def create_app(config_file=None): app = Flask(__name__) auth = HTTPDigestAuth() app.config.setdefault('PYGMENTS_STYLE', 'friendly') app.config.setdefault('PYGMENTS_LINENOS', True) app.config.setdefault('PER_PAGE', 20) app.config.setdefault('SQLALCHEMY_DATABASE_URI', 'sqlite:////tmp/ownpaste.db') app.config.setdefault('REALM', 'ownpaste') app.config.setdefault('USERNAME', 'ownpaste') app.config.setdefault('PASSWORD', auth.a1('test', app.config['USERNAME'], app.config['REALM'])) app.config.setdefault('IP_BLOCK_HITS', 10) app.config.setdefault('IP_BLOCK_TIMEOUT', 60) # in minutes app.config.setdefault('TIMEZONE', 'UTC') app.config.from_envvar('OWNPASTE_SETTINGS', True) if config_file is not None: app.config.from_pyfile(config_file) db.init_app(app) # register default error handler # based on: http://flask.pocoo.org/snippets/15/ for _exc in default_exceptions: app.error_handler_spec[None][_exc] = error_handler del _exc app.error_handler_spec[None][401] = auth.challenge app.register_blueprint(views) @app.before_first_request def before_first_request(): if (not app.debug) and app.config['PASSWORD'] == auth.a1('test'): raise RuntimeError('You should provide a password!!') return app
def run(self): auth = HTTPDigestAuth() p1 = prompt_pass('Password') p2 = prompt_pass('Retype password') if p1 != p2: print >> sys.stderr, 'Passwords didn\'t match.' return print print 'Add this to your configuration file:' print 'PASSWORD = \'%s\'' % auth.a1(p1)
def __init__(self, *args, **kwargs): self.auth = HTTPDigestAuth() MethodView.__init__(self, *args, **kwargs)
class PasteAPI(MethodView): def __init__(self, *args, **kwargs): self.auth = HTTPDigestAuth() MethodView.__init__(self, *args, **kwargs) def get(self, paste_id=None, action=None): # paste listing if paste_id is None: page = int(request.args.get("page", 1)) per_page = current_app.config["PER_PAGE"] # private mode if request.args.get("private", "0") == "1": self.auth.required() query = Paste.all(hide_private=False) # normal mode else: query = Paste.all() pagination = query.paginate(page or 1, per_page) kwargs = dict( page=pagination.page, pages=pagination.pages, per_page=pagination.per_page, total=pagination.total ) # json api if request_wants_json(): return jsonify(dict(pastes=[i.to_json(True) for i in pagination.items], **kwargs)) # html output return render_template("pastes.html", pagination=pagination) # paste rendering else: paste = Paste.get(paste_id) # if private ask for authentication if paste.private and paste_id.isdigit(): self.auth.required() # guess output by browser's accept header if action is None: # json api if request_wants_json(): return jsonify(paste.to_json()) # html output return render_template("paste.html", paste=paste) # browser goodies # plain text output if action == "raw": response = make_response(paste.file_content) response.headers["Content-Type"] = 'text/plain; charset="utf-8"' return response # force download if action == "download": content_type = "application/octet-stream" if len(paste.lexer.mimetypes): content_type = paste.lexer.mimetypes[0] file_name = "untitled.txt" if paste.file_name is not None: file_name = os.path.basename(paste.file_name) response = make_response(paste.file_content) response.headers["Content-Type"] = content_type response.headers["Content-Disposition"] = 'attachment; filename="%s"' % file_name return response # no render found abort(404) def post(self): self.auth.required() try: data = request.json except: abort(400) if data is None: abort(415) file_name = data.get("file_name") language = data.get("language") private = data.get("private", False) if not isinstance(private, bool): abort(400) try: file_content = data["file_content"] except KeyError: abort(400) # create object paste = Paste(file_content, file_name, language, private) db.session.add(paste) db.session.commit() # this api method isn't intended to be used in browsers, then we will # return json for everybody. return jsonify(paste.to_json(True)) def delete(self, paste_id): self.auth.required() paste = paste = Paste.get(paste_id) db.session.delete(paste) db.session.commit() # this api method isn't intended to be used in browsers, then we will # return json for everybody. return jsonify() def patch(self, paste_id): self.auth.required() try: data = request.json except: abort(400) if data is None: abort(415) file_name = data.get("file_name") language = data.get("language") private = data.get("private") file_content = data.get("file_content") paste = Paste.get(paste_id) if file_name is not None: paste.file_name = file_name if language is not None: paste.language = language if private is not None: if not isinstance(private, bool): abort(400) paste.private = private if file_content is not None: if not isinstance(file_content, basestring): abort(400) paste.set_file_content(file_content) db.session.commit() # this api method isn't intended to be used in browsers, then we will # return json for everybody. return jsonify(paste.to_json(True))