From 5ddcbed023126fa4aeb7407e4d72b8b099f65b15 Mon Sep 17 00:00:00 2001
From: Julian Rother <julianr@fsmpi.rwth-aachen.de>
Date: Sun, 28 Aug 2016 23:29:27 +0200
Subject: [PATCH] Parameterised video url prefix and implemented handler for
 nginx auth_request

---
 server.py             | 23 ++++++++++++++++++++++-
 templates/base.html   |  2 +-
 templates/macros.html | 10 +++++-----
 3 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/server.py b/server.py
index 01eba30..64dfacd 100755
--- a/server.py
+++ b/server.py
@@ -15,10 +15,12 @@ config['SQLITE_DB'] = 'db.sqlite'
 config['SQLITE_INIT_SCHEMA'] = True
 config['SQLITE_INIT_DATA'] = False
 config['DEBUG'] = False
+config['VIDEOPREFIX'] = 'https://videoag.fsmpi.rwth-aachen.de'
 if __name__ == '__main__':
 	config['SQLITE_INIT_DATA'] = True
 	config['DEBUG'] = True
 config.from_pyfile('config.py', silent=True)
+app.jinja_env.globals['videoprefix'] = config['VIDEOPREFIX']
 
 if config['DB_ENGINE'] == 'sqlite':
 	created = not os.path.exists(config['SQLITE_DB'])
@@ -251,5 +253,24 @@ def edit():
 					tabs[table][1]), val, id)
 	query('COMMIT TRANSACTION')
 
+@app.route('/auth')
+def auth(): # For use with nginx auth_request
+	if 'X-Original-Uri' not in request.headers:
+		return 'Internal Server Error', 500
+	url = request.headers['X-Original-Uri'].lstrip(config['VIDEOPREFIX'])
+	videos = query('''SELECT videos.path
+			FROM videos
+			JOIN lectures ON (videos.lecture_id = lectures.id)
+			JOIN courses ON (lectures.course_id = courses.id)
+			WHERE videos.path = ?
+			AND (? OR (courses.visible AND lectures.visible AND videos.visible))''',
+			url, ismod())
+	if videos and url.startswith('pub'):
+		return "OK", 200
+	elif videos and ismod():
+		return "OK", 200
+	else:
+		return "Not allowed", 403
+
 if __name__ == '__main__':
-	app.run()
+	app.run(threaded=True)
diff --git a/templates/base.html b/templates/base.html
index db02b7e..dac576a 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -58,7 +58,7 @@
 									</li>
 									{% endfor %}
 									<li class="navbar-right">
-										{% if not session.user is defined %}
+										{% if not ismod() %}
 										<a id="loginpopover" data-container="body" data-toggle="popover" data-placement="bottom"> 
 											<span class="glyphicon glyphicon-log-in"></span>
 										</a>
diff --git a/templates/macros.html b/templates/macros.html
index 595969f..9daa255 100644
--- a/templates/macros.html
+++ b/templates/macros.html
@@ -3,7 +3,7 @@
 <li class="list-group-item">
 	<a class="hidden-xs" href="/play?lectureid={{ lecture['id'] }}" title="{{ lecture['coursetitle'] }}">
 		<div class="row">
-			<img class="col-xs-4" src="https://videoag.fsmpi.rwth-aachen.de/{{ lecture['titlefile'] }}" alt="Vorschaubild">
+			<img class="col-xs-4" src="{{ videoprefix }}/{{ lecture['titlefile'] }}" alt="Vorschaubild">
 			<div class="col-xs-4">
 				<span style="color: #000;"><strong>{{ lecture['short'] }}</strong></span><br>
 				<span style="color: #000;">{{ lecture['time'] }}</span>
@@ -19,7 +19,7 @@
 	</a>
 	<a class="visible-xs" href="/play?lectureid={{ lecture['id'] }}" title="{{ lecture['coursetitle'] }}">
 		<div class="row">
-			<img class="col-xs-12" src="https://videoag.fsmpi.rwth-aachen.de/{{ lecture['titlefile'] }}" alt="Vorschaubild">
+			<img class="col-xs-12" src="{{ videoprefix }}/{{ lecture['titlefile'] }}" alt="Vorschaubild">
 		</div>
 		<div class="row">
 			<div class="col-xs-12">
@@ -54,7 +54,7 @@
 <link rel="stylesheet" href="static/mediaelementjs/mediaelementplayer.css" />
 <video class="mejs-player" width="640" height="360" style="width: 100%; height: 100%;">
 	{% for v in videos %}
-		<source type="video/mp4" src="https://videoag.fsmpi.rwth-aachen.de/{{ v.path }}" />
+		<source type="video/mp4" src="{{ videoprefix }}/{{ v.path }}" />
 	{% endfor %}
 </video>
 <script>
@@ -94,13 +94,13 @@
 <button class="btn btn-primary dropdown-toggle" type="button" data-toggle="dropdown">Download <span class="caret"></span></button>
 <ul class="dropdown-menu">
 	{% for v in videos %}
-	<li><a href="https://video.fsmpi.rwth-aachen.de/{{v.path}}">{{v.format_description}} ({{v.file_size|filesizeformat(true)}})</a></li>
+	<li><a href="{{ videoprefix }}/{{v.path}}">{{v.format_description}} ({{v.file_size|filesizeformat(true)}})</a></li>
 	{% endfor %}
 </ul>
 <noscript>
 	<ul class="pull-right list-unstyled" style="margin-left:10px;">
 		{% for v in videos %}
-		<li><a href="https://video.fsmpi.rwth-aachen.de/{{v.path}}">{{v.format_description}} ({{v.file_size|filesizeformat(true)}})</a></li>
+		<li><a href="{{ videoprefix }}/{{v.path}}">{{v.format_description}} ({{v.file_size|filesizeformat(true)}})</a></li>
 		{% endfor %}
 	</ul>
 </noscript>
-- 
GitLab