website/conservancy/views.py

from datetime import datetime
import mimetypes

from django.conf import settings
from django.http import FileResponse, Http404, HttpResponse, HttpResponseRedirect
from django.shortcuts import render
from django.template import RequestContext, Template

from .blog.models import Entry
from .news.models import PressRelease
from .supporters.models import Supporter


def frontpage(request):
    """Conservancy front page view

    Performs all object queries necessary to render the front page.
    """
    now = datetime.now()
    context = {
        'press_releases': PressRelease.objects.all().filter(pub_date__lte=now, sites=2)[:5],
        'supporters_count': Supporter.objects.all().filter(display_until_date__gte=now).count(),
        'blog': Entry.objects.all().filter(pub_date__lte=now)[:5],
    }
    return render(request, "frontpage.html", context)


def content(request, *args, **kwargs):
    """Faux CMS: bulk website content stored in templates and document files.

    Rationale: Many websites have a CMS and store the majority of their website
    content in a relational database eg. WordPress or Wagtail. That's useful
    because various people can easily be given access to edit the website. The
    downside is that is application complexity - the management of who change
    what, when it changed and what changed becomes an application concern. At
    the other end of the spectrum, we have files that are checked into a Git
    repository - we get the precise who/what/when out of the box with Git, but
    require you to have some technical knowledge and appropriate access to
    commit. Since you're committing to a code repository, this also opens up the
    possibility to break things you couldn't break via a CMS.

    This view serves most of the textual pages and documents on
    sfconservancy.org. It works a little like Apache serving mixed PHP/static
    files - it looks at the URL and tries to find a matching file on the
    filesystem. If it finds a template, it renders it via Django's template
    infrastructure. If it finds a file but it's not a template, it will serve
    the file as-is.
    """
    base_path = settings.BASE_DIR / 'content'
    path = request.path.lstrip('/')
    if path.endswith('/'):
        path += 'index.html'
    full_path = (base_path / path).resolve()
    safe_from_path_traversal = full_path.is_relative_to(base_path)
    try:
        if full_path.is_dir():
            # Should have been accessed with a trailing slash.
            return HttpResponseRedirect(request.path + '/')
        elif not full_path.exists() or not safe_from_path_traversal:
            raise Http404()
    except OSError:
        # eg. path is too long
        raise Http404()
    is_template = mimetypes.guess_type(full_path)[0] == 'text/html'
    if not is_template:
        return FileResponse(open(full_path, 'rb'))
    else:
        # These template are intentionally not in the template loader path, so
        # we open them directly, rather than using the template loader.
        with open(full_path, encoding='utf-8') as t:
            template = Template(t.read())
        context = RequestContext(request, kwargs)
        return HttpResponse(template.render(context))
Merge sponsors.py into supporters app, frontpage.py into views.py Just a small structural change so that the related functionality is grouped together. 2024-05-10 01:27:51 +00:00			`from datetime import datetime`
static: Don't try to render non-template files as templates. 2016-11-02 20:47:13 +00:00			`import mimetypes`
Sort Python imports with isort 2023-10-19 22:52:39 +00:00
Rewrite the `index` view to avoid risk of path traversal I've simplified this view by removing the custom HTTP error handlers, Python 3.5 exception handling and adding documentation. 2024-03-13 02:13:42 +00:00			`from django.conf import settings`
Move the content templates/files into `conservancy/content` These were previously intermingled with the static content in `conservancy/static`. 2024-03-20 10:41:42 +00:00			`from django.http import FileResponse, Http404, HttpResponse, HttpResponseRedirect`
Merge sponsors.py into supporters app, frontpage.py into views.py Just a small structural change so that the related functionality is grouped together. 2024-05-10 01:27:51 +00:00			`from django.shortcuts import render`
Move the content templates/files into `conservancy/content` These were previously intermingled with the static content in `conservancy/static`. 2024-03-20 10:41:42 +00:00			`from django.template import RequestContext, Template`
static.views: Deduplicate code. The primary goal here is to get templates rendered more like our "regular" templates, by using more of the standard tools to do so rather than roll our own. * Use TemplateResponse. This requires less boilerplate and ensures the rendering runs through our local context processors. * Use the existing definition of fundgoal_lookup. 2018-11-20 16:58:34 +00:00
Merge sponsors.py into supporters app, frontpage.py into views.py Just a small structural change so that the related functionality is grouped together. 2024-05-10 01:27:51 +00:00			`from .blog.models import Entry`
			`from .news.models import PressRelease`
			`from .supporters.models import Supporter`
First pass at migration to Django 1.7 2015-03-03 18:40:18 +00:00
Merge sponsors.py into supporters app, frontpage.py into views.py Just a small structural change so that the related functionality is grouped together. 2024-05-10 01:27:51 +00:00
			`def frontpage(request):`
			`"""Conservancy front page view`

			`Performs all object queries necessary to render the front page.`
			`"""`
			`now = datetime.now()`
			`context = {`
			`'press_releases': PressRelease.objects.all().filter(pub_date__lte=now, sites=2)[:5],`
			`'supporters_count': Supporter.objects.all().filter(display_until_date__gte=now).count(),`
			`'blog': Entry.objects.all().filter(pub_date__lte=now)[:5],`
			`}`
			`return render(request, "frontpage.html", context)`


			`def content(request, args, *kwargs):`
Rewrite the `index` view to avoid risk of path traversal I've simplified this view by removing the custom HTTP error handlers, Python 3.5 exception handling and adding documentation. 2024-03-13 02:13:42 +00:00			`"""Faux CMS: bulk website content stored in templates and document files.`

			`Rationale: Many websites have a CMS and store the majority of their website`
			`content in a relational database eg. WordPress or Wagtail. That's useful`
			`because various people can easily be given access to edit the website. The`
			`downside is that is application complexity - the management of who change`
			`what, when it changed and what changed becomes an application concern. At`
			`the other end of the spectrum, we have files that are checked into a Git`
			`repository - we get the precise who/what/when out of the box with Git, but`
			`require you to have some technical knowledge and appropriate access to`
			`commit. Since you're committing to a code repository, this also opens up the`
			`possibility to break things you couldn't break via a CMS.`

			`This view serves most of the textual pages and documents on`
			`sfconservancy.org. It works a little like Apache serving mixed PHP/static`
			`files - it looks at the URL and tries to find a matching file on the`
			`filesystem. If it finds a template, it renders it via Django's template`
			`infrastructure. If it finds a file but it's not a template, it will serve`
			`the file as-is.`
			`"""`
Move the content templates/files into `conservancy/content` These were previously intermingled with the static content in `conservancy/static`. 2024-03-20 10:41:42 +00:00			`base_path = settings.BASE_DIR / 'content'`
Apply `pyupgrade --py36-plus` (but skip f-strings as we're on Python 3.5) 2023-09-07 13:15:48 +00:00			`path = request.path.lstrip('/')`
			`if path.endswith('/'):`
			`path += 'index.html'`
Rewrite the `index` view to avoid risk of path traversal I've simplified this view by removing the custom HTTP error handlers, Python 3.5 exception handling and adding documentation. 2024-03-13 02:13:42 +00:00			`full_path = (base_path / path).resolve()`
			`safe_from_path_traversal = full_path.is_relative_to(base_path)`
Handle excessively long paths 2024-06-06 08:06:44 +00:00			`try:`
			`if full_path.is_dir():`
			`# Should have been accessed with a trailing slash.`
			`return HttpResponseRedirect(request.path + '/')`
			`elif not full_path.exists() or not safe_from_path_traversal:`
			`raise Http404()`
			`except OSError:`
			`# eg. path is too long`
Rewrite the `index` view to avoid risk of path traversal I've simplified this view by removing the custom HTTP error handlers, Python 3.5 exception handling and adding documentation. 2024-03-13 02:13:42 +00:00			`raise Http404()`
			`is_template = mimetypes.guess_type(full_path)[0] == 'text/html'`
			`if not is_template:`
			`return FileResponse(open(full_path, 'rb'))`
static: Don't try to render non-template files as templates. 2016-11-02 20:47:13 +00:00			`else:`
Move the content templates/files into `conservancy/content` These were previously intermingled with the static content in `conservancy/static`. 2024-03-20 10:41:42 +00:00			`# These template are intentionally not in the template loader path, so`
			`# we open them directly, rather than using the template loader.`
Specify encoding for templates in case it's not the default 2024-03-21 23:10:57 +00:00			`with open(full_path, encoding='utf-8') as t:`
Move the content templates/files into `conservancy/content` These were previously intermingled with the static content in `conservancy/static`. 2024-03-20 10:41:42 +00:00			`template = Template(t.read())`
			`context = RequestContext(request, kwargs)`
			`return HttpResponse(template.render(context))`