def api_nexus_hashes_hash(request):
session = DBSession()
matchdict = request.matchdict
message_hash = matchdict["hash"]
message = NexusMessage.getByMessageHash(message_hash)
if (message is not None):
return {"result": True}
else:
return {"result": False}
def api_nexus_messages_hash(request):
session = DBSession()
matchdict = request.matchdict
message_hash = matchdict["hash"]
message = NexusMessage.getByMessageHash(message_hash)
if (message is not None):
result = {"message": {}}
result["message"]["title"] = message.title
result["message"]["content"] = message.content
result["message"]["message_hash"] = message.message_hash
result["message"]["created_time"] = message.created_time
result["message"]["attachment_path"] = message.attachment_path
result["message"]["attachment_original_filename"] = message.attachment_original_filename
result["message"]["username"] = message.user.username
return result
else:
return {"error": "No message found for hash %s" % message_hash}
def api_nexus_message_update(request):
# TODO
# add signed API call to request a nonce
# and then in this call, check for nonce and for nonce time < 2 hours
session = DBSession()
if ("message" not in request.params):
return {"error": _("No 'message' parameter found")}
else:
message = simplejson.loads(request.params["message"], encoding="utf-8")
# Get the nonce
try:
nonce = message["message_nonce"]
except KeyError:
return {"error": "You think you can get in without following the rules? No cookie for you!"}
# Check the nonce
if (not ConsumerNonce.checkNonce(nonce)):
return {"error": "Nonce not correct."}
# Get the consumer key
consumer = ConsumerKeySecret.getByConsumerKey(message["message_key"])
if ("message_title" not in message):
return {"error": _("No 'message_title' found in POSTed message.")}
elif ("message_content" not in message):
return {"error": _("No 'message_content' found in POSTed message.")}
elif ("message_hash" not in message):
return {"error": _("No 'message_hash' found in POSTed message.")}
elif ("message_time" not in message):
return {"error": _("No 'message_time' found in POSTed message.")}
elif ("message_type" not in message):
return {"error": _("No 'message_type' found in POSTed message.")}
computed_hash = hashlib.sha256(unicode(message["message_title"]).encode("utf-8") + unicode(message["message_content"]).encode("utf-8")).hexdigest()
if (computed_hash != message["message_hash"]):
return {"error": _("The computed hash (%s) does not match the hash sent with the POST (%s)." % (computed_hash, message["message_hash"]))}
if (NexusMessage.getByMessageHash(computed_hash)):
return {"error": "The message with hash '%s' already exists in the Nexus" % message["message_hash"]}
m = NexusMessage()
m.title = message["message_title"]
# Strip any potential HTML tags in the content
m.content = re.sub(r'<[^>]*?>', '', message["message_content"])
m.message_hash = message["message_hash"]
m.message_type = message["message_type"]
m.created_time = message["message_time"]
m.priority = message["message_priority"]
if (request.params.has_key("message_attachment")):
attachment = request.params.get("message_attachment")
if not hasattr(attachment, 'file'):
raise TypeError("Not a valid file field")
attachmentsDir = request.registry.settings["attachments.data_dir"]
#attachmentDataBase64 = message["message_attachment"]
#attachmentData = base64.b64decode(attachmentDataBase64)
message_attachment_path = os.path.join(attachmentsDir, message["message_hash"])
attachment_original_filename = message["message_attachment_original_filename"]
fullPath, extension = os.path.splitext(attachment_original_filename)
fp = open(message_attachment_path + extension, "wb")
while True:
data = attachment.file.read(8192)
if not data:
break
fp.write(data)
fp.close()
# Resize if an image
if (m.message_type == 2):
size = 200, 200
try:
# Probably needs some validation here...
im = Image.open(message_attachment_path + extension)
im.thumbnail(size)
im.save(message_attachment_path + "_tn" + extension)
except IOError, e:
pass
m.attachment_original_filename = attachment_original_filename
m.attachment_path = message_attachment_path
else: