diff --git a/admin.py b/admin.py index ad0dbf9a..105b79a1 100644 --- a/admin.py +++ b/admin.py @@ -36,6 +36,7 @@ regluit imports from regluit import payment from regluit.core import models from regluit.marc.models import MARCRecord +from regluit.api.models import AllowedRepo from regluit.core.lookups import ( PublisherNameLookup, WorkLookup, @@ -233,6 +234,9 @@ class MARCRecordAdmin(ModelAdmin): date_hierarchy = 'created' form = MARCRecordAdminForm +class AllowedRepoAdmin(ModelAdmin): + list_display = ('org', 'repo_name') + admin_site = RegluitAdmin("Admin") admin_site.register(User, UserAdmin) @@ -258,6 +262,7 @@ admin_site.register(models.CeleryTask, CeleryTaskAdmin) admin_site.register(models.Press, PressAdmin) admin_site.register(models.Gift, GiftAdmin) admin_site.register(MARCRecord, MARCRecordAdmin) +admin_site.register(AllowedRepo, AllowedRepoAdmin) admin_site.register(models.Relation, RelationAdmin) # payments diff --git a/api/migrations/0001_initial.py b/api/migrations/0001_initial.py new file mode 100644 index 00000000..773a6325 --- /dev/null +++ b/api/migrations/0001_initial.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +import datetime +from south.db import db +from south.v2 import SchemaMigration +from django.db import models + + +class Migration(SchemaMigration): + + def forwards(self, orm): + # Adding model 'AllowedRepo' + db.create_table('api_allowedrepo', ( + ('id', self.gf('django.db.models.fields.AutoField')(primary_key=True)), + ('org', self.gf('django.db.models.fields.CharField')(max_length=39)), + ('repo_name', self.gf('django.db.models.fields.CharField')(max_length=100)), + )) + db.send_create_signal('api', ['AllowedRepo']) + + + def backwards(self, orm): + # Deleting model 'AllowedRepo' + db.delete_table('api_allowedrepo') + + + models = { + 'api.allowedrepo': { + 'Meta': {'object_name': 'AllowedRepo'}, + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'org': ('django.db.models.fields.CharField', [], {'max_length': '39'}), + 'repo_name': ('django.db.models.fields.CharField', [], {'max_length': '100'}) + } + } + + complete_apps = ['api'] \ No newline at end of file diff --git a/api/migrations/__init__.py b/api/migrations/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/api/models.py b/api/models.py index e69de29b..8d20ce74 100644 --- a/api/models.py +++ b/api/models.py @@ -0,0 +1,31 @@ +from django.db import models + + + +#https://github.com/GITenberg/Adventures-of-Huckleberry-Finn_76/raw/master/metadata.yaml + +def repo_allowed(repo_url): + if not repo_url.startswith('https://github.com/'): + return (False, "repo url must start with 'https://github.com/'") + try: + (org,repo_name,raw,branch,filename) = repo_url[19:].split('/') + except ValueError: + return (False, "repo url must be well formed, metadata at top repo level") + if not raw == 'raw': + return (False, "repo url must point at 'raw' file") + if not filename == 'metadata.yaml': + return (False, "repo filename must be 'metadata.yaml'") + if not branch == 'master': + return (False, "repo branch must be 'master'") + allowed_repos = AllowedRepo.objects.filter(org=org) + for allowed_repo in allowed_repos: + if allowed_repo.repo_name == '*': + return (True, '*') + if allowed_repo.repo_name == repo_name: + return (True, '*') + return (False, "no allowed repos in that org") + +class AllowedRepo(models.Model): + org = models.CharField(max_length=39) + repo_name = models.CharField(max_length=100) + \ No newline at end of file diff --git a/api/tests.py b/api/tests.py index 5a671945..b3076553 100755 --- a/api/tests.py +++ b/api/tests.py @@ -18,6 +18,7 @@ import regluit.core.isbn from regluit.core import bookloader, models from regluit.utils.localdatetime import now +from regluit.api import models as apimodels class ApiTests(TestCase): work_id=None @@ -125,3 +126,21 @@ class ApiTests(TestCase): r = self.client.get('/api/widget/%s/'%self.work_id) self.assertEqual(r.status_code, 200) +class AllowedRepoTests(TestCase): + def setUp(self): + apimodels.AllowedRepo.objects.create(org='test',repo_name='test') + apimodels.AllowedRepo.objects.create(org='star',repo_name='*') + + def test_urls(self): + #good + self.assertTrue(apimodels.repo_allowed('https://github.com/test/test/raw/master/metadata.yaml')[0]) + self.assertTrue(apimodels.repo_allowed('https://github.com/star/test/raw/master/metadata.yaml')[0]) + # bad urls + self.assertFalse(apimodels.repo_allowed('auhf8peargp8ge')[0]) + self.assertFalse(apimodels.repo_allowed('')[0]) + self.assertFalse(apimodels.repo_allowed('http://github.com/test/test/raw/master/metadata.yaml')[0]) + self.assertFalse(apimodels.repo_allowed('https://github.com/test/test/raw/master/samples/metadata.yaml')[0]) + self.assertFalse(apimodels.repo_allowed('https://github.com/test/test/raw/branch/metadata.yaml')[0]) + self.assertFalse(apimodels.repo_allowed('https://github.com/test/test/master/metadata.yaml')[0]) + self.assertFalse(apimodels.repo_allowed('https://github.com/test/test/raw/master/metadata.json')[0]) + diff --git a/api/views.py b/api/views.py index 2868513b..6ed2ff18 100755 --- a/api/views.py +++ b/api/views.py @@ -17,6 +17,7 @@ from django.http import ( import regluit.core.isbn from regluit.core.bookloader import load_from_yaml from regluit.api import opds +from regluit.api.models import repo_allowed from regluit.core import models @@ -70,6 +71,9 @@ def load_yaml(request): repo_url = request.POST.get('repo_url', None) if not repo_url: return HttpResponse('needs repo_url') + (allowed,reason) =repo_allowed(repo_url) + if not allowed: + return HttpResponse('repo_url not allowed: '+reason) try: work_id = load_from_yaml(repo_url) return HttpResponseRedirect(reverse('work', args=[work_id]))