add requirements.txt flask_views and flask_login create a has_permission and read_permission functionpull/5/head
parent
bfaab9fc77
commit
ce28cf59b6
@ -0,0 +1,18 @@ |
||||
class Get: |
||||
method = 'GET' |
||||
|
||||
|
||||
class List: |
||||
method = 'GET' |
||||
|
||||
|
||||
class Delete: |
||||
method = 'DELETE' |
||||
|
||||
|
||||
class Update: |
||||
method = 'PUT' |
||||
|
||||
|
||||
class Create: |
||||
method = 'POST' |
@ -0,0 +1,43 @@ |
||||
from urllib.parse import urljoin |
||||
|
||||
from flask import Flask |
||||
from mongoengine import Document |
||||
|
||||
from restapi.views import ApiView |
||||
from restapi import Methods |
||||
|
||||
|
||||
class MongoApi: |
||||
app: Flask = None |
||||
|
||||
def __init__(self, app: Flask): |
||||
self.app = app |
||||
|
||||
def register_model(self, model: any, uri: str = None, name: str = None) -> None: |
||||
if not getattr(model, '_meta').get('methods'): |
||||
raise Exception("{} model methods not set".format(model.__name__)) |
||||
if not uri: |
||||
uri = model.__name__.lower() |
||||
if uri[:-1] != "/": |
||||
uri = uri + "/" |
||||
if uri[0] != "/": |
||||
uri = "/" + uri |
||||
if not name: |
||||
name = model.__name__ |
||||
self.app.add_url_rule( |
||||
uri, |
||||
methods=(method.method for method in getattr(model, '_meta').get('methods') if |
||||
method not in (Methods.Get, Methods.Update)), |
||||
view_func=ApiView.as_view(name, model=model)) |
||||
|
||||
single = [] |
||||
if Methods.Update in getattr(model, '_meta').get('methods'): |
||||
single.append('PUT') |
||||
|
||||
if Methods.Get in getattr(model, '_meta').get('methods'): |
||||
single.append('GET') |
||||
if single: |
||||
self.app.add_url_rule( |
||||
urljoin(uri, '<pk>/'), |
||||
methods=single, |
||||
view_func=ApiView.as_view("{}_GET_PUT".format(name), model=model)) |
@ -0,0 +1,11 @@ |
||||
from flask import request |
||||
from flask_jwt_extended.utils import verify_token_claims |
||||
from flask_jwt_extended.view_decorators import _decode_jwt_from_request |
||||
|
||||
|
||||
|
||||
|
||||
def get_jwt_from_request(): |
||||
jwt_data, jwt_header = _decode_jwt_from_request(request_type='access') |
||||
verify_token_claims(jwt_data) |
||||
return jwt_data['identity'] |
@ -0,0 +1,199 @@ |
||||
from bson import ObjectId |
||||
from flask import request |
||||
from mongoengine import Document, ObjectIdField, ListField, \ |
||||
EmbeddedDocumentField, ReferenceField, ImageField, FileField, DecimalField, QuerySet |
||||
from base64 import b64encode |
||||
|
||||
from mongoengine.base import BaseField |
||||
|
||||
|
||||
class Resource: |
||||
model: Document = None |
||||
qs: dict = {} |
||||
eqs: dict = {} |
||||
build_reference: bool = False |
||||
base64_image: bool = True |
||||
base64_image_as_full: bool = False |
||||
limit: int = 10 |
||||
offset: int = 0 |
||||
fields: list = [] |
||||
ignore_fields: list = [] |
||||
mask_fields: dict = {} |
||||
meta: dict = {} |
||||
as_pk: str = 'id' |
||||
query_document: Document = None |
||||
|
||||
def __init__(self, model: Document): |
||||
self.model = model |
||||
self.limit = 10 |
||||
if 'no_image' in request.args: |
||||
self.base64_image = False |
||||
if 'with_sub_docs' in request.args: |
||||
self.build_reference = request.args.get('with_sub_docs') |
||||
if 'thumb' in request.args: |
||||
self.base64_image = True |
||||
self.base64_image_as_full = False |
||||
if 'full_image' in request.args: |
||||
self.base64_image = True |
||||
self.base64_image_as_full = True |
||||
if 'limit' in request.args: |
||||
self.limit = int(request.args.get('limit')) |
||||
if 'fields' in request.args: |
||||
self.fields = request.args.get('fields') |
||||
if 'offset' in request.args: |
||||
self.offset = int(request.args.get('offset')) |
||||
self.meta = getattr(self.model, '_meta') |
||||
|
||||
if 'ignore_fields' in self.meta: |
||||
self.ignore_fields = self.meta.get('ignore_fields') |
||||
if 'with_sub_docs' in self.meta: |
||||
self.build_reference = self.meta.get('with_sub_docs') |
||||
if 'mask_fields' in self.meta: |
||||
self.mask_fields = self.meta.get('mask_fields') |
||||
if 'document' in self.meta: |
||||
self.model = self.meta.get('document') |
||||
if 'query' in self.meta: |
||||
self.qs = self.meta.get('query') |
||||
if 'as_pk' in self.meta: |
||||
self.as_pk = self.meta.get('as_pk') |
||||
if 'query_document' in self.meta: |
||||
self.query_document = self.meta.get('query_document') |
||||
|
||||
def external_query(self, qs: dict): |
||||
self.eqs = qs |
||||
|
||||
def query(self, qs: dict) -> None: |
||||
|
||||
self.qs = qs |
||||
|
||||
def to_json(self, pk: str = None) -> tuple: |
||||
query = {} |
||||
if self.qs: |
||||
for key, val in self.qs.items(): |
||||
if callable(val): |
||||
query.update({key: val()}) |
||||
else: |
||||
query.update({key: val}) |
||||
if self.query_document: |
||||
query = {} |
||||
if self.eqs: |
||||
for key, val in self.eqs.items(): |
||||
if callable(val): |
||||
query.update({key: val()}) |
||||
else: |
||||
query.update({key: val}) |
||||
data = self.query_document.objects.filter(**query) |
||||
field_name = "" |
||||
for i in self.model._fields_ordered: |
||||
try: |
||||
if isinstance(getattr(self.model, i).document_type, self.query_document.__class__): |
||||
field_name = i + "__in" |
||||
except: |
||||
pass |
||||
query.clear() |
||||
query = {field_name: [i.id for i in data]} |
||||
for key, val in self.qs.items(): |
||||
if callable(val): |
||||
query.update({key: val()}) |
||||
else: |
||||
query.update({key: val}) |
||||
print(query) |
||||
data = self.model.objects.filter(**query) |
||||
|
||||
count = data.count() |
||||
if pk: |
||||
json_data = self.parse_fields(data.get(**{self.as_pk: pk}), self.model) |
||||
else: |
||||
data = data[self.offset:self.limit + self.offset] |
||||
json_data = [] |
||||
for item in data: |
||||
item_data = self.parse_fields(item, self.model) |
||||
json_data.append(item_data) |
||||
return count, json_data |
||||
|
||||
def parse_field(self, field: BaseField, value: any) -> any: |
||||
|
||||
if isinstance(field, ObjectIdField): |
||||
return str(value) |
||||
elif isinstance(field, ReferenceField): |
||||
|
||||
if self.build_reference: |
||||
return self.parse_fields(value, field.document_type) |
||||
if value: |
||||
return str(value.id) |
||||
else: |
||||
return value |
||||
|
||||
elif isinstance(field, ImageField): |
||||
if self.base64_image and value: |
||||
if self.base64_image_as_full: |
||||
file = b64encode(value.read()).decode("utf-8") |
||||
else: |
||||
try: |
||||
file = b64encode(value.thumbnail.read()).decode("utf-8") |
||||
except: |
||||
file = b64encode(value.read()).decode("utf-8") |
||||
return { |
||||
"size": value.size, |
||||
"upload_date": value.gridout.upload_date, |
||||
"format": value.format, |
||||
"base64": file |
||||
} |
||||
else: |
||||
if value: |
||||
return { |
||||
"size": value.size |
||||
} |
||||
else: |
||||
return None |
||||
elif isinstance(field, DecimalField): |
||||
return float(value) |
||||
elif isinstance(field, FileField): |
||||
return "file" |
||||
elif isinstance(field, ListField): |
||||
if isinstance(field.field, EmbeddedDocumentField): |
||||
return [self.parse_fields(item, field.field.document_type) for item in value] |
||||
elif isinstance(field.field, ReferenceField) and self.build_reference: |
||||
return [self.parse_fields(item, field.field.document_type) for item in value] |
||||
else: |
||||
return [self.parse_field(field.field, item) for item in value] |
||||
elif isinstance(value, QuerySet): |
||||
if value.count() > 0: |
||||
return [self.parse_fields(i, value._document) for i in value] |
||||
|
||||
else: |
||||
return value |
||||
|
||||
def parse_fields(self, item: Document, model: Document) -> dict: |
||||
parsed_item = {} |
||||
|
||||
fields = list(getattr(model, "_fields_ordered")) |
||||
if self.model != model: |
||||
in_meta = getattr(model,'_meta') |
||||
if in_meta.get('ignore_fields'): |
||||
self.ignore_fields += in_meta.get('ignore_fields') |
||||
for key, val in model.__dict__.items(): |
||||
if isinstance(getattr(model, key), property): |
||||
fields.append(key) |
||||
for i in fields: |
||||
if i not in self.ignore_fields: |
||||
field = getattr(model, i) |
||||
if i not in self.mask_fields: |
||||
if not item is None: |
||||
value = getattr(item, i) |
||||
else: |
||||
value = None |
||||
else: |
||||
value = getattr(item, i) |
||||
if self.mask_fields.get(i) == 'all': |
||||
value = '*************' |
||||
elif self.mask_fields.get(i) == 'email': |
||||
value = '{}****@{}***.{}'.format(value[0], value.split("@")[1][0], |
||||
'.'.join(value.split("@")[1].split(".")[1:])) |
||||
else: |
||||
value = '*************' |
||||
if not value is None: |
||||
parsed_item.update({i: self.parse_field(field, value)}) |
||||
else: |
||||
parsed_item.update({i: None}) |
||||
return parsed_item |
@ -0,0 +1,122 @@ |
||||
import json |
||||
import time |
||||
|
||||
import mongoengine |
||||
from flask import jsonify, request |
||||
from flask_views.base import View |
||||
from mongoengine import ValidationError, DoesNotExist, InvalidQueryError |
||||
from werkzeug.exceptions import Unauthorized, NotFound |
||||
|
||||
from restapi.resource import Resource |
||||
|
||||
|
||||
class ApiView(View): |
||||
model = None |
||||
authentication_methods = [] |
||||
def __init__(self, model): |
||||
self.start = time.time() |
||||
self.model = model |
||||
self.resource = Resource(self.model) |
||||
|
||||
def dispatch_request(self, *args, **kwargs): |
||||
# keep all the logic in a helper method (_dispatch_request) so that |
||||
# it's easy for subclasses to override this method without them also having to copy/paste all the |
||||
# authentication logic, etc. |
||||
return self._dispatch_request(*args, **kwargs) |
||||
|
||||
def _dispatch_request(self, *args, **kwargs): |
||||
authorized = True if len(self.authentication_methods) == 0 else False |
||||
for authentication_method in self.authentication_methods: |
||||
if authentication_method().authorized(): |
||||
authorized = True |
||||
if not authorized: |
||||
return {'error': 'Unauthorized'}, '401 Unauthorized' |
||||
|
||||
try: |
||||
return super(ApiView, self).dispatch_request(*args, **kwargs) |
||||
except mongoengine.queryset.DoesNotExist as e: |
||||
return {'error': 'Empty query: ' + str(e)}, '404 Not Found' |
||||
except ValidationError as e: |
||||
return e.args[0], '400 Bad Request' |
||||
except Unauthorized: |
||||
return {'error': 'Unauthorized'}, '401 Unauthorized' |
||||
except NotFound as e: |
||||
return {'error': str(e)}, '404 Not Found' |
||||
|
||||
def get(self, *args, **kwargs): |
||||
|
||||
if 'pk' in kwargs: |
||||
try: |
||||
count, data = self.resource.to_json(pk=kwargs.get('pk')) |
||||
response = { |
||||
'response': data, |
||||
'status': True, |
||||
'info': { |
||||
'took': time.time() - self.start |
||||
}, |
||||
} |
||||
except (ValidationError, DoesNotExist) as e: |
||||
kwargs.update({'code': 404}) |
||||
response = { |
||||
"status": False, |
||||
"errors": "Object not found" |
||||
} |
||||
else: |
||||
if "query" in request.args and self.model._meta.get('can_query'): |
||||
self.resource.external_query(json.loads(request.args.get('query'))) |
||||
count, data = self.resource.to_json() |
||||
response = { |
||||
'response': data, |
||||
'info': { |
||||
'offset': self.resource.offset, |
||||
'limit': self.resource.limit, |
||||
'status': True, |
||||
'total': count, |
||||
'took': time.time() - self.start |
||||
}, |
||||
} |
||||
|
||||
return jsonify(response), kwargs.get('code', 200) |
||||
|
||||
def post(self, *args, **kwargs): |
||||
try: |
||||
item = self.model(**request.json) |
||||
item.validate() |
||||
except ValidationError as v: |
||||
return jsonify({ |
||||
'status': False, |
||||
'errors': [{"field": field, "error": str(error)} for field, error in v.__dict__.get('errors').items() if |
||||
isinstance(error, ValidationError) and field[0] != "_"] |
||||
}), 400 |
||||
except Exception as e: |
||||
return jsonify({ |
||||
'status': False, |
||||
'errors': str(e) |
||||
}), 400 |
||||
data = item.save() |
||||
return self.get(pk=data.id, code=201) |
||||
|
||||
def put(self, *args, **kwargs): |
||||
if "pk" not in kwargs: |
||||
return jsonify({ |
||||
'status': False, |
||||
"error":"Method not allowed" |
||||
}), 403 |
||||
else: |
||||
try: |
||||
self.model.objects(id=kwargs.get('pk')).update(**request.json) |
||||
return self.get(pk=kwargs.get('pk')) |
||||
except ValidationError as v: |
||||
print(v.__dict__) |
||||
return jsonify({ |
||||
'status': False, |
||||
'errors': [{"field": v.__dict__.get('field_name'), "error": v.__dict__.get('_message')}] |
||||
}), 400 |
||||
except InvalidQueryError as e: |
||||
return jsonify({ |
||||
'status': False, |
||||
'errors': str(e) |
||||
}), 400 |
||||
|
||||
def delete(self, *args, **kwargs): |
||||
"delete method" |
Loading…
Reference in new issue