Move each flask module into a Blueprint and have CSRF protection only on the API blueprint

endpoints/index.py

@@ -2,7 +2,7 @@ import json
 import logging
 import urlparse
 
-from flask import request, make_response, jsonify, abort, session
+from flask import request, make_response, jsonify, abort, session, Blueprint
 from functools import wraps
 
 from data import model
@@ -18,6 +18,7 @@ from auth.permissions import (ModifyRepositoryPermission, UserPermission,
 
 logger = logging.getLogger(__name__)
 
+index = Blueprint('index', __name__)
 
 def generate_headers(role='read'):
   def decorator_method(f):
@@ -51,8 +52,8 @@ def generate_headers(role='read'):
   return decorator_method
 
 
-@app.route('/v1/users', methods=['POST'])
-@app.route('/v1/users/', methods=['POST'])
+@index.route('/users', methods=['POST'])
+@index.route('/users/', methods=['POST'])
 def create_user():
   user_data = request.get_json()
   username = user_data['username']
@@ -87,8 +88,8 @@ def create_user():
     return make_response('Created', 201)
 
 
-@app.route('/v1/users', methods=['GET'])
-@app.route('/v1/users/', methods=['GET'])
+@index.route('/users', methods=['GET'])
+@index.route('/users/', methods=['GET'])
 @process_auth
 def get_user():
   if get_authenticated_user():  
@@ -99,7 +100,7 @@ def get_user():
   abort(404)
 
 
-@app.route('/v1/users/<username>/', methods=['PUT'])
+@index.route('/users/<username>/', methods=['PUT'])
 @process_auth
 def update_user(username):
   permission = UserPermission(username)
@@ -124,7 +125,7 @@ def update_user(username):
   abort(403)
 
 
-@app.route('/v1/repositories/<path:repository>', methods=['PUT'])
+@index.route('/repositories/<path:repository>', methods=['PUT'])
 @process_auth
 @parse_repository_name
 @generate_headers(role='write')
@@ -192,7 +193,7 @@ def create_repository(namespace, repository):
   return response
 
 
-@app.route('/v1/repositories/<path:repository>/images', methods=['PUT'])
+@index.route('/repositories/<path:repository>/images', methods=['PUT'])
 @process_auth
 @parse_repository_name
 @generate_headers(role='write')
@@ -238,7 +239,7 @@ def update_images(namespace, repository):
   abort(403)
 
 
-@app.route('/v1/repositories/<path:repository>/images', methods=['GET'])
+@index.route('/repositories/<path:repository>/images', methods=['GET'])
 @process_auth
 @parse_repository_name
 @generate_headers(role='read')
@@ -294,7 +295,7 @@ def get_repository_images(namespace, repository):
   abort(403)
 
 
-@app.route('/v1/repositories/<path:repository>/images', methods=['DELETE'])
+@index.route('/repositories/<path:repository>/images', methods=['DELETE'])
 @process_auth
 @parse_repository_name
 @generate_headers(role='write')
@@ -302,19 +303,19 @@ def delete_repository_images(namespace, repository):
   return make_response('Not Implemented', 501)
 
 
-@app.route('/v1/repositories/<path:repository>/auth', methods=['PUT'])
+@index.route('/repositories/<path:repository>/auth', methods=['PUT'])
 @parse_repository_name
 def put_repository_auth(namespace, repository):
   return make_response('Not Implemented', 501)
 
 
-@app.route('/v1/search', methods=['GET'])
+@index.route('/search', methods=['GET'])
 def get_search():
   return make_response('Not Implemented', 501)
 
 
-@app.route('/_ping')
-@app.route('/v1/_ping')
+@index.route('/_ping')
+@index.route('/_ping')
 def ping():
   response = make_response('true', 200)
   response.headers['X-Docker-Registry-Version'] = '0.6.0'