Tools/QueueStatusServer/handlers/fetchattachment.py - WebKit - Git at Google

 # Copyright (C) 2018 Apple Inc. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
 # are met:
 # 1.  Redistributions of source code must retain the above copyright
 #     notice, this list of conditions and the following disclaimer.
 # 2.  Redistributions in binary form must reproduce the above copyright
 #     notice, this list of conditions and the following disclaimer in the
 #     documentation and/or other materials provided with the distribution.
 #
 # THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' AND
 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 # DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS BE LIABLE FOR
 # ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 from config import authorization
 from google.appengine.ext import webapp
 from model.attachmentdata import AttachmentData


 class FetchAttachment(webapp.RequestHandler):
     def get(self, action, attachment_id_string):
         if action not in ["data", "metadata"]:
             self.error(400)
             return
         if not authorization.is_authorized(self.request):
             # Return an HTTP 404 response code instead of an HTTP 401 to avoid leaking whether
             # the attachment id is known.
             self.error(404)
             return
         attachment_data = AttachmentData.lookup_if_exists(int(attachment_id_string))
         if not attachment_data:
             self.error(404)
             return
         if action == "metadata":
             self.response.out.write(attachment_data.metadata)
         else:
             self.response.out.write(attachment_data.data)
	# Copyright (C) 2018 Apple Inc. All rights reserved.
	#
	# Redistribution and use in source and binary forms, with or without
	# modification, are permitted provided that the following conditions
	# are met:
	# 1. Redistributions of source code must retain the above copyright
	# notice, this list of conditions and the following disclaimer.
	# 2. Redistributions in binary form must reproduce the above copyright
	# notice, this list of conditions and the following disclaimer in the
	# documentation and/or other materials provided with the distribution.
	#
	# THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' AND
	# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
	# DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS BE LIABLE FOR
	# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
	# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
	# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
	# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

	from config import authorization
	from google.appengine.ext import webapp
	from model.attachmentdata import AttachmentData


	class FetchAttachment(webapp.RequestHandler):
	def get(self, action, attachment_id_string):
	if action not in ["data", "metadata"]:
	self.error(400)
	return
	if not authorization.is_authorized(self.request):
	# Return an HTTP 404 response code instead of an HTTP 401 to avoid leaking whether
	# the attachment id is known.
	self.error(404)
	return
	attachment_data = AttachmentData.lookup_if_exists(int(attachment_id_string))
	if not attachment_data:
	self.error(404)
	return
	if action == "metadata":
	self.response.out.write(attachment_data.metadata)
	else:
	self.response.out.write(attachment_data.data)