[mediagoblin.git] / mediagoblin / tools / request.py

# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import json
import logging

import six
from werkzeug.http import parse_options_header

from mediagoblin.db.models import User, AccessToken
from mediagoblin.oauth.tools.request import decode_authorization_header

_log = logging.getLogger(__name__)


# MIME-Types
form_encoded = "application/x-www-form-urlencoded"
json_encoded = "application/json"


def setup_user_in_request(request):
    """
    Examine a request and tack on a request.user parameter if that's
    appropriate.
    """
    # If API request the user will be associated with the access token
    authorization = decode_authorization_header(request.headers)

    if authorization.get(u"access_token"):
        # Check authorization header.
        token = authorization[u"oauth_token"]
        token = AccessToken.query.filter_by(token=token).first()
        if token is not None:
            request.user = token.user
            return


    if 'user_id' not in request.session:
        request.user = None
        return

    request.user = User.query.get(request.session['user_id'])

    if not request.user:
        # Something's wrong... this user doesn't exist?  Invalidate
        # this session.
        _log.warn("Killing session for user id %r", request.session['user_id'])
        request.session.delete()

def decode_request(request):
    """ Decodes a request based on MIME-Type """
    data = request.data
    content_type, _ = parse_options_header(request.content_type)

    if content_type == json_encoded:
        data = json.loads(six.text_type(data, "utf-8"))
    elif content_type == form_encoded or content_type == "":
        data = request.form
    else:
        data = ""
    return data
Commit	Line	Data
03ae172a	1	# GNU MediaGoblin -- federated, autonomous media hosting
cf29e8a8	2	# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
03ae172a AW	3	#
	4	# This program is free software: you can redistribute it and/or modify
	5	# it under the terms of the GNU Affero General Public License as published by
	6	# the Free Software Foundation, either version 3 of the License, or
	7	# (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU Affero General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16
d41c6a53	17	import json
cc9f9a1d	18	import logging
967df5ef	19
fa9c0576	20	import six
2fdc14a2 BS	21	from werkzeug.http import parse_options_header
2fdc14a2 BS	22
967df5ef JT	23	from mediagoblin.db.models import User, AccessToken
967df5ef JT	24	from mediagoblin.oauth.tools.request import decode_authorization_header
03ae172a	25
cc9f9a1d E	26	_log = logging.getLogger(__name__)
	27
	28
d41c6a53	29	# MIME-Types
	30	form_encoded = "application/x-www-form-urlencoded"
	31	json_encoded = "application/json"
	32
2b60a56c	33
03ae172a AW	34	def setup_user_in_request(request):
	35	"""
	36	Examine a request and tack on a request.user parameter if that's
	37	appropriate.
	38	"""
967df5ef JT	39	# If API request the user will be associated with the access token
	40	authorization = decode_authorization_header(request.headers)
	41
	42	if authorization.get(u"access_token"):
	43	# Check authorization header.
	44	token = authorization[u"oauth_token"]
	45	token = AccessToken.query.filter_by(token=token).first()
	46	if token is not None:
	47	request.user = token.user
	48	return
	49
	50
04453ccf	51	if 'user_id' not in request.session:
03ae172a AW	52	request.user = None
	53	return
	54
7c029a1f	55	request.user = User.query.get(request.session['user_id'])
03ae172a	56
7c029a1f	57	if not request.user:
03ae172a AW	58	# Something's wrong... this user doesn't exist? Invalidate
03ae172a AW	59	# this session.
cc9f9a1d	60	_log.warn("Killing session for user id %r", request.session['user_id'])
c7424612	61	request.session.delete()
d41c6a53	62
	63	def decode_request(request):
	64	""" Decodes a request based on MIME-Type """
d4a21d7e	65	data = request.data
2fdc14a2	66	content_type, _ = parse_options_header(request.content_type)
967df5ef	67
2fdc14a2	68	if content_type == json_encoded:
fa9c0576	69	data = json.loads(six.text_type(data, "utf-8"))
2fdc14a2	70	elif content_type == form_encoded or content_type == "":
d41c6a53	71	data = request.form
	72	else:
	73	data = ""
	74	return data