file():
if "file" not in request.files:
return error_response(NO_FILE_UPLOADED)
f = request.files["file"]
if f.filename == "":
return error_response(NO_FILE_UPLOADED)
is_public = request.form.get("is_public", "False").lower() == 'true'
if f and allowed_file(f.filename):
user = get_jwt_identity()
_, file_extension = os.path.splitext(f.filename)
filename = random_file_name() + file_extension
image = Image(name=filename, owner_id=user, is_public=is_public)
db.session.add(image)
try:
f.save(os.path.join(current_app.config["UPLOAD_FOLDER"], filename))
db.session.commit()
except Exception:
return error_response(ERROR_DURING_SAVING, 500)
return redirect(url_for("upload.get_file", filename=filename))
else:
return error_response(INVALID_FILE)
def _wrapped_view(request, *args, **kwargs):
if _check_perms(request.user):
return view_func(request, *args, **kwargs)
return responses.error_response(
message=message, code="auth.no_have_permission", status=403, explain={"permissions": unicode(perm)}
)
def _wrapped_view(request, *args, **kwargs):
if request.user.is_authenticated():
return view_func(request, *args, **kwargs)
return responses.error_response(message=message, code="auth.not_authenticated", status=401)
def wrapper():
if not request.is_json:
return error_response(MISSING_JSON)
return func()