From b225c2bc7120fadc4c3b32bf009a888a1f1e979b Mon Sep 17 00:00:00 2001
From: paulmart-n <hi@paulmartin.cloud>
Date: Tue, 21 Nov 2023 23:24:31 +0100
Subject: [PATCH] dualis-poc

---
 .gitignore           |  3 +-
 app.py               | 88 ++++++++++++++++++++++++++++++++++++++------
 calendars/list.json  |  3 ++
 dualisauth.py        | 31 ++++++++++++++++
 get_mysql.py         | 10 +++++
 init-sql.sh          |  3 ++
 static/style.css     | 12 +++++-
 templates/login.html | 23 ++++++++++++
 templates/rapla.html | 18 ++++++---
 9 files changed, 173 insertions(+), 18 deletions(-)
 create mode 100644 calendars/list.json
 create mode 100644 dualisauth.py
 create mode 100644 get_mysql.py
 create mode 100755 init-sql.sh
 create mode 100644 templates/login.html

diff --git a/.gitignore b/.gitignore
index 7147a53..fdaf744 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,5 @@ __pycache__/
 ENV/
 set/
 VIRTUAL_ENV/
-calendars/
\ No newline at end of file
+calendars/
+.idea/
\ No newline at end of file
diff --git a/app.py b/app.py
index 6fdbd47..1e21024 100644
--- a/app.py
+++ b/app.py
@@ -2,42 +2,108 @@
 import os
 from flask import Flask
 from flask import render_template, url_for, send_from_directory, redirect, request, send_file
-from werkzeug.utils import secure_filename
+from flask_sqlalchemy import SQLAlchemy
+import pymysql
+from werkzeug.security import generate_password_hash, check_password_hash
+import hashlib
+
+import dualisauth
 from fetchRAPLA import *
+from get_mysql import get_mysql
 
 app = Flask(__name__)
 
+db = SQLAlchemy()
+dbpw = get_mysql()
+app.config['SECRET_KEY'] = 'ASDF)uhdsklvbkuezafdpo12i34rewfgvoukzgp3zerfpg8owiu2301394trilfkj'
+app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql+pymysql://paulmrtn:' + dbpw + '@localhost/paulmrtn_DUALHUB'
+db.init_app(app)
+
+
+class User(db.Model):
+    id = db.Column(db.Integer, primary_key=True)  # primary keys are required by SQLAlchemy
+    email = db.Column(db.String(100), unique=True)
+    password = db.Column(db.String(100))
+    name = db.Column(db.String(1000))
+
 
 @app.route("/")
 def index():
     return render_template('index.html', headermessage='Header', message='DualHub')
 
 
-@app.route("/<string:msg>")
-def make_msg(msg):
-    message = msg
-    return render_template('index.html', message="DualHub", headermessage=message)
+@app.route("/backendpoc/error<int:ecode>")
+def error(ecode):
+    if ecode == 900:
+        msg = "Ungültige RAPLA-URL! Sicher, dass der Link zum DHBW-Rapla führt?"
+    elif ecode == 899:
+        msg = "Der Kalender wurde nicht gefunden! Sicher, dass der Link korrekt ist?"
+    else:
+        msg = "Unbekannter Fehler!"
+    return render_template('index.html', message=msg, headermessage="DualHub")
 
 
-@app.route("/rapla", methods=["GET", "POST"])
+@app.route("/backendpoc/rapla")
 def chooseRaplas():
     r = getRaplas()
     return render_template("rapla.html", raplas=r)
 
 
-@app.route("/plan")
+@app.route("/backendpoc/plan", methods=["POST"])
 def getRapla():
-    file = str(request.values.get("file"))
-    url = str(request.values.get("url"))
+    file = str(request.form.get("file"))
+    url = str(request.form.get("url"))
+    if file == url == "None":
+        return redirect(url_for("chooseRaplas"))
     if file != "None":
-        print(file)
         return send_file("calendars/" + file)
     elif url != "None":
         file = getNewRapla(url)
-        if type(file) != int:
+        if type(file) is not int:
             return send_file("calendars/" + file)
+        else:
+            return redirect(url_for("error", ecode=file + 900))
     return render_template("index.html")
 
 
+@app.route("/backendpoc/log-in")
+def login(ecode: int = None):
+    if ecode:
+        print(ecode)
+    return render_template("login.html")
+
+
+@app.route("/backendpoc/log-in", methods=["POST"])
+def login_post():
+    email = request.form.get("email")
+    password = request.form.get("password")
+
+    user = User.query.filter_by(email=email).first()
+
+    if user:
+        if check_password_hash(user.password, password):
+            return redirect(url_for("index"))
+        else:
+            t = dualisauth.checkUser(email, password)
+            if t == -2:
+                return redirect(url_for("login", ecode=-2))
+            else:
+                user.password = generate_password_hash(password, method="pbkdf2:sha256")
+                db.session.commit()
+                return redirect(url_for("index"))
+
+    t = dualisauth.checkUser(email, password)
+    if t == -2:
+        return redirect(url_for("login", ecode=-2))
+
+    hashid = int(hashlib.sha1(email.encode("utf-8")).hexdigest(), 16) % (10 ** 12)
+    hashpw = generate_password_hash(password, method="pbkdf2:sha256")
+    new_user = User(id=hashid, email=email, password=hashpw)
+    db.session.add(new_user)
+    db.session.commit()
+
+    return redirect(url_for("index"))
+
+
 if __name__ == "__main__":
     app.run(host='0.0.0.0', port=2024, debug=True)
diff --git a/calendars/list.json b/calendars/list.json
new file mode 100644
index 0000000..0e0dcd2
--- /dev/null
+++ b/calendars/list.json
@@ -0,0 +1,3 @@
+{
+
+}
\ No newline at end of file
diff --git a/dualisauth.py b/dualisauth.py
new file mode 100644
index 0000000..d50f5ca
--- /dev/null
+++ b/dualisauth.py
@@ -0,0 +1,31 @@
+import requests
+from requests.utils import requote_uri, unquote_unreserved
+import urllib.parse
+
+
+def checkUser(email: str, password: str):
+    url = "https://dualis.dhbw.de/scripts/mgrqispi.dll"
+    fpw = urllib.parse.quote(password, safe='', encoding=None, errors=None)
+    fmail = urllib.parse.quote(email, safe='', encoding=None, errors=None)
+    payload = 'usrname=' + fmail + '&pass=' + fpw + '&ARGUMENTS=clino%2Cusrname%2Cpass%2Cmenuno%2Cmenu_type%2Cbrowser%2Cplatform&APPNAME=CampusNet&PRGNAME=LOGINCHECK'
+    headers = {
+        'Cookie': 'cnsc=0',
+        'Content-Type': 'application/x-www-form-urlencoded',
+        'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36'
+    }
+
+    response = requests.request("POST", url, headers=headers, data=payload)
+    header = response.headers
+    try:
+        refresh = header["REFRESH"]
+        arg = refresh.find("=-N") + 3
+        komma = refresh[arg:].find(",")
+    except KeyError:
+        return -2
+
+    token = refresh[arg:komma + arg]
+    return token
+
+
+def getName(token: str):
+    print(token)
diff --git a/get_mysql.py b/get_mysql.py
new file mode 100644
index 0000000..3e683ef
--- /dev/null
+++ b/get_mysql.py
@@ -0,0 +1,10 @@
+import getpass
+
+def get_mysql ():
+    u = getpass.getuser()
+    f = open("/home/"+u+"/.my.cnf", "r")
+    i = f.read()
+    p = i.find("password=")
+    ro = i.find ("[clientreadonly]")
+    p = i[p+9:ro-2]
+    return p
diff --git a/init-sql.sh b/init-sql.sh
new file mode 100755
index 0000000..7074f61
--- /dev/null
+++ b/init-sql.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+mysql -e "USE paulmrtn_DUALHUB; CREATE TABLE user ( id int NOT NULL, email VARCHAR(255), password VARCHAR(255), name VARCHAR(255), PRIMARY KEY (ID), UNIQUE (ID, EMAIL) );"
diff --git a/static/style.css b/static/style.css
index ff5b461..1ac1844 100644
--- a/static/style.css
+++ b/static/style.css
@@ -10,7 +10,17 @@ body
 }
 
 input {
-    width: 500px
+    width: 100px;
+    height: 50px
+}
+
+#url {
+    width: 500px;
+}
+
+select {
+    width: 150px;
+    height: 50px
 }
 
 .cs
diff --git a/templates/login.html b/templates/login.html
new file mode 100644
index 0000000..5559a86
--- /dev/null
+++ b/templates/login.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html lang="de">
+	<head>
+        <title> {{headermessage}} 👀</title>
+        <link rel="stylesheet" type="text/css" href="{{ url_for('static', filename='style.css') }}">
+
+        <script async src="https://analytics.paulmartin.cloud/script.js" data-website-id="1c02dacf-6952-4560-a303-0c25f432c48d"></script>
+
+
+      </head>
+	  <link rel="shortcut icon" type="image/x-icon" href="temp.png">
+	  <body>
+		<div class="cs">
+            <form method="post" action={{ url_for ("login_post") }}>
+                <label for="email" >Dualis-Email</label>
+                <input class="input" type="email" name="email" placeholder="Email-Adresse" autofocus="">
+                <label for="password">Dualis-Passwort</label>
+                <input class="input" type="password" name="password" placeholder="Passwort">
+                <button class="button">Login</button>
+            </form>
+		</div>
+	</body>
+</html>
diff --git a/templates/rapla.html b/templates/rapla.html
index cb646d6..19ecd94 100644
--- a/templates/rapla.html
+++ b/templates/rapla.html
@@ -8,15 +8,23 @@
     <body>
     <h1>Verfügbare Raplas </h1>
     {% block content %}
-        {%  for i in range (raplas[0]|length) %}
-            <h2> <a href={{ url_for("getRapla", file=raplas[1][i]) }}> {{ raplas [0] [i] }}</a> </h2>
-        {% endfor %}
+            <form method="post" action={{ url_for ("getRapla") }}>
+                <label for="file">Vefügbaren RAPLA wählen! </label>
+
+                <select name="file" id="file">
+                    <option value = "none" selected disabled hidden></option>
+                    {%  for i in range (raplas[0]|length) %}
+                        <option value= {{ raplas [1] [i] }}>{{ raplas [0] [i] }} </option>
+                    {% endfor %}
+                </select>
+                <input type="submit" value="Importieren!">
+            </form>
     {%  endblock %}
     <h1>Eigenen Rapla hinzufügen</h1>
-    <form>
+    <form method="post" action={{ url_for ("getRapla") }}>
         <label for="url">Rapla-URL eingeben, falls Du deinen Kurs nicht siehst:</label>
         <input type="text" name="url" id="url">
-        <input type="submit" value="Importieren!" formaction={{ url_for("getRapla", new="True", url=url) }}>
+        <input type="submit" value="Importieren!">
     </form>
     </body>
 </html>