2023-03-04 13:45:26 +00:00
|
|
|
"""
|
|
|
|
Onlylegs - API endpoints
|
|
|
|
"""
|
|
|
|
from uuid import uuid4
|
|
|
|
import os
|
2023-03-14 22:07:17 +00:00
|
|
|
import pathlib
|
2023-04-20 20:45:57 +00:00
|
|
|
import re
|
2023-03-04 13:45:26 +00:00
|
|
|
import logging
|
2023-03-01 23:29:34 +00:00
|
|
|
|
2023-04-05 16:35:59 +00:00
|
|
|
from flask import Blueprint, send_from_directory, abort, flash, request, current_app
|
2023-04-03 18:04:49 +00:00
|
|
|
from flask_login import login_required, current_user
|
|
|
|
|
2023-03-05 16:22:11 +00:00
|
|
|
from colorthief import ColorThief
|
2023-03-01 23:29:34 +00:00
|
|
|
|
2023-04-12 16:58:13 +00:00
|
|
|
from onlylegs.extensions import db
|
2023-04-20 20:45:57 +00:00
|
|
|
from onlylegs.models import Post, Group, GroupJunction, User
|
2023-04-12 16:58:13 +00:00
|
|
|
from onlylegs.utils import metadata as mt
|
|
|
|
from onlylegs.utils.generate_image import generate_thumbnail
|
2023-03-01 23:29:34 +00:00
|
|
|
|
2023-01-10 14:40:43 +00:00
|
|
|
|
2023-04-07 12:35:30 +00:00
|
|
|
blueprint = Blueprint("api", __name__, url_prefix="/api")
|
2023-01-10 14:40:43 +00:00
|
|
|
|
|
|
|
|
2023-04-20 20:45:57 +00:00
|
|
|
@blueprint.route("/media/<path:path>", methods=["GET"])
|
|
|
|
def media(path):
|
2023-03-04 13:45:26 +00:00
|
|
|
"""
|
|
|
|
Returns a file from the uploads folder
|
2023-04-20 20:45:57 +00:00
|
|
|
r for resolution, thumb for thumbnail etc
|
|
|
|
e for extension, jpg, png etc
|
2023-03-04 13:45:26 +00:00
|
|
|
"""
|
2023-04-20 20:45:57 +00:00
|
|
|
res = request.args.get("r", default=None, type=str)
|
|
|
|
ext = request.args.get("e", default=None, type=str)
|
|
|
|
# path = secure_filename(path)
|
2023-03-14 22:07:17 +00:00
|
|
|
|
2023-03-02 13:19:10 +00:00
|
|
|
# if no args are passed, return the raw file
|
2023-04-04 14:21:16 +00:00
|
|
|
if not res and not ext:
|
2023-04-20 20:45:57 +00:00
|
|
|
if not os.path.exists(os.path.join(current_app.config["MEDIA_FOLDER"], path)):
|
2023-03-04 13:45:26 +00:00
|
|
|
abort(404)
|
2023-04-20 20:45:57 +00:00
|
|
|
return send_from_directory(current_app.config["MEDIA_FOLDER"], path)
|
2023-03-26 23:34:03 +00:00
|
|
|
|
2023-04-20 20:45:57 +00:00
|
|
|
thumb = generate_thumbnail(path, res, ext)
|
2023-03-26 20:58:17 +00:00
|
|
|
if not thumb:
|
2023-03-04 13:45:26 +00:00
|
|
|
abort(404)
|
2023-03-26 23:34:03 +00:00
|
|
|
|
2023-03-26 20:58:17 +00:00
|
|
|
return send_from_directory(os.path.dirname(thumb), os.path.basename(thumb))
|
2023-01-25 15:13:56 +00:00
|
|
|
|
2023-01-11 19:46:31 +00:00
|
|
|
|
2023-04-07 12:35:30 +00:00
|
|
|
@blueprint.route("/upload", methods=["POST"])
|
2023-01-11 19:46:31 +00:00
|
|
|
@login_required
|
|
|
|
def upload():
|
2023-03-04 13:45:26 +00:00
|
|
|
"""
|
|
|
|
Uploads an image to the server and saves it to the database
|
|
|
|
"""
|
2023-04-07 12:35:30 +00:00
|
|
|
form_file = request.files["file"]
|
2023-01-11 19:46:31 +00:00
|
|
|
form = request.form
|
2023-01-13 18:29:07 +00:00
|
|
|
|
2023-03-14 22:07:17 +00:00
|
|
|
# If no image is uploaded, return 404 error
|
2023-01-13 18:29:07 +00:00
|
|
|
if not form_file:
|
2023-01-11 19:46:31 +00:00
|
|
|
return abort(404)
|
2023-01-25 15:13:56 +00:00
|
|
|
|
2023-03-14 22:07:17 +00:00
|
|
|
# Get file extension, generate random name and set file path
|
2023-04-07 12:35:30 +00:00
|
|
|
img_ext = pathlib.Path(form_file.filename).suffix.replace(".", "").lower()
|
2023-04-05 16:35:59 +00:00
|
|
|
img_name = "GWAGWA_" + str(uuid4())
|
2023-04-07 12:35:30 +00:00
|
|
|
img_path = os.path.join(
|
|
|
|
current_app.config["UPLOAD_FOLDER"], img_name + "." + img_ext
|
|
|
|
)
|
2023-01-11 19:46:31 +00:00
|
|
|
|
2023-03-14 22:07:17 +00:00
|
|
|
# Check if file extension is allowed
|
2023-04-07 12:35:30 +00:00
|
|
|
if img_ext not in current_app.config["ALLOWED_EXTENSIONS"].keys():
|
|
|
|
logging.info("File extension not allowed: %s", img_ext)
|
2023-01-14 01:46:11 +00:00
|
|
|
abort(403)
|
2023-03-02 13:19:10 +00:00
|
|
|
|
2023-01-25 15:13:56 +00:00
|
|
|
# Save file
|
2023-01-13 18:29:07 +00:00
|
|
|
try:
|
2023-03-05 16:22:11 +00:00
|
|
|
form_file.save(img_path)
|
2023-04-02 16:50:52 +00:00
|
|
|
except OSError as err:
|
2023-04-07 12:35:30 +00:00
|
|
|
logging.info("Error saving file %s because of %s", img_path, err)
|
2023-01-13 18:29:07 +00:00
|
|
|
abort(500)
|
2023-01-25 15:13:56 +00:00
|
|
|
|
2023-03-14 22:07:17 +00:00
|
|
|
img_exif = mt.Metadata(img_path).yoink() # Get EXIF data
|
2023-04-02 16:50:52 +00:00
|
|
|
img_colors = ColorThief(img_path).get_palette(color_count=3) # Get color palette
|
2023-03-14 22:07:17 +00:00
|
|
|
|
2023-03-05 16:22:11 +00:00
|
|
|
# Save to database
|
2023-04-12 15:16:43 +00:00
|
|
|
query = Post(
|
2023-04-07 12:35:30 +00:00
|
|
|
author_id=current_user.id,
|
|
|
|
filename=img_name + "." + img_ext,
|
|
|
|
mimetype=img_ext,
|
|
|
|
exif=img_exif,
|
|
|
|
colours=img_colors,
|
|
|
|
description=form["description"],
|
|
|
|
alt=form["alt"],
|
|
|
|
)
|
2023-04-02 16:50:52 +00:00
|
|
|
|
2023-04-09 19:12:35 +00:00
|
|
|
db.session.add(query)
|
|
|
|
db.session.commit()
|
2023-04-02 16:50:52 +00:00
|
|
|
|
2023-04-07 12:35:30 +00:00
|
|
|
return "Gwa Gwa" # Return something so the browser doesn't show an error
|
2023-01-11 19:46:31 +00:00
|
|
|
|
2023-03-11 22:14:03 +00:00
|
|
|
|
2023-04-07 12:35:30 +00:00
|
|
|
@blueprint.route("/delete/<int:image_id>", methods=["POST"])
|
2023-01-11 19:46:31 +00:00
|
|
|
@login_required
|
2023-03-09 23:31:58 +00:00
|
|
|
def delete_image(image_id):
|
2023-03-04 13:45:26 +00:00
|
|
|
"""
|
|
|
|
Deletes an image from the server and database
|
|
|
|
"""
|
2023-04-20 19:20:58 +00:00
|
|
|
post = db.get_or_404(Post, image_id)
|
2023-01-11 19:46:31 +00:00
|
|
|
|
2023-03-26 20:58:17 +00:00
|
|
|
# Check if image exists and if user is allowed to delete it (author)
|
2023-04-12 15:16:43 +00:00
|
|
|
if post.author_id != current_user.id:
|
2023-01-11 19:46:31 +00:00
|
|
|
abort(403)
|
2023-01-25 15:13:56 +00:00
|
|
|
|
2023-03-26 20:58:17 +00:00
|
|
|
# Delete file
|
2023-01-11 19:46:31 +00:00
|
|
|
try:
|
2023-04-12 15:16:43 +00:00
|
|
|
os.remove(os.path.join(current_app.config["UPLOAD_FOLDER"], post.filename))
|
2023-03-04 13:45:26 +00:00
|
|
|
except FileNotFoundError:
|
2023-04-07 12:35:30 +00:00
|
|
|
logging.warning(
|
2023-04-12 15:16:43 +00:00
|
|
|
"File not found: %s, already deleted or never existed", post.filename
|
2023-04-07 12:35:30 +00:00
|
|
|
)
|
2023-01-25 15:13:56 +00:00
|
|
|
|
2023-03-26 20:58:17 +00:00
|
|
|
# Delete cached files
|
2023-04-12 15:16:43 +00:00
|
|
|
cache_name = post.filename.rsplit(".")[0]
|
2023-04-20 19:20:58 +00:00
|
|
|
for cache_file in pathlib.Path(current_app.config["CACHE_FOLDER"]).glob(cache_name + "*"):
|
2023-03-26 23:34:03 +00:00
|
|
|
os.remove(cache_file)
|
2023-03-14 22:07:17 +00:00
|
|
|
|
2023-04-12 15:16:43 +00:00
|
|
|
GroupJunction.query.filter_by(post_id=image_id).delete()
|
2023-04-09 19:12:35 +00:00
|
|
|
db.session.delete(post)
|
|
|
|
db.session.commit()
|
2023-01-25 15:13:56 +00:00
|
|
|
|
2023-04-12 15:16:43 +00:00
|
|
|
logging.info("Removed image (%s) %s", image_id, post.filename)
|
2023-04-07 12:35:30 +00:00
|
|
|
flash(["Image was all in Le Head!", "1"])
|
|
|
|
return "Gwa Gwa"
|
2023-01-31 17:32:22 +00:00
|
|
|
|
2023-01-31 23:44:44 +00:00
|
|
|
|
2023-04-07 12:35:30 +00:00
|
|
|
@blueprint.route("/group/create", methods=["POST"])
|
2023-03-09 23:31:58 +00:00
|
|
|
@login_required
|
|
|
|
def create_group():
|
|
|
|
"""
|
|
|
|
Creates a group
|
|
|
|
"""
|
2023-04-12 15:16:43 +00:00
|
|
|
new_group = Group(
|
2023-04-07 12:35:30 +00:00
|
|
|
name=request.form["name"],
|
|
|
|
description=request.form["description"],
|
|
|
|
author_id=current_user.id,
|
|
|
|
)
|
2023-03-14 22:07:17 +00:00
|
|
|
|
2023-04-09 19:12:35 +00:00
|
|
|
db.session.add(new_group)
|
|
|
|
db.session.commit()
|
2023-03-14 22:07:17 +00:00
|
|
|
|
2023-04-07 12:35:30 +00:00
|
|
|
return ":3"
|
2023-03-09 23:31:58 +00:00
|
|
|
|
|
|
|
|
2023-04-07 12:35:30 +00:00
|
|
|
@blueprint.route("/group/modify", methods=["POST"])
|
2023-03-09 23:31:58 +00:00
|
|
|
@login_required
|
|
|
|
def modify_group():
|
|
|
|
"""
|
|
|
|
Changes the images in a group
|
|
|
|
"""
|
2023-04-07 12:35:30 +00:00
|
|
|
group_id = request.form["group"]
|
|
|
|
image_id = request.form["image"]
|
|
|
|
action = request.form["action"]
|
2023-03-14 22:07:17 +00:00
|
|
|
|
2023-04-12 15:16:43 +00:00
|
|
|
group = db.get_or_404(Group, group_id)
|
2023-04-12 15:21:56 +00:00
|
|
|
db.get_or_404(Post, image_id) # Check if image exists
|
2023-03-10 17:38:24 +00:00
|
|
|
|
2023-04-12 15:16:43 +00:00
|
|
|
if group.author_id != current_user.id:
|
2023-03-10 17:38:24 +00:00
|
|
|
abort(403)
|
|
|
|
|
2023-04-12 15:18:13 +00:00
|
|
|
if (
|
|
|
|
action == "add"
|
|
|
|
and not GroupJunction.query.filter_by(
|
|
|
|
group_id=group_id, post_id=image_id
|
|
|
|
).first()
|
|
|
|
):
|
2023-04-12 15:16:43 +00:00
|
|
|
db.session.add(GroupJunction(group_id=group_id, post_id=image_id))
|
2023-04-07 12:35:30 +00:00
|
|
|
elif request.form["action"] == "remove":
|
2023-04-12 15:16:43 +00:00
|
|
|
GroupJunction.query.filter_by(group_id=group_id, post_id=image_id).delete()
|
2023-03-14 22:07:17 +00:00
|
|
|
|
2023-04-09 19:12:35 +00:00
|
|
|
db.session.commit()
|
2023-04-07 12:35:30 +00:00
|
|
|
return ":3"
|
2023-03-09 23:31:58 +00:00
|
|
|
|
|
|
|
|
2023-04-07 12:35:30 +00:00
|
|
|
@blueprint.route("/group/delete", methods=["POST"])
|
2023-04-04 20:45:35 +00:00
|
|
|
def delete_group():
|
2023-03-04 13:45:26 +00:00
|
|
|
"""
|
2023-04-04 20:45:35 +00:00
|
|
|
Deletes a group
|
2023-03-04 13:45:26 +00:00
|
|
|
"""
|
2023-04-07 12:35:30 +00:00
|
|
|
group_id = request.form["group"]
|
2023-04-20 19:20:58 +00:00
|
|
|
group = db.get_or_404(Group, group_id)
|
2023-01-31 17:32:22 +00:00
|
|
|
|
2023-04-20 19:20:58 +00:00
|
|
|
if group.author_id != current_user.id:
|
2023-04-04 20:45:35 +00:00
|
|
|
abort(403)
|
2023-01-31 23:44:44 +00:00
|
|
|
|
2023-04-12 15:16:43 +00:00
|
|
|
GroupJunction.query.filter_by(group_id=group_id).delete()
|
|
|
|
db.session.delete(group)
|
2023-04-09 19:12:35 +00:00
|
|
|
db.session.commit()
|
2023-01-31 17:32:22 +00:00
|
|
|
|
2023-04-07 12:35:30 +00:00
|
|
|
flash(["Group yeeted!", "1"])
|
|
|
|
return ":3"
|
2023-04-20 20:45:57 +00:00
|
|
|
|
|
|
|
|
|
|
|
@blueprint.route("/user/picture/<int:user_id>", methods=["POST"])
|
|
|
|
def user_picture(user_id):
|
|
|
|
"""
|
|
|
|
Returns the profile of a user
|
|
|
|
"""
|
|
|
|
user = db.get_or_404(User, user_id)
|
|
|
|
file = request.files["file"]
|
|
|
|
|
|
|
|
# If no image is uploaded, return 404 error
|
|
|
|
if not file:
|
|
|
|
return abort(404)
|
|
|
|
elif user.id != current_user.id:
|
|
|
|
return abort(403)
|
|
|
|
|
|
|
|
# Get file extension, generate random name and set file path
|
|
|
|
img_ext = pathlib.Path(file.filename).suffix.replace(".", "").lower()
|
|
|
|
img_name = str(user.id)
|
|
|
|
img_path = os.path.join(current_app.config["PFP_FOLDER"], img_name + "." + img_ext)
|
|
|
|
|
|
|
|
# Check if file extension is allowed
|
|
|
|
if img_ext not in current_app.config["ALLOWED_EXTENSIONS"].keys():
|
|
|
|
logging.info("File extension not allowed: %s", img_ext)
|
|
|
|
abort(403)
|
|
|
|
|
|
|
|
if user.picture:
|
|
|
|
os.remove(os.path.join(current_app.config["PFP_FOLDER"], user.picture))
|
2023-04-21 16:20:22 +00:00
|
|
|
# Delete cached files
|
|
|
|
cache_name = user.picture.rsplit(".")[0]
|
|
|
|
for cache_file in pathlib.Path(current_app.config["CACHE_FOLDER"]).glob(cache_name + "*"):
|
|
|
|
os.remove(cache_file)
|
2023-04-20 20:45:57 +00:00
|
|
|
|
|
|
|
# Save file
|
|
|
|
try:
|
|
|
|
file.save(img_path)
|
|
|
|
except OSError as err:
|
|
|
|
logging.info("Error saving file %s because of %s", img_path, err)
|
|
|
|
abort(500)
|
|
|
|
|
|
|
|
img_colors = ColorThief(img_path).get_color() # Get color palette
|
|
|
|
|
|
|
|
# Save to database
|
|
|
|
user.colour = img_colors
|
|
|
|
user.picture = str(img_name + "." + img_ext)
|
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
return "Gwa Gwa" # Return something so the browser doesn't show an error
|
|
|
|
|
|
|
|
@blueprint.route("/user/username/<int:user_id>", methods=["POST"])
|
|
|
|
def user_username(user_id):
|
|
|
|
"""
|
|
|
|
Returns the profile of a user
|
|
|
|
"""
|
|
|
|
user = db.get_or_404(User, user_id)
|
|
|
|
new_name = request.form["name"]
|
|
|
|
|
|
|
|
username_regex = re.compile(r"\b[A-Za-z0-9._-]+\b")
|
|
|
|
|
|
|
|
# Validate the form
|
|
|
|
if not new_name or not username_regex.match(new_name):
|
|
|
|
abort(400)
|
|
|
|
elif user.id != current_user.id:
|
|
|
|
return abort(403)
|
|
|
|
|
|
|
|
# Save to database
|
|
|
|
user.username = new_name
|
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
return "Gwa Gwa" # Return something so the browser doesn't show an error
|