156 lines
3.7 KiB
Python
156 lines
3.7 KiB
Python
from uuid import UUID
|
|
|
|
from django.contrib.auth import authenticate, login, logout
|
|
from django.contrib.auth.decorators import login_required
|
|
from django.core.handlers.wsgi import WSGIRequest
|
|
from django.http import HttpResponse, HttpResponseForbidden, HttpResponseBadRequest
|
|
from django.shortcuts import render, redirect, get_object_or_404
|
|
from django.views.decorators.csrf import csrf_protect
|
|
|
|
from apps.TouYube import forms, models
|
|
|
|
|
|
def view_homepage(request: WSGIRequest) -> HttpResponse:
|
|
videos = models.Video.objects.all()
|
|
|
|
return render(
|
|
request,
|
|
"TouYube/homepage.html",
|
|
dict(videos=videos)
|
|
)
|
|
|
|
|
|
def view_login(request: WSGIRequest) -> HttpResponse:
|
|
"""
|
|
Login to the website
|
|
"""
|
|
|
|
form_login = forms.LoginForm(request.POST)
|
|
|
|
if form_login.is_valid():
|
|
# try to authenticate the user
|
|
user = authenticate(
|
|
request,
|
|
username=form_login.cleaned_data["username"],
|
|
password=form_login.cleaned_data["password"],
|
|
)
|
|
|
|
# if authenticated, log him persistently
|
|
if user is not None:
|
|
login(request, user)
|
|
return redirect("homepage")
|
|
|
|
# otherwise add an error to the form
|
|
form_login.add_error("password", "invalid credentials")
|
|
|
|
return render(
|
|
request,
|
|
"TouYube/login.html",
|
|
dict(form_login=form_login)
|
|
)
|
|
|
|
|
|
def view_logout(request: WSGIRequest) -> HttpResponse:
|
|
"""
|
|
Logout from the website
|
|
"""
|
|
|
|
logout(request)
|
|
|
|
return redirect("homepage")
|
|
|
|
|
|
@login_required
|
|
def view_video_upload(request: WSGIRequest) -> HttpResponse:
|
|
"""
|
|
The page to upload a file
|
|
"""
|
|
|
|
form_upload = forms.UploadForm(request.POST, request.FILES)
|
|
|
|
if form_upload.is_valid():
|
|
# save the video
|
|
video = models.Video.objects.create(
|
|
author=request.user,
|
|
name=form_upload.cleaned_data["name"],
|
|
content=form_upload.cleaned_data["content"]
|
|
)
|
|
video.save()
|
|
|
|
# redirect the user to his own video
|
|
return redirect("video_full", video.id)
|
|
|
|
return render(
|
|
request,
|
|
"TouYube/upload.html",
|
|
dict(form_upload=form_upload)
|
|
)
|
|
|
|
|
|
@login_required
|
|
def view_video_delete(request: WSGIRequest, video_id: UUID) -> HttpResponse:
|
|
"""
|
|
Delete a video
|
|
"""
|
|
|
|
# check the method
|
|
if request.method != "POST":
|
|
return HttpResponseBadRequest()
|
|
|
|
video = get_object_or_404(models.Video, id=video_id)
|
|
|
|
# check if the user is the video's author
|
|
if request.user != video.author:
|
|
return HttpResponseForbidden()
|
|
|
|
# delete the video
|
|
video.delete()
|
|
|
|
return redirect("homepage")
|
|
|
|
|
|
def view_video_full(request: WSGIRequest, video_id: UUID) -> HttpResponse:
|
|
"""
|
|
Render the page for a video
|
|
"""
|
|
|
|
video = get_object_or_404(models.Video, id=video_id)
|
|
|
|
return render(
|
|
request,
|
|
"TouYube/video_full.html",
|
|
dict(video=video)
|
|
)
|
|
|
|
|
|
def view_video_embed(request: WSGIRequest, video_id: UUID) -> HttpResponse:
|
|
"""
|
|
Render the page for an embedded video
|
|
"""
|
|
|
|
video = get_object_or_404(models.Video, id=video_id)
|
|
|
|
return render(
|
|
request,
|
|
"TouYube/video_embed.html",
|
|
dict(video=video)
|
|
)
|
|
|
|
|
|
def view_attack_some(request: WSGIRequest) -> HttpResponse:
|
|
"""
|
|
Allow for a some attack by allowing JavaScript as an argument that will later be executed in the website context
|
|
"""
|
|
|
|
# check the method
|
|
if request.method != "POST":
|
|
return HttpResponseBadRequest()
|
|
|
|
# get the callback code
|
|
callback_js = request.POST["callback"]
|
|
|
|
return render(
|
|
request,
|
|
"TouYube/callback.html",
|
|
dict(callback_js=callback_js)
|
|
)
|