Commit d3fadbf9 authored by Andreas Valder's avatar Andreas Valder
Browse files

Merge branch 'master' of git.fsmpi.rwth-aachen.de:julianundandyfrickelnkram/videoagwebsite

parents bba69c3c 69b6f898
......@@ -99,6 +99,15 @@ CREATE TABLE IF NOT EXISTS `site_texts` (
`modified_when` datetime NOT NULL,
`modified_by` text NOT NULL
);
CREATE TABLE IF NOT EXISTS `log` (
`ip` varchar(64),
`id` varchar(64),
`time` datetime NOT NULL,
`object` varchar(10),
`obj_id` INTEGER,
`path` varchar(255) NOT NULL,
PRIMARY KEY (ip, id, time, path)
);
CREATE TABLE IF NOT EXISTS `streams` (
`handle` varchar(32) NOT NULL PRIMARY KEY,
`active` INTEGER NOT NULL,
......
......@@ -2,6 +2,7 @@
from flask import *
from functools import wraps
import datetime
import sqlite3
import os
import re
......@@ -55,6 +56,7 @@ def query(operation, *params):
if 'db' not in g:
g.db = sqlite3.connect(config['SQLITE_DB'])
g.db.row_factory = dict_factory
g.db.isolation_level = None
if not hasattr(request, 'db'):
request.db = g.db.cursor()
request.db.execute(operation, params)
......@@ -62,6 +64,12 @@ def query(operation, *params):
return []
return request.db.fetchall()
@app.teardown_request
def commit_db(*args):
if hasattr(request, 'db'):
request.db.close()
g.db.commit()
def searchquery(text, columns, match, tables, suffix, *suffixparams):
params = []
subexprs = []
......@@ -261,16 +269,18 @@ def auth(): # For use with nginx auth_request
if 'X-Original-Uri' not in request.headers:
return 'Internal Server Error', 500
url = request.headers['X-Original-Uri'].lstrip(config['VIDEOPREFIX'])
videos = query('''SELECT videos.path
ip = request.headers.get('X-Real-IP', '')
videos = query('''SELECT videos.path, videos.id
FROM videos
JOIN lectures ON (videos.lecture_id = lectures.id)
JOIN courses ON (lectures.course_id = courses.id)
WHERE videos.path = ?
AND (? OR (courses.visible AND lectures.visible AND videos.visible))''',
url, ismod())
if videos and url.startswith('pub'):
if videos and (url.startswith('pub') or ismod()):
query('INSERT INTO log VALUES (?, "", ?, "video", ?, ?)', ip, datetime.datetime.now(), videos[0]['id'], url)
return "OK", 200
elif videos and ismod():
elif url.endswith('jpg'):
return "OK", 200
else:
return "Not allowed", 403
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment