initial uploader and some form work

atst/app.py

@@ -19,6 +19,7 @@ from atst.routes.errors import make_error_pages
 from atst.domain.authnid.crl import CRLCache
 from atst.domain.auth import apply_authentication
 from atst.eda_client import MockEDAClient
+from atst.uploader import Uploader
 
 
 ENV = os.getenv("FLASK_ENV", "dev")
@@ -43,6 +44,7 @@ def make_app(config):
     make_crl_validator(app)
     register_filters(app)
     make_eda_client(app)
+    make_upload_storage(app)
 
     db.init_app(app)
     csrf.init_app(app)
@@ -143,3 +145,12 @@ def make_crl_validator(app):
 
 def make_eda_client(app):
     app.eda_client = MockEDAClient()
+
+def make_upload_storage(app):
+    uploader = Uploader(
+            provider=app.config.get("STORAGE_PROVIDER"),
+            container=app.config.get("STORAGE_CONTAINER"),
+            key=app.config.get("STORAGE_KEY"),
+            secret=app.config.get("STORAGE_SECRET")
+            )
+    app.uploader = uploader

atst/forms/financial.py

@@ -1,7 +1,8 @@
 import re
 from wtforms.fields.html5 import EmailField
-from wtforms.fields import StringField
+from wtforms.fields import StringField, FileField
 from wtforms.validators import Required, Email, Regexp
+from flask_wtf.file import FileAllowed
 
 from atst.domain.exceptions import NotFoundError
 from atst.domain.pe_numbers import PENumbers
@@ -214,3 +215,5 @@ class ExtendedFinancialForm(BaseFinancialForm):
         description="Review your task order document, the amounts for each CLIN must match exactly here",
         filters=[number_to_int],
     )
+
+    task_order = FileField("Upload a copy of your Task Order", validators=[FileAllowed(['pdf'], 'Only PDF documents can be uploaded.')])

atst/uploader.py

@@ -0,0 +1,45 @@
+from uuid import uuid4
+from libcloud.storage.types import Provider
+from libcloud.storage.providers import get_driver
+
+
+class UploadError(Exception):
+    pass
+
+
+class Uploader():
+    _PERMITTED_MIMETYPES = ["application/pdf"]
+
+    def __init__(self, provider, container=None, key=None, secret=None):
+        self.container = self._get_container(provider, container, key, secret)
+
+    def upload(self, fyle):
+        # TODO: for hardening, we should probably use a better library for
+        # determining mimetype and not rely on FileUpload's determination
+        # TODO: we should set MAX_CONTENT_LENGTH in the config to prevent large
+        # uploads
+        if not fyle.mimetype in self._PERMITTED_MIMETYPES:
+            raise UploadError(
+                "could not upload {} with mimetype {}".format(
+                    fyle.filename, fyle.mimetype
+                )
+            )
+
+        object_name = uuid4().hex
+        self.container.upload_object_via_stream(
+            iterator=fyle.stream.__iter__(),
+            object_name=object_name,
+            extra={"acl": "private"},
+        )
+        return (fyle.filename, object_name)
+
+    def download(self, path):
+        pass
+
+    def _get_container(self, provider, container, key, secret):
+        if provider == "LOCAL":
+            key = container
+            container = ""
+
+        driver = get_driver(getattr(Provider, provider))(key=key, secret=secret)
+        return driver.get_container(container)