server.py 21.3 KB
Newer Older
1
from flask import Flask, g, request, url_for, redirect, session, render_template, flash, Response, make_response
2
from werkzeug.routing import Rule
3
from functools import wraps
Julian Rother's avatar
Julian Rother committed
4
from datetime import date, timedelta, datetime, time, MINYEAR
5
import threading
6
import os
7
import sys
Julian Rother's avatar
Julian Rother committed
8
import hashlib
9
import random
10
import sched
11
import traceback
12

13
app = Flask(__name__)
14

Andreas Valder's avatar
Andreas Valder committed
15
16
app.jinja_env.trim_blocks = True
app.jinja_env.lstrip_blocks = True
Julian Rother's avatar
Julian Rother committed
17
app.add_template_global(random.randint, name='randint')
18
19
app.add_template_global(datetime, name='datetime')
app.add_template_global(timedelta, name='timedelta')
Andreas Valder's avatar
Andreas Valder committed
20

21
22
scheduler = sched.scheduler()
def run_scheduler():
Andreas Valder's avatar
Andreas Valder committed
23
	import time
24
	time.sleep(1) # UWSGI does weird things on startup
25
26
	while True:
		scheduler.run()
27
		time.sleep(10)
28

29
30
31
def sched_func(delay, priority=0, firstdelay=None, args=[], kargs={}):
	if firstdelay == None:
		firstdelay = random.randint(1, 120)
32
33
34
	def wrapper(func):
		def sched_wrapper():
			with app.test_request_context():
35
				func(*args, **kargs)
36
			scheduler.enter(delay, priority, sched_wrapper)
37
		scheduler.enter(firstdelay, priority, sched_wrapper)
38
39
40
41
		return func
	return wrapper

threading.Thread(target=run_scheduler, daemon=True).start()
42

43
config = app.config
44
config.from_pyfile('config.py.example', silent=True)
45
46
47
if sys.argv[0].endswith('run.py'): 
	config['SQLITE_INIT_DATA'] = True
	config['DEBUG'] = True
48
config.from_pyfile('config.py', silent=True)
Andreas Valder's avatar
Andreas Valder committed
49
50
if config['DEBUG']:
	app.jinja_env.auto_reload = True
51
52
if not config.get('SECRET_KEY', None):
	config['SECRET_KEY'] = os.urandom(24)
Julian Rother's avatar
Julian Rother committed
53

Julian Rother's avatar
Julian Rother committed
54
from db import query, modify, searchquery, ldapauth, ldapget
Julian Rother's avatar
Julian Rother committed
55

56
mod_endpoints = []
Julian Rother's avatar
Julian Rother committed
57

Julian Rother's avatar
Cleanup    
Julian Rother committed
58
@app.template_global()
59
60
61
62
def ismod(*args):
	return ('user' in session)

def mod_required(func):
63
	mod_endpoints.append(func.__name__)
64
65
	@wraps(func)
	def decorator(*args, **kwargs):
66
		if not ismod():
67
68
69
70
71
72
			flash('Diese Funktion ist nur für Moderatoren verfügbar!')
			return redirect(url_for('login', ref=request.url))
		else:
			return func(*args, **kwargs)
	return decorator

73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
def evalauth(auths):
	cauths = []
	lauths = []
	vauths = []
	for auth in auths:
		if auth['course_id']:
			cauths.append(auth)
		elif auth['lecture_id']:
			lauths.append(auth)
		elif auth['video_id']:
			vauths.append(auth)
	if vauths:
		return vauths
	elif lauths:
	 	return lauths
	elif cauths:
		return cauths
	return [{'auth_type': 'public'}]

@app.template_filter()
def checkauth(auths, username=None, password=None):
	auths = evalauth(auths)
	for auth in auths:
		if auth['auth_type'] == 'public':
			return True
		elif auth['auth_type'] == 'password':
99
			if auth['auth_param'] == username and auth['auth_param2'] == password:
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
				return True
		elif auth['auth_type'] == 'l2p':
			if auth['auth_param'] in session.get('l2p_courses', []):
				return True
		elif auth['auth_type'] == 'rwth':
			if session.get('rwthintern', False):
				return True
	return False

@app.template_filter()
def authdescr(auths):
	auths = evalauth(auths)
	public = False
	password = False
	l2p_courses = []
	rwth_intern = False
	for auth in auths:
		if auth['auth_type'] == 'public':
			public = True
		elif auth['auth_type'] == 'password':
			password = True
		elif auth['auth_type'] == 'l2p':
			l2p_courses.append(auth['auth_param'])
		elif auth['auth_type'] == 'rwth':
			rwth_intern = True
	if public or not auths:
		return 'public', 'Öffentlich verfügbar'
	if rwth_intern:
		if password:
			return 'rwth', 'Nur für RWTH-Angehörige und Nutzer mit Passwort verfügbar'
		return 'rwth', 'Nur für RWTH-Angehörige verfügbar'
	if l2p_courses:
		if password:
133
134
			return 'l2p', 'Nur für Teilnehmer der Veranstaltung und Nutzer mit Passwort verfügbar'
		return 'l2p', 'Nur für Teilnehmer der Veranstaltung verfügbar'
135
136
137
138
	if password:
		return 'password', 'Nur für Nutzer mit Passwort verfügbar'
	return 'public', 'Öffentlich verfügbar'

139
app.jinja_env.globals['navbar'] = []
140
141
142
143
144
# iconlib can be 'bootstrap'
# ( see: http://getbootstrap.com/components/#glyphicons )
# or 'fa'
# ( see: http://fontawesome.io/icons/ )
def register_navbar(name, iconlib='bootstrap', icon=None):
145
	def wrapper(func):
146
		endpoint = func.__name__
147
		app.jinja_env.globals['navbar'].append((endpoint, name, iconlib, icon, not endpoint in mod_endpoints))
148
149
150
		return func
	return wrapper

Julian Rother's avatar
Cleanup    
Julian Rother committed
151
152
153
154
def render_endpoint(endpoint, flashtext=None, **kargs):
	if flashtext:
		flash(flashtext)
	# request.endpoint is used for navbar highlighting
155
	request.url_rule = Rule(request.path, endpoint=endpoint)
Julian Rother's avatar
Cleanup    
Julian Rother committed
156
157
	return app.view_functions[endpoint](**kargs)

158
159
160
161
162
163
164
def handle_errors(endpoint, text, code, *errors, **epargs):
	def wrapper(func):
		@wraps(func)
		def decorator(*args, **kwargs):
			try:
				return func(*args, **kwargs)
			except errors:
Julian Rother's avatar
Julian Rother committed
165
				if endpoint:
166
					return make_response(render_endpoint(endpoint, text, **epargs), code)
Julian Rother's avatar
Julian Rother committed
167
168
				else:
					return text, code
169
170
171
		return decorator
	return wrapper

Julian Rother's avatar
Cleanup    
Julian Rother committed
172
173
@app.errorhandler(404)
def handle_not_found(e):
174
	return render_endpoint('index', 'Diese Seite existiert nicht!'), 404
Julian Rother's avatar
Cleanup    
Julian Rother committed
175

176
177
178
179
180
181
@app.errorhandler(500)
@app.errorhandler(Exception)
def handle_internal_error(e):
	traceback.print_exc()
	return render_template('500.html')

Andreas Valder's avatar
Andreas Valder committed
182
183
# debian ships jinja2 without this test...
@app.template_test(name='equalto')
184
185
186
def equalto(a,b):
	return a == b

Julian Rother's avatar
Julian Rother committed
187
@app.template_filter(name='semester')
188
189
190
191
192
193
194
195
196
197
198
199
200
201
def human_semester(s, long=False):
	if not s or s == 'zeitlos' or len(s) != 6:
		return 'Zeitlos'
	year = s[0:4]
	semester = s[4:6].upper()
	if not year.isdigit() or semester not in ['SS', 'WS']:
		print('Invalid semester string "%s"'%s)
		return '??'
	if not long:
		return semester+year[2:]
	elif semester == 'SS':
		return 'Sommersemester %s'%year
	else:
		return 'Wintersemester %s/%s'%(year, str(int(year)+1)[2:])
Julian Rother's avatar
Julian Rother committed
202
203
204

@app.template_filter(name='date')
def human_date(d):
Andreas Valder's avatar
Andreas Valder committed
205
	return d.strftime('%d.%m.%Y')
Julian Rother's avatar
Julian Rother committed
206

Andreas Valder's avatar
Andreas Valder committed
207
@app.template_filter(name='time')
208
def human_time(d):
Andreas Valder's avatar
Andreas Valder committed
209
210
	return d.strftime('%H:%M')

Julian Rother's avatar
Julian Rother committed
211
212
213
214
@app.template_filter()
def rfc3339(d):
	return d.strftime('%Y-%m-%dT%H:%M:%S+02:00')

215
216
@app.template_global()
def get_announcements(minlevel=0):
217
218
	offset = timedelta()
	if ismod():
219
		offset = timedelta(hours=24)
220
	return query('SELECT * FROM announcements WHERE NOT deleted AND ((time_expire = NULL) OR time_expire > ?) AND (? OR (visible AND time_publish < ?)) AND level >= ? ORDER BY level DESC', datetime.now()-offset, ismod(), datetime.now(), minlevel)
221

222
223
224
225
226
@app.template_filter()
def fixnl(s):
	# To be remove, as soon as db schema is cleaned-up
	return str(s).replace('\n', '<br>')

227
@app.route('/')
228
@register_navbar('Home', icon='home')
229
def index():
230
231
	start = date.today() - timedelta(days=1)
	end = start + timedelta(days=7)
232
233
	upcomming = query('''
		SELECT lectures.*, "course" AS sep, courses.*
Andreas Valder's avatar
Andreas Valder committed
234
235
		FROM lectures
		JOIN courses ON (lectures.course_id = courses.id)
236
237
		WHERE (time > ?) AND (time < ?) and lectures.visible and courses.visible and courses.listed
		ORDER BY time ASC LIMIT 30''',start,end)
Andreas Valder's avatar
Andreas Valder committed
238
239
240
	for i in upcomming:
		i['date'] = i['time'].date()
	latestvideos=query('''
241
		SELECT lectures.*, "course" AS sep, courses.*
Andreas Valder's avatar
Andreas Valder committed
242
243
244
245
246
		FROM lectures
		LEFT JOIN videos ON (videos.lecture_id = lectures.id)
		LEFT JOIN courses on (courses.id = lectures.course_id)
		WHERE (? OR (courses.visible AND courses.listed AND lectures.visible AND videos.visible))
		GROUP BY videos.lecture_id
247
		ORDER BY MAX(videos.time_updated) DESC
Andreas Valder's avatar
Andreas Valder committed
248
		LIMIT 6	''',ismod())
249
250
	featured = query('SELECT * FROM featured WHERE NOT deleted AND (? OR visible)', ismod())
	return render_template('index.html', latestvideos=latestvideos, upcomming=upcomming, featured=featured)
251

252
@app.route('/course')
253
@register_navbar('Videos', icon='film')
254
def courses():
255
	courses = query('SELECT * FROM courses WHERE (? OR (visible AND listed)) ORDER BY title', ismod())
256
257
258
	for course in courses:
		if course['semester'] == '':
			course['semester'] = 'zeitlos'
Andreas Valder's avatar
Andreas Valder committed
259
	groupedby = request.args.get('groupedby')
Julian Rother's avatar
Cleanup    
Julian Rother committed
260
	if groupedby not in ['title', 'semester', 'organizer']:
Andreas Valder's avatar
Andreas Valder committed
261
		groupedby = 'semester'
262
	return render_template('courses.html', courses=courses, groupedby=groupedby)
Andreas Valder's avatar
Andreas Valder committed
263

264
265
@app.route('/course/<handle>')
@app.route('/course/<int:id>')
266
@handle_errors('courses', 'Diese Veranstaltung existiert nicht!', 404, IndexError)
267
268
def course(id=None, handle=None):
	if id:
269
		course = query('SELECT * FROM courses WHERE id = ? AND (? OR visible)', id, ismod())[0]
270
	else:
271
		course = query('SELECT * FROM courses WHERE handle = ? AND (? OR visible)', handle, ismod())[0]
272
273
274
	course['auth'] = query('SELECT * FROM auth WHERE course_id = ? ORDER BY auth_type', course['id'])
	auths = query('SELECT auth.* FROM auth JOIN lectures ON (auth.lecture_id = lectures.id) WHERE lectures.course_id = ? ORDER BY auth.auth_type', course['id'])
	lectures = query('SELECT * FROM lectures WHERE course_id = ? AND (? OR visible) ORDER BY time, duration DESC', course['id'], ismod())
275
276
	for lecture in lectures:
		lecture['auth'] = []
277
		lecture['course'] = course
278
279
280
		for auth in auths:
			if auth['lecture_id'] == lecture['id']:
				lecture['auth'].append(auth)
Andreas Valder's avatar
Andreas Valder committed
281
	videos = query('''
282
			SELECT videos.*, (videos.downloadable AND courses.downloadable) as downloadable, formats.description AS format_description, formats.player_prio, formats.prio
Andreas Valder's avatar
Andreas Valder committed
283
284
285
286
287
288
			FROM videos
			JOIN lectures ON (videos.lecture_id = lectures.id)
			JOIN formats ON (videos.video_format = formats.id)
			JOIN courses ON (lectures.course_id = courses.id)
			WHERE lectures.course_id= ? AND (? OR videos.visible)
			ORDER BY lectures.time, formats.prio DESC
289
290
			''', course['id'], ismod())
	return render_template('course.html', course=course, lectures=lectures, videos=videos)
Andreas Valder's avatar
Andreas Valder committed
291

Andreas Valder's avatar
Andreas Valder committed
292
@app.route('/faq')
293
@register_navbar('FAQ', icon='question-sign')
Andreas Valder's avatar
Andreas Valder committed
294
def faq():
295
	return render_template('faq.html')
Andreas Valder's avatar
Andreas Valder committed
296

297
@app.route('/play/<int:id>')
Andreas Valder's avatar
Andreas Valder committed
298
@app.route('/embed/<int:id>', endpoint='embed')
299
@handle_errors('course', 'Diese Vorlesung existiert nicht!', 404, IndexError)
300
def lecture(id):
Andreas Valder's avatar
Andreas Valder committed
301
302
303
304
305
	lecture = query('SELECT * FROM lectures WHERE id = ? AND (? OR visible)', id, ismod())[0]
	videos = query('''
			SELECT videos.*, (videos.downloadable AND courses.downloadable) as downloadable, formats.description AS format_description, formats.player_prio, formats.prio
			FROM videos
			JOIN formats ON (videos.video_format = formats.id)
306
307
308
309
			JOIN courses ON (courses.id = ?)
			WHERE videos.lecture_id = ? AND (? OR videos.visible)
			ORDER BY formats.prio DESC
			''', lecture['course_id'], lecture['id'], ismod())
310
311
	auths = query('SELECT auth.* FROM auth WHERE (auth.lecture_id = ? OR auth.course_id = ?)',
			lecture['id'], lecture['course_id'])
312
313
	if not videos:
		flash('Zu dieser Vorlesung wurden noch keine Videos veröffentlicht!')
314
	courses = query('SELECT * FROM courses WHERE id = ? AND (? OR visible)', lecture['course_id'], ismod())
315
316
	if not courses:
		return render_endpoint('courses', 'Diese Veranstaltung existiert nicht!'), 404
317
	chapters = query('SELECT * FROM chapters WHERE lecture_id = ? AND NOT deleted AND (? OR visible) ORDER BY time ASC', id, ismod())
318
319
320
321
322
323
324
325
	if not checkauth(auths):
		mode, text = authdescr(auths)
		if mode == 'rwth':
			flash(text+'. <a target="_blank" href="'+url_for('start_rwthauth')+'">Hier authorisieren</a>.')
		elif mode == 'l2p':
			flash(text+'. <a target="_blank" href="'+url_for('start_l2pauth')+'">Hier authorisieren</a>.')
		else:
			flash(text+'.')
326
	return render_template('embed.html' if request.endpoint == 'embed' else 'lecture.html', course=courses[0], lecture=lecture, videos=videos, chapters=chapters)
Andreas Valder's avatar
Andreas Valder committed
327

328
329
330
331
332
333
334

@app.route('/search')
def search():
	if 'q' not in request.args:
		return redirect(url_for('index'))
	q = request.args['q']
	courses = searchquery(q, '*', ['title', 'short', 'organizer', 'subject', 'description'],
335
			'courses', 'WHERE (? OR (visible AND listed)) GROUP BY id ORDER BY _score DESC, semester DESC LIMIT 20', ismod())
Julian Rother's avatar
Julian Rother committed
336
337
338
339
340
	#lectures = searchquery(q, 'lectures.*, courses.visible AS coursevisible, courses.listed, "course" AS sep, courses.*',
	#			['lectures.title', 'lectures.comment', 'lectures.speaker', 'courses.short'],
	#			'lectures LEFT JOIN courses on (courses.id = lectures.course_id)',
	#			'WHERE (? OR (coursevisible AND listed AND visible)) GROUP BY id ORDER BY _score DESC, time DESC LIMIT 30', ismod())
	lectures = searchquery(q, 'lectures.*, courses.visible AS coursevisible, courses.listed, courses.id AS courses_id, courses.visible AS courses_visible, courses.listed AS courses_listed, courses.title AS courses_title, courses.short AS courses_short, courses.handle AS courses_handle, courses.organizer AS courses_organizer, courses.subject AS courses_subject, courses.credits AS courses_credits, courses.created_by AS courses_created_by, courses.time_created AS courses_time_created, courses.time_updated AS courses_time_updated, courses.semester AS courses_semester, courses.downloadable AS courses_downloadable, courses.embedinvisible AS courses_embedinvisible, courses.description AS courses_description, courses.internal AS courses_internal, courses.responsible AS courses_responsible',
341
342
			['lectures.title', 'lectures.comment', 'lectures.speaker', 'courses.short'],
			'lectures LEFT JOIN courses on (courses.id = lectures.course_id)',
343
			'WHERE (? OR (coursevisible AND listed AND visible)) GROUP BY id ORDER BY _score DESC, time DESC LIMIT 30', ismod())
Julian Rother's avatar
Julian Rother committed
344
345
346
347
348
	for lecture in lectures:
		lecture['course'] = {}
		for key in lecture:
			if key.startswith('courses_'):
				lecture['course'][key[8:]] = lecture[key]
349
	return render_template('search.html', searchtext=request.args['q'], courses=courses, lectures=lectures)
Andreas Valder's avatar
Andreas Valder committed
350

351
352
353
def check_mod(user, groups):
	return user and 'users' in groups

354
@app.route('/login', methods=['GET', 'POST'])
Julian Rother's avatar
Julian Rother committed
355
def login():
356
357
	if request.method == 'GET':
		return render_template('login.html')
Julian Rother's avatar
Julian Rother committed
358
	user, groups = ldapauth(request.form.get('user'), request.form.get('password'))
359
	if not check_mod(user, groups):
360
		flash('Login fehlgeschlagen!')
361
362
363
364
		return render_template('login.html')
	session['user'] = ldapget(user)
	dbuser = query('SELECT * FROM users WHERE name = ?', user)
	if not dbuser:
Julian Rother's avatar
Julian Rother committed
365
		modify('INSERT INTO users (name, realname, fsacc, level, calendar_key, rfc6238) VALUES (?, ?, ?, 1, "", "")', user, session['user']['givenName'], user)
366
367
		dbuser = query('SELECT * FROM users WHERE name = ?', user)
	session['user']['dbid'] = dbuser[0]['id']
Julian Rother's avatar
Julian Rother committed
368
	return redirect(request.values.get('ref', url_for('index')))
Julian Rother's avatar
Julian Rother committed
369

Julian Rother's avatar
Julian Rother committed
370
@app.route('/logout', methods=['GET', 'POST'])
Julian Rother's avatar
Julian Rother committed
371
372
def logout():
	session.pop('user')
Julian Rother's avatar
Julian Rother committed
373
	return redirect(request.values.get('ref', url_for('index')))
Julian Rother's avatar
Julian Rother committed
374

375
# name: (tablename, idcolumn, [editable_fields], [fields_to_set_at_creation_time])
376
377
378
tabs = {
	'courses': ('courses_data', 'id', ['visible', 'listed', 'title', 'short',
			'handle', 'organizer', 'subject', 'semester', 'downloadable',
379
			'internal', 'responsible','deleted','description'],
380
			['created_by', 'time_created', 'time_updated']),
381
	'lectures': ('lectures_data', 'id', ['visible', 'title', 'comment',
382
383
384
385
386
387
388
389
390
391
			'internal', 'speaker', 'place', 'time', 'duration', 'jumplist','deleted'],
			['course_id', 'time_created', 'time_updated']),
	'videos': ('videos_data', 'id', ['visible','deleted'],
			['created_by', 'time_created', 'time_updated']),
	'chapters': ('chapters', 'id', ['time', 'text', 'visible', 'deleted'],
			['created_by', 'time_created', 'time_updated']),
	'announcements': ('announcements', 'id', ['text', 'level', 'visible',
			'deleted', 'time_publish', 'time_expire'],
			['created_by', 'time_created', 'time_updated']),
	'featured': ('featured', 'id', ['title', 'text', 'internal', 'visible', 'deleted'],
392
			['created_by', 'time_created', 'time_updated']),
393
	'auth': ('auth_data', 'auth_id', ['auth_type', 'auth_param', 'auth_param2', 'deleted'],
394
395
396
			['course_id', 'lecture_id', 'video_id', 'created_by', 'time_created', 'time_updated']),
	'sorterrorlog': ('sorterrorlog_data', 'id', ['deleted'],
			['time_created', 'time_updated'])
397
398
}

399
@app.route('/edit', methods=['GET', 'POST'])
400
@mod_required
401
def edit(prefix='', ignore=[]):
402
	# All editable tables are expected to have a 'time_updated' field
403
	ignore.append('ref')
404
405
406
	ignore.append('prefix')
	if not prefix and 'prefix' in request.args:
		prefix = request.args['prefix']
Julian Rother's avatar
Julian Rother committed
407
	modify('BEGIN')
408
	changes = request.values.items()
409
	if (request.method == 'POST') and (request.get_json()):
Julian Rother's avatar
Julian Rother committed
410
411
		changes = request.get_json().items()
	for key, val in changes:
412
413
414
		if key in ignore:
			continue
		key = prefix+key
415
		table, id, column = key.split('.', 2)
Julian Rother's avatar
Julian Rother committed
416
417
		assert table in tabs
		assert column in tabs[table][2]
418
419
		modify('INSERT INTO changelog (`table`,id_value, id_key, field, value_new, value_old, `when`, who, executed) VALUES (?,?,?,?,?,(SELECT %s FROM %s WHERE %s = ?),?,?,1)'%(column, tabs[table][0], tabs[table][1]),
				table, id, tabs[table][1], column, val, id, datetime.now(), session['user']['dbid'])
Julian Rother's avatar
Julian Rother committed
420
421
		modify('UPDATE %s SET %s = ?, time_updated = ? WHERE %s = ?'%(tabs[table][0], column, tabs[table][1]), val, datetime.now(), id)
	modify('COMMIT')
422
423
	if 'ref' in request.values:
		return redirect(request.values['ref'])
424
	return "OK", 200
Julian Rother's avatar
Julian Rother committed
425

426
@app.route('/new/<table>', methods=['GET', 'POST'])
427
@mod_required
428
429
def create(table):
	assert table in tabs
430
431
432
433
434
435
436
	defaults = {'created_by': session['user']['dbid'], 'time_created': datetime.now(), 'time_updated': datetime.now()}
	columns = []
	values = []
	for column, val in defaults.items():
		if column in tabs[table][3]:
			columns.append(column)
			values.append(val)
437
	args = request.values
438
	if (request.method == 'POST') and (request.get_json()):
439
440
441
442
		args = request.get_json()
	for column, val in args.items():
		if column == 'ref':
			continue
443
444
		assert column in tabs[table][2]+tabs[table][3]
		assert column not in defaults
445
446
447
448
		columns.append(column)
		values.append(val)
	id = modify('INSERT INTO %s (%s) VALUES (%s)'%(tabs[table][0],
				','.join(columns), ','.join(['?']*len(values))), *values)
449
450
451
452
	if 'ref' in request.values:
		return redirect(request.values['ref'])
	return str(id), 200

453
454
455
456
457
@app.route('/auth')
def auth(): # For use with nginx auth_request
	if 'X-Original-Uri' not in request.headers:
		return 'Internal Server Error', 500
	url = request.headers['X-Original-Uri'].lstrip(config['VIDEOPREFIX'])
458
	ip = request.headers.get('X-Real-IP', '')
459
	if url.endswith('jpg'):
460
		return "OK", 200
461
	videos = query('''SELECT videos.path, videos.id, auth.*
462
463
464
      FROM videos
      JOIN lectures ON (videos.lecture_id = lectures.id)
      JOIN courses ON (lectures.course_id = courses.id)
465
			LEFT JOIN auth ON (videos.id = auth.video_id OR lectures.id = auth.lecture_id OR courses.id = auth.course_id)
466
467
      WHERE videos.path = ?
      AND (? OR (courses.visible AND lectures.visible AND videos.visible))
468
			ORDER BY auth.video_id DESC, auth.lecture_id DESC, auth.course_id DESC''',
469
			url, ismod())
470

471
	if not videos:
472
		return "Not allowed", 403
473
	auth = request.authorization
474
475
476
477
478
	username = password = None
	if auth:
		username = auth.username
		password = auth.password
	if checkauth(videos, username=username, password=password):
479
		return 'OK', 200
Julian Rother's avatar
Julian Rother committed
480
		modify('INSERT INTO log VALUES (?, "", ?, "video", ?, ?)', ip, datetime.now(), videos[0]['id'], url)
481
482
483
484
485
486
	password_auth = False
	for video in videos:
		if video['auth_type'] == 'password':
			password_auth = True
			break
	if password_auth:
487
488
		return Response("Login required", 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})
	return "Not allowed", 403
Andreas Valder's avatar
Andreas Valder committed
489

Andreas Valder's avatar
Andreas Valder committed
490
@app.route('/stats')
Andreas Valder's avatar
Andreas Valder committed
491
@register_navbar('Statistiken', icon='stats')
Andreas Valder's avatar
Andreas Valder committed
492
493
494
@mod_required
def stats():
	return render_template('stats.html')
Andreas Valder's avatar
Andreas Valder committed
495

Andreas Valder's avatar
Andreas Valder committed
496
@app.route('/changelog')
Andreas Valder's avatar
Andreas Valder committed
497
@register_navbar('Changelog', icon='book')
Andreas Valder's avatar
Andreas Valder committed
498
@mod_required
499
def changelog():
500
501
502
	changelog = query('SELECT * FROM changelog LEFT JOIN users ON (changelog.who = users.id) ORDER BY `when` DESC LIMIT 50')
	for entry in changelog:
		entry['path'] = '.'.join([entry['table'], entry['id_value'], entry['field']])
503
	return render_template('changelog.html', changelog=changelog)
Andreas Valder's avatar
Andreas Valder committed
504

Julian Rother's avatar
Julian Rother committed
505
506
507
508
@app.route('/files/<filename>')
def files(filename):
	return redirect(config['VIDEOPREFIX']+'/'+filename)

509
510
511
512
513
@app.route('/newchapter/<int:lectureid>', methods=['POST', 'GET'])
def suggest_chapter(lectureid):
	time = request.values['time']
	text = request.values['text']
	assert(time and text)
514
515
516
517
518
519
520
	try:
		x = datetime.strptime(time,'%H:%M:%S')
		time= timedelta(hours=x.hour,minutes=x.minute,seconds=x.second).total_seconds()
		time = int(time)
	except ValueError:
		flash('Falsches Zeitformat, "%H:%M:%S" wird erwartet. Z.B. "01:39:42" für eine Kapitel bei Stunde 1, Minute 39, Sekunde 42')
		
521
522
523
	submitter = None
	if not ismod():
		submitter = request.environ['REMOTE_ADDR']
Julian Rother's avatar
Julian Rother committed
524
	id = modify('INSERT INTO chapters (lecture_id, time, text, time_created, time_updated, created_by, submitted_by) VALUES (?, ?, ?, ?, ?, ?, ?)',
525
526
527
528
529
				lectureid, time, text, datetime.now(), datetime.now(), session.get('user', {'dbid':None})['dbid'], submitter)
	if 'ref' in request.values:
		return redirect(request.values['ref'])
	return 'OK',  200

530
531
532
533
534
535
536
537
538
539
@app.route('/chapters/<int:lectureid>')
def chapters(lectureid):
	chapters = query("SELECT * FROM chapters WHERE lecture_id = ? and visible ORDER BY time DESC", lectureid)
	last = None
	for c in chapters:
		c['start'] = c['time']
		c['end'] = last['start'] if last else 9999
		last = c
	return Response(render_template('chapters.srt',chapters=chapters), 200, {'Content-Type':'text/vtt'})

Andreas Valder's avatar
Andreas Valder committed
540
@app.route('/sitemap.xml')
Andreas Valder's avatar
Andreas Valder committed
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
def sitemap():
	pages=[]
	# static pages
	for rule in app.url_map.iter_rules():
		if 'GET' in rule.methods and len(rule.arguments)==0:
			if rule.endpoint not in mod_endpoints:
				pages.append([rule.rule])
	for i in query('select * from courses where visible and listed'):
		pages.append([url_for('course',handle=i['handle'])])
		for j in query('select * from lectures where (course_id = ? and visible)',i['id']):
			pages.append([url_for('lecture',id=j['id'])])


	return Response(render_template('sitemap.xml', pages=pages), 200, {'Content-Type': 'application/atom+xml'} )

Julian Rother's avatar
Julian Rother committed
556
import feeds
557
import importer
Andreas Valder's avatar
Andreas Valder committed
558
import sorter
559
560
if 'ICAL_URL' in config:
	import meetings
561
562
if 'L2P_APIKEY' in config:
	import l2pauth
563
import jobs
Andreas Valder's avatar
Andreas Valder committed
564
import timetable