geovisio 2.7.1__py3-none-any.whl → 2.8.0__py3-none-any.whl

geovisio/web/map.py

@@ -215,10 +215,21 @@ def getStyle():
 def getTile(z: int, x: int, y: int, format: str):
     """Get pictures and sequences as vector tiles
 
-    Vector tiles contains different layers based on zoom level : sequences, pictures or grid.
+    Vector tiles contains different layers based on zoom level : grid, sequences or pictures.
+
+    Layer "grid":
+      - Available on zoom levels 0 to 7 (excluded)
+      - Available properties:
+        - id
+        - nb_pictures
+        - nb_360_pictures (number of 360° pictures)
+        - nb_flat_pictures (number of flat pictures)
+        - coef (value from 0 to 1, relative quantity of available pictures)
+        - coef_360_pictures (value from 0 to 1, relative quantity of available 360° pictures)
+        - coef_flat_pictures (value from 0 to 1, relative quantity of available flat pictures)
 
     Layer "sequences":
-      - Available on zoom levels >= 6
+      - Available on zoom levels >= 7 (and simplified version on zoom >= 6 and < 7)
       - Available properties:
         - id (sequence ID)
         - account_id
@@ -229,28 +240,19 @@ def getTile(z: int, x: int, y: int, format: str):
         - h_pixel_density (number of pixels on horizon per field of view degree)
 
     Layer "pictures":
-      - Available on zoom levels >= 13
+      - Available on zoom levels >= 15
       - Available properties:
         - id (picture ID)
         - account_id
         - ts (picture date/time)
         - heading (picture heading in degrees)
-            - sequences (list of sequences ID this pictures belongs to)
         - type (flat or equirectangular)
+        - hidden (picture visibility, true or false)
         - model (camera make and model)
         - gps_accuracy (95% confidence interval of GPS position precision, in meters)
         - h_pixel_density (number of pixels on horizon per field of view degree)
-
-    Layer "grid":
-      - Available on zoom levels 0 to 5 (included)
-      - Available properties:
-        - id
-        - nb_pictures
-        - nb_360_pictures (number of 360° pictures)
-        - nb_flat_pictures (number of flat pictures)
-        - coef (value from 0 to 1, relative quantity of available pictures)
-        - coef_360_pictures (value from 0 to 1, relative quantity of available 360° pictures)
-        - coef_flat_pictures (value from 0 to 1, relative quantity of available flat pictures)
+        - sequences (list of sequences ID this pictures belongs to)
+        - first_sequence (sequence ID, first from the list)
 
     ---
     tags:
@@ -260,7 +262,7 @@ def getTile(z: int, x: int, y: int, format: str):
     parameters:
         - name: z
           in: path
-          description: Zoom level (6 to 14)
+          description: Zoom level (6 to 15)
           required: true
           schema:
             type: number
@@ -421,7 +423,8 @@ def _get_query(z: int, x: int, y: int, onlyForUser: Optional[UUID], additional_f
                     TRIM(CONCAT(p.metadata->>'make', ' ', p.metadata->>'model')) AS model,
                     gps_accuracy_m AS gps_accuracy,
                     h_pixel_density,
-                    array_to_json(ARRAY_AGG(sp.seq_id)) AS sequences
+                    array_to_json(ARRAY_AGG(sp.seq_id)) AS sequences,
+                    MIN(sp.seq_id::varchar) AS first_sequence
                 FROM pictures p
                 LEFT JOIN sequences_pictures sp ON p.id = sp.pic_id
                 LEFT JOIN sequences s ON s.id = sp.seq_id
@@ -536,7 +539,34 @@ def getUserStyle(userId: UUID):
 @user_dependant_response(True)
 def getUserTile(userId: UUID, z: int, x: int, y: int, format: str):
     """Get pictures and sequences as vector tiles for a specific user.
-    This tile will contain the same layers as the generic tiles (from `/map/z/x/y.format` route), but with sequences properties on all levels
+
+    Vector tiles contains different layers based on zoom level : sequences, lowzoom_360pictures or pictures.
+
+    Layer "sequences":
+      - Available on all zoom levels
+      - Available properties:
+        - id (sequence ID)
+        - account_id
+        - model (camera make and model)
+        - type (flat or equirectangular)
+        - date (capture date, as YYYY-MM-DD)
+        - gps_accuracy (95% confidence interval of GPS position precision, in meters)
+        - h_pixel_density (number of pixels on horizon per field of view degree)
+
+    Layer "pictures":
+      - Available on zoom levels >= 15
+      - Available properties:
+        - id (picture ID)
+        - account_id
+        - ts (picture date/time)
+        - heading (picture heading in degrees)
+        - type (flat or equirectangular)
+        - hidden (picture visibility, true or false)
+        - model (camera make and model)
+        - gps_accuracy (95% confidence interval of GPS position precision, in meters)
+        - h_pixel_density (number of pixels on horizon per field of view degree)
+        - sequences (list of sequences ID this pictures belongs to)
+        - first_sequence (sequence ID, first from the list)
 
     ---
     tags:

geovisio/web/pages.py

@@ -0,0 +1,240 @@
+from flask import current_app, request, url_for, Blueprint
+from pydantic import BaseModel, ConfigDict
+from enum import Enum
+from typing import List
+from geovisio.utils import db, auth
+from geovisio.utils.link import Link, make_link
+from geovisio.errors import InvalidAPIUsage
+from flask_babel import gettext as _
+from psycopg.sql import SQL
+
+bp = Blueprint("pages", __name__, url_prefix="/api")
+
+
+class PageName(Enum):
+    end_user_license_agreement = "end-user-license-agreement"
+    terms_of_service = "terms-of-service"
+    end_user_license_agreement_summary = "end-user-license-agreement-summary"
+
+
+class PageLanguage(BaseModel):
+    """A specific language for the page"""
+
+    language: str
+    """The language (as ISO 639-2 code)"""
+
+    links: List[Link]
+    """Link to page content"""
+
+
+class PageSummary(BaseModel):
+    """Page summary"""
+
+    name: PageName
+    """Page name"""
+    languages: List[PageLanguage]
+    """Available translations"""
+
+    model_config = ConfigDict(use_attribute_docstrings=True)
+
+
+def check_page_name(v: str) -> PageName:
+    try:
+        return PageName(v)
+    except ValueError:
+        raise InvalidAPIUsage(_("Page name is not recognized"), status_code=400)
+
+
+@bp.route("/pages/<page>", methods=["GET"])
+def getPageLanguages(page):
+    """List available languages for a single page
+    ---
+    tags:
+        - Configuration
+    parameters:
+        - name: page
+          in: path
+          description: Page name
+          required: true
+          schema:
+            $ref: '#/components/schemas/GeoVisioPageName'
+    responses:
+        200:
+            description: the languages list
+            content:
+                application/json:
+                    schema:
+                        $ref: '#/components/schemas/GeoVisioPageSummary'
+    """
+
+    name = check_page_name(page)
+    langs = [d[0] for d in db.fetchall(current_app, SQL("SELECT lang FROM pages WHERE name = %(name)s"), {"name": name.value})]
+
+    # If page doesn't exist yet, send empty list of languages
+    if langs is None or len(langs) == 0:
+        langs = []
+
+    summary = PageSummary(
+        name=name,
+        languages=[PageLanguage(language=l, links=[make_link(rel="self", route="pages.getPage", page=name.value, lang=l)]) for l in langs],
+    )
+
+    return (
+        summary.model_dump_json(exclude_none=True),
+        200,
+        {
+            "Content-Type": "application/json",
+        },
+    )
+
+
+@bp.route("/pages/<page>/<lang>", methods=["GET"])
+def getPage(page, lang):
+    """Get page HTML content for a certain language
+    ---
+    tags:
+        - Configuration
+    parameters:
+        - name: page
+          in: path
+          description: Page name
+          required: true
+          schema:
+            $ref: '#/components/schemas/GeoVisioPageName'
+        - name: lang
+          in: path
+          description: Language ISO 639-2 code
+          required: true
+          schema:
+            type: string
+    responses:
+        200:
+            description: the HTML content for this page
+            content:
+                text/html:
+                    schema:
+                        type: string
+    """
+
+    page = check_page_name(page)
+    page_content = db.fetchone(
+        current_app,
+        SQL("SELECT content FROM pages WHERE name = %(name)s AND lang = %(lang)s"),
+        {"name": page.value, "lang": lang},
+    )
+
+    if page_content is None:
+        raise InvalidAPIUsage(_("Page not available in language %(l)s", l=lang), status_code=404)
+
+    return (
+        page_content[0],
+        200,
+        {
+            "Content-Type": "text/html",
+        },
+    )
+
+
+@bp.route("/pages/<page>/<lang>", methods=["POST", "PUT"])
+@auth.login_required()
+def postPage(page, lang, account):
+    """Save HTML content for a certain language of a page.
+
+    This call is only available for account with admin role.
+    ---
+    tags:
+        - Configuration
+    parameters:
+        - name: page
+          in: path
+          description: Page name
+          required: true
+          schema:
+            $ref: '#/components/schemas/GeoVisioPageName'
+        - name: lang
+          in: path
+          description: Language ISO 639-2 code
+          required: true
+          schema:
+            type: string
+    security:
+        - bearerToken: []
+        - cookieAuth: []
+    requestBody:
+        content:
+            text/html:
+                schema:
+                    type: string
+    responses:
+        200:
+            description: Successfully saved
+    """
+
+    name = check_page_name(page)
+
+    if not account.can_edit_pages():
+        raise InvalidAPIUsage(_("You must be logged-in as admin to edit pages"), 403)
+    if request.content_type != "text/html":
+        raise InvalidAPIUsage(_("Page content must be HTML (with " "Content-Type: text/html" " header set)"), 400)
+
+    with db.execute(
+        current_app,
+        SQL(
+            """
+INSERT INTO pages (name, lang, content)
+VALUES (%(name)s, %(lang)s, %(content)s)
+ON CONFLICT (name, lang) DO UPDATE SET content=EXCLUDED.content
+        """
+        ),
+        {"name": name.value, "lang": lang, "content": request.get_data(as_text=True)},
+    ) as res:
+        if not res.rowcount:
+            raise InvalidAPIUsage(_("Could not update page content"), 500)
+
+    return "", 200
+
+
+@bp.route("/pages/<page>/<lang>", methods=["DELETE"])
+@auth.login_required()
+def deletePage(page, lang, account):
+    """Delete HTML content for a certain language of a page.
+
+    This call is only available for account with admin role.
+    ---
+    tags:
+        - Configuration
+    parameters:
+        - name: page
+          in: path
+          description: Page name
+          required: true
+          schema:
+            $ref: '#/components/schemas/GeoVisioPageName'
+        - name: lang
+          in: path
+          description: Language ISO 639-2 code
+          required: true
+          schema:
+            type: string
+    security:
+        - bearerToken: []
+        - cookieAuth: []
+    responses:
+        200:
+            description: Successfully deleted
+    """
+
+    name = check_page_name(page)
+
+    if not account.can_edit_pages():
+        raise InvalidAPIUsage(_("You must be logged-in as admin to edit pages"), 403)
+
+    with db.execute(
+        current_app, SQL("DELETE FROM pages WHERE name = %(name)s AND lang = %(lang)s"), {"name": name.value, "lang": lang}
+    ) as res:
+        if res.rowcount == 0:
+            raise InvalidAPIUsage(_("Page not available in language %(l)s", l=lang), status_code=404)
+        elif not res.rowcount:
+            raise InvalidAPIUsage(_("Could not delete page content"), 500)
+
+    return "", 200

geovisio/web/params.py

@@ -358,6 +358,23 @@ def parse_filter(value: Optional[str]) -> Optional[sql.SQL]:
         return None
 
 
+def parse_picture_heading(heading: Optional[str]) -> Optional[int]:
+    if heading is None:
+        return None
+    try:
+        heading = int(heading)
+        if heading < 0 or heading > 360:
+            raise ValueError()
+        return heading
+    except ValueError:
+        raise errors.InvalidAPIUsage(
+            _(
+                "Heading is not valid, should be an integer in degrees from 0° to 360°. North is 0°, East = 90°, South = 180° and West = 270°."
+            ),
+            status_code=400,
+        )
+
+
 class _FilterAstUpdated(Evaluator):
     """
     We alter the parsed AST in order to always query for 'hidden' pictures when we query for 'deleted' ones

geovisio/web/prepare.py

@@ -0,0 +1,165 @@
+from flask import current_app, request, url_for, Blueprint
+from geovisio import errors
+from geovisio.utils import auth
+from psycopg.rows import dict_row
+from psycopg.types.json import Jsonb
+from psycopg.sql import SQL
+from flask_babel import gettext as _
+from pydantic import BaseModel, ConfigDict, ValidationError
+
+from geovisio.utils.params import validation_error
+
+bp = Blueprint("prepare", __name__, url_prefix="/api")
+
+
+class PreparationParameter(BaseModel):
+    """Parameters used control the behaviour of the preparation process"""
+
+    skip_blurring: bool = False
+    """If true, the picture will not be blurred again"""
+
+    def as_sql(self):
+        return Jsonb({"skip_blurring": self.skip_blurring}) if self.skip_blurring else None
+
+    model_config = ConfigDict(use_attribute_docstrings=True)
+
+
+@bp.route("/collections/<uuid:collectionId>/items/<uuid:itemId>/prepare", methods=["POST"])
+def prepareItem(collectionId, itemId, account=None):
+    """Ask for preparation of a picture. The picture will be blurred if needed, and derivates will be generated.
+    ---
+    tags:
+        - Pictures
+    parameters:
+        - name: collectionId
+          in: path
+          description: ID of collection
+          required: true
+          schema:
+            type: string
+        - name: itemId
+          in: path
+          description: ID of item
+          required: true
+          schema:
+            type: string
+    requestBody:
+        content:
+            application/json:
+                schema:
+                    $ref: '#/components/schemas/PreparationParameter'
+    responses:
+        202:
+            description: Empty response for the moment, but later we might return a way to track the progress of the preparation
+            content:
+                application/json:
+                    schema:
+                        type: object
+    """
+    try:
+        params = PreparationParameter(**(request.json if request.is_json else {}))
+    except ValidationError as ve:
+        raise errors.InvalidAPIUsage(_("Impossible to parse parameters"), payload=validation_error(ve))
+
+    with current_app.pool.connection() as conn:
+        with conn.cursor(row_factory=dict_row) as cursor:
+            account = auth.get_current_account()
+            accountId = account.id if account else None
+
+            record = cursor.execute(
+                SQL(
+                    """SELECT 1 
+FROM pictures p
+JOIN sequences_pictures sp ON p.id = sp.pic_id
+WHERE
+    p.id = %(pic)s
+    AND sp.seq_id = %(seq)s
+    AND (p.account_id = %(acc)s OR p.status != 'hidden')"""
+                ),
+                {"pic": itemId, "seq": collectionId, "acc": accountId},
+            ).fetchone()
+
+            if not record:
+                raise errors.InvalidAPIUsage(
+                    _("Picture %(p)s wasn't found in database", p=itemId),
+                    status_code=404,
+                )
+
+            cursor.execute(
+                SQL("INSERT INTO job_queue(picture_id, task, args) VALUES (%(pic)s, 'prepare', %(args)s)"),
+                {"pic": itemId, "args": params.as_sql()},
+            )
+
+    # run background task to prepare the picture
+    current_app.background_processor.process_pictures()  # type: ignore
+
+    return {}, 202, {"Content-Type": "application/json"}
+
+
+@bp.route("/collections/<uuid:collectionId>/prepare", methods=["POST"])
+def prepareCollection(collectionId, account=None):
+    """Ask for preparation of all the pictures of a collection. The pictures will be blurred if needed, and derivates will be generated.
+    ---
+    tags:
+        - Sequences
+    parameters:
+        - name: collectionId
+          in: path
+          description: ID of collection
+          required: true
+          schema:
+            type: string
+    requestBody:
+        content:
+            application/json:
+                schema:
+                    $ref: '#/components/schemas/PreparationParameter'
+    responses:
+        202:
+            description: Empty response for the moment, but later we might return a way to track the progress of the preparation
+            content:
+                application/json:
+                    schema:
+                        type: object
+    """
+    try:
+        params = PreparationParameter(**(request.json if request.is_json else {}))
+    except ValidationError as ve:
+        raise errors.InvalidAPIUsage(_("Impossible to parse parameters"), payload=validation_error(ve))
+
+    with current_app.pool.connection() as conn:
+        with conn.cursor(row_factory=dict_row) as cursor:
+            account = auth.get_current_account()
+            accountId = account.id if account else None
+
+            record = cursor.execute(
+                SQL(
+                    """SELECT 1 
+FROM sequences
+WHERE
+    id = %(seq)s
+    AND (account_id = %(acc)s OR status != 'hidden')"""
+                ),
+                {"seq": collectionId, "acc": accountId},
+            ).fetchone()
+
+            if not record:
+                raise errors.InvalidAPIUsage(
+                    _("Collection %(c)s wasn't found in database", c=collectionId),
+                    status_code=404,
+                )
+
+            cursor.execute(
+                SQL(
+                    """INSERT INTO job_queue(picture_id, task, args) 
+SELECT pic_id, 'prepare', %(args)s
+FROM sequences_pictures
+WHERE seq_id = %(seq)s"""
+                ),
+                {"seq": collectionId, "args": params.as_sql()},
+            )
+
+    # run background task to prepare the picture
+    current_app.background_processor.process_pictures()  # type: ignore
+
+    return {}, 202, {"Content-Type": "application/json"}

geovisio/web/stac.py

@@ -82,11 +82,11 @@ def getLanding():
             if spatial_xmin is not None or temporal_min is not None
             else None
         )
-
+        apiSum = current_app.config["API_SUMMARY"]
         catalog = dbSequencesToStacCatalog(
             id="geovisio",
-            title=current_app.config["API_SUMMARY"].name.get("en"),
-            description=current_app.config["API_SUMMARY"].description.get("en"),
+            title=apiSum.name.get("en"),
+            description=apiSum.description.get("en"),
             sequences=[],
             request=request,
             extent=extent,
@@ -112,7 +112,17 @@ def getLanding():
         if "stac_extensions" not in catalog:
             catalog["stac_extensions"] = []
 
-        catalog["stac_extensions"] += ["https://stac-extensions.github.io/web-map-links/v1.0.0/schema.json"]
+        catalog["stac_extensions"] += [
+            "https://stac-extensions.github.io/web-map-links/v1.0.0/schema.json",
+            "https://stac-extensions.github.io/contacts/v0.1.1/schema.json",
+        ]
+
+        catalog["contacts"] = [
+            {
+                "name": apiSum.name.get("en"),
+                "emails": [{"value": apiSum.email}],
+            },
+        ]
 
         catalog["links"] += cleanNoneInList(
             [
@@ -299,10 +309,13 @@ def dbSequencesToStacCollection(id, title, description, sequences, request, exte
 @auth.isUserIdMatchingCurrentAccount()
 def getUserCatalog(userId, userIdMatchesAccount=False):
     """Retrieves an user list of sequences (catalog)
+
+    Note that this route is deprecated in favor of `/api/users/<uuid:userId>/collection`. This new route provides more information and offers more filtering and sorting options.
     ---
     tags:
         - Sequences
         - Users
+    deprecated: true
     parameters:
         - name: userId
           in: path

geovisio/web/tokens.py

@@ -7,7 +7,7 @@ from authlib.jose import jwt
 from authlib.jose.errors import DecodeError
 import logging
 import uuid
-from geovisio.utils import auth, db
+from geovisio.utils import auth, db, website
 from geovisio import errors, utils
 
 
@@ -222,9 +222,7 @@ def claim_non_associated_token(token_id, account):
     """
     with db.cursor(current_app, row_factory=dict_row) as cursor:
         token = cursor.execute(
-            """
-            SELECT account_id FROM tokens WHERE id = %(token)s
-            """,
+            "SELECT account_id FROM tokens WHERE id = %(token)s",
             {"token": token_id},
         ).fetchone()
         if not token:
@@ -241,6 +239,18 @@ def claim_non_associated_token(token_id, account):
             "UPDATE tokens SET account_id = %(account)s WHERE id = %(token)s",
             {"account": account.id, "token": token_id},
         )
+
+        next_url = None
+        if account.tos_accepted is False and current_app.config["API_ENFORCE_TOS_ACCEPTANCE"]:
+            # if the tos have not been accepted, we redirect to the website page to accept it (with a redirect afterward to the token associated page)
+            next_url = current_app.config["API_WEBSITE_URL"].tos_validation_page({"next_url": "/token-accepted"})
+        else:
+            next_url = current_app.config["API_WEBSITE_URL"].cli_token_accepted_page()
+
+        if next_url:
+            # if there is an associated website, we redirect with a nice page explaining the token association
+            return flask.redirect(next_url)
+        # else we return a simple text to explain it
         return "You are now logged in the CLI, you can upload your pictures", 200
 
 

geovisio/web/upload_set.py

@@ -185,8 +185,7 @@ def getUploadSet(upload_set_id):
 
 
 @bp.route("/upload_sets/<uuid:upload_set_id>/files", methods=["GET"])
-@auth.login_required_by_setting("API_FORCE_AUTH_ON_UPLOAD")
-def getUploadSetFiles(upload_set_id, account=None):
+def getUploadSetFiles(upload_set_id):
     """List the files of an UploadSet
     ---
     tags:
@@ -210,13 +209,20 @@ def getUploadSetFiles(upload_set_id, account=None):
                     schema:
                         $ref: '#/components/schemas/GeoVisioUploadSetFiles'
     """
+    account = utils.auth.get_current_account()
+
     u = get_simple_upload_set(upload_set_id)
     if u is None:
         raise errors.InvalidAPIUsage(_("UploadSet doesn't exist"), status_code=404)
-    if account is not None and account.id != str(u.account_id):
-        raise errors.InvalidAPIUsage(_("You're not authorized to list pictures in this upload set"), status_code=403)
 
     upload_set_files = get_upload_set_files(upload_set_id)
+
+    if account is None or account.id != str(u.account_id):
+        # if the user is not the owner of the upload set, we remove the picture_id since we might leak too many information
+        # not sure about this one, this could evolve in the future
+        for f in upload_set_files.files:
+            f.picture_id = None
+
     return upload_set_files.model_dump_json(exclude_none=True), 200, {"Content-Type": "application/json"}