Access control
This commit is contained in:
parent
e37d388157
commit
a08fd05d53
GPG key ID:
D7E709AA465A55F9
2 changed files with 47 additions and 22 deletions
47
server.py
47
server.py
|
|
@ -17,7 +17,7 @@ import timeout as tmo
|
|||
# Simple config
|
||||
GET_ONLY_FOR_VIP = True
|
||||
POST_ONLY_FOR_VIP = True
|
||||
VERSION = "20240502.4"
|
||||
VERSION = "20240503.1"
|
||||
|
||||
CHARSET = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
|
||||
|
||||
|
|
@ -284,28 +284,43 @@ class S(BaseHTTPRequestHandler):
|
|||
case _:
|
||||
db_path = 'tests.' + '.'.join(self_path[1:].split('/'))
|
||||
data = db.read(db_path, None)
|
||||
user = ""
|
||||
if 'uid' in parameters:
|
||||
user = parameters['uid']
|
||||
if user not in db.read('users.vip') and GET_ONLY_FOR_VIP:
|
||||
user = parameters.get('uid', "")
|
||||
stud = parameters.get('sid', "")
|
||||
if (user not in db.read('users.vip') and GET_ONLY_FOR_VIP) or (len(user) != 36):
|
||||
self._set_response(403)
|
||||
self.end_headers()
|
||||
self.wfile.write("403 Forbidden".encode('utf-8'))
|
||||
elif data is None:
|
||||
return
|
||||
if data is None:
|
||||
self._set_response(404)
|
||||
self.end_headers()
|
||||
self.wfile.write("404 Not found".encode('utf-8'))
|
||||
return
|
||||
if 'access' in data:
|
||||
if len(data['access']) > 0:
|
||||
if f"{user}{stud}" in data['access']:
|
||||
pass
|
||||
elif user in data['access']:
|
||||
data.remove(user)
|
||||
data.append(f"{user}{stud}")
|
||||
db.write(db_path, data)
|
||||
else:
|
||||
self._set_response(403)
|
||||
self.end_headers()
|
||||
self.wfile.write("403 Forbidden".encode('utf-8'))
|
||||
return
|
||||
else:
|
||||
send_data = {}
|
||||
if 'correct' in data:
|
||||
send_data['correct'] = data['correct']
|
||||
if 'incorrect' in data:
|
||||
send_data['incorrect'] = data['incorrect']
|
||||
send_data['version'] = VERSION
|
||||
self._set_response(200)
|
||||
self.send_header('Content-type', 'text/json; charset=utf-8')
|
||||
self.end_headers()
|
||||
self.wfile.write(json.dumps(send_data).encode('utf-8'))
|
||||
data['access'] = []
|
||||
send_data = {}
|
||||
if 'correct' in data:
|
||||
send_data['correct'] = data['correct']
|
||||
if 'incorrect' in data:
|
||||
send_data['incorrect'] = data['incorrect']
|
||||
send_data['version'] = VERSION
|
||||
self._set_response(200)
|
||||
self.send_header('Content-type', 'text/json; charset=utf-8')
|
||||
self.end_headers()
|
||||
self.wfile.write(json.dumps(send_data).encode('utf-8'))
|
||||
|
||||
def do_POST(self):
|
||||
content_length = int(self.headers['Content-Length'])
|
||||
|
|
|
|||
22
user.js
22
user.js
|
|
@ -2,10 +2,10 @@
|
|||
// @name Sorryops
|
||||
// @name:ru Сориупс
|
||||
// @namespace https://git.disroot.org/electromagneticcyclone/sorryops
|
||||
// @version 20240502.4
|
||||
// @version 20240503.1
|
||||
// @description Collect and reuse ORIOKS test answers
|
||||
// @description:ru Скрипт для сбора и переиспользования ответов на тесты ОРИОКС
|
||||
// @icon https://orioks.miet.ru/favicon.ico
|
||||
// @icon https://sorryops.ru/favicon.ico
|
||||
// @author electromagneticcyclone & angelbeautifull
|
||||
// @license GPL-3.0-or-later
|
||||
// @supportURL https://git.disroot.org/electromagneticcyclone/sorryops
|
||||
|
|
@ -20,12 +20,12 @@
|
|||
// @require https://openuserjs.org/src/libs/sizzle/GM_config.js
|
||||
// @connect sorryops.ru
|
||||
// @run-at document-start
|
||||
// @downloadURL https://update.greasyfork.org/scripts/481036/Sorryops.user.js
|
||||
// @updateURL https://update.greasyfork.org/scripts/481036/Sorryops.meta.js
|
||||
// @downloadURL https://update.greasyfork.org/scripts/481036/Sorryops.user.js
|
||||
// @updateURL https://update.greasyfork.org/scripts/481036/Sorryops.meta.js
|
||||
// ==/UserScript==
|
||||
|
||||
/* Version */
|
||||
const VERSION = "20240502.4";
|
||||
const VERSION = "20240503.1";
|
||||
/* End Version */
|
||||
|
||||
/* Charset */
|
||||
|
|
@ -305,7 +305,7 @@ function fetch_from_server(path, func) {
|
|||
if ((server != '') && (Object.keys(fetched_data).length == 0)) {
|
||||
GM_xmlhttpRequest({
|
||||
method: 'GET',
|
||||
url: 'https://' + server + '/' + path + '?uid=' + config.get('user_id'),
|
||||
url: 'https://' + server + '/' + path + '?uid=' + config.get('user_id') + "&sid=" + student_name,
|
||||
timeout: 1000,
|
||||
onload: function (response) {
|
||||
var text = response.responseText;
|
||||
|
|
@ -386,6 +386,7 @@ window.onkeydown = (e) => {
|
|||
var answers = [];
|
||||
var sorted_objects_value = [];
|
||||
var variant, hash, type, correct, incorrect, version;
|
||||
var student_name = "";
|
||||
var prev_new_answer_f = false;
|
||||
var new_answer_f = false;
|
||||
var testID = (() => {
|
||||
|
|
@ -901,6 +902,7 @@ function result_page_handler() {
|
|||
send_to_server({
|
||||
type: "test_results",
|
||||
uid: config.get('user_id'),
|
||||
sid: student_name,
|
||||
id: testID,
|
||||
answers: sorted_test,
|
||||
correct: correct_num,
|
||||
|
|
@ -920,6 +922,14 @@ function result_page_handler() {
|
|||
/* End Handlers */
|
||||
|
||||
function main() {
|
||||
var abox;
|
||||
var aboxes = document.getElementsByTagName('a');
|
||||
for (abox in aboxes) {
|
||||
if ((aboxes[abox].className == 'dropdown-toggle') && aboxes[abox].href.endsWith('#') && !(aboxes[abox].title == 'Уведомления и объявления')) {
|
||||
student_name = hashCode(aboxes[abox].innerText);
|
||||
break;
|
||||
}
|
||||
}
|
||||
variant = document.getElementById('w0').parentNode.textContent;
|
||||
prev_new_answer_f = !!GM_getValue('new_answer_f');
|
||||
if (variant.includes("Вопрос:")) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue