server.py 26.7 KB
Newer Older
1
from flask import Flask, g, request, url_for, redirect, session, render_template, flash, Response, make_response
2
from werkzeug.routing import Rule
3
from functools import wraps
Julian Rother's avatar
Julian Rother committed
4
from datetime import date, timedelta, datetime, time, MINYEAR
5
import threading
6
import os
7
import sys
Julian Rother's avatar
Julian Rother committed
8
import hashlib
9
import random
10
import sched
11
import traceback
12
import string
13
from socket import gethostname
14

15
app = Flask(__name__)
16

Andreas Valder's avatar
Andreas Valder committed
17
18
app.jinja_env.trim_blocks = True
app.jinja_env.lstrip_blocks = True
Julian Rother's avatar
Julian Rother committed
19
app.add_template_global(random.randint, name='randint')
20
21
app.add_template_global(datetime, name='datetime')
app.add_template_global(timedelta, name='timedelta')
22
app.add_template_global(gethostname, name='gethostname')
Andreas Valder's avatar
Andreas Valder committed
23

24
25
scheduler = sched.scheduler()
def run_scheduler():
Andreas Valder's avatar
Andreas Valder committed
26
	import time
27
	time.sleep(1) # UWSGI does weird things on startup
28
29
	while True:
		scheduler.run()
30
		time.sleep(10)
31

32
33
34
def sched_func(delay, priority=0, firstdelay=None, args=[], kargs={}):
	if firstdelay == None:
		firstdelay = random.randint(1, 120)
35
36
37
	def wrapper(func):
		def sched_wrapper():
			with app.test_request_context():
38
39
40
41
				try:
					func(*args, **kargs)
				except Exception:
					traceback.print_exc()
42
			scheduler.enter(delay, priority, sched_wrapper)
43
		scheduler.enter(firstdelay, priority, sched_wrapper)
44
45
46
47
		return func
	return wrapper

threading.Thread(target=run_scheduler, daemon=True).start()
48

49
config = app.config
50
config.from_pyfile('config.py.example', silent=True)
51
52
53
if sys.argv[0].endswith('run.py'): 
	config['SQLITE_INIT_DATA'] = True
	config['DEBUG'] = True
54
config.from_pyfile('config.py', silent=True)
Andreas Valder's avatar
Andreas Valder committed
55
56
if config['DEBUG']:
	app.jinja_env.auto_reload = True
57
58
59
60
	# get git commit
	import subprocess
	app.jinja_env.globals['gitversion'] = subprocess.check_output(['git', "log", "-g", "-1", "--pretty=%h # %d # %s"]).decode('UTF-8').split('#')

61
62
if not config.get('SECRET_KEY', None):
	config['SECRET_KEY'] = os.urandom(24)
Julian Rother's avatar
Julian Rother committed
63

Julian Rother's avatar
Julian Rother committed
64
from db import query, modify, searchquery, ldapauth, ldapget
Julian Rother's avatar
Julian Rother committed
65

66
mod_endpoints = []
Julian Rother's avatar
Julian Rother committed
67

Julian Rother's avatar
Cleanup    
Julian Rother committed
68
@app.template_global()
69
70
71
72
def ismod(*args):
	return ('user' in session)

def mod_required(func):
73
	mod_endpoints.append(func.__name__)
74
75
	@wraps(func)
	def decorator(*args, **kwargs):
76
		if not ismod():
77
78
79
80
81
82
			flash('Diese Funktion ist nur für Moderatoren verfügbar!')
			return redirect(url_for('login', ref=request.url))
		else:
			return func(*args, **kwargs)
	return decorator

83
84
csrf_endpoints = []

85
def csrf_protect(func):
86
	csrf_endpoints.append(func.__name__)
87
88
89
90
	@wraps(func)
	def decorator(*args, **kwargs):
		if '_csrf_token' in request.values:
			token = request.values['_csrf_token']
Andreas Valder's avatar
Andreas Valder committed
91
		elif request.get_json() and ('_csrf_token' in request.get_json()):
92
93
			token = request.get_json()['_csrf_token']
		else:
94
			token = None
95
96
97
98
99
100
		if not ('_csrf_token' in session) or (session['_csrf_token'] != token ) or not token: 
			return 'csrf test failed', 403
		else:
			return func(*args, **kwargs)
	return decorator

101
102
@app.url_defaults
def csrf_inject(endpoint, values):
103
	if endpoint not in csrf_endpoints or not session.get('_csrf_token'):
104
105
106
		return
	values['_csrf_token'] = session['_csrf_token']

107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
def evalperm(perms):
	cperms = []
	lperms = []
	vperms = []
	for perm in perms:
		if perm['course_id']:
			cperms.append(perm)
		elif perm['lecture_id']:
			lperms.append(perm)
		elif perm['video_id']:
			vperms.append(perm)
	if vperms:
		return vperms
	elif lperms:
	 	return lperms
	elif cperms:
		return cperms
	return [{'type': 'public'}]
125
126

@app.template_filter()
127
def checkperm(perms, username=None, password=None):
128
129
	if ismod():
		return True
130
131
132
	perms = evalperm(perms)
	for perm in perms:
		if perm['type'] == 'public':
133
			return True
134
135
		elif perm['type'] == 'password':
			if perm['param1'] == username and perm['param2'] == password:
136
				return True
137
138
		elif perm['type'] == 'l2p':
			if perm['param1'] in session.get('l2p_courses', []):
139
				return True
140
		elif perm['type'] == 'rwth':
141
142
143
144
145
			if session.get('rwthintern', False):
				return True
	return False

@app.template_filter()
146
147
def permdescr(perms):
	perms = evalperm(perms)
148
149
150
151
	public = False
	password = False
	l2p_courses = []
	rwth_intern = False
152
	fsmpi_intern = False
153
154
	for perm in perms:
		if perm['type'] == 'public':
155
			public = True
156
		elif perm['type'] == 'password':
157
			password = True
158
		elif perm['type'] == 'l2p':
159
			l2p_courses.append(perm['param1'])
160
		elif perm['type'] == 'rwth':
161
			rwth_intern = True
162
163
		elif perm['type'] == 'fsmpi':
			fsmpi_intern = True
164
	if public or not perms:
165
166
167
168
169
		return 'public', 'Öffentlich verfügbar'
	if rwth_intern:
		if password:
			return 'rwth', 'Nur für RWTH-Angehörige und Nutzer mit Passwort verfügbar'
		return 'rwth', 'Nur für RWTH-Angehörige verfügbar'
170
171
	if fsmpi_intern:
		return 'fsmpi', 'Nur für Fachschaftler verfügbar'
172
173
	if l2p_courses:
		if password:
174
175
			return 'l2p', 'Nur für Teilnehmer der Veranstaltung und Nutzer mit Passwort verfügbar'
		return 'l2p', 'Nur für Teilnehmer der Veranstaltung verfügbar'
176
177
178
179
	if password:
		return 'password', 'Nur für Nutzer mit Passwort verfügbar'
	return 'public', 'Öffentlich verfügbar'

180
app.jinja_env.globals['navbar'] = []
181
182
183
184
185
# iconlib can be 'bootstrap'
# ( see: http://getbootstrap.com/components/#glyphicons )
# or 'fa'
# ( see: http://fontawesome.io/icons/ )
def register_navbar(name, iconlib='bootstrap', icon=None):
186
	def wrapper(func):
187
		endpoint = func.__name__
188
		app.jinja_env.globals['navbar'].append((endpoint, name, iconlib, icon, not endpoint in mod_endpoints))
189
190
191
		return func
	return wrapper

Julian Rother's avatar
Cleanup    
Julian Rother committed
192
193
194
195
def render_endpoint(endpoint, flashtext=None, **kargs):
	if flashtext:
		flash(flashtext)
	# request.endpoint is used for navbar highlighting
196
	request.url_rule = Rule(request.path, endpoint=endpoint)
Julian Rother's avatar
Cleanup    
Julian Rother committed
197
198
	return app.view_functions[endpoint](**kargs)

199
200
201
202
203
204
205
def handle_errors(endpoint, text, code, *errors, **epargs):
	def wrapper(func):
		@wraps(func)
		def decorator(*args, **kwargs):
			try:
				return func(*args, **kwargs)
			except errors:
Julian Rother's avatar
Julian Rother committed
206
				if endpoint:
207
					return make_response(render_endpoint(endpoint, text, **epargs), code)
Julian Rother's avatar
Julian Rother committed
208
209
				else:
					return text, code
210
211
212
		return decorator
	return wrapper

Julian Rother's avatar
Cleanup    
Julian Rother committed
213
214
@app.errorhandler(404)
def handle_not_found(e):
215
	return render_endpoint('index', 'Diese Seite existiert nicht!'), 404
Julian Rother's avatar
Cleanup    
Julian Rother committed
216

217
218
219
220
@app.errorhandler(500)
@app.errorhandler(Exception)
def handle_internal_error(e):
	traceback.print_exc()
221
	return render_template('500.html'), 500
222

223
224
225
226
227
228
229
230
231
232
@sched_func(5*60, firstdelay=0)
def dump_error_page():
	if 'ERROR_PAGE' not in config:
		return
	request.url_rule = Rule(request.path, endpoint='handle_internal_error')
	text = render_template('500.html')
	f = open(config['ERROR_PAGE'], 'w')
	f.write(text)
	f.close()

Andreas Valder's avatar
Andreas Valder committed
233
234
# debian ships jinja2 without this test...
@app.template_test(name='equalto')
235
236
237
def equalto(a,b):
	return a == b

Julian Rother's avatar
Julian Rother committed
238
@app.template_filter(name='semester')
239
240
241
242
243
244
245
246
247
248
249
250
251
252
def human_semester(s, long=False):
	if not s or s == 'zeitlos' or len(s) != 6:
		return 'Zeitlos'
	year = s[0:4]
	semester = s[4:6].upper()
	if not year.isdigit() or semester not in ['SS', 'WS']:
		print('Invalid semester string "%s"'%s)
		return '??'
	if not long:
		return semester+year[2:]
	elif semester == 'SS':
		return 'Sommersemester %s'%year
	else:
		return 'Wintersemester %s/%s'%(year, str(int(year)+1)[2:])
Julian Rother's avatar
Julian Rother committed
253
254
255

@app.template_filter(name='date')
def human_date(d):
Andreas Valder's avatar
Andreas Valder committed
256
	return d.strftime('%d.%m.%Y')
Julian Rother's avatar
Julian Rother committed
257

Andreas Valder's avatar
Andreas Valder committed
258
@app.template_filter(name='time')
259
def human_time(d):
Andreas Valder's avatar
Andreas Valder committed
260
261
	return d.strftime('%H:%M')

Julian Rother's avatar
Julian Rother committed
262
263
264
265
@app.template_filter()
def rfc3339(d):
	return d.strftime('%Y-%m-%dT%H:%M:%S+02:00')

266
267
@app.template_global()
def get_announcements(minlevel=0):
268
269
	offset = timedelta()
	if ismod():
270
		offset = timedelta(hours=24)
271
272
273
274
	try:
		return query('SELECT * FROM announcements WHERE NOT deleted AND ((time_expire = NULL) OR time_expire > ?) AND (? OR (visible AND time_publish < ?)) AND level >= ? ORDER BY level DESC', datetime.now()-offset, ismod(), datetime.now(), minlevel)
	except:
		return []
275

276
277
278
279
280
@app.template_filter()
def fixnl(s):
	# To be remove, as soon as db schema is cleaned-up
	return str(s).replace('\n', '<br>')

281
282
283
284
285
286
287
288
289
290
291
@app.template_filter()
def tagid(s):
	if not s:
		return 'EMPTY'
	s = s.replace(' ', '_').lower()
	r = ''
	for c in s:
		if c in string.ascii_lowercase+string.digits+'_':
			r = r + c
	return r

292
@app.route('/')
293
@register_navbar('Home', icon='home')
294
def index():
295
296
297
	# handle legacy urls...
	if 'course' in request.args:
		return redirect(url_for('course', handle=request.args['course']),code=302)
298
299
300
	if 'view' in request.args:
		if (request.args['view'] == 'player') and ('lectureid' in request.args) :
			return redirect(url_for('lecture', id=request.args['lectureid']),code=302)
301

302
303
	start = date.today() - timedelta(days=1)
	end = start + timedelta(days=7)
304
305
	upcomming = query('''
		SELECT lectures.*, "course" AS sep, courses.*
Andreas Valder's avatar
Andreas Valder committed
306
307
		FROM lectures
		JOIN courses ON (lectures.course_id = courses.id)
308
309
		WHERE (time > ?) AND (time < ?) and lectures.visible and courses.visible and courses.listed
		ORDER BY time ASC LIMIT 30''',start,end)
Andreas Valder's avatar
Andreas Valder committed
310
311
312
	for i in upcomming:
		i['date'] = i['time'].date()
	latestvideos=query('''
313
		SELECT lectures.*, "course" AS sep, courses.*
Andreas Valder's avatar
Andreas Valder committed
314
315
316
317
318
		FROM lectures
		LEFT JOIN videos ON (videos.lecture_id = lectures.id)
		LEFT JOIN courses on (courses.id = lectures.course_id)
		WHERE (? OR (courses.visible AND courses.listed AND lectures.visible AND videos.visible))
		GROUP BY videos.lecture_id
319
		ORDER BY MAX(videos.time_updated) DESC
Andreas Valder's avatar
Andreas Valder committed
320
		LIMIT 6	''',ismod())
321
322
323
324
325
326
	livestreams = query('''SELECT streams.handle AS live, lectures.*, "course" AS sep, courses.*
		FROM streams
		JOIN lectures ON lectures.id = streams.lecture_id
		JOIN courses ON courses.id = lectures.course_id
		WHERE streams.active AND (? OR (streams.visible AND courses.visible AND courses.listed AND lectures.visible))
		''', ismod())
327
	featured = query('SELECT * FROM featured WHERE NOT deleted AND (? OR visible)', ismod())
328
	return render_template('index.html', latestvideos=livestreams+latestvideos, upcomming=upcomming, featured=featured)
329

330
@app.route('/course')
331
@register_navbar('Videos', icon='film')
332
def courses():
333
	courses = query('SELECT * FROM courses WHERE (? OR (visible AND listed)) ORDER BY title', ismod())
334
335
336
	for course in courses:
		if course['semester'] == '':
			course['semester'] = 'zeitlos'
Andreas Valder's avatar
Andreas Valder committed
337
	groupedby = request.args.get('groupedby')
Julian Rother's avatar
Julian Rother committed
338
	if groupedby not in ['title', 'semester', 'organizer', 'subject']:
Andreas Valder's avatar
Andreas Valder committed
339
		groupedby = 'semester'
340
	return render_template('courses.html', courses=courses, groupedby=groupedby)
Andreas Valder's avatar
Andreas Valder committed
341

342
343
344
345
346
347
348
349
def genlive(streams):
	for stream in streams:
		stream['visible'] = True
		stream['downloadable'] = False
		stream['path'] = 'pub/hls/%s.m3u8'%stream['live']
		stream['file_size'] = 0
	return streams

350
351
@app.route('/course/<handle>')
@app.route('/course/<int:id>')
352
@handle_errors('courses', 'Diese Veranstaltung existiert nicht!', 404, IndexError)
353
354
def course(id=None, handle=None):
	if id:
355
		course = query('SELECT * FROM courses WHERE id = ? AND (? OR visible)', id, ismod())[0]
356
	else:
357
		course = query('SELECT * FROM courses WHERE handle = ? AND (? OR visible)', handle, ismod())[0]
358
359
	course['perm'] = query('SELECT * FROM perm WHERE (NOT perm.deleted) AND course_id = ? ORDER BY type', course['id'])
	perms = query('SELECT perm.* FROM perm JOIN lectures ON (perm.lecture_id = lectures.id) WHERE (NOT perm.deleted) AND lectures.course_id = ? ORDER BY perm.type', course['id'])
360
	lectures = query('SELECT * FROM lectures WHERE course_id = ? AND (? OR visible) ORDER BY time, duration DESC', course['id'], ismod())
361
	for lecture in lectures:
362
		lecture['perm'] = []
363
		lecture['perm'] += course['perm']
364
		lecture['course'] = course
365
366
367
		for perm in perms:
			if perm['lecture_id'] == lecture['id']:
				lecture['perm'].append(perm)
Andreas Valder's avatar
Andreas Valder committed
368
	videos = query('''
369
			SELECT videos.*, (videos.downloadable AND courses.downloadable) as downloadable, formats.description AS format_description, formats.player_prio, formats.prio
Andreas Valder's avatar
Andreas Valder committed
370
371
372
373
374
375
			FROM videos
			JOIN lectures ON (videos.lecture_id = lectures.id)
			JOIN formats ON (videos.video_format = formats.id)
			JOIN courses ON (lectures.course_id = courses.id)
			WHERE lectures.course_id= ? AND (? OR videos.visible)
			ORDER BY lectures.time, formats.prio DESC
376
			''', course['id'], ismod())
377
378
379
380
381
382
383
	livestreams = query('''SELECT streams.handle AS live, streams.lecture_id, formats.description AS format_description, formats.player_prio, formats.prio
			FROM streams
			JOIN lectures ON lectures.id = streams.lecture_id
			JOIN formats ON formats.keywords = "hls"
			WHERE streams.active AND (? OR streams.visible) AND lectures.course_id = ?
			''', ismod(), course['id'])
	videos += genlive(livestreams)
384
	return render_template('course.html', course=course, lectures=lectures, videos=videos)
Andreas Valder's avatar
Andreas Valder committed
385

Andreas Valder's avatar
Andreas Valder committed
386
@app.route('/faq')
387
@register_navbar('FAQ', icon='question-sign')
Andreas Valder's avatar
Andreas Valder committed
388
def faq():
389
	return render_template('faq.html')
Andreas Valder's avatar
Andreas Valder committed
390

391
@app.route('/play/<int:id>')
Andreas Valder's avatar
Andreas Valder committed
392
@app.route('/embed/<int:id>', endpoint='embed')
393
@handle_errors('course', 'Diese Vorlesung existiert nicht!', 404, IndexError)
394
def lecture(id):
Andreas Valder's avatar
Andreas Valder committed
395
396
	lecture = query('SELECT * FROM lectures WHERE id = ? AND (? OR visible)', id, ismod())[0]
	videos = query('''
397
			SELECT videos.*, (videos.downloadable AND courses.downloadable) as downloadable, formats.description AS format_description, formats.player_prio, formats.prio, formats.mimetype
Andreas Valder's avatar
Andreas Valder committed
398
399
			FROM videos
			JOIN formats ON (videos.video_format = formats.id)
400
401
402
403
			JOIN courses ON (courses.id = ?)
			WHERE videos.lecture_id = ? AND (? OR videos.visible)
			ORDER BY formats.prio DESC
			''', lecture['course_id'], lecture['id'], ismod())
404
405
406
407
408
409
410
	livestreams = query('''SELECT streams.handle AS live, streams.lecture_id, formats.description AS format_description, formats.player_prio, formats.prio, formats.mimetype
			FROM streams
			JOIN lectures ON lectures.id = streams.lecture_id
			JOIN formats ON formats.keywords = "hls"
			WHERE streams.active AND (? OR streams.visible) AND lectures.id = ?
			''', ismod(), id)
	videos += genlive(livestreams)
411
	perms = query('SELECT perm.* FROM perm WHERE ((NOT perm.deleted) AND (perm.lecture_id = ? OR perm.course_id = ?))',
412
			lecture['id'], lecture['course_id'])
413
414
	if not videos:
		flash('Zu dieser Vorlesung wurden noch keine Videos veröffentlicht!')
415
	courses = query('SELECT * FROM courses WHERE id = ? AND (? OR visible)', lecture['course_id'], ismod())
416
417
	if not courses:
		return render_endpoint('courses', 'Diese Veranstaltung existiert nicht!'), 404
418
	chapters = query('SELECT * FROM chapters WHERE lecture_id = ? AND NOT deleted AND (? OR visible) ORDER BY time ASC', id, ismod())
419
420
	if not checkperm(perms):
		mode, text = permdescr(perms)
421
422
423
424
425
426
		if mode == 'rwth':
			flash(text+'. <a target="_blank" href="'+url_for('start_rwthauth')+'">Hier authorisieren</a>.')
		elif mode == 'l2p':
			flash(text+'. <a target="_blank" href="'+url_for('start_l2pauth')+'">Hier authorisieren</a>.')
		else:
			flash(text+'.')
427
	return render_template('embed.html' if request.endpoint == 'embed' else 'lecture.html', course=courses[0], lecture=lecture, videos=videos, chapters=chapters)
Andreas Valder's avatar
Andreas Valder committed
428

429
430
431
432
433
434
435

@app.route('/search')
def search():
	if 'q' not in request.args:
		return redirect(url_for('index'))
	q = request.args['q']
	courses = searchquery(q, '*', ['title', 'short', 'organizer', 'subject', 'description'],
436
			'courses', 'WHERE (? OR (visible AND listed)) GROUP BY id ORDER BY _score DESC, semester DESC LIMIT 20', ismod())
Julian Rother's avatar
Julian Rother committed
437
438
439
440
441
	#lectures = searchquery(q, 'lectures.*, courses.visible AS coursevisible, courses.listed, "course" AS sep, courses.*',
	#			['lectures.title', 'lectures.comment', 'lectures.speaker', 'courses.short'],
	#			'lectures LEFT JOIN courses on (courses.id = lectures.course_id)',
	#			'WHERE (? OR (coursevisible AND listed AND visible)) GROUP BY id ORDER BY _score DESC, time DESC LIMIT 30', ismod())
	lectures = searchquery(q, 'lectures.*, courses.visible AS coursevisible, courses.listed, courses.id AS courses_id, courses.visible AS courses_visible, courses.listed AS courses_listed, courses.title AS courses_title, courses.short AS courses_short, courses.handle AS courses_handle, courses.organizer AS courses_organizer, courses.subject AS courses_subject, courses.credits AS courses_credits, courses.created_by AS courses_created_by, courses.time_created AS courses_time_created, courses.time_updated AS courses_time_updated, courses.semester AS courses_semester, courses.downloadable AS courses_downloadable, courses.embedinvisible AS courses_embedinvisible, courses.description AS courses_description, courses.internal AS courses_internal, courses.responsible AS courses_responsible',
442
443
			['lectures.title', 'lectures.comment', 'lectures.speaker', 'courses.short'],
			'lectures LEFT JOIN courses on (courses.id = lectures.course_id)',
444
			'WHERE (? OR (coursevisible AND listed AND visible)) GROUP BY id ORDER BY _score DESC, time DESC LIMIT 30', ismod())
Julian Rother's avatar
Julian Rother committed
445
446
447
448
449
	for lecture in lectures:
		lecture['course'] = {}
		for key in lecture:
			if key.startswith('courses_'):
				lecture['course'][key[8:]] = lecture[key]
450
	return render_template('search.html', searchtext=request.args['q'], courses=courses, lectures=lectures)
Andreas Valder's avatar
Andreas Valder committed
451

452
453
454
def check_mod(user, groups):
	return user and 'users' in groups

455
@app.route('/login', methods=['GET', 'POST'])
Julian Rother's avatar
Julian Rother committed
456
def login():
457
458
	if request.method == 'GET':
		return render_template('login.html')
Julian Rother's avatar
Julian Rother committed
459
	user, groups = ldapauth(request.form.get('user'), request.form.get('password'))
460
	if not check_mod(user, groups):
461
		flash('Login fehlgeschlagen!')
462
463
464
465
		return render_template('login.html')
	session['user'] = ldapget(user)
	dbuser = query('SELECT * FROM users WHERE name = ?', user)
	if not dbuser:
Julian Rother's avatar
Julian Rother committed
466
		modify('INSERT INTO users (name, realname, fsacc, level, calendar_key, rfc6238) VALUES (?, ?, ?, 1, "", "")', user, session['user']['givenName'], user)
467
468
		dbuser = query('SELECT * FROM users WHERE name = ?', user)
	session['user']['dbid'] = dbuser[0]['id']
469
	session['_csrf_token'] = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(128))
Julian Rother's avatar
Julian Rother committed
470
	return redirect(request.values.get('ref', url_for('index')))
Julian Rother's avatar
Julian Rother committed
471

Julian Rother's avatar
Julian Rother committed
472
@app.route('/logout', methods=['GET', 'POST'])
Julian Rother's avatar
Julian Rother committed
473
474
def logout():
	session.pop('user')
Julian Rother's avatar
Julian Rother committed
475
	return redirect(request.values.get('ref', url_for('index')))
Julian Rother's avatar
Julian Rother committed
476

477
# name: (tablename, idcolumn, [editable_fields], [fields_to_set_at_creation_time])
478
479
480
tabs = {
	'courses': ('courses_data', 'id', ['visible', 'listed', 'title', 'short',
			'handle', 'organizer', 'subject', 'semester', 'downloadable',
481
			'internal', 'responsible','deleted','description'],
482
			['created_by', 'time_created', 'time_updated']),
483
	'lectures': ('lectures_data', 'id', ['visible', 'title', 'comment',
484
485
486
487
488
489
490
491
492
493
			'internal', 'speaker', 'place', 'time', 'duration', 'jumplist','deleted'],
			['course_id', 'time_created', 'time_updated']),
	'videos': ('videos_data', 'id', ['visible','deleted'],
			['created_by', 'time_created', 'time_updated']),
	'chapters': ('chapters', 'id', ['time', 'text', 'visible', 'deleted'],
			['created_by', 'time_created', 'time_updated']),
	'announcements': ('announcements', 'id', ['text', 'level', 'visible',
			'deleted', 'time_publish', 'time_expire'],
			['created_by', 'time_created', 'time_updated']),
	'featured': ('featured', 'id', ['title', 'text', 'internal', 'visible', 'deleted'],
494
			['created_by', 'time_created', 'time_updated']),
495
	'perm': ('perm', 'id', ['type', 'param1', 'param2', 'deleted'],
496
497
498
			['course_id', 'lecture_id', 'video_id', 'created_by', 'time_created', 'time_updated']),
	'sorterrorlog': ('sorterrorlog_data', 'id', ['deleted'],
			['time_created', 'time_updated'])
499
500
}

501
@app.route('/edit', methods=['GET', 'POST'])
502
@mod_required
503
@csrf_protect
504
def edit(prefix='', ignore=[]):
505
	# All editable tables are expected to have a 'time_updated' field
506
	ignore.append('ref')
507
	ignore.append('prefix')
508
	ignore.append('_csrf_token')
509
510
	if not prefix and 'prefix' in request.args:
		prefix = request.args['prefix']
Julian Rother's avatar
Julian Rother committed
511
	modify('BEGIN')
512
	changes = request.values.items()
513
	if (request.method == 'POST') and (request.get_json()):
Julian Rother's avatar
Julian Rother committed
514
515
		changes = request.get_json().items()
	for key, val in changes:
516
517
518
		if key in ignore:
			continue
		key = prefix+key
519
		table, id, column = key.split('.', 2)
Julian Rother's avatar
Julian Rother committed
520
521
		assert table in tabs
		assert column in tabs[table][2]
522
523
		modify('INSERT INTO changelog (`table`,id_value, id_key, field, value_new, value_old, `when`, who, executed) VALUES (?,?,?,?,?,(SELECT %s FROM %s WHERE %s = ?),?,?,1)'%(column, tabs[table][0], tabs[table][1]),
				table, id, tabs[table][1], column, val, id, datetime.now(), session['user']['dbid'])
Julian Rother's avatar
Julian Rother committed
524
525
		modify('UPDATE %s SET %s = ?, time_updated = ? WHERE %s = ?'%(tabs[table][0], column, tabs[table][1]), val, datetime.now(), id)
	modify('COMMIT')
526
527
	if 'ref' in request.values:
		return redirect(request.values['ref'])
528
	return "OK", 200
Julian Rother's avatar
Julian Rother committed
529

530
@app.route('/new/<table>', methods=['GET', 'POST'])
531
@mod_required
532
@csrf_protect
533
534
def create(table):
	assert table in tabs
535
536
537
538
539
540
541
	defaults = {'created_by': session['user']['dbid'], 'time_created': datetime.now(), 'time_updated': datetime.now()}
	columns = []
	values = []
	for column, val in defaults.items():
		if column in tabs[table][3]:
			columns.append(column)
			values.append(val)
Andreas Valder's avatar
Andreas Valder committed
542
	args = request.values.items()
543
	if (request.method == 'POST') and (request.get_json()):
544
545
546
		args = request.get_json().items()
	for column, val in args:
		if (column == 'ref') or (column == '_csrf_token'):
547
			continue
548
549
		assert column in tabs[table][2]+tabs[table][3]
		assert column not in defaults
550
551
552
553
		columns.append(column)
		values.append(val)
	id = modify('INSERT INTO %s (%s) VALUES (%s)'%(tabs[table][0],
				','.join(columns), ','.join(['?']*len(values))), *values)
554
555
556
557
	if 'ref' in request.values:
		return redirect(request.values['ref'])
	return str(id), 200

558
559
560
561
562
@app.route('/auth')
def auth(): # For use with nginx auth_request
	if 'X-Original-Uri' not in request.headers:
		return 'Internal Server Error', 500
	url = request.headers['X-Original-Uri'].lstrip(config['VIDEOPREFIX'])
563
	ip = request.headers.get('X-Real-IP', '')
Julian Rother's avatar
Julian Rother committed
564
565
	if request.cookies.get('tracking', '') and request.cookies['tracking'].isdigit():
		cookie = int(request.cookies['tracking'])
566
	else:
Julian Rother's avatar
Julian Rother committed
567
		cookie = random.getrandbits(8*8-1)
568
	if url.endswith('jpg') or ismod():
569
		return "OK", 200
570
571
	if url.startswith('pub/hls/'):
		handle = url[len('pub/hls/'):].split('_')[0].split('.')[0]
572
		perms = query('''SELECT lectures.id AS lecture, perm.*
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
				FROM streams
				JOIN lectures ON (streams.lecture_id = lectures.id)
				JOIN courses ON (lectures.course_id = courses.id)
				LEFT JOIN perm ON ((lectures.id = perm.lecture_id OR courses.id = perm.course_id) AND NOT perm.deleted)
				WHERE streams.handle = ?
				AND (courses.visible AND lectures.visible AND streams.visible)
				ORDER BY perm.video_id DESC, perm.lecture_id DESC, perm.course_id DESC''', handle)
	else:
		perms = query('''SELECT videos.path, videos.id AS vid, perm.*
				FROM videos
				JOIN lectures ON (videos.lecture_id = lectures.id)
				JOIN courses ON (lectures.course_id = courses.id)
				LEFT JOIN perm ON ((videos.id = perm.video_id OR lectures.id = perm.lecture_id OR courses.id = perm.course_id) AND NOT perm.deleted)
				WHERE videos.path = ?
				AND (courses.visible AND lectures.visible AND videos.visible)
				ORDER BY perm.video_id DESC, perm.lecture_id DESC, perm.course_id DESC''',
				url)
590
	if not perms:
591
		return "Not allowed", 403
592
	auth = request.authorization
593
594
595
596
	username = password = None
	if auth:
		username = auth.username
		password = auth.password
597
	if checkperm(perms, username=username, password=password):
598
		try:
599
600
			if not url.startswith('pub/hls/'):
				modify('INSERT INTO log (id, `time`, `date`, video, source) VALUES (?, ?, ?, ?, 1)', cookie, datetime.now(), datetime.combine(date.today(), time()), perms[0]['vid'])
601
602
603
604
			elif url.endswith('.ts'):
				fmt = url.split('_')[-1].split('-')[0]
				seg = url.split('.')[0].split('-')[-1]
				modify('INSERT INTO hlslog (id, `time`, segment, lecture, handle, format) VALUES (?, ?, ?, ?, ?, ?)', cookie, datetime.now(), seg, perms[0]['lecture'], handle, fmt)
605
606
607
		except:
			pass
		r = make_response('OK', 200)
Julian Rother's avatar
Julian Rother committed
608
		r.set_cookie('tracking', str(cookie), max_age=2147483647) # Many many years
609
		return r
610
	password_auth = False
611
612
	for perm in perms:
		if perm['type'] == 'password':
613
614
615
			password_auth = True
			break
	if password_auth:
616
617
		return Response("Login required", 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})
	return "Not allowed", 403
Andreas Valder's avatar
Andreas Valder committed
618

Andreas Valder's avatar
Andreas Valder committed
619
@app.route('/changelog')
Andreas Valder's avatar
Andreas Valder committed
620
@register_navbar('Changelog', icon='book')
Andreas Valder's avatar
Andreas Valder committed
621
@mod_required
622
def changelog():
623
624
625
	changelog = query('SELECT * FROM changelog LEFT JOIN users ON (changelog.who = users.id) ORDER BY `when` DESC LIMIT 50')
	for entry in changelog:
		entry['path'] = '.'.join([entry['table'], entry['id_value'], entry['field']])
626
	return render_template('changelog.html', changelog=changelog)
Andreas Valder's avatar
Andreas Valder committed
627

Julian Rother's avatar
Julian Rother committed
628
629
630
631
@app.route('/files/<filename>')
def files(filename):
	return redirect(config['VIDEOPREFIX']+'/'+filename)

632
633
634
635
636
@app.route('/newchapter/<int:lectureid>', methods=['POST', 'GET'])
def suggest_chapter(lectureid):
	time = request.values['time']
	text = request.values['text']
	assert(time and text)
637
638
639
640
641
642
643
	try:
		x = datetime.strptime(time,'%H:%M:%S')
		time= timedelta(hours=x.hour,minutes=x.minute,seconds=x.second).total_seconds()
		time = int(time)
	except ValueError:
		flash('Falsches Zeitformat, "%H:%M:%S" wird erwartet. Z.B. "01:39:42" für eine Kapitel bei Stunde 1, Minute 39, Sekunde 42')
		
644
645
646
	submitter = None
	if not ismod():
		submitter = request.environ['REMOTE_ADDR']
Julian Rother's avatar
Julian Rother committed
647
	id = modify('INSERT INTO chapters (lecture_id, time, text, time_created, time_updated, created_by, submitted_by) VALUES (?, ?, ?, ?, ?, ?, ?)',
648
649
650
651
652
				lectureid, time, text, datetime.now(), datetime.now(), session.get('user', {'dbid':None})['dbid'], submitter)
	if 'ref' in request.values:
		return redirect(request.values['ref'])
	return 'OK',  200

653
654
@app.route('/chapters/<int:lectureid>')
def chapters(lectureid):
655
	chapters = query("SELECT * FROM chapters WHERE lecture_id = ? AND NOT deleted AND (visible OR ?) ORDER BY time DESC", lectureid, ismod())
656
657
	if not chapters:
		return 'No chapters found', 404
658
659
660
661
662
663
664
	last = None
	for c in chapters:
		c['start'] = c['time']
		c['end'] = last['start'] if last else 9999
		last = c
	return Response(render_template('chapters.srt',chapters=chapters), 200, {'Content-Type':'text/vtt'})

Andreas Valder's avatar
Andreas Valder committed
665
@app.route('/sitemap.xml')
Andreas Valder's avatar
Andreas Valder committed
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
def sitemap():
	pages=[]
	# static pages
	for rule in app.url_map.iter_rules():
		if 'GET' in rule.methods and len(rule.arguments)==0:
			if rule.endpoint not in mod_endpoints:
				pages.append([rule.rule])
	for i in query('select * from courses where visible and listed'):
		pages.append([url_for('course',handle=i['handle'])])
		for j in query('select * from lectures where (course_id = ? and visible)',i['id']):
			pages.append([url_for('lecture',id=j['id'])])


	return Response(render_template('sitemap.xml', pages=pages), 200, {'Content-Type': 'application/atom+xml'} )

681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696

@app.route('/site/')
@app.route('/site/<string:phpfile>')
def legacy(phpfile=None):
	if phpfile=='embed.php' and ('lecture' in request.args):
		return redirect(url_for('embed', id=request.args['lecture']),code=302)
	if phpfile=='feed.php' and ('all' in request.args):
		return redirect(url_for('feed'),code=302)
	if phpfile=='feed.php' and ('newcourses' in request.args):
		return redirect(url_for('courses_feed'),code=302)
	if phpfile=='feed.php':
		return redirect(url_for('feed', handle=request.args.copy().popitem()[0]),code=302)
	print("Unknown legacy url:",request.url)
	return redirect(url_for('index'),code=302)
	

Julian Rother's avatar
Julian Rother committed
697
import feeds
698
import importer
699
import stats
Andreas Valder's avatar
Andreas Valder committed
700
import sorter
701
702
if 'ICAL_URL' in config:
	import meetings
703
import l2pauth
Andreas Valder's avatar
Andreas Valder committed
704
705
if 'JOBS_API_KEY' in config:
	import jobs
Andreas Valder's avatar
Andreas Valder committed
706
import timetable