server.py 21.6 KB
Newer Older
1
from flask import Flask, g, request, url_for, redirect, session, render_template, flash, Response, make_response
2
from werkzeug.routing import Rule
3
from functools import wraps
Julian Rother's avatar
Julian Rother committed
4
from datetime import date, timedelta, datetime, time, MINYEAR
5
import threading
6
import os
7
import sys
Julian Rother's avatar
Julian Rother committed
8
import hashlib
9
import random
10
import sched
11
import traceback
12

13
app = Flask(__name__)
14

Andreas Valder's avatar
Andreas Valder committed
15
16
app.jinja_env.trim_blocks = True
app.jinja_env.lstrip_blocks = True
Julian Rother's avatar
Julian Rother committed
17
app.add_template_global(random.randint, name='randint')
18
19
app.add_template_global(datetime, name='datetime')
app.add_template_global(timedelta, name='timedelta')
Andreas Valder's avatar
Andreas Valder committed
20

21
22
scheduler = sched.scheduler()
def run_scheduler():
Andreas Valder's avatar
Andreas Valder committed
23
	import time
24
	time.sleep(1) # UWSGI does weird things on startup
25
26
	while True:
		scheduler.run()
27
		time.sleep(10)
28

29
30
31
def sched_func(delay, priority=0, firstdelay=None, args=[], kargs={}):
	if firstdelay == None:
		firstdelay = random.randint(1, 120)
32
33
34
	def wrapper(func):
		def sched_wrapper():
			with app.test_request_context():
35
				func(*args, **kargs)
36
			scheduler.enter(delay, priority, sched_wrapper)
37
		scheduler.enter(firstdelay, priority, sched_wrapper)
38
39
40
41
		return func
	return wrapper

threading.Thread(target=run_scheduler, daemon=True).start()
42

43
config = app.config
44
config.from_pyfile('config.py.example', silent=True)
45
46
47
if sys.argv[0].endswith('run.py'): 
	config['SQLITE_INIT_DATA'] = True
	config['DEBUG'] = True
48
config.from_pyfile('config.py', silent=True)
Andreas Valder's avatar
Andreas Valder committed
49
50
if config['DEBUG']:
	app.jinja_env.auto_reload = True
51
52
if not config.get('SECRET_KEY', None):
	config['SECRET_KEY'] = os.urandom(24)
Julian Rother's avatar
Julian Rother committed
53

Julian Rother's avatar
Julian Rother committed
54
from db import query, modify, searchquery, ldapauth, ldapget
Julian Rother's avatar
Julian Rother committed
55

56
mod_endpoints = []
Julian Rother's avatar
Julian Rother committed
57

Julian Rother's avatar
Cleanup    
Julian Rother committed
58
@app.template_global()
59
60
61
62
def ismod(*args):
	return ('user' in session)

def mod_required(func):
63
	mod_endpoints.append(func.__name__)
64
65
	@wraps(func)
	def decorator(*args, **kwargs):
66
		if not ismod():
67
68
69
70
71
72
			flash('Diese Funktion ist nur für Moderatoren verfügbar!')
			return redirect(url_for('login', ref=request.url))
		else:
			return func(*args, **kwargs)
	return decorator

73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
def evalperm(perms):
	cperms = []
	lperms = []
	vperms = []
	for perm in perms:
		if perm['course_id']:
			cperms.append(perm)
		elif perm['lecture_id']:
			lperms.append(perm)
		elif perm['video_id']:
			vperms.append(perm)
	if vperms:
		return vperms
	elif lperms:
	 	return lperms
	elif cperms:
		return cperms
	return [{'type': 'public'}]
91
92

@app.template_filter()
93
94
95
96
def checkperm(perms, username=None, password=None):
	perms = evalperm(perms)
	for perm in perms:
		if perm['type'] == 'public':
97
			return True
98
99
		elif perm['type'] == 'password':
			if perm['param1'] == username and perm['param2'] == password:
100
				return True
101
102
		elif perm['type'] == 'l2p':
			if perm['param1'] in session.get('l2p_courses', []):
103
				return True
104
		elif perm['type'] == 'rwth':
105
106
107
108
109
			if session.get('rwthintern', False):
				return True
	return False

@app.template_filter()
110
111
def permdescr(perms):
	perms = evalperm(perms)
112
113
114
115
	public = False
	password = False
	l2p_courses = []
	rwth_intern = False
116
117
	for perm in perms:
		if perm['type'] == 'public':
118
			public = True
119
		elif perm['type'] == 'password':
120
			password = True
121
		elif perm['type'] == 'l2p':
122
			l2p_courses.append(perm['param1'])
123
		elif perm['type'] == 'rwth':
124
			rwth_intern = True
125
	if public or not perms:
126
127
128
129
130
131
132
		return 'public', 'Öffentlich verfügbar'
	if rwth_intern:
		if password:
			return 'rwth', 'Nur für RWTH-Angehörige und Nutzer mit Passwort verfügbar'
		return 'rwth', 'Nur für RWTH-Angehörige verfügbar'
	if l2p_courses:
		if password:
133
134
			return 'l2p', 'Nur für Teilnehmer der Veranstaltung und Nutzer mit Passwort verfügbar'
		return 'l2p', 'Nur für Teilnehmer der Veranstaltung verfügbar'
135
136
137
138
	if password:
		return 'password', 'Nur für Nutzer mit Passwort verfügbar'
	return 'public', 'Öffentlich verfügbar'

139
app.jinja_env.globals['navbar'] = []
140
141
142
143
144
# iconlib can be 'bootstrap'
# ( see: http://getbootstrap.com/components/#glyphicons )
# or 'fa'
# ( see: http://fontawesome.io/icons/ )
def register_navbar(name, iconlib='bootstrap', icon=None):
145
	def wrapper(func):
146
		endpoint = func.__name__
147
		app.jinja_env.globals['navbar'].append((endpoint, name, iconlib, icon, not endpoint in mod_endpoints))
148
149
150
		return func
	return wrapper

Julian Rother's avatar
Cleanup    
Julian Rother committed
151
152
153
154
def render_endpoint(endpoint, flashtext=None, **kargs):
	if flashtext:
		flash(flashtext)
	# request.endpoint is used for navbar highlighting
155
	request.url_rule = Rule(request.path, endpoint=endpoint)
Julian Rother's avatar
Cleanup    
Julian Rother committed
156
157
	return app.view_functions[endpoint](**kargs)

158
159
160
161
162
163
164
def handle_errors(endpoint, text, code, *errors, **epargs):
	def wrapper(func):
		@wraps(func)
		def decorator(*args, **kwargs):
			try:
				return func(*args, **kwargs)
			except errors:
Julian Rother's avatar
Julian Rother committed
165
				if endpoint:
166
					return make_response(render_endpoint(endpoint, text, **epargs), code)
Julian Rother's avatar
Julian Rother committed
167
168
				else:
					return text, code
169
170
171
		return decorator
	return wrapper

Julian Rother's avatar
Cleanup    
Julian Rother committed
172
173
@app.errorhandler(404)
def handle_not_found(e):
174
	return render_endpoint('index', 'Diese Seite existiert nicht!'), 404
Julian Rother's avatar
Cleanup    
Julian Rother committed
175

176
177
178
179
@app.errorhandler(500)
@app.errorhandler(Exception)
def handle_internal_error(e):
	traceback.print_exc()
180
	return render_template('500.html'), 500
181

182
183
184
185
186
187
188
189
190
191
@sched_func(5*60, firstdelay=0)
def dump_error_page():
	if 'ERROR_PAGE' not in config:
		return
	request.url_rule = Rule(request.path, endpoint='handle_internal_error')
	text = render_template('500.html')
	f = open(config['ERROR_PAGE'], 'w')
	f.write(text)
	f.close()

Andreas Valder's avatar
Andreas Valder committed
192
193
# debian ships jinja2 without this test...
@app.template_test(name='equalto')
194
195
196
def equalto(a,b):
	return a == b

Julian Rother's avatar
Julian Rother committed
197
@app.template_filter(name='semester')
198
199
200
201
202
203
204
205
206
207
208
209
210
211
def human_semester(s, long=False):
	if not s or s == 'zeitlos' or len(s) != 6:
		return 'Zeitlos'
	year = s[0:4]
	semester = s[4:6].upper()
	if not year.isdigit() or semester not in ['SS', 'WS']:
		print('Invalid semester string "%s"'%s)
		return '??'
	if not long:
		return semester+year[2:]
	elif semester == 'SS':
		return 'Sommersemester %s'%year
	else:
		return 'Wintersemester %s/%s'%(year, str(int(year)+1)[2:])
Julian Rother's avatar
Julian Rother committed
212
213
214

@app.template_filter(name='date')
def human_date(d):
Andreas Valder's avatar
Andreas Valder committed
215
	return d.strftime('%d.%m.%Y')
Julian Rother's avatar
Julian Rother committed
216

Andreas Valder's avatar
Andreas Valder committed
217
@app.template_filter(name='time')
218
def human_time(d):
Andreas Valder's avatar
Andreas Valder committed
219
220
	return d.strftime('%H:%M')

Julian Rother's avatar
Julian Rother committed
221
222
223
224
@app.template_filter()
def rfc3339(d):
	return d.strftime('%Y-%m-%dT%H:%M:%S+02:00')

225
226
@app.template_global()
def get_announcements(minlevel=0):
227
228
	offset = timedelta()
	if ismod():
229
		offset = timedelta(hours=24)
230
231
232
233
	try:
		return query('SELECT * FROM announcements WHERE NOT deleted AND ((time_expire = NULL) OR time_expire > ?) AND (? OR (visible AND time_publish < ?)) AND level >= ? ORDER BY level DESC', datetime.now()-offset, ismod(), datetime.now(), minlevel)
	except:
		return []
234

235
236
237
238
239
@app.template_filter()
def fixnl(s):
	# To be remove, as soon as db schema is cleaned-up
	return str(s).replace('\n', '<br>')

240
@app.route('/')
241
@register_navbar('Home', icon='home')
242
def index():
243
244
	start = date.today() - timedelta(days=1)
	end = start + timedelta(days=7)
245
246
	upcomming = query('''
		SELECT lectures.*, "course" AS sep, courses.*
Andreas Valder's avatar
Andreas Valder committed
247
248
		FROM lectures
		JOIN courses ON (lectures.course_id = courses.id)
249
250
		WHERE (time > ?) AND (time < ?) and lectures.visible and courses.visible and courses.listed
		ORDER BY time ASC LIMIT 30''',start,end)
Andreas Valder's avatar
Andreas Valder committed
251
252
253
	for i in upcomming:
		i['date'] = i['time'].date()
	latestvideos=query('''
254
		SELECT lectures.*, "course" AS sep, courses.*
Andreas Valder's avatar
Andreas Valder committed
255
256
257
258
259
		FROM lectures
		LEFT JOIN videos ON (videos.lecture_id = lectures.id)
		LEFT JOIN courses on (courses.id = lectures.course_id)
		WHERE (? OR (courses.visible AND courses.listed AND lectures.visible AND videos.visible))
		GROUP BY videos.lecture_id
260
		ORDER BY MAX(videos.time_updated) DESC
Andreas Valder's avatar
Andreas Valder committed
261
		LIMIT 6	''',ismod())
262
263
	featured = query('SELECT * FROM featured WHERE NOT deleted AND (? OR visible)', ismod())
	return render_template('index.html', latestvideos=latestvideos, upcomming=upcomming, featured=featured)
264

265
@app.route('/course')
266
@register_navbar('Videos', icon='film')
267
def courses():
268
	courses = query('SELECT * FROM courses WHERE (? OR (visible AND listed)) ORDER BY title', ismod())
269
270
271
	for course in courses:
		if course['semester'] == '':
			course['semester'] = 'zeitlos'
Andreas Valder's avatar
Andreas Valder committed
272
	groupedby = request.args.get('groupedby')
Julian Rother's avatar
Cleanup    
Julian Rother committed
273
	if groupedby not in ['title', 'semester', 'organizer']:
Andreas Valder's avatar
Andreas Valder committed
274
		groupedby = 'semester'
275
	return render_template('courses.html', courses=courses, groupedby=groupedby)
Andreas Valder's avatar
Andreas Valder committed
276

277
278
@app.route('/course/<handle>')
@app.route('/course/<int:id>')
279
@handle_errors('courses', 'Diese Veranstaltung existiert nicht!', 404, IndexError)
280
281
def course(id=None, handle=None):
	if id:
282
		course = query('SELECT * FROM courses WHERE id = ? AND (? OR visible)', id, ismod())[0]
283
	else:
284
		course = query('SELECT * FROM courses WHERE handle = ? AND (? OR visible)', handle, ismod())[0]
285
286
	course['perm'] = query('SELECT * FROM perm WHERE (NOT perm.deleted) AND course_id = ? ORDER BY type', course['id'])
	perms = query('SELECT perm.* FROM perm JOIN lectures ON (perm.lecture_id = lectures.id) WHERE (NOT perm.deleted) AND lectures.course_id = ? ORDER BY perm.type', course['id'])
287
	lectures = query('SELECT * FROM lectures WHERE course_id = ? AND (? OR visible) ORDER BY time, duration DESC', course['id'], ismod())
288
	for lecture in lectures:
289
		lecture['perm'] = []
290
		lecture['perm'] += course['perm']
291
		lecture['course'] = course
292
293
294
		for perm in perms:
			if perm['lecture_id'] == lecture['id']:
				lecture['perm'].append(perm)
Andreas Valder's avatar
Andreas Valder committed
295
	videos = query('''
296
			SELECT videos.*, (videos.downloadable AND courses.downloadable) as downloadable, formats.description AS format_description, formats.player_prio, formats.prio
Andreas Valder's avatar
Andreas Valder committed
297
298
299
300
301
302
			FROM videos
			JOIN lectures ON (videos.lecture_id = lectures.id)
			JOIN formats ON (videos.video_format = formats.id)
			JOIN courses ON (lectures.course_id = courses.id)
			WHERE lectures.course_id= ? AND (? OR videos.visible)
			ORDER BY lectures.time, formats.prio DESC
303
304
			''', course['id'], ismod())
	return render_template('course.html', course=course, lectures=lectures, videos=videos)
Andreas Valder's avatar
Andreas Valder committed
305

Andreas Valder's avatar
Andreas Valder committed
306
@app.route('/faq')
307
@register_navbar('FAQ', icon='question-sign')
Andreas Valder's avatar
Andreas Valder committed
308
def faq():
309
	return render_template('faq.html')
Andreas Valder's avatar
Andreas Valder committed
310

311
@app.route('/play/<int:id>')
Andreas Valder's avatar
Andreas Valder committed
312
@app.route('/embed/<int:id>', endpoint='embed')
313
@handle_errors('course', 'Diese Vorlesung existiert nicht!', 404, IndexError)
314
def lecture(id):
Andreas Valder's avatar
Andreas Valder committed
315
316
317
318
319
	lecture = query('SELECT * FROM lectures WHERE id = ? AND (? OR visible)', id, ismod())[0]
	videos = query('''
			SELECT videos.*, (videos.downloadable AND courses.downloadable) as downloadable, formats.description AS format_description, formats.player_prio, formats.prio
			FROM videos
			JOIN formats ON (videos.video_format = formats.id)
320
321
322
323
			JOIN courses ON (courses.id = ?)
			WHERE videos.lecture_id = ? AND (? OR videos.visible)
			ORDER BY formats.prio DESC
			''', lecture['course_id'], lecture['id'], ismod())
324
	perms = query('SELECT perm.* FROM perm WHERE ((NOT perm.deleted) AND (perm.lecture_id = ? OR perm.course_id = ?))',
325
			lecture['id'], lecture['course_id'])
326
327
	if not videos:
		flash('Zu dieser Vorlesung wurden noch keine Videos veröffentlicht!')
328
	courses = query('SELECT * FROM courses WHERE id = ? AND (? OR visible)', lecture['course_id'], ismod())
329
330
	if not courses:
		return render_endpoint('courses', 'Diese Veranstaltung existiert nicht!'), 404
331
	chapters = query('SELECT * FROM chapters WHERE lecture_id = ? AND NOT deleted AND (? OR visible) ORDER BY time ASC', id, ismod())
332
333
	if not checkperm(perms):
		mode, text = permdescr(perms)
334
335
336
337
338
339
		if mode == 'rwth':
			flash(text+'. <a target="_blank" href="'+url_for('start_rwthauth')+'">Hier authorisieren</a>.')
		elif mode == 'l2p':
			flash(text+'. <a target="_blank" href="'+url_for('start_l2pauth')+'">Hier authorisieren</a>.')
		else:
			flash(text+'.')
340
	return render_template('embed.html' if request.endpoint == 'embed' else 'lecture.html', course=courses[0], lecture=lecture, videos=videos, chapters=chapters)
Andreas Valder's avatar
Andreas Valder committed
341

342
343
344
345
346
347
348

@app.route('/search')
def search():
	if 'q' not in request.args:
		return redirect(url_for('index'))
	q = request.args['q']
	courses = searchquery(q, '*', ['title', 'short', 'organizer', 'subject', 'description'],
349
			'courses', 'WHERE (? OR (visible AND listed)) GROUP BY id ORDER BY _score DESC, semester DESC LIMIT 20', ismod())
Julian Rother's avatar
Julian Rother committed
350
351
352
353
354
	#lectures = searchquery(q, 'lectures.*, courses.visible AS coursevisible, courses.listed, "course" AS sep, courses.*',
	#			['lectures.title', 'lectures.comment', 'lectures.speaker', 'courses.short'],
	#			'lectures LEFT JOIN courses on (courses.id = lectures.course_id)',
	#			'WHERE (? OR (coursevisible AND listed AND visible)) GROUP BY id ORDER BY _score DESC, time DESC LIMIT 30', ismod())
	lectures = searchquery(q, 'lectures.*, courses.visible AS coursevisible, courses.listed, courses.id AS courses_id, courses.visible AS courses_visible, courses.listed AS courses_listed, courses.title AS courses_title, courses.short AS courses_short, courses.handle AS courses_handle, courses.organizer AS courses_organizer, courses.subject AS courses_subject, courses.credits AS courses_credits, courses.created_by AS courses_created_by, courses.time_created AS courses_time_created, courses.time_updated AS courses_time_updated, courses.semester AS courses_semester, courses.downloadable AS courses_downloadable, courses.embedinvisible AS courses_embedinvisible, courses.description AS courses_description, courses.internal AS courses_internal, courses.responsible AS courses_responsible',
355
356
			['lectures.title', 'lectures.comment', 'lectures.speaker', 'courses.short'],
			'lectures LEFT JOIN courses on (courses.id = lectures.course_id)',
357
			'WHERE (? OR (coursevisible AND listed AND visible)) GROUP BY id ORDER BY _score DESC, time DESC LIMIT 30', ismod())
Julian Rother's avatar
Julian Rother committed
358
359
360
361
362
	for lecture in lectures:
		lecture['course'] = {}
		for key in lecture:
			if key.startswith('courses_'):
				lecture['course'][key[8:]] = lecture[key]
363
	return render_template('search.html', searchtext=request.args['q'], courses=courses, lectures=lectures)
Andreas Valder's avatar
Andreas Valder committed
364

365
366
367
def check_mod(user, groups):
	return user and 'users' in groups

368
@app.route('/login', methods=['GET', 'POST'])
Julian Rother's avatar
Julian Rother committed
369
def login():
370
371
	if request.method == 'GET':
		return render_template('login.html')
Julian Rother's avatar
Julian Rother committed
372
	user, groups = ldapauth(request.form.get('user'), request.form.get('password'))
373
	if not check_mod(user, groups):
374
		flash('Login fehlgeschlagen!')
375
376
377
378
		return render_template('login.html')
	session['user'] = ldapget(user)
	dbuser = query('SELECT * FROM users WHERE name = ?', user)
	if not dbuser:
Julian Rother's avatar
Julian Rother committed
379
		modify('INSERT INTO users (name, realname, fsacc, level, calendar_key, rfc6238) VALUES (?, ?, ?, 1, "", "")', user, session['user']['givenName'], user)
380
381
		dbuser = query('SELECT * FROM users WHERE name = ?', user)
	session['user']['dbid'] = dbuser[0]['id']
Julian Rother's avatar
Julian Rother committed
382
	return redirect(request.values.get('ref', url_for('index')))
Julian Rother's avatar
Julian Rother committed
383

Julian Rother's avatar
Julian Rother committed
384
@app.route('/logout', methods=['GET', 'POST'])
Julian Rother's avatar
Julian Rother committed
385
386
def logout():
	session.pop('user')
Julian Rother's avatar
Julian Rother committed
387
	return redirect(request.values.get('ref', url_for('index')))
Julian Rother's avatar
Julian Rother committed
388

389
# name: (tablename, idcolumn, [editable_fields], [fields_to_set_at_creation_time])
390
391
392
tabs = {
	'courses': ('courses_data', 'id', ['visible', 'listed', 'title', 'short',
			'handle', 'organizer', 'subject', 'semester', 'downloadable',
393
			'internal', 'responsible','deleted','description'],
394
			['created_by', 'time_created', 'time_updated']),
395
	'lectures': ('lectures_data', 'id', ['visible', 'title', 'comment',
396
397
398
399
400
401
402
403
404
405
			'internal', 'speaker', 'place', 'time', 'duration', 'jumplist','deleted'],
			['course_id', 'time_created', 'time_updated']),
	'videos': ('videos_data', 'id', ['visible','deleted'],
			['created_by', 'time_created', 'time_updated']),
	'chapters': ('chapters', 'id', ['time', 'text', 'visible', 'deleted'],
			['created_by', 'time_created', 'time_updated']),
	'announcements': ('announcements', 'id', ['text', 'level', 'visible',
			'deleted', 'time_publish', 'time_expire'],
			['created_by', 'time_created', 'time_updated']),
	'featured': ('featured', 'id', ['title', 'text', 'internal', 'visible', 'deleted'],
406
			['created_by', 'time_created', 'time_updated']),
407
	'perm': ('perm', 'id', ['type', 'param1', 'param2', 'deleted'],
408
409
410
			['course_id', 'lecture_id', 'video_id', 'created_by', 'time_created', 'time_updated']),
	'sorterrorlog': ('sorterrorlog_data', 'id', ['deleted'],
			['time_created', 'time_updated'])
411
412
}

413
@app.route('/edit', methods=['GET', 'POST'])
414
@mod_required
415
def edit(prefix='', ignore=[]):
416
	# All editable tables are expected to have a 'time_updated' field
417
	ignore.append('ref')
418
419
420
	ignore.append('prefix')
	if not prefix and 'prefix' in request.args:
		prefix = request.args['prefix']
Julian Rother's avatar
Julian Rother committed
421
	modify('BEGIN')
422
	changes = request.values.items()
423
	if (request.method == 'POST') and (request.get_json()):
Julian Rother's avatar
Julian Rother committed
424
425
		changes = request.get_json().items()
	for key, val in changes:
426
427
428
		if key in ignore:
			continue
		key = prefix+key
429
		table, id, column = key.split('.', 2)
Julian Rother's avatar
Julian Rother committed
430
431
		assert table in tabs
		assert column in tabs[table][2]
432
433
		modify('INSERT INTO changelog (`table`,id_value, id_key, field, value_new, value_old, `when`, who, executed) VALUES (?,?,?,?,?,(SELECT %s FROM %s WHERE %s = ?),?,?,1)'%(column, tabs[table][0], tabs[table][1]),
				table, id, tabs[table][1], column, val, id, datetime.now(), session['user']['dbid'])
Julian Rother's avatar
Julian Rother committed
434
435
		modify('UPDATE %s SET %s = ?, time_updated = ? WHERE %s = ?'%(tabs[table][0], column, tabs[table][1]), val, datetime.now(), id)
	modify('COMMIT')
436
437
	if 'ref' in request.values:
		return redirect(request.values['ref'])
438
	return "OK", 200
Julian Rother's avatar
Julian Rother committed
439

440
@app.route('/new/<table>', methods=['GET', 'POST'])
441
@mod_required
442
443
def create(table):
	assert table in tabs
444
445
446
447
448
449
450
	defaults = {'created_by': session['user']['dbid'], 'time_created': datetime.now(), 'time_updated': datetime.now()}
	columns = []
	values = []
	for column, val in defaults.items():
		if column in tabs[table][3]:
			columns.append(column)
			values.append(val)
451
	args = request.values
452
	if (request.method == 'POST') and (request.get_json()):
453
454
455
456
		args = request.get_json()
	for column, val in args.items():
		if column == 'ref':
			continue
457
458
		assert column in tabs[table][2]+tabs[table][3]
		assert column not in defaults
459
460
461
462
		columns.append(column)
		values.append(val)
	id = modify('INSERT INTO %s (%s) VALUES (%s)'%(tabs[table][0],
				','.join(columns), ','.join(['?']*len(values))), *values)
463
464
465
466
	if 'ref' in request.values:
		return redirect(request.values['ref'])
	return str(id), 200

467
468
469
470
471
@app.route('/auth')
def auth(): # For use with nginx auth_request
	if 'X-Original-Uri' not in request.headers:
		return 'Internal Server Error', 500
	url = request.headers['X-Original-Uri'].lstrip(config['VIDEOPREFIX'])
472
	ip = request.headers.get('X-Real-IP', '')
473
	if url.endswith('jpg'):
474
		return "OK", 200
475
	perms = query('''SELECT videos.path, videos.id AS vid, perm.*
476
477
478
      FROM videos
      JOIN lectures ON (videos.lecture_id = lectures.id)
      JOIN courses ON (lectures.course_id = courses.id)
479
			LEFT JOIN perm ON (videos.id = perm.video_id OR lectures.id = perm.lecture_id OR courses.id = perm.course_id)
480
481
      WHERE videos.path = ?
      AND (? OR (courses.visible AND lectures.visible AND videos.visible))
482
			ORDER BY perm.video_id DESC, perm.lecture_id DESC, perm.course_id DESC''',
483
			url, ismod())
484

485
	if not perms:
486
		return "Not allowed", 403
487
	auth = request.authorization
488
489
490
491
	username = password = None
	if auth:
		username = auth.username
		password = auth.password
492
	if checkperm(perms, username=username, password=password):
493
		return 'OK', 200
494
		modify('INSERT INTO log VALUES (?, "", ?, "video", ?, ?)', ip, datetime.now(), perms[0]['vid'], url)
495
	password_auth = False
496
497
	for perm in perms:
		if perm['type'] == 'password':
498
499
500
			password_auth = True
			break
	if password_auth:
501
502
		return Response("Login required", 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})
	return "Not allowed", 403
Andreas Valder's avatar
Andreas Valder committed
503

Andreas Valder's avatar
Andreas Valder committed
504
@app.route('/stats')
Andreas Valder's avatar
Andreas Valder committed
505
@register_navbar('Statistiken', icon='stats')
Andreas Valder's avatar
Andreas Valder committed
506
507
508
@mod_required
def stats():
	return render_template('stats.html')
Andreas Valder's avatar
Andreas Valder committed
509

Andreas Valder's avatar
Andreas Valder committed
510
@app.route('/changelog')
Andreas Valder's avatar
Andreas Valder committed
511
@register_navbar('Changelog', icon='book')
Andreas Valder's avatar
Andreas Valder committed
512
@mod_required
513
def changelog():
514
515
516
	changelog = query('SELECT * FROM changelog LEFT JOIN users ON (changelog.who = users.id) ORDER BY `when` DESC LIMIT 50')
	for entry in changelog:
		entry['path'] = '.'.join([entry['table'], entry['id_value'], entry['field']])
517
	return render_template('changelog.html', changelog=changelog)
Andreas Valder's avatar
Andreas Valder committed
518

Julian Rother's avatar
Julian Rother committed
519
520
521
522
@app.route('/files/<filename>')
def files(filename):
	return redirect(config['VIDEOPREFIX']+'/'+filename)

523
524
525
526
527
@app.route('/newchapter/<int:lectureid>', methods=['POST', 'GET'])
def suggest_chapter(lectureid):
	time = request.values['time']
	text = request.values['text']
	assert(time and text)
528
529
530
531
532
533
534
	try:
		x = datetime.strptime(time,'%H:%M:%S')
		time= timedelta(hours=x.hour,minutes=x.minute,seconds=x.second).total_seconds()
		time = int(time)
	except ValueError:
		flash('Falsches Zeitformat, "%H:%M:%S" wird erwartet. Z.B. "01:39:42" für eine Kapitel bei Stunde 1, Minute 39, Sekunde 42')
		
535
536
537
	submitter = None
	if not ismod():
		submitter = request.environ['REMOTE_ADDR']
Julian Rother's avatar
Julian Rother committed
538
	id = modify('INSERT INTO chapters (lecture_id, time, text, time_created, time_updated, created_by, submitted_by) VALUES (?, ?, ?, ?, ?, ?, ?)',
539
540
541
542
543
				lectureid, time, text, datetime.now(), datetime.now(), session.get('user', {'dbid':None})['dbid'], submitter)
	if 'ref' in request.values:
		return redirect(request.values['ref'])
	return 'OK',  200

544
545
546
547
548
549
550
551
552
553
@app.route('/chapters/<int:lectureid>')
def chapters(lectureid):
	chapters = query("SELECT * FROM chapters WHERE lecture_id = ? and visible ORDER BY time DESC", lectureid)
	last = None
	for c in chapters:
		c['start'] = c['time']
		c['end'] = last['start'] if last else 9999
		last = c
	return Response(render_template('chapters.srt',chapters=chapters), 200, {'Content-Type':'text/vtt'})

Andreas Valder's avatar
Andreas Valder committed
554
@app.route('/sitemap.xml')
Andreas Valder's avatar
Andreas Valder committed
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
def sitemap():
	pages=[]
	# static pages
	for rule in app.url_map.iter_rules():
		if 'GET' in rule.methods and len(rule.arguments)==0:
			if rule.endpoint not in mod_endpoints:
				pages.append([rule.rule])
	for i in query('select * from courses where visible and listed'):
		pages.append([url_for('course',handle=i['handle'])])
		for j in query('select * from lectures where (course_id = ? and visible)',i['id']):
			pages.append([url_for('lecture',id=j['id'])])


	return Response(render_template('sitemap.xml', pages=pages), 200, {'Content-Type': 'application/atom+xml'} )

Julian Rother's avatar
Julian Rother committed
570
import feeds
571
import importer
Andreas Valder's avatar
Andreas Valder committed
572
import sorter
573
574
if 'ICAL_URL' in config:
	import meetings
575
576
if 'L2P_APIKEY' in config:
	import l2pauth
577
import jobs
Andreas Valder's avatar
Andreas Valder committed
578
import timetable