japanese-drum-game/app.py

534 lines
17 KiB
Python
Raw Normal View History

2020-03-13 10:45:42 +08:00
#!/usr/bin/env python3
2018-10-18 05:16:53 +08:00
2020-03-17 09:27:06 +08:00
import base64
2020-03-13 10:45:42 +08:00
import bcrypt
2020-03-17 09:27:06 +08:00
import hashlib
2020-03-17 07:30:44 +08:00
import config
2018-10-11 04:57:29 +08:00
import json
2018-08-27 20:28:30 +08:00
import re
2020-03-17 09:27:06 +08:00
import requests
2020-03-13 10:45:42 +08:00
import schema
2018-08-27 20:28:30 +08:00
import os
2020-03-13 10:45:42 +08:00
from functools import wraps
2020-03-16 00:16:18 +08:00
from flask import Flask, g, jsonify, render_template, request, abort, redirect, session, flash
2019-02-14 18:31:23 +08:00
from flask_caching import Cache
2020-03-13 10:45:42 +08:00
from flask_session import Session
2020-03-17 10:18:18 +08:00
from flask_wtf.csrf import CSRFProtect, generate_csrf, CSRFError
2018-10-18 05:16:53 +08:00
from ffmpy import FFmpeg
2020-03-13 10:45:42 +08:00
from pymongo import MongoClient
2018-08-27 00:14:56 +08:00
app = Flask(__name__)
2020-03-17 07:30:44 +08:00
client = MongoClient(host=config.MONGO['host'])
2020-03-13 10:45:42 +08:00
2020-03-17 07:30:44 +08:00
app.secret_key = config.SECRET_KEY
2020-03-13 10:45:42 +08:00
app.config['SESSION_TYPE'] = 'redis'
2020-03-17 07:30:44 +08:00
app.cache = Cache(app, config=config.REDIS)
2020-03-13 10:45:42 +08:00
sess = Session()
sess.init_app(app)
2020-03-17 10:10:47 +08:00
csrf = CSRFProtect(app)
2020-03-13 10:45:42 +08:00
2020-03-17 07:30:44 +08:00
db = client[config.MONGO['database']]
2020-03-13 10:45:42 +08:00
db.users.create_index('username', unique=True)
2020-03-17 07:30:44 +08:00
db.songs.create_index('id', unique=True)
2018-08-27 00:14:56 +08:00
2020-03-17 09:27:06 +08:00
class HashException(Exception):
pass
2020-03-13 10:45:42 +08:00
def api_error(message):
return jsonify({'status': 'error', 'message': message})
2020-03-17 09:27:06 +08:00
def generate_hash(id, form):
md5 = hashlib.md5()
if form['type'] == 'tja':
urls = ['%s%s/main.tja' % (config.SONGS_BASEURL, id)]
else:
urls = []
for diff in ['easy', 'normal', 'hard', 'oni', 'ura']:
if form['course_' + diff]:
urls.append('%s%s/%s.osu' % (config.SONGS_BASEURL, id, diff))
for url in urls:
resp = requests.get(url)
if resp.status_code != 200:
2020-03-17 09:27:54 +08:00
raise HashException('Invalid response from %s (status code %s)' % (resp.url, resp.status_code))
2020-03-17 09:27:06 +08:00
md5.update(resp.content)
return base64.b64encode(md5.digest())[:-2].decode('utf-8')
2020-03-13 10:45:42 +08:00
def login_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if not session.get('username'):
return api_error('not_logged_in')
return f(*args, **kwargs)
return decorated_function
2020-03-17 07:30:44 +08:00
def admin_required(level):
def decorated_function(f):
@wraps(f)
def wrapper(*args, **kwargs):
if not session.get('username'):
return abort(403)
user = db.users.find_one({'username': session.get('username')})
if user['user_level'] < level:
return abort(403)
2018-08-27 00:14:56 +08:00
2020-03-17 07:30:44 +08:00
return f(*args, **kwargs)
return wrapper
2020-03-13 10:45:42 +08:00
return decorated_function
2018-08-27 00:14:56 +08:00
2020-03-17 10:18:18 +08:00
@app.errorhandler(CSRFError)
def handle_csrf_error(e):
return api_error('invalid_csrf')
@app.before_request
def before_request_func():
if session.get('session_id'):
if not db.users.find_one({'session_id': session.get('session_id')}):
session.clear()
2018-10-28 17:59:49 +08:00
def get_config():
2020-03-17 07:30:44 +08:00
config_out = {
'songs_baseurl': config.SONGS_BASEURL,
'assets_baseurl': config.ASSETS_BASEURL,
'email': config.EMAIL,
2020-03-17 09:27:06 +08:00
'accounts': config.ACCOUNTS,
'custom_js': config.CUSTOM_JS
2020-03-17 07:30:44 +08:00
}
2018-10-28 17:59:49 +08:00
2020-03-17 07:30:44 +08:00
if not config_out.get('songs_baseurl'):
config_out['songs_baseurl'] = ''.join([request.host_url, 'songs']) + '/'
if not config_out.get('assets_baseurl'):
config_out['assets_baseurl'] = ''.join([request.host_url, 'assets']) + '/'
2018-10-28 17:59:49 +08:00
2020-03-17 07:30:44 +08:00
config_out['_version'] = get_version()
2020-03-17 10:10:47 +08:00
config_out['_csrf_token'] = generate_csrf()
2020-03-17 07:30:44 +08:00
return config_out
2018-10-28 17:59:49 +08:00
2018-12-06 05:47:35 +08:00
def get_version():
2020-03-17 07:30:44 +08:00
version = {'commit': None, 'commit_short': '', 'version': None, 'url': config.URL}
2018-12-06 05:47:35 +08:00
if os.path.isfile('version.json'):
2019-02-07 02:49:25 +08:00
try:
ver = json.load(open('version.json', 'r'))
except ValueError:
print('Invalid version.json file')
return version
for key in version.keys():
if ver.get(key):
version[key] = ver.get(key)
2018-12-06 05:47:35 +08:00
return version
2018-10-11 04:57:29 +08:00
@app.route('/')
def route_index():
2018-12-06 05:47:35 +08:00
version = get_version()
2018-10-28 17:59:49 +08:00
return render_template('index.html', version=version, config=get_config())
2018-10-11 04:57:29 +08:00
2020-03-13 10:45:42 +08:00
@app.route('/admin')
2020-03-17 07:30:44 +08:00
@admin_required(level=50)
2020-03-13 10:45:42 +08:00
def route_admin():
return redirect('/admin/songs')
@app.route('/admin/songs')
2020-03-17 07:30:44 +08:00
@admin_required(level=50)
2020-03-13 10:45:42 +08:00
def route_admin_songs():
songs = db.songs.find({})
2020-03-17 07:30:44 +08:00
user = db.users.find_one({'username': session['username']})
return render_template('admin_songs.html', songs=list(songs), admin=user)
2020-03-13 10:45:42 +08:00
@app.route('/admin/songs/<int:id>')
2020-03-17 07:30:44 +08:00
@admin_required(level=50)
2020-03-13 10:45:42 +08:00
def route_admin_songs_id(id):
song = db.songs.find_one({'id': id})
if not song:
return abort(404)
categories = list(db.categories.find({}))
song_skins = list(db.song_skins.find({}))
2020-03-16 00:16:18 +08:00
makers = list(db.makers.find({}))
user = db.users.find_one({'username': session['username']})
2020-03-13 10:45:42 +08:00
return render_template('admin_song_detail.html',
2020-03-16 00:16:18 +08:00
song=song, categories=categories, song_skins=song_skins, makers=makers, admin=user)
2020-03-17 07:30:44 +08:00
@app.route('/admin/songs/new')
@admin_required(level=100)
def route_admin_songs_new():
categories = list(db.categories.find({}))
song_skins = list(db.song_skins.find({}))
makers = list(db.makers.find({}))
return render_template('admin_song_new.html', categories=categories, song_skins=song_skins, makers=makers)
@app.route('/admin/songs/new', methods=['POST'])
@admin_required(level=100)
def route_admin_songs_new_post():
output = {'title_lang': {}, 'subtitle_lang': {}, 'courses': {}}
output['enabled'] = True if request.form.get('enabled') else False
output['title'] = request.form.get('title') or None
output['subtitle'] = request.form.get('subtitle') or None
for lang in ['ja', 'en', 'cn', 'tw', 'ko']:
output['title_lang'][lang] = request.form.get('title_%s' % lang) or None
output['subtitle_lang'][lang] = request.form.get('subtitle_%s' % lang) or None
for course in ['easy', 'normal', 'hard', 'oni', 'ura']:
if request.form.get('course_%s' % course):
output['courses'][course] = {'stars': int(request.form.get('course_%s' % course)),
'branch': True if request.form.get('branch_%s' % course) else False}
else:
output['courses'][course] = None
output['category_id'] = int(request.form.get('category_id')) or None
output['type'] = request.form.get('type')
output['offset'] = float(request.form.get('offset')) or None
output['skin_id'] = int(request.form.get('skin_id')) or None
output['preview'] = float(request.form.get('preview')) or None
output['volume'] = float(request.form.get('volume')) or None
output['maker_id'] = int(request.form.get('maker_id')) or None
output['hash'] = None
seq = db.seq.find_one({'name': 'songs'})
seq_new = seq['value'] + 1 if seq else 1
output['id'] = seq_new
output['order'] = seq_new
db.songs.insert_one(output)
flash('Song created.')
db.seq.update_one({'name': 'songs'}, {'$set': {'value': seq_new}}, upsert=True)
return redirect('/admin/songs/%s' % str(seq_new))
2020-03-16 00:16:18 +08:00
@app.route('/admin/songs/<int:id>', methods=['POST'])
2020-03-17 07:30:44 +08:00
@admin_required(level=100)
2020-03-16 00:16:18 +08:00
def route_admin_songs_id_post(id):
song = db.songs.find_one({'id': id})
if not song:
return abort(404)
user = db.users.find_one({'username': session['username']})
user_level = user['user_level']
output = {'title_lang': {}, 'subtitle_lang': {}, 'courses': {}}
if user_level >= 100:
output['enabled'] = True if request.form.get('enabled') else False
output['title'] = request.form.get('title') or None
output['subtitle'] = request.form.get('subtitle') or None
for lang in ['ja', 'en', 'cn', 'tw', 'ko']:
output['title_lang'][lang] = request.form.get('title_%s' % lang) or None
output['subtitle_lang'][lang] = request.form.get('subtitle_%s' % lang) or None
for course in ['easy', 'normal', 'hard', 'oni', 'ura']:
if request.form.get('course_%s' % course):
output['courses'][course] = {'stars': int(request.form.get('course_%s' % course)),
'branch': True if request.form.get('branch_%s' % course) else False}
else:
output['courses'][course] = None
2020-03-16 00:25:38 +08:00
output['category_id'] = int(request.form.get('category_id')) or None
2020-03-16 00:16:18 +08:00
output['type'] = request.form.get('type')
output['offset'] = float(request.form.get('offset')) or None
output['skin_id'] = int(request.form.get('skin_id')) or None
output['preview'] = float(request.form.get('preview')) or None
output['volume'] = float(request.form.get('volume')) or None
output['maker_id'] = int(request.form.get('maker_id')) or None
2020-03-17 09:27:06 +08:00
output['hash'] = request.form.get('hash')
if request.form.get('gen_hash'):
try:
output['hash'] = generate_hash(id, request.form)
except HashException as e:
flash('An error occurred: %s' % str(e), 'error')
return redirect('/admin/songs/%s' % id)
2020-03-16 00:16:18 +08:00
db.songs.update_one({'id': id}, {'$set': output})
flash('Changes saved.')
return redirect('/admin/songs/%s' % id)
2020-03-13 10:45:42 +08:00
2020-03-17 07:30:44 +08:00
@app.route('/admin/songs/<int:id>/delete', methods=['POST'])
@admin_required(level=100)
def route_admin_songs_id_delete(id):
song = db.songs.find_one({'id': id})
if not song:
return abort(404)
db.songs.delete_one({'id': id})
flash('Song deleted.')
return redirect('/admin/songs')
2018-10-18 05:16:53 +08:00
@app.route('/api/preview')
2020-02-22 21:09:07 +08:00
@app.cache.cached(timeout=15, query_string=True)
2018-10-18 05:16:53 +08:00
def route_api_preview():
song_id = request.args.get('id', None)
if not song_id or not re.match('^[0-9]+$', song_id):
abort(400)
2020-03-13 10:45:42 +08:00
song = db.songs.find_one({'id': song_id})
if not song:
2018-10-18 05:16:53 +08:00
abort(400)
2020-03-13 10:45:42 +08:00
song_type = song['type']
prev_path = make_preview(song_id, song_type, song['preview'])
2018-10-18 05:16:53 +08:00
if not prev_path:
return redirect(get_config()['songs_baseurl'] + '%s/main.mp3' % song_id)
2018-10-18 05:16:53 +08:00
return redirect(get_config()['songs_baseurl'] + '%s/preview.mp3' % song_id)
2018-10-18 05:16:53 +08:00
2018-08-27 00:14:56 +08:00
@app.route('/api/songs')
2019-02-14 18:31:23 +08:00
@app.cache.cached(timeout=15)
2018-08-27 00:14:56 +08:00
def route_api_songs():
2020-03-13 10:45:42 +08:00
songs = list(db.songs.find({'enabled': True}, {'_id': False, 'enabled': False}))
2018-08-27 20:28:30 +08:00
for song in songs:
2020-03-13 10:45:42 +08:00
if song['maker_id']:
if song['maker_id'] == 0:
song['maker'] = 0
else:
song['maker'] = db.makers.find_one({'id': song['maker_id']}, {'_id': False})
else:
song['maker'] = None
del song['maker_id']
if song['category_id']:
song['category'] = db.categories.find_one({'id': song['category_id']})['title']
else:
song['category'] = None
del song['category_id']
if song['skin_id']:
song['song_skin'] = db.song_skins.find_one({'id': song['skin_id']}, {'_id': False, 'id': False})
else:
song['song_skin'] = None
del song['skin_id']
return jsonify(songs)
2018-08-27 00:14:56 +08:00
2018-10-28 05:42:28 +08:00
@app.route('/api/config')
2019-02-14 18:31:23 +08:00
@app.cache.cached(timeout=15)
2018-10-28 05:42:28 +08:00
def route_api_config():
2018-10-28 17:59:49 +08:00
config = get_config()
2018-10-28 05:42:28 +08:00
return jsonify(config)
2020-03-13 10:45:42 +08:00
@app.route('/api/register', methods=['POST'])
def route_api_register():
data = request.get_json()
if not schema.validate(data, schema.register):
return abort(400)
if session.get('username'):
session.clear()
2020-03-13 10:45:42 +08:00
username = data.get('username', '')
if len(username) < 3 or len(username) > 20 or not re.match('^[a-zA-Z0-9_]{3,20}$', username):
2020-03-13 10:45:42 +08:00
return api_error('invalid_username')
if db.users.find_one({'username_lower': username.lower()}):
return api_error('username_in_use')
password = data.get('password', '').encode('utf-8')
2020-03-13 13:32:53 +08:00
if not 6 <= len(password) <= 5000:
2020-03-13 10:45:42 +08:00
return api_error('invalid_password')
salt = bcrypt.gensalt()
hashed = bcrypt.hashpw(password, salt)
session_id = os.urandom(24).hex()
2020-03-13 10:45:42 +08:00
db.users.insert_one({
'username': username,
'username_lower': username.lower(),
'password': hashed,
'display_name': username,
'user_level': 1,
'session_id': session_id
2020-03-13 10:45:42 +08:00
})
session['session_id'] = session_id
2020-03-13 10:45:42 +08:00
session['username'] = username
session.permanent = True
return jsonify({'status': 'ok', 'username': username, 'display_name': username})
@app.route('/api/login', methods=['POST'])
def route_api_login():
data = request.get_json()
if not schema.validate(data, schema.login):
return abort(400)
if session.get('username'):
session.clear()
2020-03-13 10:45:42 +08:00
username = data.get('username', '')
result = db.users.find_one({'username_lower': username.lower()})
if not result:
return api_error('invalid_username_password')
password = data.get('password', '').encode('utf-8')
if not bcrypt.checkpw(password, result['password']):
return api_error('invalid_username_password')
session['session_id'] = result['session_id']
2020-03-13 10:45:42 +08:00
session['username'] = result['username']
if data.get('remember'):
session.permanent = True
return jsonify({'status': 'ok', 'username': result['username'], 'display_name': result['display_name']})
@app.route('/api/logout', methods=['POST'])
@login_required
def route_api_logout():
session.clear()
return jsonify({'status': 'ok'})
@app.route('/api/account/display_name', methods=['POST'])
@login_required
def route_api_account_display_name():
data = request.get_json()
if not schema.validate(data, schema.update_display_name):
return abort(400)
display_name = data.get('display_name', '').strip()
if not display_name:
display_name = session.get('username')
elif len(display_name) > 25:
2020-03-13 10:45:42 +08:00
return api_error('invalid_display_name')
db.users.update_one({'username': session.get('username')}, {
'$set': {'display_name': display_name}
})
return jsonify({'status': 'ok', 'display_name': display_name})
2020-03-13 10:45:42 +08:00
@app.route('/api/account/password', methods=['POST'])
@login_required
def route_api_account_password():
data = request.get_json()
if not schema.validate(data, schema.update_password):
return abort(400)
user = db.users.find_one({'username': session.get('username')})
current_password = data.get('current_password', '').encode('utf-8')
if not bcrypt.checkpw(current_password, user['password']):
return api_error('current_password_invalid')
new_password = data.get('new_password', '').encode('utf-8')
if not 6 <= len(new_password) <= 5000:
return api_error('invalid_new_password')
2020-03-13 10:45:42 +08:00
salt = bcrypt.gensalt()
hashed = bcrypt.hashpw(new_password, salt)
session_id = os.urandom(24).hex()
2020-03-13 10:45:42 +08:00
db.users.update_one({'username': session.get('username')}, {
'$set': {'password': hashed, 'session_id': session_id}
2020-03-13 10:45:42 +08:00
})
session['session_id'] = session_id
2020-03-13 10:45:42 +08:00
return jsonify({'status': 'ok'})
@app.route('/api/account/remove', methods=['POST'])
@login_required
def route_api_account_remove():
data = request.get_json()
if not schema.validate(data, schema.delete_account):
return abort(400)
user = db.users.find_one({'username': session.get('username')})
password = data.get('password', '').encode('utf-8')
if not bcrypt.checkpw(password, user['password']):
return api_error('verify_password_invalid')
2020-03-13 10:45:42 +08:00
db.scores.delete_many({'username': session.get('username')})
db.users.delete_one({'username': session.get('username')})
session.clear()
return jsonify({'status': 'ok'})
@app.route('/api/scores/save', methods=['POST'])
@login_required
def route_api_scores_save():
data = request.get_json()
if not schema.validate(data, schema.scores_save):
return abort(400)
username = session.get('username')
if data.get('is_import'):
db.scores.delete_many({'username': username})
scores = data.get('scores', [])
for score in scores:
db.scores.update_one({'username': username, 'hash': score['hash']},
{'$set': {
'username': username,
'hash': score['hash'],
'score': score['score']
}}, upsert=True)
2020-03-13 11:54:27 +08:00
return jsonify({'status': 'ok'})
2020-03-13 10:45:42 +08:00
@app.route('/api/scores/get')
@login_required
def route_api_scores_get():
username = session.get('username')
scores = []
for score in db.scores.find({'username': username}):
scores.append({
'hash': score['hash'],
'score': score['score']
})
user = db.users.find_one({'username': username})
2020-03-13 11:19:26 +08:00
return jsonify({'status': 'ok', 'scores': scores, 'username': user['username'], 'display_name': user['display_name']})
2020-03-13 10:45:42 +08:00
2019-02-21 06:02:44 +08:00
def make_preview(song_id, song_type, preview):
2018-10-18 05:16:53 +08:00
song_path = 'public/songs/%s/main.mp3' % song_id
prev_path = 'public/songs/%s/preview.mp3' % song_id
if os.path.isfile(song_path) and not os.path.isfile(prev_path):
2019-02-21 06:42:18 +08:00
if not preview or preview <= 0:
2019-02-07 02:49:25 +08:00
print('Skipping #%s due to no preview' % song_id)
2018-10-18 05:16:53 +08:00
return False
2019-02-07 02:49:25 +08:00
print('Making preview.mp3 for song #%s' % song_id)
2018-10-18 05:16:53 +08:00
ff = FFmpeg(inputs={song_path: '-ss %s' % preview},
outputs={prev_path: '-codec:a libmp3lame -ar 32000 -b:a 92k -y -loglevel panic'})
2018-10-18 05:16:53 +08:00
ff.run()
return prev_path
2018-08-27 00:14:56 +08:00
if __name__ == '__main__':
2018-08-27 20:28:30 +08:00
app.run(port=34801)