diff options
author | Timotej Lazar <timotej.lazar@fri.uni-lj.si> | 2019-02-19 23:52:49 +0100 |
---|---|---|
committer | Timotej Lazar <timotej.lazar@fri.uni-lj.si> | 2019-02-19 23:52:49 +0100 |
commit | d0c2fc09b6dc0c51167f15361d5a4a4c2050f205 (patch) | |
tree | 114e086681c9788570749639fc96edc11bdfe43f /kpov_judge/web | |
parent | 6063a9c657a0adcd99bfcd6d5c2a457ae154caed (diff) |
First try for token-based params and results requests
Diffstat (limited to 'kpov_judge/web')
-rwxr-xr-x | kpov_judge/web/kpov_judge/kpov_judge.py | 79 |
1 files changed, 54 insertions, 25 deletions
diff --git a/kpov_judge/web/kpov_judge/kpov_judge.py b/kpov_judge/web/kpov_judge/kpov_judge.py index 95d7199..ddef16d 100755 --- a/kpov_judge/web/kpov_judge/kpov_judge.py +++ b/kpov_judge/web/kpov_judge/kpov_judge.py @@ -6,6 +6,7 @@ import json import random import settings import traceback +import uuid from kpov_draw_setup import draw_setup import kpov_util @@ -70,10 +71,15 @@ def class_tasks(class_id): return render_template('class_tasks.html', student_id=student_id, tasks=task_list, clas=clas) -def results_post(class_id, task_id, results): +def results_post(class_id, task_id, token, results): student_id = flask.app.request.environ.get('REMOTE_USER', 'Nobody') db = g.db - params = db.task_params.find_one({'class_id': class_id, 'task_id': task_id, 'student_id': student_id})['params'] + #params = db.task_params.find_one({'class_id': class_id, 'task_id': task_id, 'student_id': student_id})['params'] + print(class_id, task_id, token) + params = db.task_params.find_one({'class_id': class_id, 'task_id': task_id, 'params.token': token})['params'] + if not params: + raise Exception('Invalid token.') + if params is None: # params = {} #else: @@ -104,10 +110,14 @@ def results_post(class_id, task_id, results): return {'result': res, 'hints': hints, 'status': res_status} -def results_dict(class_id, task_id): - student_id = flask.app.request.environ.get('REMOTE_USER', 'Nobody') +def results_dict(class_id, task_id, token): db = g.db try: + task_params = db.task_params.find_one({'class_id': class_id, 'task_id': task_id, 'token': token}) + if not task_params: + raise Exception('Invalid token.') + #student_id = flask.app.request.environ.get('REMOTE_USER') + student_id = task_params['student_id'] entry = db.results.find_one( {'$query': {'class_id': class_id, 'task_id': task_id, 'student_id': student_id}, # vsi uporabniki brez nastavljenega REMOTE_USER (i.e. Apache basic auth) imajo skupne rezultate, napaka? '$orderby': {'time': -1}}, @@ -122,9 +132,11 @@ def results_dict(class_id, task_id): @app.route('/tasks/<class_id>/<task_id>/results.json', methods=['GET', 'POST']) def results_json(class_id, task_id): if flask.app.request.method == 'POST': - return json.dumps(results_post(class_id, task_id, - json.loads(flask.app.request.form['results']))) - return json.dumps(results_dict(class_id, task_id)) + return json.dumps( + results_post(class_id, task_id, + json.loads(flask.app.request.form['params']).get('token'), + json.loads(flask.app.request.form['results']))) + return json.dumps(results_dict(class_id, task_id, request.args.get('token'))) @app.route('/tasks/<class_id>/<task_id>/<lang>/setup.<ending>', methods=['GET']) @@ -156,11 +168,20 @@ def task_html(class_id, task_id): return render_template('task.html', task=task_source(class_id, task_id)) +def make_token(student_id): + # TODO need nginx support, in version 1.11.3, not yet in debian stable + #import jwt + #message = {'student_id': student_id} + #return jwt.encode(message, app.config['JWT_SECRET'], algorithm='HS512').decode('utf-8') + return str(uuid.uuid4()) + def get_params(class_id, task_id, student_id, db): try: meta = db.task_params_meta.find_one({'class_id': class_id, 'task_id': task_id})['params'] + meta['token'] = {'public': True, 'generated': True, 'type': 'password', 'w': False} except Exception: return {'mama': 'ZAKVAJ?'}, {'mama': {'public': True}} + params = db.task_params.find_one({'class_id': class_id, 'task_id': task_id, 'student_id': student_id}) if params is None: try: @@ -281,29 +302,37 @@ def task_greeting(class_id, task_id, lang): **{p['name']: p['value'] for p in public_params}) -@app.route('/tasks/<class_id>/<task_id>/params.json', methods=['GET', 'POST']) -def params_json(class_id, task_id): - student_id = flask.app.request.environ.get('REMOTE_USER', 'Nobody') +@app.route('/tasks/<class_id>/<task_id>/params.json') +def params_json(class_id, task_id, student_id=None): + if not student_id: + student_id = flask.app.request.environ.get('REMOTE_USER', 'Nobody') db = g.db params, meta = get_params(class_id, task_id, student_id, db) shown_params = {} - if flask.app.request.method == 'POST': - try: - new_params = json.loads(flask.app.request.form['params']) - except Exception: - new_params = {} - for name in params.items(): - if meta.get(name, {'w': False}).get('w', False) and k in new_params: - params[name] = new_params[name] - if meta.get(name, {'public': False})['public']: - shown_params[name] = params[name] - db.task_params.update({'class_id': class_id, 'task_id': task_id, 'student_id': student_id}, {'$set': {'params': params}}) - else: - for name, param in params.items(): - if meta.get(name, {'public': False})['public']: - shown_params[name] = param + for name, param in params.items(): + if meta.get(name, {'public': False})['public']: + shown_params[name] = param return json.dumps(shown_params) +@app.route('/tasks/<class_id>/<task_id>/params-token.json', methods=['POST']) +def params_token_json(class_id, task_id): + db = g.db + token = json.loads(flask.app.request.form['params']).get('token', '') + record = db.task_params.find_one({'class_id': class_id, 'task_id': task_id, 'params.token': token}) + if not record: + return json.dumps({}) + return params_json(record['class_id'], record['task_id'], record['student_id']) + +@app.route('/tasks/<class_id>/<task_id>/results-token.json', methods=['GET', 'POST']) +def results_token_json(class_id, task_id): + db = g.db + token = json.loads(flask.app.request.form['params']).get('token', '') + record = db.task_params.find_one({'class_id': class_id, 'task_id': task_id, 'params.token': token}) + if not record: + return json.dumps({}) + return results_json(class_id, task_id) + + if __name__ == '__main__': app.run(host='0.0.0.0') |