Self-host images for assignments (#105)

ImgBB is blocked on fcps computers.

---------

Co-authored-by: Krishnan Shankar <krishnans2006@gmail.com>

Author: JasonGrace2282

.gitignore

@@ -7,6 +7,7 @@ media/
 
 tin/settings/secret.py
 tin/serve
+tin/static/uploaded-media
 
 .idea/
 docs/build/

tin/apps/assignments/forms.py

@@ -5,6 +5,7 @@
 
 from django import forms
 from django.conf import settings
+from django.core.exceptions import ValidationError
 
 from ..submissions.models import Submission
 from .models import Assignment, Folder, MossResult
@@ -241,3 +242,13 @@ class Meta:
             "name",
         ]
         help_texts = {"name": "Note: Folders are ordered alphabetically."}
+
+
+class ImageForm(forms.Form):
+    image = forms.FileField()
+
+    def clean_image(self):
+        image = self.cleaned_data.get("image")
+        if image and image.size > settings.MAX_UPLOADED_IMAGE_SIZE:
+            raise ValidationError("Image size exceeds the maximum limit")
+        return image

tin/apps/assignments/urls.py

@@ -56,4 +56,5 @@
         views.delete_folder_view,
         name="delete_folder",
     ),
+    path("upload", views.upload_image, name="upload_image"),
 ]

tin/apps/assignments/views.py

@@ -5,8 +5,10 @@
 import logging
 import os
 import subprocess
+import uuid
 import zipfile
 from io import BytesIO
+from pathlib import Path
 
 import celery
 from django import http
@@ -16,6 +18,7 @@
 from django.urls import reverse
 from django.utils.text import slugify
 from django.utils.timezone import now
+from django.views.decorators.http import require_POST
 
 from ... import sandboxing
 from ..auth.decorators import login_required, teacher_or_superuser_required
@@ -29,6 +32,7 @@
     FileUploadForm,
     FolderForm,
     GraderScriptUploadForm,
+    ImageForm,
     MossForm,
     TextSubmissionForm,
 )
@@ -236,7 +240,6 @@ def create_view(request, course_id):
             "course": course,
             "nav_item": "Create assignment",
             "action": "add",
-            "imgbb_api_key": settings.IMGBB_API_KEY,
         },
     )
 
@@ -272,7 +275,6 @@ def edit_view(request, assignment_id):
             "assignment": assignment,
             "nav_item": "Edit",
             "action": "edit",
-            "imgbb_api_key": settings.IMGBB_API_KEY,
         },
     )
 
@@ -1181,3 +1183,30 @@ def delete_folder_view(request, course_id, folder_id):
 
     folder.delete()
     return redirect("courses:show", course.id)
+
+
+@require_POST
+@teacher_or_superuser_required
+def upload_image(request):
+    form = ImageForm(request.POST, request.FILES)
+    if form.is_valid():
+        image = form.cleaned_data["image"]
+        image_name = Path(image.name)
+        uuid_image_name = image_name.with_stem(f"{image_name.stem}-{uuid.uuid4()}")
+        static_location = Path("uploaded-media") / uuid_image_name
+        dest = (
+            Path(settings.STATICFILES_DIRS[0]) if settings.DEBUG else Path(settings.STATIC_ROOT)
+        ) / static_location
+        dest.parent.mkdir(exist_ok=True)
+        with dest.open("wb+") as f:
+            for chunk in image.chunks():
+                f.write(chunk)
+        return http.JsonResponse(
+            {
+                "url": request.build_absolute_uri(
+                    f"{settings.STATIC_URL.removesuffix('/')}/{static_location}"
+                ),
+                "title": image_name.stem,
+            }
+        )
+    return http.JsonResponse(form.errors, status=400)

tin/settings/__init__.py

@@ -344,8 +344,8 @@
 # Threshold for log messages being issues
 QUIZ_ISSUE_THRESHOLD = 5
 
-# ImgBB API key (set in secret.py)
-IMGBB_API_KEY = ""
+# Maximum size of uploaded images in bytes
+MAX_UPLOADED_IMAGE_SIZE = float("inf")
 
 # Sandboxing
 

tin/static/js/markdown-image-dragdrop.js

@@ -19,144 +19,142 @@ function insertAtCursor(myField, myValue) {
 }
 
 $(function () {
-  if (IMGBB_API_KEY) {
-    const markdownToggle = $('#id_markdown');
-    const description = $('#description');
-    const descriptionParent = description.parent();
+  const markdownToggle = $('#id_markdown');
+  const description = $('#description');
+  const descriptionParent = description.parent();
 
-    descriptionParent.css({
-      position: 'relative',
-    });
+  descriptionParent.css({
+    position: 'relative',
+  });
 
-    const uploadOverlay = $('<div>')
-      .css({
-        display: 'none',
-        position: 'absolute',
-        top: 0,
-        left: 0,
-        width: '97%',
-        height: '100%',
-        'background-color': 'rgba(0, 0, 0, 0.2)',
-        'z-index': 1000,
-        'text-align': 'center',
-        border: '10px dashed #000',
-        padding: '30px 20px 0px 20px',
-        'font-size': '250%',
-        'box-sizing': 'border-box',
-      })
-      .text('Drop to embed')
-      .appendTo(descriptionParent);
+  const uploadOverlay = $('<div>')
+    .css({
+      display: 'none',
+      position: 'absolute',
+      top: 0,
+      left: 0,
+      width: '97%',
+      height: '100%',
+      'background-color': 'rgba(0, 0, 0, 0.2)',
+      'z-index': 1000,
+      'text-align': 'center',
+      border: '10px dashed #000',
+      padding: '30px 20px 0px 20px',
+      'font-size': '250%',
+      'box-sizing': 'border-box',
+    })
+    .text('Drop to embed')
+    .appendTo(descriptionParent);
 
-    descriptionParent.on({
-      dragover: function (e) {
-        if (markdownToggle.prop('checked')) {
-          e.preventDefault();
+  descriptionParent.on({
+    dragover: function (e) {
+      if (markdownToggle.prop('checked')) {
+        e.preventDefault();
+      }
+    },
+    dragenter: function (e) {
+      if (markdownToggle.prop('checked')) {
+        const dt = e.originalEvent.dataTransfer;
+        if (dt.types.includes('Files')) {
+          uploadOverlay.stop().fadeIn(150);
         }
-      },
-      dragenter: function (e) {
-        if (markdownToggle.prop('checked')) {
-          const dt = e.originalEvent.dataTransfer;
-          if (dt.types.includes('Files')) {
-            uploadOverlay.stop().fadeIn(150);
+      }
+    },
+    drop: function (e) {
+      if (markdownToggle.prop('checked')) {
+        const dt = e.originalEvent.dataTransfer;
+        e.preventDefault();
+        if (dt && dt.files.length) {
+          if (dt.files.length != 1) {
+            alert('Please only upload one file at a time.');
+            return;
           }
-        }
-      },
-      drop: function (e) {
-        if (markdownToggle.prop('checked')) {
-          const dt = e.originalEvent.dataTransfer;
-          e.preventDefault();
-          if (dt && dt.files.length) {
-            if (dt.files.length != 1) {
-              alert('Please only upload one file at a time.');
-              return;
-            }
 
-            let data = new FormData();
-            data.append('key', IMGBB_API_KEY);
-            data.append('image', dt.files[0]);
+          let data = new FormData();
+          data.append('image', dt.files[0]);
+          data.append('csrfmiddlewaretoken', Cookies.get('csrftoken'));
 
-            $.ajax({
-              url: 'https://api.imgbb.com/1/upload',
-              method: 'POST',
-              data: data,
-              processData: false,
-              contentType: false,
-            }).done(function (data) {
-              const name = data.data.title;
-              const url = data.data.url;
-              insertAtCursor(description[0], `![${name}](${url})`);
-            });
-          }
-          uploadOverlay.stop().fadeOut(150);
+          $.ajax({
+            url: '/assignments/upload',
+            method: 'POST',
+            data: data,
+            processData: false,
+            contentType: false,
+          }).done(function (data) {
+            const name = data.title;
+            const url = data.url;
+            insertAtCursor(description[0], `![${name}](${url})`);
+          });
         }
-      },
-    });
+        uploadOverlay.stop().fadeOut(150);
+      }
+    },
+  });
 
-    uploadOverlay.on('dragleave', function () {
-      uploadOverlay.stop().fadeOut(150);
-    });
+  uploadOverlay.on('dragleave', function () {
+    uploadOverlay.stop().fadeOut(150);
+  });
 
-    // This is basically a copy-paste of the above code, but for the quiz description
-    // I'm not sure how to refactor this to completely avoid code duplication, but I've made an attempt
-    const quizMarkdownToggle = $('#id_quiz_description_markdown');
-    const quizDescription = $('#id_quiz_description');
-    const quizDescriptionParent = quizDescription.parent();
+  // This is basically a copy-paste of the above code, but for the quiz description
+  // I'm not sure how to refactor this to completely avoid code duplication, but I've made an attempt
+  const quizMarkdownToggle = $('#id_quiz_description_markdown');
+  const quizDescription = $('#id_quiz_description');
+  const quizDescriptionParent = quizDescription.parent();
 
-    quizDescriptionParent.css({
-      position: 'relative',
-    });
+  quizDescriptionParent.css({
+    position: 'relative',
+  });
 
-    const quizUploadOverlay = uploadOverlay
-      .clone()
-      .appendTo(quizDescriptionParent);
+  const quizUploadOverlay = uploadOverlay
+    .clone()
+    .appendTo(quizDescriptionParent);
 
-    quizDescriptionParent.on({
-      dragover: function (e) {
-        if (quizMarkdownToggle.prop('checked')) {
-          e.preventDefault();
+  quizDescriptionParent.on({
+    dragover: function (e) {
+      if (quizMarkdownToggle.prop('checked')) {
+        e.preventDefault();
+      }
+    },
+    dragenter: function (e) {
+      if (quizMarkdownToggle.prop('checked')) {
+        const dt = e.originalEvent.dataTransfer;
+        if (dt.types.includes('Files')) {
+          quizUploadOverlay.stop().fadeIn(150);
         }
-      },
-      dragenter: function (e) {
-        if (quizMarkdownToggle.prop('checked')) {
-          const dt = e.originalEvent.dataTransfer;
-          if (dt.types.includes('Files')) {
-            quizUploadOverlay.stop().fadeIn(150);
+      }
+    },
+    drop: function (e) {
+      if (quizMarkdownToggle.prop('checked')) {
+        const dt = e.originalEvent.dataTransfer;
+        e.preventDefault();
+        if (dt && dt.files.length) {
+          if (dt.files.length != 1) {
+            alert('Please only upload one file at a time.');
+            return;
           }
-        }
-      },
-      drop: function (e) {
-        if (quizMarkdownToggle.prop('checked')) {
-          const dt = e.originalEvent.dataTransfer;
-          e.preventDefault();
-          if (dt && dt.files.length) {
-            if (dt.files.length != 1) {
-              alert('Please only upload one file at a time.');
-              return;
-            }
 
-            let data = new FormData();
-            data.append('key', IMGBB_API_KEY);
-            data.append('image', dt.files[0]);
+          let data = new FormData();
+          data.append('image', dt.files[0]);
+          data.append('csrfmiddlewaretoken', Cookies.get('csrftoken'));
 
-            $.ajax({
-              url: 'https://api.imgbb.com/1/upload',
-              method: 'POST',
-              data: data,
-              processData: false,
-              contentType: false,
-            }).done(function (data) {
-              const name = data.data.title;
-              const url = data.data.url;
-              insertAtCursor(quizDescription[0], `![${name}](${url})`);
-            });
-          }
-          quizUploadOverlay.stop().fadeOut(150);
+          $.ajax({
+            url: '/assignments/upload',
+            method: 'POST',
+            data: data,
+            processData: false,
+            contentType: false,
+          }).done(function (data) {
+            const name = data.title;
+            const url = data.url;
+            insertAtCursor(quizDescription[0], `![${name}](${url})`);
+          });
         }
-      },
-    });
+        quizUploadOverlay.stop().fadeOut(150);
+      }
+    },
+  });
 
-    quizUploadOverlay.on('dragleave', function () {
-      quizUploadOverlay.stop().fadeOut(150);
-    });
-  }
+  quizUploadOverlay.on('dragleave', function () {
+    quizUploadOverlay.stop().fadeOut(150);
+  });
 });