diff options
Diffstat (limited to 'mediagoblin/plugins/api')
| -rw-r--r-- | mediagoblin/plugins/api/__init__.py | 17 | ||||
| -rw-r--r-- | mediagoblin/plugins/api/tools.py | 20 | ||||
| -rw-r--r-- | mediagoblin/plugins/api/views.py | 29 |
3 files changed, 39 insertions, 27 deletions
diff --git a/mediagoblin/plugins/api/__init__.py b/mediagoblin/plugins/api/__init__.py index 40722088..d3fdf2ef 100644 --- a/mediagoblin/plugins/api/__init__.py +++ b/mediagoblin/plugins/api/__init__.py @@ -17,8 +17,6 @@ import os import logging -from routes.route import Route - from mediagoblin.tools import pluginapi _log = logging.getLogger(__name__) @@ -33,12 +31,15 @@ def setup_plugin(): _log.debug('API config: {0}'.format(config)) routes = [ - Route('mediagoblin.plugins.api.test', '/api/test', - controller='mediagoblin.plugins.api.views:api_test'), - Route('mediagoblin.plugins.api.entries', '/api/entries', - controller='mediagoblin.plugins.api.views:get_entries'), - Route('mediagoblin.plugins.api.post_entry', '/api/submit', - controller='mediagoblin.plugins.api.views:post_entry')] + ('mediagoblin.plugins.api.test', + '/api/test', + 'mediagoblin.plugins.api.views:api_test'), + ('mediagoblin.plugins.api.entries', + '/api/entries', + 'mediagoblin.plugins.api.views:get_entries'), + ('mediagoblin.plugins.api.post_entry', + '/api/submit', + 'mediagoblin.plugins.api.views:post_entry')] pluginapi.register_routes(routes) diff --git a/mediagoblin/plugins/api/tools.py b/mediagoblin/plugins/api/tools.py index c4630ba7..ecc50364 100644 --- a/mediagoblin/plugins/api/tools.py +++ b/mediagoblin/plugins/api/tools.py @@ -52,7 +52,7 @@ class Auth(object): raise NotImplemented() -def json_response(serializable, *args, **kw): +def json_response(serializable, _disable_cors=False, *args, **kw): ''' Serializes a json objects and returns a webob.Response object with the serialized value as the response body and Content-Type: application/json. @@ -64,11 +64,14 @@ def json_response(serializable, *args, **kw): ''' response = Response(json.dumps(serializable), *args, **kw) response.headers['Content-Type'] = 'application/json' - cors_headers = { - 'Access-Control-Allow-Origin': '*', - 'Access-Control-Allow-Methods': 'POST, GET, OPTIONS', - 'Access-Control-Allow-Headers': 'Content-Type, X-Requested-With'} - response.headers.update(cors_headers) + + if not _disable_cors: + cors_headers = { + 'Access-Control-Allow-Origin': '*', + 'Access-Control-Allow-Methods': 'POST, GET, OPTIONS', + 'Access-Control-Allow-Headers': 'Content-Type, X-Requested-With'} + response.headers.update(cors_headers) + return response @@ -149,6 +152,11 @@ def api_auth(controller): auth, request.url)) if not auth(request, *args, **kw): + if getattr(auth, 'errors', []): + return json_response({ + 'status': 403, + 'errors': auth.errors}) + return exc.HTTPForbidden() return controller(request, *args, **kw) diff --git a/mediagoblin/plugins/api/views.py b/mediagoblin/plugins/api/views.py index d537ec6e..a1b1bcac 100644 --- a/mediagoblin/plugins/api/views.py +++ b/mediagoblin/plugins/api/views.py @@ -20,8 +20,8 @@ import uuid from os.path import splitext from webob import exc, Response -from cgi import FieldStorage from werkzeug.utils import secure_filename +from werkzeug.datastructures import FileStorage from celery import registry from mediagoblin.db.util import ObjectId @@ -29,13 +29,10 @@ from mediagoblin.decorators import require_active_login from mediagoblin.processing import mark_entry_failed from mediagoblin.processing.task import ProcessMedia from mediagoblin.meddleware.csrf import csrf_exempt -from mediagoblin.media_types import sniff_media, InvalidFileType, \ - FileTypeNotSupported +from mediagoblin.media_types import sniff_media from mediagoblin.plugins.api.tools import api_auth, get_entry_serializable, \ json_response -from mediagoblin.plugins.api import config - _log = logging.getLogger(__name__) @@ -52,24 +49,24 @@ def post_entry(request): _log.debug('Must POST against post_entry') return exc.HTTPBadRequest() - if not 'file' in request.POST \ - or not isinstance(request.POST['file'], FieldStorage) \ - or not request.POST['file'].file: + if not 'file' in request.files \ + or not isinstance(request.files['file'], FileStorage) \ + or not request.files['file'].stream: _log.debug('File field not found') return exc.HTTPBadRequest() - media_file = request.POST['file'] + media_file = request.files['file'] media_type, media_manager = sniff_media(media_file) entry = request.db.MediaEntry() entry.id = ObjectId() entry.media_type = unicode(media_type) - entry.title = unicode(request.POST.get('title') + entry.title = unicode(request.form.get('title') or splitext(media_file.filename)[0]) - entry.description = unicode(request.POST.get('description')) - entry.license = unicode(request.POST.get('license', '')) + entry.description = unicode(request.form.get('description')) + entry.license = unicode(request.form.get('license', '')) entry.uploader = request.user.id @@ -88,7 +85,7 @@ def post_entry(request): queue_filepath, 'wb') with queue_file: - queue_file.write(request.POST['file'].file.read()) + queue_file.write(request.files['file'].stream.read()) # Add queued filename to the entry entry.queued_media_file = queue_filepath @@ -98,6 +95,12 @@ def post_entry(request): # Save now so we have this data before kicking off processing entry.save(validate=True) + if request.form.get('callback_url'): + metadata = request.db.ProcessingMetaData() + metadata.media_entry = entry + metadata.callback_url = unicode(request.form['callback_url']) + metadata.save() + # Pass off to processing # # (... don't change entry after this point to avoid race |