server.py 26.7 KB
Newer Older
1
from flask import Flask, g, request, url_for, redirect, session, render_template, flash, Response, make_response
2
from werkzeug.routing import Rule
3
from functools import wraps
Julian Rother's avatar
Julian Rother committed
4
from datetime import date, timedelta, datetime, time, MINYEAR
5
import threading
6
import os
7
import sys
Julian Rother's avatar
Julian Rother committed
8
import hashlib
9
import random
10
import sched
11
import traceback
12
import string
13
from socket import gethostname
14

15
app = Flask(__name__)
16

Andreas Valder's avatar
Andreas Valder committed
17
18
app.jinja_env.trim_blocks = True
app.jinja_env.lstrip_blocks = True
Julian Rother's avatar
Julian Rother committed
19
app.add_template_global(random.randint, name='randint')
20
21
app.add_template_global(datetime, name='datetime')
app.add_template_global(timedelta, name='timedelta')
22
app.add_template_global(gethostname, name='gethostname')
Andreas Valder's avatar
Andreas Valder committed
23

24
25
scheduler = sched.scheduler()
def run_scheduler():
Andreas Valder's avatar
Andreas Valder committed
26
	import time
27
	time.sleep(1) # UWSGI does weird things on startup
28
29
	while True:
		scheduler.run()
30
		time.sleep(10)
31

32
33
34
def sched_func(delay, priority=0, firstdelay=None, args=[], kargs={}):
	if firstdelay == None:
		firstdelay = random.randint(1, 120)
35
36
37
	def wrapper(func):
		def sched_wrapper():
			with app.test_request_context():
38
39
40
41
				try:
					func(*args, **kargs)
				except Exception:
					traceback.print_exc()
42
			scheduler.enter(delay, priority, sched_wrapper)
43
		scheduler.enter(firstdelay, priority, sched_wrapper)
44
45
46
47
		return func
	return wrapper

threading.Thread(target=run_scheduler, daemon=True).start()
48

49
config = app.config
50
config.from_pyfile('config.py.example', silent=True)
51
52
53
if sys.argv[0].endswith('run.py'): 
	config['SQLITE_INIT_DATA'] = True
	config['DEBUG'] = True
54
config.from_pyfile('config.py', silent=True)
Andreas Valder's avatar
Andreas Valder committed
55
56
if config['DEBUG']:
	app.jinja_env.auto_reload = True
Andreas Valder's avatar
Andreas Valder committed
57
58
59

# get git commit
import subprocess
60
app.jinja_env.globals['gitversion'] = subprocess.check_output(['git', "log", "-g", "-1", "--pretty=%H # %h # %d # %s"]).decode('UTF-8').split('#')
61

62
63
if not config.get('SECRET_KEY', None):
	config['SECRET_KEY'] = os.urandom(24)
Julian Rother's avatar
Julian Rother committed
64

Julian Rother's avatar
Julian Rother committed
65
from db import query, modify, searchquery, ldapauth, ldapget
Julian Rother's avatar
Julian Rother committed
66

67
mod_endpoints = []
Julian Rother's avatar
Julian Rother committed
68

Julian Rother's avatar
Cleanup    
Julian Rother committed
69
@app.template_global()
70
71
72
73
def ismod(*args):
	return ('user' in session)

def mod_required(func):
74
	mod_endpoints.append(func.__name__)
75
76
	@wraps(func)
	def decorator(*args, **kwargs):
77
		if not ismod():
78
79
80
81
82
83
			flash('Diese Funktion ist nur für Moderatoren verfügbar!')
			return redirect(url_for('login', ref=request.url))
		else:
			return func(*args, **kwargs)
	return decorator

84
85
csrf_endpoints = []

86
def csrf_protect(func):
87
	csrf_endpoints.append(func.__name__)
88
89
90
91
	@wraps(func)
	def decorator(*args, **kwargs):
		if '_csrf_token' in request.values:
			token = request.values['_csrf_token']
Andreas Valder's avatar
Andreas Valder committed
92
		elif request.get_json() and ('_csrf_token' in request.get_json()):
93
94
			token = request.get_json()['_csrf_token']
		else:
95
			token = None
96
97
98
99
100
101
		if not ('_csrf_token' in session) or (session['_csrf_token'] != token ) or not token: 
			return 'csrf test failed', 403
		else:
			return func(*args, **kwargs)
	return decorator

102
103
@app.url_defaults
def csrf_inject(endpoint, values):
104
	if endpoint not in csrf_endpoints or not session.get('_csrf_token'):
105
106
107
		return
	values['_csrf_token'] = session['_csrf_token']

108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
def evalperm(perms):
	cperms = []
	lperms = []
	vperms = []
	for perm in perms:
		if perm['course_id']:
			cperms.append(perm)
		elif perm['lecture_id']:
			lperms.append(perm)
		elif perm['video_id']:
			vperms.append(perm)
	if vperms:
		return vperms
	elif lperms:
	 	return lperms
	elif cperms:
		return cperms
	return [{'type': 'public'}]
126
127

@app.template_filter()
128
def checkperm(perms, username=None, password=None):
129
130
	if ismod():
		return True
131
132
133
	perms = evalperm(perms)
	for perm in perms:
		if perm['type'] == 'public':
134
			return True
135
136
		elif perm['type'] == 'password':
			if perm['param1'] == username and perm['param2'] == password:
137
				return True
138
139
		elif perm['type'] == 'l2p':
			if perm['param1'] in session.get('l2p_courses', []):
140
				return True
141
		elif perm['type'] == 'rwth':
142
143
144
145
146
			if session.get('rwthintern', False):
				return True
	return False

@app.template_filter()
147
148
def permdescr(perms):
	perms = evalperm(perms)
149
150
151
152
	public = False
	password = False
	l2p_courses = []
	rwth_intern = False
153
	fsmpi_intern = False
154
155
	for perm in perms:
		if perm['type'] == 'public':
156
			public = True
157
		elif perm['type'] == 'password':
158
			password = True
159
		elif perm['type'] == 'l2p':
160
			l2p_courses.append(perm['param1'])
161
		elif perm['type'] == 'rwth':
162
			rwth_intern = True
163
164
		elif perm['type'] == 'fsmpi':
			fsmpi_intern = True
165
	if public or not perms:
166
167
168
169
170
		return 'public', 'Öffentlich verfügbar'
	if rwth_intern:
		if password:
			return 'rwth', 'Nur für RWTH-Angehörige und Nutzer mit Passwort verfügbar'
		return 'rwth', 'Nur für RWTH-Angehörige verfügbar'
171
172
	if fsmpi_intern:
		return 'fsmpi', 'Nur für Fachschaftler verfügbar'
173
174
	if l2p_courses:
		if password:
175
176
			return 'l2p', 'Nur für Teilnehmer der Veranstaltung und Nutzer mit Passwort verfügbar'
		return 'l2p', 'Nur für Teilnehmer der Veranstaltung verfügbar'
177
178
179
180
	if password:
		return 'password', 'Nur für Nutzer mit Passwort verfügbar'
	return 'public', 'Öffentlich verfügbar'

181
app.jinja_env.globals['navbar'] = []
182
183
184
185
186
# iconlib can be 'bootstrap'
# ( see: http://getbootstrap.com/components/#glyphicons )
# or 'fa'
# ( see: http://fontawesome.io/icons/ )
def register_navbar(name, iconlib='bootstrap', icon=None):
187
	def wrapper(func):
188
		endpoint = func.__name__
189
		app.jinja_env.globals['navbar'].append((endpoint, name, iconlib, icon, not endpoint in mod_endpoints))
190
191
192
		return func
	return wrapper

Julian Rother's avatar
Cleanup    
Julian Rother committed
193
194
195
196
def render_endpoint(endpoint, flashtext=None, **kargs):
	if flashtext:
		flash(flashtext)
	# request.endpoint is used for navbar highlighting
197
	request.url_rule = Rule(request.path, endpoint=endpoint)
Julian Rother's avatar
Cleanup    
Julian Rother committed
198
199
	return app.view_functions[endpoint](**kargs)

200
201
202
203
204
205
206
def handle_errors(endpoint, text, code, *errors, **epargs):
	def wrapper(func):
		@wraps(func)
		def decorator(*args, **kwargs):
			try:
				return func(*args, **kwargs)
			except errors:
Julian Rother's avatar
Julian Rother committed
207
				if endpoint:
208
					return make_response(render_endpoint(endpoint, text, **epargs), code)
Julian Rother's avatar
Julian Rother committed
209
210
				else:
					return text, code
211
212
213
		return decorator
	return wrapper

Julian Rother's avatar
Cleanup    
Julian Rother committed
214
215
@app.errorhandler(404)
def handle_not_found(e):
216
	return render_endpoint('index', 'Diese Seite existiert nicht!'), 404
Julian Rother's avatar
Cleanup    
Julian Rother committed
217

218
219
220
221
@app.errorhandler(500)
@app.errorhandler(Exception)
def handle_internal_error(e):
	traceback.print_exc()
222
	return render_template('500.html'), 500
223

224
225
226
227
228
229
230
231
232
233
@sched_func(5*60, firstdelay=0)
def dump_error_page():
	if 'ERROR_PAGE' not in config:
		return
	request.url_rule = Rule(request.path, endpoint='handle_internal_error')
	text = render_template('500.html')
	f = open(config['ERROR_PAGE'], 'w')
	f.write(text)
	f.close()

Andreas Valder's avatar
Andreas Valder committed
234
235
# debian ships jinja2 without this test...
@app.template_test(name='equalto')
236
237
238
def equalto(a,b):
	return a == b

Julian Rother's avatar
Julian Rother committed
239
@app.template_filter(name='semester')
240
241
242
243
244
245
246
247
248
249
250
251
252
253
def human_semester(s, long=False):
	if not s or s == 'zeitlos' or len(s) != 6:
		return 'Zeitlos'
	year = s[0:4]
	semester = s[4:6].upper()
	if not year.isdigit() or semester not in ['SS', 'WS']:
		print('Invalid semester string "%s"'%s)
		return '??'
	if not long:
		return semester+year[2:]
	elif semester == 'SS':
		return 'Sommersemester %s'%year
	else:
		return 'Wintersemester %s/%s'%(year, str(int(year)+1)[2:])
Julian Rother's avatar
Julian Rother committed
254
255
256

@app.template_filter(name='date')
def human_date(d):
Andreas Valder's avatar
Andreas Valder committed
257
	return d.strftime('%d.%m.%Y')
Julian Rother's avatar
Julian Rother committed
258

Andreas Valder's avatar
Andreas Valder committed
259
@app.template_filter(name='time')
260
def human_time(d):
Andreas Valder's avatar
Andreas Valder committed
261
262
	return d.strftime('%H:%M')

Julian Rother's avatar
Julian Rother committed
263
264
265
266
@app.template_filter()
def rfc3339(d):
	return d.strftime('%Y-%m-%dT%H:%M:%S+02:00')

267
268
@app.template_global()
def get_announcements(minlevel=0):
269
270
	offset = timedelta()
	if ismod():
271
		offset = timedelta(hours=24)
272
273
274
275
	try:
		return query('SELECT * FROM announcements WHERE NOT deleted AND ((time_expire = NULL) OR time_expire > ?) AND (? OR (visible AND time_publish < ?)) AND level >= ? ORDER BY level DESC', datetime.now()-offset, ismod(), datetime.now(), minlevel)
	except:
		return []
276

277
278
279
280
281
@app.template_filter()
def fixnl(s):
	# To be remove, as soon as db schema is cleaned-up
	return str(s).replace('\n', '<br>')

282
283
284
285
286
287
288
289
290
291
292
@app.template_filter()
def tagid(s):
	if not s:
		return 'EMPTY'
	s = s.replace(' ', '_').lower()
	r = ''
	for c in s:
		if c in string.ascii_lowercase+string.digits+'_':
			r = r + c
	return r

293
@app.route('/')
294
@register_navbar('Home', icon='home')
295
def index():
296
297
298
	# handle legacy urls...
	if 'course' in request.args:
		return redirect(url_for('course', handle=request.args['course']),code=302)
299
300
301
	if 'view' in request.args:
		if (request.args['view'] == 'player') and ('lectureid' in request.args) :
			return redirect(url_for('lecture', id=request.args['lectureid']),code=302)
302

303
304
	start = date.today() - timedelta(days=1)
	end = start + timedelta(days=7)
305
306
	upcomming = query('''
		SELECT lectures.*, "course" AS sep, courses.*
Andreas Valder's avatar
Andreas Valder committed
307
308
		FROM lectures
		JOIN courses ON (lectures.course_id = courses.id)
309
310
		WHERE (time > ?) AND (time < ?) and lectures.visible and courses.visible and courses.listed
		ORDER BY time ASC LIMIT 30''',start,end)
Andreas Valder's avatar
Andreas Valder committed
311
312
313
	for i in upcomming:
		i['date'] = i['time'].date()
	latestvideos=query('''
314
		SELECT lectures.*, "course" AS sep, courses.*
Andreas Valder's avatar
Andreas Valder committed
315
316
317
318
319
		FROM lectures
		LEFT JOIN videos ON (videos.lecture_id = lectures.id)
		LEFT JOIN courses on (courses.id = lectures.course_id)
		WHERE (? OR (courses.visible AND courses.listed AND lectures.visible AND videos.visible))
		GROUP BY videos.lecture_id
320
		ORDER BY MAX(videos.time_updated) DESC
Andreas Valder's avatar
Andreas Valder committed
321
		LIMIT 6	''',ismod())
322
323
324
325
326
327
	livestreams = query('''SELECT streams.handle AS live, lectures.*, "course" AS sep, courses.*
		FROM streams
		JOIN lectures ON lectures.id = streams.lecture_id
		JOIN courses ON courses.id = lectures.course_id
		WHERE streams.active AND (? OR (streams.visible AND courses.visible AND courses.listed AND lectures.visible))
		''', ismod())
328
	featured = query('SELECT * FROM featured WHERE NOT deleted AND (? OR visible)', ismod())
329
	return render_template('index.html', latestvideos=livestreams+latestvideos, upcomming=upcomming, featured=featured)
330

331
@app.route('/course')
332
@register_navbar('Videos', icon='film')
333
def courses():
334
	courses = query('SELECT * FROM courses WHERE (? OR (visible AND listed)) ORDER BY title', ismod())
335
336
337
	for course in courses:
		if course['semester'] == '':
			course['semester'] = 'zeitlos'
Andreas Valder's avatar
Andreas Valder committed
338
	groupedby = request.args.get('groupedby')
Julian Rother's avatar
Julian Rother committed
339
	if groupedby not in ['title', 'semester', 'organizer', 'subject']:
Andreas Valder's avatar
Andreas Valder committed
340
		groupedby = 'semester'
341
	return render_template('courses.html', courses=courses, groupedby=groupedby)
Andreas Valder's avatar
Andreas Valder committed
342

343
344
345
346
347
348
349
350
def genlive(streams):
	for stream in streams:
		stream['visible'] = True
		stream['downloadable'] = False
		stream['path'] = 'pub/hls/%s.m3u8'%stream['live']
		stream['file_size'] = 0
	return streams

351
352
@app.route('/course/<handle>')
@app.route('/course/<int:id>')
353
@handle_errors('courses', 'Diese Veranstaltung existiert nicht!', 404, IndexError)
354
355
def course(id=None, handle=None):
	if id:
356
		course = query('SELECT * FROM courses WHERE id = ? AND (? OR visible)', id, ismod())[0]
357
	else:
358
		course = query('SELECT * FROM courses WHERE handle = ? AND (? OR visible)', handle, ismod())[0]
359
360
	course['perm'] = query('SELECT * FROM perm WHERE (NOT perm.deleted) AND course_id = ? ORDER BY type', course['id'])
	perms = query('SELECT perm.* FROM perm JOIN lectures ON (perm.lecture_id = lectures.id) WHERE (NOT perm.deleted) AND lectures.course_id = ? ORDER BY perm.type', course['id'])
361
	lectures = query('SELECT * FROM lectures WHERE course_id = ? AND (? OR visible) ORDER BY time, duration DESC', course['id'], ismod())
362
	for lecture in lectures:
363
		lecture['perm'] = []
364
		lecture['perm'] += course['perm']
365
		lecture['course'] = course
366
367
368
		for perm in perms:
			if perm['lecture_id'] == lecture['id']:
				lecture['perm'].append(perm)
Andreas Valder's avatar
Andreas Valder committed
369
	videos = query('''
370
			SELECT videos.*, (videos.downloadable AND courses.downloadable) as downloadable, formats.description AS format_description, formats.player_prio, formats.prio
Andreas Valder's avatar
Andreas Valder committed
371
372
373
374
375
376
			FROM videos
			JOIN lectures ON (videos.lecture_id = lectures.id)
			JOIN formats ON (videos.video_format = formats.id)
			JOIN courses ON (lectures.course_id = courses.id)
			WHERE lectures.course_id= ? AND (? OR videos.visible)
			ORDER BY lectures.time, formats.prio DESC
377
			''', course['id'], ismod())
378
379
380
381
382
383
384
	livestreams = query('''SELECT streams.handle AS live, streams.lecture_id, formats.description AS format_description, formats.player_prio, formats.prio
			FROM streams
			JOIN lectures ON lectures.id = streams.lecture_id
			JOIN formats ON formats.keywords = "hls"
			WHERE streams.active AND (? OR streams.visible) AND lectures.course_id = ?
			''', ismod(), course['id'])
	videos += genlive(livestreams)
385
	return render_template('course.html', course=course, lectures=lectures, videos=videos)
Andreas Valder's avatar
Andreas Valder committed
386

Andreas Valder's avatar
Andreas Valder committed
387
@app.route('/faq')
388
@register_navbar('FAQ', icon='question-sign')
Andreas Valder's avatar
Andreas Valder committed
389
def faq():
390
	return render_template('faq.html')
Andreas Valder's avatar
Andreas Valder committed
391

392
@app.route('/play/<int:id>')
Andreas Valder's avatar
Andreas Valder committed
393
@app.route('/embed/<int:id>', endpoint='embed')
394
@handle_errors('course', 'Diese Vorlesung existiert nicht!', 404, IndexError)
395
def lecture(id):
Andreas Valder's avatar
Andreas Valder committed
396
397
	lecture = query('SELECT * FROM lectures WHERE id = ? AND (? OR visible)', id, ismod())[0]
	videos = query('''
398
			SELECT videos.*, (videos.downloadable AND courses.downloadable) as downloadable, formats.description AS format_description, formats.player_prio, formats.prio, formats.mimetype
Andreas Valder's avatar
Andreas Valder committed
399
400
			FROM videos
			JOIN formats ON (videos.video_format = formats.id)
401
402
403
404
			JOIN courses ON (courses.id = ?)
			WHERE videos.lecture_id = ? AND (? OR videos.visible)
			ORDER BY formats.prio DESC
			''', lecture['course_id'], lecture['id'], ismod())
405
406
407
408
409
410
411
	livestreams = query('''SELECT streams.handle AS live, streams.lecture_id, formats.description AS format_description, formats.player_prio, formats.prio, formats.mimetype
			FROM streams
			JOIN lectures ON lectures.id = streams.lecture_id
			JOIN formats ON formats.keywords = "hls"
			WHERE streams.active AND (? OR streams.visible) AND lectures.id = ?
			''', ismod(), id)
	videos += genlive(livestreams)
412
	perms = query('SELECT perm.* FROM perm WHERE ((NOT perm.deleted) AND (perm.lecture_id = ? OR perm.course_id = ?))',
413
			lecture['id'], lecture['course_id'])
414
415
	if not videos:
		flash('Zu dieser Vorlesung wurden noch keine Videos veröffentlicht!')
416
	courses = query('SELECT * FROM courses WHERE id = ? AND (? OR visible)', lecture['course_id'], ismod())
417
418
	if not courses:
		return render_endpoint('courses', 'Diese Veranstaltung existiert nicht!'), 404
419
	chapters = query('SELECT * FROM chapters WHERE lecture_id = ? AND NOT deleted AND (? OR visible) ORDER BY time ASC', id, ismod())
420
421
	if not checkperm(perms):
		mode, text = permdescr(perms)
422
423
424
425
426
427
		if mode == 'rwth':
			flash(text+'. <a target="_blank" href="'+url_for('start_rwthauth')+'">Hier authorisieren</a>.')
		elif mode == 'l2p':
			flash(text+'. <a target="_blank" href="'+url_for('start_l2pauth')+'">Hier authorisieren</a>.')
		else:
			flash(text+'.')
428
	return render_template('embed.html' if request.endpoint == 'embed' else 'lecture.html', course=courses[0], lecture=lecture, videos=videos, chapters=chapters)
Andreas Valder's avatar
Andreas Valder committed
429

430
431
432
433
434
435
436

@app.route('/search')
def search():
	if 'q' not in request.args:
		return redirect(url_for('index'))
	q = request.args['q']
	courses = searchquery(q, '*', ['title', 'short', 'organizer', 'subject', 'description'],
437
			'courses', 'WHERE (? OR (visible AND listed)) GROUP BY id ORDER BY _score DESC, semester DESC LIMIT 20', ismod())
Julian Rother's avatar
Julian Rother committed
438
439
440
441
442
	#lectures = searchquery(q, 'lectures.*, courses.visible AS coursevisible, courses.listed, "course" AS sep, courses.*',
	#			['lectures.title', 'lectures.comment', 'lectures.speaker', 'courses.short'],
	#			'lectures LEFT JOIN courses on (courses.id = lectures.course_id)',
	#			'WHERE (? OR (coursevisible AND listed AND visible)) GROUP BY id ORDER BY _score DESC, time DESC LIMIT 30', ismod())
	lectures = searchquery(q, 'lectures.*, courses.visible AS coursevisible, courses.listed, courses.id AS courses_id, courses.visible AS courses_visible, courses.listed AS courses_listed, courses.title AS courses_title, courses.short AS courses_short, courses.handle AS courses_handle, courses.organizer AS courses_organizer, courses.subject AS courses_subject, courses.credits AS courses_credits, courses.created_by AS courses_created_by, courses.time_created AS courses_time_created, courses.time_updated AS courses_time_updated, courses.semester AS courses_semester, courses.downloadable AS courses_downloadable, courses.embedinvisible AS courses_embedinvisible, courses.description AS courses_description, courses.internal AS courses_internal, courses.responsible AS courses_responsible',
443
444
			['lectures.title', 'lectures.comment', 'lectures.speaker', 'courses.short'],
			'lectures LEFT JOIN courses on (courses.id = lectures.course_id)',
445
			'WHERE (? OR (coursevisible AND listed AND visible)) GROUP BY id ORDER BY _score DESC, time DESC LIMIT 30', ismod())
Julian Rother's avatar
Julian Rother committed
446
447
448
449
450
	for lecture in lectures:
		lecture['course'] = {}
		for key in lecture:
			if key.startswith('courses_'):
				lecture['course'][key[8:]] = lecture[key]
451
	return render_template('search.html', searchtext=request.args['q'], courses=courses, lectures=lectures)
Andreas Valder's avatar
Andreas Valder committed
452

453
454
455
def check_mod(user, groups):
	return user and 'users' in groups

456
@app.route('/login', methods=['GET', 'POST'])
Julian Rother's avatar
Julian Rother committed
457
def login():
458
459
	if request.method == 'GET':
		return render_template('login.html')
Julian Rother's avatar
Julian Rother committed
460
	user, groups = ldapauth(request.form.get('user'), request.form.get('password'))
461
	if not check_mod(user, groups):
462
		flash('Login fehlgeschlagen!')
463
464
465
466
		return render_template('login.html')
	session['user'] = ldapget(user)
	dbuser = query('SELECT * FROM users WHERE name = ?', user)
	if not dbuser:
Julian Rother's avatar
Julian Rother committed
467
		modify('INSERT INTO users (name, realname, fsacc, level, calendar_key, rfc6238) VALUES (?, ?, ?, 1, "", "")', user, session['user']['givenName'], user)
468
469
		dbuser = query('SELECT * FROM users WHERE name = ?', user)
	session['user']['dbid'] = dbuser[0]['id']
470
	session['_csrf_token'] = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(128))
Julian Rother's avatar
Julian Rother committed
471
	return redirect(request.values.get('ref', url_for('index')))
Julian Rother's avatar
Julian Rother committed
472

Julian Rother's avatar
Julian Rother committed
473
@app.route('/logout', methods=['GET', 'POST'])
Julian Rother's avatar
Julian Rother committed
474
475
def logout():
	session.pop('user')
Julian Rother's avatar
Julian Rother committed
476
	return redirect(request.values.get('ref', url_for('index')))
Julian Rother's avatar
Julian Rother committed
477

478
# name: (tablename, idcolumn, [editable_fields], [fields_to_set_at_creation_time])
479
480
481
tabs = {
	'courses': ('courses_data', 'id', ['visible', 'listed', 'title', 'short',
			'handle', 'organizer', 'subject', 'semester', 'downloadable',
482
			'internal', 'responsible','deleted','description'],
483
			['created_by', 'time_created', 'time_updated']),
484
	'lectures': ('lectures_data', 'id', ['visible', 'title', 'comment',
485
486
487
488
489
490
491
492
493
494
			'internal', 'speaker', 'place', 'time', 'duration', 'jumplist','deleted'],
			['course_id', 'time_created', 'time_updated']),
	'videos': ('videos_data', 'id', ['visible','deleted'],
			['created_by', 'time_created', 'time_updated']),
	'chapters': ('chapters', 'id', ['time', 'text', 'visible', 'deleted'],
			['created_by', 'time_created', 'time_updated']),
	'announcements': ('announcements', 'id', ['text', 'level', 'visible',
			'deleted', 'time_publish', 'time_expire'],
			['created_by', 'time_created', 'time_updated']),
	'featured': ('featured', 'id', ['title', 'text', 'internal', 'visible', 'deleted'],
495
			['created_by', 'time_created', 'time_updated']),
496
	'perm': ('perm', 'id', ['type', 'param1', 'param2', 'deleted'],
497
498
499
			['course_id', 'lecture_id', 'video_id', 'created_by', 'time_created', 'time_updated']),
	'sorterrorlog': ('sorterrorlog_data', 'id', ['deleted'],
			['time_created', 'time_updated'])
500
501
}

502
@app.route('/edit', methods=['GET', 'POST'])
503
@mod_required
504
@csrf_protect
505
def edit(prefix='', ignore=[]):
506
	# All editable tables are expected to have a 'time_updated' field
507
	ignore.append('ref')
508
	ignore.append('prefix')
509
	ignore.append('_csrf_token')
510
511
	if not prefix and 'prefix' in request.args:
		prefix = request.args['prefix']
Julian Rother's avatar
Julian Rother committed
512
	modify('BEGIN')
513
	changes = request.values.items()
514
	if (request.method == 'POST') and (request.get_json()):
Julian Rother's avatar
Julian Rother committed
515
516
		changes = request.get_json().items()
	for key, val in changes:
517
518
519
		if key in ignore:
			continue
		key = prefix+key
520
		table, id, column = key.split('.', 2)
Julian Rother's avatar
Julian Rother committed
521
522
		assert table in tabs
		assert column in tabs[table][2]
523
524
		modify('INSERT INTO changelog (`table`,id_value, id_key, field, value_new, value_old, `when`, who, executed) VALUES (?,?,?,?,?,(SELECT %s FROM %s WHERE %s = ?),?,?,1)'%(column, tabs[table][0], tabs[table][1]),
				table, id, tabs[table][1], column, val, id, datetime.now(), session['user']['dbid'])
Julian Rother's avatar
Julian Rother committed
525
526
		modify('UPDATE %s SET %s = ?, time_updated = ? WHERE %s = ?'%(tabs[table][0], column, tabs[table][1]), val, datetime.now(), id)
	modify('COMMIT')
527
528
	if 'ref' in request.values:
		return redirect(request.values['ref'])
529
	return "OK", 200
Julian Rother's avatar
Julian Rother committed
530

531
@app.route('/new/<table>', methods=['GET', 'POST'])
532
@mod_required
533
@csrf_protect
534
535
def create(table):
	assert table in tabs
536
537
538
539
540
541
542
	defaults = {'created_by': session['user']['dbid'], 'time_created': datetime.now(), 'time_updated': datetime.now()}
	columns = []
	values = []
	for column, val in defaults.items():
		if column in tabs[table][3]:
			columns.append(column)
			values.append(val)
Andreas Valder's avatar
Andreas Valder committed
543
	args = request.values.items()
544
	if (request.method == 'POST') and (request.get_json()):
545
546
547
		args = request.get_json().items()
	for column, val in args:
		if (column == 'ref') or (column == '_csrf_token'):
548
			continue
549
550
		assert column in tabs[table][2]+tabs[table][3]
		assert column not in defaults
551
552
553
554
		columns.append(column)
		values.append(val)
	id = modify('INSERT INTO %s (%s) VALUES (%s)'%(tabs[table][0],
				','.join(columns), ','.join(['?']*len(values))), *values)
555
556
557
558
	if 'ref' in request.values:
		return redirect(request.values['ref'])
	return str(id), 200

559
560
561
562
563
@app.route('/auth')
def auth(): # For use with nginx auth_request
	if 'X-Original-Uri' not in request.headers:
		return 'Internal Server Error', 500
	url = request.headers['X-Original-Uri'].lstrip(config['VIDEOPREFIX'])
564
	ip = request.headers.get('X-Real-IP', '')
Julian Rother's avatar
Julian Rother committed
565
566
	if request.cookies.get('tracking', '') and request.cookies['tracking'].isdigit():
		cookie = int(request.cookies['tracking'])
567
	else:
Julian Rother's avatar
Julian Rother committed
568
		cookie = random.getrandbits(8*8-1)
569
	if url.endswith('jpg') or ismod():
570
		return "OK", 200
571
572
	if url.startswith('pub/hls/'):
		handle = url[len('pub/hls/'):].split('_')[0].split('.')[0]
573
		perms = query('''SELECT lectures.id AS lecture, perm.*
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
				FROM streams
				JOIN lectures ON (streams.lecture_id = lectures.id)
				JOIN courses ON (lectures.course_id = courses.id)
				LEFT JOIN perm ON ((lectures.id = perm.lecture_id OR courses.id = perm.course_id) AND NOT perm.deleted)
				WHERE streams.handle = ?
				AND (courses.visible AND lectures.visible AND streams.visible)
				ORDER BY perm.video_id DESC, perm.lecture_id DESC, perm.course_id DESC''', handle)
	else:
		perms = query('''SELECT videos.path, videos.id AS vid, perm.*
				FROM videos
				JOIN lectures ON (videos.lecture_id = lectures.id)
				JOIN courses ON (lectures.course_id = courses.id)
				LEFT JOIN perm ON ((videos.id = perm.video_id OR lectures.id = perm.lecture_id OR courses.id = perm.course_id) AND NOT perm.deleted)
				WHERE videos.path = ?
				AND (courses.visible AND lectures.visible AND videos.visible)
				ORDER BY perm.video_id DESC, perm.lecture_id DESC, perm.course_id DESC''',
				url)
591
	if not perms:
592
		return "Not allowed", 403
593
	auth = request.authorization
594
595
596
597
	username = password = None
	if auth:
		username = auth.username
		password = auth.password
598
	if checkperm(perms, username=username, password=password):
599
		try:
600
601
			if not url.startswith('pub/hls/'):
				modify('INSERT INTO log (id, `time`, `date`, video, source) VALUES (?, ?, ?, ?, 1)', cookie, datetime.now(), datetime.combine(date.today(), time()), perms[0]['vid'])
602
603
604
605
			elif url.endswith('.ts'):
				fmt = url.split('_')[-1].split('-')[0]
				seg = url.split('.')[0].split('-')[-1]
				modify('INSERT INTO hlslog (id, `time`, segment, lecture, handle, format) VALUES (?, ?, ?, ?, ?, ?)', cookie, datetime.now(), seg, perms[0]['lecture'], handle, fmt)
606
607
608
		except:
			pass
		r = make_response('OK', 200)
Julian Rother's avatar
Julian Rother committed
609
		r.set_cookie('tracking', str(cookie), max_age=2147483647) # Many many years
610
		return r
611
	password_auth = False
612
613
	for perm in perms:
		if perm['type'] == 'password':
614
615
616
			password_auth = True
			break
	if password_auth:
617
618
		return Response("Login required", 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})
	return "Not allowed", 403
Andreas Valder's avatar
Andreas Valder committed
619

Andreas Valder's avatar
Andreas Valder committed
620
@app.route('/changelog')
Andreas Valder's avatar
Andreas Valder committed
621
@register_navbar('Changelog', icon='book')
Andreas Valder's avatar
Andreas Valder committed
622
@mod_required
623
def changelog():
624
625
626
	changelog = query('SELECT * FROM changelog LEFT JOIN users ON (changelog.who = users.id) ORDER BY `when` DESC LIMIT 50')
	for entry in changelog:
		entry['path'] = '.'.join([entry['table'], entry['id_value'], entry['field']])
627
	return render_template('changelog.html', changelog=changelog)
Andreas Valder's avatar
Andreas Valder committed
628

Julian Rother's avatar
Julian Rother committed
629
630
631
632
@app.route('/files/<filename>')
def files(filename):
	return redirect(config['VIDEOPREFIX']+'/'+filename)

633
634
635
636
637
@app.route('/newchapter/<int:lectureid>', methods=['POST', 'GET'])
def suggest_chapter(lectureid):
	time = request.values['time']
	text = request.values['text']
	assert(time and text)
638
639
640
641
642
643
644
	try:
		x = datetime.strptime(time,'%H:%M:%S')
		time= timedelta(hours=x.hour,minutes=x.minute,seconds=x.second).total_seconds()
		time = int(time)
	except ValueError:
		flash('Falsches Zeitformat, "%H:%M:%S" wird erwartet. Z.B. "01:39:42" für eine Kapitel bei Stunde 1, Minute 39, Sekunde 42')
		
645
646
647
	submitter = None
	if not ismod():
		submitter = request.environ['REMOTE_ADDR']
Julian Rother's avatar
Julian Rother committed
648
	id = modify('INSERT INTO chapters (lecture_id, time, text, time_created, time_updated, created_by, submitted_by) VALUES (?, ?, ?, ?, ?, ?, ?)',
649
650
651
652
653
				lectureid, time, text, datetime.now(), datetime.now(), session.get('user', {'dbid':None})['dbid'], submitter)
	if 'ref' in request.values:
		return redirect(request.values['ref'])
	return 'OK',  200

654
655
@app.route('/chapters/<int:lectureid>')
def chapters(lectureid):
656
	chapters = query("SELECT * FROM chapters WHERE lecture_id = ? AND NOT deleted AND (visible OR ?) ORDER BY time DESC", lectureid, ismod())
657
658
	if not chapters:
		return 'No chapters found', 404
659
660
661
662
663
664
665
	last = None
	for c in chapters:
		c['start'] = c['time']
		c['end'] = last['start'] if last else 9999
		last = c
	return Response(render_template('chapters.srt',chapters=chapters), 200, {'Content-Type':'text/vtt'})

Andreas Valder's avatar
Andreas Valder committed
666
@app.route('/sitemap.xml')
Andreas Valder's avatar
Andreas Valder committed
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
def sitemap():
	pages=[]
	# static pages
	for rule in app.url_map.iter_rules():
		if 'GET' in rule.methods and len(rule.arguments)==0:
			if rule.endpoint not in mod_endpoints:
				pages.append([rule.rule])
	for i in query('select * from courses where visible and listed'):
		pages.append([url_for('course',handle=i['handle'])])
		for j in query('select * from lectures where (course_id = ? and visible)',i['id']):
			pages.append([url_for('lecture',id=j['id'])])


	return Response(render_template('sitemap.xml', pages=pages), 200, {'Content-Type': 'application/atom+xml'} )

682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697

@app.route('/site/')
@app.route('/site/<string:phpfile>')
def legacy(phpfile=None):
	if phpfile=='embed.php' and ('lecture' in request.args):
		return redirect(url_for('embed', id=request.args['lecture']),code=302)
	if phpfile=='feed.php' and ('all' in request.args):
		return redirect(url_for('feed'),code=302)
	if phpfile=='feed.php' and ('newcourses' in request.args):
		return redirect(url_for('courses_feed'),code=302)
	if phpfile=='feed.php':
		return redirect(url_for('feed', handle=request.args.copy().popitem()[0]),code=302)
	print("Unknown legacy url:",request.url)
	return redirect(url_for('index'),code=302)
	

Julian Rother's avatar
Julian Rother committed
698
import feeds
699
import importer
700
import stats
Andreas Valder's avatar
Andreas Valder committed
701
import sorter
702
703
if 'ICAL_URL' in config:
	import meetings
704
import l2pauth
Andreas Valder's avatar
Andreas Valder committed
705
706
if 'JOBS_API_KEY' in config:
	import jobs
Andreas Valder's avatar
Andreas Valder committed
707
import timetable