diff options
Diffstat (limited to 'src/web/views')
| -rw-r--r-- | src/web/views/__init__.py | 6 | ||||
| -rw-r--r-- | src/web/views/api/__init__.py | 31 | ||||
| -rw-r--r-- | src/web/views/api/article.py | 63 | ||||
| -rw-r--r-- | src/web/views/api/common.py | 245 | ||||
| -rw-r--r-- | src/web/views/api/feed.py | 69 | ||||
| -rw-r--r-- | src/web/views/article.py | 40 | ||||
| -rw-r--r-- | src/web/views/feed.py | 207 | ||||
| -rw-r--r-- | src/web/views/icon.py | 14 | ||||
| -rw-r--r-- | src/web/views/views.py | 798 |
9 files changed, 1473 insertions, 0 deletions
diff --git a/src/web/views/__init__.py b/src/web/views/__init__.py new file mode 100644 index 00000000..36d382bd --- /dev/null +++ b/src/web/views/__init__.py @@ -0,0 +1,6 @@ +from .views import * +from .api import * + +from .article import article_bp, articles_bp +from .feed import feed_bp, feeds_bp +from .icon import icon_bp diff --git a/src/web/views/api/__init__.py b/src/web/views/api/__init__.py new file mode 100644 index 00000000..24472ebe --- /dev/null +++ b/src/web/views/api/__init__.py @@ -0,0 +1,31 @@ +#! /usr/bin/env python +# -*- coding: utf-8 -*- + +# jarr - A Web based news aggregator. +# Copyright (C) 2010-2015 Cédric Bonhomme - http://JARR-aggregator.org/ +# +# For more information : https://github.com/JARR-aggregator/JARR/ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +__author__ = "Cedric Bonhomme" +__version__ = "$Revision: 0.2 $" +__date__ = "$Date: 2014/06/18 $" +__revision__ = "$Date: 2014/07/05 $" +__copyright__ = "Copyright (c) Cedric Bonhomme" +__license__ = "AGPLv3" + +from web.views.api import article, feed + +__all__ = ['article', 'feed'] diff --git a/src/web/views/api/article.py b/src/web/views/api/article.py new file mode 100644 index 00000000..51844b20 --- /dev/null +++ b/src/web/views/api/article.py @@ -0,0 +1,63 @@ +#! /usr/bin/env python +# -*- coding: utf-8 - + +from flask import g +import dateutil.parser + +from web.controllers import ArticleController +from web.views.api.common import PyAggAbstractResource,\ + PyAggResourceNew, \ + PyAggResourceExisting, \ + PyAggResourceMulti + + +ARTICLE_ATTRS = {'user_id': {'type': int}, + 'feed_id': {'type': int}, + 'entry_id': {'type': str}, + 'link': {'type': str}, + 'title': {'type': str}, + 'readed': {'type': bool}, 'like': {'type': bool}, + 'content': {'type': str}, + 'date': {'type': str}, 'retrieved_date': {'type': str}} + + +class ArticleNewAPI(PyAggResourceNew): + controller_cls = ArticleController + attrs = ARTICLE_ATTRS + to_date = ['date', 'retrieved_date'] + + +class ArticleAPI(PyAggResourceExisting): + controller_cls = ArticleController + attrs = ARTICLE_ATTRS + to_date = ['date', 'retrieved_date'] + + +class ArticlesAPI(PyAggResourceMulti): + controller_cls = ArticleController + attrs = ARTICLE_ATTRS + to_date = ['date', 'retrieved_date'] + + +class ArticlesChallenge(PyAggAbstractResource): + controller_cls = ArticleController + attrs = {'ids': {'type': list, 'default': []}} + to_date = ['date', 'retrieved_date'] + + def get(self): + parsed_args = self.reqparse_args() + for id_dict in parsed_args['ids']: + for key in self.to_date: + if key in id_dict: + id_dict[key] = dateutil.parser.parse(id_dict[key]) + + result = list(self.wider_controller.challenge(parsed_args['ids'])) + return result or None, 200 if result else 204 + + +g.api.add_resource(ArticleNewAPI, '/article', endpoint='article_new.json') +g.api.add_resource(ArticleAPI, '/article/<int:obj_id>', + endpoint='article.json') +g.api.add_resource(ArticlesAPI, '/articles', endpoint='articles.json') +g.api.add_resource(ArticlesChallenge, '/articles/challenge', + endpoint='articles_challenge.json') diff --git a/src/web/views/api/common.py b/src/web/views/api/common.py new file mode 100644 index 00000000..3476cad9 --- /dev/null +++ b/src/web/views/api/common.py @@ -0,0 +1,245 @@ +#! /usr/bin/env python +# -*- coding: utf-8 - + +"""For a given resources, classes in the module intend to create the following +routes : + GET resource/<id> + -> to retrieve one + POST resource + -> to create one + PUT resource/<id> + -> to update one + DELETE resource/<id> + -> to delete one + + GET resources + -> to retrieve several + POST resources + -> to create several + PUT resources + -> to update several + DELETE resources + -> to delete several +""" +import ast +import json +import logging +import dateutil.parser +from functools import wraps +from werkzeug.exceptions import Unauthorized, BadRequest +from flask import request, g, session, Response +from flask.ext.restful import Resource, reqparse + +from web.lib.utils import default_handler +from web.models import User + +logger = logging.getLogger(__name__) + + +def authenticate(func): + """ + Decorator for the authentication to the web services. + """ + @wraps(func) + def wrapper(*args, **kwargs): + logged_in = False + if not getattr(func, 'authenticated', True): + logged_in = True + # authentication based on the session (already logged on the site) + elif 'email' in session or g.user.is_authenticated: + logged_in = True + else: + # authentication via HTTP only + auth = request.authorization + if auth is not None: + user = User.query.filter( + User.nickname == auth.username).first() + if user and user.check_password(auth.password) \ + and user.activation_key == "": + g.user = user + logged_in = True + if logged_in: + return func(*args, **kwargs) + raise Unauthorized({'WWWAuthenticate': 'Basic realm="Login Required"'}) + return wrapper + + +def to_response(func): + """Will cast results of func as a result, and try to extract + a status_code for the Response object""" + def wrapper(*args, **kwargs): + status_code = 200 + result = func(*args, **kwargs) + if isinstance(result, Response): + return result + elif isinstance(result, tuple): + result, status_code = result + return Response(json.dumps(result, default=default_handler), + status=status_code) + return wrapper + + +class PyAggAbstractResource(Resource): + method_decorators = [authenticate, to_response] + attrs = {} + to_date = [] # list of fields to cast to datetime + + def __init__(self, *args, **kwargs): + super(PyAggAbstractResource, self).__init__(*args, **kwargs) + + @property + def controller(self): + return self.controller_cls(getattr(g.user, 'id', None)) + + @property + def wider_controller(self): + if g.user.is_admin(): + return self.controller_cls() + return self.controller_cls(getattr(g.user, 'id', None)) + + def reqparse_args(self, req=None, strict=False, default=True, args=None): + """ + strict: bool + if True will throw 400 error if args are defined and not in request + default: bool + if True, won't return defaults + args: dict + the args to parse, if None, self.attrs will be used + """ + parser = reqparse.RequestParser() + for attr_name, attrs in (args or self.attrs).items(): + if attrs.pop('force_default', False): + parser.add_argument(attr_name, location='json', **attrs) + elif not default and (not request.json + or request.json and attr_name not in request.json): + continue + else: + parser.add_argument(attr_name, location='json', **attrs) + parsed = parser.parse_args(strict=strict) if req is None \ + else parser.parse_args(req, strict=strict) + for field in self.to_date: + if parsed.get(field): + try: + parsed[field] = dateutil.parser.parse(parsed[field]) + except Exception: + logger.exception('failed to parse %r', parsed[field]) + return parsed + + +class PyAggResourceNew(PyAggAbstractResource): + + def post(self): + """Create a single new object""" + return self.controller.create(**self.reqparse_args()), 201 + + +class PyAggResourceExisting(PyAggAbstractResource): + + def get(self, obj_id=None): + """Retreive a single object""" + return self.controller.get(id=obj_id) + + def put(self, obj_id=None): + """update an object, new attrs should be passed in the payload""" + args = self.reqparse_args(default=False) + new_values = {key: args[key] for key in + set(args).intersection(self.attrs)} + if 'user_id' in new_values and g.user.is_admin(): + controller = self.wider_controller + else: + controller = self.controller + return controller.update({'id': obj_id}, new_values), 200 + + def delete(self, obj_id=None): + """delete a object""" + self.controller.delete(obj_id) + return None, 204 + + +class PyAggResourceMulti(PyAggAbstractResource): + + def get(self): + """retrieve several objects. filters can be set in the payload on the + different fields of the object, and a limit can be set in there as well + """ + try: + limit = request.json.pop('limit', 10) + order_by = request.json.pop('order_by', None) + query = self.controller.read(**request.json) + except: + args = {} + for k, v in request.args.items(): + if k in self.attrs.keys(): + if self.attrs[k]['type'] in [bool, int]: + args[k] = ast.literal_eval(v) + else: + args[k] = v + limit = request.args.get('limit', 10) + order_by = request.args.get('order_by', None) + query = self.controller.read(**args) + if order_by: + query = query.order_by(order_by) + if limit: + query = query.limit(limit) + return [res for res in query] + + def post(self): + """creating several objects. payload should be a list of dict. + """ + if 'application/json' not in request.headers.get('Content-Type'): + raise BadRequest("Content-Type must be application/json") + status = 201 + results = [] + for attrs in request.json: + try: + results.append(self.controller.create(**attrs).id) + except Exception as error: + status = 206 + results.append(str(error)) + # if no operation succeded, it's not partial anymore, returning err 500 + if status == 206 and results.count('ok') == 0: + status = 500 + return results, status + + def put(self): + """creating several objects. payload should be: + >>> payload + [[obj_id1, {attr1: val1, attr2: val2}] + [obj_id2, {attr1: val1, attr2: val2}]] + """ + if 'application/json' not in request.headers.get('Content-Type'): + raise BadRequest("Content-Type must be application/json") + status = 200 + results = [] + for obj_id, attrs in request.json: + try: + new_values = {key: attrs[key] for key in + set(attrs).intersection(self.attrs)} + self.controller.update({'id': obj_id}, new_values) + results.append('ok') + except Exception as error: + status = 206 + results.append(str(error)) + # if no operation succeded, it's not partial anymore, returning err 500 + if status == 206 and results.count('ok') == 0: + status = 500 + return results, status + + def delete(self): + """will delete several objects, + a list of their ids should be in the payload""" + if 'application/json' not in request.headers.get('Content-Type'): + raise BadRequest("Content-Type must be application/json") + status = 204 + results = [] + for obj_id in request.json: + try: + self.controller.delete(obj_id) + results.append('ok') + except Exception as error: + status = 206 + results.append(error) + # if no operation succeded, it's not partial anymore, returning err 500 + if status == 206 and results.count('ok') == 0: + status = 500 + return results, status diff --git a/src/web/views/api/feed.py b/src/web/views/api/feed.py new file mode 100644 index 00000000..2bb9814f --- /dev/null +++ b/src/web/views/api/feed.py @@ -0,0 +1,69 @@ +#! /usr/bin/env python +# -*- coding: utf-8 - + +from flask import g + +from web.controllers.feed import (FeedController, + DEFAULT_MAX_ERROR, + DEFAULT_LIMIT, + DEFAULT_REFRESH_RATE) + +from web.views.api.common import PyAggAbstractResource, \ + PyAggResourceNew, \ + PyAggResourceExisting, \ + PyAggResourceMulti + +FEED_ATTRS = {'title': {'type': str}, + 'description': {'type': str}, + 'link': {'type': str}, + 'user_id': {'type': int}, + 'site_link': {'type': str}, + 'enabled': {'type': bool, 'default': True}, + 'etag': {'type': str, 'default': ''}, + 'icon_url': {'type': str, 'default': ''}, + 'last_modified': {'type': str}, + 'last_retrieved': {'type': str}, + 'last_error': {'type': str}, + 'error_count': {'type': int, 'default': 0}} + +class FeedNewAPI(PyAggResourceNew): + controller_cls = FeedController + attrs = FEED_ATTRS + to_date = ['date', 'last_retrieved'] + +class FeedAPI(PyAggResourceExisting): + controller_cls = FeedController + attrs = FEED_ATTRS + to_date = ['date', 'last_retrieved'] + +class FeedsAPI(PyAggResourceMulti): + controller_cls = FeedController + attrs = FEED_ATTRS + to_date = ['date', 'last_retrieved'] + +class FetchableFeedAPI(PyAggAbstractResource): + controller_cls = FeedController + to_date = ['date', 'last_retrieved'] + attrs = {'max_error': {'type': int, 'default': DEFAULT_MAX_ERROR}, + 'limit': {'type': int, 'default': DEFAULT_LIMIT}, + 'refresh_rate': {'type': int, 'default': DEFAULT_REFRESH_RATE}, + 'retreive_all': {'type': bool, 'default': False}} + + def get(self): + args = self.reqparse_args() + if g.user.refresh_rate: + args['refresh_rate'] = g.user.refresh_rate + + if args.pop('retreive_all', False): + contr = self.wider_controller + else: + contr = self.controller + result = [feed for feed in contr.list_fetchable(**args)] + return result or None, 200 if result else 204 + + +g.api.add_resource(FeedNewAPI, '/feed', endpoint='feed_new.json') +g.api.add_resource(FeedAPI, '/feed/<int:obj_id>', endpoint='feed.json') +g.api.add_resource(FeedsAPI, '/feeds', endpoint='feeds.json') +g.api.add_resource(FetchableFeedAPI, '/feeds/fetchable', + endpoint='fetchable_feed.json') diff --git a/src/web/views/article.py b/src/web/views/article.py new file mode 100644 index 00000000..bb914a6b --- /dev/null +++ b/src/web/views/article.py @@ -0,0 +1,40 @@ +#! /usr/bin/env python +# -*- coding: utf-8 - + +from flask import Blueprint, g, render_template, redirect + +from web import controllers, utils +from web.lib.view_utils import etag_match +from web.decorators import pyagg_default_decorator + +articles_bp = Blueprint('articles', __name__, url_prefix='/articles') +article_bp = Blueprint('article', __name__, url_prefix='/article') + + +@article_bp.route('/redirect/<int:article_id>', methods=['GET']) +@pyagg_default_decorator +def redirect_to_article(article_id): + article = controllers.ArticleController(g.user.id).get(id=article_id) + return redirect(article.link) + + +@article_bp.route('/<int:article_id>', methods=['GET']) +@pyagg_default_decorator +@etag_match +def article(article_id=None): + """ + Presents the content of an article. + """ + article = controllers.ArticleController(g.user.id).get(id=article_id) + previous_article = article.previous_article() + if previous_article is None: + previous_article = article.source.articles[0] + next_article = article.next_article() + if next_article is None: + next_article = article.source.articles[-1] + + return render_template('article.html', + head_titles=[utils.clear_string(article.title)], + article=article, + previous_article=previous_article, + next_article=next_article) diff --git a/src/web/views/feed.py b/src/web/views/feed.py new file mode 100644 index 00000000..2a9b2da8 --- /dev/null +++ b/src/web/views/feed.py @@ -0,0 +1,207 @@ +#! /usr/bin/env python +# -*- coding: utf-8 - +import base64 +import requests.exceptions +from hashlib import md5 +from datetime import datetime, timedelta +from sqlalchemy import desc +from werkzeug.exceptions import BadRequest + +from flask import Blueprint, g, render_template, flash, \ + redirect, request, url_for, Response +from flask.ext.babel import gettext +from flask.ext.login import login_required + +import conf +from web import utils +from web.lib.view_utils import etag_match +from web.lib.feed_utils import construct_feed_from +from web.forms import AddFeedForm +from web.controllers import FeedController, ArticleController + +feeds_bp = Blueprint('feeds', __name__, url_prefix='/feeds') +feed_bp = Blueprint('feed', __name__, url_prefix='/feed') + + +@feeds_bp.route('/', methods=['GET']) +@login_required +@etag_match +def feeds(): + "Lists the subscribed feeds in a table." + art_contr = ArticleController(g.user.id) + return render_template('feeds.html', + feeds=FeedController(g.user.id).read(), + unread_article_count=art_contr.count_by_feed(readed=False), + article_count=art_contr.count_by_feed()) + + +@feed_bp.route('/<int:feed_id>', methods=['GET']) +@login_required +@etag_match +def feed(feed_id=None): + "Presents detailed information about a feed." + feed = FeedController(g.user.id).get(id=feed_id) + word_size = 6 + articles = ArticleController(g.user.id) \ + .read(feed_id=feed_id) \ + .order_by(desc("Article.date")).all() + top_words = utils.top_words(articles, n=50, size=int(word_size)) + tag_cloud = utils.tag_cloud(top_words) + + today = datetime.now() + try: + last_article = articles[0].date + first_article = articles[-1].date + delta = last_article - first_article + average = round(float(len(articles)) / abs(delta.days), 2) + except: + last_article = datetime.fromtimestamp(0) + first_article = datetime.fromtimestamp(0) + delta = last_article - first_article + average = 0 + elapsed = today - last_article + + return render_template('feed.html', + head_titles=[utils.clear_string(feed.title)], + feed=feed, tag_cloud=tag_cloud, + first_post_date=first_article, + end_post_date=last_article, + average=average, delta=delta, elapsed=elapsed) + + +@feed_bp.route('/delete/<feed_id>', methods=['GET']) +@login_required +def delete(feed_id=None): + feed_contr = FeedController(g.user.id) + feed = feed_contr.get(id=feed_id) + feed_contr.delete(feed_id) + flash(gettext("Feed %(feed_title)s successfully deleted.", + feed_title=feed.title), 'success') + return redirect(url_for('home')) + + +@feed_bp.route('/reset_errors/<int:feed_id>', methods=['GET', 'POST']) +@login_required +def reset_errors(feed_id): + feed_contr = FeedController(g.user.id) + feed = feed_contr.get(id=feed_id) + feed_contr.update({'id': feed_id}, {'error_count': 0, 'last_error': ''}) + flash(gettext('Feed %(feed_title)r successfully updated.', + feed_title=feed.title), 'success') + return redirect(request.referrer or url_for('home')) + + +@feed_bp.route('/bookmarklet', methods=['GET']) +@login_required +def bookmarklet(): + feed_contr = FeedController(g.user.id) + url = request.args.get('url', None) + if not url: + flash(gettext("Couldn't add feed: url missing."), "error") + raise BadRequest("url is missing") + + feed_exists = list(feed_contr.read(__or__={'link': url, 'site_link': url})) + if feed_exists: + flash(gettext("Couldn't add feed: feed already exists."), + "warning") + return redirect(url_for('feed.form', feed_id=feed_exists[0].id)) + + try: + feed = construct_feed_from(url) + except requests.exceptions.ConnectionError: + flash(gettext("Impossible to connect to the address: {}.".format(url)), + "danger") + return redirect(url_for('home')) + if not feed.get('link'): + feed['enabled'] = False + flash(gettext("Couldn't find a feed url, you'll need to find a Atom or" + " RSS link manually and reactivate this feed"), + 'warning') + feed = feed_contr.create(**feed) + flash(gettext('Feed was successfully created.'), 'success') + if feed.enabled and conf.CRAWLING_METHOD == "classic": + utils.fetch(g.user.id, feed.id) + flash(gettext("Downloading articles for the new feed..."), 'info') + return redirect(url_for('feed.form', feed_id=feed.id)) + + +@feed_bp.route('/update/<action>/<int:feed_id>', methods=['GET', 'POST']) +@feeds_bp.route('/update/<action>', methods=['GET', 'POST']) +@login_required +def update(action, feed_id=None): + readed = action == 'read' + filters = {'readed__ne': readed} + + nb_days = request.args.get('nb_days', 0, type=int) + if nb_days != 0: + filters['date__lt'] = datetime.now() - timedelta(days=nb_days) + + if feed_id: + filters['feed_id'] = feed_id + ArticleController(g.user.id).update(filters, {'readed': readed}) + flash(gettext('Feed successfully updated.'), 'success') + return redirect(request.referrer or url_for('home')) + + +@feed_bp.route('/create', methods=['GET']) +@feed_bp.route('/edit/<int:feed_id>', methods=['GET']) +@login_required +@etag_match +def form(feed_id=None): + action = gettext("Add a feed") + head_titles = [action] + if feed_id is None: + return render_template('edit_feed.html', action=action, + head_titles=head_titles, form=AddFeedForm()) + feed = FeedController(g.user.id).get(id=feed_id) + action = gettext('Edit feed') + head_titles = [action] + if feed.title: + head_titles.append(feed.title) + return render_template('edit_feed.html', action=action, + head_titles=head_titles, + form=AddFeedForm(obj=feed), feed=feed) + + +@feed_bp.route('/create', methods=['POST']) +@feed_bp.route('/edit/<int:feed_id>', methods=['POST']) +@login_required +def process_form(feed_id=None): + form = AddFeedForm() + feed_contr = FeedController(g.user.id) + + if not form.validate(): + return render_template('edit_feed.html', form=form) + existing_feeds = list(feed_contr.read(link=form.link.data)) + if existing_feeds and feed_id is None: + flash(gettext("Couldn't add feed: feed already exists."), "warning") + return redirect(url_for('feed.form', feed_id=existing_feeds[0].id)) + # Edit an existing feed + feed_attr = {'title': form.title.data, 'enabled': form.enabled.data, + 'link': form.link.data, 'site_link': form.site_link.data, + 'filters': []} + + for filter_attr in ('type', 'pattern', 'action on', 'action'): + for i, value in enumerate( + request.form.getlist(filter_attr.replace(' ', '_'))): + if i >= len(feed_attr['filters']): + feed_attr['filters'].append({}) + feed_attr['filters'][i][filter_attr] = value + + if feed_id is not None: + feed_contr.update({'id': feed_id}, feed_attr) + flash(gettext('Feed %(feed_title)r successfully updated.', + feed_title=feed_attr['title']), 'success') + return redirect(url_for('feed.form', feed_id=feed_id)) + + # Create a new feed + new_feed = FeedController(g.user.id).create(**feed_attr) + + flash(gettext('Feed %(feed_title)r successfully created.', + feed_title=new_feed.title), 'success') + + if conf.CRAWLING_METHOD == "classic": + utils.fetch(g.user.id, new_feed.id) + flash(gettext("Downloading articles for the new feed..."), 'info') + + return redirect(url_for('feed.form', feed_id=new_feed.id)) diff --git a/src/web/views/icon.py b/src/web/views/icon.py new file mode 100644 index 00000000..895b4740 --- /dev/null +++ b/src/web/views/icon.py @@ -0,0 +1,14 @@ +import base64 +from flask import Blueprint, Response, request +from web.controllers import IconController +from web.lib.view_utils import etag_match + +icon_bp = Blueprint('icon', __name__, url_prefix='/icon') + +@icon_bp.route('/', methods=['GET']) +@etag_match +def icon(): + icon = IconController().get(url=request.args['url']) + headers = {'Cache-Control': 'max-age=86400', + 'Content-Type': icon.mimetype} + return Response(base64.b64decode(icon.content), headers=headers) diff --git a/src/web/views/views.py b/src/web/views/views.py new file mode 100644 index 00000000..ed4ae8a7 --- /dev/null +++ b/src/web/views/views.py @@ -0,0 +1,798 @@ +#! /usr/bin/env python +# -*- coding: utf-8 -*- + +# jarr - A Web based news aggregator. +# Copyright (C) 2010-2015 Cédric Bonhomme - https://www.JARR-aggregator.org +# +# For more information : https://github.com/JARR-aggregator/JARR +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +__author__ = "Cedric Bonhomme" +__version__ = "$Revision: 5.3 $" +__date__ = "$Date: 2010/01/29 $" +__revision__ = "$Date: 2014/08/27 $" +__copyright__ = "Copyright (c) Cedric Bonhomme" +__license__ = "AGPLv3" + +import os +import string +import random +import hashlib +import logging +import datetime +from collections import OrderedDict + +from bootstrap import application as app, db +from flask import render_template, request, flash, session, \ + url_for, redirect, g, current_app, make_response +from flask.ext.login import LoginManager, login_user, logout_user, \ + login_required, current_user, AnonymousUserMixin, \ + login_url +from flask.ext.principal import Principal, Identity, AnonymousIdentity, \ + identity_changed, identity_loaded, Permission,\ + RoleNeed, UserNeed +from flask.ext.babel import gettext +from sqlalchemy import or_, and_ +from sqlalchemy.exc import IntegrityError +from werkzeug import generate_password_hash + +import conf +from web import utils, notifications, export +from web.lib.view_utils import etag_match +from web.models import User, Feed, Article, Role +from web.decorators import feed_access_required +from web.forms import SignupForm, SigninForm, InformationMessageForm,\ + ProfileForm, UserForm, RecoverPasswordForm \ + +from web.controllers import UserController, FeedController, \ + ArticleController + + +Principal(app) +# Create a permission with a single Need, in this case a RoleNeed. +admin_permission = Permission(RoleNeed('admin')) + +login_manager = LoginManager() +login_manager.init_app(app) +login_manager.login_message = gettext('Authentication required.') +login_manager.login_message_category = "info" +login_manager.login_view = 'login' + +logger = logging.getLogger(__name__) + +# +# Management of the user's session. +# +@identity_loaded.connect_via(app) +def on_identity_loaded(sender, identity): + # Set the identity user object + identity.user = current_user + + # Add the UserNeed to the identity + if hasattr(current_user, 'id'): + identity.provides.add(UserNeed(current_user.id)) + + # Assuming the User model has a list of roles, update the + # identity with the roles that the user provides + if hasattr(current_user, 'roles'): + for role in current_user.roles: + identity.provides.add(RoleNeed(role.name)) + +@app.before_request +def before_request(): + g.user = current_user + if g.user.is_authenticated: + g.user.last_seen = datetime.datetime.utcnow() + db.session.add(g.user) + db.session.commit() + +@login_manager.user_loader +def load_user(id): + # Return an instance of the User model + return UserController().get(id=id) + +# +# Custom error pages. +# +@app.errorhandler(401) +def authentication_required(e): + flash(gettext('Authentication required.'), 'info') + return redirect(url_for('login')) + +@app.errorhandler(403) +def authentication_failed(e): + flash(gettext('Forbidden.'), 'danger') + return redirect(url_for('login')) + +@app.errorhandler(404) +def page_not_found(e): + return render_template('errors/404.html'), 404 + +@app.errorhandler(500) +def internal_server_error(e): + return render_template('errors/500.html'), 500 + + +def redirect_url(default='home'): + return request.args.get('next') or \ + request.referrer or \ + url_for(default) + +@g.babel.localeselector +def get_locale(): + """ + Called before each request to give us a chance to choose + the language to use when producing its response. + """ + return request.accept_languages.best_match(conf.LANGUAGES.keys()) + +@g.babel.timezoneselector +def get_timezone(): + try: + return conf.TIME_ZONE[get_locale()] + except: + return conf.TIME_ZONE["en"] + +# +# Views. +# +@app.route('/login', methods=['GET', 'POST']) +def login(): + """ + Log in view. + """ + if g.user is not None and g.user.is_authenticated: + return redirect(url_for('home')) + g.user = AnonymousUserMixin() + form = SigninForm() + if form.validate_on_submit(): + user = UserController().get(email=form.email.data) + login_user(user) + g.user = user + session['email'] = form.email.data + identity_changed.send(current_app._get_current_object(), + identity=Identity(user.id)) + return form.redirect('home') + return render_template('login.html', form=form) + +@app.route('/logout') +@login_required +def logout(): + """ + Log out view. Removes the user information from the session. + """ + session.pop('email', None) + + # Remove the user information from the session + logout_user() + + # Remove session keys set by Flask-Principal + for key in ('identity.name', 'identity.auth_type'): + session.pop(key, None) + + # Tell Flask-Principal the user is anonymous + identity_changed.send(current_app._get_current_object(), + identity=AnonymousIdentity()) + + flash(gettext("Logged out successfully."), 'success') + return redirect(url_for('login')) + +@app.route('/signup', methods=['GET', 'POST']) +def signup(): + """ + Signup page. + """ + if int(os.environ.get("SELF_REGISTRATION", 0)) != 1: + flash(gettext("Self-registration is disabled."), 'warning') + return redirect(url_for('home')) + if g.user is not None and g.user.is_authenticated: + return redirect(url_for('home')) + + form = SignupForm() + + if form.validate_on_submit(): + role_user = Role.query.filter(Role.name == "user").first() + user = User(nickname=form.nickname.data, + email=form.email.data, + pwdhash=generate_password_hash(form.password.data)) + user.roles = [role_user] + db.session.add(user) + try: + db.session.commit() + except IntegrityError: + flash(gettext('Email already used.'), 'warning') + return render_template('signup.html', form=form) + + # Send the confirmation email + try: + notifications.new_account_notification(user) + except Exception as error: + flash(gettext('Problem while sending activation email: %(error)s', + error=error), 'danger') + return redirect(url_for('home')) + + flash(gettext('Your account has been created. ' + 'Check your mail to confirm it.'), 'success') + return redirect(url_for('home')) + + return render_template('signup.html', form=form) + + +@etag_match +def render_home(filters=None, head_titles=None, + page_to_render='home', **kwargs): + if filters is None: + filters = {} + if head_titles is None: + head_titles = [] + feed_contr = FeedController(g.user.id) + arti_contr = ArticleController(g.user.id) + feeds = {feed.id: feed.title for feed in feed_contr.read()} + + in_error = {feed.id: feed.error_count for feed in + feed_contr.read(error_count__gt=2)} + + filter_ = request.args.get('filter_', + 'unread' if page_to_render == 'home' else 'all') + sort_ = request.args.get('sort_', 'date') + feed_id = int(request.args.get('feed_id', 0)) + limit = request.args.get('limit', 1000) + + if filter_ != 'all': + filters['readed'] = filter_ == 'read' + if feed_id: + filters['feed_id'] = feed_id + head_titles.append(feed_contr.get(id=feed_id).title) + + sort_param = {"feed": Feed.title.desc(), + "date": Article.date.desc(), + "article": Article.title.desc(), + "-feed": Feed.title.asc(), + "-date": Article.date.asc(), + "-article": Article.title.asc() + }.get(sort_, Article.date.desc()) + + articles = arti_contr.read(**filters).join(Article.source). \ + order_by(sort_param) + if limit != 'all': + limit = int(limit) + articles = articles.limit(limit) + + def gen_url(filter_=filter_, sort_=sort_, limit=limit, feed_id=feed_id, + **kwargs): + o_kwargs = OrderedDict() + for key in sorted(kwargs): + o_kwargs[key] = kwargs[key] + if page_to_render == 'search': + o_kwargs['query'] = request.args.get('query', '') + o_kwargs['search_title'] = request.args.get('search_title', 'off') + o_kwargs['search_content'] = request.args.get( + 'search_content', 'off') + # if nor title and content are selected, selecting title + if o_kwargs['search_title'] == o_kwargs['search_content'] == 'off': + o_kwargs['search_title'] = 'on' + o_kwargs['filter_'] = filter_ + o_kwargs['sort_'] = sort_ + o_kwargs['limit'] = limit + o_kwargs['feed_id'] = feed_id + return url_for(page_to_render, **o_kwargs) + + articles = list(articles) + if (page_to_render == 'home' and feed_id or page_to_render == 'search') \ + and filter_ != 'all' and not articles: + return redirect(gen_url(filter_='all')) + + return render_template('home.html', gen_url=gen_url, + feed_id=feed_id, page_to_render=page_to_render, + filter_=filter_, limit=limit, feeds=feeds, + unread=arti_contr.count_by_feed(readed=False), + articles=articles, in_error=in_error, + head_titles=head_titles, sort_=sort_, **kwargs) + + +@app.route('/') +@login_required +def home(): + "Home page for connected users. Displays by default unread articles." + return render_home() + + +@app.route('/favorites') +@login_required +def favorites(): + return render_home({'like': True}, [gettext('Favorites')], 'favorites') + + +@app.route('/search', methods=['GET']) +@login_required +def search(): + "Search articles corresponding to the query." + if 'query' not in request.args: + flash(gettext("No text to search were provided."), "warning") + return render_home() + query = request.args['query'] + filters = {} + search_title = request.args.get('search_title', 'off') + search_content = request.args.get('search_content', 'off') + if search_title == 'on': + filters['title__ilike'] = "%%%s%%" % query + if search_content == 'on': + filters['content__ilike'] = "%%%s%%" % query + if len(filters) == 0: + search_title = 'on' + filters['title__ilike'] = "%%%s%%" % query + if len(filters) > 1: + filters = {"__or__": filters} + return render_home(filters, ["%s %s" % (gettext('Search:'), query)], + 'search', search_query=query, search_title=search_title, + search_content=search_content) + + +@app.route('/fetch', methods=['GET']) +@app.route('/fetch/<int:feed_id>', methods=['GET']) +@login_required +def fetch(feed_id=None): + """ + Triggers the download of news. + News are downloaded in a separated process, mandatory for Heroku. + """ + if conf.CRAWLING_METHOD == "classic" \ + and (not conf.ON_HEROKU or g.user.is_admin()): + utils.fetch(g.user.id, feed_id) + flash(gettext("Downloading articles..."), "info") + else: + flash(gettext("The manual retrieving of news is only available " + + "for administrator, on the Heroku platform."), "info") + return redirect(redirect_url()) + + +@app.route('/about', methods=['GET']) +@etag_match +def about(): + """ + 'About' page. + """ + return render_template('about.html') + + +@app.route('/mark_as/<string:new_value>', methods=['GET']) +@app.route('/mark_as/<string:new_value>/article/<int:article_id>', methods=['GET']) +@login_required +@feed_access_required +def mark_as(new_value='read', feed_id=None, article_id=None): + """ + Mark all unreaded articles as read. + """ + readed = new_value == 'read' + articles = Article.query.filter(Article.user_id == g.user.id) + if feed_id is not None: + articles = articles.filter(Article.feed_id == feed_id) + message = 'Feed marked as %s.' + elif article_id is not None: + articles = articles.filter(Article.id == article_id) + message = 'Article marked as %s.' + else: + message = 'All article marked as %s.' + articles.filter(Article.readed == (not readed)).update({"readed": readed}) + flash(gettext(message % new_value), 'info') + db.session.commit() + if readed: + return redirect(redirect_url()) + return redirect(url_for('home')) + +@app.route('/like/<int:article_id>', methods=['GET']) +@login_required +def like(article_id=None): + """ + Mark or unmark an article as favorites. + """ + Article.query.filter(Article.user_id == g.user.id, Article.id == article_id). \ + update({ + "like": not Article.query.filter(Article.id == article_id).first().like + }) + db.session.commit() + return redirect(redirect_url()) + +@app.route('/delete/<int:article_id>', methods=['GET']) +@login_required +def delete(article_id=None): + """ + Delete an article from the database. + """ + article = Article.query.filter(Article.id == article_id).first() + if article is not None and article.source.subscriber.id == g.user.id: + db.session.delete(article) + db.session.commit() + flash(gettext('Article') + ' ' + article.title + ' ' + gettext('deleted.'), 'success') + return redirect(redirect_url()) + else: + flash(gettext('This article do not exist.'), 'danger') + return redirect(url_for('home')) + + +@app.route('/inactives', methods=['GET']) +@login_required +def inactives(): + """ + List of inactive feeds. + """ + nb_days = int(request.args.get('nb_days', 365)) + user = UserController(g.user.id).get(email=g.user.email) + today = datetime.datetime.now() + inactives = [] + for feed in user.feeds: + try: + last_post = feed.articles[0].date + except IndexError: + continue + elapsed = today - last_post + if elapsed > datetime.timedelta(days=nb_days): + inactives.append((feed, elapsed)) + inactives.sort(key=lambda tup: tup[1], reverse=True) + return render_template('inactives.html', inactives=inactives, nb_days=nb_days) + +@app.route('/duplicates/<int:feed_id>', methods=['GET']) +@login_required +def duplicates(feed_id=None): + """ + Return duplicates article for a feed. + """ + feed = Feed.query.filter(Feed.user_id == g.user.id, Feed.id == feed_id).first() + duplicates = [] + duplicates = utils.compare_documents(feed) + if len(duplicates) == 0: + flash(gettext('No duplicates in the feed "{}".').format(feed.title), + 'info') + return redirect(redirect_url()) + return render_template('duplicates.html', duplicates=duplicates, feed=feed) + +@app.route('/export', methods=['GET']) +@login_required +def export_articles(): + """ + Export all articles to HTML or JSON. + """ + user = UserController(g.user.id).get(id=g.user.id) + if request.args.get('format') == "HTML": + # Export to HTML + try: + archive_file, archive_file_name = export.export_html(user) + except: + flash(gettext("Error when exporting articles."), 'danger') + return redirect(redirect_url()) + response = make_response(archive_file) + response.headers['Content-Type'] = 'application/x-compressed' + response.headers['Content-Disposition'] = 'attachment; filename=%s' \ + % archive_file_name + elif request.args.get('format') == "JSON": + # Export to JSON + try: + json_result = export.export_json(user) + except: + flash(gettext("Error when exporting articles."), 'danger') + return redirect(redirect_url()) + response = make_response(json_result) + response.mimetype = 'application/json' + response.headers["Content-Disposition"] = 'attachment; filename=account.json' + else: + flash(gettext('Export format not supported.'), 'warning') + return redirect(redirect_url()) + return response + +@app.route('/export_opml', methods=['GET']) +@login_required +def export_opml(): + """ + Export all feeds to OPML. + """ + user = UserController(g.user.id).get(id=g.user.id) + response = make_response(render_template('opml.xml', user=user, + now=datetime.datetime.now())) + response.headers['Content-Type'] = 'application/xml' + response.headers['Content-Disposition'] = 'attachment; filename=feeds.opml' + return response + + +@app.route('/management', methods=['GET', 'POST']) +@login_required +def management(): + """ + Display the management page. + """ + if request.method == 'POST': + if None != request.files.get('opmlfile', None): + # Import an OPML file + data = request.files.get('opmlfile', None) + if not utils.allowed_file(data.filename): + flash(gettext('File not allowed.'), 'danger') + else: + try: + nb = utils.import_opml(g.user.email, data.read()) + if conf.CRAWLING_METHOD == "classic": + utils.fetch(g.user.email, None) + flash(str(nb) + ' ' + gettext('feeds imported.'), + "success") + flash(gettext("Downloading articles..."), 'info') + except: + flash(gettext("Impossible to import the new feeds."), + "danger") + elif None != request.files.get('jsonfile', None): + # Import an account + data = request.files.get('jsonfile', None) + if not utils.allowed_file(data.filename): + flash(gettext('File not allowed.'), 'danger') + else: + try: + nb = utils.import_json(g.user.email, data.read()) + flash(gettext('Account imported.'), "success") + except: + flash(gettext("Impossible to import the account."), + "danger") + else: + flash(gettext('File not allowed.'), 'danger') + + nb_feeds = len(g.user.feeds.all()) + articles = Article.query.filter(Article.user_id == g.user.id) + nb_articles = articles.count() + nb_unread_articles = articles.filter(Article.readed == False).count() + return render_template('management.html', user=g.user, + nb_feeds=nb_feeds, nb_articles=nb_articles, + nb_unread_articles=nb_unread_articles) + +@app.route('/history', methods=['GET']) +@app.route('/history/<int:year>', methods=['GET']) +@app.route('/history/<int:year>/<int:month>', methods=['GET']) +@login_required +def history(year=None, month=None): + articles_counter, articles = utils.history(g.user.id, year, month) + return render_template('history.html', + articles_counter=articles_counter, + articles=articles, + year=year, month=month) + + +@app.route('/profile', methods=['GET', 'POST']) +@login_required +def profile(): + """ + Edit the profile of the currently logged user. + """ + user = UserController(g.user.id).get(id=g.user.id) + form = ProfileForm() + + if request.method == 'POST': + if form.validate(): + form.populate_obj(user) + if form.password.data != "": + user.set_password(form.password.data) + db.session.commit() + flash("%s %s %s" % (gettext('User'), user.nickname, + gettext('successfully updated.')), + 'success') + return redirect(url_for('profile')) + else: + return render_template('profile.html', user=user, form=form) + + if request.method == 'GET': + form = ProfileForm(obj=user) + return render_template('profile.html', user=user, form=form) + +@app.route('/delete_account', methods=['GET']) +@login_required +def delete_account(): + """ + Delete the account of the user (with all its data). + """ + user = UserController(g.user.id).get(id=g.user.id) + if user is not None: + db.session.delete(user) + db.session.commit() + flash(gettext('Your account has been deleted.'), 'success') + else: + flash(gettext('This user does not exist.'), 'danger') + return redirect(url_for('login')) + +@app.route('/expire_articles', methods=['GET']) +@login_required +def expire_articles(): + """ + Delete articles older than the given number of weeks. + """ + weeks_ago = datetime.datetime.utcnow() - \ + datetime.timedelta(weeks=int(request.args.get('weeks', 10))) + Article.query.filter( + and_(Article.user_id == g.user.id, + or_(Article.date < weeks_ago, + Article.retrieved_date < weeks_ago))).delete() + flash(gettext('Articles deleted.'), 'info') + db.session.commit() + return redirect(redirect_url()) + +@app.route('/confirm_account/<string:activation_key>', methods=['GET']) +def confirm_account(activation_key=None): + """ + Confirm the account of a user. + """ + if activation_key != "": + user = User.query.filter(User.activation_key == activation_key).first() + if user is not None: + user.activation_key = "" + db.session.commit() + flash(gettext('Your account has been confirmed.'), 'success') + else: + flash(gettext('Impossible to confirm this account.'), 'danger') + return redirect(url_for('login')) + +@app.route('/recover', methods=['GET', 'POST']) +def recover(): + """ + Enables the user to recover its account when he has forgotten + its password. + """ + form = RecoverPasswordForm() + + if request.method == 'POST': + if form.validate(): + user = User.query.filter(User.email == form.email.data).first() + characters = string.ascii_letters + string.digits + password = "".join(random.choice(characters) for x in range(random.randint(8, 16))) + user.set_password(password) + db.session.commit() + + # Send the confirmation email + try: + notifications.new_password_notification(user, password) + flash(gettext('New password sent to your address.'), 'success') + except Exception as e: + flash(gettext('Problem while sending your new password.') + ': ' + str(e), 'danger') + + return redirect(url_for('login')) + return render_template('recover.html', form=form) + + if request.method == 'GET': + return render_template('recover.html', form=form) + +# +# Views dedicated to administration tasks. +# +@app.route('/admin/dashboard', methods=['GET', 'POST']) +@login_required +@admin_permission.require(http_exception=403) +def dashboard(): + """ + Adminstrator's dashboard. + """ + form = InformationMessageForm() + + if request.method == 'POST': + if form.validate(): + try: + notifications.information_message(form.subject.data, form.message.data) + except Exception as e: + flash(gettext('Problem while sending email') + ': ' + str(e), 'danger') + + users = User.query.all() + return render_template('admin/dashboard.html', users=users, current_user=g.user, form=form) + +@app.route('/admin/create_user', methods=['GET', 'POST']) +@app.route('/admin/edit_user/<int:user_id>', methods=['GET', 'POST']) +@login_required +@admin_permission.require(http_exception=403) +def create_user(user_id=None): + """ + Create or edit a user. + """ + form = UserForm() + + if request.method == 'POST': + if form.validate(): + role_user = Role.query.filter(Role.name == "user").first() + if user_id is not None: + # Edit a user + user = User.query.filter(User.id == user_id).first() + form.populate_obj(user) + if form.password.data != "": + user.set_password(form.password.data) + db.session.commit() + flash(gettext('User') + ' ' + user.nickname + ' ' + gettext('successfully updated.'), 'success') + else: + # Create a new user + user = User(nickname=form.nickname.data, + email=form.email.data, + pwdhash=generate_password_hash(form.password.data)) + user.roles.extend([role_user]) + user.activation_key = "" + db.session.add(user) + db.session.commit() + flash("%s %s %s" % (gettext('User'), user.nickname, + gettext('successfully created.')), + 'success') + return redirect(url_for('create_user', user_id=user.id)) + else: + return redirect(url_for('create_user')) + + if request.method == 'GET': + if user_id is not None: + user = User.query.filter(User.id == user_id).first() + form = UserForm(obj=user) + message = "%s <i>%s</i>" % (gettext('Edit the user'), + user.nickname) + else: + form = UserForm() + message = gettext('Add a new user') + return render_template('/admin/create_user.html', + form=form, message=message) + +@app.route('/admin/user/<int:user_id>', methods=['GET']) +@login_required +@admin_permission.require(http_exception=403) +def user(user_id=None): + """ + See information about a user (stations, etc.). + """ + user = UserController().get(id=user_id) + if user is not None: + article_contr = ArticleController(user_id) + return render_template('/admin/user.html', user=user, feeds=user.feeds, + article_count=article_contr.count_by_feed(), + unread_article_count=article_contr.count_by_feed(readed=False)) + + else: + flash(gettext('This user does not exist.'), 'danger') + return redirect(redirect_url()) + +@app.route('/admin/delete_user/<int:user_id>', methods=['GET']) +@login_required +@admin_permission.require(http_exception=403) +def delete_user(user_id=None): + """ + Delete a user (with all its data). + """ + user = User.query.filter(User.id == user_id).first() + if user is not None: + db.session.delete(user) + db.session.commit() + flash(gettext('User') + ' ' + user.nickname + ' ' + gettext('successfully deleted.'), 'success') + else: + flash(gettext('This user does not exist.'), 'danger') + return redirect(redirect_url()) + +@app.route('/admin/enable_user/<int:user_id>', methods=['GET']) +@app.route('/admin/disable_user/<int:user_id>', methods=['GET']) +@login_required +@admin_permission.require() +def disable_user(user_id=None): + """ + Enable or disable the account of a user. + """ + user = User.query.filter(User.id == user_id).first() + if user is not None: + if user.activation_key != "": + + # Send the confirmation email + try: + notifications.new_account_activation(user) + user.activation_key = "" + flash(gettext('Account of the user') + ' ' + user.nickname + ' ' + gettext('successfully activated.'), 'success') + except Exception as e: + flash(gettext('Problem while sending activation email') + ': ' + str(e), 'danger') + + else: + user.activation_key = hashlib.sha512(str(random.getrandbits(256)).encode("utf-8")).hexdigest()[:86] + flash(gettext('Account of the user') + ' ' + user.nickname + ' ' + gettext('successfully disabled.'), 'success') + db.session.commit() + else: + flash(gettext('This user does not exist.'), 'danger') + return redirect(redirect_url()) |