From d0c2fc09b6dc0c51167f15361d5a4a4c2050f205 Mon Sep 17 00:00:00 2001 From: Timotej Lazar Date: Tue, 19 Feb 2019 23:52:49 +0100 Subject: First try for token-based params and results requests --- kpov_judge/web/kpov_judge/kpov_judge.py | 79 ++++++++++++++++++++++----------- 1 file changed, 54 insertions(+), 25 deletions(-) (limited to 'kpov_judge/web') diff --git a/kpov_judge/web/kpov_judge/kpov_judge.py b/kpov_judge/web/kpov_judge/kpov_judge.py index 95d7199..ddef16d 100755 --- a/kpov_judge/web/kpov_judge/kpov_judge.py +++ b/kpov_judge/web/kpov_judge/kpov_judge.py @@ -6,6 +6,7 @@ import json import random import settings import traceback +import uuid from kpov_draw_setup import draw_setup import kpov_util @@ -70,10 +71,15 @@ def class_tasks(class_id): return render_template('class_tasks.html', student_id=student_id, tasks=task_list, clas=clas) -def results_post(class_id, task_id, results): +def results_post(class_id, task_id, token, results): student_id = flask.app.request.environ.get('REMOTE_USER', 'Nobody') db = g.db - params = db.task_params.find_one({'class_id': class_id, 'task_id': task_id, 'student_id': student_id})['params'] + #params = db.task_params.find_one({'class_id': class_id, 'task_id': task_id, 'student_id': student_id})['params'] + print(class_id, task_id, token) + params = db.task_params.find_one({'class_id': class_id, 'task_id': task_id, 'params.token': token})['params'] + if not params: + raise Exception('Invalid token.') + if params is None: # params = {} #else: @@ -104,10 +110,14 @@ def results_post(class_id, task_id, results): return {'result': res, 'hints': hints, 'status': res_status} -def results_dict(class_id, task_id): - student_id = flask.app.request.environ.get('REMOTE_USER', 'Nobody') +def results_dict(class_id, task_id, token): db = g.db try: + task_params = db.task_params.find_one({'class_id': class_id, 'task_id': task_id, 'token': token}) + if not task_params: + raise Exception('Invalid token.') + #student_id = flask.app.request.environ.get('REMOTE_USER') + student_id = task_params['student_id'] entry = db.results.find_one( {'$query': {'class_id': class_id, 'task_id': task_id, 'student_id': student_id}, # vsi uporabniki brez nastavljenega REMOTE_USER (i.e. Apache basic auth) imajo skupne rezultate, napaka? '$orderby': {'time': -1}}, @@ -122,9 +132,11 @@ def results_dict(class_id, task_id): @app.route('/tasks///results.json', methods=['GET', 'POST']) def results_json(class_id, task_id): if flask.app.request.method == 'POST': - return json.dumps(results_post(class_id, task_id, - json.loads(flask.app.request.form['results']))) - return json.dumps(results_dict(class_id, task_id)) + return json.dumps( + results_post(class_id, task_id, + json.loads(flask.app.request.form['params']).get('token'), + json.loads(flask.app.request.form['results']))) + return json.dumps(results_dict(class_id, task_id, request.args.get('token'))) @app.route('/tasks////setup.', methods=['GET']) @@ -156,11 +168,20 @@ def task_html(class_id, task_id): return render_template('task.html', task=task_source(class_id, task_id)) +def make_token(student_id): + # TODO need nginx support, in version 1.11.3, not yet in debian stable + #import jwt + #message = {'student_id': student_id} + #return jwt.encode(message, app.config['JWT_SECRET'], algorithm='HS512').decode('utf-8') + return str(uuid.uuid4()) + def get_params(class_id, task_id, student_id, db): try: meta = db.task_params_meta.find_one({'class_id': class_id, 'task_id': task_id})['params'] + meta['token'] = {'public': True, 'generated': True, 'type': 'password', 'w': False} except Exception: return {'mama': 'ZAKVAJ?'}, {'mama': {'public': True}} + params = db.task_params.find_one({'class_id': class_id, 'task_id': task_id, 'student_id': student_id}) if params is None: try: @@ -281,29 +302,37 @@ def task_greeting(class_id, task_id, lang): **{p['name']: p['value'] for p in public_params}) -@app.route('/tasks///params.json', methods=['GET', 'POST']) -def params_json(class_id, task_id): - student_id = flask.app.request.environ.get('REMOTE_USER', 'Nobody') +@app.route('/tasks///params.json') +def params_json(class_id, task_id, student_id=None): + if not student_id: + student_id = flask.app.request.environ.get('REMOTE_USER', 'Nobody') db = g.db params, meta = get_params(class_id, task_id, student_id, db) shown_params = {} - if flask.app.request.method == 'POST': - try: - new_params = json.loads(flask.app.request.form['params']) - except Exception: - new_params = {} - for name in params.items(): - if meta.get(name, {'w': False}).get('w', False) and k in new_params: - params[name] = new_params[name] - if meta.get(name, {'public': False})['public']: - shown_params[name] = params[name] - db.task_params.update({'class_id': class_id, 'task_id': task_id, 'student_id': student_id}, {'$set': {'params': params}}) - else: - for name, param in params.items(): - if meta.get(name, {'public': False})['public']: - shown_params[name] = param + for name, param in params.items(): + if meta.get(name, {'public': False})['public']: + shown_params[name] = param return json.dumps(shown_params) +@app.route('/tasks///params-token.json', methods=['POST']) +def params_token_json(class_id, task_id): + db = g.db + token = json.loads(flask.app.request.form['params']).get('token', '') + record = db.task_params.find_one({'class_id': class_id, 'task_id': task_id, 'params.token': token}) + if not record: + return json.dumps({}) + return params_json(record['class_id'], record['task_id'], record['student_id']) + +@app.route('/tasks///results-token.json', methods=['GET', 'POST']) +def results_token_json(class_id, task_id): + db = g.db + token = json.loads(flask.app.request.form['params']).get('token', '') + record = db.task_params.find_one({'class_id': class_id, 'task_id': task_id, 'params.token': token}) + if not record: + return json.dumps({}) + return results_json(class_id, task_id) + + if __name__ == '__main__': app.run(host='0.0.0.0') -- cgit v1.2.1