5 files changed, 40 insertions, 37 deletions

diff --git a/auth.py b/auth.py
index a6636a3..bdc043f 100644
--- a/auth.py
+++ b/auth.py
@@ -24,7 +24,7 @@ def calculateUserHash(username : str, password : str) -> object:
 class AuthBackend(object):
     def authenticate_user(self, username, password):
         if username is None or password is None:
-            raise ParryHTTPResponse("Username or password missing", 400)
+            raise HTTPResponse("Username or password missing", 400)
         session = DBSession()
         try:
             user = session.query(User).filter_by(name=username, hash=calculateUserHash(username, password).hexdigest()).one()
@@ -70,7 +70,7 @@ def auth_basic(f):
         try:
             User.query.filter_by(name=request.forms["username"], hash=calculateUserHash(request.forms["username"], request.forms["password"]).hexdigest()).first()
         except db.orm.exc.NoResultFound:
-            return ParryHTTPResponse(status=401)
+            return HTTPResponse(status=401)
         
         del request.forms["password"]
         return f(*args, **kwargs)
@@ -80,4 +80,4 @@ def get_user(session : DBSession):
     try:
         return session.query(User).filter_by(name=request.get_user()["name"]).one()
     except db.orm.exc.NoResultFound:
-        raise ParryHTTPResponse(status=401)
+        raise HTTPResponse(status=401)
diff --git a/cors.py b/cors.py
index 2826920..d9ff90a 100644
--- a/cors.py
+++ b/cors.py
@@ -1,4 +1,4 @@
-# Copyright (c) 2018, George Tokmaji
+# Copyright (c) 2018-2019, George Tokmaji
 
 # Permission to use, copy, modify, and/or distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -12,20 +12,24 @@
 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-from bottle import HTTPResponse, route, response, hook
+from bottle import HTTPResponse, route, response, request, hook
 
-class ParryHTTPResponse(HTTPResponse):
-    def __init__(self, body="", status=None, headers=None, **more_headers):
-        more_headers["Access-Control-Allow-Origin"] = "*"
-        more_headers["Access-Control-Allow-Methods"] = "GET, POST, HEAD, PUT, PATCH, DELETE"
-        more_headers["Access-Control-Allow-Headers"] = "*"
-        super().__init__(body, status, headers, **more_headers)
+def set_cors_headers(headers):
+    headers["Access-Control-Allow-Origin"] = "*"
+    headers["Access-Control-Allow-Methods"] = "POST, GET, PUT, DELETE, PATCH, HEAD"
+    headers["Access-Control-Allow-Headers"] = request.headers.get("Access-Control-Request-Headers", "*")
+
+HTTPResponse.__oldinit__ = HTTPResponse.__init__
+def newinit(self, body="", status=None, headers=None, **more_headers):
+    set_cors_headers(more_headers)
+    self.__oldinit__(body, status, headers, **more_headers)
+
+HTTPResponse.__init__ = newinit
 
 @route("<path:path>", method="OPTIONS")
 def options(path):
-    return ParryHTTPResponse(status=204)
+    return HTTPResponse(status=204)
 
 @hook("after_request")
 def enable_cors():
-    response.headers["Access-Control-Allow-Origin"] = "*"
-    response.headers["Access-Control-Allow-Methods"] = "POST, GET, PUT, DELETE, PATCH, HEAD"
+    set_cors_headers(response.headers)
diff --git a/routes/auth.py b/routes/auth.py
index cdcacf1..d6b6ffd 100644
--- a/routes/auth.py
+++ b/routes/auth.py
@@ -21,16 +21,16 @@ def post_auth_new():
         username = request_data()["username"]
         password = request_data()["password"]
     except KeyError as e:
-        raise ParryHTTPResponse("Username or password missing", 400)
+        raise HTTPResponse("Username or password missing", 400)
     
     hash = calculateUserHash(username, password).hexdigest()
     try:
         session.query(User).filter(User.name == username or User.hash == hash).one()
-        raise ParryHTTPResponse("User already exists", status=409)
+        raise HTTPResponse("User already exists", status=409)
     except db.orm.exc.NoResultFound:
         session.add(User(name=username, hash=hash))
         session.commit()
-        return ParryHTTPResponse(status=303, headers={"Location" : "/api/auth"})
+        return HTTPResponse(status=303, headers={"Location" : "/api/auth"})
 
 @get("/api/auth")
 @jwt_auth_required
diff --git a/routes/media.py b/routes/media.py
index 125284b..37f57c9 100644
--- a/routes/media.py
+++ b/routes/media.py
@@ -44,7 +44,7 @@ def post_media():
     f = _upload_file(next(request.files.values()))
     session.add(f)
     session.commit()
-    return ParryHTTPResponse(f.json(), status=201) 
+    return HTTPResponse(f.json(), status=201) 
 
 @get("/api/media/<id>")
 def get_media_id(id):
@@ -52,7 +52,7 @@ def get_media_id(id):
     try:
         file = session.query(File).filter_by(id=id).one()
     except db.orm.exc.NoResultFound:
-        raise ParryHTTPResponse(status=404)
+        raise HTTPResponse(status=404)
 
     response.set_header("Content-Type", file.content_type)
     response.set_header("Content-Length", file.length)
@@ -61,8 +61,8 @@ def get_media_id(id):
     if request.method == "GET":
         if file.download_url:
             #return requests.request(request.method, file.download_url, allow_redirects=True)
-            return ParryHTTPResponse(status=302, headers={"Location" : file.download_url})
+            return HTTPResponse(status=302, headers={"Location" : file.download_url})
         else:
             return static_file(str(file.id), os.path.join(os.getcwd(), "media"), file.content_type, download=file.name if request.params.download else False)
     
-    raise ParryHTTPResponse(status=404)
+    raise HTTPResponse(status=404)
diff --git a/routes/uploads.py b/routes/uploads.py
index 332b5a4..d75c4f2 100644
--- a/routes/uploads.py
+++ b/routes/uploads.py
@@ -73,10 +73,10 @@ def post_upload(id=None):
         if id is not None:
             entry = session.query(Upload).get(id)
             if not entry:
-                raise ParryHTTPResponse(status=404)
+                raise HTTPResponse(status=404)
         else:
             if session.query(Upload).filter_by(title=request_data()["title"]).count():
-                raise ParryHTTPResponse("An entry with the specified title already exists", 410)
+                raise HTTPResponse("An entry with the specified title already exists", 410)
             
             entry = Upload()
         
@@ -118,7 +118,7 @@ def post_upload(id=None):
         
     except KeyError as e:
         session.rollback()
-        raise ParryHTTPResponse(f"Missing form value: {e.args[0]}", 400)
+        raise HTTPResponse(f"Missing form value: {e.args[0]}", 400)
     
     session.commit()
     return _add_upload(entry, session)
@@ -131,7 +131,7 @@ def get_upload(id):
     if entry is not None:
         return _add_upload(entry, session)
     
-    raise ParryHTTPResponse(status=404)
+    raise HTTPResponse(status=404)
 
 @delete("/api/uploads/<id>")
 @jwt_auth_required
@@ -141,10 +141,10 @@ def delete_upload(id):
     try:
         entry = session.query(Upload).filter_by(id=id, author=author).one()
     except db.orm.exc.NoResultFound:
-        raise ParryHTTPResponse(status=404)
+        raise HTTPResponse(status=404)
     
     if entry.readonly:
-        raise ParryHTTPResponse("Resource is read-only", 403)
+        raise HTTPResponse("Resource is read-only", 403)
     
     session.delete(entry)
     for i in [Comment, Vote]:
@@ -158,7 +158,7 @@ def delete_upload(id):
     #TODO: Dependencies
     session.commit()
     session.flush()
-    return ParryHTTPResponse(status=204)
+    return HTTPResponse(status=204)
         
 
 @get("/api/uploads/<id>/comments")
@@ -166,7 +166,7 @@ def get_comments(id):
     session = DBSession()
     upload = session.query(Upload).get(id)
     if upload is None:
-        raise ParryHTTPResponse("Invalid upload id", 404)
+        raise HTTPResponse("Invalid upload id", 404)
     
     return {
         "comments" : [{**(comment.json()), **_vote_dummy} for comment in session.query(Comment).filter_by(upload=upload)]
@@ -178,17 +178,16 @@ def post_comments(id):
     session = DBSession()
     upload = session.query(Upload).get(id)
     if upload is None:
-        raise ParryHTTPResponse("Invalid upload id", 404)
+        raise HTTPResponse("Invalid upload id", 404)
     
     try:
-        
         comment = Comment(
             body=request_data()["body"],
             author=get_user(session),
             upload=upload
             )
     except KeyError as e:
-        raise ParryHTTPResponse(f"Missing json value: {e.args[0]}", 400)
+        raise HTTPResponse(f"Missing json value: {e.args[0]}", 400)
     
     session.add(comment)
     session.commit()
@@ -201,11 +200,11 @@ def delete_comments(id, comment_id):
     try:
         comment = session.query(Comment).filter_by(id=comment_id, author=get_user(session), upload=session.query(Upload).get(id)).one()
     except db.orm.exc.NoResultFound:
-        raise ParryHTTPResponse(status=404)
+        raise HTTPResponse(status=404)
     
     session.delete(comment)
     session.commit()
-    return ParryHTTPResponse(status=204)
+    return HTTPResponse(status=204)
 
 @get("/api/uploads/<id>/vote")
 @jwt_auth_required
@@ -213,12 +212,12 @@ def get_vote(id):
     session = DBSession()
     upload = session.query(Upload).get(id)
     if upload is None:
-        raise ParryHTTPResponse("Invalid upload id", 404)
+        raise HTTPResponse("Invalid upload id", 404)
     
     try:
         return session.query(Vote).filter_by(upload=upload, author=get_user(session)).one().json()
     except db.orm.exc.NoResultFound:
-        raise ParryHTTPResponse(status=404)
+        raise HTTPResponse(status=404)
 
 @post("/api/uploads/<id>/vote")
 @jwt_auth_required
@@ -226,7 +225,7 @@ def post_vote(id):
     session = DBSession()
     upload = session.query(Upload).get(id)
     if upload is None:
-        raise ParryHTTPResponse("Invalid upload id", 404)
+        raise HTTPResponse("Invalid upload id", 404)
     
     author = get_user(session)
     try: