Verified Commit 4130cde4 authored by Egor Dubenetskiy's avatar Egor Dubenetskiy 🚴🏼

Аутентифицировать при создании поста

parent 42aedd00
......@@ -3,7 +3,7 @@
import json
from flask import request
from pony import orm
from ..root import check_user
from ...models import Post
......@@ -30,7 +30,18 @@ def init(app):
@orm.db_session
def api_posts_post():
request_json = request.get_json()
# TODO: Check user credentials
app_id = app.config['APP_ID']
app_secret = app.config['APP_SECRET']
viewer_id = request_json.get('viewer_id', None)
hash = request_json.get('hash', None)
if not check_user(app_id, viewer_id, app_secret, hash):
return json.dumps({
'status': 'error',
'error': {
'type': 'unauthorized_access_attempt',
'message': 'please provide VK user credentials',
}
})
post = Post(summary=request_json('summary', None),
details=request_json.get('details', None),
source=request_json.get('source', None),
......@@ -38,7 +49,7 @@ def init(app):
video=request_json.get('video', None),
latitude=request_json.get('latitude', None),
longitude=request_json.get('longitude', None),
author=request_json.get('author', None),
author=viewer_id,
state='pending')
orm.commit()
return json.dumps({
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment