From 588c250513632d0e752b271e559fb34ee35f2989 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 5 Jun 2013 16:40:06 +0200 Subject: Allow folks to see their own statistics. --- backend/zmusic/endpoints/stats.py | 27 ++++++++++++++++++++------- backend/zmusic/login.py | 5 ++++- frontend/css/page.css | 15 ++++++++++++++- frontend/index.html | 2 +- frontend/stats.html | 4 ++-- 5 files changed, 41 insertions(+), 12 deletions(-) diff --git a/backend/zmusic/endpoints/stats.py b/backend/zmusic/endpoints/stats.py index 13149ca..3ae4ca9 100644 --- a/backend/zmusic/endpoints/stats.py +++ b/backend/zmusic/endpoints/stats.py @@ -1,29 +1,42 @@ from zmusic import app, db from zmusic.database import Download -from zmusic.login import admin_required -from flask import jsonify +from zmusic.login import login_required, is_admin +from flask import jsonify, request, abort import socket +def clean_ip(): + ip = request.remote_addr + if (ip.find('::ffff:') == 0 and len(ip) > len('::ffff:')): + ip = ip[len('::ffff:'):] + return ip + @app.route('/stats') @app.route('/stats/') -@admin_required +@login_required def stats_all_ips(): ips = [] socket.setdefaulttimeout(2) - for ip in db.session.query(Download.ip).group_by(Download.ip).order_by(db.desc(db.func.max(Download.time))): + if is_admin(): + iterations = [a.ip for a in db.session.query(Download.ip).group_by(Download.ip).order_by(db.desc(db.func.max(Download.time)))] + else: + iterations = [clean_ip()] + + for ip in iterations: try: - host = socket.gethostbyaddr(ip.ip)[0] + host = socket.gethostbyaddr(ip)[0] except: host = None - ips.append({ "ip": ip.ip, "host": host }) + ips.append({ "ip": ip, "host": host }) response = jsonify(downloaders=ips) response.cache_control.no_cache = True return response @app.route('/stats/') -@admin_required +@login_required def stats_for_ip(ip): + if not is_admin() and ip != clean_ip(): + return abort(403) songlist = [] for song in Download.query.filter((Download.ip == ip) & (Download.leader_id == None)).order_by(Download.leader_id).order_by(db.desc(Download.time)): if song.is_zip: diff --git a/backend/zmusic/login.py b/backend/zmusic/login.py index e625736..6e7b270 100644 --- a/backend/zmusic/login.py +++ b/backend/zmusic/login.py @@ -34,11 +34,14 @@ def login_required(fn): def admin_required(fn): @wraps(fn) def decorated_view(*args, **kwargs): - if query_is_admin_user(request.args) or (current_user.is_authenticated() and current_user.admin): + if is_admin(): return fn(*args, **kwargs) return app.login_manager.unauthorized() return decorated_view +def is_admin(): + return query_is_admin_user(request.args) or (current_user.is_authenticated() and current_user.admin) + def query_is_music_user(query): username = query.get("username", None) password = query.get("password", None) diff --git a/frontend/css/page.css b/frontend/css/page.css index f1c22d6..514f358 100644 --- a/frontend/css/page.css +++ b/frontend/css/page.css @@ -12,7 +12,20 @@ overflow: auto; -webkit-overflow-scrolling: touch; } - +#stats { + position: absolute; + bottom: 1px; + right: 1px; + font-size: 9px; + line-height: 9px; +} +#stats a { + color: #bbbbbb; +} +#stats a:hover { + color: #dddddd; + text-decoration: none; +} #controls { position: absolute; bottom: 60px; diff --git a/frontend/index.html b/frontend/index.html index 8de380b..54f602a 100644 --- a/frontend/index.html +++ b/frontend/index.html @@ -72,6 +72,6 @@
- + diff --git a/frontend/stats.html b/frontend/stats.html index 7113e86..e15e278 100644 --- a/frontend/stats.html +++ b/frontend/stats.html @@ -70,8 +70,8 @@ function loadIps() { var xhr = new XMLHttpRequest(); xhr.onreadystatechange = function() { if (xhr.readyState == 2 && xhr.status == 403) { - alert("You must be logged in as an administrative user to view this page.\n\nAfter you're logged out, go to the main music page, and login with the admin creds."); - window.location = "logout"; + alert("You must be logged in to view this page."); + window.location = "/"; return; } if (xhr.readyState != 4) -- cgit v1.2.3-59-g8ed1b