def api_create_comment(id):
data = toDict(json.loads(request.get_data(as_text=True)))
try:
if not data.content or not data.content.strip():
raise APIValueError('content', 'Content is empty.')
except APIValueError as e:
r = make_response({'code': -1, 'message': e.message})
r.content_type = 'application/json'
return r
user = request.__user__
session = SessionFactory()
blog = session.query(Blog).filter(Blog.id == id).one()
try:
if blog is None:
raise APIResourceNotFoundError('Blog', 'Blog not found.')
except APIResourceNotFoundError as e:
session.close()
r = make_response({'code': -1, 'message': e.message})
r.content_type = 'application/json'
return r
comment = Comment(blog_id=blog.id,
user_id=user.id,
user_name=user.name,
user_image=user.image,
content=data.content.strip())
session.add(comment)
session.commit()
session.close()
r = make_response(json.dumps(comment, cls=AlchemyEncoder))
r.content_type = 'application/json'
return r
def failed(msg='',**data):
ret_val = {
'status':Status.FAILED.value,
'msg':msg,
}
ret_val.update(data)
return toDict(ret_val)
def error(msg = '',**data):
ret_val = {
'status':Status.ERROR.value,
'msg':msg,
}
ret_val.update(data)
return toDict(ret_val)
def success(msg='',**data):
ret_val = {
'status':Status.SUCCESS.value,
'msg':msg,
}
ret_val.update(data)
return toDict(ret_val)
def api_change_passwd():
user = request.__user__
if not user:
return redirect("/signin")
data = toDict(json.loads(request.get_data(as_text=True)))
try:
if not data.old_passwd or not _RE_SHA1.match(data.old_passwd):
raise APIValueError('old_passwd')
if not data.new_passwd or not _RE_SHA1.match(data.new_passwd):
raise APIValueError('new_passwd')
except APIValueError as e:
r = make_response({'code': -1, 'message': e.message})
r.content_type = 'application/json'
return r
session = SessionFactory()
user = session.query(User).filter(User.id == user.id).one()
try:
if not user:
raise APIError('change_passwd:failed', 'id',
'User does not exist in db.')
except APIError as e:
session.close()
r = make_response({'code': -1, 'message': e.message})
r.content_type = 'application/json'
return r
uid = user.id
sha1_old_passwd = '%s:%s' % (uid, data.old_passwd)
crypted_old_passwd = hashlib.sha1(
sha1_old_passwd.encode('utf-8')).hexdigest()
try:
if crypted_old_passwd != user.passwd:
raise APIError('change_passwd:failed', 'old_passwd',
'Old passwd is not correct.')
except APIError as e:
session.close()
r = make_response({'code': -1, 'message': e.message})
r.content_type = 'application/json'
return r
sha1_new_passwd = '%s:%s' % (uid, data.new_passwd)
user.passwd = hashlib.sha1(sha1_new_passwd.encode('utf-8')).hexdigest()
session.commit()
session.close()
r = make_response(json.dumps(user, cls=AlchemyEncoder))
r.content_type = 'application/json'
return r
def api_update_blog(id):
check_admin(request)
data = toDict(json.loads(request.get_data(as_text=True)))
session = SessionFactory()
blog = session.query(Blog).filter(Blog.id==id).one()
if not data.name or not data.name.strip():
raise APIValueError('name', 'name cannot be empty.')
if not data.summary or not data.summary.strip():
raise APIValueError('summary', 'summary cannot be empty.')
if not data.content or not data.content.strip():
raise APIValueError('content', 'content cannot be empty.')
blog.name = data.name.strip()
blog.summary = data.summary.strip()
blog.content = data.content.strip()
session.commit()
session.close()
r = make_response(json.dumps(blog, cls=AlchemyEncoder))
r.content_type = 'application/json'
return r
def authenticate():
data = toDict(json.loads(request.get_data(as_text=True)))
try:
if not data.email:
raise APIValueError('email', 'Invalid email.')
if not data.passwd:
raise APIValueError('passwd', 'Invalid password.')
except APIValueError as e:
r = make_response({'code': -1, 'message': e.message})
r.content_type = 'application/json'
return r
session = SessionFactory()
users = session.query(User).filter(User.email == data.email).all()
session.close()
try:
if len(users) == 0:
raise APIValueError('email', 'Email not exist.')
except APIValueError as e:
r = make_response({'code': -1, 'message': e.message})
r.content_type = 'application/json'
return r
user = users[0]
# check passwd:
sha1 = hashlib.sha1()
sha1.update(user.id.encode('utf-8'))
sha1.update(b':')
sha1.update(data.passwd.encode('utf-8'))
try:
if user.passwd != sha1.hexdigest():
raise APIValueError('passwd', 'Invalid password.')
except APIValueError as e:
r = make_response({'code': -1, 'message': e.message})
r.content_type = 'application/json'
return r
# authenticate ok, set cookie:
cookie = user2cookie(user, 86400)
user.passwd = '******'
r = make_response(json.dumps(user, cls=AlchemyEncoder))
r.set_cookie(COOKIE_NAME, cookie, max_age=86400, httponly=True)
r.content_type = 'application/json'
return r
def api_register_user():
data = toDict(json.loads(request.get_data(as_text=True)))
try:
if not data.name or not data.name.strip():
raise APIValueError('name')
if not data.email or not _RE_EMAIL.match(data.email):
raise APIValueError('email')
if not data.passwd or not _RE_SHA1.match(data.passwd):
raise APIValueError('passwd')
except APIValueError as e:
r = make_response({'code': -1, 'message': e.message})
r.content_type = 'application/json'
return r
session = SessionFactory()
users = session.query(User).filter(User.email == data.email).all()
try:
if len(users) > 0:
raise APIError('register:failed', 'email',
'Email is already in use.')
except APIError as e:
r = make_response({'code': -1, 'message': e.message})
r.content_type = 'application/json'
return r
uid = next_id()
sha1_passwd = '%s:%s' % (uid, data.passwd)
user = User(id=uid,
name=data.name.strip(),
email=data.email,
passwd=hashlib.sha1(sha1_passwd.encode('utf-8')).hexdigest(),
image='http://www.gravatar.com/avatar/%s?d=mm&s=120' %
hashlib.md5(data.email.encode('utf-8')).hexdigest())
session.add(user)
session.commit()
session.close()
# make session cookie:
cookie = user2cookie(user, 86400)
user.passwd = '******'
r = make_response(json.dumps(user, cls=AlchemyEncoder))
r.set_cookie(COOKIE_NAME, cookie, max_age=86400, httponly=True)
r.content_type = 'application/json'
return r
def api_create_blog():
data = toDict(json.loads(request.get_data(as_text=True)))
try:
if not data.name or not data.name.strip():
raise APIValueError('name', 'name cannot be empty.')
if not data.summary or not data.summary.strip():
raise APIValueError('summary', 'summary cannot be empty.')
if not data.content or not data.content.strip():
raise APIValueError('content', 'content cannot be empty.')
except APIValueError as e:
r = make_response({'code':-1, 'message': e.message})
r.content_type ='application/json'
return r
blog = Blog(user_id=request.__user__.id, user_name=request.__user__.name, user_image=request.__user__.image, name=data.name.strip(), summary=data.summary.strip(), content=data.content.strip())
session = SessionFactory()
session.add(blog)
session.commit()
session.close()
r = make_response(json.dumps(blog, cls=AlchemyEncoder))
r.content_type = 'application/json'
return r
def error(msg="", **data):
ret_val = {"status": Status.ERROR.value, "msg": msg}
ret_val.update(data)
return toDict(ret_val)
def failed(msg="", **data):
ret_val = {"status": Status.FAILED.value, "msg": msg}
ret_val.update(data)
return toDict(ret_val)
def success(msg="", **data):
ret_val = {"status": Status.SUCCESS.value, "msg": msg}
ret_val.update(data)
return toDict(ret_val)