def updateItem(item_name):
editItem = session.query(Item).filter_by(name=item_name).one()
if login_session['user_id'] != editItem.user_id:
return "<script>function myFunction() {alert('You are not authorized to edit this item, as it is not yours.');}</script><body onload='myFunction()''>"
if request.method == 'POST':
if request.form['name']:
editItem.name = request.form['name']
if request.form['description']:
editItem.description = request.form['description']
if request.form['category_name']:
category = session.query(Category).filter_by(name=request.form['category_name']).one()
editItem.category = category
editItem.category_id = category.id
file = request.files['file']
if file and allowed_file(file.filename):
print 'updating files...'
filename = secure_filename(file.filename)
# delete old file if it exists
if (os.path.isfile(safe_join(app.config['UPLOAD_FOLDER'], str(editItem.user_id) + "_" + editItem.picture))):
print 'deleting old file...'
os.remove(safe_join(app.config['UPLOAD_FOLDER'], str(editItem.user_id) + "_" + editItem.picture))
# save new file
file.save(safe_join(app.config['UPLOAD_FOLDER'], str(editItem.user_id) + "_" + filename))
editItem.picture = filename
print 'updated file!'
session.add(editItem)
session.commit()
return redirect(url_for('item', category_name=request.form['category_name'], item_name=editItem.name))
else:
categories = session.query(Category)
return render_template('updateItem.html', item=editItem, categories=categories)
def save_database_as_zip():
app = flask.current_app
if not app.config.get("DEBUG", False):
flask.abort(404)
database_dump = dump_database(auth=False).data
user_photos_dump = dump_user_photos(auth=False)
# create temporary files
temp = ppath(tempfile.mkdtemp())
database_path = flask.safe_join(temp, "database")
os.makedirs(database_path)
with open(flask.safe_join(database_path, "dump.json"), "w+") as f:
f.write(database_dump)
with open(flask.safe_join(database_path, "user_photos.zip"), "w+") as f:
f.write(user_photos_dump.data)
archive_name = flask.safe_join(temp, "database")
try:
shutil.make_archive(archive_name, "zip", database_path)
f = open(archive_name + ".zip")
finally:
temp.rmtree()
return flask.Response(sugar.read_file(f), mimetype="application/x-zip-compressed")
def site_show(page):
if page.endswith('.html'):
return redirect(url_for('site_show', page=page[:-5]))
# Redirect for old spec pages
if page.startswith('docs/spec/'):
return redirect(url_for('spec_show', name=page[10:]))
if page in SPEC_REDIRECTS:
return redirect(url_for('spec_show', name=SPEC_REDIRECTS[page]))
name = 'site/%s.html' % page
page_file = safe_join(TEMPLATE_DIR, name)
if not os.path.exists(page_file):
# Could be a directory, so try index.html
name = 'site/%s/index.html' % page
page_file = safe_join(TEMPLATE_DIR, name)
if not os.path.exists(page_file):
# bah! those damn users all the time!
abort(404)
options = {
'page': page,
}
if (page == 'index'):
options['blog_posts'] = get_blog_posts(8)
# hah!
return render_template(name, **options)
def restore(dump_name):
""" Restore page from dump storage """
if not dump_name or dump_name == '.gitignore' or '.' in dump_name or '/' in dump_name:
abort(404)
if '@' in dump_name:
dump = dump_name.split('@')
page_file = safe_join(app.config['PAGES_FOLDER'], dump[0])
dump_file = safe_join(app.config['DUMPS_FOLDER'], dump[0] + '@' + dump[1])
try:
dump_page(dump[0])
shutil.copyfile(dump_file, page_file)
flash('Success!', 'info')
except OSError:
flash('Can not restore this page!', 'error')
finally:
return redirect(url_for('page', page_name=dump[0]))
dumps = []
timestamps = show_dumps(dump_name)
for timestamp in timestamps:
hr_time = datetime.datetime.fromtimestamp(int(timestamp)).strftime('%d-%m-%Y %H:%M')
dump = {'timestamp': timestamp, 'hr_time': hr_time}
dumps.append(dump)
if not dumps:
flash('Dumps for this page not found!', 'error')
return redirect(url_for('page', page_name=dump_name))
return render_template('restore.html', context={"title": dump_name, "dumps": dumps})
def subdir_handler(filename):
path = safe_join(root, subdir)
path = safe_join(path, filename)
if os.path.exists(path):
return send_file(path)
else:
flask.abort(404)
def upload():
""" File uploading handler. """
url = request.args.get('url', None)
delete = request.args.get('delete', None)
if request.method == 'POST':
file = request.files['file']
if file and allowed_file(file.filename):
filename = secure_filename(file.filename)
file.save(safe_join(app.config['UPLOAD_FOLDER'], filename))
flash('File ' + filename + ' was uploaded!', 'info')
else:
flash('File was not uploaded!', 'error')
if url is not None:
file = file_from_url(url)
if file and allowed_file(file['name']):
file_name = secure_filename(file['name'])
file_path = safe_join(app.config['UPLOAD_FOLDER'], file_name)
with open(file_path, 'wb') as f:
f.write(file['content'])
flash('File ' + file_name + ' was uploaded!', 'info')
else:
flash('Can not download file!', 'error')
if delete is not None:
file = safe_join(app.config['UPLOAD_FOLDER'], delete)
try:
os.remove(file)
flash('Success!', 'info')
except FileNotFoundError:
flash('File not found!', 'error')
except Exception:
abort(500)
files = show_files()
return render_template('upload.html', context={"files": files})
def serve_page(page): if os.path.isdir(safe_join(SITE_DIR, page)): # Serve the index page page_file = safe_join(page, "index.html") else: # Serve the specific page page_file = "%s.html" % page return send_from_directory(SITE_DIR, page_file)
def dump_page(page_name=None):
""" Backup current page to <dumps_path> directory """
dumps_list = show_dumps(page_name)
if len(dumps_list) > 9:
os.remove(app.config['DUMPS_FOLDER'] + page_name + '@' + dumps_list[0])
page_file = safe_join(app.config['PAGES_FOLDER'], page_name)
stamp_file = safe_join(app.config['DUMPS_FOLDER'], page_name + '@' + str(int(time.time()))) # hrr
shutil.copyfile(page_file, stamp_file)
def get_repo_names():
children = (
(name, safe_join(current_app.config['RESTFULGIT_REPO_BASE_PATH'], name))
for name in os.listdir(current_app.config['RESTFULGIT_REPO_BASE_PATH'])
)
subdirs = [(dir_name, full_path) for dir_name, full_path in children if os.path.isdir(full_path)]
mirrors = set(name for name, _ in subdirs if name.endswith('.git'))
working_copies = set(name for name, full_path in subdirs if os.path.isdir(safe_join(full_path, '.git')))
repositories = mirrors | working_copies
return repositories
def admin_review():
if not g.permission_reviewer:
abort(401)
if request.method == 'POST':
username = request.form['username']
filename = secure_filename(request.form['document'])
src_path = safe_join(safe_join(app.config['DOCUMENTS_LOCATION'], 'pending'), username)
src = safe_join(src_path, filename)
dst_path = safe_join(safe_join(app.config['DOCUMENTS_LOCATION'], 'public'), username)
dst = safe_join(dst_path, filename)
if not os.path.exists(dst_path):
os.makedirs(dst_path)
if not os.path.exists(src):
flash('Document not found. Is it hiding in a closet, or are you meesing with the system?', error)
else:
os.rename(src, dst)
flash('Document published.')
g.documents = []
users = os.listdir(safe_join(app.config['DOCUMENTS_LOCATION'], 'pending'))
for user in users:
user_documents = os.listdir(safe_join(safe_join(app.config['DOCUMENTS_LOCATION'], 'pending'), user))
for user_document in user_documents:
g.documents.append((user, user_document))
return render_template('admin_review.html')
def get_repo_list():
children = (
(name, safe_join(current_app.config['RESTFULGIT_REPO_BASE_PATH'], name))
for name in os.listdir(current_app.config['RESTFULGIT_REPO_BASE_PATH'])
)
subdirs = [(dir_name, full_path) for dir_name, full_path in children if os.path.isdir(full_path)]
mirrors = set(name for name, _ in subdirs if name.endswith('.git'))
working_copies = set(name for name, full_path in subdirs if os.path.isdir(safe_join(full_path, '.git')))
repositories = list(mirrors | working_copies)
repositories.sort()
flask.g.etag = hashlib.sha1(''.join(repositories)).hexdigest()
return {'repos': repositories}
def _filename(self, **kwargs):
if 'session' in kwargs:
session=kwargs['session']
elif 'cell_id' in kwargs:
session = kwargs['cell_id']
else:
session = "SESSION_NOT_FOUND"
session_subdir = list(str(session)[:self._levels])+[str(session)]
# Use Flask's safe_join to make sure we don't overwrite something crucial
session_dir = safe_join(self._dir, os.path.join(*session_subdir))
if not os.path.isdir(session_dir):
os.makedirs(session_dir)
return safe_join(session_dir, kwargs['filename'])
def save_file(reqfile, path):
reqfile_path = safe_join(path, secure_filename(reqfile.filename))
reqfile.save(reqfile_path)
with file(reqfile_path) as __f:
ghash, length = githash(__f.read())
new_dir = safe_join(path, ghash[0:2])
new_filename = ghash[2:40]
new_path = safe_join(new_dir, new_filename)
try:
os.makedirs(new_dir)
except OSError:
pass # dir already exists: OK
os.rename(reqfile_path, new_path)
return safe_join(ghash[0:2], ghash[2:40]), length
def subtitles():
"""Re-encode subtitles to UTF-8 for scandinavian letters to work"""
movie = request.args.get('movie')
videofolder = VIDEO_FOLDER
path = safe_join(videofolder, movie)
if movie.endswith('.srt'):
filename = safe_join(videofolder, movie)
with open(filename, 'r') as fd:
movie = fd.read()
movie = movie.decode('iso-8859-1').encode('utf-8')
return Response(movie, mimetype='text/plain')
else:
flash('Not a subtitle file.')
return redirect(url_for('index'))
def make_thumb(self, filename, miniature=None, override=False, size='96x96',
width=None, height=None, crop=None, bg=None, quality=85):
"""
生成缩略图
:param filename: 图像源文件名
:param miniature: 缩略图文件名,如果为None则按照参数自动生成
:param override: 是否覆盖同名文件
:param size: 缩略图尺寸,当width和height参数之一为None时生效
:param width: 缩略图宽度
:param height: 缩略图高度
:param crop: 是否需要裁剪
:param bg: 背景颜色
:param quality: 图像压缩质量
"""
if not width or not height:
width, height = [int(x) for x in size.split('x')]
name, fm = os.path.splitext(filename)
if not miniature:
miniature = self._get_name(name, fm, size, crop, bg, quality)
thumb_filename = flask.safe_join(self.config.thumb_destination, miniature)
self._ensure_path(thumb_filename)
if not os.path.exists(thumb_filename) or override:
original_filename = flask.safe_join(self.config.destination, filename)
if not os.path.exists(original_filename):
return None
thumb_size = (width, height)
try:
image = Image.open(original_filename)
except IOError:
return None
if crop == 'fit':
img = ImageOps.fit(image, thumb_size, Image.ANTIALIAS)
else:
img = image.copy()
img.thumbnail((width, height), Image.ANTIALIAS)
if bg:
img = self._bg_square(img, bg)
img.save(thumb_filename, image.format, quality=quality)
return miniature
def deleteItem(item_name):
itemToDelete = session.query(Item).filter_by(name=item_name).one()
if login_session['user_id'] != itemToDelete.user_id:
return "<script>function myFunction() {alert('You are not authorized to delete this item, as it is not yours.');}</script>" \
+ "<body onload='myFunction()''>"
if request.method == 'POST':
category_name = itemToDelete.category.name
# delete file if it exists
if (itemToDelete.picture is not None and os.path.isfile(safe_join(app.config['UPLOAD_FOLDER'], str(itemToDelete.user_id) + "_" + itemToDelete.picture))):
os.remove(safe_join(app.config['UPLOAD_FOLDER'], str(itemToDelete.user_id) + "_" + itemToDelete.picture))
session.delete(itemToDelete)
session.commit()
return redirect(url_for('category', category_name=category_name))
else:
return render_template('deleteItem.html', item=itemToDelete)
def files_get_sha256_helper(sha256, raw='f'):
'''
Returns binary from storage. Defaults to password protected zipfile.
'''
file_path = safe_join(api_config['api']['upload_folder'], sha256)
if not os.path.exists(file_path):
abort(HTTP_NOT_FOUND)
with open(file_path, 'rb') as fh:
fh_content = fh.read()
raw = str(raw)[0].lower()
if raw in ['t', 'y', '1']:
response = make_response(fh_content)
response.headers['Content-Type'] = 'application/octet-stream; charset=UTF-8'
# better way to include fname?
response.headers['Content-Disposition'] = 'inline; filename={}.bin'.format(sha256)
else:
# ref: https://github.com/crits/crits/crits/core/data_tools.py#L122
rawname = sha256 + '.bin'
with open(safe_join('/tmp/', rawname), 'wb') as raw_fh:
raw_fh.write(fh_content)
zipname = sha256 + '.zip'
args = ['/usr/bin/zip', '-j',
safe_join('/tmp', zipname),
safe_join('/tmp', rawname),
'-P', 'infected']
proc = subprocess.Popen(args)
wait_seconds = 30
while proc.poll() is None and wait_seconds:
time.sleep(1)
wait_seconds -= 1
if proc.returncode:
return make_response(jsonify({'Error': 'Failed to create zip ()'.format(proc.returncode)}))
elif not wait_seconds:
proc.terminate()
return make_response(jsonify({'Error': 'Process timed out'}))
else:
with open(safe_join('/tmp', zipname), 'rb') as zip_fh:
zip_data = zip_fh.read()
if len(zip_data) == 0:
return make_response(jsonify({'Error': 'Zip file empty'}))
response = make_response(zip_data)
response.headers['Content-Type'] = 'application/zip; charset=UTF-8'
response.headers['Content-Disposition'] = 'inline; filename={}.zip'.format(sha256)
return response
def render(filename=None):
if filename is not None:
filename = safe_join(directory, filename)
if os.path.isdir(filename):
try:
filename = _find_file(filename)
except ValueError:
abort(404)
try:
text = _read_file(filename)
except IOError as ex:
if ex.errno != errno.ENOENT:
raise
return abort(404)
# if we think this file is an image, serve it as such
mimetype, _ = mimetypes.guess_type(filename)
if mimetype.startswith("image/"):
return render_image(text, mimetype)
filename_display = _display_filename(filename)
else:
text = _read_file(path)
filename_display = _display_filename(path)
return render_page(text, filename_display, gfm, context, render_offline,
username, password, style_urls)
def create_user(username=None, password=None):
""" Create user """
user_file = safe_join(app.config['USERS_FOLDER'], username)
password = sha256_crypt.encrypt(password)
with open(user_file, 'x') as f:
dump({'password': password}, f)
settings_write(username, 'create', int(time.time()))
def settings_write(name=None, key=None, value=None):
""" Write to settings file """
file = safe_join(app.config['SETTINGS_FOLDER'], name + '.json')
content = settings_read(name)
content[key] = value
with open(file, 'w') as f:
dump(content, f)
def render(filename=None):
if filename is not None:
filename = safe_join(os.path.dirname(app.config['GRIP_FILE']), filename)
if os.path.isdir(filename):
try:
filename = _find_file(filename)
except ValueError:
abort(404)
# if we think this file is an image, we need to read it in
# binary mode and serve it as such
mimetype, _ = mimetypes.guess_type(filename)
is_image = mimetype.startswith('image/') if mimetype else False
try:
text = _read_file(filename, is_image, encoding)
except IOError as ex:
if ex.errno != errno.ENOENT:
raise
return abort(404)
if is_image:
return render_image(text, mimetype)
else:
filename = app.config['GRIP_FILE']
text = _read_file(app.config['GRIP_FILE'])
return render_page(text, filename, gfm, context,
username, password, render_offline, style_urls, styles)
def login():
""" Login handler. Check password from user file and add <username> to session storage. """
if request.method == 'POST':
username = escape(request.form.get('username', None))
password = request.form.get('password', None)
next_url = request.args.get('next', url_for('main'))
if not username or not password:
flash('Fill all fields!', 'error')
return redirect(url_for('login', next=next_url))
try:
user_file = safe_join(app.config['USERS_FOLDER'], username)
with open(user_file, 'r') as uf:
user_conf = load(uf) # user_file on json format
if not sha256_crypt.verify(password, user_conf['password']): # check password
flash('Wrong password!', 'error')
return redirect(url_for('login', next=next_url))
else:
flash('You successfully logged in!', 'info')
session['username'] = username
settings_write(username, 'last_login', int(time.time()))
except FileNotFoundError:
flash('User not exist!', 'error')
return redirect(url_for('login', next=next_url))
except Exception:
abort(500)
return redirect(next_url)
return render_template('login.html')
def run_test(chapter_num=None, section_num=None, test_index=None,
test_id=None):
if test_id is None:
try:
chapter, sections, _ = chapters[chapter_num - 1]
title, url, tests = sections[section_num - 1]
test = tests[test_index - 1]
previous_index = test_index - 1
next_index = test_index + 1 if test_index < len(tests) else None
except IndexError:
abort(404)
else:
test = dict(test_id=test_id)
from pygments import highlight
from pygments.lexers import HtmlLexer
from pygments.formatters import HtmlFormatter
filename = safe_join(suite_directory, test['test_id'] + '.htm')
with open(filename, 'rb') as fd:
source = fd.read().decode('utf8')
formatter = HtmlFormatter(linenos='inline')
source = highlight(source, HtmlLexer(), formatter)
css = formatter.get_style_defs('.highlight')
return render_template('run_test.html', **locals())
def render_pdf(template, temp, height, width, context={}, filename=None, **kwargs):
filename = filename or random_string()
is_celery_processs = kwargs.pop('is_celery_processs', None)
use_wkhtmltopdf = kwargs.pop('use_wkhtmltopdf', None)
# save badge as html
html_path = save_template(template, directory=temp, context=context,
filename=filename + ".html")
# save badge as pdf
pdf_path = flask.safe_join(temp, filename + ".pdf")
def generate_pdf():
with open(flask.safe_join(temp, "stderr.log"), "w+") as stderr:
if use_wkhtmltopdf:
wkhtmltopdf(html_path=html_path, pdf_path=pdf_path,
height=height, width=width, stderr=stderr)
else:
pisa_magic(html_path=html_path, pdf_path=pdf_path,
height=height, width=width, stderr=stderr)
pdf = open(pdf_path, "rb")
return pdf
if is_celery_processs:
generate_pdf()
return pdf_path.name
else:
try:
pdf = generate_pdf()
finally:
temp.rmtree()
return flask.Response(read_file(pdf), mimetype="application/pdf")
def render(filename=None):
if filename is not None:
filename = safe_join(os.path.dirname(in_filename), filename)
if os.path.isdir(filename):
filename = _find_file_or_404(filename, force_resolve)
# Read and serve images as binary
mimetype, _ = mimetypes.guess_type(filename)
if mimetype and mimetype.startswith('image/'):
image_data = _read_file_or_404(filename, True)
return _render_image(image_data, mimetype)
render_text = _read_file_or_404(filename)
else:
filename = in_filename
if text is not None:
render_text = (text.read() if hasattr(text, 'read')
else str(text))
else:
render_text = _read_file_or_404(filename)
favicon = assets.get('favicon', None)
return _render_page(render_text, filename, gfm, context,
username, password,
render_offline, render_wide,
style_urls, styles, favicon)
def delete_file(name, filename):
wh = get_warehouse()
parcel = get_or_404(wh.get_parcel, name, _exc=KeyError)
if not authorize_for_parcel(parcel):
flask.abort(403)
if not parcel.uploading:
flask.abort(403)
if flask.request.method == 'POST':
filename = secure_filename(filename)
file_path = flask.safe_join(parcel.get_path(), filename)
wh.logger.info("Delete file %r for parcel %r (user %s)",
filename, parcel.name, _current_user())
try:
os.unlink(file_path)
parcel_file_deleted.send(parcel)
flask.flash("File %s was deleted." % name, 'system')
except OSError:
flask.flash("File %s was not deleted." % name, 'system')
return flask.redirect(flask.url_for('parcel.view', name=name))
else:
return flask.render_template('parcel_file_delete.html',
parcel=parcel,
filename=filename)
def files_delete(path):
"""
unlink(path) -> DELETE /files/<path>?op=unlink
200
404 File not found.
rmdir(path) -> DELETE /files/<path>?op=rmdir
200
404 File not found.
"""
if 'op' not in flask.request.args:
return 'Missing operation.', 400
op = flask.request.args['op']
path = flask.safe_join(app.config['serve_dir'], path)
if op == 'unlink':
try:
os.unlink(path)
except FileNotFoundError:
return 'File not found.', 404
return ""
elif op == 'rmdir':
try:
os.rmdir(path)
except FileNotFoundError:
return 'File not found.', 404
except OSError as e:
return 'Errno {}'.format(e.errno), 400
return ""
return 'Unknown operation.', 400
def files_put(path):
"""
write(path, data, offset) -> PUT /files/<path>
{"data": "<base64 str>", "offset": <offset int>}
200 <bytes written int>
404 File not found.
"""
path = flask.safe_join(app.config['serve_dir'], path)
payload = flask.request.json
if 'data' not in payload:
return 'Missing data.', 400
elif 'offset' not in payload:
return 'Missing offset.', 400
data = base64.b64decode(payload['data'])
offset = int(payload['offset'])
# Open, seek, write, close
try:
fd = os.open(path, os.O_WRONLY)
os.lseek(fd, offset, os.SEEK_SET)
n = os.write(fd, data)
os.close(fd)
except FileNotFoundError:
return 'File not found.', 404
return flask.jsonify({"count": n})
def files_post(path):
"""
create(path) -> POST /files/<path>?op=create
200
mkdir(path) -> POST /files/<path>?op=mkdir
200
400 Directory exists.
"""
if 'op' not in flask.request.args:
return 'Missing operation.', 400
op = flask.request.args['op']
path = flask.safe_join(app.config['serve_dir'], path)
if op == "create":
fd = os.open(path, os.O_WRONLY | os.O_CREAT, 0o755)
os.close(fd)
return ""
elif op == "mkdir":
try:
fd = os.mkdir(path, 0o755)
except FileExistsError:
return 'Directory exists.', 400
return ""
return 'Unknown operation.', 400
def write():
""" Create new page with <page_name> filename in <PAGES_FOLDER> const. """
if request.method == 'POST':
page_name = escape(request.form.get('title', None))
content = request.form.get('content', None)
create = request.form.get('create', '0') # default zero; TODO: rewrite this
if not page_name or page_name == '.gitignore' or '.' in page_name or '/' in page_name:
flash('Enter correct title', 'error')
return redirect(url_for('write'))
page_file = safe_join(app.config['PAGES_FOLDER'], page_name)
if create == '1' and os.path.isfile(page_file):
flash('Page already exist with same name!', 'error')
else:
try:
if create != '1':
dump_page(page_name)
with open(page_file, 'w') as f:
f.write(content)
settings_write(page_name, 'last_author', session['username'])
settings_write(page_name, 'last_change', int(time.time()))
flash('Success!', 'info')
return redirect(url_for('page', page_name=page_name))
except OSError:
flash('Can not save page!', 'error')
except Exception:
abort(500)
return render_template('editor.html', context={})
def get_meta(db_id=None):
with shared_lock():
path = safe_join(WRK_DB_DIR, db_id.lower())
path = os.path.join(path, META_FILE_NAME)
if not os.path.exists(path) or not os.path.isfile(path):
raise NotFound()
with gzip.open(path, 'rt') as f:
data = f.read()
data = json.loads(data)
return jsonify(data)
def favicon():
filename = "favicon.ico"
cache_timeout = current_app.get_send_file_max_age(filename)
favicon_path = safe_join(current_app.static_folder, "favicons")
return send_from_directory(
favicon_path,
filename,
mimetype="image/vnd.microsoft.icon",
cache_timeout=cache_timeout,
)
def raw(path):
if not is_staff("cs61a"):
abort(403)
path = safe_join(get_working_directory(get_host_username()), "published",
path)
try:
return send_file(path, cache_timeout=-1)
except FileNotFoundError:
return "", 404
def view_pdf():
if request.method == 'POST':
try:
filename = request.get_json()['filename']
pdf_path = Config.PDF_PATH
safe_path = safe_join(pdf_path, filename)
return send_file(safe_path, as_attachment=False)
except FileNotFoundError:
return "File not found"
except Exception as exp:
return str(exp)
else:
try:
safe_path = safe_join(Config.PDF_PATH, 'pdf-test.pdf')
return send_file(safe_path, as_attachment=False)
except FileNotFoundError:
return "File not found"
except Exception as exp:
return str(exp)
def store_blob(self, agent, blobid, data):
"""Store a blob"""
try:
fdir = Path(config.AGENTBLOB_PATH) / agent.uuid
fdir.mkdir(mode=0o750, exist_ok=True)
fpath = Path(safe_join(str(fdir), blobid))
fpath.write_bytes(data)
return True
except:
return False
def _download_path(self, project):
container = self._container(project)
if isinstance(uploader, local.LocalUploader):
filepath = safe_join(uploader.upload_folder, container)
else:
print(
"The method Exporter _download_path should not be used for Rackspace etc.!"
) # TODO: Log this stuff
filepath = container
return filepath
def remove_file(response):
try:
os.remove(safe_join(AGENTS_PATH, DOWNLOADS_DIR, path))
except NotFound as e:
return flask.make_response(
flask.jsonify({
MESSAGE_KEY:
'The requested URL was not found on the server'
}), HTTPStatus.NOT_FOUND)
return response
def del_req_codefile(path, did):
_, fpath = build_path(path, did)
fname = safe_join(path, did)
try:
os.remove(path)
return jsonify({'status': 'ok', 'result': True})
except IOError:
raise Exception404("I can't remove %s" % fname)
except:
raise Exception400("An error happened")
def router(path: str):
"""
Custom router function that can differ between model pages and their parent directories (for which it needs to
generate index pages).
:param model:
:return:
"""
# support annoying double-slash URLs, redirecting to the real page
original_path = str(path)
while "//" in path:
path = path.replace("//", "/")
if path != original_path:
return redirect(url_for("views.router", path=path))
# resolve path inside models dir
path = path.replace("/index.html", "")
request_dir = safe_join(models_dir(), path)
# if the directory doesn't exist, we emit a 404
if not os.path.isdir(request_dir):
raise NotFound("Could not find models dir")
# let's see if this is an index page or a "content" dir
# the detection works by checking for subdirectories; if there are any, we generate an index page, otherwise we
# try to generate a model page
dir_contents = os.listdir(request_dir)
# completely empty directories should not be visible, similar like how Git works
if not dir_contents:
raise NotFound()
has_subdirs = any(
[os.path.isdir(safe_join(request_dir, i)) for i in dir_contents])
if has_subdirs:
return render_index_page(path)
else:
return render_model_page(path)
def audio(audio_file_key):
"""
Return audio from audio file URL in `audio_file_key`
Parameters
----------
audio_file_key: str
The encrypted key that contains a dictionary that included an item keyed by 'path' which is the location of the
audio file
Returns
-------
flask.Response
"""
if app.config['AUDIO_CODEC'] == 'wav':
file_format = '.wav'
elif app.config['AUDIO_CODEC'] == 'mp3':
file_format = '.mp3'
if app.config['ENCRYPT_AUDIO_STIMULI_URLS']:
try:
audio_file_dict = utilities.decrypt_data(str(audio_file_key))
# can also assert that this file is for this specific participant and condition
assert (audio_file_dict['p_id'] == session['participant_id'])
assert (audio_file_dict['g_id'] in session['condition_group_ids'])
filename = audio_file_dict['URL']
except (ValueError, TypeError):
filename = audio_file_key + file_format
else:
filename = audio_file_key + file_format
if app.config['EXTERNAL_FILE_HOST']:
# return send_file_partial(app.config['AUDIO_FILE_DIRECTORY']+filename)
return send_file_partial_hack(
safe_join(app.config['AUDIO_FILE_DIRECTORY'], filename))
else:
return send_file_partial(
safe_join(
safe_join(app.root_path, app.config['AUDIO_FILE_DIRECTORY']),
filename))
def get_size(path, skip_dirs):
size = 0
for root, dirs, files in os.walk(path):
size += sum(
os.path.getsize(safe_join(root, name)) for name in files)
for skip_dir in skip_dirs:
if skip_dir in dirs:
dirs.remove(skip_dir)
return size
def read_environment_from_disk(env_directory,
project_uuid) -> Optional[Environment]:
try:
with open(safe_join(env_directory, "properties.json"), "r") as file:
env_dat = json.load(file)
with open(safe_join(env_directory, _config.ENV_SETUP_SCRIPT_FILE_NAME),
"r") as file:
setup_script = file.read()
e = Environment(**env_dat)
e.project_uuid = project_uuid
e.setup_script = setup_script
return e
except Exception as e:
current_app.logger.error(
"Could not get environment from env_directory %s. Error: %s" %
(env_directory, e))
def serialize_environment_to_disk(environment, env_directory):
environment_schema = EnvironmentSchema()
# treat setup_script separately
with open(safe_join(env_directory, "properties.json"), "w") as file:
environmentDICT = environment_schema.dump(environment)
# don't serialize project_uuid
del environmentDICT["project_uuid"]
# setup scripts is serialized separately
del environmentDICT["setup_script"]
file.write(json.dumps(environmentDICT))
# write setup_script
with open(safe_join(env_directory, _config.ENV_SETUP_SCRIPT_FILE_NAME),
"w") as file:
file.write(environment.setup_script)
def extract_data(message, root, min_size=0.0, max_size=1.0):
"""Replaces large Data values with pointers to offloaded data.
Git LFS (https://git-lfs.github.com/) is convenient because it lives in the
same repo as the associated Reaction records. However, it is not possible to
get a permanent URL for the uploaded data because it is only committed to
the PR branch. We have (at least) these options:
1. Modify the URL just before or after the PR is merged to point to the
correct branch.
2. Modify the URL to point to its eventual destination (in the `main`
branch) and deal with broken links during submission review, or
3. Use relative paths (relative to the repository root). This means that
users will have to traverse the repo manually to access referenced
data instead of simply following a URL.
4. Merge the data immediately in another repo so the URL is permanent.
I think (2) is the best option because it yields URLs that will eventually
work and it is simpler than (1). I don't like option (4) because it requires
data to be committed and merged before review.
Args:
message: Protocol buffer message.
root: Text root of the repository.
min_size: Float minimum size of data before it will be written (in MB).
max_size: Float maximum size of data to write (in MB).
Returns:
Set of text filenames; the generated Data files.
"""
dirname = tempfile.mkdtemp()
data_messages = message_helpers.find_submessages(message,
reaction_pb2.Data)
filenames = set()
for data_message in data_messages:
data_filename, data_size = write_data(data_message,
dirname,
min_size=min_size,
max_size=max_size)
if data_filename:
basename = os.path.basename(data_filename)
output_filename = message_helpers.id_filename(basename)
with_root = flask.safe_join(root, output_filename)
if os.path.exists(with_root):
warnings.warn(f'Target Data blob already exists: {with_root}')
else:
os.makedirs(os.path.dirname(with_root), exist_ok=True)
shutil.copy2(data_filename, with_root)
filenames.add(with_root)
data_message.url = urllib.parse.urljoin(DATA_URL_PREFIX,
output_filename)
logging.info('Created Data link (%g MB): %s', data_size, with_root)
shutil.rmtree(dirname)
return filenames
def main():
""" Main route, entry point for react. """
validate_auth()
## issue with path resolution after build
return send_from_directory(
#todo: remove templates directory reference; index.html isn't a jinja template
safe_join(
current_app.config.get("STATIC_DIR") or current_app.static_folder,
'templates'),
'index.html',
cache_timeout=-1)
def put_file(loc):
token = flask.request.args.get('token')
sess_dir = make_dir_name(token)
if not os.path.isdir(sess_dir):
os.mkdir(sess_dir)
file_loc = flask.safe_join(sess_dir, loc)
with open(file_loc, 'wb') as f:
f.write(flask.request.data)
return flask.jsonify({'disk': file_loc})
def get_3d(session, folders, filename):
folders = folders.split('|')
path = safe_join(prefix, session, *folders)
path = safe_join(path, 'pose-3d', filename + '.csv')
data = pd.read_csv(path)
cols = [x for x in data.columns if '_error' in x]
bodyparts = [c.replace('_error', '') for c in cols]
vecs = []
for bp in bodyparts:
vec = np.array(data[[bp+'_x', bp+'_y', bp+'_z']])
vecs.append(vec)
vecs = np.array(vecs).swapaxes(0, 1)
lengths = np.linalg.norm(vecs[:,0] - vecs[:,1], axis=1)
L = np.median(lengths)
vecs = vecs / L * 0.22;
return jsonify(vecs.tolist())
def flask_server_tiles(filename):
""" Serve up a file from the tile server location """
global map_settings
if map_settings['tile_server_enabled']:
_filename = flask.safe_join(map_settings['tile_server_path'], filename)
if os.path.isfile(_filename):
return flask.send_file(_filename)
else:
flask.abort(404)
else:
flask.abort(404)
def edit_content(course, content_path, TOC: TableOfContent):
try:
content = TOC.get_page_from_path("%s.rst" % content_path)
except ContentNotFoundError:
content = TOC.get_content_from_path(content_path)
if request.method == "POST":
inpt = request.form
if "new_content" not in inpt:
return seeother(request.path)
else:
if type(content) is Chapter:
with open(safe_join(syllabus.get_pages_path(course), content.path, "chapter_introduction.rst"), "w") as f:
f.write(inpt["new_content"])
else:
with open(safe_join(syllabus.get_pages_path(course), content.path), "w") as f:
f.write(inpt["new_content"])
return seeother(request.path)
elif request.method == "GET":
return render_template("edit_page.html", course=course, content_data=get_content_data(course, content),
content=content, TOC=TOC, cheat_sheet=get_cheat_sheet(), enable_preview=syllabus.get_config().get("enable_editing_preview", False))
def get_return_path(project, fpath, root_upload_path=None):
"""Splice upload_path and project from fpath and return the path
shown to the user and POSTed to Metax.
"""
if not root_upload_path:
root_upload_path = current_app.config.get("UPLOAD_PATH")
base_path = safe_join(root_upload_path, project)
ret_path = os.path.normpath(fpath[len(base_path):])
return ret_path if ret_path != "." else "/"
def url_handle():
url = request.args.get('url', '')
if not url or url == '':
return redirect(url_for('index'))
if "auth=1" in url.split("&"):
abort(401)
if '://' not in url:
url = "http://" + url
if "readsy.co" in url:
return render_template('spritz.html', text="Try parsing a different website!")
ext = url.split('.')[-1].lower()
if ext in ALLOWED_EXTENSIONS:
try:
r = requests.get(url, stream=True)
except:
abort(400)
if 'content-length' in r.headers:
if int(r.headers['content-length']) > application.config['MAX_CONTENT_LENGTH']:
abort(400)
if r.status_code == 200:
fullname = url.split('/')[-1]
filename = fullname.split('.')[0]
path = safe_join(application.config['UPLOAD_FOLDER'], fullname)
with open(path, 'wb') as f:
for chunk in r.iter_content():
f.write(chunk)
if ext == "pdf":
s = PDFhelper(path)
return render_template('spritz.html', text=s, filename=fullname, titleText=fullname)
elif ext == "txt":
s = TXThelper(path)
return render_template('spritz.html', text=s, filename=fullname, titleText=fullname)
else:
abort(400)
return
try:
g = Goose()
article = g.extract(url=url)
s = cleantext(article.cleaned_text)
# if article.top_image:
# img = article.top_image
return render_template('spritz.html', text=s, filename=url.split('//')[1], titleText=article.title)
except:
abort(400)
def get_containing_chapters_of(self, content):
str_containing_chapters = content.path.split(os.sep)[:-1]
result = []
actual_path = []
for chapter_str in str_containing_chapters:
actual_path.append(chapter_str)
joined_path = safe_join(*actual_path)
result.append(
Chapter(joined_path, self.path_to_title_dict[joined_path],
self.toc_path))
return result
def delete(path):
full_path = Path(safe_join(app.config["UPLOAD_FOLDER"], path))
if os.path.exists(full_path):
try:
os.remove(full_path)
return json.dumps(str(path)), 200
except OSError as ex:
return json.dumps("Error while deleting file {}:\n{}".format(
path, ex)), 500
else:
return json.dumps("File {} not found".format(path)), 404
def test_safe_join(self):
# Valid combinations of *args and expected joined paths.
passing = (
(('a/b/c', ), 'a/b/c'),
((
'/',
'a/',
'b/',
'c/',
), '/a/b/c'),
((
'a',
'b',
'c',
), 'a/b/c'),
((
'/a',
'b/c',
), '/a/b/c'),
(
('a/b', 'X/../c'),
'a/b/c',
),
(
('/a/b', 'c/X/..'),
'/a/b/c',
),
# If last path is '' add a slash
(
(
'/a/b/c',
'',
),
'/a/b/c/',
),
# Preserve dot slash
(
(
'/a/b/c',
'./',
),
'/a/b/c/.',
),
(
('a/b/c', 'X/..'),
'a/b/c/.',
),
# Base directory is always considered safe
(('../', 'a/b/c'), '../a/b/c'),
(('/..', ), '/..'),
)
for args, expected in passing:
assert flask.safe_join(*args) == expected
def post_inginious(course):
inpt = request.form
data = parse.urlencode(inpt).encode()
inginious_config = syllabus.get_config()['courses'][course]['inginious']
path = safe_join(inginious_config.get("simple_grader_pattern", "/"), inginious_config['course_id'])
inginious_sandbox_url = urllib.parse.urljoin(inginious_config["url"], path)
req = urllib_request.Request(inginious_sandbox_url, data=data)
resp = urllib_request.urlopen(req)
response = make_response(resp.read().decode())
response.headers['Content-Type'] = 'text/json'
return response
def _upload_path(self):
container = self._container()
filepath = None
if isinstance(uploader, local.LocalUploader):
filepath = safe_join(uploader.upload_folder, container)
if not os.path.isdir(filepath):
os.makedirs(filepath)
return filepath
current_app.logger.error('Failed to generate upload path {0}'.format(filepath))
raise IOError('Local Upload folder is missing: {0}'.format(filepath))
def urlget(urlshort):
fp = safe_join('files', urlshort)
if not isfile(fp):
abort(404)
r = BytesIO()
mime = magic.from_file(fp, mime=True)
with open(fp, 'rb') as fo:
r.write(fo.read())
r.seek(0)
remove(fp)
return send_file(r, mimetype=mime)
def get_user_upload(subdirectory):
"""Return the location of a subdirectory for uploads. This also uses a
subdirectories path component in the main user upload directory.
This function is safe to path injection (such as .. in filename).
This function will also care about directory creation if it doesn't exist
yet.
Path example : /upload-dir/subdirectory
"""
user_dir = safe_join(current_app.config["UPLOAD_DIR"], subdirectory)
os.makedirs(user_dir, exist_ok=True)
return user_dir
def upload():
results = []
for filename, file in request.files.items():
if not filename:
continue
file_path = filename.lstrip(os.sep)
target = Path(safe_join(app.config["UPLOAD_FOLDER"], file_path))
target.parent.mkdir(parents=True, exist_ok=True)
file.save(str(target))
results.append(file_path)
return (json.dumps(results), 200)
def download_Annotations(target, database, ID):
print(target, database, ID)
entry = search_for_download(database, ID).next()
annot = open(
os.path.join(app.config['ANNOTATION_FILES'], 'GOannotation_Ago20.txt'),
'r').readlines()
del annot[0]
annot = dict(map(lambda x: (x.split('\t')[0], x.split('\t')), annot))
header = [
'Dataset', 'neXtProt_ID', 'EnsembleID', 'gene_name', 'uPE1',
'PE_level', 'Chr', 'DB', 'Ontology', 'P.value', 'Description', '\n'
] if entry['UPE'] else [
'Dataset', 'neXtProt_ID', 'EnsembleID', 'gene_name', 'uPE1',
'PE_level', 'Chr', 'DB', 'Ontology', 'Description', '\n'
]
SEP = '\t'
file_name = target.replace(
' ', '_').title() + 'Annot_' + time.strftime("%Y%m%d-%H%M") + '.tsv'
with open(os.path.join('tmp', file_name), 'w') as outfl:
outfl.write(SEP.join(header))
anchor = SEP.join([
entry['dataset'], entry['nexprot_id'], entry['_id'],
entry['gene_name'],
str(entry['UPE']), entry['PE_level'],
str(entry['chr'])
])
for go in entry['GO_con']:
go_id = go['id']
if entry['UPE']:
go_pval = go['pval']
line = anchor + SEP + 'Gene Ontology' + SEP + go_id + SEP + go_pval + SEP + annot[
go_id][2] + '\n'
else:
line = anchor + SEP + 'Gene Ontology' + SEP + go_id + SEP + annot[
go_id][2] + '\n'
outfl.write(line)
for msig in entry['Msig_con']:
msig_id = msig['id']
if entry['UPE']:
msig_pval = msig['pval']
line = anchor + SEP + 'MSigDB' + SEP + msig_id + SEP + msig_pval + '\n'
else:
line = anchor + SEP + 'MSigDB' + SEP + msig_id + '\n'
outfl.write(line)
for mala in entry['Mala_con']:
mala_id = mala['id']
if entry['UPE']:
mala_pval = mala['pval']
line = anchor + SEP + 'Disease' + SEP + mala_id + SEP + mala_pval + '\n'
else:
line = anchor + SEP + 'Disease' + SEP + mala_id + '\n'
outfl.write(line)
safe_path = safe_join(app.config["CLIENT_FILES"], file_name)
return send_file(safe_path, as_attachment=True)
