1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
20 from functools
import wraps
21 from webob
import exc
, Response
22 from urlparse
import urljoin
24 from mediagoblin
import mg_globals
25 from mediagoblin
.tools
.pluginapi
import PluginManager
26 from mediagoblin
.storage
.filestorage
import BasicFileStorage
28 _log
= logging
.getLogger(__name__
)
33 An object with two significant methods, 'trigger' and 'run'.
35 Using a similar object to this, plugins can register specific
36 authentication logic, for example the GET param 'access_token' for OAuth.
38 - trigger: Analyze the 'request' argument, return True if you think you
39 can handle the request, otherwise return False
40 - run: The authentication logic, set the request.user object to the user
41 you intend to authenticate and return True, otherwise return False.
43 If run() returns False, an HTTP 403 Forbidden error will be shown.
45 You may also display custom errors, just raise them within the run()
48 def trigger(self
, request
):
49 raise NotImplemented()
51 def __call__(self
, request
, *args
, **kw
):
52 raise NotImplemented()
55 def json_response(serializable
, _disable_cors
=False, *args
, **kw
):
57 Serializes a json objects and returns a webob.Response object with the
58 serialized value as the response body and Content-Type: application/json.
60 :param serializable: A json-serializable object
62 Any extra arguments and keyword arguments are passed to the
63 webob.Response.__init__ method.
65 response
= Response(json
.dumps(serializable
), *args
, **kw
)
66 response
.headers
['Content-Type'] = 'application/json'
70 'Access-Control-Allow-Origin': '*',
71 'Access-Control-Allow-Methods': 'POST, GET, OPTIONS',
72 'Access-Control-Allow-Headers': 'Content-Type, X-Requested-With'}
73 response
.headers
.update(cors_headers
)
78 def get_entry_serializable(entry
, urlgen
):
80 Returns a serializable dict() of a MediaEntry instance.
82 :param entry: A MediaEntry instance
83 :param urlgen: An urlgen instance, can be found on the request object passed
87 'user': entry
.get_uploader
.username
,
88 'user_id': entry
.get_uploader
.id,
89 'user_bio': entry
.get_uploader
.bio
,
90 'user_bio_html': entry
.get_uploader
.bio_html
,
91 'user_permalink': urlgen('mediagoblin.user_pages.user_home',
92 user
=entry
.get_uploader
.username
,
95 'created': entry
.created
.isoformat(),
97 'license': entry
.license
,
98 'description': entry
.description
,
99 'description_html': entry
.description_html
,
100 'media_type': entry
.media_type
,
101 'state': entry
.state
,
102 'permalink': entry
.url_for_self(urlgen
, qualified
=True),
103 'media_files': get_media_file_paths(entry
.media_files
, urlgen
)}
106 def get_media_file_paths(media_files
, urlgen
):
108 Returns a dictionary of media files with `file_handle` => `qualified URL`
110 :param media_files: dict-like object consisting of `file_handle => `listy
112 :param urlgen: An urlgen object, usually found on request.urlgen.
116 for key
, val
in media_files
.items():
117 if isinstance(mg_globals
.public_store
, BasicFileStorage
):
118 # BasicFileStorage does not provide a qualified URI
119 media_urls
[key
] = urljoin(
120 urlgen('index', qualified
=True),
121 mg_globals
.public_store
.file_url(val
))
123 media_urls
[key
] = mg_globals
.public_store
.file_url(val
)
128 def api_auth(controller
):
130 Decorator, allows plugins to register auth methods that will then be
131 evaluated against the request, finally a worthy authenticator object is
132 chosen and used to decide whether to grant or deny access.
135 def wrapper(request
, *args
, **kw
):
138 for auth
in PluginManager().get_hook_callables('auth'):
139 _log
.debug('Plugin auth: {0}'.format(auth
))
140 if auth
.trigger(request
):
141 auth_candidates
.append(auth
)
143 # If we can't find any authentication methods, we should not let them
145 if not auth_candidates
:
146 return exc
.HTTPForbidden()
148 # For now, just select the first one in the list
149 auth
= auth_candidates
[0]
151 _log
.debug('Using {0} to authorize request {1}'.format(
154 if not auth(request
, *args
, **kw
):
155 if getattr(auth
, 'errors', []):
156 return json_response({
158 'errors': auth
.errors
})
160 return exc
.HTTPForbidden()
162 return controller(request
, *args
, **kw
)