Compare commits

..

No commits in common. "8b07fa55b76ced174080eea17bbb1731efcda872" and "f3eb905298e5234426a2c296da97050552da36d5" have entirely different histories.

9 changed files with 8 additions and 123 deletions

View File

@ -15,34 +15,14 @@ bp = Blueprint("admin", url_prefix="/manage/admin")
def credentialsCheck (request, order:Order): def credentialsCheck (request, order:Order):
if not order: if not order:
raise exceptions.Forbidden("You have been logged out. Please access the link in your E-Mail to login again!") raise exceptions.Forbidden("You have been logged out. Please access the link in your E-Mail to login again!")
if EXTRA_PRINTS:
print(f"Checking admin credentials of {order.code} with secret {order.secret}")
if not order.isAdmin() : raise exceptions.Forbidden("Birichino :)") if not order.isAdmin() : raise exceptions.Forbidden("Birichino :)")
@bp.get('/cache/clear') @bp.get('/cache/clear')
async def clearCache(request, order:Order): async def clearCache(request, order:Order):
credentialsCheck(request, order) credentialsCheck(request, order)
await request.app.ctx.om.fill_cache() await request.app.ctx.om.fill_cache()
return redirect(f'/manage/admin') return redirect(f'/manage/admin')
@bp.get('/loginas/<code>')
async def loginAs(request, code, order:Order):
credentialsCheck(request, order)
dOrder = await getOrderByCode(request, code, throwException=True)
if(dOrder.isAdmin()):
raise exceptions.Forbidden("You can't login as another admin!")
if EXTRA_PRINTS:
print(f"Swapping login: {order.secret} {order.code} -> {dOrder.secret} {code}")
r = redirect(f'/manage/welcome')
r.cookies['foxo_code_ORG'] = order.code
r.cookies['foxo_secret_ORG'] = order.secret
r.cookies['foxo_code'] = code
r.cookies['foxo_secret'] = dOrder.secret
return r
@bp.get('/room/unconfirm/<code>') @bp.get('/room/unconfirm/<code>')
async def unconfirmRoom(request, code, order:Order): async def unconfirmRoom(request, code, order:Order):
credentialsCheck(request, order) credentialsCheck(request, order)

14
app.py
View File

@ -49,7 +49,7 @@ async def clear_session(request, exception):
async def main_start(*_): async def main_start(*_):
print(">>>>>> main_start <<<<<<") print(">>>>>> main_start <<<<<<")
app.config.REQUEST_MAX_SIZE = PROPIC_MAX_FILE_SIZE * 3 app.config.REQUEST_MAX_SIZE = 1024 * 1024 * 5 # 5 MB
app.ctx.om = OrderManager() app.ctx.om = OrderManager()
if FILL_CACHE: if FILL_CACHE:
@ -167,24 +167,12 @@ async def admin(request, order: Order):
await request.app.ctx.om.updateCache() await request.app.ctx.om.updateCache()
if not order: if not order:
raise exceptions.Forbidden("You have been logged out. Please access the link in your E-Mail to login again!") raise exceptions.Forbidden("You have been logged out. Please access the link in your E-Mail to login again!")
if EXTRA_PRINTS:
print(f"Checking admin credentials of {order.code} with secret {order.secret}")
if not order.isAdmin(): raise exceptions.Forbidden("Birichino :)") if not order.isAdmin(): raise exceptions.Forbidden("Birichino :)")
tpl = app.ctx.tpl.get_template('admin.html') tpl = app.ctx.tpl.get_template('admin.html')
return html(tpl.render(order=order)) return html(tpl.render(order=order))
@app.route("/manage/logout") @app.route("/manage/logout")
async def logour(request): async def logour(request):
orgCode = request.cookies.get("foxo_code_ORG")
orgSecret = request.cookies.get("foxo_secret_ORG")
if orgCode != None and orgSecret != None:
r = redirect(f'/manage/welcome')
r.cookies['foxo_code'] = orgCode
r.cookies['foxo_secret'] = orgSecret
r.delete_cookie("foxo_code_ORG")
r.delete_cookie("foxo_secret_ORG")
return r
raise exceptions.Forbidden("You have been logged out.") raise exceptions.Forbidden("You have been logged out.")
if __name__ == "__main__": if __name__ == "__main__":

3
ext.py
View File

@ -15,7 +15,6 @@ class Order:
self.time = time() self.time = time()
self.data = data self.data = data
self.status = {'n': 'pending', 'p': 'paid', 'e': 'expired', 'c': 'canceled'}[self.data['status']] self.status = {'n': 'pending', 'p': 'paid', 'e': 'expired', 'c': 'canceled'}[self.data['status']]
self.secret = data['secret']
if not len(self.data['positions']): if not len(self.data['positions']):
self.status = 'canceled' self.status = 'canceled'
@ -120,7 +119,7 @@ class Order:
self.pending_room = self.ans('pending_room') self.pending_room = self.ans('pending_room')
self.pending_roommates = self.ans('pending_roommates').split(',') if self.ans('pending_roommates') else [] self.pending_roommates = self.ans('pending_roommates').split(',') if self.ans('pending_roommates') else []
self.room_members = self.ans('room_members').split(',') if self.ans('room_members') else [] self.room_members = self.ans('room_members').split(',') if self.ans('room_members') else []
self.room_owner = (self.code is not None and self.room_id is not None and self.code.strip() == self.room_id.strip()) self.room_owner = (self.code == self.room_id)
self.room_secret = self.ans('room_secret') self.room_secret = self.ans('room_secret')
self.app_token = self.ans('app_token') self.app_token = self.ans('app_token')
self.nfc_id = self.ans('nfc_id') self.nfc_id = self.ans('nfc_id')

View File

@ -1,78 +0,0 @@
from config import *
import requests
import datetime
import time
ROOM_CAPACITY_MAP = {
0: 0,
# SACRO CUORE
83: 11,
67: 50,
68: 45,
69: 84,
70: 10,
# OVERFLOW 1
75: 50
}
def ans(data, name):
for p in data['positions']:
for a in p['answers']:
if a.get('question_identifier', None) == name:
if a['answer'] in ['True', 'False']:
return bool(a['answer'] == 'True')
return a['answer']
return None
def getOrders():
ret = []
p = 0
while 1:
p += 1
res = requests.get(f"{base_url_event}orders/?page={p}", headers=headers)
if res.status_code == 404: break
data = res.json()
for o in data['results']:
roomType = 0
for pos in o['positions']:
if pos['item'] == ITEMS_ID_MAP['bed_in_room']:
roomType = pos['variation']
ret.append({"code": o['code'], "fname": ans(o, 'fursona_name'), "rType": roomType, "date": o['datetime']})
return ret
ordersCode = set()
ordersTime = set()
ordersFName = set()
while True:
#try:
newOrders = getOrders()
shouldSleep = True
for o in newOrders:
if o['code'] not in ordersCode and not o['date'] in ordersTime and not o['fname'] in ordersFName:
remainingInRoomType = ROOM_CAPACITY_MAP[o['rType']]
remainingInRoomType -= 1
ROOM_CAPACITY_MAP[o['rType']] = remainingInRoomType
roomCapacitiesStr = ", ".join(str(x).rjust(2, "0") for x in ROOM_CAPACITY_MAP.values())
#dateStr = datetime.datetime.now().isoformat()
print(f"[{o['date']}] {len(ordersCode)} - [{o['code']}] New order! FursonaName: {o['fname'].ljust(24)} - Room capacities: {roomCapacitiesStr}")
shouldSleep = False
time.sleep(0.05)
ordersCode.add(o['code'])
ordersTime.add(o['date'])
ordersFName.add(o['fname'])
#except:
# print("Exception occurred!")
# pass
if shouldSleep:
time.sleep(1)

View File

@ -55,8 +55,6 @@ async def upload_propic(request, order: Order):
if not body[0].body: continue if not body[0].body: continue
# Check max file size # Check max file size
if EXTRA_PRINTS:
print(f"Image {fn} weight: {len(body[0].body)} bytes")
if len(body[0].body) > PROPIC_MAX_FILE_SIZE: if len(body[0].body) > PROPIC_MAX_FILE_SIZE:
raise exceptions.BadRequest("File size too large for " + ("Profile picture" if fn == 'propic' else 'Fursuit picture')) raise exceptions.BadRequest("File size too large for " + ("Profile picture" if fn == 'propic' else 'Fursuit picture'))

View File

@ -7,8 +7,7 @@ function confirmAction (intent, sender) {
let intentFormAction = document.querySelector("#intentFormAction") let intentFormAction = document.querySelector("#intentFormAction")
let intentSend = document.querySelector("#intentSend") let intentSend = document.querySelector("#intentSend")
// Resetting ui // Resetting ui
intentEdit.removeAttribute('required') intentEdit.setAttribute('required', false)
intentEdit.removeAttribute('minlength')
intentFormAction.setAttribute('method', 'GET') intentFormAction.setAttribute('method', 'GET')
intentEditPanel.style.display = 'none'; intentEditPanel.style.display = 'none';
@ -18,7 +17,6 @@ function confirmAction (intent, sender) {
case 'rename': case 'rename':
intentEditPanel.style.display = 'block'; intentEditPanel.style.display = 'block';
intentEdit.setAttribute('required', true) intentEdit.setAttribute('required', true)
intentEdit.setAttribute('minlength', 4)
intentFormAction.setAttribute('method', 'POST') intentFormAction.setAttribute('method', 'POST')
document.getElementById("intentRename").value = sender.parentElement.parentElement.querySelector("span").innerText; document.getElementById("intentRename").value = sender.parentElement.parentElement.querySelector("span").innerText;
break break

View File

@ -49,7 +49,7 @@ async def delete_room(request, order: Order):
if not order: if not order:
raise exceptions.Forbidden("You have been logged out. Please access the link in your E-Mail to login again!") raise exceptions.Forbidden("You have been logged out. Please access the link in your E-Mail to login again!")
if not order.room_owner: if order.room_owner:
raise exceptions.BadRequest("You are not allowed to delete room of others.") raise exceptions.BadRequest("You are not allowed to delete room of others.")
if order.ans('room_confirmed'): if order.ans('room_confirmed'):

View File

@ -114,7 +114,7 @@
<p id="intentDescription"></p> <p id="intentDescription"></p>
<div id="intentEditPanel"> <div id="intentEditPanel">
<label for="name">Enter a new room name</label> <label for="name">Enter a new room name</label>
<input id="intentRename" name="name" type="text" value="" maxlength="64"/> <input id="intentRename" name="name" type="text" value="" minlength="4" maxlength="64"/>
</div> </div>
<footer> <footer>
<input id="intentSend" type="submit" value="Confirm" /> <input id="intentSend" type="submit" value="Confirm" />

View File

@ -31,7 +31,7 @@
<tr> <tr>
<th>When (check-in)?</th> <th>When (check-in)?</th>
<td> <td>
{{('3' if order.has_early else '4')|safe}} June → {{('9' if order.has_late else '8')|safe}} June 2024 {{('3' if order.has_early else '4')|safe}} October → {{('9' if order.has_late else '8')|safe}} June 2024
{% if order.has_early %} {% if order.has_early %}
<span class="tag">EARLY</span> <span class="tag">EARLY</span>
{% endif %} {% endif %}