def submit(): caption = str(request.form["caption"]) if len(caption) > MAX_CAPTION_LEN: abort( 413, f"Your caption is too long - it should be at most {MAX_CAPTION_LEN} characters.", ) dice = loads(request.form["dice"]) dice_list = [] for svg in dice: if not isinstance(svg, str): abort(401) dice_list.append(svg) del dice if len(dice_list) != NUM_DICE: abort(401) group = get_group(get_endpoint("cs61a") + "/" + ASSIGNMENT) with connect_db() as db: for member in group: db("DELETE FROM designs WHERE email=(%s)", [member]) email = group[0] db( "INSERT INTO designs (id, created_time, email, caption, dice, endpoint) VALUES (%s, %s, %s, %s, %s, %s)", [ new_secret(), int(time()), email, caption, dumps(dice_list), get_endpoint("cs61a"), ], ) return dict(success=True, group=group)
def validate(data, timeout): for participation in data["participations"]: if participation["course"]["offering"] == get_endpoint("cs61a"): break else: abort( 401, "You are not enrolled in CS 61A, and so are not authorized to submit." ) email = data["email"] with connect_db() as db: ret = db("SELECT last_access FROM accesses WHERE email=(%s)", [email]).fetchone() now = int(time.time()) if ret and now - ret[0] < timeout: abort( 429, "You have made many requests in a short amount of time. Please wait a bit and try again.", ) with connect_db() as db: db("DELETE FROM accesses WHERE email=(%s)", [email]) db("INSERT INTO accesses VALUES (%s, %s)", [email, now])
def is_staff_userdata(userdata): endpoint = get_endpoint(course="cs61a") for participation in userdata["participations"]: if participation["role"] not in AUTHORIZED_ROLES: continue if participation["course"]["offering"] != endpoint: continue return True return False
def index(): with connect_db() as db: artworks = db( "SELECT id, caption FROM designs WHERE endpoint=(%s)", [get_endpoint("cs61a")], ).fetchall() shuffle(artworks) resp = Response(render_template("index.html", artworks=artworks)) resp.cache_control.max_age = 0 return resp
def authorized(): from common.course_config import get_endpoint message = request.args.get("error") if message: message = "Ok OAuth error: %s" % (message) return redirect(url_for("error", message=message)) try: auth_resp = auth.ok_auth.authorized_response() if auth_resp is None: message = "Invalid Ok response: %s" % (message) return redirect(url_for("error", message=message)) except OAuthException as ex: message = str(ex) return redirect(url_for("error", message=message)) token = auth_resp["access_token"] session["access_token"] = (token, "") # (access_token, secret) info = auth.ok_auth.get("user").data["data"] email = info["email"] name = info["name"] if not name: name = email if ", " in name: last, first = name.split(", ") name = first + " " + last is_staff = False offering = get_endpoint() for p in info["participations"]: if p["course"]["offering"] == offering: if p["role"] != "student": is_staff = True else: is_staff = False break else: if ( ConfigEntry.query.filter_by( course=get_course(), key="only_registered_students" ) .one() .value == "true" ): return redirect( url_for( "error", message="Only registered students can log in", ) ) user = user_from_email(name, email, is_staff) return authorize_user(user)
def submit_strategy(): curr_time = datetime.now().astimezone(timezone("US/Pacific")) end_time = datetime(2021, 7, 8, 23, 59, 0, tzinfo=timezone("US/Pacific")) if curr_time > end_time: abort(423, "The competition has ended.") try: strat = json.loads(request.form["strat"]) except JSONDecodeError: abort(400, "Received malformed JSON strategy") group = get_group(get_endpoint("cs61a") + f"/{ASSIGNMENT}") hashed = record_strat(request.form["name"], group, strat) run_tournament() log("New strategy received, tournament will restart after current match completes.") return jsonify({"success": True, "group": group, "hash": hashed})
def login(): user_data = get_user() user = User.query.filter_by(email=user_data["email"]).one_or_none() if user is None: user = User(email=user_data["email"], name=user_data["name"], is_staff=False) db.session.add(user) user.name = user_data["name"] or user_data["email"] for participation in user_data["participations"]: if participation["course"]["offering"] == get_endpoint(): break else: if getenv("ENV") == "prod": return user.is_staff = is_staff("cs61a" if dev else get_course()) db.session.commit() login_user(user)
def index(path): try: info = get_user() for p in info["participations"]: if p["course"]["offering"] == get_endpoint( "cs61a") and p["role"] == "student": return redirect("https://www.youtube.com/watch?v=dQw4w9WgXcQ") except: pass # don't let the rickroll crash anything else if not is_staff("cs61a"): return login() bucket = get_bucket( { "cs61a": "website-base", "solutions2": "website-base", "solutions": "website-base", }, "website-base", ) return serve_path(bucket, "/unreleased/", path)