Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Jannik Hellenkamp
website
Commits
477eea23
Commit
477eea23
authored
Feb 25, 2017
by
Julian Rother
Browse files
Implement permission checking for livestreams
parent
ef00c21e
Changes
1
Hide whitespace changes
Inline
Side-by-side
server.py
View file @
477eea23
...
...
@@ -559,17 +559,28 @@ def auth(): # For use with nginx auth_request
cookie
=
int
(
request
.
cookies
[
'tracking'
])
else
:
cookie
=
random
.
getrandbits
(
8
*
8
-
1
)
if
url
.
endswith
(
'jpg'
)
or
ismod
()
or
url
.
startswith
(
'pub/hls/'
)
:
if
url
.
endswith
(
'jpg'
)
or
ismod
():
return
"OK"
,
200
perms
=
query
(
'''SELECT videos.path, videos.id AS vid, perm.*
FROM videos
JOIN lectures ON (videos.lecture_id = lectures.id)
JOIN courses ON (lectures.course_id = courses.id)
LEFT JOIN perm ON ((videos.id = perm.video_id OR lectures.id = perm.lecture_id OR courses.id = perm.course_id) AND NOT perm.deleted)
WHERE videos.path = ?
AND (courses.visible AND lectures.visible AND videos.visible)
ORDER BY perm.video_id DESC, perm.lecture_id DESC, perm.course_id DESC'''
,
url
)
if
url
.
startswith
(
'pub/hls/'
):
handle
=
url
[
len
(
'pub/hls/'
):].
split
(
'_'
)[
0
].
split
(
'.'
)[
0
]
perms
=
query
(
'''SELECT perm.*
FROM streams
JOIN lectures ON (streams.lecture_id = lectures.id)
JOIN courses ON (lectures.course_id = courses.id)
LEFT JOIN perm ON ((lectures.id = perm.lecture_id OR courses.id = perm.course_id) AND NOT perm.deleted)
WHERE streams.handle = ?
AND (courses.visible AND lectures.visible AND streams.visible)
ORDER BY perm.video_id DESC, perm.lecture_id DESC, perm.course_id DESC'''
,
handle
)
else
:
perms
=
query
(
'''SELECT videos.path, videos.id AS vid, perm.*
FROM videos
JOIN lectures ON (videos.lecture_id = lectures.id)
JOIN courses ON (lectures.course_id = courses.id)
LEFT JOIN perm ON ((videos.id = perm.video_id OR lectures.id = perm.lecture_id OR courses.id = perm.course_id) AND NOT perm.deleted)
WHERE videos.path = ?
AND (courses.visible AND lectures.visible AND videos.visible)
ORDER BY perm.video_id DESC, perm.lecture_id DESC, perm.course_id DESC'''
,
url
)
if
not
perms
:
return
"Not allowed"
,
403
auth
=
request
.
authorization
...
...
@@ -579,7 +590,8 @@ def auth(): # For use with nginx auth_request
password
=
auth
.
password
if
checkperm
(
perms
,
username
=
username
,
password
=
password
):
try
:
modify
(
'INSERT INTO log (id, `time`, `date`, video, source) VALUES (?, ?, ?, ?, 1)'
,
cookie
,
datetime
.
now
(),
datetime
.
combine
(
date
.
today
(),
time
()),
perms
[
0
][
'vid'
])
if
not
url
.
startswith
(
'pub/hls/'
):
modify
(
'INSERT INTO log (id, `time`, `date`, video, source) VALUES (?, ?, ?, ?, 1)'
,
cookie
,
datetime
.
now
(),
datetime
.
combine
(
date
.
today
(),
time
()),
perms
[
0
][
'vid'
])
except
:
pass
r
=
make_response
(
'OK'
,
200
)
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment