diff options
Diffstat (limited to 'mediagoblin/plugins/api')
| -rw-r--r-- | mediagoblin/plugins/api/__init__.py | 47 | ||||
| -rw-r--r-- | mediagoblin/plugins/api/tools.py | 164 | ||||
| -rw-r--r-- | mediagoblin/plugins/api/views.py | 122 |
3 files changed, 333 insertions, 0 deletions
diff --git a/mediagoblin/plugins/api/__init__.py b/mediagoblin/plugins/api/__init__.py new file mode 100644 index 00000000..1eddd9e0 --- /dev/null +++ b/mediagoblin/plugins/api/__init__.py @@ -0,0 +1,47 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os +import logging + +from mediagoblin.tools import pluginapi + +_log = logging.getLogger(__name__) + +PLUGIN_DIR = os.path.dirname(__file__) + +def setup_plugin(): + _log.info('Setting up API...') + + config = pluginapi.get_config(__name__) + + _log.debug('API config: {0}'.format(config)) + + routes = [ + ('mediagoblin.plugins.api.test', + '/api/test', + 'mediagoblin.plugins.api.views:api_test'), + ('mediagoblin.plugins.api.entries', + '/api/entries', + 'mediagoblin.plugins.api.views:get_entries'), + ('mediagoblin.plugins.api.post_entry', + '/api/submit', + 'mediagoblin.plugins.api.views:post_entry')] + + pluginapi.register_routes(routes) + +hooks = { + 'setup': setup_plugin} diff --git a/mediagoblin/plugins/api/tools.py b/mediagoblin/plugins/api/tools.py new file mode 100644 index 00000000..92411f4b --- /dev/null +++ b/mediagoblin/plugins/api/tools.py @@ -0,0 +1,164 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import logging +import json + +from functools import wraps +from urlparse import urljoin +from werkzeug.exceptions import Forbidden +from werkzeug.wrappers import Response +from mediagoblin import mg_globals +from mediagoblin.tools.pluginapi import PluginManager +from mediagoblin.storage.filestorage import BasicFileStorage + +_log = logging.getLogger(__name__) + + +class Auth(object): + ''' + An object with two significant methods, 'trigger' and 'run'. + + Using a similar object to this, plugins can register specific + authentication logic, for example the GET param 'access_token' for OAuth. + + - trigger: Analyze the 'request' argument, return True if you think you + can handle the request, otherwise return False + - run: The authentication logic, set the request.user object to the user + you intend to authenticate and return True, otherwise return False. + + If run() returns False, an HTTP 403 Forbidden error will be shown. + + You may also display custom errors, just raise them within the run() + method. + ''' + def trigger(self, request): + raise NotImplemented() + + def __call__(self, request, *args, **kw): + raise NotImplemented() + + +def json_response(serializable, _disable_cors=False, *args, **kw): + ''' + Serializes a json objects and returns a werkzeug Response object with the + serialized value as the response body and Content-Type: application/json. + + :param serializable: A json-serializable object + + Any extra arguments and keyword arguments are passed to the + Response.__init__ method. + ''' + response = Response(json.dumps(serializable), *args, content_type='application/json', **kw) + + if not _disable_cors: + cors_headers = { + 'Access-Control-Allow-Origin': '*', + 'Access-Control-Allow-Methods': 'POST, GET, OPTIONS', + 'Access-Control-Allow-Headers': 'Content-Type, X-Requested-With'} + for key, value in cors_headers.iteritems(): + response.headers.set(key, value) + + return response + + +def get_entry_serializable(entry, urlgen): + ''' + Returns a serializable dict() of a MediaEntry instance. + + :param entry: A MediaEntry instance + :param urlgen: An urlgen instance, can be found on the request object passed + to views. + ''' + return { + 'user': entry.get_uploader.username, + 'user_id': entry.get_uploader.id, + 'user_bio': entry.get_uploader.bio, + 'user_bio_html': entry.get_uploader.bio_html, + 'user_permalink': urlgen('mediagoblin.user_pages.user_home', + user=entry.get_uploader.username, + qualified=True), + 'id': entry.id, + 'created': entry.created.isoformat(), + 'title': entry.title, + 'license': entry.license, + 'description': entry.description, + 'description_html': entry.description_html, + 'media_type': entry.media_type, + 'state': entry.state, + 'permalink': entry.url_for_self(urlgen, qualified=True), + 'media_files': get_media_file_paths(entry.media_files, urlgen)} + + +def get_media_file_paths(media_files, urlgen): + ''' + Returns a dictionary of media files with `file_handle` => `qualified URL` + + :param media_files: dict-like object consisting of `file_handle => `listy + filepath` pairs. + :param urlgen: An urlgen object, usually found on request.urlgen. + ''' + media_urls = {} + + for key, val in media_files.items(): + if isinstance(mg_globals.public_store, BasicFileStorage): + # BasicFileStorage does not provide a qualified URI + media_urls[key] = urljoin( + urlgen('index', qualified=True), + mg_globals.public_store.file_url(val)) + else: + media_urls[key] = mg_globals.public_store.file_url(val) + + return media_urls + + +def api_auth(controller): + ''' + Decorator, allows plugins to register auth methods that will then be + evaluated against the request, finally a worthy authenticator object is + chosen and used to decide whether to grant or deny access. + ''' + @wraps(controller) + def wrapper(request, *args, **kw): + auth_candidates = [] + + for auth in PluginManager().get_hook_callables('auth'): + if auth.trigger(request): + _log.debug('{0} believes it is capable of authenticating this request.'.format(auth)) + auth_candidates.append(auth) + + # If we can't find any authentication methods, we should not let them + # pass. + if not auth_candidates: + raise Forbidden() + + # For now, just select the first one in the list + auth = auth_candidates[0] + + _log.debug('Using {0} to authorize request {1}'.format( + auth, request.url)) + + if not auth(request, *args, **kw): + if getattr(auth, 'errors', []): + return json_response({ + 'status': 403, + 'errors': auth.errors}) + + raise Forbidden() + + return controller(request, *args, **kw) + + return wrapper diff --git a/mediagoblin/plugins/api/views.py b/mediagoblin/plugins/api/views.py new file mode 100644 index 00000000..9159fe65 --- /dev/null +++ b/mediagoblin/plugins/api/views.py @@ -0,0 +1,122 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import json +import logging + +from os.path import splitext +from werkzeug.exceptions import BadRequest, Forbidden +from werkzeug.wrappers import Response + +from mediagoblin.decorators import require_active_login +from mediagoblin.meddleware.csrf import csrf_exempt +from mediagoblin.media_types import sniff_media +from mediagoblin.plugins.api.tools import api_auth, get_entry_serializable, \ + json_response +from mediagoblin.submit.lib import check_file_field, prepare_queue_task, \ + run_process_media, new_upload_entry + +_log = logging.getLogger(__name__) + + +@csrf_exempt +@api_auth +@require_active_login +def post_entry(request): + _log.debug('Posting entry') + + if request.method == 'OPTIONS': + return json_response({'status': 200}) + + if request.method != 'POST': + _log.debug('Must POST against post_entry') + raise BadRequest() + + if not check_file_field(request, 'file'): + _log.debug('File field not found') + raise BadRequest() + + media_file = request.files['file'] + + media_type, media_manager = sniff_media(media_file) + + entry = new_upload_entry(request.user) + entry.media_type = unicode(media_type) + entry.title = unicode(request.form.get('title') + or splitext(media_file.filename)[0]) + + entry.description = unicode(request.form.get('description')) + entry.license = unicode(request.form.get('license', '')) + + entry.generate_slug() + + # queue appropriately + queue_file = prepare_queue_task(request.app, entry, media_file.filename) + + with queue_file: + queue_file.write(request.files['file'].stream.read()) + + # Save now so we have this data before kicking off processing + entry.save() + + if request.form.get('callback_url'): + metadata = request.db.ProcessingMetaData() + metadata.media_entry = entry + metadata.callback_url = unicode(request.form['callback_url']) + metadata.save() + + # Pass off to processing + # + # (... don't change entry after this point to avoid race + # conditions with changes to the document via processing code) + feed_url = request.urlgen( + 'mediagoblin.user_pages.atom_feed', + qualified=True, user=request.user.username) + run_process_media(entry, feed_url) + + return json_response(get_entry_serializable(entry, request.urlgen)) + + +@api_auth +@require_active_login +def api_test(request): + user_data = { + 'username': request.user.username, + 'email': request.user.email} + + # TODO: This is the *only* thing using Response() here, should that + # not simply use json_response()? + return Response(json.dumps(user_data)) + + +def get_entries(request): + entries = request.db.MediaEntry.query + + # TODO: Make it possible to fetch unprocessed media, or media in-processing + entries = entries.filter_by(state=u'processed') + + # TODO: Add sort order customization + entries = entries.order_by(request.db.MediaEntry.created.desc()) + + # TODO: Fetch default and upper limit from config + entries = entries.limit(int(request.GET.get('limit') or 10)) + + entries_serializable = [] + + for entry in entries: + entries_serializable.append(get_entry_serializable(entry, request.urlgen)) + + return json_response(entries_serializable) |