def validation(data={}, **kw): if not data["name"] or not data["psw"]: raise restless.ProcessingException( description="Missing data or username", code=400) if not re.match("^.+@.+\..+$", data["email"]): raise restless.ProcessingException(description="Invalid email", code=400)
def file_upload(file_id): def refuse(content): # remove the space for the file in the database db.session.delete(content) db.session.commit() # verify user verify_password() content = Content.query.filter_by(filename=str(file_id)).first() if not content: raise restless.ProcessingException(description="Not expected file", code=403) verify_owner(content) # verify content try: f = request.files["file"] except RequestEntityTooLarge: refuse(content) raise original_name, ext = os.path.splitext(f.filename) ext = ext.lower() if (not ext in IMAGE_TYPES) and (not ext in ALLOWED_TYPES): refuse(content) raise restless.ProcessingException( description="File type not allowed.", code=400) # save the file filename = str(file_id) + ext filepath = os.path.join(CONTENTS, filename) f.save(filepath) # save a base64 encoded thumbnail in the database if ext in IMAGE_TYPES: try: size = (120, 120) im = Image.open(filepath) im.thumbnail(size) tmp = "{}thumbnail_{}".format(CONTENTS, filename) im.save(tmp) with open(tmp) as f: b64photo = b64encode(f.read()) os.remove(tmp) content.photo_thumb = b64photo except IOError: # decoder jpeg not available. Handle images as normal files. pass content.file_description = original_name content.filename = filename db.session.add(content) db.session.commit() return json.dumps("Photo uploaded!")
def verify_password(): try: username, password = request.authorization.values() except AttributeError: raise restless.ProcessingException(description='Not authenticated!', code=401) else: user = User.query.get(username) if (not user) or (not sha256_crypt.verify(password, user.psw)): raise restless.ProcessingException( description='Invalid username or password!', code=401) return True
def manage_upload_announcement(data, **kw): """ At least one between upload announcement or comment has to be present. If the user wants to upload a file, send to him a token, which he can use for uploading. """ if (not "comment" in data) and (not "upload_announcement" in data): raise restless.ProcessingException(description="Missing content.", code=412) if "upload_announcement" in data: del data["upload_announcement"] data["filename"] = FileId.get_new()
def pre_modification(instance_id, data=None, **kw): """ Check if the user, who wants to modify a content, is the owner of that content. An user can modify only the 'comment' and the 'file_description' fields. """ verify_password() content = Content.query.get(instance_id) verify_owner(content) if data: allowed_fields = ["comment", "file_description"] for field in data.keys(): if not field in allowed_fields: raise restless.ProcessingException( description="Not modifiable", code=401)
def _not_authorized(): return restless.ProcessingException(message='Not Authorized', status_code=401)
def verify_owner(content): user = request.authorization["username"] if user != content.user: raise restless.ProcessingException( description='You are not the owner of that content!', code=401)