[mediagoblin.git] / mediagoblin / plugins / api / tools.py

# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging
import json

from functools import wraps
from urlparse import urljoin
from werkzeug.exceptions import Forbidden
from werkzeug.wrappers import Response
from mediagoblin import mg_globals
from mediagoblin.tools.pluginapi import PluginManager
from mediagoblin.storage.filestorage import BasicFileStorage

_log = logging.getLogger(__name__)


class Auth(object):
    '''
    An object with two significant methods, 'trigger' and 'run'.

    Using a similar object to this, plugins can register specific
    authentication logic, for example the GET param 'access_token' for OAuth.

    - trigger: Analyze the 'request' argument, return True if you think you
      can handle the request, otherwise return False
    - run: The authentication logic, set the request.user object to the user
      you intend to authenticate and return True, otherwise return False.

    If run() returns False, an HTTP 403 Forbidden error will be shown.

    You may also display custom errors, just raise them within the run()
    method.
    '''
    def trigger(self, request):
        raise NotImplemented()

    def __call__(self, request, *args, **kw):
        raise NotImplemented()


def json_response(serializable, _disable_cors=False, *args, **kw):
    '''
    Serializes a json objects and returns a werkzeug Response object with the
    serialized value as the response body and Content-Type: application/json.

    :param serializable: A json-serializable object

    Any extra arguments and keyword arguments are passed to the
    Response.__init__ method.
    '''
    response = Response(json.dumps(serializable), *args, content_type='application/json', **kw)

    if not _disable_cors:
        cors_headers = {
                'Access-Control-Allow-Origin': '*',
                'Access-Control-Allow-Methods': 'POST, GET, OPTIONS',
                'Access-Control-Allow-Headers': 'Content-Type, X-Requested-With'}
        for key, value in cors_headers.iteritems():
            response.headers.set(key, value)

    return response


def get_entry_serializable(entry, urlgen):
    '''
    Returns a serializable dict() of a MediaEntry instance.

    :param entry: A MediaEntry instance
    :param urlgen: An urlgen instance, can be found on the request object passed
    to views.
    '''
    return {
            'user': entry.get_uploader.username,
            'user_id': entry.get_uploader.id,
            'user_bio': entry.get_uploader.bio,
            'user_bio_html': entry.get_uploader.bio_html,
            'user_permalink': urlgen('mediagoblin.user_pages.user_home',
                user=entry.get_uploader.username,
                qualified=True),
            'id': entry.id,
            'created': entry.created.isoformat(),
            'title': entry.title,
            'license': entry.license,
            'description': entry.description,
            'description_html': entry.description_html,
            'media_type': entry.media_type,
            'state': entry.state,
            'permalink': entry.url_for_self(urlgen, qualified=True),
            'media_files': get_media_file_paths(entry.media_files, urlgen)}


def get_media_file_paths(media_files, urlgen):
    '''
    Returns a dictionary of media files with `file_handle` => `qualified URL`

    :param media_files: dict-like object consisting of `file_handle => `listy
    filepath` pairs.
    :param urlgen: An urlgen object, usually found on request.urlgen.
    '''
    media_urls = {}

    for key, val in media_files.items():
        if isinstance(mg_globals.public_store, BasicFileStorage):
            # BasicFileStorage does not provide a qualified URI
            media_urls[key] = urljoin(
                    urlgen('index', qualified=True),
                    mg_globals.public_store.file_url(val))
        else:
            media_urls[key] = mg_globals.public_store.file_url(val)

    return media_urls


def api_auth(controller):
    '''
    Decorator, allows plugins to register auth methods that will then be
    evaluated against the request, finally a worthy authenticator object is
    chosen and used to decide whether to grant or deny access.
    '''
    @wraps(controller)
    def wrapper(request, *args, **kw):
        auth_candidates = []

        for auth in PluginManager().get_hook_callables('auth'):
            if auth.trigger(request):
                _log.debug('{0} believes it is capable of authenticating this request.'.format(auth))
                auth_candidates.append(auth)

        # If we can't find any authentication methods, we should not let them
        # pass.
        if not auth_candidates:
            raise Forbidden()

        # For now, just select the first one in the list
        auth = auth_candidates[0]

        _log.debug('Using {0} to authorize request {1}'.format(
            auth, request.url))

        if not auth(request, *args, **kw):
            if getattr(auth, 'errors', []):
                return json_response({
                        'status': 403,
                        'errors': auth.errors})

            raise Forbidden()

        return controller(request, *args, **kw)

    return wrapper
Commit	Line	Data
a062149e JW	1	# GNU MediaGoblin -- federated, autonomous media hosting
	2	# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
	3	#
	4	# This program is free software: you can redistribute it and/or modify
	5	# it under the terms of the GNU Affero General Public License as published by
	6	# the Free Software Foundation, either version 3 of the License, or
	7	# (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU Affero General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16
	17	import logging
42c83752	18	import json
a062149e JW	19
a062149e JW	20	from functools import wraps
c92aa0d0	21	from urlparse import urljoin
62d14bf5	22	from werkzeug.exceptions import Forbidden
cc195d5b	23	from werkzeug.wrappers import Response
42c83752	24	from mediagoblin import mg_globals
a062149e	25	from mediagoblin.tools.pluginapi import PluginManager
42c83752	26	from mediagoblin.storage.filestorage import BasicFileStorage
a062149e JW	27
	28	_log = logging.getLogger(__name__)
	29
	30
42c83752 JW	31	class Auth(object):
	32	'''
	33	An object with two significant methods, 'trigger' and 'run'.
	34
	35	Using a similar object to this, plugins can register specific
	36	authentication logic, for example the GET param 'access_token' for OAuth.
	37
	38	- trigger: Analyze the 'request' argument, return True if you think you
	39	can handle the request, otherwise return False
	40	- run: The authentication logic, set the request.user object to the user
	41	you intend to authenticate and return True, otherwise return False.
	42
	43	If run() returns False, an HTTP 403 Forbidden error will be shown.
	44
	45	You may also display custom errors, just raise them within the run()
	46	method.
	47	'''
	48	def trigger(self, request):
	49	raise NotImplemented()
	50
	51	def __call__(self, request, args, *kw):
	52	raise NotImplemented()
	53
	54
88a9662b	55	def json_response(serializable, _disable_cors=False, args, *kw):
85726f73	56	'''
cc195d5b	57	Serializes a json objects and returns a werkzeug Response object with the
85726f73 JW	58	serialized value as the response body and Content-Type: application/json.
	59
	60	:param serializable: A json-serializable object
	61
	62	Any extra arguments and keyword arguments are passed to the
cc195d5b	63	Response.__init__ method.
85726f73	64	'''
cc195d5b	65	response = Response(json.dumps(serializable), args, content_type='application/json', *kw)
88a9662b JW	66
	67	if not _disable_cors:
	68	cors_headers = {
	69	'Access-Control-Allow-Origin': '*',
	70	'Access-Control-Allow-Methods': 'POST, GET, OPTIONS',
	71	'Access-Control-Allow-Headers': 'Content-Type, X-Requested-With'}
9b2cd962 RP	72	for key, value in cors_headers.iteritems():
9b2cd962 RP	73	response.headers.set(key, value)
88a9662b	74
42c83752 JW	75	return response
	76
	77
85726f73 JW	78	def get_entry_serializable(entry, urlgen):
	79	'''
	80	Returns a serializable dict() of a MediaEntry instance.
	81
	82	:param entry: A MediaEntry instance
	83	:param urlgen: An urlgen instance, can be found on the request object passed
	84	to views.
	85	'''
42c83752 JW	86	return {
	87	'user': entry.get_uploader.username,
	88	'user_id': entry.get_uploader.id,
85726f73 JW	89	'user_bio': entry.get_uploader.bio,
	90	'user_bio_html': entry.get_uploader.bio_html,
	91	'user_permalink': urlgen('mediagoblin.user_pages.user_home',
	92	user=entry.get_uploader.username,
	93	qualified=True),
42c83752 JW	94	'id': entry.id,
	95	'created': entry.created.isoformat(),
	96	'title': entry.title,
	97	'license': entry.license,
	98	'description': entry.description,
	99	'description_html': entry.description_html,
	100	'media_type': entry.media_type,
09e528ac	101	'state': entry.state,
85726f73 JW	102	'permalink': entry.url_for_self(urlgen, qualified=True),
	103	'media_files': get_media_file_paths(entry.media_files, urlgen)}
	104
42c83752	105
85726f73 JW	106	def get_media_file_paths(media_files, urlgen):
	107	'''
	108	Returns a dictionary of media files with `file_handle` => `qualified URL`
42c83752	109
85726f73 JW	110	:param media_files: dict-like object consisting of `file_handle => `listy
	111	filepath` pairs.
	112	:param urlgen: An urlgen object, usually found on request.urlgen.
	113	'''
42c83752 JW	114	media_urls = {}
	115
	116	for key, val in media_files.items():
c92aa0d0 JW	117	if isinstance(mg_globals.public_store, BasicFileStorage):
	118	# BasicFileStorage does not provide a qualified URI
	119	media_urls[key] = urljoin(
	120	urlgen('index', qualified=True),
	121	mg_globals.public_store.file_url(val))
	122	else:
	123	media_urls[key] = mg_globals.public_store.file_url(val)
42c83752 JW	124
	125	return media_urls
	126
	127
a062149e	128	def api_auth(controller):
85726f73 JW	129	'''
	130	Decorator, allows plugins to register auth methods that will then be
	131	evaluated against the request, finally a worthy authenticator object is
	132	chosen and used to decide whether to grant or deny access.
	133	'''
a062149e JW	134	@wraps(controller)
	135	def wrapper(request, args, *kw):
	136	auth_candidates = []
	137
	138	for auth in PluginManager().get_hook_callables('auth'):
a062149e	139	if auth.trigger(request):
57c6473a	140	_log.debug('{0} believes it is capable of authenticating this request.'.format(auth))
a062149e JW	141	auth_candidates.append(auth)
	142
	143	# If we can't find any authentication methods, we should not let them
	144	# pass.
	145	if not auth_candidates:
cfa92229	146	raise Forbidden()
a062149e JW	147
	148	# For now, just select the first one in the list
	149	auth = auth_candidates[0]
	150
	151	_log.debug('Using {0} to authorize request {1}'.format(
	152	auth, request.url))
	153
	154	if not auth(request, args, *kw):
88a9662b JW	155	if getattr(auth, 'errors', []):
	156	return json_response({
	157	'status': 403,
	158	'errors': auth.errors})
	159
cfa92229	160	raise Forbidden()
a062149e JW	161
	162	return controller(request, args, *kw)
	163
	164	return wrapper