mediagoblin/tools/request.py

   1 # GNU MediaGoblin -- federated, autonomous media hosting
   2 # Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
   3 #
   4 # This program is free software: you can redistribute it and/or modify
   5 # it under the terms of the GNU Affero General Public License as published by
   6 # the Free Software Foundation, either version 3 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU Affero General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU Affero General Public License
  15 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 import json
  18 import logging
  19
  20 from mediagoblin.db.models import User, AccessToken
  21 from mediagoblin.oauth.tools.request import decode_authorization_header
  22
  23 _log = logging.getLogger(__name__)
  24
  25
  26 # MIME-Types
  27 form_encoded = "application/x-www-form-urlencoded"
  28 json_encoded = "application/json"
  29
  30
  31 def setup_user_in_request(request):
  32     """
  33     Examine a request and tack on a request.user parameter if that's
  34     appropriate.
  35     """
  36     # If API request the user will be associated with the access token
  37     authorization = decode_authorization_header(request.headers)
  38
  39     if authorization.get(u"access_token"):
  40         # Check authorization header.
  41         token = authorization[u"oauth_token"]
  42         token = AccessToken.query.filter_by(token=token).first()
  43         if token is not None:
  44             request.user = token.user
  45             return
  46
  47
  48     if 'user_id' not in request.session:
  49         request.user = None
  50         return
  51
  52     request.user = User.query.get(request.session['user_id'])
  53
  54     if not request.user:
  55         # Something's wrong... this user doesn't exist?  Invalidate
  56         # this session.
  57         _log.warn("Killing session for user id %r", request.session['user_id'])
  58         request.session.delete()
  59
  60 def decode_request(request):
  61     """ Decodes a request based on MIME-Type """
  62     data = request.data
  63
  64     if request.content_type == json_encoded:
  65         data = json.loads(data)
  66     elif request.content_type == form_encoded or request.content_type == "":
  67         data = request.form
  68     else:
  69         data = ""
  70     return data