further improvements

2020-02-09 14:13:03 +01:00
parent 424178ac0e
commit 02a37e9657
5 changed files with 29 additions and 19 deletions
--- a/rowers/dataprep.py
+++ b/rowers/dataprep.py
@@ -3,7 +3,6 @@ from __future__ import division
 from __future__ import print_function
 from __future__ import unicode_literals

-
 # All the data preparation, data cleaning and data mangling should
 # be defined here
 from __future__ import unicode_literals, absolute_import
@@ -1568,7 +1567,6 @@ def new_workout_from_file(r, f2,
    if workoutsource is None:
        workoutsource = fileformat

-    print(f2,'final name')
    id, message = save_workout_database(
        f2, r,
        notes=notes,
--- a/rowers/rows.py
+++ b/rowers/rows.py
@@ -7,6 +7,11 @@ import time
 import gzip
 import shutil
 import hashlib
+
+
+import uuid
+
+
 from django.core.exceptions import ValidationError

 def format_pace_tick(x,pos=None):
@@ -134,7 +139,7 @@ def handle_uploaded_image(i):

 def handle_uploaded_file(f):
    fname = f.name
-    timestr = time.strftime("%Y%m%d-%H%M%S")
+    timestr = uuid.uuid4().hex[:10]+'-'+time.strftime("%Y%m%d-%H%M%S")
    fname = timestr+'-'+fname
    fname2 = 'media/'+fname
    with open(fname2,'wb+') as destination:
@@ -142,4 +147,3 @@ def handle_uploaded_file(f):
            destination.write(chunk)

    return fname,fname2
-
--- a/rowers/tests/test_emails.py
+++ b/rowers/tests/test_emails.py
@@ -63,7 +63,7 @@ workout run
            'upload_to_C2': False,
            'plottype': 'timeplot',
            'file': 'media/mailbox_attachments/colin3.csv',
-            'secret': 'potjandorie',
+            'secret': settings.UPLOAD_SERVICE_SECRET,
            'user': 1,
        }

--- a/rowers/views/workoutviews.py
+++ b/rowers/views/workoutviews.py
@@ -4391,15 +4391,20 @@ def workout_toggle_ranking(request,id=0):
@csrf_exempt
 def workout_upload_api(request):
    if request.method != 'POST':
-        raise PermissionDenied("This view cannot be accessed")
+        message = {'status':'false','message':'this view cannot be accessed through GET'}
+        return JSONResponse(status=403,data=message)

    # only allow local host
-    print(request.get_host(),'get_host')
+    hostt = request.get_host().split(':')
+    if hostt[0] not in ['localhost','127.0.0.1']:
+        message = {'status':'false','message':'permission denied'}
+        return JSONResponse(status=403,data=message)

    # check credentials here
    secret = request.POST['secret']
-    if secret != 'potjandorie':
-        raise PermissionDenied("Invalid credentials")
+    if secret != settings.UPLOAD_SERVICE_SECRET:
+        message = {'status':'false','message':'invalid credentials'}
+        return JSONResponse(status=403,data=message)

    form = DocumentsForm(request.POST)
    optionsform = TeamUploadOptionsForm(request.POST)
@@ -4408,7 +4413,6 @@ def workout_upload_api(request):
    try:
        fstr = request.POST['file']
        f1 = uuid.uuid4().hex[:10]+'-'+time.strftime("%Y%m%d-%H%M%S")+os.path.splitext(fstr)[1]
-        print(f1)
        f2 = 'media/'+f1
        copyfile(fstr,f2)
    except KeyError:
--- a/rowsandall_app/settings.py
+++ b/rowsandall_app/settings.py
@@ -247,6 +247,10 @@ LOGOUT_REDIRECT_URL = '/'
 # Update Cache with task progress password

 PROGRESS_CACHE_SECRET = CFG['progress_cache_secret']
+try:
+	UPLOAD_SERVICE_SECRET = CFG['upload_service_secret']
+except KeyError:
+	UPLOAD_SERVICE_SECRET = "FoYezZWLSyfAVimumpHEeYsJjsNCerxV"

 # Concept 2
 C2_CLIENT_ID = CFG['c2_client_id']