def item_post_handler(): if not current_user.has_registered: return jsonify({'status': 'unauthorized'}), 401 try: req_data = request.get_json(force=True) name = html.escape(req_data['name']) detail = html.escape(req_data['detail']) img_type = req_data['img']['type'] type_ = int(req_data['type']) sale_self = req_data['sale_self'] will_take_back = req_data['will_take_back'] price = decimal.Decimal(req_data['price']) except: return jsonify({'status': 'badrequest'}), 400 if name == '' or price < 0 or price > 100000000: return jsonify({'status': 'badrequest'}), 400 if type_ >= len(TYPE_NAME) or type_ < 0: return jsonify({'status': 'badrequest'}), 400 if img_type not in ['png', 'jpg', 'gif', 'null']: return jsonify({'status': 'badrequest'}), 400 if img_type == 'null': id_ = Item.insert(name=name, price=price, type_=type_, sale_self=sale_self, will_take_back=will_take_back, user=current_user.id_, has_saled=False, is_deleted=False, has_given_staff=False, detail=detail, img_filename='').execute() else: img = base64.b64decode(req_data['img']['data']) if len(img) > 102400: return jsonify({'status': 'badrequest'}), 400 item = Item.create(name=name, price=price, type_=type_, sale_self=sale_self, will_take_back=will_take_back, user=current_user.id_, has_saled=False, is_deleted=False, has_given_staff=False, detail=detail, img_filename='') item.save() item.img_filename = '%d.%s' % (item.id_, img_type) with open('imgs/' + item.img_filename, 'wb') as f: f.write(img) item.save() id_ = item.id_ return jsonify({'status': 'ok', 'id': id_})