diff options
Diffstat (limited to 'pyload/webui/app/api.py')
| -rw-r--r-- | pyload/webui/app/api.py | 29 |
1 files changed, 14 insertions, 15 deletions
diff --git a/pyload/webui/app/api.py b/pyload/webui/app/api.py index 35dbe9009..99a7c2998 100644 --- a/pyload/webui/app/api.py +++ b/pyload/webui/app/api.py @@ -1,12 +1,11 @@ # -*- coding: utf-8 -*- +import itertools import traceback import urllib -from itertools import chain - -from SafeEval import const_eval as literal_eval -from bottle import route, request, response, HTTPError +import SafeEval +import bottle from pyload.Api import BaseObject from pyload.utils import json @@ -24,8 +23,8 @@ class TBaseEncoder(json.JSONEncoder): # accepting positional arguments, as well as kwargs via post and get -@route('/api/<func><args:re:[a-zA-Z0-9\-_/\"\'\[\]%{},]*>') -@route('/api/<func><args:re:[a-zA-Z0-9\-_/\"\'\[\]%{},]*>', method='POST') +@bottle.route('/api/<func><args:re:[a-zA-Z0-9\-_/\"\'\[\]%{},]*>') +@bottle.route('/api/<func><args:re:[a-zA-Z0-9\-_/\"\'\[\]%{},]*>', method='POST') def call_api(func, args=""): response.headers.replace("Content-type", "application/json") response.headers.append("Cache-Control", "no-cache, must-revalidate") @@ -35,15 +34,15 @@ def call_api(func, args=""): s = s.get_by_id(request.POST['session']) if not s or not s.get("authenticated", False): - return HTTPError(403, json.dumps("Forbidden")) + return bottle.HTTPError(403, json.dumps("Forbidden")) if not PYLOAD.isAuthorized(func, {"role": s['role'], "permission": s['perms']}): - return HTTPError(401, json.dumps("Unauthorized")) + return bottle.HTTPError(401, json.dumps("Unauthorized")) args = args.split("/")[1:] kwargs = {} - for x, y in chain(request.GET.iteritems(), request.POST.iteritems()): + for x, y in itertools.chain(request.GET.iteritems(), request.POST.iteritems()): if x == "session": continue kwargs[x] = urllib.unquote(y) @@ -52,23 +51,23 @@ def call_api(func, args=""): return callApi(func, *args, **kwargs) except Exception, e: traceback.print_exc() - return HTTPError(500, json.dumps({"error": e.message, "traceback": traceback.format_exc()})) + return bottle.HTTPError(500, json.dumps({"error": e.message, "traceback": traceback.format_exc()})) def callApi(func, *args, **kwargs): if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"): print "Invalid API call", func - return HTTPError(404, json.dumps("Not Found")) + return bottle.HTTPError(404, json.dumps("Not Found")) - result = getattr(PYLOAD, func)(*[literal_eval(x) for x in args], - **dict((x, literal_eval(y)) for x, y in kwargs.iteritems())) + result = getattr(PYLOAD, func)(*[SafeEval.const_eval(x) for x in args], + **dict((x, SafeEval.const_eval(y)) for x, y in kwargs.iteritems())) # null is invalid json response return json.dumps(result or True, cls=TBaseEncoder) # post -> username, password -@route('/api/login', method='POST') +@bottle.route('/api/login', method='POST') def login(): response.headers.replace("Content-type", "application/json") response.headers.append("Cache-Control", "no-cache, must-revalidate") @@ -91,7 +90,7 @@ def login(): return json.dumps(True) -@route('/api/logout') +@bottle.route('/api/logout') def logout(): response.headers.replace("Content-type", "application/json") response.headers.append("Cache-Control", "no-cache, must-revalidate") |