mediagoblin/tools/request.py

   1 # GNU MediaGoblin -- federated, autonomous media hosting
   2 # Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
   3 #
   4 # This program is free software: you can redistribute it and/or modify
   5 # it under the terms of the GNU Affero General Public License as published by
   6 # the Free Software Foundation, either version 3 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU Affero General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU Affero General Public License
  15 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 import json
  18 import logging
  19
  20 import six
  21 from werkzeug.http import parse_options_header
  22
  23 from mediagoblin.db.models import User, AccessToken
  24 from mediagoblin.oauth.tools.request import decode_authorization_header
  25
  26 _log = logging.getLogger(__name__)
  27
  28
  29 # MIME-Types
  30 form_encoded = "application/x-www-form-urlencoded"
  31 json_encoded = "application/json"
  32
  33
  34 def setup_user_in_request(request):
  35     """
  36     Examine a request and tack on a request.user parameter if that's
  37     appropriate.
  38     """
  39     # If API request the user will be associated with the access token
  40     authorization = decode_authorization_header(request.headers)
  41
  42     if authorization.get(u"access_token"):
  43         # Check authorization header.
  44         token = authorization[u"oauth_token"]
  45         token = AccessToken.query.filter_by(token=token).first()
  46         if token is not None:
  47             request.user = token.user
  48             return
  49
  50
  51     if 'user_id' not in request.session:
  52         request.user = None
  53         return
  54
  55     request.user = User.query.get(request.session['user_id'])
  56
  57     if not request.user:
  58         # Something's wrong... this user doesn't exist?  Invalidate
  59         # this session.
  60         _log.warn("Killing session for user id %r", request.session['user_id'])
  61         request.session.delete()
  62
  63 def decode_request(request):
  64     """ Decodes a request based on MIME-Type """
  65     data = request.data
  66     content_type, _ = parse_options_header(request.content_type)
  67
  68     if content_type == json_encoded:
  69         data = json.loads(six.text_type(data, "utf-8"))
  70     elif content_type == form_encoded or content_type == "":
  71         data = request.form
  72     else:
  73         data = ""
  74     return data