From 7744b56616457b4fde30b8327b6a5494848dc643 Mon Sep 17 00:00:00 2001
From: yova <yova@freedomhost.de>
Date: Tue, 24 Oct 2023 13:11:11 +0200
Subject: [PATCH] initial

---
 api_delete_all_public.py | 36 ++++++++++++++++++++++++++++++++++++
 api_tests_public.py      | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 70 insertions(+)
 create mode 100644 api_delete_all_public.py
 create mode 100644 api_tests_public.py

diff --git a/api_delete_all_public.py b/api_delete_all_public.py
new file mode 100644
index 0000000..d9aa397
--- /dev/null
+++ b/api_delete_all_public.py
@@ -0,0 +1,36 @@
+import requests # pip install requests
+import jwt	# pip install pyjwt
+from datetime import datetime as date
+
+# Admin API key goes here
+key = ''
+
+# Split the key into ID and SECRET
+id, secret = key.split(':')
+
+# Prepare header and payload
+iat = int(date.now().timestamp())
+
+header = {'alg': 'HS256', 'typ': 'JWT', 'kid': id}
+payload = {
+    'iat': iat,
+    'exp': iat + 5 * 60,
+    'aud': '/admin/'
+}
+
+# Create the token (including decoding secret)
+token = jwt.encode(payload, bytes.fromhex(secret), algorithm='HS256', headers=header)
+headers = {'Authorization': 'Ghost {}'.format(token)}
+url = 'https://ghost.example.com/ghost/api/admin/posts/'
+
+def deletePost(id):
+	r = requests.delete(url + id + '/', headers=headers)
+	print(r)
+	
+r = requests.get(url + '?limit=all', headers=headers)
+
+posts = r.json()['posts']
+
+[deletePost(post['id']) for post in posts]
+
+
diff --git a/api_tests_public.py b/api_tests_public.py
new file mode 100644
index 0000000..5fdf024
--- /dev/null
+++ b/api_tests_public.py
@@ -0,0 +1,34 @@
+import requests # pip install requests
+import jwt	# pip install pyjwt
+from datetime import datetime as date
+
+# Admin API key goes here
+key = ''
+
+# Split the key into ID and SECRET
+id, secret = key.split(':')
+
+# Prepare header and payload
+iat = int(date.now().timestamp())
+
+header = {'alg': 'HS256', 'typ': 'JWT', 'kid': id}
+payload = {
+    'iat': iat,
+    'exp': iat + 5 * 60,
+    'aud': '/admin/'
+}
+
+# Create the token (including decoding secret)
+token = jwt.encode(payload, bytes.fromhex(secret), algorithm='HS256', headers=header)
+
+# Make an authenticated request to push an image
+
+url = 'https://mary.joefix.it/ghost/api/admin/images/upload/'
+headers = {'Authorization': 'Ghost {}'.format(token)}
+
+with open("test.jpg", "rb") as file:
+	files = {'file': ('test.jpg', file, 'image/jpeg')}
+	r = requests.post(url, files=files, headers=headers)
+
+print(r.json())
+