def item_post_handler():
if not current_user.has_registered:
return jsonify({'status': 'unauthorized'}), 401
try:
req_data = request.get_json(force=True)
name = html.escape(req_data['name'])
detail = html.escape(req_data['detail'])
img_type = req_data['img']['type']
type_ = int(req_data['type'])
sale_self = req_data['sale_self']
will_take_back = req_data['will_take_back']
price = decimal.Decimal(req_data['price'])
except:
return jsonify({'status': 'badrequest'}), 400
if name == '' or price < 0 or price > 100000000:
return jsonify({'status': 'badrequest'}), 400
if type_ >= len(TYPE_NAME) or type_ < 0:
return jsonify({'status': 'badrequest'}), 400
if img_type not in ['png', 'jpg', 'gif', 'null']:
return jsonify({'status': 'badrequest'}), 400
if img_type == 'null':
id_ = Item.insert(name=name,
price=price,
type_=type_,
sale_self=sale_self,
will_take_back=will_take_back,
user=current_user.id_,
has_saled=False,
is_deleted=False,
has_given_staff=False,
detail=detail,
img_filename='').execute()
else:
img = base64.b64decode(req_data['img']['data'])
if len(img) > 102400:
return jsonify({'status': 'badrequest'}), 400
item = Item.create(name=name,
price=price,
type_=type_,
sale_self=sale_self,
will_take_back=will_take_back,
user=current_user.id_,
has_saled=False,
is_deleted=False,
has_given_staff=False,
detail=detail,
img_filename='')
item.save()
item.img_filename = '%d.%s' % (item.id_, img_type)
with open('imgs/' + item.img_filename, 'wb') as f:
f.write(img)
item.save()
id_ = item.id_
return jsonify({'status': 'ok', 'id': id_})
