api: finish resource auth

ce584de4 · Simon Künzel · de077b0a · ce584de4 · ce584de4
Commit ce584de4 authored 4 months ago by Simon Künzel
--- a/api/config/api_example_config.py
+++ b/api/config/api_example_config.py
@@ -24,8 +24,8 @@ LOG_CLIENT_ERRORS_WHEN_DEBUGGING = True
 API_SERVER_NAME = "dev"

 # Prefix which is prepended to paths (which are saved in the database) before they are provided by the api
-# Must include the last /
-FILE_PATH_PREFIX = "https://video.fsmpi.rwth-aachen.de/files/"
+# Must NOT include a last /
+FILE_PATH_PREFIX = "https://video.fsmpi.rwth-aachen.de/files"

 # Used for all cookies
 # While the frontend and api are on different subdomains, that still counts as 'same-site'

--- a/api/src/api/routes/resources.py
+++ b/api/src/api/routes/resources.py
-from flask import redirect
+from flask import request, redirect
+import urllib.parse as url_parse

 from videoag_common.objects import *
 from api.authentication import is_authenticated
 from api.routes import *
+from videoag_common.objects.medium import FileMedium
+import api


-@api_route("/resources/target_medium/<int:target_medium_id>", "GET", allow_while_readonly=True,
-           no_documentation=True)
-def api_route_access_target_medium(target_medium_id: int):
+_FILE_PATH_PREFIX: str = api.config["FILE_PATH_PREFIX"]
+if _FILE_PATH_PREFIX.endswith("/"):
+    raise ValueError("FILE_PATH_PREFIX must NOT have a trailing /")
+
+
+def _check_access_target_medium(target_medium_id: int) -> TargetMedium:
    is_mod = is_moderator()
    medium = database.query_one_or_none_and_expunge(TargetMedium.select(
        is_mod,
@@ -29,9 +35,45 @@ def api_route_access_target_medium(target_medium_id: int):
    if not is_authenticated(lecture.effective_view_permissions):
        raise ApiClientException(ERROR_UNAUTHORIZED)
    
-    # TODO
+    return medium
+
+
+@api_route("/resources/target_medium/<int:target_medium_id>", "GET", allow_while_readonly=True,
+           no_documentation=True)
+def api_route_access_target_medium(target_medium_id: int):
+    medium = _check_access_target_medium(target_medium_id)
+    
+    if not isinstance(medium, FileMedium):
+        raise TypeError(f"Don't know how to handle TargetMedium which is not FileMedium but {type(medium)}")
+    
+    return redirect(f"{_FILE_PATH_PREFIX}/{medium.file_path}?tm_id={target_medium_id}")
+
+
+@api_route("/resources/internal_auth_check", "GET", allow_while_readonly=True,
+           no_documentation=True)
+def api_route_resource_internal_auth_check():
+    if "X-Original-URI" not in request.headers:
+        raise ApiClientException(ERROR_REQUEST_MISSING_PARAMETER("Header 'X-Original-URI'"))
+    try:
+        url_result = url_parse.urlparse(request.headers["X-Original-URI"])
+        params: dict[str, list[str]] = url_parse.parse_qs(url_result.query, strict_parsing=True)
+    except (TypeError, ValueError):
+        raise ApiClientException(ERROR_REQUEST_INVALID_PARAMETER("Header 'X-Original-URI'", "Unable to parse URL"))
+    
+    if len(params.get("tm_id", [])) != 1:
+        raise ApiClientException(ERROR_REQUEST_MISSING_PARAMETER("tm_id (in Header 'X-Original-URI')"))
+    
+    try:
+        target_medium_id = int(params["tm_id"][0])
+    except ValueError:
+        raise ApiClientException(ERROR_REQUEST_INVALID_PARAMETER("URL.tm_id", "Unable to parse integer"))
+
+    medium = _check_access_target_medium(target_medium_id)
+    
+    if not isinstance(medium, FileMedium):
+        raise TypeError(f"Don't know how to handle TargetMedium which is not FileMedium but {type(medium)}")
+    
+    if f"{url_result.scheme}://{url_result.netloc}{url_result.path}" != f"{_FILE_PATH_PREFIX}/{medium.file_path}":
+        raise ApiClientException(ERROR_UNAUTHORIZED)
    
-    if isinstance(medium, ThumbnailTargetMedium):
-        return redirect("https://video.fsmpi.rwth-aachen.de/files/thumbnail/l_17253.jpg")
-    else:
-        return redirect("https://video.fsmpi.rwth-aachen.de/files/pub/23ws-buk/23ws-buk-231012-1080p.mp4")
+    return {}, HTTP_200_OK