projects / mediagoblin.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix #5353 - Bug in OAuth which referenced "user"
[mediagoblin.git] / mediagoblin / api / views.py
CommitLineData
f2698759 1# GNU MediaGoblin -- federated, autonomous media hosting
0679545f
JT		 2# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
3#
4# This program is free software: you can redistribute it and/or modify
5# it under the terms of the GNU Affero General Public License as published by
6# the Free Software Foundation, either version 3 of the License, or
7# (at your option) any later version.
8#
9# This program is distributed in the hope that it will be useful,
10# but WITHOUT ANY WARRANTY; without even the implied warranty of
11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12# GNU Affero General Public License for more details.
13#
14# You should have received a copy of the GNU Affero General Public License
15# along with this program. If not, see <http://www.gnu.org/licenses/>.
16
c894b424 17import json
d4a21d7e 18import io
41599bf2 19import mimetypes
c894b424 20
c64fc16b 21from werkzeug.datastructures import FileStorage
d4a21d7e 22
b9492011 23from mediagoblin.decorators import oauth_required, require_active_login
4fd52036 24from mediagoblin.api.decorators import user_has_privilege
d88fcb03 25from mediagoblin.db.models import User, LocalUser, MediaEntry, MediaComment, Activity
5436d980 26from mediagoblin.tools.federation import create_activity, create_generator
9c602458 27from mediagoblin.tools.routing import extract_url_arguments
0af1b859 28from mediagoblin.tools.response import redirect, json_response, json_error, \
b9492011 29 render_404, render_to_response
c894b424 30from mediagoblin.meddleware.csrf import csrf_exempt
5e5d4458
JT		 31from mediagoblin.submit.lib import new_upload_entry, api_upload_request, \
32 api_add_to_feed
33
34# MediaTypes
35from mediagoblin.media_types.image import MEDIA_TYPE as IMAGE_MEDIA_TYPE
d7b3805f 36
9246a6ba
JT		 37# Getters
38def get_profile(request):
39 """
40 Gets the user's profile for the endpoint requested.
41
42 For example an endpoint which is /api/{username}/feed
43 as /api/cwebber/feed would get cwebber's profile. This
44 will return a tuple (username, user_profile). If no user
45 can be found then this function returns a (None, None).
46 """
47 username = request.matchdict["username"]
b4997540 48 user = LocalUser.query.filter(LocalUser.username==username).first()
9246a6ba
JT		 49
50 if user is None:
51 return None, None
52
53 return user, user.serialize(request)
54
55
56# Endpoints
247a3b78 57@oauth_required
9246a6ba 58def profile_endpoint(request):
a5682e89 59 """ This is /api/user/<username>/profile - This will give profile info """
9246a6ba 60 user, user_profile = get_profile(request)
c64fc16b 61
8d75091d 62 if user is None:
9246a6ba 63 username = request.matchdict["username"]
8d75091d 64 return json_error(
9246a6ba 65 "No such 'user' with username '{0}'".format(username),
8d75091d
JT		 66 status=404
67 )
d7b3805f
JT		 68
69 # user profiles are public so return information
9246a6ba 70 return json_response(user_profile)
d7b3805f 71
247a3b78 72@oauth_required
9246a6ba 73def user_endpoint(request):
a5682e89 74 """ This is /api/user/<username> - This will get the user """
9246a6ba 75 user, user_profile = get_profile(request)
0af1b859 76
9246a6ba
JT		 77 if user is None:
78 username = request.matchdict["username"]
79 return json_error(
80 "No such 'user' with username '{0}'".format(username),
81 status=404
82 )
0af1b859 83
9246a6ba 84 return json_response({
a5682e89 85 "nickname": user.username,
86 "updated": user.created.isoformat(),
87 "published": user.created.isoformat(),
d8f55f2b 88 "profile": user_profile,
9246a6ba 89 })
a5682e89 90
247a3b78 91@oauth_required
d4a21d7e 92@csrf_exempt
967df5ef 93@user_has_privilege(u'uploader')
9246a6ba 94def uploads_endpoint(request):
c64fc16b 95 """ Endpoint for file uploads """
9246a6ba 96 username = request.matchdict["username"]
b4997540 97 requested_user = LocalUser.query.filter(LocalUser.username==username).first()
d4a21d7e 98
99 if requested_user is None:
9246a6ba 100 return json_error("No such 'user' with id '{0}'".format(username), 404)
d4a21d7e 101
d4a21d7e 102 if request.method == "POST":
8917ffb1
JT		 103 # Ensure that the user is only able to upload to their own
104 # upload endpoint.
105 if requested_user.id != request.user.id:
106 return json_error(
107 "Not able to post to another users feed.",
108 status=403
109 )
8d75091d 110
d4a21d7e 111 # Wrap the data in the werkzeug file wrapper
a14d90c2 112 if "Content-Type" not in request.headers:
5e5d4458 113 return json_error(
9246a6ba
JT		 114 "Must supply 'Content-Type' header to upload media."
115 )
116
a14d90c2 117 mimetype = request.headers["Content-Type"]
41599bf2
JT		 118 filename = mimetypes.guess_all_extensions(mimetype)
119 filename = 'unknown' + filename[0] if filename else filename
d4a21d7e 120 file_data = FileStorage(
7810817c 121 stream=io.BytesIO(request.data),
41599bf2 122 filename=filename,
6781ff3c 123 content_type=mimetype
7810817c 124 )
125
126 # Find media manager
d4a21d7e 127 entry = new_upload_entry(request.user)
5e5d4458
JT		 128 entry.media_type = IMAGE_MEDIA_TYPE
129 return api_upload_request(request, file_data, entry)
d4a21d7e 130
5e5d4458 131 return json_error("Not yet implemented", 501)
d4a21d7e 132
f2698759
JT		 133@oauth_required
134@csrf_exempt
135def inbox_endpoint(request, inbox=None):
136 """ This is the user's inbox
137
138 Currently because we don't have the ability to represent the inbox in the
139 database this is not a "real" inbox in the pump.io/Activity streams 1.0
140 sense but instead just gives back all the data on the website
141
142 inbox: allows you to pass a query in to limit inbox scope
143 """
144 username = request.matchdict["username"]
b4997540 145 user = LocalUser.query.filter(LocalUser.username==username).first()
f2698759
JT		 146
147 if user is None:
148 return json_error("No such 'user' with id '{0}'".format(username), 404)
149
150
151 # Only the user who's authorized should be able to read their inbox
152 if user.id != request.user.id:
153 return json_error(
154 "Only '{0}' can read this inbox.".format(user.username),
155 403
156 )
157
158 if inbox is None:
95dbed2d 159 inbox = Activity.query
f2698759 160
26633946
JT		 161 # Count how many items for the "totalItems" field
162 total_items = inbox.count()
163
f2698759
JT		 164 # We want to make a query for all media on the site and then apply GET
165 # limits where we can.
166 inbox = inbox.order_by(Activity.published.desc())
167
168 # Limit by the "count" (default: 20)
26633946
JT		 169 try:
170 limit = int(request.args.get("count", 20))
171 except ValueError:
172 limit = 20
173
174 # Prevent the count being too big (pump uses 200 so we shall)
175 limit = limit if limit <= 200 else 200
176
177 # Apply the limit
178 inbox = inbox.limit(limit)
f2698759
JT		 179
180 # Offset (default: no offset - first <count> results)
181 inbox = inbox.offset(request.args.get("offset", 0))
182
183 # build the inbox feed
184 feed = {
185 "displayName": "Activities for {0}".format(user.username),
186 "author": user.serialize(request),
187 "objectTypes": ["activity"],
188 "url": request.base_url,
189 "links": {"self": {"href": request.url}},
190 "items": [],
26633946 191 "totalItems": total_items,
f2698759
JT		 192 }
193
194 for activity in inbox:
195 try:
196 feed["items"].append(activity.serialize(request))
197 except AttributeError:
198 # As with the feed endpint this occurs because of how we our
199 # hard-deletion method. Some activites might exist where the
200 # Activity object and/or target no longer exist, for this case we
201 # should just skip them.
202 pass
203
f2698759
JT		 204 return json_response(feed)
205
206@oauth_required
207@csrf_exempt
208def inbox_minor_endpoint(request):
209 """ Inbox subset for less important Activities """
210 inbox = Activity.query.filter(
211 (Activity.verb == "update") | (Activity.verb == "delete")
212 )
213
214 return inbox_endpoint(request=request, inbox=inbox)
215
216@oauth_required
217@csrf_exempt
218def inbox_major_endpoint(request):
219 """ Inbox subset for most important Activities """
220 inbox = Activity.query.filter_by(verb="post")
221 return inbox_endpoint(request=request, inbox=inbox)
222
247a3b78 223@oauth_required
c894b424 224@csrf_exempt
9a51bf1e 225def feed_endpoint(request, outbox=None):
d7b3805f 226 """ Handles the user's outbox - /api/user/<username>/feed """
9246a6ba 227 username = request.matchdict["username"]
b4997540 228 requested_user = LocalUser.query.filter(LocalUser.username==username).first()
d7b3805f
JT		 229
230 # check if the user exists
231 if requested_user is None:
9246a6ba 232 return json_error("No such 'user' with id '{0}'".format(username), 404)
d7b3805f 233
6781ff3c 234 if request.data:
37865d02 235 data = json.loads(request.data.decode())
6781ff3c
JT		 236 else:
237 data = {"verb": None, "object": {}}
238
c64fc16b 239
9246a6ba
JT		 240 if request.method in ["POST", "PUT"]:
241 # Validate that the activity is valid
242 if "verb" not in data or "object" not in data:
243 return json_error("Invalid activity provided.")
62dc7d3e 244
9246a6ba 245 # Check that the verb is valid
4dec1cd6 246 if data["verb"] not in ["post", "update", "delete"]:
9246a6ba 247 return json_error("Verb not yet implemented", 501)
5e5d4458 248
9246a6ba
JT		 249 # We need to check that the user they're posting to is
250 # the person that they are.
251 if requested_user.id != request.user.id:
252 return json_error(
253 "Not able to post to another users feed.",
254 status=403
255 )
8d75091d 256
9246a6ba
JT		 257 # Handle new posts
258 if data["verb"] == "post":
259 obj = data.get("object", None)
260 if obj is None:
261 return json_error("Could not find 'object' element.")
262
263 if obj.get("objectType", None) == "comment":
264 # post a comment
265 if not request.user.has_privilege(u'commenter'):
266 return json_error(
267 "Privilege 'commenter' required to comment.",
268 status=403
269 )
270
0f3bf8d4 271 comment = MediaComment(actor=request.user.id)
9c602458 272 comment.unserialize(data["object"], request)
9246a6ba 273 comment.save()
35885226 274
5436d980
JT		 275 # Create activity for comment
276 generator = create_generator(request)
277 activity = create_activity(
278 verb="post",
279 actor=request.user,
280 obj=comment,
281 target=comment.get_entry,
282 generator=generator
283 )
284
35885226 285 return json_response(activity.serialize(request))
9246a6ba
JT		 286
287 elif obj.get("objectType", None) == "image":
288 # Posting an image to the feed
9c602458
JT		 289 media_id = int(extract_url_arguments(
290 url=data["object"]["id"],
291 urlmap=request.app.url_map
292 )["id"])
293
9246a6ba
JT		 294 media = MediaEntry.query.filter_by(id=media_id).first()
295
296 if media is None:
297 return json_response(
298 "No such 'image' with id '{0}'".format(media_id),
299 status=404
300 )
301
0f3bf8d4 302 if media.actor != request.user.id:
9246a6ba
JT		 303 return json_error(
304 "Privilege 'commenter' required to comment.",
305 status=403
306 )
307
308
309 if not media.unserialize(data["object"]):
310 return json_error(
311 "Invalid 'image' with id '{0}'".format(media_id)
312 )
313
c0434db4
JT		 314
315 # Add location if one exists
316 if "location" in data:
317 Location.create(data["location"], self)
318
9246a6ba 319 media.save()
35885226 320 activity = api_add_to_feed(request, media)
9246a6ba 321
35885226 322 return json_response(activity.serialize(request))
9246a6ba
JT		 323
324 elif obj.get("objectType", None) is None:
325 # They need to tell us what type of object they're giving us.
326 return json_error("No objectType specified.")
327 else:
328 # Oh no! We don't know about this type of object (yet)
329 object_type = obj.get("objectType", None)
5e5d4458 330 return json_error(
9246a6ba 331 "Unknown object type '{0}'.".format(object_type)
5e5d4458 332 )
d8f55f2b 333
9246a6ba
JT		 334 # Updating existing objects
335 if data["verb"] == "update":
336 # Check we've got a valid object
337 obj = data.get("object", None)
338
339 if obj is None:
340 return json_error("Could not find 'object' element.")
341
342 if "objectType" not in obj:
343 return json_error("No objectType specified.")
344
345 if "id" not in obj:
346 return json_error("Object ID has not been specified.")
347
9c602458
JT		 348 obj_id = int(extract_url_arguments(
349 url=obj["id"],
350 urlmap=request.app.url_map
351 )["id"])
9246a6ba
JT		 352
353 # Now try and find object
354 if obj["objectType"] == "comment":
355 if not request.user.has_privilege(u'commenter'):
356 return json_error(
357 "Privilege 'commenter' required to comment.",
358 status=403
359 )
360
361 comment = MediaComment.query.filter_by(id=obj_id).first()
362 if comment is None:
363 return json_error(
364 "No such 'comment' with id '{0}'.".format(obj_id)
365 )
366
367 # Check that the person trying to update the comment is
368 # the author of the comment.
0f3bf8d4 369 if comment.actor != request.user.id:
9246a6ba
JT		 370 return json_error(
371 "Only author of comment is able to update comment.",
372 status=403
373 )
374
9e715bb0 375 if not comment.unserialize(data["object"], request):
9246a6ba 376 return json_error(
9e715bb0 377 "Invalid 'comment' with id '{0}'".format(obj["id"])
9246a6ba
JT		 378 )
379
380 comment.save()
381
35885226
JT		 382 # Create an update activity
383 generator = create_generator(request)
384 activity = create_activity(
385 verb="update",
386 actor=request.user,
387 obj=comment,
388 generator=generator
389 )
390
391 return json_response(activity.serialize(request))
9246a6ba
JT		 392
393 elif obj["objectType"] == "image":
394 image = MediaEntry.query.filter_by(id=obj_id).first()
395 if image is None:
396 return json_error(
9e715bb0 397 "No such 'image' with the id '{0}'.".format(obj["id"])
9246a6ba
JT		 398 )
399
400 # Check that the person trying to update the comment is
401 # the author of the comment.
0f3bf8d4 402 if image.actor != request.user.id:
9246a6ba
JT		 403 return json_error(
404 "Only uploader of image is able to update image.",
405 status=403
406 )
407
408 if not image.unserialize(obj):
409 return json_error(
410 "Invalid 'image' with id '{0}'".format(obj_id)
411 )
63c86579 412 image.generate_slug()
9246a6ba
JT		 413 image.save()
414
35885226
JT		 415 # Create an update activity
416 generator = create_generator(request)
417 activity = create_activity(
418 verb="update",
419 actor=request.user,
420 obj=image,
421 generator=generator
422 )
423
424 return json_response(activity.serialize(request))
c0434db4
JT		 425 elif obj["objectType"] == "person":
426 # check this is the same user
427 if "id" not in obj or obj["id"] != requested_user.id:
428 return json_error(
429 "Incorrect user id, unable to update"
430 )
431
432 requested_user.unserialize(obj)
433 requested_user.save()
7810817c 434
35885226
JT		 435 generator = create_generator(request)
436 activity = create_activity(
437 verb="update",
438 actor=request.user,
439 obj=requested_user,
440 generator=generator
441 )
442
443 return json_response(activity.serialize(request))
444
4dec1cd6
JT		 445 elif data["verb"] == "delete":
446 obj = data.get("object", None)
447 if obj is None:
448 return json_error("Could not find 'object' element.")
449
450 if "objectType" not in obj:
451 return json_error("No objectType specified.")
452
453 if "id" not in obj:
454 return json_error("Object ID has not been specified.")
455
456 # Parse out the object ID
457 obj_id = int(extract_url_arguments(
458 url=obj["id"],
459 urlmap=request.app.url_map
460 )["id"])
461
462 if obj.get("objectType", None) == "comment":
463 # Find the comment asked for
464 comment = MediaComment.query.filter_by(
465 id=obj_id,
0f3bf8d4 466 actor=request.user.id
4dec1cd6
JT		 467 ).first()
468
469 if comment is None:
470 return json_error(
471 "No such 'comment' with id '{0}'.".format(obj_id)
472 )
473
474 # Make a delete activity
475 generator = create_generator(request)
476 activity = create_activity(
477 verb="delete",
478 actor=request.user,
479 obj=comment,
480 generator=generator
481 )
482
483 # Unfortunately this has to be done while hard deletion exists
484 context = activity.serialize(request)
485
486 # now we can delete the comment
487 comment.delete()
488
489 return json_response(context)
490
491 if obj.get("objectType", None) == "image":
492 # Find the image
493 entry = MediaEntry.query.filter_by(
494 id=obj_id,
0f3bf8d4 495 actor=request.user.id
4dec1cd6
JT		 496 ).first()
497
498 if entry is None:
499 return json_error(
500 "No such 'image' with id '{0}'.".format(obj_id)
501 )
502
d216d771
JT		 503 # Okay lets do our best to ensure there is a public_id for
504 # this image, there most likely is but it's important!
505 entry.get_public_id(request.urlgen)
506
4dec1cd6
JT		 507 # Make the delete activity
508 generator = create_generator(request)
509 activity = create_activity(
510 verb="delete",
511 actor=request.user,
512 obj=entry,
513 generator=generator
514 )
515
516 # This is because we have hard deletion
517 context = activity.serialize(request)
518
519 # Now we can delete the image
520 entry.delete()
521
522 return json_response(context)
523
51ab5192 524 elif request.method != "GET":
5e5d4458
JT		 525 return json_error(
526 "Unsupported HTTP method {0}".format(request.method),
527 status=501
528 )
51ab5192 529
c894b424 530 feed = {
c64fc16b 531 "displayName": "Activities by {user}@{host}".format(
532 user=request.user.username,
533 host=request.host
534 ),
c894b424 535 "objectTypes": ["activity"],
058964bc
JT		 536 "url": request.base_url,
537 "links": {"self": {"href": request.url}},
3c3fa5e7 538 "author": request.user.serialize(request),
c894b424
JT		 539 "items": [],
540 }
c64fc16b 541
058964bc 542 # Create outbox
9a51bf1e
JT		 543 if outbox is None:
544 outbox = Activity.query.filter_by(actor=request.user.id)
545 else:
546 outbox = outbox.filter_by(actor=request.user.id)
058964bc
JT		 547
548 # We want the newest things at the top (issue: #1055)
549 outbox = outbox.order_by(Activity.published.desc())
550
551 # Limit by the "count" (default: 20)
26633946
JT		 552 limit = request.args.get("count", 20)
553
554 try:
555 limit = int(limit)
556 except ValueError:
557 limit = 20
558
559 # The upper most limit should be 200
560 limit = limit if limit < 200 else 200
561
562 # apply the limit
563 outbox = outbox.limit(limit)
058964bc
JT		 564
565 # Offset (default: no offset - first <count> result)
566 outbox = outbox.offset(request.args.get("offset", 0))
567
568 # Build feed.
569 for activity in outbox:
dd733916
JT		 570 try:
571 feed["items"].append(activity.serialize(request))
572 except AttributeError:
573 # This occurs because of how we hard-deletion and the object
574 # no longer existing anymore. We want to keep the Activity
575 # in case someone wishes to look it up but we shouldn't display
576 # it in the feed.
577 pass
c894b424
JT		 578 feed["totalItems"] = len(feed["items"])
579
580 return json_response(feed)
d7b3805f 581
9a51bf1e
JT		 582@oauth_required
583def feed_minor_endpoint(request):
584 """ Outbox for minor activities such as updates """
585 # If it's anything but GET pass it along
586 if request.method != "GET":
587 return feed_endpoint(request)
588
589 outbox = Activity.query.filter(
590 (Activity.verb == "update") | (Activity.verb == "delete")
591 )
592 return feed_endpoint(request, outbox=outbox)
593
594@oauth_required
595def feed_major_endpoint(request):
596 """ Outbox for all major activities """
597 # If it's anything but a GET pass it along
598 if request.method != "GET":
599 return feed_endpoint(request)
600
601 outbox = Activity.query.filter_by(verb="post")
602 return feed_endpoint(request, outbox=outbox)
603
d7b3805f 604@oauth_required
9246a6ba 605def object_endpoint(request):
5a2056f7 606 """ Lookup for a object type """
0421fc5e 607 object_type = request.matchdict["object_type"]
a14d90c2 608 try:
9c602458 609 object_id = request.matchdict["id"]
a14d90c2
JT		 610 except ValueError:
611 error = "Invalid object ID '{0}' for '{1}'".format(
612 request.matchdict["id"],
613 object_type
614 )
5e5d4458 615 return json_error(error)
a14d90c2 616
6781ff3c 617 if object_type not in ["image"]:
c64fc16b 618 # not sure why this is 404, maybe ask evan. Maybe 400?
8d75091d
JT		 619 return json_error(
620 "Unknown type: {0}".format(object_type),
621 status=404
622 )
5a2056f7 623
a14d90c2 624 media = MediaEntry.query.filter_by(id=object_id).first()
5a2056f7 625 if media is None:
5e5d4458
JT		 626 return json_error(
627 "Can't find '{0}' with ID '{1}'".format(object_type, object_id),
628 status=404
629 )
5a2056f7 630
bdde87a4 631 return json_response(media.serialize(request))
98596dd0 632
247a3b78 633@oauth_required
98596dd0 634def object_comments(request):
635 """ Looks up for the comments on a object """
9246a6ba
JT		 636 media = MediaEntry.query.filter_by(id=request.matchdict["id"]).first()
637 if media is None:
638 return json_error("Can't find '{0}' with ID '{1}'".format(
0421fc5e 639 request.matchdict["object_type"],
9246a6ba
JT		 640 request.matchdict["id"]
641 ), 404)
642
0421fc5e 643 comments = media.serialize(request)
9246a6ba
JT		 644 comments = comments.get("replies", {
645 "totalItems": 0,
646 "items": [],
647 "url": request.urlgen(
4fd52036 648 "mediagoblin.api.object.comments",
0421fc5e 649 object_type=media.object_type,
9246a6ba
JT		 650 id=media.id,
651 qualified=True
652 )
653 })
98596dd0 654
9246a6ba
JT		 655 comments["displayName"] = "Replies to {0}".format(comments["url"])
656 comments["links"] = {
657 "first": comments["url"],
658 "self": comments["url"],
659 }
660 return json_response(comments)
a5682e89 661
a5682e89 662##
0af1b859 663# RFC6415 - Web Host Metadata
a5682e89 664##
665def host_meta(request):
0af1b859
JT		 666 """
667 This provides the host-meta URL information that is outlined
668 in RFC6415. By default this should provide XRD+XML however
669 if the client accepts JSON we will provide that over XRD+XML.
670 The 'Accept' header is used to decude this.
c64fc16b 671
0af1b859
JT		 672 A client should use this endpoint to determine what URLs to
673 use for OAuth endpoints.
674 """
675
676 links = [
1bce9961
JT		 677 {
678 "rel": "lrdd",
679 "type": "application/json",
680 "href": request.urlgen(
681 "mediagoblin.webfinger.well-known.webfinger",
682 qualified=True
683 )
684 },
0af1b859
JT		 685 {
686 "rel": "registration_endpoint",
687 "href": request.urlgen(
688 "mediagoblin.oauth.client_register",
689 qualified=True
690 ),
691 },
692 {
693 "rel": "http://apinamespace.org/oauth/request_token",
694 "href": request.urlgen(
695 "mediagoblin.oauth.request_token",
696 qualified=True
697 ),
698 },
699 {
700 "rel": "http://apinamespace.org/oauth/authorize",
701 "href": request.urlgen(
702 "mediagoblin.oauth.authorize",
703 qualified=True
704 ),
705 },
706 {
707 "rel": "http://apinamespace.org/oauth/access_token",
708 "href": request.urlgen(
709 "mediagoblin.oauth.access_token",
710 qualified=True
711 ),
712 },
713 {
714 "rel": "http://apinamespace.org/activitypub/whoami",
715 "href": request.urlgen(
716 "mediagoblin.webfinger.whoami",
717 qualified=True
718 ),
1bce9961 719 },
0af1b859
JT		 720 ]
721
722 if "application/json" in request.accept_mimetypes:
723 return json_response({"links": links})
724
725 # provide XML+XRD
726 return render_to_response(
727 request,
4fd52036 728 "mediagoblin/api/host-meta.xml",
0af1b859
JT		 729 {"links": links},
730 mimetype="application/xrd+xml"
731 )
a5682e89 732
1bce9961
JT		 733def lrdd_lookup(request):
734 """
735 This is the lrdd endpoint which can lookup a user (or
736 other things such as activities). This is as specified by
737 RFC6415.
738
739 The cleint must provide a 'resource' as a GET parameter which
740 should be the query to be looked up.
741 """
742
743 if "resource" not in request.args:
744 return json_error("No resource parameter", status=400)
745
746 resource = request.args["resource"]
747
748 if "@" in resource:
749 # Lets pull out the username
750 resource = resource[5:] if resource.startswith("acct:") else resource
751 username, host = resource.split("@", 1)
752
753 # Now lookup the user
b4997540 754 user = LocalUser.query.filter(LocalUser.username==username).first()
1bce9961
JT		 755
756 if user is None:
757 return json_error(
758 "Can't find 'user' with username '{0}'".format(username))
759
760 return json_response([
761 {
762 "rel": "http://webfinger.net/rel/profile-page",
763 "href": user.url_for_self(request.urlgen),
764 "type": "text/html"
765 },
766 {
767 "rel": "self",
768 "href": request.urlgen(
4fd52036 769 "mediagoblin.api.user",
1bce9961
JT		 770 username=user.username,
771 qualified=True
772 )
773 },
774 {
775 "rel": "activity-outbox",
776 "href": request.urlgen(
4fd52036 777 "mediagoblin.api.feed",
1bce9961
JT		 778 username=user.username,
779 qualified=True
780 )
781 }
782 ])
783 else:
784 return json_error("Unrecognized resource parameter", status=404)
785
a5682e89 786
787def whoami(request):
a14d90c2 788 """ /api/whoami - HTTP redirect to API profile """
5e5d4458
JT		 789 if request.user is None:
790 return json_error("Not logged in.", status=401)
791
a5682e89 792 profile = request.urlgen(
4fd52036 793 "mediagoblin.api.user.profile",
a5682e89 794 username=request.user.username,
795 qualified=True
0679545f 796 )
a5682e89 797
798 return redirect(request, location=profile)
Unnamed repository; edit this file 'description' to name the repository.