def post_media():
if current_app.config['UPLOAD_REQUIRES_LOGIN'] \
and not current_user.is_authenticated:
return jsonify(error=['Login required.'], _status=400)
if not request.files or 'file' not in request.files:
return jsonify(error=['Invalid request.'], _status=400)
magic_mime = magic.Magic(mime=True)
thumbnail_size = current_app.config['THUMBNAIL_SIZE']
upload_path = current_app.config['UPLOAD_PATH']
upload = request.files['file']
# Check MIME
mime = magic_mime.from_buffer(upload.stream.read(1024))
if mime not in current_app.config['IMAGE_ACCEPT_MIMES']:
return jsonify(error=['Invalid image type.'], _status=400)
# Rewind file stream
upload.stream.seek(0)
# Get original filename
if '.' not in upload.filename:
name = upload.filename
else:
name, upload.ext = upload.filename.rsplit('.', 1)
name = bleach.clean(name);
# Save the image to a secure random filename
filename = generate_filename(upload_path, image_extensions[mime])
file_path = os.path.join(upload_path, filename)
upload.save(file_path)
# Convert image to jpeg if bmp
if mime == 'image/x-ms-bmp':
filename = convert_to_jpeg(upload_path, file_path)
os.remove(filepath)
file_path = upload_path + filenmae
# Get image size
size = get_image_size(file_path)
# Create thumbnail
thumbname = generate_thumbnail(file_path, upload_path, thumbnail_size)
thumbnail = Media(filename=thumbname,
width=thumbnail_size[0],
height=thumbnail_size[1])
# Save the media instance
media = Media(filename=filename,
name=name,
width=size[0],
height=size[1],
thumbnail=thumbnail)
if current_user.is_authenticated():
media.user = current_user
thumbnail.user = current_user
media.save()
return jsonify(media)
def delete_media():
media = Media.get_by_filename(request.json['id'][1:])
if not media:
return jsonify(['Invalid media ID.'], _status_code=400)
if not current_user.is_authenticated() or \
(not media.is_owner(current_user) and not current_user.is_admin):
return jsonify(['Invalid access.'], _status_code=400)
media.delete()
return ''
def registration_request(email, ip):
msg = Message(
'Registration Request',
sender=current_app.config['MAIL_USERNAME'],
recipients=current_app.config['REQUEST_REGISTRATION_EMAIL'])
context = dict(
request_email=email,
request_ip=ip,
approve_url=url_for(
'.registration_request_action',
action='approve',
email=email,
_external=True),
deny_url=url_for(
'.registration_request_action',
action='deny',
email=email,
_external=True)
)
msg.body = render_template('email/registration_request.plain', **context)
msg.html = render_template('email/registration_request.html', **context)
registration_request = UserRegistrationRequest(email, ip)
registration_request.save()
mail_session.send(msg)
return jsonify(dict(request_received=True))
def login():
form = LoginForm()
if form.validate_on_submit():
form_user = User.get_user(form.username.data)
if form_user and form_user.check_password(form.password.data):
if login_user(form_user):
return jsonify(form_user)
else:
return jsonify(username=['Your account is currently disabled.'],
_status_code=400)
else:
return jsonify(username=['Invalid username, email or password.'],
_status_code=400)
return ''
form.errors['_status_code'] = 400
return jsonify(**form.errors)
def register():
form = RegistrationForm()
if current_app.config['REQUEST_REGISTRATION']:
if 'token' in request.json:
form = TokenRegistrationForm()
else:
form = RegistrationRequestForm()
if form.validate_on_submit():
return registration_request(form.email.data,
request.remote_addr)
if form.validate_on_submit():
new_user = User(form.username.data,
form.email.data,
form.password.data,
request.remote_addr)
new_user.save()
if login_user(new_user):
return jsonify(new_user)
return jsonify(anonymous_user_data)
form.errors['_status_code'] = 400
return jsonify(**form.errors)
def logout():
logout_user()
return jsonify(**anonymous_user_data)
def get_media():
last = Media.get_by_filename(request.args['after'][1:])
return jsonify(Media.get_latest_after(last))
