def get_file(filename): current_user = get_jwt_identity() f = Image.query.filter_by(name=filename).first() if not f: return error_response(IMAGE_NOT_EXIST) if not f.is_public and f.owner_id != current_user: return error_response(NOT_PERMITTED) return send_from_directory(current_app.config["UPLOAD_FOLDER"], filename)
def register(): username = request.json.get('username', None) password = request.json.get('password', None) print(username, password) if not username or not password: return error_response(MISSING_PARAMETER) user = User(username=username, password=password) db.session.add(user) try: db.session.commit() except IntegrityError: return error_response(DUPLICATE_USER) return success_response(USER_CREATED)
def login(): username = request.json.get('username', None) password = request.json.get('password', None) if not username or not password: return error_response(MISSING_PARAMETER) # Auth here user = User.query.filter_by(username=username).first() if user.password != password: return error_response(INVALID_LOGIN, 401) # Identity can be any data that is json serializable access_token = create_access_token(identity=user.id) return token_response(access_token)
def delete_file(filename): current_user = get_jwt_identity() f = Image.query.filter_by(name=filename).first() if not f: return error_response(IMAGE_NOT_EXIST) if f.owner_id != current_user: return error_response(NOT_PERMITTED) image_path = os.path.join(current_app.config["UPLOAD_FOLDER"], f.name) db.session.delete(f) try: os.remove(image_path) db.session.commit() except Exception: return error_response(ERROR_DURING_DELETION, 500) return success_response(IMAGE_DELETED)
def upload_file(): if "file" not in request.files: return error_response(NO_FILE_UPLOADED) f = request.files["file"] if f.filename == "": return error_response(NO_FILE_UPLOADED) is_public = request.form.get("is_public", "False").lower() == 'true' if f and allowed_file(f.filename): user = get_jwt_identity() _, file_extension = os.path.splitext(f.filename) filename = random_file_name() + file_extension image = Image(name=filename, owner_id=user, is_public=is_public) db.session.add(image) try: f.save(os.path.join(current_app.config["UPLOAD_FOLDER"], filename)) db.session.commit() except Exception: return error_response(ERROR_DURING_SAVING, 500) return redirect(url_for("upload.get_file", filename=filename)) else: return error_response(INVALID_FILE)
def _wrapped_view(request, *args, **kwargs): if _check_perms(request.user): return view_func(request, *args, **kwargs) return responses.error_response( message=message, code="auth.no_have_permission", status=403, explain={"permissions": unicode(perm)} )
def _wrapped_view(request, *args, **kwargs): if request.user.is_authenticated(): return view_func(request, *args, **kwargs) return responses.error_response(message=message, code="auth.not_authenticated", status=401)
def wrapper(): if not request.is_json: return error_response(MISSING_JSON) return func()