Compare commits

..

No commits in common. "c7675b5e28135f2fdd1f6a2f8347cc0050345590" and "df4f2eaf81eb74597b968811dee5fb809d7899ec" have entirely different histories.

9 changed files with 23 additions and 63 deletions

5
app.py
View File

@ -16,12 +16,10 @@ import requests
import sys
from sanic.log import logger, logging, access_logger
from metrics import *
from utils import isSessionAdmin
from email_util import killSmptClient
import pretixClient
import traceback
app = Sanic(__name__)
app.static("/res", "res/")
@ -82,7 +80,6 @@ async def main_start(*_):
app.ctx.tpl = Environment(loader=FileSystemLoader("tpl"), autoescape=True)
app.ctx.tpl.globals.update(time=time)
app.ctx.tpl.globals.update(PROPIC_DEADLINE=PROPIC_DEADLINE)
app.ctx.tpl.globals.update(ROOM_DEADLINE=ROOM_DEADLINE)
app.ctx.tpl.globals.update(LOCALES=LOCALES)
app.ctx.tpl.globals.update(ITEMS_ID_MAP=ITEMS_ID_MAP)
app.ctx.tpl.globals.update(ITEM_VARIATIONS_MAP=ITEM_VARIATIONS_MAP)
@ -159,7 +156,7 @@ async def welcome(request, order: Order, quota: Quotas):
room_members.append(await app.ctx.om.get_order(code=member_id, cached=True))
tpl = app.ctx.tpl.get_template('welcome.html')
return html(tpl.render(order=order, quota=quota, room_members=room_members, pending_roommates=pending_roommates, ROOM_ERROR_MESSAGES=ROOM_ERROR_TYPES, isSessionAdmin=await isSessionAdmin(request, order)))
return html(tpl.render(order=order, quota=quota, room_members=room_members, pending_roommates=pending_roommates, ROOM_ERROR_MESSAGES=ROOM_ERROR_TYPES))
@app.route("/manage/download_ticket")

View File

@ -17,8 +17,6 @@ PROPIC_MAX_FILE_SIZE = 5 * 1024 * 1024 # 5MB
PROPIC_MAX_SIZE = (2048, 2048) # (Width, Height)
PROPIC_MIN_SIZE = (125, 125) # (Width, Height)
ROOM_DEADLINE = 9999999999
# This is used for feedback sending inside of the app. Feedbacks will be sent to the specified chat using the bot api id.
TG_BOT_API = '123456789:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
TG_CHAT_ID = -1234567

View File

@ -3,7 +3,6 @@ from sanic import Blueprint, exceptions, response
from ext import *
from urllib.parse import unquote
from config import ADMINS
from utils import isSessionAdmin
import json
bp = Blueprint("karaoke", url_prefix="/manage/karaoke")
@ -11,7 +10,7 @@ bp = Blueprint("karaoke", url_prefix="/manage/karaoke")
@bp.get("/admin")
async def show_songs(request, order: Order):
if not await isSessionAdmin(request, order):
if not order.isAdmin():
raise exceptions.Forbidden("Birichino")
orders = [x for x in request.app.ctx.om.cache.values() if x.karaoke_songs]
@ -29,7 +28,7 @@ async def show_songs(request, order: Order):
@bp.post("/approve")
async def approve_songs(request, order: Order):
if not await isSessionAdmin(request, order):
if not order.isAdmin():
raise exceptions.Forbidden("Birichino")
for song in request.form:
@ -45,7 +44,7 @@ async def sing_song(request, order: Order, songname):
if not order: raise exceptions.Forbidden("You have been logged out. Please access the link in your E-Mail to login again!")
if not await isSessionAdmin(request, order):
if not order.isAdmin():
raise exceptions.Forbidden("Birichino")
songname = unquote(songname)

View File

@ -6,7 +6,6 @@ from PIL import Image
from io import BytesIO
from hashlib import sha224
from time import time
from utils import isSessionAdmin
import os
bp = Blueprint("propic", url_prefix="/manage/propic")
@ -39,7 +38,7 @@ async def upload_propic(request, order: Order):
if order.propic_locked:
raise exceptions.BadRequest("You have been limited from further editing the propic.")
if request.form.get('submit') != 'Upload' and (time() > PROPIC_DEADLINE and not await isSessionAdmin(request, order)):
if request.form.get('submit') != 'Upload' and time() > PROPIC_DEADLINE:
raise exceptions.BadRequest("The deadline has passed. You cannot modify the badges at this moment.")
if request.form.get('submit') == 'Delete main image':

11
room.py
View File

@ -6,18 +6,9 @@ from config import headers
import os
from image_util import generate_room_preview, get_room
from utils import confirm_room_by_order
from time import time
bp = Blueprint("room", url_prefix="/manage/room")
@bp.middleware
async def deadline_check(request: Request):
order = await get_order(request)
if not order:
raise exceptions.Forbidden("You have been logged out. Please access the link in your E-Mail to login again!")
if time() > ROOM_DEADLINE and not await isSessionAdmin(request, order):
raise exceptions.BadRequest("The deadline has passed. You cannot modify the room at this moment.")
@bp.post("/create")
async def room_create_post(request, order: Order):
if not order: raise exceptions.Forbidden("You have been logged out. Please access the link in your E-Mail to login again!")
@ -313,7 +304,7 @@ async def confirm_room(request, order: Order, quotas: Quotas):
#if quotas.get_left(len(order.room_members)) == 0:
# raise exceptions.BadRequest("There are no more rooms of this size to reserve.")
await confirm_room_by_order(order, request)
confirm_room_by_order(order, request)
return redirect('/manage/welcome')

View File

@ -1,11 +0,0 @@
# python merda
import asyncio
async def a():
print("a")
def b():
loop = asyncio.get_event_loop()
print(loop)
b()

View File

@ -32,7 +32,7 @@
{% endif %}
</div>
{% if time() > PROPIC_DEADLINE and not isSessionAdmin %}
{% if time() > PROPIC_DEADLINE %}
<p class="notice">⚠️ The deadline to upload pictures for the badge has expired. For last-minute changes, please contact the support over at <a href="mailto:info@furizon.net">info@furizon.net</a>. If your badge has been printed already, changing it will incur in a 2€ fee. You can also get extra badges at the reception for the same price. If you upload a propic now, it might not be printed on time.</p>
{% else %}
<p><em>
@ -43,9 +43,9 @@
{% endif %}
<div class="grid grid_2x2">
<input style="grid-area: 1 / 1 / 2 / 3;" type="submit" name="submit" value="Upload" {{'disabled' if ((order.ans('propic') and order.ans('propic_fursuiter'))) or (time() > PROPIC_DEADLINE and not isSessionAdmin) else ''}} />
<input style="grid-area: 2 / 1 / 3 / 2;" type="submit" name="submit" value="Delete main image" {{'disabled' if ((time() > PROPIC_DEADLINE and not isSessionAdmin) or not order.ans('propic')) else ''}} />
<input style="grid-area: 2 / 2 / 3 / 3;" type="submit" name="submit" value="Delete fursuit image" {{'disabled' if ((time() > PROPIC_DEADLINE and not isSessionAdmin) or not order.ans('propic_fursuiter')) else ''}} />
<input style="grid-area: 1 / 1 / 2 / 3;" type="submit" name="submit" value="Upload" {{'disabled' if (order.ans('propic') and order.ans('propic_fursuiter')) else ''}} />
<input style="grid-area: 2 / 1 / 3 / 2;" type="submit" name="submit" value="Delete main image" {{'disabled' if (time() > PROPIC_DEADLINE or not order.ans('propic')) else ''}} />
<input style="grid-area: 2 / 2 / 3 / 3;" type="submit" name="submit" value="Delete fursuit image" {{'disabled' if (time() > PROPIC_DEADLINE or not order.ans('propic_fursuiter')) else ''}} />
</div>
</form>
</details>

View File

@ -40,7 +40,7 @@
{% if person.status == 'pending' %}
<p><strong style="color:red;">UNPAID</strong></p>
{% endif %}
{% if order.room_owner and person.code != order.code and (not order.room_confirmed) and (time() <= ROOM_DEADLINE or isSessionAdmin) %}<a href="/manage/room/kick/{{person.code}}">KICK</a>{% endif %}
{% if order.room_owner and person.code != order.code and (not order.room_confirmed) %}<a href="/manage/room/kick/{{person.code}}">KICK</a>{% endif %}
</div>
{% if person.status != 'paid' %}
@ -51,7 +51,7 @@
{# {% if order.room_id == order.code and not order.room_confirmed and len(room_members) < 5%} #}
{% if order.room_id == order.code and not order.room_confirmed and len(room_members) < order.room_person_no %}
<div>
<a {% if time() <= ROOM_DEADLINE or isSessionAdmin %} href="javascript:document.getElementById('modal-roominvite').setAttribute('open', 'true');" {% else %} disabled {% endif %}>
<a href="javascript:document.getElementById('modal-roominvite').setAttribute('open', 'true');">
<div class="propic-container">
<img class="propic" src="/res/new.png" />
<h3>Invite</h3>
@ -63,13 +63,13 @@
</div>
{% elif order.pending_room %}
<p>You have have asked to join the room of another member. Wait for them to confirm or reject your request.</p>
<a role="button" href="/manage/room/cancel_request" {{'disabled' if time() > ROOM_DEADLINE and not isSessionAdmin else ''}}>Cancel pending join request</a>
<a role="button" href="/manage/room/cancel_request">Cancel pending join request</a>
{% else %}
<p class="notice">🎲 If you don't join a room or create your one within the room deadline, we will randomly put you into a room with free spots.</p>
<p>To join a room, ask somebody to send you their room code.</p>
<p class="grid">
<a role="button" href="/manage/room/create" {{'disabled' if time() > ROOM_DEADLINE and not isSessionAdmin else ''}}>Create a room</a>
<a role="button" href="javascript:document.getElementById('modal-joinroom').setAttribute('open', 'true');" {{'disabled' if time() > ROOM_DEADLINE and not isSessionAdmin else ''}}>Join a room</a>
<a role="button" href="/manage/room/create">Create a room</a>
<a role="button" href="javascript:document.getElementById('modal-joinroom').setAttribute('open', 'true');">Join a room</a>
</p>
{% endif %}
@ -83,17 +83,17 @@
{% if order.room_owner %}
{% if not order.room_confirmed %}
{# <a role="button" {{'disabled' if time() > ROOM_DEADLINE and not isSessionAdmin else ''}} {% if not room.forbidden and quota.get_left(len(room_members)) > 0 %}href="javascript:document.getElementById('modal-roomconfirm').setAttribute('open', 'true');"{% endif %}>Confirm <strong>{{[None,'single','double','triple','quadruple','quintuple'][len(room_members)]}}</strong> room</a> #}
{# <a role="button" {% if not room.forbidden and quota.get_left(len(room_members)) > 0 %}href="javascript:document.getElementById('modal-roomconfirm').setAttribute('open', 'true');"{% endif %}>Confirm <strong>{{[None,'single','double','triple','quadruple','quintuple'][len(room_members)]}}</strong> room</a> #}
<a style="grid-area: 1 / 1 / 2 / 2;" role="button" href="javascript:document.getElementById('modal-roomrename').setAttribute('open', 'true');" {{'disabled' if time() > ROOM_DEADLINE and not isSessionAdmin else ''}}>Rename room</a>
<a style="grid-area: 1 / 2 / 2 / 3;" href="/manage/room/delete" role="button" {{'disabled' if (len(room_members) > 1) or (time() > ROOM_DEADLINE and not isSessionAdmin) else ''}} >Delete room</a>
<a style="grid-area: 2 / 1 / 3 / 3; display:block;" role="button" {{'disabled' if time() > ROOM_DEADLINE and not isSessionAdmin else ''}} {% if not room.forbidden and len(room_members) == order.room_person_no %}href="javascript:document.getElementById('modal-roomconfirm').setAttribute('open', 'true');"{% endif %}>Confirm <strong>{{[None,'single','double','triple','quadruple','quintuple'][order.room_person_no]}}</strong> room</a>
<a style="grid-area: 1 / 1 / 2 / 2;" role="button" href="javascript:document.getElementById('modal-roomrename').setAttribute('open', 'true');">Rename room</a>
<a style="grid-area: 1 / 2 / 2 / 3;" href="/manage/room/delete" role="button" {{'disabled' if (len(room_members) > 1) else ''}} >Delete room</a>
<a style="grid-area: 2 / 1 / 3 / 3; display:block;" role="button" {% if not room.forbidden and len(room_members) == order.room_person_no %}href="javascript:document.getElementById('modal-roomconfirm').setAttribute('open', 'true');"{% endif %}>Confirm <strong>{{[None,'single','double','triple','quadruple','quintuple'][order.room_person_no]}}</strong> room</a>
{% else %}
{# <a style="grid-area: 1 / 1 / 2 / 2;" role="button" {{'disabled' if time() > ROOM_DEADLINE and not isSessionAdmin else ''}} href="javascript:navigator.share({title: 'Furizon room', text:'Viewing room {{order.room_name}}', url: `${window.location.protocol}//${window.location.host}/manage/room/view/{{order.code}}}`});">Share</a> #}
{# <a style="grid-area: 1 / 1 / 2 / 2;" role="button" href="javascript:navigator.share({title: 'Furizon room', text:'Viewing room {{order.room_name}}', url: `${window.location.protocol}//${window.location.host}/manage/room/view/{{order.code}}}`});">Share</a> #}
{% endif %}
{% else %}
{% if order.room_id and not order.room_confirmed %}
<a href="/manage/room/leave" role="button" {{'disabled' if time() > ROOM_DEADLINE and not isSessionAdmin else ''}}>Leave room</a>
<a href="/manage/room/leave" role="button">Leave room</a>
{% endif %}
{% endif %}
</p>
@ -111,8 +111,8 @@
<td><strong style="color:red;">UNPAID</strong></td>
{% endif %}
{% if order.room_owner %}
<td style="width:1%;white-space: nowrap;"><a role="button" href="/manage/room/approve/{{person.code}}" {{'disabled' if time() > ROOM_DEADLINE and not isSessionAdmin else ''}}>Approve</a></td>
<td style="width:1%;white-space: nowrap;"><a role="button" href="/manage/room/reject/{{person.code}}" {{'disabled' if time() > ROOM_DEADLINE and not isSessionAdmin else ''}}>Reject</a></td>
<td style="width:1%;white-space: nowrap;"><a role="button" href="/manage/room/approve/{{person.code}}">Approve</a></td>
<td style="width:1%;white-space: nowrap;"><a role="button" href="/manage/room/reject/{{person.code}}">Reject</a></td>
{% endif %}
</tr>
</div>

View File

@ -288,19 +288,6 @@ async def validate_rooms(request, rooms, om):
logger.info(f"[ROOM VALIDATION] Sent {sent_count} emails")
# Returns true if the logged used is an admin OR if it's an admin logged as another user
async def isSessionAdmin(request, order):
if(order.isAdmin()): return True
orgCode = request.cookies.get("foxo_code_ORG")
orgSecret = request.cookies.get("foxo_secret_ORG")
if orgCode != None and orgSecret != None:
user = await request.app.ctx.om.get_order(code=orgCode)
if(user == None): return False
if(user.secret != orgSecret): raise exceptions.Forbidden("Birichino :)")
return user.isAdmin()
async def check_room(request, order, om=None):
room_errors = []
room_members = []