|
|
@ -8,10 +8,10 @@ from pymongo import MongoClient, DESCENDING # ASCENDING |
|
|
|
import datetime |
|
|
|
import datetime |
|
|
|
import dateutil.parser |
|
|
|
import dateutil.parser |
|
|
|
import bson |
|
|
|
import bson |
|
|
|
from settings import mongo_config, app_password, app_user |
|
|
|
from settings import mongo_config, app_password, app_user, app_secret |
|
|
|
from datetime import timedelta |
|
|
|
from datetime import timedelta |
|
|
|
from functools import update_wrapper |
|
|
|
from functools import update_wrapper |
|
|
|
from auth import requires_auth, csrf_token_generator |
|
|
|
from auth import requires_auth, csrf_token_generator, generate_auth_token |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def crossdomain(origin=None, methods=None, headers=None, |
|
|
|
def crossdomain(origin=None, methods=None, headers=None, |
|
|
@ -66,7 +66,7 @@ app = Flask(__name__) |
|
|
|
# Load default config and override config from an environment variable |
|
|
|
# Load default config and override config from an environment variable |
|
|
|
app.config.update(dict( |
|
|
|
app.config.update(dict( |
|
|
|
DEBUG=True, |
|
|
|
DEBUG=True, |
|
|
|
SECRET_KEY='development key', |
|
|
|
SECRET_KEY=app_secret, |
|
|
|
USERNAME=app_user, |
|
|
|
USERNAME=app_user, |
|
|
|
PASSWORD=app_password, |
|
|
|
PASSWORD=app_password, |
|
|
|
)) |
|
|
|
)) |
|
|
@ -81,16 +81,16 @@ miscObjHandler = lambda obj: ( |
|
|
|
else str(obj) if isinstance(obj, bson.objectid.ObjectId) else None) |
|
|
|
else str(obj) if isinstance(obj, bson.objectid.ObjectId) else None) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@app.before_request |
|
|
|
# @app.before_request |
|
|
|
def csrf_protect(): |
|
|
|
# def csrf_protect(): |
|
|
|
''' |
|
|
|
# ''' |
|
|
|
Skip CSRF-token for RESTful service |
|
|
|
# Skip CSRF-token for RESTful service |
|
|
|
ref: http://flask.pocoo.org/snippets/3/ |
|
|
|
# ref: http://flask.pocoo.org/snippets/3/ |
|
|
|
''' |
|
|
|
# ''' |
|
|
|
if request.method == "POST" and not request.json: |
|
|
|
# if request.method == "POST" and not request.json: |
|
|
|
token = session.pop('_csrf_token', None) |
|
|
|
# token = session.pop('_csrf_token', None) |
|
|
|
if not token or token != request.form.get('_csrf_token'): |
|
|
|
# if not token or token != request.form.get('_csrf_token'): |
|
|
|
abort(403) |
|
|
|
# abort(403) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/') |
|
|
|
@app.route('/') |
|
|
@ -101,10 +101,10 @@ def hello_world(): |
|
|
|
return render_template('layout.html') |
|
|
|
return render_template('layout.html') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/movies/', methods=['GET'], defaults={'option': 'nowshowing'}) |
|
|
|
@app.route('/movies/', methods=['GET']) |
|
|
|
@app.route('/movies/<option>/', methods=['GET']) |
|
|
|
@app.route('/movies/<option>/', methods=['GET']) |
|
|
|
@crossdomain(origin='*') |
|
|
|
@crossdomain(origin='*') |
|
|
|
def movie_list(option): |
|
|
|
def movie_list(option=''): |
|
|
|
_opt = ('nowshowing', 'comingsoon', 'older') |
|
|
|
_opt = ('nowshowing', 'comingsoon', 'older') |
|
|
|
option = option if option in _opt else 'nowshowing' |
|
|
|
option = option if option in _opt else 'nowshowing' |
|
|
|
query = {} |
|
|
|
query = {} |
|
|
@ -121,6 +121,10 @@ def movie_list(option): |
|
|
|
for i in result: |
|
|
|
for i in result: |
|
|
|
if 'original' in i['title']: |
|
|
|
if 'original' in i['title']: |
|
|
|
i['original_title'] = i['title']['original'] |
|
|
|
i['original_title'] = i['title']['original'] |
|
|
|
|
|
|
|
## disable some heavy overload data |
|
|
|
|
|
|
|
for j in ('tmdb', 'videos'): |
|
|
|
|
|
|
|
if j in i: |
|
|
|
|
|
|
|
del i[j] |
|
|
|
# i['title'] = i['title'][lang] |
|
|
|
# i['title'] = i['title'][lang] |
|
|
|
# i['cast'] = i['cast'][lang] |
|
|
|
# i['cast'] = i['cast'][lang] |
|
|
|
# i['tagline'] = i['tagline'][lang] |
|
|
|
# i['tagline'] = i['tagline'][lang] |
|
|
@ -351,7 +355,21 @@ def check_basic_auth(user, passwd): |
|
|
|
return True |
|
|
|
return True |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/api/token', methods=['GET']) |
|
|
|
|
|
|
|
@crossdomain(origin='*') |
|
|
|
|
|
|
|
def get_token(): |
|
|
|
|
|
|
|
auth = request.authorization |
|
|
|
|
|
|
|
if not check_basic_auth(auth.username, auth.password): |
|
|
|
|
|
|
|
abort(401) |
|
|
|
|
|
|
|
token = generate_auth_token(app_user) |
|
|
|
|
|
|
|
r = make_response( |
|
|
|
|
|
|
|
dumps({'token': token.decode('ascii')}, default=miscObjHandler)) |
|
|
|
|
|
|
|
r.mimetype = 'application/json' |
|
|
|
|
|
|
|
return r |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/login', methods=['GET', 'POST']) |
|
|
|
@app.route('/login', methods=['GET', 'POST']) |
|
|
|
|
|
|
|
@crossdomain(origin='*') |
|
|
|
def login(): |
|
|
|
def login(): |
|
|
|
error = None |
|
|
|
error = None |
|
|
|
if request.method == 'POST': |
|
|
|
if request.method == 'POST': |
|
|
|