From e540dec97a6d78b23ef1ca537d586727a106222c Mon Sep 17 00:00:00 2001
From: Julian Rother <julianr@fsmpi.rwth-aachen.de>
Date: Fri, 2 Sep 2016 22:17:49 +0200
Subject: [PATCH] Implemented configurable authentification
---
db_schema.sql | 9 +++++++++
server.py | 49 ++++++++++++++++++++++++++++++++++---------------
2 files changed, 43 insertions(+), 15 deletions(-)
diff --git a/db_schema.sql b/db_schema.sql
index bb9e81c..096ebbb 100644
--- a/db_schema.sql
+++ b/db_schema.sql
@@ -93,6 +93,15 @@ CREATE TABLE IF NOT EXISTS `places` (
`campus_room` varchar(20) NOT NULL,
`campus_name` varchar(30) NOT NULL
);
+CREATE TABLE IF NOT EXISTS `auth` (
+ `auth_id` INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ `course_id` INTEGER,
+ `lecture_id` INTEGER,
+ `video_id` INTEGER,
+ `type` varchar(10),
+ `auth_user` varchar(127),
+ `auth_passwd` varchar(127)
+);
CREATE TABLE IF NOT EXISTS `site_texts` (
`key` varchar(64) NOT NULL PRIMARY KEY,
`value` text NOT NULL,
diff --git a/server.py b/server.py
index 22fe44a..4ad08d1 100755
--- a/server.py
+++ b/server.py
@@ -1,5 +1,4 @@
-#!/bin/python
-from flask import Flask, g, request, url_for, redirect, session, render_template, flash
+from flask import Flask, g, request, url_for, redirect, session, render_template, flash, Response
from werkzeug.routing import Rule
from functools import wraps
from datetime import date, timedelta, datetime, time
@@ -213,21 +212,41 @@ def auth(): # For use with nginx auth_request
return 'Internal Server Error', 500
url = request.headers['X-Original-Uri'].lstrip(config['VIDEOPREFIX'])
ip = request.headers.get('X-Real-IP', '')
- videos = query('''SELECT videos.path, videos.id
- FROM videos
- JOIN lectures ON (videos.lecture_id = lectures.id)
- JOIN courses ON (lectures.course_id = courses.id)
- WHERE videos.path = ?
- AND (? OR (courses.visible AND lectures.visible AND videos.visible))''',
- url, ismod())
- if videos and (url.startswith('pub') or ismod()):
- query('INSERT INTO log VALUES (?, "", ?, "video", ?, ?)', ip, datetime.now(), videos[0]['id'], url)
- return "OK", 200
- elif url.endswith('jpg'):
+ if url.endswith('jpg'):
return "OK", 200
- else:
+ videos = query('''SELECT videos.path, videos.id, lectures.id AS lecture_id, courses.id AS course_id, protected.*
+ FROM videos
+ JOIN lectures ON (videos.lecture_id = lectures.id)
+ JOIN courses ON (lectures.course_id = courses.id)
+ LEFT JOIN protected ON (videos.id = protected.video_id OR lectures.id = protected.lecture_id OR courses.id = protected.course_id)
+ WHERE videos.path = ?
+ AND (? OR (courses.visible AND lectures.visible AND videos.visible))
+ ORDER BY protected.video_id DESC, protected.lecture_id DESC, protected.course_id DESC''',
+ url, ismod())
+ if not videos:
return "Not allowed", 403
-
+ first = videos[0]
+ allowed = False
+ types = []
+ auth = request.authorization
+ for video in videos:
+ if first and ((first['video_id'] and not video['video_id']) \
+ or (first['lecture_id'] and not video['lecture_id'])):
+ break
+ types.append(video['auth_type'])
+ if video['auth_type'] == 'public':
+ allowed = True
+ break
+ elif video['auth_type'] == 'password':
+ if auth and video['auth_user'] == auth.username and video['auth_passwd'] == auth.password:
+ allowed = True
+ break
+ if allowed or ismod():
+ return 'OK', 200
+ query('INSERT INTO log VALUES (?, "", ?, "video", ?, ?)', ip, datetime.now(), videos[0]['id'], url)
+ elif 'password' in types:
+ return Response("Login required", 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})
+ return "Not allowed", 403
@app.route('/schedule')
@register_navbar('Drehplan', 'calendar')
--
GitLab