quay/endpoints/web.py

import logging
import stripe
import os

from flask import (abort, redirect, request, url_for, make_response, Response,
                   Blueprint)
from flask.ext.login import current_user
from urlparse import urlparse

from data import model
from app import app
from auth.permissions import AdministerOrganizationPermission
from util.invoice import renderInvoiceToPdf
from util.seo import render_snapshot
from util.cache import no_cache
from endpoints.common import common_login, render_page_template
from util.names import parse_repository_name

logger = logging.getLogger(__name__)

web = Blueprint('web', __name__)

STATUS_TAGS = app.config['STATUS_TAGS']


@web.route('/', methods=['GET'], defaults={'path': ''})
@web.route('/organization/<path:path>', methods=['GET'])
@no_cache
def index(path):
  return render_page_template('index.html')


@web.route('/500', methods=['GET'])
def internal_error_display():
  return render_page_template('500.html')


@web.route('/snapshot', methods=['GET'])
@web.route('/snapshot/', methods=['GET'])
@web.route('/snapshot/<path:path>', methods=['GET'])
def snapshot(path = ''):
  parsed = urlparse(request.url)
  final_url = '%s://%s/%s' % (parsed.scheme, 'localhost', path)
  result = render_snapshot(final_url)
  if result:
    return result

  abort(404)


@web.route('/plans/')
@no_cache
def plans():
  return index('')


@web.route('/guide/')
@no_cache
def guide():
  return index('')


@web.route('/tutorial/')
@no_cache
def tutorial():
  return index('')


@web.route('/organizations/')
@web.route('/organizations/new/')
@no_cache
def organizations():
  return index('')


@web.route('/user/')
@no_cache
def user():
  return index('')


@web.route('/signin/')
@no_cache
def signin():
  return index('')


@web.route('/contact/')
@no_cache
def contact():
  return index('')


@web.route('/about/')
@no_cache
def about():
  return index('')


@web.route('/new/')
@no_cache
def new():
  return index('')


@web.route('/repository/', defaults={'path': ''})
@web.route('/repository/<path:path>', methods=['GET'])
@no_cache
def repository(path):
  return index('')


@web.route('/security/')
@no_cache
def security():
  return index('')


@web.route('/v1')
@web.route('/v1/')
@no_cache
def v1():
  return index('')


@web.route('/status', methods=['GET'])
@no_cache
def status():
  return make_response('Healthy')


@web.route('/tos', methods=['GET'])
@no_cache
def tos():
  return render_page_template('tos.html')


@web.route('/disclaimer', methods=['GET'])
@no_cache
def disclaimer():
  return render_page_template('disclaimer.html')


@web.route('/privacy', methods=['GET'])
@no_cache
def privacy():
  return render_page_template('privacy.html')


@web.route('/receipt', methods=['GET'])
def receipt():
  if not current_user.is_authenticated():
    abort(401)
    return

  id =  request.args.get('id')
  if id:
    invoice = stripe.Invoice.retrieve(id)
    if invoice:
      user_or_org = model.get_user_or_org_by_customer_id(invoice.customer)
      
      if user_or_org:
        if user_or_org.organization:
          admin_org = AdministerOrganizationPermission(user_or_org.username)
          if not admin_org.can():
            abort(404)
            return
        else:
          if not user_or_org.username == current_user.db_user().username:
            abort(404)
            return      

      file_data = renderInvoiceToPdf(invoice, user_or_org)          
      return Response(file_data,
                      mimetype="application/pdf",
                      headers={"Content-Disposition": "attachment;filename=receipt.pdf"})
  abort(404)


@web.route('/confirm', methods=['GET'])
def confirm_email():
  code = request.values['code']
  user = None
  new_email = None

  try:
    user, new_email = model.confirm_user_email(code)
  except model.DataModelException as ex:
    return render_page_template('confirmerror.html', error_message=ex.message)
    
  common_login(user)

  return redirect(url_for('web.user', tab='email') 
                  if new_email else url_for('web.index'))


@web.route('/recovery', methods=['GET'])
def confirm_recovery():
  code = request.values['code']
  user = model.validate_reset_code(code)

  if user:
    common_login(user)
    return redirect(url_for('web.user'))
  else:
    abort(403)


@web.route('/repository/<path:repository>/status', methods=['GET'])
@parse_repository_name
@no_cache
def build_status_badge(namespace, repository):
  token = request.args.get('token', None)
  is_public = model.repository_is_public(namespace, repository)
  if not is_public:
    repo = model.get_repository(namespace, repository)
    if not repo or token != repo.badge_token:
      abort(404)

  # Lookup the tags for the repository.
  tags = model.list_repository_tags(namespace, repository)
  is_empty = len(list(tags)) == 0
  build = model.get_recent_repository_build(namespace, repository)

  if not is_empty and (not build or build.phase == 'complete'):
    status_name = 'ready'
  elif build and build.phase == 'error':
    status_name = 'failed'
  elif build and build.phase != 'complete':
    status_name = 'building'
  else:
    status_name = 'none'

  response = make_response(STATUS_TAGS[status_name])
  response.content_type = 'image/svg+xml'
  return response
Fix some stuff with logins and permissions, add tags to the mode. 2013-09-25 16:46:28 -04:00			`import logging`
Add ability to download receipts in PDF form 2013-11-18 14:49:54 -05:00			`import stripe`
Add support for build status tags, which link to the Quay.io repo 2014-02-28 16:23:36 -05:00			`import os`
Fix some stuff with logins and permissions, add tags to the mode. 2013-09-25 16:46:28 -04:00
Split out callbacks into their own blueprint. Add build trigger DB information and connect it with some APIs. Stub out the UI to allow for generation of triggers. Split out the triggers into a plugin-ish architecture for easily adding new triggers. 2014-02-18 15:50:15 -05:00			`from flask import (abort, redirect, request, url_for, make_response, Response,`
			`Blueprint)`
			`from flask.ext.login import current_user`
Fix the nginx config to work with the new snapshots. Fix the snapshot creator to correctly create the request path. 2013-11-18 19:17:58 -05:00			`from urlparse import urlparse`
Refactor the code into modules, it was getting unweildy. 2013-09-25 12:45:12 -04:00
			`from data import model`
Split out callbacks into their own blueprint. Add build trigger DB information and connect it with some APIs. Stub out the UI to allow for generation of triggers. Split out the triggers into a plugin-ish architecture for easily adding new triggers. 2014-02-18 15:50:15 -05:00			`from app import app`
Fix the imports when separating out the new common.py file. 2013-12-27 18:01:44 -05:00			`from auth.permissions import AdministerOrganizationPermission`
Add ability to download receipts in PDF form 2013-11-18 14:49:54 -05:00			`from util.invoice import renderInvoiceToPdf`
Fix some things with the seo snapshots and use the pep8 style guite. 2013-11-18 18:42:27 -05:00			`from util.seo import render_snapshot`
Add no-cache as a response header. 2014-01-02 18:01:34 -05:00			`from util.cache import no_cache`
Split out callbacks into their own blueprint. Add build trigger DB information and connect it with some APIs. Stub out the UI to allow for generation of triggers. Split out the triggers into a plugin-ish architecture for easily adding new triggers. 2014-02-18 15:50:15 -05:00			`from endpoints.common import common_login, render_page_template`
Add support for build status tags, which link to the Quay.io repo 2014-02-28 16:23:36 -05:00			`from util.names import parse_repository_name`
Fix the nginx config to work with the new snapshots. Fix the snapshot creator to correctly create the request path. 2013-11-18 19:17:58 -05:00
Fix some stuff with logins and permissions, add tags to the mode. 2013-09-25 16:46:28 -04:00			`logger = logging.getLogger(__name__)`

Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00			`web = Blueprint('web', __name__)`

Cache the status tags and fix the tag for images that were pushed from a build. 2014-03-05 14:35:11 -05:00			`STATUS_TAGS = app.config['STATUS_TAGS']`
Fix some stuff with logins and permissions, add tags to the mode. 2013-09-25 16:46:28 -04:00
Add a 500 error page and make it automatically display if there is a 500 error as a result of an API call 2014-03-10 17:01:36 -04:00
Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00			`@web.route('/', methods=['GET'], defaults={'path': ''})`
			`@web.route('/organization/<path:path>', methods=['GET'])`
Add no-cache as a response header. 2014-01-02 18:01:34 -05:00			`@no_cache`
Enable HTML5 mode for routing. 2013-10-10 19:06:04 -04:00			`def index(path):`
Embed the discovery information directly into the page 2013-12-27 17:19:14 -05:00			`return render_page_template('index.html')`
Refactor the code into modules, it was getting unweildy. 2013-09-25 12:45:12 -04:00

Add a 500 error page and make it automatically display if there is a 500 error as a result of an API call 2014-03-10 17:01:36 -04:00			`@web.route('/500', methods=['GET'])`
			`def internal_error_display():`
			`return render_page_template('500.html')`


Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00			`@web.route('/snapshot', methods=['GET'])`
			`@web.route('/snapshot/', methods=['GET'])`
			`@web.route('/snapshot/<path:path>', methods=['GET'])`
Add the snapshot endpoint to web.py and have the phantomjs running only load the page's HTML once there are no further pending XHR requests 2013-11-18 17:11:06 -05:00			`def snapshot(path = ''):`
Fix the nginx config to work with the new snapshots. Fix the snapshot creator to correctly create the request path. 2013-11-18 19:17:58 -05:00			`parsed = urlparse(request.url)`
			`final_url = '%s://%s/%s' % (parsed.scheme, 'localhost', path)`
			`result = render_snapshot(final_url)`
Add the snapshot endpoint to web.py and have the phantomjs running only load the page's HTML once there are no further pending XHR requests 2013-11-18 17:11:06 -05:00			`if result:`
			`return result`

			`abort(404)`


Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00			`@web.route('/plans/')`
Add no-cache as a response header. 2014-01-02 18:01:34 -05:00			`@no_cache`
Add routes specifically for all angular subroutes so that 404s will start working again. Add a warning in app.js to hopefully ensure that new routes get created when necessary. 2013-10-13 22:06:31 -04:00			`def plans():`
			`return index('')`


Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00			`@web.route('/guide/')`
Add no-cache as a response header. 2014-01-02 18:01:34 -05:00			`@no_cache`
Add routes specifically for all angular subroutes so that 404s will start working again. Add a warning in app.js to hopefully ensure that new routes get created when necessary. 2013-10-13 22:06:31 -04:00			`def guide():`
			`return index('')`


Start on work towards the tutorial. Note that this code is BROKEN 2014-02-05 21:00:04 -05:00			`@web.route('/tutorial/')`
			`@no_cache`
			`def tutorial():`
			`return index('')`


Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00			`@web.route('/organizations/')`
			`@web.route('/organizations/new/')`
Add no-cache as a response header. 2014-01-02 18:01:34 -05:00			`@no_cache`
Work in progress: Organizations page (with a fake tour) and start on the locations for the create new org and convert to org forms 2013-11-07 01:48:58 -05:00			`def organizations():`
			`return index('')`

Fix the imports when separating out the new common.py file. 2013-12-27 18:01:44 -05:00
Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00			`@web.route('/user/')`
Add no-cache as a response header. 2014-01-02 18:01:34 -05:00			`@no_cache`
Add routes specifically for all angular subroutes so that 404s will start working again. Add a warning in app.js to hopefully ensure that new routes get created when necessary. 2013-10-13 22:06:31 -04:00			`def user():`
			`return index('')`


Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00			`@web.route('/signin/')`
Add no-cache as a response header. 2014-01-02 18:01:34 -05:00			`@no_cache`
Move signin to use AJAX. Render all flask templates with the common header. Move the header to a partial. Add account recovery. 2013-10-14 17:50:07 -04:00			`def signin():`
			`return index('')`


Merge branch 'security' Conflicts: endpoints/api.py endpoints/web.py 2014-01-23 14:51:43 -05:00			`@web.route('/contact/')`
			`@no_cache`
Plumbing for the contact us page. 2013-12-17 17:02:37 -05:00			`def contact():`
			`return index('')`


Add an about page. Change the terms in the footer. Add colors to the icons for the contact options. Update the sitemap. Remove empty controllers. 2014-02-06 19:20:19 -05:00			`@web.route('/about/')`
			`@no_cache`
			`def about():`
			`return index('')`


Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00			`@web.route('/new/')`
Add no-cache as a response header. 2014-01-02 18:01:34 -05:00			`@no_cache`
Start on new repo page 2013-10-24 17:41:55 -04:00			`def new():`
			`return index('')`


Split out callbacks into their own blueprint. Add build trigger DB information and connect it with some APIs. Stub out the UI to allow for generation of triggers. Split out the triggers into a plugin-ish architecture for easily adding new triggers. 2014-02-18 15:50:15 -05:00			`@web.route('/repository/', defaults={'path': ''})`
			`@web.route('/repository/<path:path>', methods=['GET'])`
Add no-cache as a response header. 2014-01-02 18:01:34 -05:00			`@no_cache`
Split out callbacks into their own blueprint. Add build trigger DB information and connect it with some APIs. Stub out the UI to allow for generation of triggers. Split out the triggers into a plugin-ish architecture for easily adding new triggers. 2014-02-18 15:50:15 -05:00			`def repository(path):`
Add a rule for the base repository route too to serve the index page. 2013-10-15 21:50:14 -04:00			`return index('')`

Add a security page and link it from the landing page and footer. 2013-11-22 15:54:23 -05:00
Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00			`@web.route('/security/')`
Add no-cache as a response header. 2014-01-02 18:01:34 -05:00			`@no_cache`
Add a security page and link it from the landing page and footer. 2013-11-22 15:54:23 -05:00			`def security():`
			`return index('')`


Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00			`@web.route('/v1')`
			`@web.route('/v1/')`
Add no-cache as a response header. 2014-01-02 18:01:34 -05:00			`@no_cache`
Add a status page to /v1/ so that people don't get confused by the message that docker emits 2013-10-17 17:45:08 -04:00			`def v1():`
			`return index('')`
Add a rule for the base repository route too to serve the index page. 2013-10-15 21:50:14 -04:00
Add a security page and link it from the landing page and footer. 2013-11-22 15:54:23 -05:00
Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00			`@web.route('/status', methods=['GET'])`
Add no-cache as a response header. 2014-01-02 18:01:34 -05:00			`@no_cache`
Add a status endpoint that we can use to test if the instance is serving traffic. 2013-10-02 14:35:21 -04:00			`def status():`
			`return make_response('Healthy')`


Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00			`@web.route('/tos', methods=['GET'])`
Add no-cache as a response header. 2014-01-02 18:01:34 -05:00			`@no_cache`
Add a super basic TOS and privacy policy 2013-10-01 17:44:13 -04:00			`def tos():`
Embed the discovery information directly into the page 2013-12-27 17:19:14 -05:00			`return render_page_template('tos.html')`
Add a super basic TOS and privacy policy 2013-10-01 17:44:13 -04:00

Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00			`@web.route('/disclaimer', methods=['GET'])`
Add no-cache as a response header. 2014-01-02 18:01:34 -05:00			`@no_cache`
Add a trademark disclaimer for the Docker trademark. Make all references to Docker proper nouns. 2013-11-22 12:32:05 -05:00			`def disclaimer():`
Embed the discovery information directly into the page 2013-12-27 17:19:14 -05:00			`return render_page_template('disclaimer.html')`
Add a trademark disclaimer for the Docker trademark. Make all references to Docker proper nouns. 2013-11-22 12:32:05 -05:00

Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00			`@web.route('/privacy', methods=['GET'])`
Add no-cache as a response header. 2014-01-02 18:01:34 -05:00			`@no_cache`
Add a super basic TOS and privacy policy 2013-10-01 17:44:13 -04:00			`def privacy():`
Embed the discovery information directly into the page 2013-12-27 17:19:14 -05:00			`return render_page_template('privacy.html')`
Add a super basic TOS and privacy policy 2013-10-01 17:44:13 -04:00

Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00			`@web.route('/receipt', methods=['GET'])`
Add ability to download receipts in PDF form 2013-11-18 14:49:54 -05:00			`def receipt():`
- Add some more analytics events - Enable business features for personal users on business plans - Fix a bug in the credit card image view 2013-12-20 22:38:53 -05:00			`if not current_user.is_authenticated():`
			`abort(401)`
			`return`

Add ability to download receipts in PDF form 2013-11-18 14:49:54 -05:00			`id = request.args.get('id')`
			`if id:`
			`invoice = stripe.Invoice.retrieve(id)`
			`if invoice:`
- Add some more analytics events - Enable business features for personal users on business plans - Fix a bug in the credit card image view 2013-12-20 22:38:53 -05:00			`user_or_org = model.get_user_or_org_by_customer_id(invoice.customer)`

			`if user_or_org:`
			`if user_or_org.organization:`
			`admin_org = AdministerOrganizationPermission(user_or_org.username)`
			`if not admin_org.can():`
			`abort(404)`
			`return`
			`else:`
			`if not user_or_org.username == current_user.db_user().username:`
			`abort(404)`
			`return`

			`file_data = renderInvoiceToPdf(invoice, user_or_org)`
			`return Response(file_data,`
			`mimetype="application/pdf",`
			`headers={"Content-Disposition": "attachment;filename=receipt.pdf"})`
Add ability to download receipts in PDF form 2013-11-18 14:49:54 -05:00			`abort(404)`

Handle the confirmation codes to validate user emails. 2013-09-27 19:55:04 -04:00
Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00			`@web.route('/confirm', methods=['GET'])`
Send a confirmation email when an account is created. Links don't do anything yet. 2013-09-27 19:29:01 -04:00			`def confirm_email():`
Handle the confirmation codes to validate user emails. 2013-09-27 19:55:04 -04:00			`code = request.values['code']`
Fix return values on confirm code 2014-01-17 17:23:52 -05:00			`user = None`
			`new_email = None`
When an email code has already been used, just redirect to signin. 2013-12-18 19:47:42 -05:00
			`try:`
Fix return values on confirm code 2014-01-17 17:23:52 -05:00			`user, new_email = model.confirm_user_email(code)`
When an email code has already been used, just redirect to signin. 2013-12-18 19:47:42 -05:00			`except model.DataModelException as ex:`
Fix return values on confirm code 2014-01-17 17:23:52 -05:00			`return render_page_template('confirmerror.html', error_message=ex.message)`
Handle duplicate emails on confirmation and make the confirmation error page nicer 2014-01-17 17:20:51 -05:00
Fix return values on confirm code 2014-01-17 17:23:52 -05:00			`common_login(user)`
Handle the confirmation codes to validate user emails. 2013-09-27 19:55:04 -04:00
url_for must reference the blueprint name now. 2014-01-30 17:23:14 -05:00			`return redirect(url_for('web.user', tab='email')`
			`if new_email else url_for('web.index'))`
Send a confirmation email when an account is created. Links don't do anything yet. 2013-09-27 19:29:01 -04:00

Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 17:05:27 -05:00			`@web.route('/recovery', methods=['GET'])`
Move signin to use AJAX. Render all flask templates with the common header. Move the header to a partial. Add account recovery. 2013-10-14 17:50:07 -04:00			`def confirm_recovery():`
			`code = request.values['code']`
			`user = model.validate_reset_code(code)`
Send a confirmation email when an account is created. Links don't do anything yet. 2013-09-27 19:29:01 -04:00
Move signin to use AJAX. Render all flask templates with the common header. Move the header to a partial. Add account recovery. 2013-10-14 17:50:07 -04:00			`if user:`
			`common_login(user)`
url_for must reference the blueprint name now. 2014-01-30 17:23:14 -05:00			`return redirect(url_for('web.user'))`
Move signin to use AJAX. Render all flask templates with the common header. Move the header to a partial. Add account recovery. 2013-10-14 17:50:07 -04:00			`else:`
			`abort(403)`
Add support for build status tags, which link to the Quay.io repo 2014-02-28 16:23:36 -05:00

			`@web.route('/repository/<path:repository>/status', methods=['GET'])`
			`@parse_repository_name`
			`@no_cache`
			`def build_status_badge(namespace, repository):`
			`token = request.args.get('token', None)`
			`is_public = model.repository_is_public(namespace, repository)`
			`if not is_public:`
			`repo = model.get_repository(namespace, repository)`
			`if not repo or token != repo.badge_token:`
			`abort(404)`

			`# Lookup the tags for the repository.`
Fix the tag logic. 2014-03-05 14:57:14 -05:00			`tags = model.list_repository_tags(namespace, repository)`
			`is_empty = len(list(tags)) == 0`
Add support for build status tags, which link to the Quay.io repo 2014-02-28 16:23:36 -05:00			`build = model.get_recent_repository_build(namespace, repository)`
Fix the tag logic. 2014-03-05 14:57:14 -05:00
			`if not is_empty and (not build or build.phase == 'complete'):`
			`status_name = 'ready'`
			`elif build and build.phase == 'error':`
			`status_name = 'failed'`
Fix the status badge logic again. 2014-03-05 15:14:12 -05:00			`elif build and build.phase != 'complete':`
Fix the tag logic. 2014-03-05 14:57:14 -05:00			`status_name = 'building'`
Add support for build status tags, which link to the Quay.io repo 2014-02-28 16:23:36 -05:00			`else:`
Fix the tag logic. 2014-03-05 14:57:14 -05:00			`status_name = 'none'`
Add support for build status tags, which link to the Quay.io repo 2014-02-28 16:23:36 -05:00
Fix the tag logic. 2014-03-05 14:57:14 -05:00			`response = make_response(STATUS_TAGS[status_name])`
Add support for build status tags, which link to the Quay.io repo 2014-02-28 16:23:36 -05:00			`response.content_type = 'image/svg+xml'`
			`return response`