Feature/fileupload (#13)

git-lreuter · Lenhard Reuter · web-flow · commit 98041587be5d · 2022-04-22T16:41:04.000+02:00
* Define upload folder and allowed extensions

* Add file db model

* Add file creation function

* Add helper functions

* Adapt admin-output

* Adapt admin-output

* Add upload endpoint

* Use secure_filename prior to extension check

Co-authored-by: Lenhard Reuter &lt;lenhard.reuter@ait.ac.at&gt;
diff --git a/learners/conf/config.py b/learners/conf/config.py
@@ -124,6 +124,9 @@ def __init__(self):
             "login_text": learners_config.get("learners").get("login_text"),
         }
 
+        self.allowed_extensions = learners_config.get("learners").get("upload_extensions")
+        self.upload_folder = learners_config.get("learners").get("upload_folder")
+
 
 def build_config(app):
 
diff --git a/learners/conf/config_schema.py b/learners/conf/config_schema.py
@@ -23,6 +23,8 @@
                     "login_text",
                     default="In order to participate in the exercises, please log in with your credentials. You will then get access to the documentation and the introduction to the tools to be used, the Exercises-Control and get access to the VNC client from which the exercises can be performed.",
                 ): Str(),
+                Optional("upload_folder", default="/var/tmp/"): Str(),
+                Optional("upload_extensions", default=["txt", "pdf", "png", "jpg", "jpeg", "gif", "json", "svg"]): Seq(Str()),
             }
         ),
         "jwt": Map(
diff --git a/learners/conf/db_models.py b/learners/conf/db_models.py
@@ -26,6 +26,13 @@ class Execution(db.Model):
     exercise_id = db.Column(db.Integer, db.ForeignKey("exercise.id"), nullable=False)
 
 
+class Attachment(db.Model):
+    id = db.Column(db.Integer, primary_key=True)
+    filename = db.Column(db.String(120), nullable=False)
+    filename_hash = db.Column(db.String(120), nullable=False)
+    user_id = db.Column(db.Integer, db.ForeignKey("user.id"), nullable=False)
+
+
 class Exercise(db.Model):
     id = db.Column(db.Integer, primary_key=True)
     type = db.Column(db.String(120), nullable=False)
diff --git a/learners/functions/database.py b/learners/functions/database.py
@@ -1,11 +1,12 @@
+import hashlib
 import json
 from datetime import datetime, timezone
 from sqlite3 import IntegrityError
 from typing import Tuple
 
 from learners import logger
 from learners.conf.config import cfg
-from learners.conf.db_models import Execution, Exercise, User
+from learners.conf.db_models import Attachment, Execution, Exercise, User
 from learners.database import db
 from learners.functions.helpers import extract_exercises
 from sqlalchemy import event, nullsfirst
@@ -179,3 +180,26 @@ def get_completed_state(user_id: int, exercise_id: int) -> dict:
     except Exception as e:
         logger.exception(e)
         return None
+
+
+def db_create_file(filename: str, username: str) -> str:
+    try:
+        user_id = User.query.filter_by(name=username).first().id
+        filename_hash = hashlib.md5(filename.encode("utf-8")).hexdigest()
+        file = Attachment(filename=filename, filename_hash=filename_hash, user_id=user_id)
+        db.session.add(file)
+        db.session.commit()
+        return filename_hash
+
+    except Exception as e:
+        logger.exception(e)
+        return None
+
+
+def get_filename_from_hash(filename_hash):
+    try:
+        session = db.session.query(Attachment).filter_by(filename_hash=filename_hash).first()
+        return session.filename
+    except Exception as e:
+        logger.exception(e)
+        return None
diff --git a/learners/functions/helpers.py b/learners/functions/helpers.py
@@ -79,3 +79,22 @@ def append_or_update_subexercise(parent_exercise: dict, child_exercise: dict) ->
     parent_exercise["exercises"].append(child_exercise)
 
     return parent_exercise
+
+
+def allowed_file(filename):
+    return "." in filename and filename.rsplit(".", 1)[1].lower() in cfg.allowed_extensions
+
+
+def replace_attachhment_with_url(formData):
+    from learners.functions.database import get_filename_from_hash
+
+    for key, value in formData.items():
+        if key == "attachment":
+            filename = get_filename_from_hash(value)
+            hyperlink = f"/upload/{filename}"
+            formData[key] = hyperlink
+        if isinstance(value, dict):
+            formData[key] = replace_attachhment_with_url(value)
+            continue
+
+    return formData
diff --git a/learners/routes/admin.py b/learners/routes/admin.py
@@ -9,7 +9,7 @@
     get_exercise_by_name,
     get_user_by_id,
 )
-from learners.functions.helpers import extract_history
+from learners.functions.helpers import extract_history, replace_attachhment_with_url
 from learners.functions.results import construct_results_table
 from learners.jwt_manager import admin_required
 from learners.logger import logger
@@ -53,6 +53,7 @@ def get_exercise_result(user_id, exercise_name):
 
     if exercise.type == "form":
         data["form"] = json.loads(last_execution.form_data) if last_execution else None
+        data["form"] = replace_attachhment_with_url(data["form"])
 
     data["history"] = extract_history(executions) if executions else None
 
diff --git a/learners/routes/execution.py b/learners/routes/execution.py
@@ -1,11 +1,13 @@
 import json
+import os
 import uuid
 
-from flask import Blueprint, jsonify, request
+from flask import Blueprint, jsonify, request, send_from_directory
 from flask_jwt_extended import get_jwt_identity, jwt_required
 from learners import logger
 from learners.functions.database import (
     db_create_execution,
+    db_create_file,
     get_completed_state,
     get_current_executions,
     get_exercise_by_name,
@@ -14,7 +16,12 @@
     get_user_by_name,
 )
 from learners.functions.execution import call_venjix, send_form_via_mail, update_execution_response, wait_for_response
-from learners.functions.helpers import append_key_to_dict, append_or_update_subexercise
+from learners.functions.helpers import allowed_file, append_key_to_dict, append_or_update_subexercise
+
+
+from werkzeug.utils import secure_filename
+from learners.conf.config import cfg
+
 
 execution_api = Blueprint("execution_api", __name__)
 
@@ -29,6 +36,7 @@ def run_execution(type):
     response = {"uuid": execution_uuid, "connected": False, "executed": False}
 
     data = request.get_json()
+
     if db_create_execution(type, data, username, execution_uuid):
         if type == "script":
             response["connected"], response["executed"] = call_venjix(username, data["script"], execution_uuid)
@@ -96,3 +104,51 @@ def get_execution_state():
             results[parent] = append_or_update_subexercise(results[parent], exerciseobj)
 
     return jsonify(success_list=results)
+
+
+@execution_api.route("/upload", methods=["POST"])
+@jwt_required(locations="headers")
+def upload_file():
+
+    response = {
+        "completed": False,
+        "executed": False,
+        "msg": None,
+        "file": None,
+    }
+
+    if "file" not in request.files:
+        response["msg"] = "file missing"
+        return jsonify(response)
+
+    file = request.files["file"]
+
+    if file.filename == "":
+        response["msg"] = "no file selected"
+        return jsonify(response)
+
+    username = get_jwt_identity()
+
+    if file:
+        filename = f"{username}_{secure_filename(file.filename)}"
+        if not allowed_file(filename):
+            response["msg"] = "file type not allowed"
+            return jsonify(response)
+        try:
+            file.save(os.path.join(cfg.upload_folder, filename))
+            filehash = db_create_file(filename, get_jwt_identity())
+            response["completed"] = True
+            response["executed"] = True
+            response["msg"] = "file sucessfully uploaded"
+            response["file"] = filehash
+
+        except Exception as e:
+            response["msg"] = "server error"
+
+    return jsonify(response)
+
+
+@execution_api.route("/upload/<name>")
+@jwt_required()
+def download_file(name):
+    return send_from_directory(cfg.upload_folder, name)
diff --git a/learners/templates/result_details.html b/learners/templates/result_details.html
@@ -48,6 +48,8 @@ <h5>{{ key }}</h5>
                   <span class="detail {% if subvalue == True %}true{% elif subvalue == False %}false{% endif %}">
                     {% if subvalue != "" and (subvalue | string).startswith('http')  %}
                     <a href="{{subvalue}}" target="_blank">{{subvalue | truncate(150, True, ' ...') }}</a>
+                    {% elif subvalue != "" and (subvalue | string).startswith('/upload/')  %}
+                    <a href="{{subvalue}}" target="_blank">download attachment</a>
                     {% elif subvalue != "" %}
                     {{subvalue}}
                     {% else %}

Original file line number	Diff line number	Diff line change
`@@ -124,6 +124,9 @@ def __init__(self):`
`124`	`124`	`"login_text": learners_config.get("learners").get("login_text"),`
`125`	`125`	`}`
`126`	`126`
	`127`	`+ self.allowed_extensions = learners_config.get("learners").get("upload_extensions")`
	`128`	`+ self.upload_folder = learners_config.get("learners").get("upload_folder")`
	`129`	`+`
`127`	`130`
`128`	`131`	`def build_config(app):`
`129`	`132`
Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,8 @@`
`23`	`23`	`"login_text",`
`24`	`24`	`default="In order to participate in the exercises, please log in with your credentials. You will then get access to the documentation and the introduction to the tools to be used, the Exercises-Control and get access to the VNC client from which the exercises can be performed.",`
`25`	`25`	`): Str(),`
	`26`	`+ Optional("upload_folder", default="/var/tmp/"): Str(),`
	`27`	`+ Optional("upload_extensions", default=["txt", "pdf", "png", "jpg", "jpeg", "gif", "json", "svg"]): Seq(Str()),`
`26`	`28`	`}`
`27`	`29`	`),`
`28`	`30`	`"jwt": Map(`