from flask import request, make_response, jsonify, abort
from app.models import APIToken
+from .support import error
from functools import wraps
def is_api_authd(f):
elif value[0:7].lower() == "bearer ":
access_token = value[7:]
if len(access_token) < 10:
- abort(400)
+ error(400, "API token is too short")
token = APIToken.query.filter_by(access_token=access_token).first()
if token is None:
- abort(403)
+ error(403, "Unknown API token")
else:
- abort(403)
+ abort(403, "Unsupported authentication method")
return f(token=token, *args, **kwargs)
@is_package_page
@is_api_authd
def create_release(token, package):
+ if not token:
+ error(401, "Authentication needed")
+
if not package.checkPerm(token.owner, Permission.APPROVE_RELEASE):
- return error(403, "You do not have the permission to approve releases")
+ error(403, "You do not have the permission to approve releases")
json = request.json
if json is None:
- return error(400, "JSON post data is required")
+ error(400, "JSON post data is required")
for option in ["method", "title", "ref"]:
if json.get(option) is None:
- return error(400, option + " is required in the POST data")
-
+ error(400, option + " is required in the POST data")
if json["method"].lower() != "git":
- return error(400, "Release-creation methods other than git are not supported")
+ error(400, "Release-creation methods other than git are not supported")
return handleCreateRelease(token, package, json["title"], json["ref"])
from app.models import PackageRelease, db, Permission
from app.tasks.importtasks import makeVCSRelease
from celery import uuid
-from flask import jsonify, make_response, url_for
+from flask import jsonify, abort, url_for
import datetime
def error(status, message):
- return make_response(jsonify({ "success": False, "error": message }), status)
+ abort(status, jsonify({ "success": False, "error": message }))
def handleCreateRelease(token, package, title, ref):
You can use the `/api/whoami` to check authentication.
+Tokens can be attained by visiting "API Tokens" on your profile page.
+
## Endpoints
### Misc
* GET `/api/whoami/` - Json dictionary with the following keys:
* `is_authenticated` - True on successful API authentication
* `username` - Username of the user authenticated as, null otherwise.
- * 403 will be thrown on unsupported authentication type, invalid access token, or other errors.
+ * 4xx status codes will be thrown on unsupported authentication type, invalid access token, or other errors.
### Packages