import os import cherrypy import json from datetime import datetime from photoapp.types import Photo, PhotoSet, Tag, TagItem, PhotoStatus, User, known_extensions, known_mimes, \ genuuid, generate_storage_path from photoapp.utils import copysha, get_extension, slugify from photoapp.image import special_magic_fobj from import StorageAdapter from photoapp.dbutils import db from contextlib import closing from decimal import Decimal import traceback class LibraryManager(object): def __init__(self, storage): assert isinstance(storage, StorageAdapter) = storage @cherrypy.expose class PhotosApi(object): def __init__(self, library): self.library = library self.v1 = PhotosApiV1(self.library) @cherrypy.expose class PhotosApiV1(object): def __init__(self, library): self.library = library # TODO: move library to a cherrypy tool self.upload = PhotosApiV1Upload(library) self.byhash = PhotosApiV1ByHash() self.set = PhotosApiV1Set() = PhotosApiV1Download() self.user = PhotosApiV1User() self.stats = PhotosApiV1Stats() = PhotosApiV1Photos() self.tags = PhotosApiV1PhotoTags() def GET(self): cherrypy.response.headers["Content-type"] = "text/plain" return "Hello! This is the Photolib V1 API.\n" @cherrypy.expose class PhotosApiV1Upload(object): def __init__(self, library): self.library = library def POST(self, files, meta): """ upload accepts one photoset (multiple images) """ # TODO stage files in tmp storage since this can DEFINITELY lead to data loss # TODO refactor function stored_files = [] def abort_upload(reason): for file in stored_files: db.rollback() cherrypy.response.status = 400 return {"error": reason} meta = json.loads(meta) if type(files) != list: files = [files] if set([file.filename for file in files]) != set(meta["files"].keys()): raise cherrypy.HTTPError(400, "file metadata missing") dupes = db.query(Photo).filter(Photo.hash.in_([f["hash"] for f in meta["files"].values()])).first() if dupes: return abort_upload(f"file already in database: {dupes.path}") # use the photo's date to build a base path # each file's sha and file extension will be appended to this photo_date = datetime.fromisoformat(meta["date"]) photo_objs = [] for file in files: # build path using the sha and extension. note that we trust the sha the client provided now & verify later # something like 2019/06/25/2019-06-25_19.28.05_cea1a138.png photo_meta = meta["files"][file.filename] ext = get_extension(file.filename) assert ext in known_extensions photo_path = generate_storage_path(photo_date, photo_meta['hash'][0:8], ext) if pass # we trust that the database has enforced uniqueness of this image # return abort_upload(f"file already in library: {photo_path}") # write file to the path (and copy sha while in flight) with closing(, 'wb')) as f: shasum = copysha(file.file, f) stored_files.append(photo_path) # misc input validation # also if sha doesn't match uploaded metadata, abort # TODO don't use asserts try: assert shasum == photo_meta["hash"], "uploaded file didn't match provided sha" with closing(, 'rb')) as f: mime = special_magic_fobj(f, file.filename) assert mime == photo_meta.get("format") and mime in known_mimes, "unknown or invalid mime" assert == photo_meta.get("size"), \ "invalid size, file truncated?" except AssertionError as ae: return abort_upload(str(ae)) # create photo object for this entry p = Photo(uuid=genuuid(), hash=shasum, path=photo_path, format=photo_meta.get("format"), size=photo_meta.get("size"), width=photo_meta.get("width"), # not verified height=photo_meta.get("height"), # not verified orientation=photo_meta.get("orientation"), # not verified fname=photo_meta.get("fname")) photo_objs.append(p) for pob in photo_objs: db.add(pob) if meta["uuid"] is not None: ps = db.query(PhotoSet).filter(PhotoSet.uuid == meta["uuid"]).first() if not ps: return abort_upload("parent uuid not found") ps.files.extend(photo_objs) if not and meta["lat"] and meta["lon"]: = Decimal(meta["lat"]) ps.lon = Decimal(meta["lon"]) else: ps = PhotoSet(uuid=genuuid(), date=photo_date, date_real=photo_date, # TODO support time offsets lat=Decimal(meta["lat"]) if meta["lat"] else None, lon=Decimal(meta["lon"]) if meta["lon"] else None, files=photo_objs) # TODO support title field et db.add(ps) for tag_name in meta["tags"]: tag = db.query(Tag).filter( == tag_name).first() assert tag, "unknown tag name" db.add(TagItem(, set=ps)) ps_json = ps.to_json() # we do this now to avoid a sqlalchemy bug where the object disappears after the commit try: db.commit() except Exception as e: traceback.print_exc() return abort_upload(str(e)) return ps_json @cherrypy.expose class PhotosApiV1ByHash(object): def GET(self, sha): f = db.query(Photo).filter(Photo.hash == sha).first() if not f: raise cherrypy.HTTPError(404) return f.to_json() @cherrypy.expose class PhotosApiV1Set(object): def GET(self, uuid): s = db.query(PhotoSet).filter(PhotoSet.uuid == uuid).first() if not s: raise cherrypy.HTTPError(404) return s.to_json() @cherrypy.expose class PhotosApiV1Download(object): def GET(self, uuid): #TODO fix me f = db.query(Photo).filter(Photo.uuid == uuid).first() if not f: raise cherrypy.HTTPError(404) return cherrypy.lib.static.serve_file(os.path.abspath(os.path.join("./library", f.path)), f.format)#TODO no hardcode path @cherrypy.expose class PhotosApiV1User(object): def GET(self): # list all users return [u.to_json() for u in db.query(User).all()] def DELETE(self, username): # delete user u = db.query(User).filter( == username).first() if not u: raise cherrypy.HTTPError(404) db.delete(u) return "ok" def POST(self, username, password_hash): # create/update user u = db.query(User).filter( == username).first() if u: u.password = password_hash else: db.add(User(name=username, password=password_hash)) return "ok" @cherrypy.expose class PhotosApiV1Stats(object): def GET(self): return {"photos": db.query(PhotoSet).count(), "files": db.query(Photo).count(), "tags": db.query(Tag).count(), "users": db.query(User).count(), "public_photos": db.query(PhotoSet).filter(PhotoSet.status == PhotoStatus.public).count()} @cherrypy.expose @cherrypy.popargs("uuid") class PhotosApiV1Photos(object): def GET(self, uuid=None, page=0, pagesize=50): if uuid: p = db.query(PhotoSet).filter(PhotoSet.uuid == uuid).first() if not p: cherrypy.response.status = 404 return {"error": "not found"} return p.to_json() else: page, pagesize = int(page), int(pagesize) return [p.to_json() for p in db.query(PhotoSet).order_by( * page).limit(pagesize).all()] @cherrypy.expose @cherrypy.popargs("uuid") class PhotosApiV1PhotoTags(object): def GET(self, uuid=None, name=None, page=0, pagesize=50): # getting tag/s if uuid or name: q = db.query(Tag) if uuid: q = q.filter(Tag.uuid == uuid) if name: q = q.filter( == name) t = q.first() if not t: cherrypy.response.status = 404 return {"error": "not found"} return [t.to_json()] else: # getting all tags page, pagesize = int(page), int(pagesize) return [t.to_json() for t in db.query(Tag).order_by( * page).limit(pagesize).all()] def DELETE(self, uuid): # deleting tag tag = db.query(Tag).filter(Tag.uuid == uuid).first() db.query(TagItem).filter(TagItem.tag_id == db.delete(tag) db.commit() return {} def POST(self): # creating tag tagdata = json.loads( tagname = tagdata["name"] db.add(Tag(name=tagname, title=tagdata.get("title", None) or tagname.capitalize(), description=tagdata.get("description", None), slug=slugify(tagname))) db.commit() return {}