summaryrefslogtreecommitdiff
path: root/kpov_judge/web
diff options
context:
space:
mode:
authorTimotej Lazar <timotej.lazar@fri.uni-lj.si>2019-02-19 23:52:49 +0100
committerTimotej Lazar <timotej.lazar@fri.uni-lj.si>2019-02-19 23:52:49 +0100
commitd0c2fc09b6dc0c51167f15361d5a4a4c2050f205 (patch)
tree114e086681c9788570749639fc96edc11bdfe43f /kpov_judge/web
parent6063a9c657a0adcd99bfcd6d5c2a457ae154caed (diff)
First try for token-based params and results requests
Diffstat (limited to 'kpov_judge/web')
-rwxr-xr-xkpov_judge/web/kpov_judge/kpov_judge.py79
1 files changed, 54 insertions, 25 deletions
diff --git a/kpov_judge/web/kpov_judge/kpov_judge.py b/kpov_judge/web/kpov_judge/kpov_judge.py
index 95d7199..ddef16d 100755
--- a/kpov_judge/web/kpov_judge/kpov_judge.py
+++ b/kpov_judge/web/kpov_judge/kpov_judge.py
@@ -6,6 +6,7 @@ import json
import random
import settings
import traceback
+import uuid
from kpov_draw_setup import draw_setup
import kpov_util
@@ -70,10 +71,15 @@ def class_tasks(class_id):
return render_template('class_tasks.html', student_id=student_id, tasks=task_list, clas=clas)
-def results_post(class_id, task_id, results):
+def results_post(class_id, task_id, token, results):
student_id = flask.app.request.environ.get('REMOTE_USER', 'Nobody')
db = g.db
- params = db.task_params.find_one({'class_id': class_id, 'task_id': task_id, 'student_id': student_id})['params']
+ #params = db.task_params.find_one({'class_id': class_id, 'task_id': task_id, 'student_id': student_id})['params']
+ print(class_id, task_id, token)
+ params = db.task_params.find_one({'class_id': class_id, 'task_id': task_id, 'params.token': token})['params']
+ if not params:
+ raise Exception('Invalid token.')
+
if params is None:
# params = {}
#else:
@@ -104,10 +110,14 @@ def results_post(class_id, task_id, results):
return {'result': res, 'hints': hints, 'status': res_status}
-def results_dict(class_id, task_id):
- student_id = flask.app.request.environ.get('REMOTE_USER', 'Nobody')
+def results_dict(class_id, task_id, token):
db = g.db
try:
+ task_params = db.task_params.find_one({'class_id': class_id, 'task_id': task_id, 'token': token})
+ if not task_params:
+ raise Exception('Invalid token.')
+ #student_id = flask.app.request.environ.get('REMOTE_USER')
+ student_id = task_params['student_id']
entry = db.results.find_one(
{'$query': {'class_id': class_id, 'task_id': task_id, 'student_id': student_id}, # vsi uporabniki brez nastavljenega REMOTE_USER (i.e. Apache basic auth) imajo skupne rezultate, napaka?
'$orderby': {'time': -1}},
@@ -122,9 +132,11 @@ def results_dict(class_id, task_id):
@app.route('/tasks/<class_id>/<task_id>/results.json', methods=['GET', 'POST'])
def results_json(class_id, task_id):
if flask.app.request.method == 'POST':
- return json.dumps(results_post(class_id, task_id,
- json.loads(flask.app.request.form['results'])))
- return json.dumps(results_dict(class_id, task_id))
+ return json.dumps(
+ results_post(class_id, task_id,
+ json.loads(flask.app.request.form['params']).get('token'),
+ json.loads(flask.app.request.form['results'])))
+ return json.dumps(results_dict(class_id, task_id, request.args.get('token')))
@app.route('/tasks/<class_id>/<task_id>/<lang>/setup.<ending>', methods=['GET'])
@@ -156,11 +168,20 @@ def task_html(class_id, task_id):
return render_template('task.html', task=task_source(class_id, task_id))
+def make_token(student_id):
+ # TODO need nginx support, in version 1.11.3, not yet in debian stable
+ #import jwt
+ #message = {'student_id': student_id}
+ #return jwt.encode(message, app.config['JWT_SECRET'], algorithm='HS512').decode('utf-8')
+ return str(uuid.uuid4())
+
def get_params(class_id, task_id, student_id, db):
try:
meta = db.task_params_meta.find_one({'class_id': class_id, 'task_id': task_id})['params']
+ meta['token'] = {'public': True, 'generated': True, 'type': 'password', 'w': False}
except Exception:
return {'mama': 'ZAKVAJ?'}, {'mama': {'public': True}}
+
params = db.task_params.find_one({'class_id': class_id, 'task_id': task_id, 'student_id': student_id})
if params is None:
try:
@@ -281,29 +302,37 @@ def task_greeting(class_id, task_id, lang):
**{p['name']: p['value'] for p in public_params})
-@app.route('/tasks/<class_id>/<task_id>/params.json', methods=['GET', 'POST'])
-def params_json(class_id, task_id):
- student_id = flask.app.request.environ.get('REMOTE_USER', 'Nobody')
+@app.route('/tasks/<class_id>/<task_id>/params.json')
+def params_json(class_id, task_id, student_id=None):
+ if not student_id:
+ student_id = flask.app.request.environ.get('REMOTE_USER', 'Nobody')
db = g.db
params, meta = get_params(class_id, task_id, student_id, db)
shown_params = {}
- if flask.app.request.method == 'POST':
- try:
- new_params = json.loads(flask.app.request.form['params'])
- except Exception:
- new_params = {}
- for name in params.items():
- if meta.get(name, {'w': False}).get('w', False) and k in new_params:
- params[name] = new_params[name]
- if meta.get(name, {'public': False})['public']:
- shown_params[name] = params[name]
- db.task_params.update({'class_id': class_id, 'task_id': task_id, 'student_id': student_id}, {'$set': {'params': params}})
- else:
- for name, param in params.items():
- if meta.get(name, {'public': False})['public']:
- shown_params[name] = param
+ for name, param in params.items():
+ if meta.get(name, {'public': False})['public']:
+ shown_params[name] = param
return json.dumps(shown_params)
+@app.route('/tasks/<class_id>/<task_id>/params-token.json', methods=['POST'])
+def params_token_json(class_id, task_id):
+ db = g.db
+ token = json.loads(flask.app.request.form['params']).get('token', '')
+ record = db.task_params.find_one({'class_id': class_id, 'task_id': task_id, 'params.token': token})
+ if not record:
+ return json.dumps({})
+ return params_json(record['class_id'], record['task_id'], record['student_id'])
+
+@app.route('/tasks/<class_id>/<task_id>/results-token.json', methods=['GET', 'POST'])
+def results_token_json(class_id, task_id):
+ db = g.db
+ token = json.loads(flask.app.request.form['params']).get('token', '')
+ record = db.task_params.find_one({'class_id': class_id, 'task_id': task_id, 'params.token': token})
+ if not record:
+ return json.dumps({})
+ return results_json(class_id, task_id)
+
+
if __name__ == '__main__':
app.run(host='0.0.0.0')