[mediagoblin.git] / mediagoblin / tools / request.py

# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import json
import logging

from werkzeug.http import parse_options_header

from mediagoblin.db.models import User, AccessToken
from mediagoblin.oauth.tools.request import decode_authorization_header

_log = logging.getLogger(__name__)


# MIME-Types
form_encoded = "application/x-www-form-urlencoded"
json_encoded = "application/json"


def setup_user_in_request(request):
    """
    Examine a request and tack on a request.user parameter if that's
    appropriate.
    """
    # If API request the user will be associated with the access token
    authorization = decode_authorization_header(request.headers)

    if authorization.get(u"access_token"):
        # Check authorization header.
        token = authorization[u"oauth_token"]
        token = AccessToken.query.filter_by(token=token).first()
        if token is not None:
            request.user = token.user
            return


    if 'user_id' not in request.session:
        request.user = None
        return

    request.user = User.query.get(request.session['user_id'])

    if not request.user:
        # Something's wrong... this user doesn't exist?  Invalidate
        # this session.
        _log.warn("Killing session for user id %r", request.session['user_id'])
        request.session.delete()

def decode_request(request):
    """ Decodes a request based on MIME-Type """
    data = request.data
    content_type, _ = parse_options_header(request.content_type)

    if content_type == json_encoded:
        data = json.loads(data)
    elif content_type == form_encoded or content_type == "":
        data = request.form
    else:
        data = ""
    return data
Commit	Line	Data
03ae172a	1	# GNU MediaGoblin -- federated, autonomous media hosting
cf29e8a8	2	# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
03ae172a AW	3	#
	4	# This program is free software: you can redistribute it and/or modify
	5	# it under the terms of the GNU Affero General Public License as published by
	6	# the Free Software Foundation, either version 3 of the License, or
	7	# (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU Affero General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16
d41c6a53	17	import json
cc9f9a1d	18	import logging
967df5ef	19
2fdc14a2 BS	20	from werkzeug.http import parse_options_header
2fdc14a2 BS	21
967df5ef JT	22	from mediagoblin.db.models import User, AccessToken
967df5ef JT	23	from mediagoblin.oauth.tools.request import decode_authorization_header
03ae172a	24
cc9f9a1d E	25	_log = logging.getLogger(__name__)
	26
	27
d41c6a53	28	# MIME-Types
	29	form_encoded = "application/x-www-form-urlencoded"
	30	json_encoded = "application/json"
	31
2b60a56c	32
03ae172a AW	33	def setup_user_in_request(request):
	34	"""
	35	Examine a request and tack on a request.user parameter if that's
	36	appropriate.
	37	"""
967df5ef JT	38	# If API request the user will be associated with the access token
	39	authorization = decode_authorization_header(request.headers)
	40
	41	if authorization.get(u"access_token"):
	42	# Check authorization header.
	43	token = authorization[u"oauth_token"]
	44	token = AccessToken.query.filter_by(token=token).first()
	45	if token is not None:
	46	request.user = token.user
	47	return
	48
	49
04453ccf	50	if 'user_id' not in request.session:
03ae172a AW	51	request.user = None
	52	return
	53
7c029a1f	54	request.user = User.query.get(request.session['user_id'])
03ae172a	55
7c029a1f	56	if not request.user:
03ae172a AW	57	# Something's wrong... this user doesn't exist? Invalidate
03ae172a AW	58	# this session.
cc9f9a1d	59	_log.warn("Killing session for user id %r", request.session['user_id'])
c7424612	60	request.session.delete()
d41c6a53	61
	62	def decode_request(request):
	63	""" Decodes a request based on MIME-Type """
d4a21d7e	64	data = request.data
2fdc14a2	65	content_type, _ = parse_options_header(request.content_type)
967df5ef	66
2fdc14a2	67	if content_type == json_encoded:
d41c6a53	68	data = json.loads(data)
2fdc14a2	69	elif content_type == form_encoded or content_type == "":
d41c6a53	70	data = request.form
	71	else:
	72	data = ""
	73	return data