# -*- coding: utf-8 -*- from flask import ( Flask, make_response, request, current_app, abort, session, flash, redirect, url_for, render_template ) from simplejson import dumps from pymongo import MongoClient, DESCENDING # ASCENDING import datetime import dateutil.parser import bson from settings import mongo_config, app_password, app_user, app_secret from datetime import timedelta from functools import update_wrapper from auth import requires_auth, csrf_token_generator, generate_auth_token def crossdomain(origin=None, methods=None, headers=None, max_age=21600, attach_to_all=True, automatic_options=True): if methods is not None: methods = ', '.join(sorted(x.upper() for x in methods)) if headers is not None and not isinstance(headers, basestring): headers = ', '.join(x.upper() for x in headers) if not isinstance(origin, basestring): origin = ', '.join(origin) if isinstance(max_age, timedelta): max_age = max_age.total_seconds() def get_methods(): if methods is not None: return methods options_resp = current_app.make_default_options_response() return options_resp.headers['allow'] def decorator(f): def wrapped_function(*args, **kwargs): if automatic_options and request.method == 'OPTIONS': resp = current_app.make_default_options_response() else: resp = make_response(f(*args, **kwargs)) if not attach_to_all and request.method != 'OPTIONS': return resp h = resp.headers h['Access-Control-Allow-Origin'] = origin h['Access-Control-Allow-Methods'] = get_methods() h['Access-Control-Max-Age'] = str(max_age) if headers is not None: h['Access-Control-Allow-Headers'] = headers return resp f.provide_automatic_options = False return update_wrapper(wrapped_function, f) return decorator def generate_csrf_token(): if '_csrf_token' not in session: session['_csrf_token'] = csrf_token_generator() return session['_csrf_token'] app = Flask(__name__) # Load default config and override config from an environment variable app.config.update(dict( DEBUG=True, SECRET_KEY=app_secret, USERNAME=app_user, PASSWORD=app_password, )) app.config.from_envvar('FLASKR_SETTINGS', silent=True) app.jinja_env.globals['csrf_token'] = generate_csrf_token client = MongoClient(mongo_config) db = client.showtimes miscObjHandler = lambda obj: ( obj.isoformat() if isinstance(obj, datetime.datetime) or isinstance(obj, datetime.date) else str(obj) if isinstance(obj, bson.objectid.ObjectId) else None) # @app.before_request # def csrf_protect(): # ''' # Skip CSRF-token for RESTful service # ref: http://flask.pocoo.org/snippets/3/ # ''' # if request.method == "POST" and not request.json: # token = session.pop('_csrf_token', None) # if not token or token != request.form.get('_csrf_token'): # abort(403) @app.route('/') @app.route('/flask/') @crossdomain(origin='*') def hello_world(): # return 'This comes from Flask ^_^' return render_template('layout.html') @app.route('/movies/', methods=['GET']) @app.route('/movies/