Skip to content
Snippets Groups Projects
Commit 3996a7b4 authored by Julian Rother's avatar Julian Rother
Browse files

Added logging to new 'log' table and fixed sqlite wrapper

parent c12fa866
No related branches found
No related tags found
No related merge requests found
...@@ -99,6 +99,15 @@ CREATE TABLE IF NOT EXISTS `site_texts` ( ...@@ -99,6 +99,15 @@ CREATE TABLE IF NOT EXISTS `site_texts` (
`modified_when` datetime NOT NULL, `modified_when` datetime NOT NULL,
`modified_by` text NOT NULL `modified_by` text NOT NULL
); );
CREATE TABLE IF NOT EXISTS `log` (
`ip` varchar(64),
`id` varchar(64),
`time` datetime NOT NULL,
`object` varchar(10),
`obj_id` INTEGER,
`path` varchar(255) NOT NULL,
PRIMARY KEY (ip, id, time, path)
);
CREATE TABLE IF NOT EXISTS `streams` ( CREATE TABLE IF NOT EXISTS `streams` (
`handle` varchar(32) NOT NULL PRIMARY KEY, `handle` varchar(32) NOT NULL PRIMARY KEY,
`active` INTEGER NOT NULL, `active` INTEGER NOT NULL,
......
...@@ -2,6 +2,7 @@ ...@@ -2,6 +2,7 @@
from flask import * from flask import *
from functools import wraps from functools import wraps
import datetime
import sqlite3 import sqlite3
import os import os
import re import re
...@@ -55,6 +56,7 @@ def query(operation, *params): ...@@ -55,6 +56,7 @@ def query(operation, *params):
if 'db' not in g: if 'db' not in g:
g.db = sqlite3.connect(config['SQLITE_DB']) g.db = sqlite3.connect(config['SQLITE_DB'])
g.db.row_factory = dict_factory g.db.row_factory = dict_factory
g.db.isolation_level = None
if not hasattr(request, 'db'): if not hasattr(request, 'db'):
request.db = g.db.cursor() request.db = g.db.cursor()
request.db.execute(operation, params) request.db.execute(operation, params)
...@@ -62,6 +64,12 @@ def query(operation, *params): ...@@ -62,6 +64,12 @@ def query(operation, *params):
return [] return []
return request.db.fetchall() return request.db.fetchall()
@app.teardown_request
def commit_db(*args):
if hasattr(request, 'db'):
request.db.close()
g.db.commit()
def searchquery(text, columns, match, tables, suffix, *suffixparams): def searchquery(text, columns, match, tables, suffix, *suffixparams):
params = [] params = []
subexprs = [] subexprs = []
...@@ -235,7 +243,7 @@ def edit(): ...@@ -235,7 +243,7 @@ def edit():
tabs = { tabs = {
'courses': ('courses_data', 'id', ['visible', 'listed', 'title', 'short', 'courses': ('courses_data', 'id', ['visible', 'listed', 'title', 'short',
'handle', 'organizer', 'subject', 'credits', 'semester', 'downloadable', 'handle', 'organizer', 'subject', 'credits', 'semester', 'downloadable',
'internal', 'responsible']), 'internal', 'responsible', 'description']),
'lectures': ('lectures_data', 'id', ['visible', 'title', 'comment', 'lectures': ('lectures_data', 'id', ['visible', 'title', 'comment',
'internal', 'speaker', 'place', 'time', 'duration', 'jumplist', 'internal', 'speaker', 'place', 'time', 'duration', 'jumplist',
'titlefile']), 'titlefile']),
...@@ -262,16 +270,18 @@ def auth(): # For use with nginx auth_request ...@@ -262,16 +270,18 @@ def auth(): # For use with nginx auth_request
if 'X-Original-Uri' not in request.headers: if 'X-Original-Uri' not in request.headers:
return 'Internal Server Error', 500 return 'Internal Server Error', 500
url = request.headers['X-Original-Uri'].lstrip(config['VIDEOPREFIX']) url = request.headers['X-Original-Uri'].lstrip(config['VIDEOPREFIX'])
videos = query('''SELECT videos.path ip = request.headers.get('X-Real-IP', '')
videos = query('''SELECT videos.path, videos.id
FROM videos FROM videos
JOIN lectures ON (videos.lecture_id = lectures.id) JOIN lectures ON (videos.lecture_id = lectures.id)
JOIN courses ON (lectures.course_id = courses.id) JOIN courses ON (lectures.course_id = courses.id)
WHERE videos.path = ? WHERE videos.path = ?
AND (? OR (courses.visible AND lectures.visible AND videos.visible))''', AND (? OR (courses.visible AND lectures.visible AND videos.visible))''',
url, ismod()) url, ismod())
if videos and url.startswith('pub'): if videos and (url.startswith('pub') or ismod()):
query('INSERT INTO log VALUES (?, "", ?, "video", ?, ?)', ip, datetime.datetime.now(), videos[0]['id'], url)
return "OK", 200 return "OK", 200
elif videos and ismod(): elif url.endswith('jpg'):
return "OK", 200 return "OK", 200
else: else:
return "Not allowed", 403 return "Not allowed", 403
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment