#! /usr/bin/env python # -*- coding: utf-8 -*- # pyAggr3g470r - A Web based news aggregator. # Copyright (C) 2010-2014 Cédric Bonhomme - http://cedricbonhomme.org/ # # For more information : https://bitbucket.org/cedricbonhomme/pyaggr3g470r/ # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as # published by the Free Software Foundation, either version 3 of the # License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . __author__ = "Cedric Bonhomme" __version__ = "$Revision: 5.0 $" __date__ = "$Date: 2010/01/29 $" __revision__ = "$Date: 2014/05/05 $" __copyright__ = "Copyright (c) Cedric Bonhomme" __license__ = "AGPLv3" import os import subprocess import datetime from flask import render_template, request, flash, session, url_for, redirect, g, current_app, make_response from flask.ext.login import LoginManager, login_user, logout_user, login_required, current_user, AnonymousUserMixin from flask.ext.principal import Principal, Identity, AnonymousIdentity, identity_changed, identity_loaded, Permission, RoleNeed, UserNeed from flask.ext.babel import gettext from sqlalchemy import desc from sqlalchemy.exc import IntegrityError from werkzeug import generate_password_hash import conf import utils import export import emails if not conf.ON_HEROKU: import search as fastsearch from forms import SignupForm, SigninForm, AddFeedForm, ProfileForm from pyaggr3g470r import app, db, allowed_file, babel from pyaggr3g470r.models import User, Feed, Article, Role from pyaggr3g470r.decorators import feed_access_required Principal(app) # Create a permission with a single Need, in this case a RoleNeed. admin_permission = Permission(RoleNeed('admin')) login_manager = LoginManager() login_manager.init_app(app) # # Management of the user's session. # @identity_loaded.connect_via(app) def on_identity_loaded(sender, identity): # Set the identity user object identity.user = current_user # Add the UserNeed to the identity if hasattr(current_user, 'id'): identity.provides.add(UserNeed(current_user.id)) # Assuming the User model has a list of roles, update the # identity with the roles that the user provides if hasattr(current_user, 'roles'): for role in current_user.roles: identity.provides.add(RoleNeed(role.name)) @app.before_request def before_request(): g.user = current_user if g.user.is_authenticated(): g.user.last_seen = datetime.datetime.utcnow() db.session.add(g.user) db.session.commit() @login_manager.user_loader def load_user(email): # Return an instance of the User model return User.query.filter(User.email == email).first() # # Custom error pages. # @app.errorhandler(401) def authentication_required(e): flash(gettext('Authentication required.'), 'info') return redirect(url_for('login')) @app.errorhandler(403) def authentication_failed(e): flash(gettext('Forbidden.'), 'danger') return redirect(url_for('home')) @app.errorhandler(404) def page_not_found(e): return render_template('errors/404.html'), 404 @app.errorhandler(500) def internal_server_error(e): return render_template('errors/500.html'), 500 def redirect_url(default='home'): return request.args.get('next') or \ request.referrer or \ url_for(default) @babel.localeselector def get_locale(): """ Called before each request to give us a chance to choose the language to use when producing its response. """ return request.accept_languages.best_match(conf.LANGUAGES.keys()) @babel.timezoneselector def get_timezone(): try: return conf.TIME_ZONE[get_locale()] except: return conf.TIME_ZONE["en"] # # Views. # @app.route('/login/', methods=['GET', 'POST']) def login(): """ Log in view. """ g.user = AnonymousUserMixin() form = SigninForm() if form.validate_on_submit(): user = User.query.filter(User.email == form.email.data).first() login_user(user) g.user = user identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) flash(gettext("Logged in successfully."), 'success') return redirect(url_for('home')) return render_template('login.html', form=form) @app.route('/logout/') @login_required def logout(): """ Log out view. Removes the user information from the session. """ # Remove the user information from the session logout_user() # Remove session keys set by Flask-Principal for key in ('identity.name', 'identity.auth_type'): session.pop(key, None) # Tell Flask-Principal the user is anonymous identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity()) flash(gettext("Logged out successfully."), 'success') return redirect(url_for('login')) @app.route('/signup/', methods=['GET', 'POST']) def signup(): """ Signup page. """ form = SignupForm() if form.validate_on_submit(): role_user = Role.query.filter(Role.name == "user").first() user = User(nickname=form.nickname.data, email=form.email.data, pwdhash=generate_password_hash(form.password.data)) user.roles = [role_user] db.session.add(user) try: db.session.commit() except IntegrityError: flash(gettext('Email already used.'), 'warning') return render_template('signup.html', form=form) # Send the confirmation email try: emails.new_account_notification(user) except Exception as e: flash(gettext('Problem while sending activation email') + ': ' + str(e), 'danger') return redirect(url_for('home')) flash(gettext('Your account has been created. Check your mail to confirm it.'), 'success') return redirect(url_for('home')) return render_template('signup.html', form=form) @app.route('/') @login_required def home(): """ The home page lists most recent articles of all feeds. """ user = User.query.filter(User.email == g.user.email).first() result = [] for feed in user.feeds: new_feed = Feed() new_feed.id = feed.id new_feed.title = feed.title new_feed.enabled = feed.enabled new_feed.articles = Article.query.filter(Article.user_id == g.user.id, Article.feed_id == feed.id).order_by(desc("Article.date")).limit(9) result.append(new_feed) unread_articles = len(Article.query.filter(Article.user_id == g.user.id, Article.readed == False).all()) return render_template('home.html', result=result, head_title=unread_articles) @app.route('/fetch/', methods=['GET']) @app.route('/fetch/', methods=['GET']) @login_required def fetch(feed_id=None): """ Triggers the download of news. News are downloaded in a separated process, mandatory for Heroku. """ cmd = ['python', conf.basedir+'/fetch.py', g.user.email, str(feed_id)] p = subprocess.Popen(cmd, stdout=subprocess.PIPE) flash(gettext("Downloading articles..."), 'success') return redirect(redirect_url()) @app.route('/about/', methods=['GET']) def about(): """ 'About' page. """ return render_template('about.html') @app.route('/feeds/', methods=['GET']) @login_required def feeds(): """ Lists the subscribed feeds in a table. """ user = User.query.filter(User.email == g.user.email).first() return render_template('feeds.html', feeds=user.feeds) @app.route('/feed/', methods=['GET']) @login_required @feed_access_required def feed(feed_id=None): """ Presents detailed information about a feed. """ feed = Feed.query.filter(Feed.id == feed_id).first() word_size = 6 articles = feed.articles.all() nb_articles = len(Article.query.filter(Article.user_id == g.user.id).all()) top_words = utils.top_words(articles, n=50, size=int(word_size)) tag_cloud = utils.tag_cloud(top_words) today = datetime.datetime.now() try: last_article = articles[0].date first_article = articles[-1].date delta = last_article - first_article average = round(float(len(articles)) / abs(delta.days), 2) except: last_article = datetime.datetime.fromtimestamp(0) first_article = datetime.datetime.fromtimestamp(0) delta = last_article - first_article average = 0 elapsed = today - last_article return render_template('feed.html', head_title=utils.clear_string(feed.title), feed=feed, tag_cloud=tag_cloud, \ first_post_date=first_article, end_post_date=last_article , nb_articles=nb_articles, \ average=average, delta=delta, elapsed=elapsed) @app.route('/article/', methods=['GET']) @login_required def article(article_id=None): """ Presents the content of an article. """ article = Article.query.filter(Article.user_id == g.user.id, Article.id == article_id).first() if article is not None: if not article.readed: article.readed = True db.session.commit() previous_article = article.previous_article() if previous_article is None: previous_article = article.source.articles[0] next_article = article.next_article() if next_article is None: next_article = article.source.articles[-1] return render_template('article.html', head_title=utils.clear_string(article.title), article=article, previous_article=previous_article, next_article=next_article) flash("This article do not exist.", 'warning') return redirect(redirect_url()) @app.route('/mark_as_read/', methods=['GET']) @app.route('/mark_as_read/', methods=['GET']) @login_required @feed_access_required def mark_as_read(feed_id=None): """ Mark all unreaded articles as read. """ if feed_id is not None: Article.query.filter(Article.user_id == g.user.id, Article.feed_id == feed_id, Article.readed == False).update({"readed": True}) flash(gettext('Articles marked as read.'), 'info') else: Article.query.filter(Article.user_id == g.user.id, Article.readed == False).update({"readed": True}) flash(gettext("All articles marked as read"), 'info') db.session.commit() return redirect(redirect_url()) @app.route('/like/', methods=['GET']) @login_required def like(article_id=None): """ Mark or unmark an article as favorites. """ Article.query.filter(Article.user_id == g.user.id, Article.id == article_id). \ update({ "like": not Article.query.filter(Article.id == article_id).first().like }) db.session.commit() return redirect(redirect_url()) @app.route('/delete//', methods=['GET']) @login_required def delete(article_id=None): """ Delete an article from the database. """ article = Article.query.filter(Article.id == article_id).first() if article is not None and article.source.subscriber.id == g.user.id: db.session.delete(article) db.session.commit() try: fastsearch.delete_article(g.user.id, article.feed_id, article.id) except: pass flash(gettext('Article') + ' ' + article.title + ' ' + gettext('deleted.'), 'success') return redirect(url_for('home')) else: flash(gettext('This article do not exist.'), 'danger') return redirect(url_for('home')) @app.route('/articles//', methods=['GET']) @app.route('/articles//', methods=['GET']) @login_required @feed_access_required def articles(feed_id=None, nb_articles=-1): """ List articles of a feed. The administrator of the platform is able to access to this view for every users. """ feed = Feed.query.filter(Feed.id == feed_id).first() new_feed = Feed() new_feed.id = feed.id new_feed.title = feed.title new_feed.site_link = feed.site_link if len(feed.articles.all()) <= nb_articles: nb_articles = -1 if nb_articles == -1: nb_articles = int(1e9) new_feed.articles = Article.query.filter(Article.user_id == g.user.id, \ Article.feed_id == feed.id).order_by(desc("Article.date")).limit(nb_articles) return render_template('articles.html', feed=new_feed, nb_articles=nb_articles) @app.route('/favorites/', methods=['GET']) @login_required def favorites(): """ List favorites articles. """ feeds_with_like = Feed.query.filter(Feed.user_id == g.user.id, Feed.articles.any(like=True)) result, nb_favorites = [], 0 for feed in feeds_with_like: new_feed = Feed() new_feed.id = feed.id new_feed.title = feed.title new_feed.articles = Article.query.filter(Article.user_id == g.user.id, Article.feed_id == feed.id, Article.like == True).all() length = len(new_feed.articles.all()) if length != 0: result.append(new_feed) nb_favorites += length return render_template('favorites.html', feeds=result, nb_favorites=nb_favorites) @app.route('/unread/', methods=['GET']) @login_required def unread(): """ List unread articles. """ feeds_with_unread = Feed.query.filter(Feed.user_id == g.user.id, Feed.articles.any(readed=False)) result, nb_unread = [], 0 for feed in feeds_with_unread: new_feed = Feed() new_feed.id = feed.id new_feed.title = feed.title new_feed.articles = Article.query.filter(Article.user_id == g.user.id, Article.feed_id == feed.id, Article.readed == False).all() length = len(new_feed.articles.all()) if length != 0: result.append(new_feed) nb_unread += length return render_template('unread.html', feeds=result, nb_unread=nb_unread) @app.route('/inactives/', methods=['GET']) @login_required def inactives(): """ List of inactive feeds. """ nb_days = int(request.args.get('nb_days', 365)) user = User.query.filter(User.id == g.user.id).first() today = datetime.datetime.now() inactives = [] for feed in user.feeds: try: last_post = feed.articles[0].date except IndexError: continue elapsed = today - last_post if elapsed > datetime.timedelta(days=nb_days): inactives.append((feed, elapsed)) return render_template('inactives.html', inactives=inactives, nb_days=nb_days) @app.route('/index_database/', methods=['GET']) @login_required def index_database(): """ Index all the database. """ if not conf.ON_HEROKU: user = User.query.filter(User.id == g.user.id).first() try: fastsearch.create_index(user) flash(gettext('Database indexed.'), 'success') except Exception as e: flash(gettext('An error occured') + ' (%s).' % e, 'danger') return redirect(url_for('home')) else: flash(gettext('Option not available on Heroku.'), 'success') return redirect(url_for('home')) @app.route('/export/', methods=['GET']) @login_required def export_articles(): """ Export all articles to HTML or JSON. """ user = User.query.filter(User.id == g.user.id).first() if request.args.get('format') == "HTML": # Export to HTML try: archive_file, archive_file_name = export.export_html(user) except: flash(gettext("Error when exporting articles."), 'danger') return redirect(redirect_url()) response = make_response(archive_file) response.headers['Content-Type'] = 'application/x-compressed' response.headers['Content-Disposition'] = 'attachment; filename='+archive_file_name elif request.args.get('format') == "JSON": # Export to JSON try: json_result = export.export_json(user) except: flash(gettext("Error when exporting articles."), 'danger') return redirect(redirect_url()) response = make_response(json_result) response.mimetype = 'application/json' response.headers["Content-Disposition"] = 'attachment; filename=articles.json' else: flash(gettext('Export format not supported.'), 'warning') return redirect(redirect_url()) return response @app.route('/export_opml/', methods=['GET']) @login_required def export_opml(): """ Export all feeds to OPML. """ user = User.query.filter(User.id == g.user.id).first() response = make_response(render_template('opml.xml', user=user, now=datetime.datetime.now())) response.headers['Content-Type'] = 'application/xml' response.headers['Content-Disposition'] = 'attachment; filename=feeds.opml' return response @app.route('/search/', methods=['GET']) @login_required def search(): """ Search articles corresponding to the query. """ if conf.ON_HEROKU: flash(gettext("Full text search is not yet implemented for Heroku."), "warning") return redirect(url_for('home')) user = User.query.filter(User.id == g.user.id).first() search_result, result = [], [] nb_articles = 0 query = request.args.get('query', None) if query is not None: try: search_result, nb_articles = fastsearch.search(user.id, query) except Exception as e: flash(gettext('An error occured') + ' (%s).' % e, 'danger') for feed_id in search_result: for feed in user.feeds: if feed.id == feed_id: new_feed = Feed() new_feed.id = feed.id new_feed.title = feed.title new_feed.articles = [] for article_id in search_result[feed_id]: current_article = Article.query.filter(Article.user_id == g.user.id, Article.id == article_id).first() new_feed.articles.append(current_article) new_feed.articles = sorted(new_feed.articles, key=lambda t: t.date, reverse=True) result.append(new_feed) break return render_template('search.html', feeds=result, nb_articles=nb_articles, query=query) @app.route('/management/', methods=['GET', 'POST']) @login_required def management(): """ Display the management page. """ if request.method == 'POST': # Import an OPML file data = request.files.get('opmlfile', None) if None == data or not allowed_file(data.filename): flash(gettext('File not allowed.'), 'danger') else: opml_path = os.path.join("./pyaggr3g470r/var/", data.filename) data.save(opml_path) try: nb = utils.import_opml(g.user.email, opml_path) flash(str(nb) + ' ' + gettext('feeds imported.'), "success") except Exception as e: flash(gettext("Impossible to import the new feeds."), "danger") form = AddFeedForm() user = User.query.filter(User.id == g.user.id).first() nb_feeds = len(user.feeds.all()) nb_articles = len(Article.query.filter(Article.user_id == g.user.id).all()) nb_unread_articles = len(Article.query.filter(Article.user_id == g.user.id, Article.readed == False).all()) return render_template('management.html', user=user, form=form, \ nb_feeds=nb_feeds, nb_articles=nb_articles, nb_unread_articles=nb_unread_articles, \ not_on_heroku = not conf.ON_HEROKU) @app.route('/history/', methods=['GET']) @login_required def history(): user = User.query.filter(User.id == g.user.id).first() return render_template('history.html') @app.route('/create_feed/', methods=['GET', 'POST']) @app.route('/edit_feed/', methods=['GET', 'POST']) @login_required @feed_access_required def edit_feed(feed_id=None): """ Add or edit a feed. """ feed = Feed.query.filter(Feed.id == feed_id).first() form = AddFeedForm() if request.method == 'POST': if form.validate() == False: return render_template('edit_feed.html', form=form) if feed_id is not None: # Edit an existing feed form.populate_obj(feed) db.session.commit() flash(gettext('Feed') + ' ' + feed.title + ' ' + gettext('successfully updated.'), 'success') return redirect('/edit_feed/' + str(feed_id)) else: # Create a new feed existing_feed = [feed for feed in g.user.feeds if feed.link == form.link.data] if len(existing_feed) == 0: new_feed = Feed(title=form.title.data, description="", link=form.link.data, \ site_link=form.site_link.data, email_notification=form.email_notification.data, \ enabled=form.enabled.data) g.user.feeds.append(new_feed) #user.feeds = sorted(user.feeds, key=lambda t: t.title.lower()) db.session.commit() flash(gettext('Feed') + ' ' + new_feed.title + ' ' + gettext('successfully created.'), 'success') return redirect('/edit_feed/' + str(new_feed.id)) else: flash(gettext('Feed') + ' ' + existing_feed[0].title + ' ' + gettext('already in the database.'), 'warning') return redirect('/edit_feed/' + str(existing_feed[0].id)) if request.method == 'GET': if feed_id is not None: form = AddFeedForm(obj=feed) return render_template('edit_feed.html', action=gettext("Edit the feed"), form=form, feed=feed, \ not_on_heroku = not conf.ON_HEROKU) # Return an empty form in order to create a new feed return render_template('edit_feed.html', action=gettext("Add a feed"), form=form, \ not_on_heroku = not conf.ON_HEROKU) @app.route('/delete_feed/', methods=['GET']) @login_required @feed_access_required def delete_feed(feed_id=None): """ Delete a feed with all associated articles. """ feed = Feed.query.filter(Feed.id == feed_id).first() db.session.delete(feed) db.session.commit() flash(gettext('Feed') + ' ' + feed.title + ' ' + gettext('successfully deleted.'), 'success') return redirect(redirect_url()) @app.route('/profile/', methods=['GET', 'POST']) @login_required def profile(): """ Edit the profile of the currently logged user. """ user = User.query.filter(User.email == g.user.email).first() form = ProfileForm() if request.method == 'POST': if form.validate(): form.populate_obj(user) if form.password.data != "": user.set_password(form.password.data) db.session.commit() flash(gettext('User') + ' ' + user.nickname + ' ' + gettext('successfully updated.'), 'success') return redirect(url_for('profile')) else: return render_template('profile.html', form=form) if request.method == 'GET': form = ProfileForm(obj=user) return render_template('profile.html', user=user, form=form) @app.route('/delete_account/', methods=['GET']) @login_required def delete_account(): """ Delete the account of the user (with all its data). """ user = User.query.filter(User.email == g.user.email).first() if user is not None: db.session.delete(user) db.session.commit() flash(gettext('Your account has been deleted.'), 'success') else: flash(gettext('This user does not exist.'), 'danger') return redirect(url_for('login')) @app.route('/confirm_account/', methods=['GET']) def confirm_account(activation_key=None): """ Confirm the account of a user. """ if activation_key != "": user = User.query.filter(User.activation_key == activation_key).first() if user is not None: user.activation_key = "" db.session.commit() flash(gettext('Your account has been confirmed.'), 'success') else: flash(gettext('Impossible to confirm this account.'), 'danger') return redirect(url_for('login')) # # Views dedicated to administration tasks. # @app.route('/admin/dashboard/', methods=['GET', 'POST']) @login_required @admin_permission.require(http_exception=403) def dashboard(): """ Adminstrator's dashboard. """ users = User.query.all() users.remove(g.user) return render_template('admin/dashboard.html', users=users) @app.route('/admin/create_user/', methods=['GET', 'POST']) @app.route('/admin/edit_user//', methods=['GET', 'POST']) @login_required @admin_permission.require(http_exception=403) def create_user(user_id=None): """ Create or edit a user. """ form = ProfileForm() if request.method == 'POST': if form.validate(): role_user = Role.query.filter(Role.name == "user").first() if user_id is not None: # Edit a user user = User.query.filter(User.id == user_id).first() form.populate_obj(user) if form.password.data != "": user.set_password(form.password.data) user.roles = [role_user] user.activation_key = "" db.session.commit() flash(gettext('User') + ' ' + user.nickname + ' ' + gettext('successfully updated.'), 'success') else: # Create a new user user = User(nickname=form.nickname.data, email=form.email.data, pwdhash=generate_password_hash(form.password.data)) user.roles.extend([role_user]) db.session.add(user) db.session.commit() flash(gettext('User') + ' ' + user.nickname + ' ' + gettext('successfully created.'), 'success') return redirect("/admin/edit_user/"+str(user.id)+"/") else: return render_template('profile.html', form=form) if request.method == 'GET': if user_id is not None: user = User.query.filter(User.id == user_id).first() form = ProfileForm(obj=user) message = gettext('Edit the user') + ' ' + user.nickname + '' else: form = ProfileForm() message = gettext('Add a new user') return render_template('/admin/create_user.html', form=form, message=message) @app.route('/admin/user//', methods=['GET']) @login_required @admin_permission.require(http_exception=403) def user(user_id=None): """ See information about a user (stations, etc.). """ user = User.query.filter(User.id == user_id).first() if user is not None: return render_template('/admin/user.html', user=user) else: flash(gettext('This user does not exist.'), 'danger') return redirect(redirect_url()) @app.route('/admin/delete_user//', methods=['GET']) @login_required @admin_permission.require(http_exception=403) def delete_user(user_id=None): """ Delete a user (with all its data). """ user = User.query.filter(User.id == user_id).first() if user is not None: db.session.delete(user) db.session.commit() flash(gettext('User') + ' ' + user.nickname + ' ' + gettext('successfully deleted.'), 'success') else: flash(gettext('This user does not exist.'), 'danger') return redirect(redirect_url()) @app.route('/admin/enable_user//', methods=['GET']) @app.route('/admin/disable_user//', methods=['GET']) @login_required @admin_permission.require() def disable_user(user_id=None): """ Enable or disable the API key of a user. """ user = User.query.filter(User.id == user_id).first() if user is not None: if True: user.activation_key = "" # Send the confirmation email try: emails.new_account_activation(user) except Exception as e: flash(gettext('Problem while sending activation email') + ': ' + str(e), 'danger') flash('Account of the user "' + user.nickname + '" successfully activated.', 'success') else: import random, base64, hashlib user.apikey = base64.b64encode(hashlib.sha512( str(random.getrandbits(256)) ).digest(), random.choice(['rA','aZ','gQ','hH','hG','aR','DD'])).rstrip('==') flash('Account of the user A"' + user.nickname + '" successfully disabled.', 'success') db.session.commit() else: flash('This user does not exist.', 'danger') return redirect(redirect_url())