示例#1
0
 def test_utils(self):
     self.assertEqual("900150983cd24fb0d6963f7d28e17f72", md5("abc"))
     self.assertEqual("a9993e364706816aba3e25717850c26c9cd0d89d",
                      sha1("abc"))
     self.assertEqual("picbed:a:b", rsp("a", "b"))
     self.assertEqual(parse_valid_comma("a,b, c,"), ["a", "b", "c"])
     self.assertEqual(parse_valid_verticaline("a|b| c"), ["a", "b", "c"])
     self.assertTrue(is_true(1))
     self.assertTrue(is_true("on"))
     self.assertTrue(is_true("true"))
     self.assertFalse(is_true(0))
     self.assertIsInstance(get_current_timestamp(), int)
     self.assertTrue(allowed_file("test.PNG"))
     self.assertTrue(allowed_file(".jpeg"))
     self.assertFalse(allowed_file("my.psd"))
     self.assertFalse(allowed_file("ha.gif", ["jpg"]))
     self.assertFalse(allowed_file("ha.jpeg", ["jpg"]))
     self.assertFalse(allowed_file("ha.png", ["jpg"]))
     self.assertTrue(allowed_file("ha.jpg", ["jpg"]))
     v = "6afa9046a9579cad143a384c1b564b9a250d27d6f6a63f9f20bf3a7594c9e2c6"
     self.assertEqual(v, hmac_sha256('key', 'text'))
     self.assertEqual(v, hmac_sha256(b'key', b'text'))
     self.assertEqual(v, hmac_sha256(u'key', u'text'))
     self.assertEqual(
         "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad",
         sha256("abc"))
示例#2
0
def upload():
    """上传逻辑:
    0. 判断是否登录,如果未登录则判断是否允许匿名上传
    1. 获取上传的文件,判断允许格式
    2. 生成文件名、唯一sha值、上传目录等,选择图片存储的后端钩子(单一)
        - 存储图片的钩子目前版本仅一个,默认是up2local(如果禁用则保存失败)
    3. 解析钩子数据,钩子回调数据格式:{code=?, sender=hook_name, src=?}
        - 后端保存失败或无后端的情况都要立刻返回响应
    4. 此时保存图片成功,持久化存储到全局索引、用户索引
    5. 返回响应:{code:0, data={src=?, sender=success_saved_hook_name}}
    """
    res = dict(code=1, msg=None)
    #: 匿名上传开关检测
    if not is_true(g.cfg.anonymous) and not g.signin:
        res.update(code=403, msg="Anonymous user is not sign in")
        return res
    f = request.files.get('picbed')
    #: 实时获取后台配置中允许上传的后缀,如: jpg|jpeg|png
    allowed_suffix = partial(allowed_file,
                             suffix=parse_valid_verticaline(g.cfg.upload_exts))
    if f and allowed_suffix(f.filename):
        try:
            g.rc.ping()
        except RedisError as e:
            logger.error(e, exc_info=True)
            res.update(code=2, msg="Program data storage service error")
            return res
        stream = f.stream.read()
        suffix = splitext(f.filename)[-1]
        filename = secure_filename(f.filename)
        if "." not in filename:
            filename = "%s%s" % (generate_random(8), suffix)
        #: 根据文件名规则重定义图片名
        upload_file_rule = g.cfg.upload_file_rule
        if upload_file_rule in ("time1", "time2", "time3"):
            filename = "%s%s" % (gen_rnd_filename(upload_file_rule), suffix)
        #: 上传文件位置前缀规则
        upload_path_rule = g.cfg.upload_path_rule
        if upload_path_rule == 'date1':
            upload_path = get_today("%Y/%m/%d")
        elif upload_path_rule == 'date2':
            upload_path = get_today("%Y%m%d")
        else:
            upload_path = ''
        upload_path = join(g.userinfo.username or 'anonymous', upload_path)
        #: 定义文件名唯一索引
        sha = "sha1.%s.%s" % (get_current_timestamp(True), sha1(filename))
        #: 定义保存图片时仅使用某些钩子,如: up2local
        #: TODO 目前版本仅允许设置了一个,后续考虑聚合
        includes = parse_valid_comma(g.cfg.upload_includes or 'up2local')
        if len(includes) > 1:
            includes = [choice(includes)]
        #: TODO 定义保存图片时排除某些钩子,如: up2local, up2other
        # excludes = parse_valid_comma(g.cfg.upload_excludes or '')
        #: 钩子返回结果(目前版本最终结果中应该最多只有1条数据)
        data = []

        #: 保存图片的钩子回调
        def callback(result):
            logger.info(result)
            if result["sender"] == "up2local":
                result["src"] = url_for("static",
                                        filename=join(UPLOAD_FOLDER,
                                                      upload_path, filename),
                                        _external=True)
            data.append(dfr(result))

        #: 调用钩子中upimg_save方法
        current_app.extensions["hookmanager"].call(
            _funcname="upimg_save",
            _callback=callback,
            _include=includes,
            filename=filename,
            stream=stream,
            upload_path=upload_path,
            local_basedir=join(current_app.root_path,
                               current_app.static_folder, UPLOAD_FOLDER))
        #: 判定后端存储全部失败时,上传失败
        if not data:
            res.update(code=1, msg="No valid backend storage service")
            return res
        if len(data) == len([i for i in data if i.get("code") != 0]):
            res.update(
                code=1,
                msg="All backend storage services failed to save pictures")
            return res
        #: 存储数据
        defaultSrc = data[0]["src"]
        pipe = g.rc.pipeline()
        pipe.sadd(rsp("index", "global"), sha)
        if g.signin and g.userinfo.username:
            pipe.sadd(rsp("index", "user", g.userinfo.username), sha)
        pipe.hmset(
            rsp("image", sha),
            dict(
                sha=sha,
                filename=filename,
                upload_path=upload_path,
                user=g.userinfo.username if g.signin else 'anonymous',
                ctime=get_current_timestamp(),
                status='enabled',  # disabled, deleted
                src=defaultSrc,
                sender=data[0]["sender"],
                senders=json.dumps(data)))
        try:
            pipe.execute()
        except RedisError as e:
            logger.error(e, exc_info=True)
            res.update(code=3, msg="Program data storage service error")
        else:
            res.update(
                code=0,
                filename=filename,
                sender=data[0]["sender"],
                api=url_for("api.shamgr", sha=sha, _external=True),
            )
            #: format指定图片地址的显示字段,默认src,可以用点号指定
            #: 比如data.src,那么返回格式{code, filename..., data:{src}, ...}
            fmt = request.form.get("format", request.args.get("format"))
            res.update(format_upload_src(fmt, defaultSrc))
    else:
        res.update(msg="No file or image format allowed")
    return res
示例#3
0
文件: api.py 项目: howardyan93/picbed
def upload():
    """上传逻辑:
    0. 判断是否登录,如果未登录则判断是否允许匿名上传
    1. 获取上传的文件,判断允许格式
        - 拦截下判断文件,如果为空,尝试获取body中提交的picbed
        - 如果picbed是合法base64,那么会返回Base64FileStorage类;
          如果picbed是合法url[图片],那么服务端会自动下载,返回ImgUrlFileStorage类;
          否则为空。
          PS: 允许DATA URI形式, eg: data:image/png;base64,the base64 of image
    2. 生成文件名、唯一sha值、上传目录等,选择图片存储的后端钩子(单一)
        - 存储图片的钩子目前版本仅一个,默认是up2local(如果禁用则保存失败)
        - 如果提交album参数会自动创建相册,否则归档到默认相册
    3. 解析钩子数据,钩子回调数据格式:{code=?, sender=hook_name, src=?}
        - 后端保存失败或无后端的情况都要立刻返回响应
    4. 此时保存图片成功,持久化存储到全局索引、用户索引
    5. 返回响应:{code:0, data={src=?, sender=success_saved_hook_name}}
        - 允许使用一些参数调整响应数据、格式
    """
    res = dict(code=1, msg=None)
    #: 文件域或base64上传字段
    FIELD_NAME = g.cfg.upload_field or "picbed"
    #: 匿名上传开关检测
    if not is_true(g.cfg.anonymous) and not g.signin:
        res.update(code=403, msg="Anonymous user is not sign in")
        return res
    #: 相册名称,可以是任意字符串
    album = (request.form.get("album")
             or getattr(g, "up_album", "")) if g.signin else 'anonymous'
    #: 实时获取后台配置中允许上传的后缀,如: jpg|jpeg|png
    allowed_suffix = partial(allowed_file,
                             suffix=parse_valid_verticaline(g.cfg.upload_exts))
    #: 尝试读取上传数据
    fp = request.files.get(FIELD_NAME)
    #: 当fp无效时尝试读取base64或url
    if not fp:
        picstrurl = request.form.get(FIELD_NAME)
        filename = request.form.get("filename")
        if picstrurl:
            if picstrurl.startswith("http://") or \
                    picstrurl.startswith("https://"):
                fp = ImgUrlFileStorage(picstrurl, filename).getObj
            else:
                try:
                    #: base64在部分场景发起http请求时,+可能会换成空格导致异常
                    fp = Base64FileStorage(picstrurl, filename)
                except ValueError as e:
                    logger.debug(e)
    if fp and allowed_suffix(fp.filename):
        try:
            g.rc.ping()
        except RedisError as e:
            logger.error(e, exc_info=True)
            res.update(code=2, msg="Program data storage service error")
            return res
        stream = fp.stream.read()
        suffix = splitext(fp.filename)[-1]
        filename = secure_filename(fp.filename)
        if "." not in filename:
            filename = "%s%s" % (generate_random(8), suffix)
        #: 根据文件名规则重定义图片名
        upload_file_rule = (
            g.userinfo.ucfg_upload_file_rule
            or g.cfg.upload_file_rule) if is_true(
                g.cfg.upload_rule_overridden) else g.cfg.upload_file_rule
        if upload_file_rule in ("time1", "time2", "time3"):
            filename = "%s%s" % (gen_rnd_filename(upload_file_rule), suffix)
        #: 上传文件位置前缀规则
        upload_path_rule = (
            g.userinfo.ucfg_upload_path_rule
            or g.cfg.upload_path_rule) if is_true(
                g.cfg.upload_rule_overridden) else g.cfg.upload_path_rule
        if upload_path_rule == 'date1':
            upload_path = get_today("%Y/%m/%d")
        elif upload_path_rule == 'date2':
            upload_path = get_today("%Y%m%d")
        else:
            upload_path = ''
        upload_path = join(g.userinfo.username or 'anonymous', upload_path)
        #: 定义文件名唯一索引
        sha = "sha1.%s.%s" % (get_current_timestamp(True), sha1(filename))
        #: 定义保存图片时仅使用某些钩子,如: up2local
        #: TODO 目前版本仅允许设置了一个,后续聚合
        includes = parse_valid_comma(g.cfg.upload_includes or 'up2local')
        if len(includes) > 1:
            includes = [choice(includes)]
        #: TODO 定义保存图片时排除某些钩子,如: up2local, up2other
        # excludes = parse_valid_comma(g.cfg.upload_excludes or '')
        #: 钩子返回结果(目前版本最终结果中应该最多只有1条数据)
        data = []

        #: 保存图片的钩子回调

        def callback(result):
            logger.info(result)
            if result["sender"] == "up2local":
                result["src"] = url_for("static",
                                        filename=join(UPLOAD_FOLDER,
                                                      upload_path, filename),
                                        _external=True)
            data.append(dfr(result))

        #: 调用钩子中upimg_save方法
        current_app.extensions["hookmanager"].call(
            _funcname="upimg_save",
            _callback=callback,
            _include=includes,
            filename=filename,
            stream=stream,
            upload_path=upload_path,
            local_basedir=join(current_app.root_path,
                               current_app.static_folder, UPLOAD_FOLDER))
        #: 判定后端存储全部失败时,上传失败
        if not data:
            res.update(code=1, msg="No valid backend storage service")
            return res
        if len(data) == len([i for i in data if i.get("code") != 0]):
            res.update(
                code=1,
                msg="All backend storage services failed to save pictures",
                errors={
                    i["sender"]: i["msg"]
                    for i in data if i.get("code") != 0
                },
            )
            return res
        #: 存储数据
        defaultSrc = data[0]["src"]
        pipe = g.rc.pipeline()
        pipe.sadd(rsp("index", "global"), sha)
        if g.signin and g.userinfo.username:
            pipe.sadd(rsp("index", "user", g.userinfo.username), sha)
        pipe.hmset(
            rsp("image", sha),
            dict(
                sha=sha,
                album=album,
                filename=filename,
                upload_path=upload_path,
                user=g.userinfo.username if g.signin else 'anonymous',
                ctime=get_current_timestamp(),
                status='enabled',  # disabled, deleted
                src=defaultSrc,
                sender=data[0]["sender"],
                senders=json.dumps(data),
                agent=request.form.get("origin",
                                       request.headers.get('User-Agent', '')),
                method=getUploadMethod(fp.__class__.__name__),
            ))
        try:
            pipe.execute()
        except RedisError as e:
            logger.error(e, exc_info=True)
            res.update(code=3, msg="Program data storage service error")
        else:
            res.update(
                code=0,
                filename=filename,
                sender=data[0]["sender"],
                api=url_for("api.shamgr", sha=sha, _external=True),
            )
            #: format指定图片地址的显示字段,默认src,可以用点号指定
            #: 比如data.src,那么返回格式{code, filename..., data:{src}, ...}
            #: 比如imgUrl,那么返回格式{code, filename..., imgUrl(=src), ...}
            fmt = request.form.get("format", request.args.get("format"))
            res.update(format_upload_src(fmt, defaultSrc))
    else:
        res.update(msg="No file or image format error")
    return res
示例#4
0
 def test_utils(self):
     self.assertEqual("900150983cd24fb0d6963f7d28e17f72", md5("abc"))
     self.assertEqual("a9993e364706816aba3e25717850c26c9cd0d89d",
                      sha1("abc"))
     self.assertEqual("picbed:a:b", rsp("a", "b"))
     self.assertEqual(parse_valid_comma("a,b, c,"), ["a", "b", "c"])
     self.assertEqual(parse_valid_verticaline("a|b| c"), ["a", "b", "c"])
     self.assertTrue(is_true(1))
     self.assertTrue(is_true("on"))
     self.assertTrue(is_true("true"))
     self.assertFalse(is_true(0))
     self.assertIsInstance(get_current_timestamp(), int)
     self.assertTrue(allowed_file("test.PNG"))
     self.assertTrue(allowed_file(".jpeg"))
     self.assertFalse(allowed_file("my.psd"))
     self.assertFalse(allowed_file("ha.gif", ["jpg"]))
     self.assertFalse(allowed_file("ha.jpeg", ["jpg"]))
     self.assertFalse(allowed_file("ha.png", ["jpg"]))
     self.assertTrue(allowed_file("ha.jpg", ["jpg"]))
     v = "6afa9046a9579cad143a384c1b564b9a250d27d6f6a63f9f20bf3a7594c9e2c6"
     self.assertEqual(v, hmac_sha256("key", "text"))
     self.assertEqual(v, hmac_sha256(b"key", b"text"))
     self.assertEqual(v, hmac_sha256(u"key", u"text"))
     self.assertEqual(
         "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad",
         sha256("abc"),
     )
     #: test format_upload_src
     baseimg = "img-url"
     basefmt = {"src": baseimg}
     self.assertEqual(format_upload_src(123, baseimg), basefmt)
     self.assertEqual(format_upload_src(None, baseimg), basefmt)
     self.assertEqual(format_upload_src([0], baseimg), basefmt)
     self.assertEqual(format_upload_src("", baseimg), basefmt)
     self.assertEqual(format_upload_src(".", baseimg), basefmt)
     self.assertEqual(format_upload_src(".1", baseimg), basefmt)
     self.assertEqual(format_upload_src("1.", baseimg), basefmt)
     self.assertEqual(format_upload_src(1.1, baseimg), basefmt)
     self.assertEqual(format_upload_src("1.1", baseimg),
                      {"1": {
                          "1": baseimg
                      }})
     self.assertEqual(format_upload_src("u", baseimg), basefmt)
     self.assertEqual(format_upload_src("im", baseimg), {"im": baseimg})
     self.assertEqual(format_upload_src("url", baseimg), {"url": baseimg})
     self.assertEqual(format_upload_src("i.am.src", baseimg), basefmt)
     self.assertEqual(format_upload_src("src.url", baseimg),
                      {"src": {
                          "url": baseimg
                      }})
     #: test format_apires
     self.assertEqual(format_apires({"code": 0}, "success", "bool"),
                      {"success": True})
     self.assertEqual(format_apires({"code": 0}, oc="200"), {"code": 200})
     self.assertEqual(format_apires({"code": -1}, "status", "bool"),
                      {"status": False})
     self.assertEqual(
         format_apires(dict(code=-1, msg="xxx"), "errno", "200"),
         {
             "errno": -1,
             "msg": "xxx"
         },
     )
     self.assertEqual(
         format_apires(dict(code=-1, msg="xxx"), "errno", "200", "errmsg"),
         {
             "errno": -1,
             "errmsg": "xxx"
         },
     )
     self.assertEqual(
         format_apires(dict(code=0, msg="xxx"), "", "200", "errmsg"),
         {
             "code": 200,
             "errmsg": "xxx"
         },
     )
     self.assertEqual(len(generate_random()), 6)
     self.assertIn("Mozilla/5.0", gen_ua())
     # bleach
     self.assertEqual(bleach_html("<i>abc</i>"), "<i>abc</i>")
     self.assertEqual(
         bleach_html("<script>var abc</script>"),
         "&lt;script&gt;var abc&lt;/script&gt;",
     )
     # re
     self.assertEqual(parse_author_mail("staugur"), ("staugur", None))
     self.assertEqual(parse_author_mail("staugur <mail>"),
                      ("staugur", "mail"))
示例#5
0
文件: test_utils.py 项目: qdjx/picbed
 def test_utils(self):
     self.assertEqual("900150983cd24fb0d6963f7d28e17f72", md5("abc"))
     self.assertEqual(
         "a9993e364706816aba3e25717850c26c9cd0d89d", sha1("abc")
     )
     self.assertEqual("picbed:a:b", rsp("a", "b"))
     self.assertEqual(parse_valid_comma("a,b, c,"), ["a", "b", "c"])
     self.assertEqual(parse_valid_verticaline("a|b| c"), ["a", "b", "c"])
     self.assertTrue(is_true(1))
     self.assertTrue(is_true("on"))
     self.assertTrue(is_true("true"))
     self.assertFalse(is_true(0))
     self.assertIsInstance(get_current_timestamp(), int)
     self.assertTrue(allowed_file("test.PNG"))
     self.assertTrue(allowed_file(".jpeg"))
     self.assertFalse(allowed_file("my.psd"))
     self.assertFalse(allowed_file("ha.gif", ["jpg"]))
     self.assertFalse(allowed_file("ha.jpeg", ["jpg"]))
     self.assertFalse(allowed_file("ha.png", ["jpg"]))
     self.assertTrue(allowed_file("ha.jpg", ["jpg"]))
     v = "6afa9046a9579cad143a384c1b564b9a250d27d6f6a63f9f20bf3a7594c9e2c6"
     self.assertEqual(v, hmac_sha256('key', 'text'))
     self.assertEqual(v, hmac_sha256(b'key', b'text'))
     self.assertEqual(v, hmac_sha256(u'key', u'text'))
     self.assertEqual(
         "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad",
         sha256("abc")
     )
     #: test format_upload_src
     baseimg = 'img-url'
     basefmt = {'src': baseimg}
     self.assertEqual(format_upload_src(123, baseimg), basefmt)
     self.assertEqual(format_upload_src(None, baseimg), basefmt)
     self.assertEqual(format_upload_src([0], baseimg), basefmt)
     self.assertEqual(format_upload_src('', baseimg), basefmt)
     self.assertEqual(format_upload_src('.', baseimg), basefmt)
     self.assertEqual(format_upload_src('.1', baseimg), basefmt)
     self.assertEqual(format_upload_src('1.', baseimg), basefmt)
     self.assertEqual(format_upload_src(1.1, baseimg), basefmt)
     self.assertEqual(
         format_upload_src('1.1', baseimg), {'1': {'1': baseimg}}
     )
     self.assertEqual(format_upload_src('u', baseimg), basefmt)
     self.assertEqual(format_upload_src('im', baseimg), {'im': baseimg})
     self.assertEqual(format_upload_src('url', baseimg), {'url': baseimg})
     self.assertEqual(format_upload_src('i.am.src', baseimg), basefmt)
     self.assertEqual(
         format_upload_src('src.url', baseimg), {'src': {'url': baseimg}}
     )
     #: test format_apires
     self.assertEqual(
         format_apires({'code': 0}, "success", "bool"), {'success': True}
     )
     self.assertEqual(
         format_apires({'code': 0}, oc="200"), {'code': 200}
     )
     self.assertEqual(
         format_apires({'code': -1}, "status", "bool"), {'status': False}
     )
     self.assertEqual(
         format_apires(dict(code=-1, msg='xxx'), 'errno', '200'),
         {'errno': -1, 'msg': 'xxx'}
     )
     self.assertEqual(
         format_apires(dict(code=-1, msg='xxx'), 'errno', '200', 'errmsg'),
         {'errno': -1, 'errmsg': 'xxx'}
     )
     self.assertEqual(
         format_apires(dict(code=0, msg='xxx'), '', '200', 'errmsg'),
         {'code': 200, 'errmsg': 'xxx'}
     )
     self.assertEqual(len(generate_random()), 6)
     self.assertIn("Mozilla/5.0", gen_ua())