from datetime import datetime from itsdangerous import Signer from flask import (Flask, request, url_for, redirect, g, render_template, session, abort) from flask_sqlalchemy import SQLAlchemy ## ripped from https://stackoverflow.com/questions/183042/how-can-i-use-uuids-in-sqlalchemy/812363#812363 from sqlalchemy import types from sqlalchemy.dialects.mysql.base import MSBinary from sqlalchemy.schema import Column import uuid class UUID(types.TypeDecorator): impl = MSBinary def __init__(self): self.impl.length = 16 types.TypeDecorator.__init__(self,length=self.impl.length) def process_bind_param(self,value,dialect=None): if value and isinstance(value,uuid.UUID): return value.bytes elif value and not isinstance(value,uuid.UUID): raise ValueError('value %s is not a valid uuid.UUID' % value) else: return None def process_result_value(self,value,dialect=None): if value: return uuid.UUID(bytes=value) else: return None def is_mutable(self): return False id_column_name = "id" def id_column(): return Column(id_column_name,UUID(),primary_key=True,default=uuid.uuid4) def get_signed(string, salt="blank"): return Signer(app.secret_key, salt=salt).sign(str(string)) def get_unsigned(string, salt="blank"): return Signer(app.secret_key, salt=salt).unsign(str(string)).decode("utf-8") app = Flask(__name__) app.config.from_pyfile('config.cfg') db = SQLAlchemy(app) def url_for_other_page(page): args = request.view_args.copy() args['page'] = page return url_for(request.endpoint, **args) app.jinja_env.globals['url_for_other_page'] = url_for_other_page app.jinja_env.globals['appname'] = app.config['APPNAME'] @app.before_request def check_user_status(): g.user = None if 'user_id' in session: g.user = User.query.get(session['user_id']) class Paste(db.Model): id = id_column() code = db.Column(db.Text) title = db.Column(db.Text) pub_date = db.Column(db.DateTime) user_id = db.Column(db.Integer, db.ForeignKey('user.id')) is_private = db.Column(db.Boolean) parent_id = db.Column(UUID(), db.ForeignKey('paste.id')) parent = db.relationship('Paste', lazy=True, backref='children', uselist=False, remote_side=[id]) def __init__(self, user, code, title, parent=None, is_private=False): self.user = user self.code = code self.title = title self.is_private = is_private self.pub_date = datetime.utcnow() self.parent = parent class User(db.Model): id = db.Column(db.Integer, primary_key=True) display_name = db.Column(db.String(120)) fb_id = db.Column(db.String(30), unique=True) pastes = db.relationship(Paste, lazy='dynamic', backref='user') @app.route('/', methods=['GET', 'POST']) def new_paste(): parent = None reply_to = request.args.get('reply_to') if reply_to is not None: try: parent = Paste.query.get(uuid.UUID(reply_to)) except: parent = Paste.query.get(reply_to) if request.method == 'POST' and request.form['code']: is_private = bool(request.form.get('is_private')) title = "Untitled paste" if request.form['pastetitle'] and request.form['pastetitle'] != "Enter title here": title = request.form['pastetitle'] paste = Paste(g.user, request.form['code'], title, parent=parent, is_private=is_private) db.session.add(paste) db.session.commit() sign = get_signed(paste.id, salt=app.config['SALT']) \ if is_private else None return redirect(url_for('show_paste', paste_id=paste.id, s=sign)) return render_template('new_paste.html', parent=parent) @app.route('//') @app.route('/') def show_paste(paste_id): try: paste = Paste.query.options(db.eagerload('children')).get_or_404(paste_id) except: paste = Paste.query.options(db.eagerload('children')).get_or_404(uuid.UUID(paste_id)) if paste.is_private: try: sign = request.args.get('s', '') assert str(paste.id) == \ get_unsigned(sign, salt=app.config['SALT']) except: abort(403) parent = None if paste.parent_id: try: parent = Paste.query.get(uuid.UUID(paste.parent_id)) except: parent = Paste.query.get(paste.parent_id) children = [] if paste.children: for i in paste.children: j = None try: j = Paste.query.get(uuid.UUID(i.id)) except: j = Paste.query.get(i.id) if j: k = j.id, j.title children.append(k) return render_template('show_paste.html', paste=paste, parent=parent, children=children) @app.route('//delete/', methods=['POST']) @app.route('//delete', methods=['POST']) def delete_paste(paste_id): try: paste = Paste.query.options(db.eagerload('children')).get_or_404(paste_id) except: paste = Paste.query.options(db.eagerload('children')).get_or_404(uuid.UUID(paste_id)) sign = str(request.form['s']) try: assert str(paste.id) == get_unsigned(sign, salt=app.config['DELETESALT']) except: abort(403) try: Paste.query.filter(Paste.id == paste.id).delete() db.session.commit() return "OK",200 # WORKHERE: make this and the 500 redirect to admin/ except: return "failure to delete object.",500 def get_all_pastes(): """ Get custom arrangement of pastes for Admin view """ all1 = Paste.query.all() all2 = [] for p1 in all1: parent_id = None parent_title = None children = [] if p1.parent_id: parent_id = p1.parent_id try: parent_title = Paste.query.get(p1.parent_id).title except: parent_title = "" # works better than None for the parent column of the generated html if p1.children: for c1 in p1.children: child = Paste.query.get(c1.id) child_title = child.title c2 = c1.id, child_title children.append(c2) private = None if p1.is_private: private = get_signed(p1.id, salt=app.config['SALT']) p2 = { "id": p1.id, "title": p1.title, "private": private, "user_id": p1.user_id, "is_private": p1.is_private, "parent": (parent_id, parent_title), "children": children, "delete": get_signed(p1.id, salt=app.config['DELETESALT']).decode("utf-8") } all2.append(p2) return all2 @app.route('/admin/') @app.route('/admin') def admin(): all_pastes = get_all_pastes() return render_template('admin.html', pastes = all_pastes)