Use sqlalchemy as backend, implement JWT authentication, add uploading, commenting and voting

1 files changed, 27 insertions, 44 deletions

diff --git a/helpers.py b/helpers.py
index 66c733b..c748839 100644
--- a/helpers.py
+++ b/helpers.py
@@ -14,33 +14,28 @@
 
 import sys
 import os, re, json, math
-import requests, hashlib
-from bottle import route, run, Bottle, request, static_file, response, hook, HTTPResponse, JSONPlugin, install
+import requests
+from bson.objectid import ObjectId
+from bottle import install, run, Bottle, static_file, response, hook, JSONPlugin, get, post, error
 import threading
 
-os.chdir(os.path.dirname(__file__))
-from .database import *
-
-BLOCKSIZE = 1024 ** 2
+class ParryEncoder(json.JSONEncoder):
+    _default = json.JSONEncoder.default
+    def default(self, obj):
+        if isinstance(obj, ObjectId):
+            return str(obj)
+        
+        return self._default(obj)
 
-locks = {
-    "io" : threading.Lock()
-    }
+install(JSONPlugin(json_dumps=lambda s: json.dumps(s, cls=ParryEncoder)))
 
-def with_lock(k):
-    def wrapper(f):
-        def func(*args, **kwargs):
-            with locks[k]:
-                return f(*args, **kwargs)
-        
-        return func
-    return wrapper
+os.chdir(os.path.dirname(__file__))
+from .auth import *
 
 def calculateHashForResource(resource : requests.Response) -> object:
     hashobj = hashlib.sha1()
     
     calculateHashForFile(resource.raw, hashobj)
-    assert(resource.raw.tell())
     if "content-length" not in resource.headers:
         resource.headers["Content-Length"] = resource.raw.tell()
     return hashobj
@@ -61,33 +56,21 @@ def calculateHashForFile(file, hashobj : object = None) -> object:
 def notAllowed():
     raise HTTPResponse(f"Cannot {request.method} {request.path}")
 
-@hook('after_request')
+@route("<path:path>", method="OPTIONS")
+def options(path):
+    return HTTPResponse(status=204, headers={"Access-Control-Allow-Origin" : "*", "Access-Control-Allow-Methods" : "GET, POST, HEAD, PUT, PATCH, DELETE", "Access-Control-Allow-Headers" : "*"})
+
+@hook("after_request")
 def enable_cors():
     response.headers["Access-Control-Allow-Origin"] = "*"
+    response.headers["Access-Control-Allow-Methods"] = "POST, GET, PUT, DELETE, PATCH, HEAD"
 
-# Auth
+@error(500)
+def internal_error(error):
+    if request.json is None:
+        error.exception = None
+        error._status_code = 400
+        error._body = "Invalid JSON specified"
 
-def calculateUserHash(username : str, password : str) -> object:
-    return hashlib.sha512(hashlib.sha512(username.encode("utf-8")).digest() + hashlib.sha512(password.encode("utf-8")).digest())
-
-def auth_basic(f):
-    def checkAuth(*args, **kwargs):
-        session = DBSession()
-        try:
-            User.query.filter_by(name=requests.forms["username"], hash=calculateUserHash(request.forms["username"], request.forms["password"]).hexdigest()).first()
-        except db.orm.exc.NoResultFound:
-            return HTTPResponse(status=401)
-        
-        del request.forms["password"]
-        return f(*args, **kwargs)
-    return checkAuth
-
-class ParryEncoder(json.JSONEncoder):
-    _default = json.JSONEncoder.default
-    def default(self, obj):
-        if isinstance(obj, ObjectId):
-            return str(obj)
-        
-        return self._default(obj)
-
-install(JSONPlugin(json_dumps=lambda s: json.dumps(s, cls=ParryEncoder)))
+def request_data():
+    return request.json if request.json else request.forms