server.py 26.5 KB
Newer Older
1
from flask import Flask, g, request, url_for, redirect, session, render_template, flash, Response, make_response
2
from werkzeug.routing import Rule
3
from functools import wraps
Julian Rother's avatar
Julian Rother committed
4
from datetime import date, timedelta, datetime, time, MINYEAR
5
import threading
6
import os
7
import sys
Julian Rother's avatar
Julian Rother committed
8
import hashlib
9
import random
10
import sched
11
import traceback
12
import string
13
from socket import gethostname
14

15
app = Flask(__name__)
16

Andreas Valder's avatar
Andreas Valder committed
17
18
app.jinja_env.trim_blocks = True
app.jinja_env.lstrip_blocks = True
Julian Rother's avatar
Julian Rother committed
19
app.add_template_global(random.randint, name='randint')
20
21
app.add_template_global(datetime, name='datetime')
app.add_template_global(timedelta, name='timedelta')
22
app.add_template_global(gethostname, name='gethostname')
Andreas Valder's avatar
Andreas Valder committed
23

24
25
scheduler = sched.scheduler()
def run_scheduler():
Andreas Valder's avatar
Andreas Valder committed
26
	import time
27
	time.sleep(1) # UWSGI does weird things on startup
28
29
	while True:
		scheduler.run()
30
		time.sleep(10)
31

32
33
34
def sched_func(delay, priority=0, firstdelay=None, args=[], kargs={}):
	if firstdelay == None:
		firstdelay = random.randint(1, 120)
35
36
37
	def wrapper(func):
		def sched_wrapper():
			with app.test_request_context():
38
39
40
41
				try:
					func(*args, **kargs)
				except Exception:
					traceback.print_exc()
42
			scheduler.enter(delay, priority, sched_wrapper)
43
		scheduler.enter(firstdelay, priority, sched_wrapper)
44
45
46
47
		return func
	return wrapper

threading.Thread(target=run_scheduler, daemon=True).start()
48

49
config = app.config
50
config.from_pyfile('config.py.example', silent=True)
51
52
53
if sys.argv[0].endswith('run.py'): 
	config['SQLITE_INIT_DATA'] = True
	config['DEBUG'] = True
54
config.from_pyfile('config.py', silent=True)
Andreas Valder's avatar
Andreas Valder committed
55
56
if config['DEBUG']:
	app.jinja_env.auto_reload = True
57
58
if not config.get('SECRET_KEY', None):
	config['SECRET_KEY'] = os.urandom(24)
Julian Rother's avatar
Julian Rother committed
59

Julian Rother's avatar
Julian Rother committed
60
from db import query, modify, searchquery, ldapauth, ldapget
Julian Rother's avatar
Julian Rother committed
61

62
mod_endpoints = []
Julian Rother's avatar
Julian Rother committed
63

Julian Rother's avatar
Cleanup    
Julian Rother committed
64
@app.template_global()
65
66
67
68
def ismod(*args):
	return ('user' in session)

def mod_required(func):
69
	mod_endpoints.append(func.__name__)
70
71
	@wraps(func)
	def decorator(*args, **kwargs):
72
		if not ismod():
73
74
75
76
77
78
			flash('Diese Funktion ist nur für Moderatoren verfügbar!')
			return redirect(url_for('login', ref=request.url))
		else:
			return func(*args, **kwargs)
	return decorator

79
80
csrf_endpoints = []

81
def csrf_protect(func):
82
	csrf_endpoints.append(func.__name__)
83
84
85
86
	@wraps(func)
	def decorator(*args, **kwargs):
		if '_csrf_token' in request.values:
			token = request.values['_csrf_token']
Andreas Valder's avatar
Andreas Valder committed
87
		elif request.get_json() and ('_csrf_token' in request.get_json()):
88
89
			token = request.get_json()['_csrf_token']
		else:
90
			token = None
91
92
93
94
95
96
		if not ('_csrf_token' in session) or (session['_csrf_token'] != token ) or not token: 
			return 'csrf test failed', 403
		else:
			return func(*args, **kwargs)
	return decorator

97
98
@app.url_defaults
def csrf_inject(endpoint, values):
99
	if endpoint not in csrf_endpoints or not session.get('_csrf_token'):
100
101
102
		return
	values['_csrf_token'] = session['_csrf_token']

103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
def evalperm(perms):
	cperms = []
	lperms = []
	vperms = []
	for perm in perms:
		if perm['course_id']:
			cperms.append(perm)
		elif perm['lecture_id']:
			lperms.append(perm)
		elif perm['video_id']:
			vperms.append(perm)
	if vperms:
		return vperms
	elif lperms:
	 	return lperms
	elif cperms:
		return cperms
	return [{'type': 'public'}]
121
122

@app.template_filter()
123
def checkperm(perms, username=None, password=None):
124
125
	if ismod():
		return True
126
127
128
	perms = evalperm(perms)
	for perm in perms:
		if perm['type'] == 'public':
129
			return True
130
131
		elif perm['type'] == 'password':
			if perm['param1'] == username and perm['param2'] == password:
132
				return True
133
134
		elif perm['type'] == 'l2p':
			if perm['param1'] in session.get('l2p_courses', []):
135
				return True
136
		elif perm['type'] == 'rwth':
137
138
139
140
141
			if session.get('rwthintern', False):
				return True
	return False

@app.template_filter()
142
143
def permdescr(perms):
	perms = evalperm(perms)
144
145
146
147
	public = False
	password = False
	l2p_courses = []
	rwth_intern = False
148
	fsmpi_intern = False
149
150
	for perm in perms:
		if perm['type'] == 'public':
151
			public = True
152
		elif perm['type'] == 'password':
153
			password = True
154
		elif perm['type'] == 'l2p':
155
			l2p_courses.append(perm['param1'])
156
		elif perm['type'] == 'rwth':
157
			rwth_intern = True
158
159
		elif perm['type'] == 'fsmpi':
			fsmpi_intern = True
160
	if public or not perms:
161
162
163
164
165
		return 'public', 'Öffentlich verfügbar'
	if rwth_intern:
		if password:
			return 'rwth', 'Nur für RWTH-Angehörige und Nutzer mit Passwort verfügbar'
		return 'rwth', 'Nur für RWTH-Angehörige verfügbar'
166
167
	if fsmpi_intern:
		return 'fsmpi', 'Nur für Fachschaftler verfügbar'
168
169
	if l2p_courses:
		if password:
170
171
			return 'l2p', 'Nur für Teilnehmer der Veranstaltung und Nutzer mit Passwort verfügbar'
		return 'l2p', 'Nur für Teilnehmer der Veranstaltung verfügbar'
172
173
174
175
	if password:
		return 'password', 'Nur für Nutzer mit Passwort verfügbar'
	return 'public', 'Öffentlich verfügbar'

176
app.jinja_env.globals['navbar'] = []
177
178
179
180
181
# iconlib can be 'bootstrap'
# ( see: http://getbootstrap.com/components/#glyphicons )
# or 'fa'
# ( see: http://fontawesome.io/icons/ )
def register_navbar(name, iconlib='bootstrap', icon=None):
182
	def wrapper(func):
183
		endpoint = func.__name__
184
		app.jinja_env.globals['navbar'].append((endpoint, name, iconlib, icon, not endpoint in mod_endpoints))
185
186
187
		return func
	return wrapper

Julian Rother's avatar
Cleanup    
Julian Rother committed
188
189
190
191
def render_endpoint(endpoint, flashtext=None, **kargs):
	if flashtext:
		flash(flashtext)
	# request.endpoint is used for navbar highlighting
192
	request.url_rule = Rule(request.path, endpoint=endpoint)
Julian Rother's avatar
Cleanup    
Julian Rother committed
193
194
	return app.view_functions[endpoint](**kargs)

195
196
197
198
199
200
201
def handle_errors(endpoint, text, code, *errors, **epargs):
	def wrapper(func):
		@wraps(func)
		def decorator(*args, **kwargs):
			try:
				return func(*args, **kwargs)
			except errors:
Julian Rother's avatar
Julian Rother committed
202
				if endpoint:
203
					return make_response(render_endpoint(endpoint, text, **epargs), code)
Julian Rother's avatar
Julian Rother committed
204
205
				else:
					return text, code
206
207
208
		return decorator
	return wrapper

Julian Rother's avatar
Cleanup    
Julian Rother committed
209
210
@app.errorhandler(404)
def handle_not_found(e):
211
	return render_endpoint('index', 'Diese Seite existiert nicht!'), 404
Julian Rother's avatar
Cleanup    
Julian Rother committed
212

213
214
215
216
@app.errorhandler(500)
@app.errorhandler(Exception)
def handle_internal_error(e):
	traceback.print_exc()
217
	return render_template('500.html'), 500
218

219
220
221
222
223
224
225
226
227
228
@sched_func(5*60, firstdelay=0)
def dump_error_page():
	if 'ERROR_PAGE' not in config:
		return
	request.url_rule = Rule(request.path, endpoint='handle_internal_error')
	text = render_template('500.html')
	f = open(config['ERROR_PAGE'], 'w')
	f.write(text)
	f.close()

Andreas Valder's avatar
Andreas Valder committed
229
230
# debian ships jinja2 without this test...
@app.template_test(name='equalto')
231
232
233
def equalto(a,b):
	return a == b

Julian Rother's avatar
Julian Rother committed
234
@app.template_filter(name='semester')
235
236
237
238
239
240
241
242
243
244
245
246
247
248
def human_semester(s, long=False):
	if not s or s == 'zeitlos' or len(s) != 6:
		return 'Zeitlos'
	year = s[0:4]
	semester = s[4:6].upper()
	if not year.isdigit() or semester not in ['SS', 'WS']:
		print('Invalid semester string "%s"'%s)
		return '??'
	if not long:
		return semester+year[2:]
	elif semester == 'SS':
		return 'Sommersemester %s'%year
	else:
		return 'Wintersemester %s/%s'%(year, str(int(year)+1)[2:])
Julian Rother's avatar
Julian Rother committed
249
250
251

@app.template_filter(name='date')
def human_date(d):
Andreas Valder's avatar
Andreas Valder committed
252
	return d.strftime('%d.%m.%Y')
Julian Rother's avatar
Julian Rother committed
253

Andreas Valder's avatar
Andreas Valder committed
254
@app.template_filter(name='time')
255
def human_time(d):
Andreas Valder's avatar
Andreas Valder committed
256
257
	return d.strftime('%H:%M')

Julian Rother's avatar
Julian Rother committed
258
259
260
261
@app.template_filter()
def rfc3339(d):
	return d.strftime('%Y-%m-%dT%H:%M:%S+02:00')

262
263
@app.template_global()
def get_announcements(minlevel=0):
264
265
	offset = timedelta()
	if ismod():
266
		offset = timedelta(hours=24)
267
268
269
270
	try:
		return query('SELECT * FROM announcements WHERE NOT deleted AND ((time_expire = NULL) OR time_expire > ?) AND (? OR (visible AND time_publish < ?)) AND level >= ? ORDER BY level DESC', datetime.now()-offset, ismod(), datetime.now(), minlevel)
	except:
		return []
271

272
273
274
275
276
@app.template_filter()
def fixnl(s):
	# To be remove, as soon as db schema is cleaned-up
	return str(s).replace('\n', '<br>')

277
278
279
280
281
282
283
284
285
286
287
@app.template_filter()
def tagid(s):
	if not s:
		return 'EMPTY'
	s = s.replace(' ', '_').lower()
	r = ''
	for c in s:
		if c in string.ascii_lowercase+string.digits+'_':
			r = r + c
	return r

288
@app.route('/')
289
@register_navbar('Home', icon='home')
290
def index():
291
292
293
	# handle legacy urls...
	if 'course' in request.args:
		return redirect(url_for('course', handle=request.args['course']),code=302)
294
295
296
	if 'view' in request.args:
		if (request.args['view'] == 'player') and ('lectureid' in request.args) :
			return redirect(url_for('lecture', id=request.args['lectureid']),code=302)
297

298
299
	start = date.today() - timedelta(days=1)
	end = start + timedelta(days=7)
300
301
	upcomming = query('''
		SELECT lectures.*, "course" AS sep, courses.*
Andreas Valder's avatar
Andreas Valder committed
302
303
		FROM lectures
		JOIN courses ON (lectures.course_id = courses.id)
304
305
		WHERE (time > ?) AND (time < ?) and lectures.visible and courses.visible and courses.listed
		ORDER BY time ASC LIMIT 30''',start,end)
Andreas Valder's avatar
Andreas Valder committed
306
307
308
	for i in upcomming:
		i['date'] = i['time'].date()
	latestvideos=query('''
309
		SELECT lectures.*, "course" AS sep, courses.*
Andreas Valder's avatar
Andreas Valder committed
310
311
312
313
314
		FROM lectures
		LEFT JOIN videos ON (videos.lecture_id = lectures.id)
		LEFT JOIN courses on (courses.id = lectures.course_id)
		WHERE (? OR (courses.visible AND courses.listed AND lectures.visible AND videos.visible))
		GROUP BY videos.lecture_id
315
		ORDER BY MAX(videos.time_updated) DESC
Andreas Valder's avatar
Andreas Valder committed
316
		LIMIT 6	''',ismod())
317
318
319
320
321
322
	livestreams = query('''SELECT streams.handle AS live, lectures.*, "course" AS sep, courses.*
		FROM streams
		JOIN lectures ON lectures.id = streams.lecture_id
		JOIN courses ON courses.id = lectures.course_id
		WHERE streams.active AND (? OR (streams.visible AND courses.visible AND courses.listed AND lectures.visible))
		''', ismod())
323
	featured = query('SELECT * FROM featured WHERE NOT deleted AND (? OR visible)', ismod())
324
	return render_template('index.html', latestvideos=livestreams+latestvideos, upcomming=upcomming, featured=featured)
325

326
@app.route('/course')
327
@register_navbar('Videos', icon='film')
328
def courses():
329
	courses = query('SELECT * FROM courses WHERE (? OR (visible AND listed)) ORDER BY title', ismod())
330
331
332
	for course in courses:
		if course['semester'] == '':
			course['semester'] = 'zeitlos'
Andreas Valder's avatar
Andreas Valder committed
333
	groupedby = request.args.get('groupedby')
Julian Rother's avatar
Julian Rother committed
334
	if groupedby not in ['title', 'semester', 'organizer', 'subject']:
Andreas Valder's avatar
Andreas Valder committed
335
		groupedby = 'semester'
336
	return render_template('courses.html', courses=courses, groupedby=groupedby)
Andreas Valder's avatar
Andreas Valder committed
337

338
339
340
341
342
343
344
345
def genlive(streams):
	for stream in streams:
		stream['visible'] = True
		stream['downloadable'] = False
		stream['path'] = 'pub/hls/%s.m3u8'%stream['live']
		stream['file_size'] = 0
	return streams

346
347
@app.route('/course/<handle>')
@app.route('/course/<int:id>')
348
@handle_errors('courses', 'Diese Veranstaltung existiert nicht!', 404, IndexError)
349
350
def course(id=None, handle=None):
	if id:
351
		course = query('SELECT * FROM courses WHERE id = ? AND (? OR visible)', id, ismod())[0]
352
	else:
353
		course = query('SELECT * FROM courses WHERE handle = ? AND (? OR visible)', handle, ismod())[0]
354
355
	course['perm'] = query('SELECT * FROM perm WHERE (NOT perm.deleted) AND course_id = ? ORDER BY type', course['id'])
	perms = query('SELECT perm.* FROM perm JOIN lectures ON (perm.lecture_id = lectures.id) WHERE (NOT perm.deleted) AND lectures.course_id = ? ORDER BY perm.type', course['id'])
356
	lectures = query('SELECT * FROM lectures WHERE course_id = ? AND (? OR visible) ORDER BY time, duration DESC', course['id'], ismod())
357
	for lecture in lectures:
358
		lecture['perm'] = []
359
		lecture['perm'] += course['perm']
360
		lecture['course'] = course
361
362
363
		for perm in perms:
			if perm['lecture_id'] == lecture['id']:
				lecture['perm'].append(perm)
Andreas Valder's avatar
Andreas Valder committed
364
	videos = query('''
365
			SELECT videos.*, (videos.downloadable AND courses.downloadable) as downloadable, formats.description AS format_description, formats.player_prio, formats.prio
Andreas Valder's avatar
Andreas Valder committed
366
367
368
369
370
371
			FROM videos
			JOIN lectures ON (videos.lecture_id = lectures.id)
			JOIN formats ON (videos.video_format = formats.id)
			JOIN courses ON (lectures.course_id = courses.id)
			WHERE lectures.course_id= ? AND (? OR videos.visible)
			ORDER BY lectures.time, formats.prio DESC
372
			''', course['id'], ismod())
373
374
375
376
377
378
379
	livestreams = query('''SELECT streams.handle AS live, streams.lecture_id, formats.description AS format_description, formats.player_prio, formats.prio
			FROM streams
			JOIN lectures ON lectures.id = streams.lecture_id
			JOIN formats ON formats.keywords = "hls"
			WHERE streams.active AND (? OR streams.visible) AND lectures.course_id = ?
			''', ismod(), course['id'])
	videos += genlive(livestreams)
380
	return render_template('course.html', course=course, lectures=lectures, videos=videos)
Andreas Valder's avatar
Andreas Valder committed
381

Andreas Valder's avatar
Andreas Valder committed
382
@app.route('/faq')
383
@register_navbar('FAQ', icon='question-sign')
Andreas Valder's avatar
Andreas Valder committed
384
def faq():
385
	return render_template('faq.html')
Andreas Valder's avatar
Andreas Valder committed
386

387
@app.route('/play/<int:id>')
Andreas Valder's avatar
Andreas Valder committed
388
@app.route('/embed/<int:id>', endpoint='embed')
389
@handle_errors('course', 'Diese Vorlesung existiert nicht!', 404, IndexError)
390
def lecture(id):
Andreas Valder's avatar
Andreas Valder committed
391
392
	lecture = query('SELECT * FROM lectures WHERE id = ? AND (? OR visible)', id, ismod())[0]
	videos = query('''
393
			SELECT videos.*, (videos.downloadable AND courses.downloadable) as downloadable, formats.description AS format_description, formats.player_prio, formats.prio, formats.mimetype
Andreas Valder's avatar
Andreas Valder committed
394
395
			FROM videos
			JOIN formats ON (videos.video_format = formats.id)
396
397
398
399
			JOIN courses ON (courses.id = ?)
			WHERE videos.lecture_id = ? AND (? OR videos.visible)
			ORDER BY formats.prio DESC
			''', lecture['course_id'], lecture['id'], ismod())
400
401
402
403
404
405
406
	livestreams = query('''SELECT streams.handle AS live, streams.lecture_id, formats.description AS format_description, formats.player_prio, formats.prio, formats.mimetype
			FROM streams
			JOIN lectures ON lectures.id = streams.lecture_id
			JOIN formats ON formats.keywords = "hls"
			WHERE streams.active AND (? OR streams.visible) AND lectures.id = ?
			''', ismod(), id)
	videos += genlive(livestreams)
407
	perms = query('SELECT perm.* FROM perm WHERE ((NOT perm.deleted) AND (perm.lecture_id = ? OR perm.course_id = ?))',
408
			lecture['id'], lecture['course_id'])
409
410
	if not videos:
		flash('Zu dieser Vorlesung wurden noch keine Videos veröffentlicht!')
411
	courses = query('SELECT * FROM courses WHERE id = ? AND (? OR visible)', lecture['course_id'], ismod())
412
413
	if not courses:
		return render_endpoint('courses', 'Diese Veranstaltung existiert nicht!'), 404
414
	chapters = query('SELECT * FROM chapters WHERE lecture_id = ? AND NOT deleted AND (? OR visible) ORDER BY time ASC', id, ismod())
415
416
	if not checkperm(perms):
		mode, text = permdescr(perms)
417
418
419
420
421
422
		if mode == 'rwth':
			flash(text+'. <a target="_blank" href="'+url_for('start_rwthauth')+'">Hier authorisieren</a>.')
		elif mode == 'l2p':
			flash(text+'. <a target="_blank" href="'+url_for('start_l2pauth')+'">Hier authorisieren</a>.')
		else:
			flash(text+'.')
423
	return render_template('embed.html' if request.endpoint == 'embed' else 'lecture.html', course=courses[0], lecture=lecture, videos=videos, chapters=chapters)
Andreas Valder's avatar
Andreas Valder committed
424

425
426
427
428
429
430
431

@app.route('/search')
def search():
	if 'q' not in request.args:
		return redirect(url_for('index'))
	q = request.args['q']
	courses = searchquery(q, '*', ['title', 'short', 'organizer', 'subject', 'description'],
432
			'courses', 'WHERE (? OR (visible AND listed)) GROUP BY id ORDER BY _score DESC, semester DESC LIMIT 20', ismod())
Julian Rother's avatar
Julian Rother committed
433
434
435
436
437
	#lectures = searchquery(q, 'lectures.*, courses.visible AS coursevisible, courses.listed, "course" AS sep, courses.*',
	#			['lectures.title', 'lectures.comment', 'lectures.speaker', 'courses.short'],
	#			'lectures LEFT JOIN courses on (courses.id = lectures.course_id)',
	#			'WHERE (? OR (coursevisible AND listed AND visible)) GROUP BY id ORDER BY _score DESC, time DESC LIMIT 30', ismod())
	lectures = searchquery(q, 'lectures.*, courses.visible AS coursevisible, courses.listed, courses.id AS courses_id, courses.visible AS courses_visible, courses.listed AS courses_listed, courses.title AS courses_title, courses.short AS courses_short, courses.handle AS courses_handle, courses.organizer AS courses_organizer, courses.subject AS courses_subject, courses.credits AS courses_credits, courses.created_by AS courses_created_by, courses.time_created AS courses_time_created, courses.time_updated AS courses_time_updated, courses.semester AS courses_semester, courses.downloadable AS courses_downloadable, courses.embedinvisible AS courses_embedinvisible, courses.description AS courses_description, courses.internal AS courses_internal, courses.responsible AS courses_responsible',
438
439
			['lectures.title', 'lectures.comment', 'lectures.speaker', 'courses.short'],
			'lectures LEFT JOIN courses on (courses.id = lectures.course_id)',
440
			'WHERE (? OR (coursevisible AND listed AND visible)) GROUP BY id ORDER BY _score DESC, time DESC LIMIT 30', ismod())
Julian Rother's avatar
Julian Rother committed
441
442
443
444
445
	for lecture in lectures:
		lecture['course'] = {}
		for key in lecture:
			if key.startswith('courses_'):
				lecture['course'][key[8:]] = lecture[key]
446
	return render_template('search.html', searchtext=request.args['q'], courses=courses, lectures=lectures)
Andreas Valder's avatar
Andreas Valder committed
447

448
449
450
def check_mod(user, groups):
	return user and 'users' in groups

451
@app.route('/login', methods=['GET', 'POST'])
Julian Rother's avatar
Julian Rother committed
452
def login():
453
454
	if request.method == 'GET':
		return render_template('login.html')
Julian Rother's avatar
Julian Rother committed
455
	user, groups = ldapauth(request.form.get('user'), request.form.get('password'))
456
	if not check_mod(user, groups):
457
		flash('Login fehlgeschlagen!')
458
459
460
461
		return render_template('login.html')
	session['user'] = ldapget(user)
	dbuser = query('SELECT * FROM users WHERE name = ?', user)
	if not dbuser:
Julian Rother's avatar
Julian Rother committed
462
		modify('INSERT INTO users (name, realname, fsacc, level, calendar_key, rfc6238) VALUES (?, ?, ?, 1, "", "")', user, session['user']['givenName'], user)
463
464
		dbuser = query('SELECT * FROM users WHERE name = ?', user)
	session['user']['dbid'] = dbuser[0]['id']
465
	session['_csrf_token'] = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(128))
Julian Rother's avatar
Julian Rother committed
466
	return redirect(request.values.get('ref', url_for('index')))
Julian Rother's avatar
Julian Rother committed
467

Julian Rother's avatar
Julian Rother committed
468
@app.route('/logout', methods=['GET', 'POST'])
Julian Rother's avatar
Julian Rother committed
469
470
def logout():
	session.pop('user')
Julian Rother's avatar
Julian Rother committed
471
	return redirect(request.values.get('ref', url_for('index')))
Julian Rother's avatar
Julian Rother committed
472

473
# name: (tablename, idcolumn, [editable_fields], [fields_to_set_at_creation_time])
474
475
476
tabs = {
	'courses': ('courses_data', 'id', ['visible', 'listed', 'title', 'short',
			'handle', 'organizer', 'subject', 'semester', 'downloadable',
477
			'internal', 'responsible','deleted','description'],
478
			['created_by', 'time_created', 'time_updated']),
479
	'lectures': ('lectures_data', 'id', ['visible', 'title', 'comment',
480
481
482
483
484
485
486
487
488
489
			'internal', 'speaker', 'place', 'time', 'duration', 'jumplist','deleted'],
			['course_id', 'time_created', 'time_updated']),
	'videos': ('videos_data', 'id', ['visible','deleted'],
			['created_by', 'time_created', 'time_updated']),
	'chapters': ('chapters', 'id', ['time', 'text', 'visible', 'deleted'],
			['created_by', 'time_created', 'time_updated']),
	'announcements': ('announcements', 'id', ['text', 'level', 'visible',
			'deleted', 'time_publish', 'time_expire'],
			['created_by', 'time_created', 'time_updated']),
	'featured': ('featured', 'id', ['title', 'text', 'internal', 'visible', 'deleted'],
490
			['created_by', 'time_created', 'time_updated']),
491
	'perm': ('perm', 'id', ['type', 'param1', 'param2', 'deleted'],
492
493
494
			['course_id', 'lecture_id', 'video_id', 'created_by', 'time_created', 'time_updated']),
	'sorterrorlog': ('sorterrorlog_data', 'id', ['deleted'],
			['time_created', 'time_updated'])
495
496
}

497
@app.route('/edit', methods=['GET', 'POST'])
498
@mod_required
499
@csrf_protect
500
def edit(prefix='', ignore=[]):
501
	# All editable tables are expected to have a 'time_updated' field
502
	ignore.append('ref')
503
	ignore.append('prefix')
504
	ignore.append('_csrf_token')
505
506
	if not prefix and 'prefix' in request.args:
		prefix = request.args['prefix']
Julian Rother's avatar
Julian Rother committed
507
	modify('BEGIN')
508
	changes = request.values.items()
509
	if (request.method == 'POST') and (request.get_json()):
Julian Rother's avatar
Julian Rother committed
510
511
		changes = request.get_json().items()
	for key, val in changes:
512
513
514
		if key in ignore:
			continue
		key = prefix+key
515
		table, id, column = key.split('.', 2)
Julian Rother's avatar
Julian Rother committed
516
517
		assert table in tabs
		assert column in tabs[table][2]
518
519
		modify('INSERT INTO changelog (`table`,id_value, id_key, field, value_new, value_old, `when`, who, executed) VALUES (?,?,?,?,?,(SELECT %s FROM %s WHERE %s = ?),?,?,1)'%(column, tabs[table][0], tabs[table][1]),
				table, id, tabs[table][1], column, val, id, datetime.now(), session['user']['dbid'])
Julian Rother's avatar
Julian Rother committed
520
521
		modify('UPDATE %s SET %s = ?, time_updated = ? WHERE %s = ?'%(tabs[table][0], column, tabs[table][1]), val, datetime.now(), id)
	modify('COMMIT')
522
523
	if 'ref' in request.values:
		return redirect(request.values['ref'])
524
	return "OK", 200
Julian Rother's avatar
Julian Rother committed
525

526
@app.route('/new/<table>', methods=['GET', 'POST'])
527
@mod_required
528
@csrf_protect
529
530
def create(table):
	assert table in tabs
531
532
533
534
535
536
537
	defaults = {'created_by': session['user']['dbid'], 'time_created': datetime.now(), 'time_updated': datetime.now()}
	columns = []
	values = []
	for column, val in defaults.items():
		if column in tabs[table][3]:
			columns.append(column)
			values.append(val)
Andreas Valder's avatar
Andreas Valder committed
538
	args = request.values.items()
539
	if (request.method == 'POST') and (request.get_json()):
540
541
542
		args = request.get_json().items()
	for column, val in args:
		if (column == 'ref') or (column == '_csrf_token'):
543
			continue
544
545
		assert column in tabs[table][2]+tabs[table][3]
		assert column not in defaults
546
547
548
549
		columns.append(column)
		values.append(val)
	id = modify('INSERT INTO %s (%s) VALUES (%s)'%(tabs[table][0],
				','.join(columns), ','.join(['?']*len(values))), *values)
550
551
552
553
	if 'ref' in request.values:
		return redirect(request.values['ref'])
	return str(id), 200

554
555
556
557
558
@app.route('/auth')
def auth(): # For use with nginx auth_request
	if 'X-Original-Uri' not in request.headers:
		return 'Internal Server Error', 500
	url = request.headers['X-Original-Uri'].lstrip(config['VIDEOPREFIX'])
559
	ip = request.headers.get('X-Real-IP', '')
Julian Rother's avatar
Julian Rother committed
560
561
	if request.cookies.get('tracking', '') and request.cookies['tracking'].isdigit():
		cookie = int(request.cookies['tracking'])
562
	else:
Julian Rother's avatar
Julian Rother committed
563
		cookie = random.getrandbits(8*8-1)
564
	if url.endswith('jpg') or ismod():
565
		return "OK", 200
566
567
	if url.startswith('pub/hls/'):
		handle = url[len('pub/hls/'):].split('_')[0].split('.')[0]
568
		perms = query('''SELECT lectures.id AS lecture, perm.*
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
				FROM streams
				JOIN lectures ON (streams.lecture_id = lectures.id)
				JOIN courses ON (lectures.course_id = courses.id)
				LEFT JOIN perm ON ((lectures.id = perm.lecture_id OR courses.id = perm.course_id) AND NOT perm.deleted)
				WHERE streams.handle = ?
				AND (courses.visible AND lectures.visible AND streams.visible)
				ORDER BY perm.video_id DESC, perm.lecture_id DESC, perm.course_id DESC''', handle)
	else:
		perms = query('''SELECT videos.path, videos.id AS vid, perm.*
				FROM videos
				JOIN lectures ON (videos.lecture_id = lectures.id)
				JOIN courses ON (lectures.course_id = courses.id)
				LEFT JOIN perm ON ((videos.id = perm.video_id OR lectures.id = perm.lecture_id OR courses.id = perm.course_id) AND NOT perm.deleted)
				WHERE videos.path = ?
				AND (courses.visible AND lectures.visible AND videos.visible)
				ORDER BY perm.video_id DESC, perm.lecture_id DESC, perm.course_id DESC''',
				url)
586
	if not perms:
587
		return "Not allowed", 403
588
	auth = request.authorization
589
590
591
592
	username = password = None
	if auth:
		username = auth.username
		password = auth.password
593
	if checkperm(perms, username=username, password=password):
594
		try:
595
596
			if not url.startswith('pub/hls/'):
				modify('INSERT INTO log (id, `time`, `date`, video, source) VALUES (?, ?, ?, ?, 1)', cookie, datetime.now(), datetime.combine(date.today(), time()), perms[0]['vid'])
597
598
599
600
			elif url.endswith('.ts'):
				fmt = url.split('_')[-1].split('-')[0]
				seg = url.split('.')[0].split('-')[-1]
				modify('INSERT INTO hlslog (id, `time`, segment, lecture, handle, format) VALUES (?, ?, ?, ?, ?, ?)', cookie, datetime.now(), seg, perms[0]['lecture'], handle, fmt)
601
602
603
		except:
			pass
		r = make_response('OK', 200)
Julian Rother's avatar
Julian Rother committed
604
		r.set_cookie('tracking', str(cookie), max_age=2147483647) # Many many years
605
		return r
606
	password_auth = False
607
608
	for perm in perms:
		if perm['type'] == 'password':
609
610
611
			password_auth = True
			break
	if password_auth:
612
613
		return Response("Login required", 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})
	return "Not allowed", 403
Andreas Valder's avatar
Andreas Valder committed
614

Andreas Valder's avatar
Andreas Valder committed
615
@app.route('/changelog')
Andreas Valder's avatar
Andreas Valder committed
616
@register_navbar('Changelog', icon='book')
Andreas Valder's avatar
Andreas Valder committed
617
@mod_required
618
def changelog():
619
620
621
	changelog = query('SELECT * FROM changelog LEFT JOIN users ON (changelog.who = users.id) ORDER BY `when` DESC LIMIT 50')
	for entry in changelog:
		entry['path'] = '.'.join([entry['table'], entry['id_value'], entry['field']])
622
	return render_template('changelog.html', changelog=changelog)
Andreas Valder's avatar
Andreas Valder committed
623

Julian Rother's avatar
Julian Rother committed
624
625
626
627
@app.route('/files/<filename>')
def files(filename):
	return redirect(config['VIDEOPREFIX']+'/'+filename)

628
629
630
631
632
@app.route('/newchapter/<int:lectureid>', methods=['POST', 'GET'])
def suggest_chapter(lectureid):
	time = request.values['time']
	text = request.values['text']
	assert(time and text)
633
634
635
636
637
638
639
	try:
		x = datetime.strptime(time,'%H:%M:%S')
		time= timedelta(hours=x.hour,minutes=x.minute,seconds=x.second).total_seconds()
		time = int(time)
	except ValueError:
		flash('Falsches Zeitformat, "%H:%M:%S" wird erwartet. Z.B. "01:39:42" für eine Kapitel bei Stunde 1, Minute 39, Sekunde 42')
		
640
641
642
	submitter = None
	if not ismod():
		submitter = request.environ['REMOTE_ADDR']
Julian Rother's avatar
Julian Rother committed
643
	id = modify('INSERT INTO chapters (lecture_id, time, text, time_created, time_updated, created_by, submitted_by) VALUES (?, ?, ?, ?, ?, ?, ?)',
644
645
646
647
648
				lectureid, time, text, datetime.now(), datetime.now(), session.get('user', {'dbid':None})['dbid'], submitter)
	if 'ref' in request.values:
		return redirect(request.values['ref'])
	return 'OK',  200

649
650
@app.route('/chapters/<int:lectureid>')
def chapters(lectureid):
651
	chapters = query("SELECT * FROM chapters WHERE lecture_id = ? AND NOT deleted AND (visible OR ?) ORDER BY time DESC", lectureid, ismod())
652
653
	if not chapters:
		return 'No chapters found', 404
654
655
656
657
658
659
660
	last = None
	for c in chapters:
		c['start'] = c['time']
		c['end'] = last['start'] if last else 9999
		last = c
	return Response(render_template('chapters.srt',chapters=chapters), 200, {'Content-Type':'text/vtt'})

Andreas Valder's avatar
Andreas Valder committed
661
@app.route('/sitemap.xml')
Andreas Valder's avatar
Andreas Valder committed
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
def sitemap():
	pages=[]
	# static pages
	for rule in app.url_map.iter_rules():
		if 'GET' in rule.methods and len(rule.arguments)==0:
			if rule.endpoint not in mod_endpoints:
				pages.append([rule.rule])
	for i in query('select * from courses where visible and listed'):
		pages.append([url_for('course',handle=i['handle'])])
		for j in query('select * from lectures where (course_id = ? and visible)',i['id']):
			pages.append([url_for('lecture',id=j['id'])])


	return Response(render_template('sitemap.xml', pages=pages), 200, {'Content-Type': 'application/atom+xml'} )

677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692

@app.route('/site/')
@app.route('/site/<string:phpfile>')
def legacy(phpfile=None):
	if phpfile=='embed.php' and ('lecture' in request.args):
		return redirect(url_for('embed', id=request.args['lecture']),code=302)
	if phpfile=='feed.php' and ('all' in request.args):
		return redirect(url_for('feed'),code=302)
	if phpfile=='feed.php' and ('newcourses' in request.args):
		return redirect(url_for('courses_feed'),code=302)
	if phpfile=='feed.php':
		return redirect(url_for('feed', handle=request.args.copy().popitem()[0]),code=302)
	print("Unknown legacy url:",request.url)
	return redirect(url_for('index'),code=302)
	

Julian Rother's avatar
Julian Rother committed
693
import feeds
694
import importer
695
import stats
Andreas Valder's avatar
Andreas Valder committed
696
import sorter
697
698
if 'ICAL_URL' in config:
	import meetings
699
import l2pauth
Andreas Valder's avatar
Andreas Valder committed
700
701
if 'JOBS_API_KEY' in config:
	import jobs
Andreas Valder's avatar
Andreas Valder committed
702
import timetable