def get(self, request, *args, **kwargs):
path = kwargs.get("path")
# No path? You're boned. Move along.
if not path:
raise Http404
if self._is_url(path):
content = requests.get(path, stream=True).raw.read()
else:
# Normalise the path to strip out naughty attempts
path = os.path.normpath(path).replace(
settings.MEDIA_URL.lstrip("/"),
str(settings.MEDIA_ROOT).lstrip("/") + "/", 1)
print("PATH: ", path)
# Evil path request!
if not path.startswith(str(settings.MEDIA_ROOT)):
raise Http404
# The file requested doesn't exist locally. A legit 404
if not os.path.exists(path):
raise Http404
with open(path, "rb") as f:
content = f.read()
content = Cryptographer.decrypted(content)
return HttpResponse(
content, content_type=magic.Magic(mime=True).from_buffer(content))
def get(self, request, *args, **kwargs):
title = kwargs.get("title")
video = get_object_or_404(Video, title=title)
student = request.auth.user
# extend the student token because he/she is active
extend_token_after_login(student)
student_videos = student.videos.all()
if video in student_videos:
video_path = video.video_file.path
with open(video_path, "rb") as f:
content = f.read()
content = Cryptographer.decrypted(content)
return HttpResponse(
content,
content_type=magic.Magic(mime=True).from_buffer(content))
# MEDIA_URL = settings.MEDIA_URL
# if MEDIA_URL[0] == '/':
# MEDIA_URL = MEDIA_URL[1:]
# file_uri = os.path.join(MEDIA_URL, video.video_file.name)
# try:
# return redirect(reverse(FETCH_URL_NAME, kwargs={"path": file_uri}))
# except NoReverseMatch:
# return [Error(
# "There is no url to handle fetching local files!"
# )]
# return Http404
else:
raise PermissionDenied()
def get(request, path):
print(path)
with open(os.path.join(os.path.join(settings.MEDIA_ROOT, 'pde/files'), path), "rb") as f:
content = f.read()
content = Cryptographer.decrypted(content)
return HttpResponse(
content, content_type=magic.Magic(mime=True).from_buffer(content))
def get(
request,
path,
):
token = request.POST.get("token", None)
if token: # token
if django_otp.match_token(request.user, token):
if request.user.is_staff:
pde = PDE.objects.all()
else:
pde = PDE.objects.filter(user=request.user.get_username())
for p in pde:
print(p.pde)
if p.pde == "pde/files/" + path:
with open(
os.path.join(
os.path.join(settings.MEDIA_ROOT, 'pde/files'),
path), "rb") as f:
content = f.read()
content = Cryptographer.decrypted(content)
m = hashlib.md5()
m.update(content)
message = 'Hi %(username)s,\n\n' \
'You\'ve verified yourself and just downloaded a PDE file with the following details: \n\n' \
'File: %(path)s\n' \
'MD5: %(md5)s\n' \
% {'username': request.user.get_username(), 'path': path, 'md5': m.hexdigest()}
print(message)
request.user.email_user(subject='PDE Download Success',
message=message)
response = HttpResponse(
content,
content_type=magic.Magic(
mime=True).from_buffer(content))
response[
'Content-Disposition'] = 'attachment; filename=' + path
return response
return HttpResponse(status=401)
else:
return HttpResponse(status=401)
else:
context = {
'dfi': request.user,
}
return render(request, 'pde/otp.html', context)