diff options
| author | François Schmidts <francois.schmidts@gmail.com> | 2015-01-15 17:42:54 +0100 |
|---|---|---|
| committer | François Schmidts <francois.schmidts@gmail.com> | 2015-03-03 22:22:14 +0100 |
| commit | cc2829c95c391043653a3bd543176f3c92f49d72 (patch) | |
| tree | b36466f6cceefd7a5b5d7720ffbedb282cd0d69b /pyaggr3g470r/views/api/common.py | |
| parent | global esthetics tweak (diff) | |
| download | newspipe-cc2829c95c391043653a3bd543176f3c92f49d72.tar.gz newspipe-cc2829c95c391043653a3bd543176f3c92f49d72.tar.bz2 newspipe-cc2829c95c391043653a3bd543176f3c92f49d72.zip | |
splitting and refactoring the Restful api part
Diffstat (limited to 'pyaggr3g470r/views/api/common.py')
| -rw-r--r-- | pyaggr3g470r/views/api/common.py | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/pyaggr3g470r/views/api/common.py b/pyaggr3g470r/views/api/common.py new file mode 100644 index 00000000..872c4ae1 --- /dev/null +++ b/pyaggr3g470r/views/api/common.py @@ -0,0 +1,79 @@ +from functools import wraps +from flask import request, g, session, Response, jsonify +from flask.ext.restful import Resource + +from pyaggr3g470r import db +from pyaggr3g470r.models import User + + +class HttpError(Exception): + pass + + +def authenticate(func): + """ + Decorator for the authentication to the web services. + """ + @wraps(func) + def wrapper(*args, **kwargs): + if not getattr(func, 'authenticated', True): + return func(*args, **kwargs) + + # authentication based on the session (already logged on the site) + if 'email' in session or g.user.is_authenticated(): + return func(*args, **kwargs) + + # authentication via HTTP only + auth = request.authorization + try: + email = auth.username + user = User.query.filter(User.email == email).first() + if user and user.check_password(auth.password) and user.activation_key == "": + g.user = user + return func(*args, **kwargs) + except AttributeError: + pass + + return Response('<Authentication required>', 401, + {'WWWAuthenticate':'Basic realm="Login Required"'}) + return wrapper + + +def to_response(func): + def wrapper(*args, **kwargs): + try: + res = func(*args, **kwargs) + except HttpError, error: + return Response(*error.args) + if isinstance(res, tuple): + response = jsonify(**res[0]) + if len(res) > 1: + response.status_code = res[1] + return response + return res + return wrapper + + +class PyAggResource(Resource): + db_cls = None + + def _get_or_raise(self, obj_id=None): + if obj_id is None: + raise HttpError({'message': 'No id given'}, 400) + obj = self.db_cls.query.filter(self.db_cls.id == obj_id).first() + if obj is None: + raise HttpError({'message': 'Article not found'}, 404) + if obj.user_id != g.user.id: + raise HttpError({'message': "Unauthorized for %s." + % self.db_cls.__class__.__name__}, 403) + return obj + + def get(self, id=None): + return {'result': [self._get_or_raise(id).dump()]} + + def delete(self, id): + """Delete a feed.""" + feed = self._get_or_raise(id) + db.session.delete(feed) + db.session.commit() + return {"message": "ok"}, 204 |