server.py 21.1 KB
Newer Older
1
from flask import Flask, g, request, url_for, redirect, session, render_template, flash, Response, make_response
2
from werkzeug.routing import Rule
3
from functools import wraps
Julian Rother's avatar
Julian Rother committed
4
from datetime import date, timedelta, datetime, time, MINYEAR
5
import threading
6
import os
7
import sys
Julian Rother's avatar
Julian Rother committed
8
import hashlib
9
import random
10
import sched
11

12
app = Flask(__name__)
13

Andreas Valder's avatar
Andreas Valder committed
14
15
app.jinja_env.trim_blocks = True
app.jinja_env.lstrip_blocks = True
Julian Rother's avatar
Julian Rother committed
16
app.add_template_global(random.randint, name='randint')
17
18
app.add_template_global(datetime, name='datetime')
app.add_template_global(timedelta, name='timedelta')
Andreas Valder's avatar
Andreas Valder committed
19

20
21
scheduler = sched.scheduler()
def run_scheduler():
Andreas Valder's avatar
Andreas Valder committed
22
	import time
23
	time.sleep(1) # UWSGI does weird things on startup
24
25
	while True:
		scheduler.run()
26
		time.sleep(10)
27

28
29
30
def sched_func(delay, priority=0, firstdelay=None, args=[], kargs={}):
	if firstdelay == None:
		firstdelay = random.randint(1, 120)
31
32
33
	def wrapper(func):
		def sched_wrapper():
			with app.test_request_context():
34
				func(*args, **kargs)
35
			scheduler.enter(delay, priority, sched_wrapper)
36
		scheduler.enter(firstdelay, priority, sched_wrapper)
37
38
39
40
		return func
	return wrapper

threading.Thread(target=run_scheduler, daemon=True).start()
41

42
config = app.config
43
config.from_pyfile('config.py.example', silent=True)
44
45
46
if sys.argv[0].endswith('run.py'): 
	config['SQLITE_INIT_DATA'] = True
	config['DEBUG'] = True
47
config.from_pyfile('config.py', silent=True)
Andreas Valder's avatar
Andreas Valder committed
48
49
if config['DEBUG']:
	app.jinja_env.auto_reload = True
50
51
if not config.get('SECRET_KEY', None):
	config['SECRET_KEY'] = os.urandom(24)
Julian Rother's avatar
Julian Rother committed
52

Julian Rother's avatar
Julian Rother committed
53
from db import query, modify, searchquery, ldapauth, ldapget
Julian Rother's avatar
Julian Rother committed
54

55
mod_endpoints = []
Julian Rother's avatar
Julian Rother committed
56

Julian Rother's avatar
Cleanup    
Julian Rother committed
57
@app.template_global()
58
59
60
61
def ismod(*args):
	return ('user' in session)

def mod_required(func):
62
	mod_endpoints.append(func.__name__)
63
64
	@wraps(func)
	def decorator(*args, **kwargs):
65
		if not ismod():
66
67
68
69
70
71
			flash('Diese Funktion ist nur für Moderatoren verfügbar!')
			return redirect(url_for('login', ref=request.url))
		else:
			return func(*args, **kwargs)
	return decorator

72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
def evalauth(auths):
	cauths = []
	lauths = []
	vauths = []
	for auth in auths:
		if auth['course_id']:
			cauths.append(auth)
		elif auth['lecture_id']:
			lauths.append(auth)
		elif auth['video_id']:
			vauths.append(auth)
	if vauths:
		return vauths
	elif lauths:
	 	return lauths
	elif cauths:
		return cauths
	return [{'auth_type': 'public'}]

@app.template_filter()
def checkauth(auths, username=None, password=None):
	auths = evalauth(auths)
	for auth in auths:
		if auth['auth_type'] == 'public':
			return True
		elif auth['auth_type'] == 'password':
			if auth['auth_user'] == username and auth['auth_password'] == password:
				return True
		elif auth['auth_type'] == 'l2p':
			if auth['auth_param'] in session.get('l2p_courses', []):
				return True
		elif auth['auth_type'] == 'rwth':
			if session.get('rwthintern', False):
				return True
	return False

@app.template_filter()
def authdescr(auths):
	auths = evalauth(auths)
	public = False
	password = False
	l2p_courses = []
	rwth_intern = False
	for auth in auths:
		if auth['auth_type'] == 'public':
			public = True
		elif auth['auth_type'] == 'password':
			password = True
		elif auth['auth_type'] == 'l2p':
			l2p_courses.append(auth['auth_param'])
		elif auth['auth_type'] == 'rwth':
			rwth_intern = True
	if public or not auths:
		return 'public', 'Öffentlich verfügbar'
	if rwth_intern:
		if password:
			return 'rwth', 'Nur für RWTH-Angehörige und Nutzer mit Passwort verfügbar'
		return 'rwth', 'Nur für RWTH-Angehörige verfügbar'
	if l2p_courses:
		if password:
132
133
			return 'l2p', 'Nur für Teilnehmer der Veranstaltung und Nutzer mit Passwort verfügbar'
		return 'l2p', 'Nur für Teilnehmer der Veranstaltung verfügbar'
134
135
136
137
	if password:
		return 'password', 'Nur für Nutzer mit Passwort verfügbar'
	return 'public', 'Öffentlich verfügbar'

138
app.jinja_env.globals['navbar'] = []
139
140
141
142
143
# iconlib can be 'bootstrap'
# ( see: http://getbootstrap.com/components/#glyphicons )
# or 'fa'
# ( see: http://fontawesome.io/icons/ )
def register_navbar(name, iconlib='bootstrap', icon=None):
144
	def wrapper(func):
145
		endpoint = func.__name__
146
		app.jinja_env.globals['navbar'].append((endpoint, name, iconlib, icon, not endpoint in mod_endpoints))
147
148
149
		return func
	return wrapper

Julian Rother's avatar
Cleanup    
Julian Rother committed
150
151
152
153
def render_endpoint(endpoint, flashtext=None, **kargs):
	if flashtext:
		flash(flashtext)
	# request.endpoint is used for navbar highlighting
154
	request.url_rule = Rule(request.path, endpoint=endpoint)
Julian Rother's avatar
Cleanup    
Julian Rother committed
155
156
	return app.view_functions[endpoint](**kargs)

157
158
159
160
161
162
163
def handle_errors(endpoint, text, code, *errors, **epargs):
	def wrapper(func):
		@wraps(func)
		def decorator(*args, **kwargs):
			try:
				return func(*args, **kwargs)
			except errors:
Julian Rother's avatar
Julian Rother committed
164
				if endpoint:
165
					return make_response(render_endpoint(endpoint, text, **epargs), code)
Julian Rother's avatar
Julian Rother committed
166
167
				else:
					return text, code
168
169
170
		return decorator
	return wrapper

Julian Rother's avatar
Cleanup    
Julian Rother committed
171
172
@app.errorhandler(404)
def handle_not_found(e):
173
	return render_endpoint('index', 'Diese Seite existiert nicht!'), 404
Julian Rother's avatar
Cleanup    
Julian Rother committed
174

Andreas Valder's avatar
Andreas Valder committed
175
176
# debian ships jinja2 without this test...
@app.template_test(name='equalto')
177
178
179
def equalto(a,b):
	return a == b

Julian Rother's avatar
Julian Rother committed
180
@app.template_filter(name='semester')
181
182
183
184
185
186
187
188
189
190
191
192
193
194
def human_semester(s, long=False):
	if not s or s == 'zeitlos' or len(s) != 6:
		return 'Zeitlos'
	year = s[0:4]
	semester = s[4:6].upper()
	if not year.isdigit() or semester not in ['SS', 'WS']:
		print('Invalid semester string "%s"'%s)
		return '??'
	if not long:
		return semester+year[2:]
	elif semester == 'SS':
		return 'Sommersemester %s'%year
	else:
		return 'Wintersemester %s/%s'%(year, str(int(year)+1)[2:])
Julian Rother's avatar
Julian Rother committed
195
196
197

@app.template_filter(name='date')
def human_date(d):
Andreas Valder's avatar
Andreas Valder committed
198
	return d.strftime('%d.%m.%Y')
Julian Rother's avatar
Julian Rother committed
199

Andreas Valder's avatar
Andreas Valder committed
200
@app.template_filter(name='time')
201
def human_time(d):
Andreas Valder's avatar
Andreas Valder committed
202
203
	return d.strftime('%H:%M')

Julian Rother's avatar
Julian Rother committed
204
205
206
207
@app.template_filter()
def rfc3339(d):
	return d.strftime('%Y-%m-%dT%H:%M:%S+02:00')

208
209
@app.template_global()
def get_announcements(minlevel=0):
210
211
	offset = timedelta()
	if ismod():
212
		offset = timedelta(hours=24)
213
	return query('SELECT * FROM announcements WHERE NOT deleted AND ((time_expire = NULL) OR time_expire > ?) AND (? OR (visible AND time_publish < ?)) AND level >= ? ORDER BY level DESC', datetime.now()-offset, ismod(), datetime.now(), minlevel)
214

215
216
217
218
219
@app.template_filter()
def fixnl(s):
	# To be remove, as soon as db schema is cleaned-up
	return str(s).replace('\n', '<br>')

220
@app.route('/')
221
@register_navbar('Home', icon='home')
222
def index():
223
224
	start = date.today() - timedelta(days=1)
	end = start + timedelta(days=7)
225
226
	upcomming = query('''
		SELECT lectures.*, "course" AS sep, courses.*
Andreas Valder's avatar
Andreas Valder committed
227
228
		FROM lectures
		JOIN courses ON (lectures.course_id = courses.id)
229
230
		WHERE (time > ?) AND (time < ?) and lectures.visible and courses.visible and courses.listed
		ORDER BY time ASC LIMIT 30''',start,end)
Andreas Valder's avatar
Andreas Valder committed
231
232
233
	for i in upcomming:
		i['date'] = i['time'].date()
	latestvideos=query('''
234
		SELECT lectures.*, "course" AS sep, courses.*
Andreas Valder's avatar
Andreas Valder committed
235
236
237
238
239
		FROM lectures
		LEFT JOIN videos ON (videos.lecture_id = lectures.id)
		LEFT JOIN courses on (courses.id = lectures.course_id)
		WHERE (? OR (courses.visible AND courses.listed AND lectures.visible AND videos.visible))
		GROUP BY videos.lecture_id
240
		ORDER BY MAX(videos.time_updated) DESC
Andreas Valder's avatar
Andreas Valder committed
241
		LIMIT 6	''',ismod())
242
243
	featured = query('SELECT * FROM featured WHERE NOT deleted AND (? OR visible)', ismod())
	return render_template('index.html', latestvideos=latestvideos, upcomming=upcomming, featured=featured)
244

245
@app.route('/course')
246
@register_navbar('Videos', icon='film')
247
def courses():
248
	courses = query('SELECT * FROM courses WHERE (? OR (visible AND listed)) ORDER BY title', ismod())
249
250
251
	for course in courses:
		if course['semester'] == '':
			course['semester'] = 'zeitlos'
Andreas Valder's avatar
Andreas Valder committed
252
	groupedby = request.args.get('groupedby')
Julian Rother's avatar
Cleanup    
Julian Rother committed
253
	if groupedby not in ['title', 'semester', 'organizer']:
Andreas Valder's avatar
Andreas Valder committed
254
		groupedby = 'semester'
255
	return render_template('courses.html', courses=courses, groupedby=groupedby)
Andreas Valder's avatar
Andreas Valder committed
256

257
258
@app.route('/course/<handle>')
@app.route('/course/<int:id>')
259
@handle_errors('courses', 'Diese Veranstaltung existiert nicht!', 404, IndexError)
260
261
def course(id=None, handle=None):
	if id:
262
		course = query('SELECT * FROM courses WHERE id = ? AND (? OR visible)', id, ismod())[0]
263
	else:
264
		course = query('SELECT * FROM courses WHERE handle = ? AND (? OR visible)', handle, ismod())[0]
265
266
267
	course['auth'] = query('SELECT * FROM auth WHERE course_id = ? ORDER BY auth_type', course['id'])
	auths = query('SELECT auth.* FROM auth JOIN lectures ON (auth.lecture_id = lectures.id) WHERE lectures.course_id = ? ORDER BY auth.auth_type', course['id'])
	lectures = query('SELECT * FROM lectures WHERE course_id = ? AND (? OR visible) ORDER BY time, duration DESC', course['id'], ismod())
268
269
	for lecture in lectures:
		lecture['auth'] = []
270
		lecture['course'] = course
271
272
273
		for auth in auths:
			if auth['lecture_id'] == lecture['id']:
				lecture['auth'].append(auth)
Andreas Valder's avatar
Andreas Valder committed
274
	videos = query('''
275
			SELECT videos.*, (videos.downloadable AND courses.downloadable) as downloadable, formats.description AS format_description, formats.player_prio, formats.prio
Andreas Valder's avatar
Andreas Valder committed
276
277
278
279
280
281
			FROM videos
			JOIN lectures ON (videos.lecture_id = lectures.id)
			JOIN formats ON (videos.video_format = formats.id)
			JOIN courses ON (lectures.course_id = courses.id)
			WHERE lectures.course_id= ? AND (? OR videos.visible)
			ORDER BY lectures.time, formats.prio DESC
282
283
			''', course['id'], ismod())
	return render_template('course.html', course=course, lectures=lectures, videos=videos)
Andreas Valder's avatar
Andreas Valder committed
284

Andreas Valder's avatar
Andreas Valder committed
285
@app.route('/faq')
286
@register_navbar('FAQ', icon='question-sign')
Andreas Valder's avatar
Andreas Valder committed
287
def faq():
288
	return render_template('faq.html')
Andreas Valder's avatar
Andreas Valder committed
289

290
@app.route('/play/<int:id>')
Andreas Valder's avatar
Andreas Valder committed
291
@app.route('/embed/<int:id>', endpoint='embed')
292
@handle_errors('course', 'Diese Vorlesung existiert nicht!', 404, IndexError)
293
def lecture(id):
Andreas Valder's avatar
Andreas Valder committed
294
295
296
297
298
	lecture = query('SELECT * FROM lectures WHERE id = ? AND (? OR visible)', id, ismod())[0]
	videos = query('''
			SELECT videos.*, (videos.downloadable AND courses.downloadable) as downloadable, formats.description AS format_description, formats.player_prio, formats.prio
			FROM videos
			JOIN formats ON (videos.video_format = formats.id)
299
300
301
302
			JOIN courses ON (courses.id = ?)
			WHERE videos.lecture_id = ? AND (? OR videos.visible)
			ORDER BY formats.prio DESC
			''', lecture['course_id'], lecture['id'], ismod())
303
304
	auths = query('SELECT auth.* FROM auth WHERE (auth.lecture_id = ? OR auth.course_id = ?)',
			lecture['id'], lecture['course_id'])
305
306
	if not videos:
		flash('Zu dieser Vorlesung wurden noch keine Videos veröffentlicht!')
307
	courses = query('SELECT * FROM courses WHERE id = ? AND (? OR visible)', lecture['course_id'], ismod())
308
309
	if not courses:
		return render_endpoint('courses', 'Diese Veranstaltung existiert nicht!'), 404
310
	chapters = query('SELECT * FROM chapters WHERE lecture_id = ? AND NOT deleted AND (? OR visible) ORDER BY time ASC', id, ismod())
311
312
313
314
315
316
317
318
	if not checkauth(auths):
		mode, text = authdescr(auths)
		if mode == 'rwth':
			flash(text+'. <a target="_blank" href="'+url_for('start_rwthauth')+'">Hier authorisieren</a>.')
		elif mode == 'l2p':
			flash(text+'. <a target="_blank" href="'+url_for('start_l2pauth')+'">Hier authorisieren</a>.')
		else:
			flash(text+'.')
319
	return render_template('embed.html' if request.endpoint == 'embed' else 'lecture.html', course=courses[0], lecture=lecture, videos=videos, chapters=chapters)
Andreas Valder's avatar
Andreas Valder committed
320

321
322
323
324
325
326
327

@app.route('/search')
def search():
	if 'q' not in request.args:
		return redirect(url_for('index'))
	q = request.args['q']
	courses = searchquery(q, '*', ['title', 'short', 'organizer', 'subject', 'description'],
328
			'courses', 'WHERE (? OR (visible AND listed)) GROUP BY id ORDER BY _score DESC, semester DESC LIMIT 20', ismod())
Julian Rother's avatar
Julian Rother committed
329
330
331
332
333
	#lectures = searchquery(q, 'lectures.*, courses.visible AS coursevisible, courses.listed, "course" AS sep, courses.*',
	#			['lectures.title', 'lectures.comment', 'lectures.speaker', 'courses.short'],
	#			'lectures LEFT JOIN courses on (courses.id = lectures.course_id)',
	#			'WHERE (? OR (coursevisible AND listed AND visible)) GROUP BY id ORDER BY _score DESC, time DESC LIMIT 30', ismod())
	lectures = searchquery(q, 'lectures.*, courses.visible AS coursevisible, courses.listed, courses.id AS courses_id, courses.visible AS courses_visible, courses.listed AS courses_listed, courses.title AS courses_title, courses.short AS courses_short, courses.handle AS courses_handle, courses.organizer AS courses_organizer, courses.subject AS courses_subject, courses.credits AS courses_credits, courses.created_by AS courses_created_by, courses.time_created AS courses_time_created, courses.time_updated AS courses_time_updated, courses.semester AS courses_semester, courses.downloadable AS courses_downloadable, courses.embedinvisible AS courses_embedinvisible, courses.description AS courses_description, courses.internal AS courses_internal, courses.responsible AS courses_responsible',
334
335
			['lectures.title', 'lectures.comment', 'lectures.speaker', 'courses.short'],
			'lectures LEFT JOIN courses on (courses.id = lectures.course_id)',
336
			'WHERE (? OR (coursevisible AND listed AND visible)) GROUP BY id ORDER BY _score DESC, time DESC LIMIT 30', ismod())
Julian Rother's avatar
Julian Rother committed
337
338
339
340
341
	for lecture in lectures:
		lecture['course'] = {}
		for key in lecture:
			if key.startswith('courses_'):
				lecture['course'][key[8:]] = lecture[key]
342
	return render_template('search.html', searchtext=request.args['q'], courses=courses, lectures=lectures)
Andreas Valder's avatar
Andreas Valder committed
343

344
345
346
def check_mod(user, groups):
	return user and 'users' in groups

347
@app.route('/login', methods=['GET', 'POST'])
Julian Rother's avatar
Julian Rother committed
348
def login():
349
350
	if request.method == 'GET':
		return render_template('login.html')
Julian Rother's avatar
Julian Rother committed
351
	user, groups = ldapauth(request.form.get('user'), request.form.get('password'))
352
	if not check_mod(user, groups):
353
		flash('Login fehlgeschlagen!')
354
355
356
357
		return render_template('login.html')
	session['user'] = ldapget(user)
	dbuser = query('SELECT * FROM users WHERE name = ?', user)
	if not dbuser:
Julian Rother's avatar
Julian Rother committed
358
		modify('INSERT INTO users (name, realname, fsacc, level, calendar_key, rfc6238) VALUES (?, ?, ?, 1, "", "")', user, session['user']['givenName'], user)
359
360
		dbuser = query('SELECT * FROM users WHERE name = ?', user)
	session['user']['dbid'] = dbuser[0]['id']
Julian Rother's avatar
Julian Rother committed
361
	return redirect(request.values.get('ref', url_for('index')))
Julian Rother's avatar
Julian Rother committed
362

Julian Rother's avatar
Julian Rother committed
363
@app.route('/logout', methods=['GET', 'POST'])
Julian Rother's avatar
Julian Rother committed
364
365
def logout():
	session.pop('user')
Julian Rother's avatar
Julian Rother committed
366
	return redirect(request.values.get('ref', url_for('index')))
Julian Rother's avatar
Julian Rother committed
367

368
# name: (tablename, idcolumn, [editable_fields], [fields_to_set_at_creation_time])
369
370
371
tabs = {
	'courses': ('courses_data', 'id', ['visible', 'listed', 'title', 'short',
			'handle', 'organizer', 'subject', 'semester', 'downloadable',
372
			'internal', 'responsible','deleted','description'],
373
			['created_by', 'time_created', 'time_updated']),
374
	'lectures': ('lectures_data', 'id', ['visible', 'title', 'comment',
375
376
377
378
379
380
381
382
383
384
			'internal', 'speaker', 'place', 'time', 'duration', 'jumplist','deleted'],
			['course_id', 'time_created', 'time_updated']),
	'videos': ('videos_data', 'id', ['visible','deleted'],
			['created_by', 'time_created', 'time_updated']),
	'chapters': ('chapters', 'id', ['time', 'text', 'visible', 'deleted'],
			['created_by', 'time_created', 'time_updated']),
	'announcements': ('announcements', 'id', ['text', 'level', 'visible',
			'deleted', 'time_publish', 'time_expire'],
			['created_by', 'time_created', 'time_updated']),
	'featured': ('featured', 'id', ['title', 'text', 'internal', 'visible', 'deleted'],
385
			['created_by', 'time_created', 'time_updated']),
386
	'auth': ('auth_data', 'auth_id', ['auth_type', 'auth_user', 'auth_passwd', 'deleted'],
387
388
389
			['course_id', 'lecture_id', 'video_id', 'created_by', 'time_created', 'time_updated']),
	'sorterrorlog': ('sorterrorlog_data', 'id', ['deleted'],
			['time_created', 'time_updated'])
390
391
}

392
@app.route('/edit', methods=['GET', 'POST'])
393
@mod_required
394
def edit(prefix='', ignore=[]):
395
	# All editable tables are expected to have a 'time_updated' field
396
	ignore.append('ref')
397
398
399
	ignore.append('prefix')
	if not prefix and 'prefix' in request.args:
		prefix = request.args['prefix']
Julian Rother's avatar
Julian Rother committed
400
	modify('BEGIN')
401
	changes = request.values.items()
402
	if (request.method == 'POST') and (request.get_json()):
Julian Rother's avatar
Julian Rother committed
403
404
		changes = request.get_json().items()
	for key, val in changes:
405
406
407
		if key in ignore:
			continue
		key = prefix+key
408
		table, id, column = key.split('.', 2)
Julian Rother's avatar
Julian Rother committed
409
410
		assert table in tabs
		assert column in tabs[table][2]
411
412
		modify('INSERT INTO changelog (`table`,id_value, id_key, field, value_new, value_old, `when`, who, executed) VALUES (?,?,?,?,?,(SELECT %s FROM %s WHERE %s = ?),?,?,1)'%(column, tabs[table][0], tabs[table][1]),
				table, id, tabs[table][1], column, val, id, datetime.now(), session['user']['dbid'])
Julian Rother's avatar
Julian Rother committed
413
414
		modify('UPDATE %s SET %s = ?, time_updated = ? WHERE %s = ?'%(tabs[table][0], column, tabs[table][1]), val, datetime.now(), id)
	modify('COMMIT')
415
416
	if 'ref' in request.values:
		return redirect(request.values['ref'])
417
	return "OK", 200
Julian Rother's avatar
Julian Rother committed
418

419
@app.route('/new/<table>', methods=['GET', 'POST'])
420
@mod_required
421
422
def create(table):
	assert table in tabs
423
424
425
426
427
428
429
	defaults = {'created_by': session['user']['dbid'], 'time_created': datetime.now(), 'time_updated': datetime.now()}
	columns = []
	values = []
	for column, val in defaults.items():
		if column in tabs[table][3]:
			columns.append(column)
			values.append(val)
430
	args = request.values
431
	if (request.method == 'POST') and (request.get_json()):
432
433
434
435
		args = request.get_json()
	for column, val in args.items():
		if column == 'ref':
			continue
436
437
		assert column in tabs[table][2]+tabs[table][3]
		assert column not in defaults
438
439
440
441
		columns.append(column)
		values.append(val)
	id = modify('INSERT INTO %s (%s) VALUES (%s)'%(tabs[table][0],
				','.join(columns), ','.join(['?']*len(values))), *values)
442
443
444
445
	if 'ref' in request.values:
		return redirect(request.values['ref'])
	return str(id), 200

446
447
448
449
450
@app.route('/auth')
def auth(): # For use with nginx auth_request
	if 'X-Original-Uri' not in request.headers:
		return 'Internal Server Error', 500
	url = request.headers['X-Original-Uri'].lstrip(config['VIDEOPREFIX'])
451
	ip = request.headers.get('X-Real-IP', '')
452
	if url.endswith('jpg'):
453
		return "OK", 200
454
	videos = query('''SELECT videos.path, videos.id, auth.*
455
456
457
      FROM videos
      JOIN lectures ON (videos.lecture_id = lectures.id)
      JOIN courses ON (lectures.course_id = courses.id)
458
			LEFT JOIN auth ON (videos.id = auth.video_id OR lectures.id = auth.lecture_id OR courses.id = auth.course_id)
459
460
      WHERE videos.path = ?
      AND (? OR (courses.visible AND lectures.visible AND videos.visible))
461
			ORDER BY auth.video_id DESC, auth.lecture_id DESC, auth.course_id DESC''',
462
			url, ismod())
463

464
	if not videos:
465
		return "Not allowed", 403
466
	auth = request.authorization
467
468
469
470
471
	username = password = None
	if auth:
		username = auth.username
		password = auth.password
	if checkauth(videos, username=username, password=password):
472
		return 'OK', 200
Julian Rother's avatar
Julian Rother committed
473
		modify('INSERT INTO log VALUES (?, "", ?, "video", ?, ?)', ip, datetime.now(), videos[0]['id'], url)
474
475
476
477
478
479
	password_auth = False
	for video in videos:
		if video['auth_type'] == 'password':
			password_auth = True
			break
	if password_auth:
480
481
		return Response("Login required", 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})
	return "Not allowed", 403
Andreas Valder's avatar
Andreas Valder committed
482

Andreas Valder's avatar
Andreas Valder committed
483
@app.route('/stats')
Andreas Valder's avatar
Andreas Valder committed
484
@register_navbar('Statistiken', icon='stats')
Andreas Valder's avatar
Andreas Valder committed
485
486
487
@mod_required
def stats():
	return render_template('stats.html')
Andreas Valder's avatar
Andreas Valder committed
488

Andreas Valder's avatar
Andreas Valder committed
489
@app.route('/changelog')
Andreas Valder's avatar
Andreas Valder committed
490
@register_navbar('Changelog', icon='book')
Andreas Valder's avatar
Andreas Valder committed
491
@mod_required
492
def changelog():
493
494
495
	changelog = query('SELECT * FROM changelog LEFT JOIN users ON (changelog.who = users.id) ORDER BY `when` DESC LIMIT 50')
	for entry in changelog:
		entry['path'] = '.'.join([entry['table'], entry['id_value'], entry['field']])
496
	return render_template('changelog.html', changelog=changelog)
Andreas Valder's avatar
Andreas Valder committed
497

Julian Rother's avatar
Julian Rother committed
498
499
500
501
@app.route('/files/<filename>')
def files(filename):
	return redirect(config['VIDEOPREFIX']+'/'+filename)

502
503
504
505
506
@app.route('/newchapter/<int:lectureid>', methods=['POST', 'GET'])
def suggest_chapter(lectureid):
	time = request.values['time']
	text = request.values['text']
	assert(time and text)
507
508
509
510
511
512
513
	try:
		x = datetime.strptime(time,'%H:%M:%S')
		time= timedelta(hours=x.hour,minutes=x.minute,seconds=x.second).total_seconds()
		time = int(time)
	except ValueError:
		flash('Falsches Zeitformat, "%H:%M:%S" wird erwartet. Z.B. "01:39:42" für eine Kapitel bei Stunde 1, Minute 39, Sekunde 42')
		
514
515
516
	submitter = None
	if not ismod():
		submitter = request.environ['REMOTE_ADDR']
Julian Rother's avatar
Julian Rother committed
517
	id = modify('INSERT INTO chapters (lecture_id, time, text, time_created, time_updated, created_by, submitted_by) VALUES (?, ?, ?, ?, ?, ?, ?)',
518
519
520
521
522
				lectureid, time, text, datetime.now(), datetime.now(), session.get('user', {'dbid':None})['dbid'], submitter)
	if 'ref' in request.values:
		return redirect(request.values['ref'])
	return 'OK',  200

523
524
525
526
527
528
529
530
531
532
@app.route('/chapters/<int:lectureid>')
def chapters(lectureid):
	chapters = query("SELECT * FROM chapters WHERE lecture_id = ? and visible ORDER BY time DESC", lectureid)
	last = None
	for c in chapters:
		c['start'] = c['time']
		c['end'] = last['start'] if last else 9999
		last = c
	return Response(render_template('chapters.srt',chapters=chapters), 200, {'Content-Type':'text/vtt'})

Andreas Valder's avatar
Andreas Valder committed
533
@app.route('/sitemap.xml')
Andreas Valder's avatar
Andreas Valder committed
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
def sitemap():
	pages=[]
	# static pages
	for rule in app.url_map.iter_rules():
		if 'GET' in rule.methods and len(rule.arguments)==0:
			if rule.endpoint not in mod_endpoints:
				pages.append([rule.rule])
	for i in query('select * from courses where visible and listed'):
		pages.append([url_for('course',handle=i['handle'])])
		for j in query('select * from lectures where (course_id = ? and visible)',i['id']):
			pages.append([url_for('lecture',id=j['id'])])


	return Response(render_template('sitemap.xml', pages=pages), 200, {'Content-Type': 'application/atom+xml'} )

Julian Rother's avatar
Julian Rother committed
549
import feeds
550
import importer
Andreas Valder's avatar
Andreas Valder committed
551
import sorter
552
553
if 'ICAL_URL' in config:
	import meetings
554
555
if 'L2P_APIKEY' in config:
	import l2pauth
556
import jobs
Andreas Valder's avatar
Andreas Valder committed
557
import timetable