module.py

#!/usr/bin/python
# -*- coding: UTF-8 -*-

from cStringIO import StringIO
from datetime import datetime, timedelta
from email.mime.application import MIMEApplication
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from logging.config import dictConfig
from threading import Thread
from uuid import uuid4
import base64
import functools
import hashlib
import logging
import json
import os

from PIL import Image
from flask import Flask
from flask import jsonify
from flask import render_template, send_from_directory 
from flask import request, has_request_context
from flask import send_file
from flask import session
from flask import url_for
from flask_compress import Compress
from flask_session import Session
from pyzbar import pyzbar
from werkzeug import abort, redirect
from werkzeug.http import http_date
from werkzeug.middleware.proxy_fix import ProxyFix
import gnupg
import pdf2image
import pyotp
import pytz
import re
import time
import qrcode
import webauthn

from NIST.fingerprint import NISTf_auto
from PiAnoS import caseExistsInDB

from const import pfsp
import utils
from functions import redis_cache

from functions import dek_generate, do_encrypt_dek, do_decrypt_dek, dek_check
from functions import do_encrypt_user_session, do_decrypt_user_session
from functions import no_preview_image
from functions import mySMTP

import config

################################################################################

from version import __version__, __branch__, __commit__, __commiturl__, __treeurl__

################################################################################

logrequestre = re.compile( "(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).*\[[^\]]+\]\s(.*)" )

class RequestFormatter( logging.Formatter ):
    def format( self, record ):
        if has_request_context():
            try:
                username = session[ "username" ] 
            except:
                username = "-"
            
            record.msg = "{REMOTE_ADDR} (" + username + ") - " + record.msg
            record.msg = record.msg.format( **request.headers.environ )
        
        m = logrequestre.match( record.msg )
        if m:
            record.msg = m.group( 2 )
        
        return super( RequestFormatter, self ).format( record )

class myFilter( object ):
    def filter( self, record ):
        if "{}/ping".format( config.baseurl ) in record.msg and " 200 " in record.msg:
            return 0
        else:
            return 1

class myStreamHandler( logging.StreamHandler ):
    def __init__( self ):
        logging.StreamHandler.__init__( self )
        self.addFilter( myFilter() )

dictConfig( {
    "version": 1,
    "formatters": {
        "default": {
            "()": "module.RequestFormatter",
            "format": "[%(asctime)s] %(levelname)s: \t%(message)s",
        }
    },
    "handlers": {
        "console": {
            "class": "module.myStreamHandler",
            "formatter": "default"
        }
    },
    "root": {
        "level": "INFO",
        "handlers": [ "console" ]
    }
} )

################################################################################

app = Flask( __name__ )
app.config.from_pyfile( "config.py" )

Compress( app )
Session( app )

if config.PROXY:
    app.wsgi_app = ProxyFix( app.wsgi_app )

################################################################################
#    Decorators

def session_field_required( field, value ):
    def decorator( func ):
        @functools.wraps( func )
        def wrapper_login_required( *args, **kwargs ):
            if not field in session:
                return redirect( url_for( "login" ) )
            
            elif not session.get( field ) == value:
                return redirect( url_for( "login" ) )
            
            return func( *args, **kwargs )
    
        return wrapper_login_required
    
    return decorator

def login_required( func ):
    @functools.wraps( func )
    def wrapper_login_required( *args, **kwargs ):
        if not session.get( "logged", False ) :
            return redirect( url_for( "login" ) )
        
        return func( *args, **kwargs )

    return wrapper_login_required

def referer_required( func ):
    @functools.wraps( func )
    def wrapper_login_required( *args, **kwargs ):
        if not request.headers.get( "Referer", False ):
            return "referrer needed", 404
        
        return func( *args, **kwargs )

    return wrapper_login_required

def admin_required( func ):
    @functools.wraps( func )
    def wrapper_login_required( *args, **kwargs ):
        if not session.get( "logged", False ) or not session.get( "account_type_name", None ) == "Administrator":
            return redirect( url_for( "login" ) )
        
        return func( *args, **kwargs )

    return wrapper_login_required

@redis_cache( 15 * 60 )
def check_correct_submitter( submission_id, submitter_id ):
    sql = """
        SELECT count( * )
        FROM submissions
        WHERE uuid = %s AND submitter_id = %s
    """
    check = config.db.query_fetchone( sql, ( submission_id, submitter_id, ) )[ "count" ]
    return check == 1

def submission_has_access( func ):
    @functools.wraps( func )
    def wrapper_login_required( *args, **kwargs ):
        submission_id = request.view_args.get( "submission_id", None )
        user_id = session.get( "user_id" )
        
        if session.get( "account_type_name", None ) == "Administrator":
            return func( *args, **kwargs )
        
        elif not session.get( "logged", False ) or not session.get( "account_type_name", None ) == "Submitter":
            return redirect( url_for( "login" ) )
        
        elif submission_id != None and not check_correct_submitter( submission_id, user_id ):
            return abort( 403 )
        
        else:
            return func( *args, **kwargs )