mirror of
https://github.com/JonathanHerrewijnen/calibre-web.git
synced 2024-11-14 07:03:50 +00:00
bbf6d9b026
Bugfix for feeds - removed categories related and up - load new books now working - category random now working login page is free of non accessible elements boolean custom column is vivible in UI books with only with certain languages can be shown book shelfs can be deleted from UI Anonymous user view is more resticted Added browse of series in sidebar Dependencys in vendor folder are updated to newer versions (licencs files are now present) Bugfix editing Authors names Made upload on windows working
273 lines
9.0 KiB
Python
273 lines
9.0 KiB
Python
# -*- coding: utf-8 -*-
|
|
"""
|
|
flask.jsonimpl
|
|
~~~~~~~~~~~~~~
|
|
|
|
Implementation helpers for the JSON support in Flask.
|
|
|
|
:copyright: (c) 2015 by Armin Ronacher.
|
|
:license: BSD, see LICENSE for more details.
|
|
"""
|
|
import io
|
|
import uuid
|
|
from datetime import date
|
|
from .globals import current_app, request
|
|
from ._compat import text_type, PY2
|
|
|
|
from werkzeug.http import http_date
|
|
from jinja2 import Markup
|
|
|
|
# Use the same json implementation as itsdangerous on which we
|
|
# depend anyways.
|
|
try:
|
|
from itsdangerous import simplejson as _json
|
|
except ImportError:
|
|
from itsdangerous import json as _json
|
|
|
|
|
|
# Figure out if simplejson escapes slashes. This behavior was changed
|
|
# from one version to another without reason.
|
|
_slash_escape = '\\/' not in _json.dumps('/')
|
|
|
|
|
|
__all__ = ['dump', 'dumps', 'load', 'loads', 'htmlsafe_dump',
|
|
'htmlsafe_dumps', 'JSONDecoder', 'JSONEncoder',
|
|
'jsonify']
|
|
|
|
|
|
def _wrap_reader_for_text(fp, encoding):
|
|
if isinstance(fp.read(0), bytes):
|
|
fp = io.TextIOWrapper(io.BufferedReader(fp), encoding)
|
|
return fp
|
|
|
|
|
|
def _wrap_writer_for_text(fp, encoding):
|
|
try:
|
|
fp.write('')
|
|
except TypeError:
|
|
fp = io.TextIOWrapper(fp, encoding)
|
|
return fp
|
|
|
|
|
|
class JSONEncoder(_json.JSONEncoder):
|
|
"""The default Flask JSON encoder. This one extends the default simplejson
|
|
encoder by also supporting ``datetime`` objects, ``UUID`` as well as
|
|
``Markup`` objects which are serialized as RFC 822 datetime strings (same
|
|
as the HTTP date format). In order to support more data types override the
|
|
:meth:`default` method.
|
|
"""
|
|
|
|
def default(self, o):
|
|
"""Implement this method in a subclass such that it returns a
|
|
serializable object for ``o``, or calls the base implementation (to
|
|
raise a :exc:`TypeError`).
|
|
|
|
For example, to support arbitrary iterators, you could implement
|
|
default like this::
|
|
|
|
def default(self, o):
|
|
try:
|
|
iterable = iter(o)
|
|
except TypeError:
|
|
pass
|
|
else:
|
|
return list(iterable)
|
|
return JSONEncoder.default(self, o)
|
|
"""
|
|
if isinstance(o, date):
|
|
return http_date(o.timetuple())
|
|
if isinstance(o, uuid.UUID):
|
|
return str(o)
|
|
if hasattr(o, '__html__'):
|
|
return text_type(o.__html__())
|
|
return _json.JSONEncoder.default(self, o)
|
|
|
|
|
|
class JSONDecoder(_json.JSONDecoder):
|
|
"""The default JSON decoder. This one does not change the behavior from
|
|
the default simplejson decoder. Consult the :mod:`json` documentation
|
|
for more information. This decoder is not only used for the load
|
|
functions of this module but also :attr:`~flask.Request`.
|
|
"""
|
|
|
|
|
|
def _dump_arg_defaults(kwargs):
|
|
"""Inject default arguments for dump functions."""
|
|
if current_app:
|
|
kwargs.setdefault('cls', current_app.json_encoder)
|
|
if not current_app.config['JSON_AS_ASCII']:
|
|
kwargs.setdefault('ensure_ascii', False)
|
|
kwargs.setdefault('sort_keys', current_app.config['JSON_SORT_KEYS'])
|
|
else:
|
|
kwargs.setdefault('sort_keys', True)
|
|
kwargs.setdefault('cls', JSONEncoder)
|
|
|
|
|
|
def _load_arg_defaults(kwargs):
|
|
"""Inject default arguments for load functions."""
|
|
if current_app:
|
|
kwargs.setdefault('cls', current_app.json_decoder)
|
|
else:
|
|
kwargs.setdefault('cls', JSONDecoder)
|
|
|
|
|
|
def dumps(obj, **kwargs):
|
|
"""Serialize ``obj`` to a JSON formatted ``str`` by using the application's
|
|
configured encoder (:attr:`~flask.Flask.json_encoder`) if there is an
|
|
application on the stack.
|
|
|
|
This function can return ``unicode`` strings or ascii-only bytestrings by
|
|
default which coerce into unicode strings automatically. That behavior by
|
|
default is controlled by the ``JSON_AS_ASCII`` configuration variable
|
|
and can be overridden by the simplejson ``ensure_ascii`` parameter.
|
|
"""
|
|
_dump_arg_defaults(kwargs)
|
|
encoding = kwargs.pop('encoding', None)
|
|
rv = _json.dumps(obj, **kwargs)
|
|
if encoding is not None and isinstance(rv, text_type):
|
|
rv = rv.encode(encoding)
|
|
return rv
|
|
|
|
|
|
def dump(obj, fp, **kwargs):
|
|
"""Like :func:`dumps` but writes into a file object."""
|
|
_dump_arg_defaults(kwargs)
|
|
encoding = kwargs.pop('encoding', None)
|
|
if encoding is not None:
|
|
fp = _wrap_writer_for_text(fp, encoding)
|
|
_json.dump(obj, fp, **kwargs)
|
|
|
|
|
|
def loads(s, **kwargs):
|
|
"""Unserialize a JSON object from a string ``s`` by using the application's
|
|
configured decoder (:attr:`~flask.Flask.json_decoder`) if there is an
|
|
application on the stack.
|
|
"""
|
|
_load_arg_defaults(kwargs)
|
|
if isinstance(s, bytes):
|
|
s = s.decode(kwargs.pop('encoding', None) or 'utf-8')
|
|
return _json.loads(s, **kwargs)
|
|
|
|
|
|
def load(fp, **kwargs):
|
|
"""Like :func:`loads` but reads from a file object.
|
|
"""
|
|
_load_arg_defaults(kwargs)
|
|
if not PY2:
|
|
fp = _wrap_reader_for_text(fp, kwargs.pop('encoding', None) or 'utf-8')
|
|
return _json.load(fp, **kwargs)
|
|
|
|
|
|
def htmlsafe_dumps(obj, **kwargs):
|
|
"""Works exactly like :func:`dumps` but is safe for use in ``<script>``
|
|
tags. It accepts the same arguments and returns a JSON string. Note that
|
|
this is available in templates through the ``|tojson`` filter which will
|
|
also mark the result as safe. Due to how this function escapes certain
|
|
characters this is safe even if used outside of ``<script>`` tags.
|
|
|
|
The following characters are escaped in strings:
|
|
|
|
- ``<``
|
|
- ``>``
|
|
- ``&``
|
|
- ``'``
|
|
|
|
This makes it safe to embed such strings in any place in HTML with the
|
|
notable exception of double quoted attributes. In that case single
|
|
quote your attributes or HTML escape it in addition.
|
|
|
|
.. versionchanged:: 0.10
|
|
This function's return value is now always safe for HTML usage, even
|
|
if outside of script tags or if used in XHTML. This rule does not
|
|
hold true when using this function in HTML attributes that are double
|
|
quoted. Always single quote attributes if you use the ``|tojson``
|
|
filter. Alternatively use ``|tojson|forceescape``.
|
|
"""
|
|
rv = dumps(obj, **kwargs) \
|
|
.replace(u'<', u'\\u003c') \
|
|
.replace(u'>', u'\\u003e') \
|
|
.replace(u'&', u'\\u0026') \
|
|
.replace(u"'", u'\\u0027')
|
|
if not _slash_escape:
|
|
rv = rv.replace('\\/', '/')
|
|
return rv
|
|
|
|
|
|
def htmlsafe_dump(obj, fp, **kwargs):
|
|
"""Like :func:`htmlsafe_dumps` but writes into a file object."""
|
|
fp.write(text_type(htmlsafe_dumps(obj, **kwargs)))
|
|
|
|
|
|
def jsonify(*args, **kwargs):
|
|
"""This function wraps :func:`dumps` to add a few enhancements that make
|
|
life easier. It turns the JSON output into a :class:`~flask.Response`
|
|
object with the :mimetype:`application/json` mimetype. For convenience, it
|
|
also converts multiple arguments into an array or multiple keyword arguments
|
|
into a dict. This means that both ``jsonify(1,2,3)`` and
|
|
``jsonify([1,2,3])`` serialize to ``[1,2,3]``.
|
|
|
|
For clarity, the JSON serialization behavior has the following differences
|
|
from :func:`dumps`:
|
|
|
|
1. Single argument: Passed straight through to :func:`dumps`.
|
|
2. Multiple arguments: Converted to an array before being passed to
|
|
:func:`dumps`.
|
|
3. Multiple keyword arguments: Converted to a dict before being passed to
|
|
:func:`dumps`.
|
|
4. Both args and kwargs: Behavior undefined and will throw an exception.
|
|
|
|
Example usage::
|
|
|
|
from flask import jsonify
|
|
|
|
@app.route('/_get_current_user')
|
|
def get_current_user():
|
|
return jsonify(username=g.user.username,
|
|
email=g.user.email,
|
|
id=g.user.id)
|
|
|
|
This will send a JSON response like this to the browser::
|
|
|
|
{
|
|
"username": "admin",
|
|
"email": "admin@localhost",
|
|
"id": 42
|
|
}
|
|
|
|
|
|
.. versionchanged:: 0.11
|
|
Added support for serializing top-level arrays. This introduces a
|
|
security risk in ancient browsers. See :ref:`json-security` for details.
|
|
|
|
This function's response will be pretty printed if it was not requested
|
|
with ``X-Requested-With: XMLHttpRequest`` to simplify debugging unless
|
|
the ``JSONIFY_PRETTYPRINT_REGULAR`` config parameter is set to false.
|
|
Compressed (not pretty) formatting currently means no indents and no
|
|
spaces after separators.
|
|
|
|
.. versionadded:: 0.2
|
|
"""
|
|
|
|
indent = None
|
|
separators = (',', ':')
|
|
|
|
if current_app.config['JSONIFY_PRETTYPRINT_REGULAR'] and not request.is_xhr:
|
|
indent = 2
|
|
separators = (', ', ': ')
|
|
|
|
if args and kwargs:
|
|
raise TypeError('jsonify() behavior undefined when passed both args and kwargs')
|
|
elif len(args) == 1: # single args are passed directly to dumps()
|
|
data = args[0]
|
|
else:
|
|
data = args or kwargs
|
|
|
|
return current_app.response_class(
|
|
(dumps(data, indent=indent, separators=separators), '\n'),
|
|
mimetype=current_app.config['JSONIFY_MIMETYPE']
|
|
)
|
|
|
|
|
|
def tojson_filter(obj, **kwargs):
|
|
return Markup(htmlsafe_dumps(obj, **kwargs))
|