[mediagoblin.git] / mediagoblin / plugins / piwigo / views.py

# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2013 MediaGoblin contributors.  See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging
import re

import six

from werkzeug.exceptions import MethodNotAllowed, BadRequest, NotImplemented
from werkzeug.wrappers import BaseResponse

from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.meddleware.csrf import csrf_exempt
from mediagoblin.auth.tools import check_login_simple
from mediagoblin.submit.lib import \
    submit_media, check_file_field, get_upload_file_limits, \
    FileUploadLimit, UserUploadLimit, UserPastUploadLimit


from mediagoblin.user_pages.lib import add_media_to_collection
from mediagoblin.db.models import Collection

from .tools import CmdTable, response_xml, check_form, \
    PWGSession, PwgNamedArray, PwgError
from .forms import AddSimpleForm, AddForm


_log = logging.getLogger(__name__)


@CmdTable("pwg.session.login", True)
def pwg_login(request):
    username = request.form.get("username")
    password = request.form.get("password")
    user = check_login_simple(username, password)
    if not user:
        return PwgError(999, 'Invalid username/password')
    request.session["user_id"] = user.id
    request.session.save()
    return True


@CmdTable("pwg.session.logout")
def pwg_logout(request):
    _log.info("Logout")
    request.session.delete()
    return True


@CmdTable("pwg.getVersion")
def pwg_getversion(request):
    return "2.5.0 (MediaGoblin)"


@CmdTable("pwg.session.getStatus")
def pwg_session_getStatus(request):
    if request.user:
        username = request.user.username
    else:
        username = "guest"
    return {'username': username}


@CmdTable("pwg.categories.getList")
def pwg_categories_getList(request):
    catlist = [{'id': -29711,
                'uppercats': "-29711",
                'name': "All my images"}]

    if request.user:
        collections = Collection.query.filter_by(
            get_actor=request.user).order_by(Collection.title)

        for c in collections:
            catlist.append({'id': c.id,
                            'uppercats': str(c.id),
                            'name': c.title,
                            'comment': c.description
                            })

    return {
          'categories': PwgNamedArray(
            catlist,
            'category',
            (
              'id',
              'url',
              'nb_images',
              'total_nb_images',
              'nb_categories',
              'date_last',
              'max_date_last',
            )
          )
        }


@CmdTable("pwg.images.exist")
def pwg_images_exist(request):
    return {}


@CmdTable("pwg.images.addSimple", True)
def pwg_images_addSimple(request):
    form = AddSimpleForm(request.form)
    if not form.validate():
        _log.error("addSimple: form failed")
        raise BadRequest()
    dump = []
    for f in form:
        dump.append("%s=%r" % (f.name, f.data))
    _log.info("addSimple: %r %s %r", request.form, " ".join(dump),
              request.files)

    if not check_file_field(request, 'image'):
        raise BadRequest()

    try:
        entry = submit_media(
            mg_app=request.app, user=request.user,
            submitted_file=request.files['image'],
            filename=request.files['image'].filename,
            title=six.text_type(form.name.data),
            description=six.text_type(form.comment.data))

        collection_id = form.category.data
        if collection_id > 0:
            collection = Collection.query.get(collection_id)
            if collection is not None and collection.actor == request.user.id:
                add_media_to_collection(collection, entry, "")

        return {
            'image_id': entry.id,
            'url': entry.url_for_self(
                request.urlgen,
                qualified=True)}

    # Handle upload limit issues
    except FileUploadLimit:
        raise BadRequest(
            _(u'Sorry, the file size is too big.'))
    except UserUploadLimit:
        raise BadRequest(
            _('Sorry, uploading this file will put you over your'
              ' upload limit.'))
    except UserPastUploadLimit:
        raise BadRequest(
            _('Sorry, you have reached your upload limit.'))


md5sum_matcher = re.compile(r"^[0-9a-fA-F]{32}$")


def fetch_md5(request, parm_name, optional_parm=False):
    val = request.form.get(parm_name)
    if (val is None) and (not optional_parm):
        _log.error("Parameter %s missing", parm_name)
        raise BadRequest("Parameter %s missing" % parm_name)
    if not md5sum_matcher.match(val):
        _log.error("Parameter %s=%r has no valid md5 value", parm_name, val)
        raise BadRequest("Parameter %s is not md5" % parm_name)
    return val


@CmdTable("pwg.images.addChunk", True)
def pwg_images_addChunk(request):
    o_sum = fetch_md5(request, 'original_sum')
    typ = request.form.get('type')
    pos = request.form.get('position')
    data = request.form.get('data')

    # Validate params:
    pos = int(pos)
    if not typ in ("file", "thumb"):
        _log.error("type %r not allowed for now", typ)
        return False

    _log.info("addChunk for %r, type %r, position %d, len: %d",
              o_sum, typ, pos, len(data))
    if typ == "thumb":
        _log.info("addChunk: Ignoring thumb, because we create our own")
        return True

    return True


@CmdTable("pwg.images.add", True)
def pwg_images_add(request):
    _log.info("add: %r", request.form)
    form = AddForm(request.form)
    check_form(form)

    return {'image_id': 123456, 'url': ''}


@csrf_exempt
def ws_php(request):
    if request.method not in ("GET", "POST"):
        _log.error("Method %r not supported", request.method)
        raise MethodNotAllowed()

    func = CmdTable.find_func(request)
    if not func:
        _log.warn("wsphp: Unhandled %s %r %r", request.method,
                  request.args, request.form)
        raise NotImplemented()

    with PWGSession(request) as session:
        result = func(request)

        if isinstance(result, BaseResponse):
            return result

        response = response_xml(result)
        session.save_to_cookie(response)

        return response
Commit	Line	Data
	1	# GNU MediaGoblin -- federated, autonomous media hosting
	2	# Copyright (C) 2013 MediaGoblin contributors. See AUTHORS.
	3	#
	4	# This program is free software: you can redistribute it and/or modify
	5	# it under the terms of the GNU Affero General Public License as published by
	6	# the Free Software Foundation, either version 3 of the License, or
	7	# (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU Affero General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16
	17	import logging
	18	import re
	19
	20	import six
	21
	22	from werkzeug.exceptions import MethodNotAllowed, BadRequest, NotImplemented
	23	from werkzeug.wrappers import BaseResponse
	24
	25	from mediagoblin.tools.translate import pass_to_ugettext as _
	26	from mediagoblin.meddleware.csrf import csrf_exempt
	27	from mediagoblin.auth.tools import check_login_simple
	28	from mediagoblin.submit.lib import \
	29	submit_media, check_file_field, get_upload_file_limits, \
	30	FileUploadLimit, UserUploadLimit, UserPastUploadLimit
	31
	32
	33	from mediagoblin.user_pages.lib import add_media_to_collection
	34	from mediagoblin.db.models import Collection
	35
	36	from .tools import CmdTable, response_xml, check_form, \
	37	PWGSession, PwgNamedArray, PwgError
	38	from .forms import AddSimpleForm, AddForm
	39
	40
	41	_log = logging.getLogger(__name__)
	42
	43
	44	@CmdTable("pwg.session.login", True)
	45	def pwg_login(request):
	46	username = request.form.get("username")
	47	password = request.form.get("password")
	48	user = check_login_simple(username, password)
	49	if not user:
	50	return PwgError(999, 'Invalid username/password')
	51	request.session["user_id"] = user.id
	52	request.session.save()
	53	return True
	54
	55
	56	@CmdTable("pwg.session.logout")
	57	def pwg_logout(request):
	58	_log.info("Logout")
	59	request.session.delete()
	60	return True
	61
	62
	63	@CmdTable("pwg.getVersion")
	64	def pwg_getversion(request):
	65	return "2.5.0 (MediaGoblin)"
	66
	67
	68	@CmdTable("pwg.session.getStatus")
	69	def pwg_session_getStatus(request):
	70	if request.user:
	71	username = request.user.username
	72	else:
	73	username = "guest"
	74	return {'username': username}
	75
	76
	77	@CmdTable("pwg.categories.getList")
	78	def pwg_categories_getList(request):
	79	catlist = [{'id': -29711,
	80	'uppercats': "-29711",
	81	'name': "All my images"}]
	82
	83	if request.user:
	84	collections = Collection.query.filter_by(
	85	get_actor=request.user).order_by(Collection.title)
	86
	87	for c in collections:
	88	catlist.append({'id': c.id,
	89	'uppercats': str(c.id),
	90	'name': c.title,
	91	'comment': c.description
	92	})
	93
	94	return {
	95	'categories': PwgNamedArray(
	96	catlist,
	97	'category',
	98	(
	99	'id',
	100	'url',
	101	'nb_images',
	102	'total_nb_images',
	103	'nb_categories',
	104	'date_last',
	105	'max_date_last',
	106	)
	107	)
	108	}
	109
	110
	111	@CmdTable("pwg.images.exist")
	112	def pwg_images_exist(request):
	113	return {}
	114
	115
	116	@CmdTable("pwg.images.addSimple", True)
	117	def pwg_images_addSimple(request):
	118	form = AddSimpleForm(request.form)
	119	if not form.validate():
	120	_log.error("addSimple: form failed")
	121	raise BadRequest()
	122	dump = []
	123	for f in form:
	124	dump.append("%s=%r" % (f.name, f.data))
	125	_log.info("addSimple: %r %s %r", request.form, " ".join(dump),
	126	request.files)
	127
	128	if not check_file_field(request, 'image'):
	129	raise BadRequest()
	130
	131	try:
	132	entry = submit_media(
	133	mg_app=request.app, user=request.user,
	134	submitted_file=request.files['image'],
	135	filename=request.files['image'].filename,
	136	title=six.text_type(form.name.data),
	137	description=six.text_type(form.comment.data))
	138
	139	collection_id = form.category.data
	140	if collection_id > 0:
	141	collection = Collection.query.get(collection_id)
	142	if collection is not None and collection.actor == request.user.id:
	143	add_media_to_collection(collection, entry, "")
	144
	145	return {
	146	'image_id': entry.id,
	147	'url': entry.url_for_self(
	148	request.urlgen,
	149	qualified=True)}
	150
	151	# Handle upload limit issues
	152	except FileUploadLimit:
	153	raise BadRequest(
	154	_(u'Sorry, the file size is too big.'))
	155	except UserUploadLimit:
	156	raise BadRequest(
	157	_('Sorry, uploading this file will put you over your'
	158	' upload limit.'))
	159	except UserPastUploadLimit:
	160	raise BadRequest(
	161	_('Sorry, you have reached your upload limit.'))
	162
	163
	164	md5sum_matcher = re.compile(r"^[0-9a-fA-F]{32}$")
	165
	166
	167	def fetch_md5(request, parm_name, optional_parm=False):
	168	val = request.form.get(parm_name)
	169	if (val is None) and (not optional_parm):
	170	_log.error("Parameter %s missing", parm_name)
	171	raise BadRequest("Parameter %s missing" % parm_name)
	172	if not md5sum_matcher.match(val):
	173	_log.error("Parameter %s=%r has no valid md5 value", parm_name, val)
	174	raise BadRequest("Parameter %s is not md5" % parm_name)
	175	return val
	176
	177
	178	@CmdTable("pwg.images.addChunk", True)
	179	def pwg_images_addChunk(request):
	180	o_sum = fetch_md5(request, 'original_sum')
	181	typ = request.form.get('type')
	182	pos = request.form.get('position')
	183	data = request.form.get('data')
	184
	185	# Validate params:
	186	pos = int(pos)
	187	if not typ in ("file", "thumb"):
	188	_log.error("type %r not allowed for now", typ)
	189	return False
	190
	191	_log.info("addChunk for %r, type %r, position %d, len: %d",
	192	o_sum, typ, pos, len(data))
	193	if typ == "thumb":
	194	_log.info("addChunk: Ignoring thumb, because we create our own")
	195	return True
	196
	197	return True
	198
	199
	200	@CmdTable("pwg.images.add", True)
	201	def pwg_images_add(request):
	202	_log.info("add: %r", request.form)
	203	form = AddForm(request.form)
	204	check_form(form)
	205
	206	return {'image_id': 123456, 'url': ''}
	207
	208
	209	@csrf_exempt
	210	def ws_php(request):
	211	if request.method not in ("GET", "POST"):
	212	_log.error("Method %r not supported", request.method)
	213	raise MethodNotAllowed()
	214
	215	func = CmdTable.find_func(request)
	216	if not func:
	217	_log.warn("wsphp: Unhandled %s %r %r", request.method,
	218	request.args, request.form)
	219	raise NotImplemented()
	220
	221	with PWGSession(request) as session:
	222	result = func(request)
	223
	224	if isinstance(result, BaseResponse):
	225	return result
	226
	227	response = response_xml(result)
	228	session.save_to_cookie(response)
	229
	230	return response