server.py 28.9 KB
Newer Older
1
from flask import Flask, g, request, url_for, redirect, session, render_template, flash, Response, make_response
2
from werkzeug.routing import Rule
3
from functools import wraps
Julian Rother's avatar
Julian Rother committed
4
from datetime import date, timedelta, datetime, time, MINYEAR
5
import threading
6
import os
7
import sys
Julian Rother's avatar
Julian Rother committed
8
import hashlib
9
import random
10
import sched
11
import traceback
12
import string
13
from socket import gethostname
Julian Rother's avatar
Julian Rother committed
14
from ipaddress import ip_address, ip_network
15

16
app = Flask(__name__)
17

Andreas Valder's avatar
Andreas Valder committed
18
19
app.jinja_env.trim_blocks = True
app.jinja_env.lstrip_blocks = True
Julian Rother's avatar
Julian Rother committed
20
app.add_template_global(random.randint, name='randint')
21
22
app.add_template_global(datetime, name='datetime')
app.add_template_global(timedelta, name='timedelta')
23
app.add_template_global(gethostname, name='gethostname')
Andreas Valder's avatar
Andreas Valder committed
24

25
26
scheduler = sched.scheduler()
def run_scheduler():
Andreas Valder's avatar
Andreas Valder committed
27
	import time
28
	time.sleep(1) # UWSGI does weird things on startup
29
30
	while True:
		scheduler.run()
31
		time.sleep(10)
32

33
34
35
def sched_func(delay, priority=0, firstdelay=None, args=[], kargs={}):
	if firstdelay == None:
		firstdelay = random.randint(1, 120)
36
37
38
	def wrapper(func):
		def sched_wrapper():
			with app.test_request_context():
39
40
41
42
				try:
					func(*args, **kargs)
				except Exception:
					traceback.print_exc()
43
			scheduler.enter(delay, priority, sched_wrapper)
44
		scheduler.enter(firstdelay, priority, sched_wrapper)
45
46
47
48
		return func
	return wrapper

threading.Thread(target=run_scheduler, daemon=True).start()
49

50
config = app.config
51
config.from_pyfile('config.py.example', silent=True)
52
53
54
if sys.argv[0].endswith('run.py'): 
	config['SQLITE_INIT_DATA'] = True
	config['DEBUG'] = True
55
config.from_pyfile('config.py', silent=True)
Andreas Valder's avatar
Andreas Valder committed
56
57
if config['DEBUG']:
	app.jinja_env.auto_reload = True
Andreas Valder's avatar
Andreas Valder committed
58
59
60

# get git commit
import subprocess
Andreas Valder's avatar
Andreas Valder committed
61
62
output = subprocess.check_output(['git', "log", "-g", "-1", "--pretty=%H # %h # %d # %s"]).decode('UTF-8').split('#')
app.jinja_env.globals['gitversion'] = { 'hash': output[1], 'longhash': output[0], 'branch': output[2], 'msg': output[3]  }
63

64
65
if not config.get('SECRET_KEY', None):
	config['SECRET_KEY'] = os.urandom(24)
Julian Rother's avatar
Julian Rother committed
66

Julian Rother's avatar
Julian Rother committed
67
from db import query, modify, searchquery, ldapauth, ldapget
Julian Rother's avatar
Julian Rother committed
68

69
mod_endpoints = []
Julian Rother's avatar
Julian Rother committed
70

Julian Rother's avatar
Cleanup    
Julian Rother committed
71
@app.template_global()
72
73
74
75
def ismod(*args):
	return ('user' in session)

def mod_required(func):
76
	mod_endpoints.append(func.__name__)
77
78
	@wraps(func)
	def decorator(*args, **kwargs):
79
		if not ismod():
80
81
82
83
84
85
			flash('Diese Funktion ist nur für Moderatoren verfügbar!')
			return redirect(url_for('login', ref=request.url))
		else:
			return func(*args, **kwargs)
	return decorator

86
87
csrf_endpoints = []

88
def csrf_protect(func):
89
	csrf_endpoints.append(func.__name__)
90
91
92
93
	@wraps(func)
	def decorator(*args, **kwargs):
		if '_csrf_token' in request.values:
			token = request.values['_csrf_token']
Andreas Valder's avatar
Andreas Valder committed
94
		elif request.get_json() and ('_csrf_token' in request.get_json()):
95
96
			token = request.get_json()['_csrf_token']
		else:
97
			token = None
98
99
100
101
102
103
		if not ('_csrf_token' in session) or (session['_csrf_token'] != token ) or not token: 
			return 'csrf test failed', 403
		else:
			return func(*args, **kwargs)
	return decorator

104
105
@app.url_defaults
def csrf_inject(endpoint, values):
106
	if endpoint not in csrf_endpoints or not session.get('_csrf_token'):
107
108
109
		return
	values['_csrf_token'] = session['_csrf_token']

110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
def evalperm(perms):
	cperms = []
	lperms = []
	vperms = []
	for perm in perms:
		if perm['course_id']:
			cperms.append(perm)
		elif perm['lecture_id']:
			lperms.append(perm)
		elif perm['video_id']:
			vperms.append(perm)
	if vperms:
		return vperms
	elif lperms:
	 	return lperms
	elif cperms:
		return cperms
	return [{'type': 'public'}]
128
129

@app.template_filter()
130
def checkperm(perms, username=None, password=None):
131
132
	if ismod():
		return True
133
134
135
	perms = evalperm(perms)
	for perm in perms:
		if perm['type'] == 'public':
136
			return True
137
138
		elif perm['type'] == 'password':
			if perm['param1'] == username and perm['param2'] == password:
139
				return True
140
141
		elif perm['type'] == 'l2p':
			if perm['param1'] in session.get('l2p_courses', []):
142
				return True
143
		elif perm['type'] == 'rwth':
144
145
			if session.get('rwthintern', False):
				return True
146
147
148
			if 'X-Real-IP' not in request.headers:
				continue
			ip = ip_address(request.headers['X-Real-IP'])
Julian Rother's avatar
Julian Rother committed
149
			for net in config['RWTH_IP_RANGES']:
150
151
				if ip in ip_network(net):
					return True
152
153
154
	return False

@app.template_filter()
155
156
def permdescr(perms):
	perms = evalperm(perms)
157
158
159
160
	public = False
	password = False
	l2p_courses = []
	rwth_intern = False
161
	fsmpi_intern = False
162
163
	for perm in perms:
		if perm['type'] == 'public':
164
			public = True
165
		elif perm['type'] == 'password':
166
			password = True
167
		elif perm['type'] == 'l2p':
168
			l2p_courses.append(perm['param1'])
169
		elif perm['type'] == 'rwth':
170
			rwth_intern = True
171
172
		elif perm['type'] == 'fsmpi':
			fsmpi_intern = True
173
	if public or not perms:
174
175
176
177
178
		return 'public', 'Öffentlich verfügbar'
	if rwth_intern:
		if password:
			return 'rwth', 'Nur für RWTH-Angehörige und Nutzer mit Passwort verfügbar'
		return 'rwth', 'Nur für RWTH-Angehörige verfügbar'
179
180
	if fsmpi_intern:
		return 'fsmpi', 'Nur für Fachschaftler verfügbar'
181
182
	if l2p_courses:
		if password:
183
184
			return 'l2p', 'Nur für Teilnehmer der Veranstaltung und Nutzer mit Passwort verfügbar'
		return 'l2p', 'Nur für Teilnehmer der Veranstaltung verfügbar'
185
186
187
188
	if password:
		return 'password', 'Nur für Nutzer mit Passwort verfügbar'
	return 'public', 'Öffentlich verfügbar'

189
app.jinja_env.globals['navbar'] = []
190
191
192
193
194
# iconlib can be 'bootstrap'
# ( see: http://getbootstrap.com/components/#glyphicons )
# or 'fa'
# ( see: http://fontawesome.io/icons/ )
def register_navbar(name, iconlib='bootstrap', icon=None):
195
	def wrapper(func):
196
		endpoint = func.__name__
197
		app.jinja_env.globals['navbar'].append((endpoint, name, iconlib, icon, not endpoint in mod_endpoints))
198
199
200
		return func
	return wrapper

Julian Rother's avatar
Cleanup    
Julian Rother committed
201
202
203
204
def render_endpoint(endpoint, flashtext=None, **kargs):
	if flashtext:
		flash(flashtext)
	# request.endpoint is used for navbar highlighting
205
	request.url_rule = Rule(request.path, endpoint=endpoint)
Julian Rother's avatar
Cleanup    
Julian Rother committed
206
207
	return app.view_functions[endpoint](**kargs)

208
209
210
211
212
213
214
def handle_errors(endpoint, text, code, *errors, **epargs):
	def wrapper(func):
		@wraps(func)
		def decorator(*args, **kwargs):
			try:
				return func(*args, **kwargs)
			except errors:
Julian Rother's avatar
Julian Rother committed
215
				if endpoint:
216
					return make_response(render_endpoint(endpoint, text, **epargs), code)
Julian Rother's avatar
Julian Rother committed
217
218
				else:
					return text, code
219
220
221
		return decorator
	return wrapper

Julian Rother's avatar
Cleanup    
Julian Rother committed
222
223
@app.errorhandler(404)
def handle_not_found(e):
224
	return render_endpoint('index', 'Diese Seite existiert nicht!'), 404
Julian Rother's avatar
Cleanup    
Julian Rother committed
225

226
227
228
229
@app.errorhandler(500)
@app.errorhandler(Exception)
def handle_internal_error(e):
	traceback.print_exc()
230
	return render_template('500.html'), 500
231

232
233
234
235
236
237
238
239
240
241
@sched_func(5*60, firstdelay=0)
def dump_error_page():
	if 'ERROR_PAGE' not in config:
		return
	request.url_rule = Rule(request.path, endpoint='handle_internal_error')
	text = render_template('500.html')
	f = open(config['ERROR_PAGE'], 'w')
	f.write(text)
	f.close()

Andreas Valder's avatar
Andreas Valder committed
242
243
# debian ships jinja2 without this test...
@app.template_test(name='equalto')
244
245
246
def equalto(a,b):
	return a == b

Julian Rother's avatar
Julian Rother committed
247
@app.template_filter(name='semester')
248
249
250
251
252
253
254
255
256
257
258
259
260
261
def human_semester(s, long=False):
	if not s or s == 'zeitlos' or len(s) != 6:
		return 'Zeitlos'
	year = s[0:4]
	semester = s[4:6].upper()
	if not year.isdigit() or semester not in ['SS', 'WS']:
		print('Invalid semester string "%s"'%s)
		return '??'
	if not long:
		return semester+year[2:]
	elif semester == 'SS':
		return 'Sommersemester %s'%year
	else:
		return 'Wintersemester %s/%s'%(year, str(int(year)+1)[2:])
Julian Rother's avatar
Julian Rother committed
262
263
264

@app.template_filter(name='date')
def human_date(d):
Andreas Valder's avatar
Andreas Valder committed
265
	return d.strftime('%d.%m.%Y')
Julian Rother's avatar
Julian Rother committed
266

Andreas Valder's avatar
Andreas Valder committed
267
@app.template_filter(name='time')
268
def human_time(d):
Andreas Valder's avatar
Andreas Valder committed
269
270
	return d.strftime('%H:%M')

Julian Rother's avatar
Julian Rother committed
271
272
273
274
@app.template_filter()
def rfc3339(d):
	return d.strftime('%Y-%m-%dT%H:%M:%S+02:00')

275
276
@app.template_global()
def get_announcements(minlevel=0):
277
278
	offset = timedelta()
	if ismod():
279
		offset = timedelta(hours=24)
280
281
282
283
	try:
		return query('SELECT * FROM announcements WHERE NOT deleted AND ((time_expire = NULL) OR time_expire > ?) AND (? OR (visible AND time_publish < ?)) AND level >= ? ORDER BY level DESC', datetime.now()-offset, ismod(), datetime.now(), minlevel)
	except:
		return []
284

285
286
287
288
289
@app.template_filter()
def fixnl(s):
	# To be remove, as soon as db schema is cleaned-up
	return str(s).replace('\n', '<br>')

290
291
292
293
294
295
296
297
298
299
300
@app.template_filter()
def tagid(s):
	if not s:
		return 'EMPTY'
	s = s.replace(' ', '_').lower()
	r = ''
	for c in s:
		if c in string.ascii_lowercase+string.digits+'_':
			r = r + c
	return r

301
@app.route('/')
302
@register_navbar('Home', icon='home')
303
def index():
304
305
306
	# handle legacy urls...
	if 'course' in request.args:
		return redirect(url_for('course', handle=request.args['course']),code=302)
307
308
	if 'view' in request.args:
		if (request.args['view'] == 'player') and ('lectureid' in request.args) :
309
310
311
312
			courses = query('SELECT courses.handle FROM courses JOIN lectures ON courses.id = lectures.course_id WHERE lectures.id = ?', request.args['lectureid'])
			if not courses:
				return "Not found", 404
			return redirect(url_for('lecture', course=courses[0]['handle'], id=request.args['lectureid']),code=302)
313

314
315
	start = date.today() - timedelta(days=1)
	end = start + timedelta(days=7)
316
317
	upcomming = query('''
		SELECT lectures.*, "course" AS sep, courses.*
Andreas Valder's avatar
Andreas Valder committed
318
319
		FROM lectures
		JOIN courses ON (lectures.course_id = courses.id)
320
321
		WHERE (time > ?) AND (time < ?) and lectures.visible and courses.visible and courses.listed
		ORDER BY time ASC LIMIT 30''',start,end)
Andreas Valder's avatar
Andreas Valder committed
322
323
324
	for i in upcomming:
		i['date'] = i['time'].date()
	latestvideos=query('''
325
		SELECT lectures.*, "course" AS sep, courses.*
Andreas Valder's avatar
Andreas Valder committed
326
327
328
329
330
		FROM lectures
		LEFT JOIN videos ON (videos.lecture_id = lectures.id)
		LEFT JOIN courses on (courses.id = lectures.course_id)
		WHERE (? OR (courses.visible AND courses.listed AND lectures.visible AND videos.visible))
		GROUP BY videos.lecture_id
331
		ORDER BY MAX(videos.time_created) DESC
Andreas Valder's avatar
Andreas Valder committed
332
		LIMIT 6	''',ismod())
333
334
335
336
337
338
	livestreams = query('''SELECT streams.handle AS live, lectures.*, "course" AS sep, courses.*
		FROM streams
		JOIN lectures ON lectures.id = streams.lecture_id
		JOIN courses ON courses.id = lectures.course_id
		WHERE streams.active AND (? OR (streams.visible AND courses.visible AND courses.listed AND lectures.visible))
		''', ismod())
Julian Rother's avatar
Julian Rother committed
339
	featured = query('SELECT * FROM featured WHERE (? OR visible) ORDER BY `order`', ismod())
340
	featured = list(filter(lambda x: not x['deleted'], featured))
Julian Rother's avatar
Julian Rother committed
341
342
343
344
	for item in featured:
		if item['type'] == 'courses':
			if item['param'] not in ['title', 'semester', 'organizer', 'subject']:
				continue
345
			item['courses'] = query('SELECT * FROM courses WHERE (visible AND listed) AND `%s` = ? ORDER BY `%s`'%(item['param'], item['param']), item['param2'])
346
	return render_template('index.html', latestvideos=livestreams+latestvideos, upcomming=upcomming, featured=featured)
347

348
@app.route('/courses')
349
@register_navbar('Videos', icon='film')
350
def courses():
351
	courses = query('SELECT * FROM courses WHERE (? OR (visible AND listed)) ORDER BY semester, title', ismod())
352
353
354
	for course in courses:
		if course['semester'] == '':
			course['semester'] = 'zeitlos'
Andreas Valder's avatar
Andreas Valder committed
355
	groupedby = request.args.get('groupedby')
Julian Rother's avatar
Julian Rother committed
356
	if groupedby not in ['title', 'semester', 'organizer', 'subject']:
Andreas Valder's avatar
Andreas Valder committed
357
		groupedby = 'semester'
358
	return render_template('courses.html', courses=courses, groupedby=groupedby)
Andreas Valder's avatar
Andreas Valder committed
359

360
361
362
363
364
365
366
367
def genlive(streams):
	for stream in streams:
		stream['visible'] = True
		stream['downloadable'] = False
		stream['path'] = 'pub/hls/%s.m3u8'%stream['live']
		stream['file_size'] = 0
	return streams

368
369
@app.route('/<handle>')
@app.route('/<int:id>')
370
@handle_errors('courses', 'Diese Veranstaltung existiert nicht!', 404, IndexError)
371
372
def course(id=None, handle=None):
	if id:
373
		course = query('SELECT * FROM courses WHERE id = ? AND (? OR visible)', id, ismod())[0]
374
	else:
375
		course = query('SELECT * FROM courses WHERE handle = ? AND (? OR visible)', handle, ismod())[0]
376
377
	course['perm'] = query('SELECT * FROM perm WHERE (NOT perm.deleted) AND course_id = ? ORDER BY type', course['id'])
	perms = query('SELECT perm.* FROM perm JOIN lectures ON (perm.lecture_id = lectures.id) WHERE (NOT perm.deleted) AND lectures.course_id = ? ORDER BY perm.type', course['id'])
378
	lectures = query('SELECT * FROM lectures WHERE course_id = ? AND (? OR visible) ORDER BY time, duration DESC', course['id'], ismod())
379
	for lecture in lectures:
380
		lecture['perm'] = []
381
		lecture['perm'] += course['perm']
382
		lecture['course'] = course
383
384
385
		for perm in perms:
			if perm['lecture_id'] == lecture['id']:
				lecture['perm'].append(perm)
Andreas Valder's avatar
Andreas Valder committed
386
	videos = query('''
387
			SELECT videos.*, (videos.downloadable AND courses.downloadable) as downloadable, formats.description AS format_description, formats.player_prio, formats.prio
Andreas Valder's avatar
Andreas Valder committed
388
389
390
391
392
393
			FROM videos
			JOIN lectures ON (videos.lecture_id = lectures.id)
			JOIN formats ON (videos.video_format = formats.id)
			JOIN courses ON (lectures.course_id = courses.id)
			WHERE lectures.course_id= ? AND (? OR videos.visible)
			ORDER BY lectures.time, formats.prio DESC
394
			''', course['id'], ismod())
395
396
397
398
399
400
401
	livestreams = query('''SELECT streams.handle AS live, streams.lecture_id, formats.description AS format_description, formats.player_prio, formats.prio
			FROM streams
			JOIN lectures ON lectures.id = streams.lecture_id
			JOIN formats ON formats.keywords = "hls"
			WHERE streams.active AND (? OR streams.visible) AND lectures.course_id = ?
			''', ismod(), course['id'])
	videos += genlive(livestreams)
402
	return render_template('course.html', course=course, lectures=lectures, videos=videos)
Andreas Valder's avatar
Andreas Valder committed
403

Andreas Valder's avatar
Andreas Valder committed
404
@app.route('/faq')
405
@register_navbar('FAQ', icon='question-sign')
Andreas Valder's avatar
Andreas Valder committed
406
def faq():
407
	return render_template('faq.html')
Andreas Valder's avatar
Andreas Valder committed
408

409
410
411
412
@app.route('/<course>/<int:id>')
@app.route('/<int:courseid>/<int:id>')
@app.route('/<course>/<int:id>/embed', endpoint='embed')
@app.route('/<int:courseid>/<int:id>/embed', endpoint='embed')
413
@handle_errors('course', 'Diese Vorlesung existiert nicht!', 404, IndexError)
414
def lecture(id, course=None, courseid=None):
Andreas Valder's avatar
Andreas Valder committed
415
416
	lecture = query('SELECT * FROM lectures WHERE id = ? AND (? OR visible)', id, ismod())[0]
	videos = query('''
417
			SELECT videos.*, (videos.downloadable AND courses.downloadable) as downloadable, formats.description AS format_description, formats.player_prio, formats.prio, formats.mimetype
Andreas Valder's avatar
Andreas Valder committed
418
419
			FROM videos
			JOIN formats ON (videos.video_format = formats.id)
420
421
422
423
			JOIN courses ON (courses.id = ?)
			WHERE videos.lecture_id = ? AND (? OR videos.visible)
			ORDER BY formats.prio DESC
			''', lecture['course_id'], lecture['id'], ismod())
424
425
426
427
428
429
430
	livestreams = query('''SELECT streams.handle AS live, streams.lecture_id, formats.description AS format_description, formats.player_prio, formats.prio, formats.mimetype
			FROM streams
			JOIN lectures ON lectures.id = streams.lecture_id
			JOIN formats ON formats.keywords = "hls"
			WHERE streams.active AND (? OR streams.visible) AND lectures.id = ?
			''', ismod(), id)
	videos += genlive(livestreams)
431
	perms = query('SELECT perm.* FROM perm WHERE ((NOT perm.deleted) AND (perm.lecture_id = ? OR perm.course_id = ?))',
432
			lecture['id'], lecture['course_id'])
433
434
	if not videos:
		flash('Zu dieser Vorlesung wurden noch keine Videos veröffentlicht!')
435
	courses = query('SELECT * FROM courses WHERE id = ? AND (? OR visible)', lecture['course_id'], ismod())
436
437
	if not courses:
		return render_endpoint('courses', 'Diese Veranstaltung existiert nicht!'), 404
438
	chapters = query('SELECT * FROM chapters WHERE lecture_id = ? AND NOT deleted AND (? OR visible) ORDER BY time ASC', id, ismod())
439
440
	if not checkperm(perms):
		mode, text = permdescr(perms)
441
		if mode == 'rwth':
442
			flash(text+'. <a target="_blank" class="reloadonclose" href="'+url_for('start_rwthauth')+'">Hier authorisieren</a>.', category='player')
443
		elif mode == 'l2p':
444
			if 'l2p_courses' in session:
445
				flash(text+'. Du bist kein Teilnehmer des L2P-Kurses! <a target="_blank" class="reloadonclose" href="'+url_for('start_l2pauth')+'">Kurse aktualisieren</a>.', category='player')
446
			else:
447
				flash(text+'. <a target="_blank" class="reloadonclose" href="'+url_for('start_l2pauth')+'">Hier authorisieren</a>.', category='player')
448
		else:
449
			flash(text+'.', category='player')
450
	return render_template('embed.html' if request.endpoint == 'embed' else 'lecture.html', course=courses[0], lecture=lecture, videos=videos, chapters=chapters)
Andreas Valder's avatar
Andreas Valder committed
451

452
453
454
455
456
457
458

@app.route('/search')
def search():
	if 'q' not in request.args:
		return redirect(url_for('index'))
	q = request.args['q']
	courses = searchquery(q, '*', ['title', 'short', 'organizer', 'subject', 'description'],
459
			'courses', 'WHERE (? OR (visible AND listed)) GROUP BY id ORDER BY _score DESC, semester DESC LIMIT 20', ismod())
Julian Rother's avatar
Julian Rother committed
460
461
462
463
464
	#lectures = searchquery(q, 'lectures.*, courses.visible AS coursevisible, courses.listed, "course" AS sep, courses.*',
	#			['lectures.title', 'lectures.comment', 'lectures.speaker', 'courses.short'],
	#			'lectures LEFT JOIN courses on (courses.id = lectures.course_id)',
	#			'WHERE (? OR (coursevisible AND listed AND visible)) GROUP BY id ORDER BY _score DESC, time DESC LIMIT 30', ismod())
	lectures = searchquery(q, 'lectures.*, courses.visible AS coursevisible, courses.listed, courses.id AS courses_id, courses.visible AS courses_visible, courses.listed AS courses_listed, courses.title AS courses_title, courses.short AS courses_short, courses.handle AS courses_handle, courses.organizer AS courses_organizer, courses.subject AS courses_subject, courses.credits AS courses_credits, courses.created_by AS courses_created_by, courses.time_created AS courses_time_created, courses.time_updated AS courses_time_updated, courses.semester AS courses_semester, courses.downloadable AS courses_downloadable, courses.embedinvisible AS courses_embedinvisible, courses.description AS courses_description, courses.internal AS courses_internal, courses.responsible AS courses_responsible',
465
466
			['lectures.title', 'lectures.comment', 'lectures.speaker', 'courses.short'],
			'lectures LEFT JOIN courses on (courses.id = lectures.course_id)',
467
			'WHERE (? OR (coursevisible AND listed AND visible)) GROUP BY id ORDER BY _score DESC, time DESC LIMIT 30', ismod())
Julian Rother's avatar
Julian Rother committed
468
469
470
471
472
	for lecture in lectures:
		lecture['course'] = {}
		for key in lecture:
			if key.startswith('courses_'):
				lecture['course'][key[8:]] = lecture[key]
473
	return render_template('search.html', searchtext=request.args['q'], courses=courses, lectures=lectures)
Andreas Valder's avatar
Andreas Valder committed
474

475
476
477
def check_mod(user, groups):
	return user and 'users' in groups

478
@app.route('/internal/login', methods=['GET', 'POST'])
Julian Rother's avatar
Julian Rother committed
479
def login():
480
481
	if request.method == 'GET':
		return render_template('login.html')
Julian Rother's avatar
Julian Rother committed
482
	user, groups = ldapauth(request.form.get('user'), request.form.get('password'))
483
	if not check_mod(user, groups):
484
		flash('Login fehlgeschlagen!')
485
486
487
488
		return render_template('login.html')
	session['user'] = ldapget(user)
	dbuser = query('SELECT * FROM users WHERE name = ?', user)
	if not dbuser:
Julian Rother's avatar
Julian Rother committed
489
		modify('INSERT INTO users (name, realname, fsacc, level, calendar_key, rfc6238) VALUES (?, ?, ?, 1, "", "")', user, session['user']['givenName'], user)
490
491
		dbuser = query('SELECT * FROM users WHERE name = ?', user)
	session['user']['dbid'] = dbuser[0]['id']
492
	session['_csrf_token'] = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(128))
Julian Rother's avatar
Julian Rother committed
493
	return redirect(request.values.get('ref', url_for('index')))
Julian Rother's avatar
Julian Rother committed
494

495
@app.route('/internal/logout', methods=['GET', 'POST'])
Julian Rother's avatar
Julian Rother committed
496
497
def logout():
	session.pop('user')
Julian Rother's avatar
Julian Rother committed
498
	return redirect(request.values.get('ref', url_for('index')))
Julian Rother's avatar
Julian Rother committed
499

500
# name: (tablename, idcolumn, [editable_fields], [fields_to_set_at_creation_time])
501
502
503
tabs = {
	'courses': ('courses_data', 'id', ['visible', 'listed', 'title', 'short',
			'handle', 'organizer', 'subject', 'semester', 'downloadable',
504
			'internal', 'responsible','deleted','description'],
505
			['created_by', 'time_created', 'time_updated']),
506
	'lectures': ('lectures_data', 'id', ['visible', 'title', 'comment',
507
508
509
510
511
512
513
514
515
			'internal', 'speaker', 'place', 'time', 'duration', 'jumplist','deleted'],
			['course_id', 'time_created', 'time_updated']),
	'videos': ('videos_data', 'id', ['visible','deleted'],
			['created_by', 'time_created', 'time_updated']),
	'chapters': ('chapters', 'id', ['time', 'text', 'visible', 'deleted'],
			['created_by', 'time_created', 'time_updated']),
	'announcements': ('announcements', 'id', ['text', 'level', 'visible',
			'deleted', 'time_publish', 'time_expire'],
			['created_by', 'time_created', 'time_updated']),
Julian Rother's avatar
Julian Rother committed
516
	'featured': ('featured', 'id', ['title', 'text', 'internal', 'visible', 'deleted', 'param', 'param2', 'order'],
517
			['created_by', 'time_created', 'time_updated', 'type']),
518
	'perm': ('perm', 'id', ['type', 'param1', 'param2', 'deleted'],
519
520
521
			['course_id', 'lecture_id', 'video_id', 'created_by', 'time_created', 'time_updated']),
	'sorterrorlog': ('sorterrorlog_data', 'id', ['deleted'],
			['time_created', 'time_updated'])
522
523
}

524
@app.route('/internal/edit', methods=['GET', 'POST'])
525
@mod_required
526
@csrf_protect
527
def edit(prefix='', ignore=[]):
528
	# All editable tables are expected to have a 'time_updated' field
529
	ignore.append('ref')
530
	ignore.append('prefix')
531
	ignore.append('_csrf_token')
532
533
	if not prefix and 'prefix' in request.args:
		prefix = request.args['prefix']
534
	changes = request.values.items()
535
	if (request.method == 'POST') and (request.get_json()):
Julian Rother's avatar
Julian Rother committed
536
537
		changes = request.get_json().items()
	for key, val in changes:
538
539
540
		if key in ignore:
			continue
		key = prefix+key
541
		table, id, column = key.split('.', 2)
Julian Rother's avatar
Julian Rother committed
542
543
		assert table in tabs
		assert column in tabs[table][2]
544
		modify('INSERT INTO changelog (`table`,id_value, id_key, field, value_new, value_old, `when`, who, executed) VALUES (?,?,?,?,?,(SELECT `%s` FROM %s WHERE %s = ?),?,?,1)'%(column, tabs[table][0], tabs[table][1]),
545
				table, id, tabs[table][1], column, val, id, datetime.now(), session['user']['dbid'])
546
		modify('UPDATE %s SET `%s` = ?, time_updated = ? WHERE `%s` = ?'%(tabs[table][0], column, tabs[table][1]), val, datetime.now(), id)
547
548
	if 'ref' in request.values:
		return redirect(request.values['ref'])
549
	return "OK", 200
Julian Rother's avatar
Julian Rother committed
550

551
@app.route('/internal/new/<table>', methods=['GET', 'POST'])
552
@mod_required
553
@csrf_protect
554
555
def create(table):
	assert table in tabs
556
557
558
559
560
561
562
	defaults = {'created_by': session['user']['dbid'], 'time_created': datetime.now(), 'time_updated': datetime.now()}
	columns = []
	values = []
	for column, val in defaults.items():
		if column in tabs[table][3]:
			columns.append(column)
			values.append(val)
Andreas Valder's avatar
Andreas Valder committed
563
	args = request.values.items()
564
	if (request.method == 'POST') and (request.get_json()):
565
566
567
		args = request.get_json().items()
	for column, val in args:
		if (column == 'ref') or (column == '_csrf_token'):
568
			continue
569
570
		assert column in tabs[table][2]+tabs[table][3]
		assert column not in defaults
Julian Rother's avatar
Julian Rother committed
571
		columns.append('`'+column+'`')
572
573
574
		values.append(val)
	id = modify('INSERT INTO %s (%s) VALUES (%s)'%(tabs[table][0],
				','.join(columns), ','.join(['?']*len(values))), *values)
575
576
577
578
	if 'ref' in request.values:
		return redirect(request.values['ref'])
	return str(id), 200

579
@app.route('/internal/auth')
580
581
582
583
def auth(): # For use with nginx auth_request
	if 'X-Original-Uri' not in request.headers:
		return 'Internal Server Error', 500
	url = request.headers['X-Original-Uri'].lstrip(config['VIDEOPREFIX'])
Julian Rother's avatar
Julian Rother committed
584
585
	if request.cookies.get('tracking', '') and request.cookies['tracking'].isdigit():
		cookie = int(request.cookies['tracking'])
586
	else:
Julian Rother's avatar
Julian Rother committed
587
		cookie = random.getrandbits(8*8-1)
588
	if url.endswith('jpg') or ismod():
589
		return "OK", 200
590
591
	if url.startswith('pub/hls/'):
		handle = url[len('pub/hls/'):].split('_')[0].split('.')[0]
592
		perms = query('''SELECT lectures.id AS lecture, perm.*
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
				FROM streams
				JOIN lectures ON (streams.lecture_id = lectures.id)
				JOIN courses ON (lectures.course_id = courses.id)
				LEFT JOIN perm ON ((lectures.id = perm.lecture_id OR courses.id = perm.course_id) AND NOT perm.deleted)
				WHERE streams.handle = ?
				AND (courses.visible AND lectures.visible AND streams.visible)
				ORDER BY perm.video_id DESC, perm.lecture_id DESC, perm.course_id DESC''', handle)
	else:
		perms = query('''SELECT videos.path, videos.id AS vid, perm.*
				FROM videos
				JOIN lectures ON (videos.lecture_id = lectures.id)
				JOIN courses ON (lectures.course_id = courses.id)
				LEFT JOIN perm ON ((videos.id = perm.video_id OR lectures.id = perm.lecture_id OR courses.id = perm.course_id) AND NOT perm.deleted)
				WHERE videos.path = ?
				AND (courses.visible AND lectures.visible AND videos.visible)
				ORDER BY perm.video_id DESC, perm.lecture_id DESC, perm.course_id DESC''',
				url)
610
	if not perms:
611
		return "Not allowed", 403
612
	auth = request.authorization
613
614
615
616
	username = password = None
	if auth:
		username = auth.username
		password = auth.password
617
	if checkperm(perms, username=username, password=password):
618
		try:
619
620
			if not url.startswith('pub/hls/'):
				modify('INSERT INTO log (id, `time`, `date`, video, source) VALUES (?, ?, ?, ?, 1)', cookie, datetime.now(), datetime.combine(date.today(), time()), perms[0]['vid'])
621
622
623
624
			elif url.endswith('.ts'):
				fmt = url.split('_')[-1].split('-')[0]
				seg = url.split('.')[0].split('-')[-1]
				modify('INSERT INTO hlslog (id, `time`, segment, lecture, handle, format) VALUES (?, ?, ?, ?, ?, ?)', cookie, datetime.now(), seg, perms[0]['lecture'], handle, fmt)
625
626
627
		except:
			pass
		r = make_response('OK', 200)
Julian Rother's avatar
Julian Rother committed
628
		r.set_cookie('tracking', str(cookie), max_age=2147483647) # Many many years
629
		return r
630
	password_auth = False
631
632
	for perm in perms:
		if perm['type'] == 'password':
633
634
635
			password_auth = True
			break
	if password_auth:
636
637
		return Response("Login required", 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})
	return "Not allowed", 403
Andreas Valder's avatar
Andreas Valder committed
638

639
@app.route('/internal/changelog')
Andreas Valder's avatar
Andreas Valder committed
640
@register_navbar('Changelog', icon='book')
Andreas Valder's avatar
Andreas Valder committed
641
@mod_required
642
def changelog():
643
644
645
	changelog = query('SELECT * FROM changelog LEFT JOIN users ON (changelog.who = users.id) ORDER BY `when` DESC LIMIT 50')
	for entry in changelog:
		entry['path'] = '.'.join([entry['table'], entry['id_value'], entry['field']])
646
	return render_template('changelog.html', changelog=changelog)
Andreas Valder's avatar
Andreas Valder committed
647

Julian Rother's avatar
Julian Rother committed
648
649
650
651
@app.route('/files/<filename>')
def files(filename):
	return redirect(config['VIDEOPREFIX']+'/'+filename)

652
@app.route('/internal/newchapter/<int:lectureid>', methods=['POST', 'GET'])
653
654
655
656
def suggest_chapter(lectureid):
	time = request.values['time']
	text = request.values['text']
	assert(time and text)
657
658
659
660
661
662
663
	try:
		x = datetime.strptime(time,'%H:%M:%S')
		time= timedelta(hours=x.hour,minutes=x.minute,seconds=x.second).total_seconds()
		time = int(time)
	except ValueError:
		flash('Falsches Zeitformat, "%H:%M:%S" wird erwartet. Z.B. "01:39:42" für eine Kapitel bei Stunde 1, Minute 39, Sekunde 42')
		
664
665
666
	submitter = None
	if not ismod():
		submitter = request.environ['REMOTE_ADDR']
Julian Rother's avatar
Julian Rother committed
667
	id = modify('INSERT INTO chapters (lecture_id, time, text, time_created, time_updated, created_by, submitted_by) VALUES (?, ?, ?, ?, ?, ?, ?)',
668
669
670
671
672
				lectureid, time, text, datetime.now(), datetime.now(), session.get('user', {'dbid':None})['dbid'], submitter)
	if 'ref' in request.values:
		return redirect(request.values['ref'])
	return 'OK',  200

673
@app.route('/internal/chapters/<int:lectureid>')
674
def chapters(lectureid):
675
	chapters = query("SELECT * FROM chapters WHERE lecture_id = ? AND NOT deleted AND (visible OR ?) ORDER BY time DESC", lectureid, ismod())
676
677
	if not chapters:
		return 'No chapters found', 404
678
679
680
681
682
683
684
	last = None
	for c in chapters:
		c['start'] = c['time']
		c['end'] = last['start'] if last else 9999
		last = c
	return Response(render_template('chapters.srt',chapters=chapters), 200, {'Content-Type':'text/vtt'})

Andreas Valder's avatar
Andreas Valder committed
685
@app.route('/sitemap.xml')
Andreas Valder's avatar
Andreas Valder committed
686
687
688
689
690
691
692
693
694
695
def sitemap():
	pages=[]
	# static pages
	for rule in app.url_map.iter_rules():
		if 'GET' in rule.methods and len(rule.arguments)==0:
			if rule.endpoint not in mod_endpoints:
				pages.append([rule.rule])
	for i in query('select * from courses where visible and listed'):
		pages.append([url_for('course',handle=i['handle'])])
		for j in query('select * from lectures where (course_id = ? and visible)',i['id']):
696
			pages.append([url_for('lecture',course=i['handle'],id=j['id'])])
Andreas Valder's avatar
Andreas Valder committed
697
698
699
700


	return Response(render_template('sitemap.xml', pages=pages), 200, {'Content-Type': 'application/atom+xml'} )

701
702
703
704
705

@app.route('/site/')
@app.route('/site/<string:phpfile>')
def legacy(phpfile=None):
	if phpfile=='embed.php' and ('lecture' in request.args):
706
707
708
709
		courses = query('SELECT courses.handle FROM courses JOIN lectures ON courses.id = lectures.course_id WHERE lectures.id = ?', request.args['lecture'])
		if not courses:
			return render_endpoint('index', 'Diese Seite existiert nicht!'), 404
		return redirect(url_for('embed', course=courses[0]['handle'], id=request.args['lecture']),code=302)
710
711
712
713
714
715
716
717
	if phpfile=='embed.php' and ('vid' in request.args):
		lectures = query('SELECT lecture_id FROM videos WHERE id = ?', request.args['vid'])
		if not lectures:
			return render_endpoint('index', 'Dieses Videos existiert nicht!'), 404
		courses = query('SELECT courses.handle FROM courses JOIN lectures ON courses.id = lectures.course_id WHERE lectures.id = ?', lectures[0]['lecture_id'])
		if not courses:
			return render_endpoint('index', 'Diese Seite existiert nicht!'), 404
		return redirect(url_for('embed', course=courses[0]['handle'], id=lectures[0]['lecture_id']),code=302)
718
719
720
721
722
723
724
725
726
727
	if phpfile=='feed.php' and ('all' in request.args):
		return redirect(url_for('feed'),code=302)
	if phpfile=='feed.php' and ('newcourses' in request.args):
		return redirect(url_for('courses_feed'),code=302)
	if phpfile=='feed.php':
		return redirect(url_for('feed', handle=request.args.copy().popitem()[0]),code=302)
	print("Unknown legacy url:",request.url)
	return redirect(url_for('index'),code=302)
	

Julian Rother's avatar
Julian Rother committed
728
import feeds
729
import importer
730
import stats
Andreas Valder's avatar
Andreas Valder committed
731
import sorter
732
733
if 'ICAL_URL' in config:
	import meetings
734
import l2pauth
Andreas Valder's avatar
Andreas Valder committed
735
736
if 'JOBS_API_KEY' in config:
	import jobs
Andreas Valder's avatar
Andreas Valder committed
737
import timetable