def create_login_client(app: flask.Flask):
login_manager = LoginManager()
login_manager.init_app(app)
def login():
user_data = get_user()
user = User.query.filter_by(email=user_data["email"]).one_or_none()
if user is None:
user = User(email=user_data["email"],
name=user_data["name"],
is_staff=False)
db.session.add(user)
user.name = user_data["name"] or user_data["email"]
for participation in user_data["participations"]:
if participation["course"]["offering"] == get_endpoint():
break
else:
if getenv("ENV") == "prod":
return
user.is_staff = is_staff("cs61a" if dev else get_course())
db.session.commit()
login_user(user)
create_oauth_client(app, "sections", success_callback=login)
@login_manager.user_loader
def load_user(user_id):
return User.query.get(user_id)
@app.route("/oauth/logout")
def logout():
logout_user()
return redirect(url_for("index"))
@only("logs")
def container_log(name):
return dict(success=True, logs=dna.docker_logs(name))
def check_auth(func):
@wraps(func)
def wrapped(*args, **kwargs):
if not (is_staff("cs61a") and is_admin(email=get_user()["email"])):
return login()
return func(*args, **kwargs)
return wrapped
create_oauth_client(app, "hosted-apps")
dna_api = dna.create_api_client(precheck=check_auth)
app.register_blueprint(dna_api, url_prefix="/dna")
dna_logs = dna.create_logs_client(precheck=check_auth)
app.register_blueprint(dna_logs, url_prefix="/logs")
# PR Proxy Setup
from dna.utils import Certbot
from dna.utils.nginx_utils import Server, Location
from common.rpc.hosted import create_pr_subdomain
proxy_cb = Certbot(CERTBOT_ARGS + ["-i", "nginx"])
pr_confs = f"{os.getcwd()}/data/pr_proxy"
class Status(Enum):
VALIDATING = "VALIDATING"
DNS_INVALID = "DNS_INVALID"
PROVISIONING = "PROVISIONING"
PROVISIONING_FAILED = "PROVISIONING_FAILED"
UPDATING_OAUTH = "UPDATING_OAUTH"
INTERNAL_ERROR = "INTERNAL_ERROR"
SUCCESS = "SUCCESS"
app = Flask(__name__, static_folder="", static_url_path="")
if __name__ == "__main__":
app.debug = True
create_oauth_client(app, "61a-domains")
with connect_db() as db:
db("""CREATE TABLE IF NOT EXISTS hosted_apps (
domain VARCHAR(128),
course VARCHAR(128),
app VARCHAR(128),
status VARCHAR(128)
)
""")
@app.route("/")
def index():
if not is_logged_in():
return login()
from flask import Flask
from common.oauth_client import create_oauth_client
from models import create_models, db
from admin import create_admin_endpoints
from okpy import create_okpy_endpoints
from worker import create_worker_endpoints
from superadmin import create_superadmin_endpoints
app = Flask(__name__)
if __name__ == "__main__":
app.debug = True
create_oauth_client(app, "61a-autograder")
create_models(app)
create_admin_endpoints(app)
create_okpy_endpoints(app)
create_worker_endpoints(app)
create_superadmin_endpoints(app)
@app.before_first_request
def init_db():
db.init_app(app)
db.create_all(app=app)
@app.route("/")
def index():
from common.oauth_client import (
create_oauth_client,
get_user,
is_enrolled,
login,
)
VALID_ORIGINS = r"https://.*cs61a\.org"
app = Flask(__name__, static_folder="", static_url_path="")
if __name__ == "__main__":
app.debug = True
CORS(app, origins=VALID_ORIGINS, supports_credentials=True)
create_oauth_client(app, "61a-discussions")
"""
This is normally risky! It is safe here because
(a) CORS prevents an attacker from reading reply data, even if their request is authenticated
(b) The endpoints require a Content-Type of application/json, so browsers will send a pre-flight
meaning that they will not even send POSTs unless they pass the CORS check, which they don't
To ensure safety, we must ensure that
(a) GET requests have no side-effects
(b) POST requests must have the JSON Content-Type, so a malicious site cannot send requests on
behalf of a user that can cause issues.
(c) The CORS policy only allows *.cs61a.org to send POSTs with credentials
"""
@app.after_request
from common.oauth_client import create_oauth_client, is_staff, login
from common.url_for import get_host
app = Flask(__name__)
if __name__ == "__main__":
app.debug = True
@app.route("/", defaults={"path": ""})
@app.route("/<path:path>", methods=["GET"])
def index(path):
if ".pr." in get_host() and not is_staff("cs61a"):
return login()
bucket = get_bucket(
{
"cs61a": "website-base",
"website": "website-base",
"website-server": "website-base",
},
"website-base",
)
return serve_path(bucket, "/released/", path, path_404="404/index.html")
Compress(app)
create_oauth_client(app, "cs61a-staging")
if __name__ == "__main__":
app.run(debug=True)
app = Flask(__name__, static_folder="", static_url_path="")
if __name__ == "__main__":
app.debug = True
with connect_db() as db:
db("""CREATE TABLE IF NOT EXISTS secrets (
app varchar(128),
name varchar(128),
public_value varchar(512),
staging_value varchar(512)
)""")
secret_key = db(
"SELECT public_value FROM secrets WHERE app='secrets' and name='OKPY_OAUTH_SECRET'"
).fetchone()
create_oauth_client(app, "61a-secrets",
secret_key[0] if secret_key is not None else "")
@validate_master_secret.bind(app)
def validate_master_secret(master_secret):
with connect_db() as db:
public_app = db(
"SELECT app FROM secrets WHERE public_value=%s AND name='MASTER'",
[master_secret],
).fetchone()
if public_app is not None:
return public_app[0], False
staging_app = db(
"SELECT app FROM secrets WHERE staging_value=%s AND name='MASTER'",
[master_secret],
).fetchone()
def print_to_stderr(print_function):
"""Writes to sys.stderr using the desired print function.
:param print_function: a print function
:return: a function that writes the input to sys.stderr using the desired print function
"""
def print(*s):
print_function(*s, file=sys.stderr)
return print
print = print_to_stderr(print)
app = Flask(__name__,
static_url_path="",
static_folder="static",
template_folder="static")
if __name__ == "__main__":
app.debug = True
create_client(app)
create_oauth_client(app, CONSUMER_KEY)
if __name__ == "__main__":
app.run(host="127.0.0.1", port=8000, debug=True)
frameborder="0"
scrolling="no"
>
</iframe>
</div>
"""
HOT_RELOAD_INLINE_SCRIPT = """
<script>
const version=VERSION;
const manualVersion=MANUAL_VERSION;
</script>
<script src="/hot_reloader.js"></script>
"""
create_oauth_client(app, "61a-sandbox")
with connect_db() as db:
db("""CREATE TABLE IF NOT EXISTS sandboxes (
username varchar(128),
initialized boolean,
locked boolean,
version integer, -- updated every time we sync a file
manual_version integer -- updated after every manual make command
);""")
db("""CREATE TABLE IF NOT EXISTS builds (
username varchar(128),
target varchar(256),
pending boolean
);""")
from flask import Flask, abort, request, redirect
from typing import List, Tuple
from common.oauth_client import create_oauth_client, is_staff
from common.jobs import job
from common.db import connect_db
from common.url_for import url_for
from common.html import html, make_row
from auth import authenticate, update_storage
from datetime import datetime
from update_job import update
app = Flask(__name__)
create_oauth_client(app, "grade-display-exports", return_response=update_storage)
with connect_db() as db:
db(
"""CREATE TABLE IF NOT EXISTS gscope (
name varchar(128),
gs_code varchar(128)
)"""
)
db(
"""CREATE TABLE IF NOT EXISTS adjustments (
hashed text,
url text,
sheet text
)"""
)
from flask import Flask
from admins_client import create_admins_client
from auth_client import create_auth_client
from common.oauth_client import create_oauth_client
from domains_client import create_domains_client
from google_client import create_google_client
from management_client import create_management_client
from piazza_client import create_piazza_client
from ed_client import create_ed_client
from slack_client import create_slack_client
app = Flask(__name__)
if __name__ == "__main__":
app.debug = True
create_oauth_client(app, "61a-account-auth")
create_management_client(app)
create_auth_client(app)
create_admins_client(app)
create_google_client(app)
create_piazza_client(app)
create_ed_client(app)
create_slack_client(app)
create_domains_client(app)
if __name__ == "__main__":
app.run(debug=True)
from flask import Flask
from api_client import create_api_client
from common.oauth_client import create_oauth_client
from config_client import create_config_client
from slack_client import create_slack_client
app = Flask(__name__)
if __name__ == "__main__":
app.debug = True
create_config_client(app)
create_slack_client(app)
create_oauth_client(app, "eecs-slackbot")
create_api_client(app)
if __name__ == "__main__":
app.run(debug=True)
)
from common.rpc.hosted import add_domain
from common.rpc.secrets import get_secret
from common.shell_utils import sh
from common.html import html
from common.url_for import get_host, url_for
from common.db import connect_db
NGINX_PORT = os.environ.get("PORT", "8001")
DEFAULT_USER = "******"
SK_RETURN_TO = "start_kill_return_to"
app = Flask(__name__)
create_oauth_client(app,
"61a-ide",
secret_key=get_secret(secret_name="OKPY_IDE_SECRET"))
with connect_db() as db:
db("""CREATE TABLE IF NOT EXISTS ide (
username varchar(128),
initialized boolean, -- this is unused in the ide context, for now
locked boolean
);""")
VSCODE_ASSOC = """
{
"files.associations": {
"BUILD": "python",
"WORKSPACE": "python"
},
from string import ascii_lowercase
from flask import Flask, Response, abort, redirect, request, escape
from common.db import connect_db
from common.html import html
from common.oauth_client import create_oauth_client, is_staff, login
from common.rpc.paste import get_paste, paste_text
from common.rpc.secrets import validates_master_secret
from common.url_for import url_for
app = Flask(__name__, static_folder="", static_url_path="")
if __name__ == "__main__":
app.debug = True
create_oauth_client(app, "61a-paste")
with connect_db() as db:
db("""CREATE TABLE IF NOT EXISTS pastes (
name varchar(128),
data LONGBLOB,
private boolean
);""")
@app.route("/")
def index():
if not is_staff("cs61a"):
return login()
return html(f"""
Paste text here:
)
def add_url_params(url, params_string):
parse_result = list(urlparse.urlsplit(url))
parse_result[3] = "&".join(filter(lambda s: s, [parse_result[3], params_string]))
return urlparse.urlunsplit(tuple(parse_result))
app = Flask(__name__)
app.url_map.strict_slashes = False
if __name__ == "__main__":
app.debug = True
create_oauth_client(app, "61a-shortlinks")
def lookup(path):
with connect_db() as db:
target = db(
"SELECT url, creator, secure FROM shortlinks WHERE shortlink=%s AND course=%s",
[path, get_course()],
).fetchone()
return list(target) if target else (None, None, None)
@app.route("/<path>/")
def handler(path):
url, creator, secure = lookup(path)
if not url:
from common.rpc.secrets import get_secret, only, validates_master_secret
from common.url_for import url_for
from conf import GITHUB_REPO
from service_management import delete_unused_services
from github_utils import BuildStatus, pack, set_pr_comment
from scheduling import report_build_status
from target_determinator import determine_targets
from worker import land_commit
DO_NOT_BUILD = "DO NOT BUILD"
app = Flask(__name__)
if __name__ == "__main__":
app.debug = True
create_oauth_client(app, "61a-buildserver")
with connect_db() as db:
db(
"""CREATE TABLE IF NOT EXISTS services (
app varchar(128),
pr_number int,
locked boolean,
is_web_service boolean
)
"""
)
db(
"""CREATE TABLE IF NOT EXISTS apps (
app varchar(128),
repo varchar(128),
from html import escape
from json import loads
from flask import Flask, abort
from common.oauth_client import create_oauth_client, get_user, is_staff, login
from common.shell_utils import sh
from common.url_for import url_for
from common.rpc.auth import is_admin
app = Flask(__name__, static_folder="", static_url_path="")
if __name__ == "__main__":
app.debug = True
create_oauth_client(app, "61a-logs")
@app.route("/")
def index():
if not is_staff("cs61a"):
return login()
email = get_user()["email"]
if not is_admin(course="cs61a", email=email):
abort(401)
service_list = "\n".join(
f"<p /><a href={url_for('create_secret', service=service)}>{service}</a>"
for service in list_services())
return f"""
<h1>Log Viewer</h1>
