markus/photofloat
1
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

fixed error in refactoring, changed auth-system to multi token, cleanup after major change

Browse Source
This commit is contained in:
Markus Pawlata
2018-12-05 01:10:40 +01:00
parent 48bf325d77
commit 4961c398a5
5 changed files with 99 additions and 130 deletions
Download Patch File Download Diff File Expand all files Collapse all files

178
scanner/floatapp/endpoints.py
View File

@ -3,17 +3,17 @@ from mimetypes import guess_type
from random import shuffle
from flask import Response, abort, json, jsonify, request
from flask_login import current_user, login_user
from flask_login import current_user, login_user, logout_user
from floatapp import app
from floatapp.jsonp import jsonp
from floatapp.login import (admin_required, admin_user, is_authenticated,
login_required, photo_user, query_is_admin_user,
query_is_photo_user)
from floatapp.login import (admin_required, admin_user,
query_is_admin_user, load_user)
from process import send_process
from TreeWalker import TreeWalker
cwd = os.path.dirname(os.path.abspath(__file__))
permission_map = app.config.get('PERMISSION_MAP', [])
@app.route("/scan")
@ -23,7 +23,6 @@ def scan_photos():
response = send_process([
"stdbuf",
"-oL",
os.path.abspath(os.path.join(cwd, "../venv/bin/python")),
os.path.abspath(os.path.join(cwd, "../main.py")),
os.path.abspath(app.config["ALBUM_PATH"]),
os.path.abspath(app.config["CACHE_PATH"])
@ -36,20 +35,80 @@ def scan_photos():
@app.route("/auth")
def login():
success = False
if request.args.get('logout'):
logout_user()
if current_user.is_authenticated:
success = True
elif (query_is_photo_user(request.form) or
query_is_photo_user(request.args)):
success = login_user(photo_user, remember=True)
return 'Already logged in.'
elif (query_is_admin_user(request.form) or
query_is_admin_user(request.args)):
success = login_user(admin_user, remember=True)
if not success:
abort(403)
login_user(admin_user, remember=True)
else:
user_id = (request.form.get('username') or
request.args.get('username', None))
if user_id:
login_user(load_user(user_id), remember=True)
print "logged in {}".format(user_id)
return 'You are now logged in.'
return ""
@app.route("/albums/<path:path>")
def albums(path):
if not has_permission(path):
abort(403)
return accel_redirect(
app.config["ALBUM_ACCEL"], app.config["ALBUM_PATH"], path)
@app.route("/cache/<path:path>")
def cache(path):
if not has_permission(path):
abort(403)
return accel_redirect(
app.config["CACHE_ACCEL"], app.config["CACHE_PATH"], path)
@app.route("/photos")
@jsonp
def photos():
f = open(os.path.join(app.config["CACHE_PATH"], "all_photos.json"), "r")
photos = json.load(f)
f.close()
photos = [photo for photo in photos if has_permission(photo)]
count = int(request.args.get("count", len(photos)))
random = request.args.get("random") == "true"
if random:
shuffle(photos)
else:
photos.reverse()
response = jsonify(photos=photos[0:count])
response.cache_control.no_cache = True
return response
def accel_redirect(internal, real, relative_name):
real_path = os.path.join(real, relative_name)
internal_path = os.path.join(internal, relative_name)
if not os.path.isfile(real_path):
abort(404)
mimetype = None
types = guess_type(real_path)
if len(types) != 0:
mimetype = types[0]
response = Response(mimetype=mimetype)
response.headers.add("X-Accel-Redirect", internal_path)
response.cache_control.public = True
if mimetype == "application/json":
response.cache_control.max_age = 3600
else:
response.cache_control.max_age = 29030400
return response
def cache_base(path):
path = path.replace(
'/', '-').replace(
@ -77,84 +136,15 @@ def cache_base(path):
return path
auth_list = []
def read_auth_list():
global auth_list, cwd
f = open(os.path.join(cwd, "auth.txt"), "r")
paths = []
for path in f:
path = path.strip()
paths.append(path)
paths.append(cache_base(path))
f.close()
auth_list = paths
# TODO: Make this run via inotify
read_auth_list()
def check_permissions(path):
if not is_authenticated():
for auth_path in auth_list:
if path.startswith(auth_path):
abort(403)
@app.route("/albums/<path:path>")
def albums(path):
check_permissions(path)
return accel_redirect(
app.config["ALBUM_ACCEL"], app.config["ALBUM_PATH"], path)
@app.route("/cache/<path:path>")
def cache(path):
check_permissions(path)
return accel_redirect(
app.config["CACHE_ACCEL"], app.config["CACHE_PATH"], path)
def accel_redirect(internal, real, relative_name):
real_path = os.path.join(real, relative_name)
internal_path = os.path.join(internal, relative_name)
if not os.path.isfile(real_path):
abort(404)
mimetype = None
types = guess_type(real_path)
if len(types) != 0:
mimetype = types[0]
response = Response(mimetype=mimetype)
response.headers.add("X-Accel-Redirect", internal_path)
response.cache_control.public = True
if mimetype == "application/json":
response.cache_control.max_age = 3600
else:
response.cache_control.max_age = 29030400
return response
@app.route("/photos")
@jsonp
def photos():
f = open(os.path.join(app.config["CACHE_PATH"], "all_photos.json"), "r")
photos = json.load(f)
f.close()
if not is_authenticated():
def allowed(photo):
for auth_path in auth_list:
if photo.startswith(auth_path):
return False
return True
photos = [photo for photo in photos if allowed(photo)]
count = int(request.args.get("count", len(photos)))
random = request.args.get("random") == "true"
if random:
shuffle(photos)
else:
photos.reverse()
response = jsonify(photos=photos[0:count])
response.cache_control.no_cache = True
return response
def has_permission(path):
for auth_path in permission_map.keys():
# this is a protected object
if (path.startswith(auth_path) or
path.startswith(cache_base(auth_path))):
if current_user.is_anonymous:
return False
if current_user.id in permission_map.get(auth_path, []):
return True
else:
return False
return True

41
scanner/floatapp/login.py
View File

@ -9,17 +9,20 @@ class User(UserMixin):
self.admin = admin
self.id = id
photo_user = User("user")
def __unicode__(self):
return u"{}".format(self.id)
def __str__(self):
return str(self.id)
admin_user = User("admin", True)
@login_manager.user_loader
def load_user(id):
if id == "user":
return photo_user
elif id == "admin":
if id == "admin":
return admin_user
return None
return User(id)
@login_manager.unauthorized_handler
@ -27,17 +30,6 @@ def unauthorized():
return abort(403)
def login_required(fn):
@wraps(fn)
def decorated_view(*args, **kwargs):
if (query_is_admin_user(request.args) or
query_is_photo_user(request.args) or
current_user.is_authenticated):
return fn(*args, **kwargs)
return app.login_manager.unauthorized()
return decorated_view
def admin_required(fn):
@wraps(fn)
def decorated_view(*args, **kwargs):
@ -48,21 +40,8 @@ def admin_required(fn):
return decorated_view
def query_is_photo_user(query):
username = query.get("username", None)
password = query.get("password", None)
return username == (app.config["PHOTO_USERNAME"] and
password == app.config["PHOTO_PASSWORD"])
def query_is_admin_user(query):
username = query.get("username", None)
password = query.get("password", None)
return username == (app.config["ADMIN_USERNAME"] and
password == app.config["ADMIN_PASSWORD"])
def is_authenticated():
return (query_is_admin_user(request.args) or
query_is_photo_user(request.args) or
current_user.is_authenticated)
return (username == app.config["ADMIN_USERNAME"] and
password == app.config["ADMIN_PASSWORD"])