sneak/tvid
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

1.0.0 beta

Browse Source
This commit is contained in:
Jeffrey Paul
2020-03-10 18:52:30 -07:00
parent 691d54ee3e
commit c4ef8d0e96
13 changed files with 302 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
tvid/db.py
View File

@@ -14,3 +14,4 @@ class TV(Base):
displayid = Column(String(20))
lastSeen = Column(DateTime)
target = Column(String(255))
memo = Column(String(255))

103
tvid/server.py
View File

@@ -19,9 +19,9 @@ import urllib.parse
import os
import random
import string
from datetime import datetime
from datetime import datetime, timedelta
VERSION = '0.0.1'
VERSION = '1.0.0'
PORT = os.environ.get('PORT', 8080)
DEBUG = os.environ.get('DEBUG', False)
SQLITE_FILENAME = os.environ.get('SQLITE_FILENAME','/data/db.sqlite')
@@ -46,14 +46,14 @@ def serve():
# pull in models
from .db import TV
engine = create_engine(DATABASE_URL, echo=True)
engine = create_engine(DATABASE_URL, echo=False)
plugin = sqlalchemy.Plugin(
engine, # SQLAlchemy engine created with create_engine function.
SQLBASE.metadata, # SQLAlchemy metadata, required only if create=True.
keyword='db', # Keyword used to inject session database in a route (default 'db').
create=True, # If it is true, execute `metadata.create_all(engine)` when plugin is applied (default False).
commit=True, # If it is true, plugin commit changes after route is executed (default True).
engine,
SQLBASE.metadata,
keyword='db',
create=True,
commit=True,
use_kwargs=False
)
@@ -63,17 +63,18 @@ def serve():
# cookie'd value (whether preexisting or new).
@app.get('/')
def indexpage():
c = request.get_cookie("tvid")
c = request.get_cookie("displayid")
if c:
# redirect
redirect('/tv/' + c)
return redirect('/tv/' + c)
else:
newid = genRandomTVID()
response.set_cookie("tvid", newid)
redirect('/tv/' + newid)
response.set_cookie("displayid", newid)
return redirect('/tv/' + newid)
@app.get('/style.css')
def stylesheet():
response.content_type = 'text/css'
return template('style')
# here we check to see if they have a redirect URL in the db. if they do
@@ -81,10 +82,8 @@ def serve():
# reloading the page once per hour.
@app.get('/tv/<displayid>')
def tvpage(db, displayid=None):
# FIXME regex check id to make sure displayid is right format,
# return error if not
if id is None:
# FIXME check for cookie, this is broken
if displayid is None:
return template('nocookie')
# check db for tv id
@@ -93,7 +92,7 @@ def serve():
tv.lastSeen = datetime.now()
db.add(tv)
if tv.target:
redirect(tv.target)
return redirect(tv.target)
else:
return template('displayid', id=displayid, version=VERSION)
else:
@@ -105,6 +104,40 @@ def serve():
db.add(newtv)
return template('displayid', id=displayid, version=VERSION)
@app.get('/admin/edit/<displayid>')
def displayeditform(db, displayid=None):
c = request.get_cookie("psk")
if not c:
return redirect('/login')
if c != ADMIN_PSK:
return redirect('/logout')
if not displayid:
return redirect('/admin')
tv = db.query(TV).filter_by(displayid=displayid).first()
if tv is None:
return redirect('/admin')
return template('displayeditform', tv=tv, version=VERSION)
@app.post('/admin/edit')
def displayedithandler(db):
# FIXME SECURITY csrf issue
c = request.get_cookie("psk")
if not c:
return redirect('/login')
if c != ADMIN_PSK:
return redirect('/logout')
displayid = request.forms.get('displayid')
tv = db.query(TV).filter_by(displayid=displayid).first()
if tv is None:
return redirect('/admin')
# FIXME make sure this is a valid URL
tv.target = request.forms.get('target')
tv.memo = request.forms.get('formmemo')
db.add(tv)
db.commit()
return redirect('/admin')
# here we display the administration list of TVs if logged in
# if logged out then redirect to /login
# FIXME make this use sessions instead of just storing PSK in a cookie
@@ -113,24 +146,19 @@ def serve():
def adminpage(db):
c = request.get_cookie("psk")
if not c:
redirect('/login')
return
return redirect('/login')
if c != ADMIN_PSK:
redirect('/logout')
return
tvs = db.query(TV).order_by(TV.lastSeen)
return redirect('/logout')
# first, cleanup db of old entries:
week_ago = datetime.now() - timedelta(days=7)
db.query(TV).filter(TV.lastSeen < week_ago).delete()
db.commit()
tvs = db.query(TV).order_by(TV.lastSeen.desc())
response.headers['Cache-Control'] = 'no-cache'
return template('adminpanel', tvs=tvs, version=VERSION)
@app.post('/admin')
def savesettings():
c = request.get_cookie("psk")
if not c:
redirect('/login')
return
if c != ADMIN_PSK:
redirect('/logout')
return
raise NotImplementedError()
# here we ask for a password:
@app.get('/login')
@@ -142,25 +170,22 @@ def serve():
def checklogin():
attemptedPass = request.forms.get('password')
if not attemptedPass:
redirect(
return redirect(
'/login?msg=' +
urllib.parse.quote_plus(u"Incorrect password.")
)
return
if attemptedPass != ADMIN_PSK:
redirect(
return redirect(
'/login?msg=' +
urllib.parse.quote_plus(u"Incorrect password.")
)
return
# password is right, cookie them:
response.set_cookie("psk", attemptedPass)
redirect('/admin')
return
return redirect('/admin')
@app.get('/logout')
def logout():
response.set_cookie("psk", "")
redirect('/login')
return redirect('/login')
app.run(host='0.0.0.0', port=PORT, debug=DEBUG)