def GET(self, action):
web.header("Content-Type", "application/json")
set_no_cache()
# check if we have the action
if action not in self.GET_ACTIONS:
return error.wrong_action()
# get the input data if we have the spec
if action in self.VALIDATE_SPECS:
d = get_input(self.VALIDATE_SPECS[action])
uuid = session.get("uuid", None)
if not uuid:
return error.not_logged_in()
if action == "stream":
param = spec.extract(self.EXTRACT_SPECS["stream_request"], d)
if param["type"] == "user":
if not param["uid"]:
raise web.badrequest()
elif param["type"] == "list":
if not param["list_id"]:
raise web.badrequest()
ret = db.stream(uuid, **param)
if "error" in ret:
return jsond(ret)
else:
return jsond(spec.extract(self.EXTRACT_SPECS["stream_response"], ret))
elif action == "current_user":
u = db.get_user(uuid)
return jsond(spec.extract(self.EXTRACT_SPECS["current_user"], u))
elif action == "userinfo":
u = db.find_user(d.uid)
if not u:
return error.user_not_found()
u["isfollowing"] = bson.objectid.ObjectId(uuid) in u["follower"]
return jsond(spec.extract(self.EXTRACT_SPECS["userinfo"], u))
elif action == "get_following":
param = spec.extract(self.EXTRACT_SPECS["userlist_request"], d)
ret = db.get_following(uuid, **param)
new_items = [spec.extract(self.EXTRACT_SPECS["userinfo"], u) for u in ret["items"]]
ret["items"] = new_items
return jsond(ret)
elif action == "get_follower":
param = spec.extract(self.EXTRACT_SPECS["userlist_request"], d)
ret = db.get_follower(uuid, **param)
new_items = [spec.extract(self.EXTRACT_SPECS["userinfo"], u) for u in ret["items"]]
ret["items"] = new_items
return jsond(ret)
elif action == "get_message":
ret = db.get_message(uuid, d.msg_id)
if "error" in ret:
return jsond(ret)
else:
return jsond(spec.extract(self.EXTRACT_SPECS["stream_response"], ret))
elif action == "validate":
act = d.action
if act in self.VALIDATE_SPECS:
errors = spec.validate(self.VALIDATE_SPECS[act], web.input())
if errors:
return jsond(errors)
else:
return jsond({"success": 1})
else:
return error.wrong_action()
elif action == "recommend_user":
return jsond({"users": [spec.extract(self.EXTRACT_SPECS["userinfo"], u) for u in db.recommend_user(uuid)]})
elif action == "get_lists":
ret = db.get_lists(uuid, d.get("uid"))
if "error" in ret:
return jsond(ret)
else:
return jsond({"items": [spec.extract(self.EXTRACT_SPECS["listinfo"], l) for l in ret]})
elif action == "get_list_info":
ret = db.get_list_info(uuid, d["id"])
if "error" in ret:
return jsond(ret)
else:
return jsond(spec.extract(self.EXTRACT_SPECS["listinfo"], ret))
elif action == "get_list_users":
param = spec.extract(self.EXTRACT_SPECS["list_userlist_request"], d)
ret = db.get_list_users(uuid, param["id"], param["skip"])
new_items = [spec.extract(self.EXTRACT_SPECS["userinfo"], u) for u in ret["items"]]
ret["items"] = new_items
return jsond(ret)
elif action == "search":
req = spec.extract(self.EXTRACT_SPECS["search_request"], d)
ret = db.search(uuid, **req)
if "error" in ret:
return jsond(ret)
else:
return jsond(spec.extract(self.EXTRACT_SPECS["stream_response"], ret))
return error.not_implemented()
def POST(self, action):
if action == "upload_photo":
# this is to prevent IE from downloading the JSON.
web.header("Content-Type", "text/plain")
else:
web.header("Content-Type", "application/json")
set_no_cache()
# check if we have the action
if action not in self.POST_ACTIONS:
return error.wrong_action()
# get the input data if we have the spec
if action in self.VALIDATE_SPECS:
d = get_input(self.VALIDATE_SPECS[action])
# act
if action == "register":
return jsond(db.register(d.uid, d.email, d.password))
elif action == "login":
u = db.checkLogin(d.uid, d.password)
if u:
session.uuid = str(u["_id"])
return jsond({"uid": u["uid"]})
else:
return error.wrong_login()
# check login
uuid = session.get("uuid", None)
if not uuid:
return error.not_logged_in()
if action == "follow":
return jsond(db.follow(uuid, d.uid))
elif action == "unfollow":
return jsond(db.unfollow(uuid, d.uid))
elif action == "publish":
req = spec.extract(self.EXTRACT_SPECS["publish_request"], d)
return jsond(db.publish(uuid, **req))
elif action == "remove":
req = spec.extract(self.EXTRACT_SPECS["remove_request"], d)
return jsond(db.remove(uuid, **req))
elif action == "update_profile":
u = db.update_profile(uuid, d)
return jsond(spec.extract(self.EXTRACT_SPECS["current_user"], u))
elif action == "upload_photo":
try:
d = web.input(photo={})
if "photo" in d:
u = db.get_user(uuid)
photo.resize_save(u["uid"], d.photo.file)
if db.update_photo(uuid, True).has_key("success"):
return jsond({"success": 1})
return error.photo_upload_failed()
except Exception, e:
traceback.print_exc()
return error.photo_upload_failed()
if "photo" in d:
u = db.get_user(uuid)
photo.resize_save(u["uid"], d.photo.file)
if db.update_photo(uuid, True).has_key("success"):
return jsond({"success": 1})
return error.photo_upload_failed()
except Exception, e:
traceback.print_exc()
return error.photo_upload_failed()
elif action == "logout":
session.kill()
return jsond({"success": 1})
elif action == "create_list":
return jsond(db.create_list(uuid, d.name))
elif action == "remove_list":
return jsond(db.remove_list(uuid, d["id"]))
elif action == "add_to_list":
return jsond(db.add_to_list(uuid, d["id"], d.uid))
elif action == "remove_from_list":
return jsond(db.remove_from_list(uuid, d["id"], d.uid))
return error.not_implemented()
# export wsgi application
application = app.wsgifunc()
def POST(self, action):
if action == 'upload_photo':
# this is to prevent IE from downloading the JSON.
web.header('Content-Type', 'text/plain')
else:
web.header('Content-Type', 'application/json')
set_no_cache()
# check if we have the action
if action not in self.POST_ACTIONS:
return error.wrong_action()
# get the input data if we have the spec
if action in self.VALIDATE_SPECS:
d = get_input(self.VALIDATE_SPECS[action])
# act
if action == 'register':
return jsond(db.register(d.uid, d.email, d.password))
elif action == 'login':
u = db.checkLogin(d.uid, d.password)
if u:
session.uuid = str(u['_id'])
return jsond({'uid': u['uid']})
else:
return error.wrong_login()
# check login
uuid = session.get('uuid', None)
if not uuid:
return error.not_logged_in()
if action == 'follow':
return jsond(db.follow(uuid, d.uid))
elif action == 'unfollow':
return jsond(db.unfollow(uuid, d.uid))
elif action == 'publish':
req = spec.extract(self.EXTRACT_SPECS['publish_request'], d)
return jsond(db.publish(uuid, **req))
elif action == 'remove':
req = spec.extract(self.EXTRACT_SPECS['remove_request'], d)
return jsond(db.remove(uuid, **req))
elif action == 'update_profile':
u = db.update_profile(uuid, d)
return jsond(spec.extract(self.EXTRACT_SPECS['current_user'], u))
elif action == 'upload_photo':
try:
d = web.input(photo={})
if 'photo' in d:
u = db.get_user(uuid)
photo.resize_save(u['uid'], d.photo.file)
if db.update_photo(uuid, True).has_key('success'):
return jsond({'success': 1})
return error.photo_upload_failed()
except Exception, e:
traceback.print_exc()
return error.photo_upload_failed()
def GET(self, action):
web.header('Content-Type', 'application/json')
set_no_cache()
# check if we have the action
if action not in self.GET_ACTIONS:
return error.wrong_action()
# get the input data if we have the spec
if action in self.VALIDATE_SPECS:
d = get_input(self.VALIDATE_SPECS[action])
uuid = session.get('uuid', None)
if not uuid:
return error.not_logged_in()
if action == 'stream':
param = spec.extract(self.EXTRACT_SPECS['stream_request'], d)
if param['type'] == 'user':
if not param['uid']:
raise web.badrequest()
elif param['type'] == 'list':
if not param['list_id']:
raise web.badrequest()
ret = db.stream(uuid, **param)
if 'error' in ret:
return jsond(ret)
else:
return jsond(
spec.extract(self.EXTRACT_SPECS['stream_response'], ret))
elif action == 'current_user':
u = db.get_user(uuid)
return jsond(spec.extract(self.EXTRACT_SPECS['current_user'], u))
elif action == 'userinfo':
u = db.find_user(d.uid)
if not u:
return error.user_not_found()
u['isfollowing'] = bson.objectid.ObjectId(uuid) in u['follower']
return jsond(spec.extract(self.EXTRACT_SPECS['userinfo'], u))
elif action == 'get_following':
param = spec.extract(self.EXTRACT_SPECS['userlist_request'], d)
ret = db.get_following(uuid, **param)
new_items = [
spec.extract(self.EXTRACT_SPECS['userinfo'], u)
for u in ret['items']
]
ret['items'] = new_items
return jsond(ret)
elif action == 'get_follower':
param = spec.extract(self.EXTRACT_SPECS['userlist_request'], d)
ret = db.get_follower(uuid, **param)
new_items = [
spec.extract(self.EXTRACT_SPECS['userinfo'], u)
for u in ret['items']
]
ret['items'] = new_items
return jsond(ret)
elif action == 'get_message':
ret = db.get_message(uuid, d.msg_id)
if 'error' in ret:
return jsond(ret)
else:
return jsond(
spec.extract(self.EXTRACT_SPECS['stream_response'], ret))
elif action == 'validate':
act = d.action
if act in self.VALIDATE_SPECS:
errors = spec.validate(self.VALIDATE_SPECS[act], web.input())
if errors:
return jsond(errors)
else:
return jsond({'success': 1})
else:
return error.wrong_action()
elif action == 'recommend_user':
return jsond({
'users': [
spec.extract(self.EXTRACT_SPECS['userinfo'], u)
for u in db.recommend_user(uuid)
]
})
elif action == 'get_lists':
ret = db.get_lists(uuid, d.get('uid'))
if 'error' in ret:
return jsond(ret)
else:
return jsond({
'items': [
spec.extract(self.EXTRACT_SPECS['listinfo'], l)
for l in ret
]
})
elif action == 'get_list_info':
ret = db.get_list_info(uuid, d['id'])
if 'error' in ret:
return jsond(ret)
else:
return jsond(spec.extract(self.EXTRACT_SPECS['listinfo'], ret))
elif action == 'get_list_users':
param = spec.extract(self.EXTRACT_SPECS['list_userlist_request'],
d)
ret = db.get_list_users(uuid, param['id'], param['skip'])
new_items = [
spec.extract(self.EXTRACT_SPECS['userinfo'], u)
for u in ret['items']
]
ret['items'] = new_items
return jsond(ret)
elif action == 'search':
req = spec.extract(self.EXTRACT_SPECS['search_request'], d)
ret = db.search(uuid, **req)
if 'error' in ret:
return jsond(ret)
else:
return jsond(
spec.extract(self.EXTRACT_SPECS['stream_response'], ret))
return error.not_implemented()
class api:
GET_ACTIONS = set('stream current_user userinfo get_message validate\
get_following get_follower recommend_user search\
get_lists get_list_info get_list_users'.split())
POST_ACTIONS = set('register login logout publish remove follow unfollow\
update_profile upload_photo\
create_list remove_list add_to_list remove_from_list'.split())
FILTERS = {
'uid': re.compile(r'[a-zA-Z][a-zA-Z0-9]+'),
'email': re.compile(r'(.+)@(.+).(.+)'),
'datetime': lambda _: _ and int(_) or None,
'objectid': lambda _: bson.objectid.ObjectId(_),
'positive_integer': lambda _: int(_) >= 0
}
VALIDATE_SPECS = {
'register': {
'uid': FILTERS['uid'],
'email': FILTERS['email'],
'password': True
},
'login': {
'uid': FILTERS['uid'],
'password': True
},
'publish': {
'content': True,
'parent': (FILTERS['objectid'], False),
'type': (lambda _: _ in ['normal', 'reply', 'forward'], False)
},
'remove': {
'msg_id': FILTERS['objectid']
},
'follow': {
'uid': FILTERS['uid']
},
'unfollow': {
'uid': FILTERS['uid']
},
'userinfo': {
'uid': FILTERS['uid']
},
'update_profile': {
'email': (FILTERS['email'], False)
},
'get_message': {
'msg_id': FILTERS['objectid']
},
'validate': {
'action': True,
},
'stream': {
'olderThan': (FILTERS['datetime'], False),
'newerThan': (FILTERS['datetime'], False),
'uid': (FILTERS['uid'], False),
'list_id': (FILTERS['objectid'], False)
},
'get_following': {
'uid': FILTERS['uid'],
'skip': (FILTERS['positive_integer'], False)
},
'get_follower': {
'uid': FILTERS['uid'],
'skip': (FILTERS['positive_integer'], False)
},
'create_list': {
'name': str
},
'remove_list': {
'id': FILTERS['objectid']
},
'add_to_list': {
'id': FILTERS['objectid'],
'uid': FILTERS['uid']
},
'remove_from_list': {
'id': FILTERS['objectid'],
'uid': FILTERS['uid']
},
'get_lists': {
'uid': (FILTERS['uid'], False)
},
'get_list_info': {
'id': FILTERS['objectid']
},
'get_list_users': {
'id': FILTERS['objectid'],
'skip': (FILTERS['positive_integer'], False)
},
'search': {
'olderThan': (FILTERS['datetime'], False),
'newerThan': (FILTERS['datetime'], False),
'query': True
}
}
EXTRACT_SPECS = {
'userinfo': {
'name': (spec.untaint, ''),
'uid': str,
'bio': (spec.untaint, ''),
'location': (spec.untaint, ''),
'web': (spec.untaint, ''),
'following': (len, []),
'follower': (len, []),
'photo': (spec.untaint, conf.default_photo_uri),
'isfollowing': (bool, False)
},
'current_user': {
'name': (spec.untaint, ''),
'email': spec.untaint,
'uid': str,
'bio': (spec.untaint, ''),
'location': (spec.untaint, ''),
'web': (spec.untaint, ''),
'following': (len, []),
'follower': (len, []),
'photo': (spec.untaint, conf.default_photo_uri)
},
'stream_item': {
'id':
str,
'uid':
spec.untaint,
'content':
spec.untaint,
'timestamp':
spec.untaint,
'entities':
spec.untaint,
'parent': (spec.untaint, None),
'type': (spec.untaint, 'normal'),
'parent_message': (lambda _: _ and spec.extract(
api.EXTRACT_SPECS['stream_item'], _) or None, None)
},
'stream_response': {
'has_more':
spec.untaint,
'items':
lambda items: [
spec.extract(api.EXTRACT_SPECS['stream_item'], item)
for item in items
],
'users':
lambda uid_dict: dict([(
k, spec.extract(api.EXTRACT_SPECS['userinfo'], v))
for k, v in uid_dict.iteritems()])
},
'stream_request': {
'olderThan':
(lambda _: _ and util.parseTimestamp(int(_)) or None, None),
'newerThan':
(lambda _: _ and util.parseTimestamp(int(_)) or None, None),
'uid': (spec.untaint, None),
'type': (str, 'normal'),
'list_id': (spec.untaint, None)
},
'publish_request': {
'content': spec.untaint,
'parent': (FILTERS['objectid'], None),
'type': (str, 'normal')
},
'remove_request': {
'msg_id': FILTERS['objectid']
},
# used by get_following/get_follower
'userlist_request': {
'uid': str,
'skip': (int, 0)
},
# used by get_list_users
'list_userlist_request': {
'id': str,
'skip': (int, 0)
},
'listinfo': {
'id': str,
'name': spec.untaint,
'people': len,
'curator': str
},
'search_request': {
'olderThan':
(lambda _: _ and util.parseTimestamp(int(_)) or None, None),
'newerThan':
(lambda _: _ and util.parseTimestamp(int(_)) or None, None),
'query':
spec.untaint
}
}
def GET(self, action):
web.header('Content-Type', 'application/json')
set_no_cache()
# check if we have the action
if action not in self.GET_ACTIONS:
return error.wrong_action()
# get the input data if we have the spec
if action in self.VALIDATE_SPECS:
d = get_input(self.VALIDATE_SPECS[action])
uuid = session.get('uuid', None)
if not uuid:
return error.not_logged_in()
if action == 'stream':
param = spec.extract(self.EXTRACT_SPECS['stream_request'], d)
if param['type'] == 'user':
if not param['uid']:
raise web.badrequest()
elif param['type'] == 'list':
if not param['list_id']:
raise web.badrequest()
ret = db.stream(uuid, **param)
if 'error' in ret:
return jsond(ret)
else:
return jsond(
spec.extract(self.EXTRACT_SPECS['stream_response'], ret))
elif action == 'current_user':
u = db.get_user(uuid)
return jsond(spec.extract(self.EXTRACT_SPECS['current_user'], u))
elif action == 'userinfo':
u = db.find_user(d.uid)
if not u:
return error.user_not_found()
u['isfollowing'] = bson.objectid.ObjectId(uuid) in u['follower']
return jsond(spec.extract(self.EXTRACT_SPECS['userinfo'], u))
elif action == 'get_following':
param = spec.extract(self.EXTRACT_SPECS['userlist_request'], d)
ret = db.get_following(uuid, **param)
new_items = [
spec.extract(self.EXTRACT_SPECS['userinfo'], u)
for u in ret['items']
]
ret['items'] = new_items
return jsond(ret)
elif action == 'get_follower':
param = spec.extract(self.EXTRACT_SPECS['userlist_request'], d)
ret = db.get_follower(uuid, **param)
new_items = [
spec.extract(self.EXTRACT_SPECS['userinfo'], u)
for u in ret['items']
]
ret['items'] = new_items
return jsond(ret)
elif action == 'get_message':
ret = db.get_message(uuid, d.msg_id)
if 'error' in ret:
return jsond(ret)
else:
return jsond(
spec.extract(self.EXTRACT_SPECS['stream_response'], ret))
elif action == 'validate':
act = d.action
if act in self.VALIDATE_SPECS:
errors = spec.validate(self.VALIDATE_SPECS[act], web.input())
if errors:
return jsond(errors)
else:
return jsond({'success': 1})
else:
return error.wrong_action()
elif action == 'recommend_user':
return jsond({
'users': [
spec.extract(self.EXTRACT_SPECS['userinfo'], u)
for u in db.recommend_user(uuid)
]
})
elif action == 'get_lists':
ret = db.get_lists(uuid, d.get('uid'))
if 'error' in ret:
return jsond(ret)
else:
return jsond({
'items': [
spec.extract(self.EXTRACT_SPECS['listinfo'], l)
for l in ret
]
})
elif action == 'get_list_info':
ret = db.get_list_info(uuid, d['id'])
if 'error' in ret:
return jsond(ret)
else:
return jsond(spec.extract(self.EXTRACT_SPECS['listinfo'], ret))
elif action == 'get_list_users':
param = spec.extract(self.EXTRACT_SPECS['list_userlist_request'],
d)
ret = db.get_list_users(uuid, param['id'], param['skip'])
new_items = [
spec.extract(self.EXTRACT_SPECS['userinfo'], u)
for u in ret['items']
]
ret['items'] = new_items
return jsond(ret)
elif action == 'search':
req = spec.extract(self.EXTRACT_SPECS['search_request'], d)
ret = db.search(uuid, **req)
if 'error' in ret:
return jsond(ret)
else:
return jsond(
spec.extract(self.EXTRACT_SPECS['stream_response'], ret))
return error.not_implemented()
def POST(self, action):
if action == 'upload_photo':
# this is to prevent IE from downloading the JSON.
web.header('Content-Type', 'text/plain')
else:
web.header('Content-Type', 'application/json')
set_no_cache()
# check if we have the action
if action not in self.POST_ACTIONS:
return error.wrong_action()
# get the input data if we have the spec
if action in self.VALIDATE_SPECS:
d = get_input(self.VALIDATE_SPECS[action])
# act
if action == 'register':
return jsond(db.register(d.uid, d.email, d.password))
elif action == 'login':
u = db.checkLogin(d.uid, d.password)
if u:
session.uuid = str(u['_id'])
return jsond({'uid': u['uid']})
else:
return error.wrong_login()
# check login
uuid = session.get('uuid', None)
if not uuid:
return error.not_logged_in()
if action == 'follow':
return jsond(db.follow(uuid, d.uid))
elif action == 'unfollow':
return jsond(db.unfollow(uuid, d.uid))
elif action == 'publish':
req = spec.extract(self.EXTRACT_SPECS['publish_request'], d)
return jsond(db.publish(uuid, **req))
elif action == 'remove':
req = spec.extract(self.EXTRACT_SPECS['remove_request'], d)
return jsond(db.remove(uuid, **req))
elif action == 'update_profile':
u = db.update_profile(uuid, d)
return jsond(spec.extract(self.EXTRACT_SPECS['current_user'], u))
elif action == 'upload_photo':
try:
d = web.input(photo={})
if 'photo' in d:
u = db.get_user(uuid)
photo.resize_save(u['uid'], d.photo.file)
if db.update_photo(uuid, True).has_key('success'):
return jsond({'success': 1})
return error.photo_upload_failed()
except Exception, e:
traceback.print_exc()
return error.photo_upload_failed()
elif action == 'logout':
session.kill()
return jsond({'success': 1})
if 'photo' in d:
u = db.get_user(uuid)
photo.resize_save(u['uid'], d.photo.file)
if db.update_photo(uuid, True).has_key('success'):
return jsond({'success': 1})
return error.photo_upload_failed()
except Exception, e:
traceback.print_exc()
return error.photo_upload_failed()
elif action == 'logout':
session.kill()
return jsond({'success': 1})
elif action == 'create_list':
return jsond(db.create_list(uuid, d.name))
elif action == 'remove_list':
return jsond(db.remove_list(uuid, d['id']))
elif action == 'add_to_list':
return jsond(db.add_to_list(uuid, d['id'], d.uid))
elif action == 'remove_from_list':
return jsond(db.remove_from_list(uuid, d['id'], d.uid))
return error.not_implemented()
# export wsgi application
application = app.wsgifunc()
