def validation(data={}, **kw):
if not data["name"] or not data["psw"]:
raise restless.ProcessingException(
description="Missing data or username", code=400)
if not re.match("^.+@.+\..+$", data["email"]):
raise restless.ProcessingException(description="Invalid email",
code=400)
def file_upload(file_id):
def refuse(content):
# remove the space for the file in the database
db.session.delete(content)
db.session.commit()
# verify user
verify_password()
content = Content.query.filter_by(filename=str(file_id)).first()
if not content:
raise restless.ProcessingException(description="Not expected file",
code=403)
verify_owner(content)
# verify content
try:
f = request.files["file"]
except RequestEntityTooLarge:
refuse(content)
raise
original_name, ext = os.path.splitext(f.filename)
ext = ext.lower()
if (not ext in IMAGE_TYPES) and (not ext in ALLOWED_TYPES):
refuse(content)
raise restless.ProcessingException(
description="File type not allowed.", code=400)
# save the file
filename = str(file_id) + ext
filepath = os.path.join(CONTENTS, filename)
f.save(filepath)
# save a base64 encoded thumbnail in the database
if ext in IMAGE_TYPES:
try:
size = (120, 120)
im = Image.open(filepath)
im.thumbnail(size)
tmp = "{}thumbnail_{}".format(CONTENTS, filename)
im.save(tmp)
with open(tmp) as f:
b64photo = b64encode(f.read())
os.remove(tmp)
content.photo_thumb = b64photo
except IOError:
# decoder jpeg not available. Handle images as normal files.
pass
content.file_description = original_name
content.filename = filename
db.session.add(content)
db.session.commit()
return json.dumps("Photo uploaded!")
def verify_password():
try:
username, password = request.authorization.values()
except AttributeError:
raise restless.ProcessingException(description='Not authenticated!',
code=401)
else:
user = User.query.get(username)
if (not user) or (not sha256_crypt.verify(password, user.psw)):
raise restless.ProcessingException(
description='Invalid username or password!', code=401)
return True
def manage_upload_announcement(data, **kw):
"""
At least one between upload announcement or comment has to be present.
If the user wants to upload a file, send to him a token, which he can
use for uploading.
"""
if (not "comment" in data) and (not "upload_announcement" in data):
raise restless.ProcessingException(description="Missing content.",
code=412)
if "upload_announcement" in data:
del data["upload_announcement"]
data["filename"] = FileId.get_new()
def pre_modification(instance_id, data=None, **kw):
"""
Check if the user, who wants to modify a content, is the owner of that
content.
An user can modify only the 'comment' and the 'file_description'
fields.
"""
verify_password()
content = Content.query.get(instance_id)
verify_owner(content)
if data:
allowed_fields = ["comment", "file_description"]
for field in data.keys():
if not field in allowed_fields:
raise restless.ProcessingException(
description="Not modifiable", code=401)
def _not_authorized():
return restless.ProcessingException(message='Not Authorized',
status_code=401)
def verify_owner(content):
user = request.authorization["username"]
if user != content.user:
raise restless.ProcessingException(
description='You are not the owner of that content!', code=401)
