Added admin/loginas method

admin.py

@@ -12,17 +12,37 @@ import json
 
 bp = Blueprint("admin", url_prefix="/manage/admin")
 
-def credentialsCheck (request, order:Order):
+def credentialsCheck(request, order:Order):
 	if not order:
 		raise exceptions.Forbidden("You have been logged out. Please access the link in your E-Mail to login again!")
+	if EXTRA_PRINTS:
+		print(f"Checking admin credentials of {order.code} with secret {order.secret}")
 	if not order.isAdmin() : raise exceptions.Forbidden("Birichino :)")
 
+
+
 @bp.get('/cache/clear')
 async def clearCache(request, order:Order):
 	credentialsCheck(request, order)
 	await request.app.ctx.om.fill_cache()
 	return redirect(f'/manage/admin')
 
+@bp.get('/loginas/<code>')
+async def loginAs(request, code, order:Order):
+	credentialsCheck(request, order)
+	dOrder = await getOrderByCode(request, code, throwException=True)
+	if(dOrder.isAdmin()):
+		raise exceptions.Forbidden("You can't login as another admin!")
+
+	if EXTRA_PRINTS:
+		print(f"Swapping login: {order.secret} {order.code} -> {dOrder.secret} {code}")
+	r = redirect(f'/manage/welcome')
+	r.cookies['foxo_code_ORG'] = order.code
+	r.cookies['foxo_secret_ORG'] = order.secret
+	r.cookies['foxo_code'] = code
+	r.cookies['foxo_secret'] = dOrder.secret
+	return r
+
 @bp.get('/room/unconfirm/<code>')
 async def unconfirmRoom(request, code, order:Order):
 	credentialsCheck(request, order)

app.py

@@ -49,7 +49,7 @@ async def clear_session(request, exception):
 async def main_start(*_):
 	print(">>>>>> main_start <<<<<<")
 
-	app.config.REQUEST_MAX_SIZE = 1024 * 1024 * 5 # 5 MB
+	app.config.REQUEST_MAX_SIZE = PROPIC_MAX_FILE_SIZE * 3
 	
 	app.ctx.om = OrderManager()
 	if FILL_CACHE:
@@ -167,12 +167,24 @@ async def admin(request, order: Order):
 	await request.app.ctx.om.updateCache()
 	if not order:
 		raise exceptions.Forbidden("You have been logged out. Please access the link in your E-Mail to login again!")
+	if EXTRA_PRINTS:
+		print(f"Checking admin credentials of {order.code} with secret {order.secret}")
 	if not order.isAdmin(): raise exceptions.Forbidden("Birichino :)")
 	tpl = app.ctx.tpl.get_template('admin.html')
 	return html(tpl.render(order=order))
 	
 @app.route("/manage/logout")
 async def logour(request):
+	orgCode = request.cookies.get("foxo_code_ORG")
+	orgSecret = request.cookies.get("foxo_secret_ORG")
+	if orgCode != None and orgSecret != None:
+		r = redirect(f'/manage/welcome')
+		r.cookies['foxo_code'] = orgCode
+		r.cookies['foxo_secret'] = orgSecret
+		r.delete_cookie("foxo_code_ORG")
+		r.delete_cookie("foxo_secret_ORG")
+		return r
+
 	raise exceptions.Forbidden("You have been logged out.")
 
 if __name__ == "__main__":

ext.py

@@ -15,7 +15,8 @@ class Order:
 		self.time = time()
 		self.data = data
 		self.status = {'n': 'pending', 'p': 'paid', 'e': 'expired', 'c': 'canceled'}[self.data['status']]
-		
+		self.secret = data['secret']
+
 		if not len(self.data['positions']):
 			self.status = 'canceled'
 		
@@ -119,7 +120,7 @@ class Order:
 		self.pending_room = self.ans('pending_room')
 		self.pending_roommates = self.ans('pending_roommates').split(',') if self.ans('pending_roommates') else []
 		self.room_members = self.ans('room_members').split(',') if self.ans('room_members') else []
-		self.room_owner = (self.code == self.room_id)
+		self.room_owner = (self.code is not None and self.room_id is not None and self.code.strip() == self.room_id.strip())
 		self.room_secret = self.ans('room_secret')
 		self.app_token = self.ans('app_token')
 		self.nfc_id = self.ans('nfc_id')

logOrders.py

@@ -0,0 +1,78 @@
+from config import *
+import requests
+import datetime
+import time
+
+ROOM_CAPACITY_MAP = {
+	0: 0,
+	# SACRO CUORE
+	83: 11,
+	67: 50,
+	68: 45,
+	69: 84,
+	70: 10,
+
+	# OVERFLOW 1
+	75: 50
+}
+
+def ans(data, name):
+	for p in data['positions']:
+		for a in p['answers']:
+			if a.get('question_identifier', None) == name:
+				if a['answer'] in ['True', 'False']:
+					return bool(a['answer'] == 'True')
+				return a['answer']
+	return None
+
+def getOrders():
+	ret = []
+	p = 0
+		
+	while 1:
+		p += 1
+		res = requests.get(f"{base_url_event}orders/?page={p}", headers=headers)
+
+		if res.status_code == 404: break
+
+		data = res.json()
+		for o in data['results']:
+			
+			roomType = 0
+
+			for pos in o['positions']:
+				if pos['item'] == ITEMS_ID_MAP['bed_in_room']:
+					roomType = pos['variation']
+
+			ret.append({"code": o['code'], "fname": ans(o, 'fursona_name'), "rType": roomType, "date": o['datetime']})
+	return ret
+
+ordersCode = set()
+ordersTime = set()
+ordersFName = set()
+while True:
+	#try:
+	newOrders = getOrders()
+	shouldSleep = True
+	for o in newOrders:
+		if o['code'] not in ordersCode and not o['date'] in ordersTime and not o['fname'] in ordersFName:
+
+			remainingInRoomType = ROOM_CAPACITY_MAP[o['rType']]
+			remainingInRoomType -= 1
+			ROOM_CAPACITY_MAP[o['rType']] = remainingInRoomType
+
+			roomCapacitiesStr = ", ".join(str(x).rjust(2, "0") for x in ROOM_CAPACITY_MAP.values())
+			#dateStr = datetime.datetime.now().isoformat()
+
+			print(f"[{o['date']}] {len(ordersCode)} - [{o['code']}] New order! FursonaName: {o['fname'].ljust(24)} - Room capacities: {roomCapacitiesStr}")
+
+			shouldSleep = False
+			time.sleep(0.05)
+		ordersCode.add(o['code'])
+		ordersTime.add(o['date'])
+		ordersFName.add(o['fname'])
+	#except:
+	#	print("Exception occurred!")
+	#	pass
+	if shouldSleep:
+		time.sleep(1)

propic.py

@@ -55,6 +55,8 @@ async def upload_propic(request, order: Order):
 			if not body[0].body: continue
 			
 			# Check max file size
+			if EXTRA_PRINTS:
+				print(f"Image {fn} weight: {len(body[0].body)} bytes")
 			if len(body[0].body) > PROPIC_MAX_FILE_SIZE:
 				raise exceptions.BadRequest("File size too large for " + ("Profile picture" if fn == 'propic' else 'Fursuit picture'))
 			

res/scripts/roomManager.js

@@ -7,7 +7,8 @@ function confirmAction (intent, sender) {
     let intentFormAction =  document.querySelector("#intentFormAction")
     let intentSend =  document.querySelector("#intentSend")
     // Resetting ui
-    intentEdit.setAttribute('required', false)
+    intentEdit.removeAttribute('required')
+    intentEdit.removeAttribute('minlength')
     intentFormAction.setAttribute('method', 'GET')
     intentEditPanel.style.display = 'none';
 
@@ -17,6 +18,7 @@ function confirmAction (intent, sender) {
         case 'rename':
             intentEditPanel.style.display = 'block';
             intentEdit.setAttribute('required', true)
+            intentEdit.setAttribute('minlength', 4)
             intentFormAction.setAttribute('method', 'POST')
             document.getElementById("intentRename").value = sender.parentElement.parentElement.querySelector("span").innerText;
             break

room.py

@@ -49,7 +49,7 @@ async def delete_room(request, order: Order):
 	if not order:
 		raise exceptions.Forbidden("You have been logged out. Please access the link in your E-Mail to login again!")
 
-	if order.room_owner:
+	if not order.room_owner:
 		raise exceptions.BadRequest("You are not allowed to delete room of others.")
 		
 	if order.ans('room_confirmed'):

tpl/nosecount.html

@@ -114,7 +114,7 @@
 					<p id="intentDescription"></p>
 					<div id="intentEditPanel">
 						<label for="name">Enter a new room name</label>
-						<input id="intentRename" name="name" type="text" value="" minlength="4" maxlength="64"/>
+						<input id="intentRename" name="name" type="text" value="" maxlength="64"/>
 					</div>
 					<footer>
 						<input id="intentSend" type="submit" value="Confirm" />

tpl/welcome.html

@@ -31,7 +31,7 @@
 				<tr>
 					<th>When (check-in)?</th>
 					<td>
-						{{('3' if order.has_early else '4')|safe}} October → {{('9' if order.has_late else '8')|safe}} June 2024
+						{{('3' if order.has_early else '4')|safe}} June → {{('9' if order.has_late else '8')|safe}} June 2024
 						{% if order.has_early %}
 							<span class="tag">EARLY</span>
 						{% endif %}