import os import math import logging import cherrypy from urllib.parse import urlparse from datetime import datetime, timedelta from photoapp.thumb import ThumbGenerator from photoapp.types import Photo, PhotoSet, Tag, TagItem, PhotoStatus, User from photoapp.dbsession import DatabaseSession from photoapp.common import pwhash from photoapp.api import PhotosApi, LibraryManager from photoapp.dbutils import SAEnginePlugin, SATool, db, get_db_engine, date_format from photoapp.utils import mime2ext, auth, require_auth, photoset_auth_filter, slugify from photoapp.storage import uri_to_storage from jinja2 import Environment, FileSystemLoader, select_autoescape from sqlalchemy import desc, func, and_, or_ APPROOT = os.path.abspath(os.path.join(os.path.dirname(__file__), "../")) def validate_password(realm, username, password): if db.query(User).filter(User.name == username, User.password == pwhash(password)).first(): return True return False class PhotosWeb(object): def __init__(self, library, thumbtool, template_dir): self.library = library self.thumbtool = thumbtool self.tpl = Environment(loader=FileSystemLoader(template_dir), autoescape=select_autoescape(['html', 'xml'])) self.tpl.filters.update(mime2ext=mime2ext, basename=os.path.basename, ceil=math.ceil, statusstr=lambda x: str(x).split(".")[-1]) self.thumb = ThumbnailView(self) self.photo = PhotoView(self) self.download = DownloadView(self) self.date = DateView(self) self.tag = TagView(self) self.album = self.tag def render(self, template, **kwargs): """ Render a template """ return self.tpl.get_template(template).render(**kwargs, **self.get_default_vars()) def get_default_vars(self): """ Return a dict containing variables expected to be on every page """ # all tags / albums with photos visible under the current auth context tagq = db.query(Tag).join(TagItem).join(PhotoSet) if not auth(): tagq = tagq.filter(PhotoSet.status == PhotoStatus.public) tagq = tagq.filter(Tag.is_album == False).order_by(Tag.name).all() # pragma: manual auth albumq = db.query(Tag).join(TagItem).join(PhotoSet) if not auth(): albumq = albumq.filter(PhotoSet.status == PhotoStatus.public) albumq = albumq.filter(Tag.is_album == True).order_by(Tag.name).all() # pragma: manual auth ret = { "all_tags": tagq, "all_albums": albumq, "path": cherrypy.request.path_info, "auth": auth(), "PhotoStatus": PhotoStatus } return ret @cherrypy.expose def index(self): """ Home page - redirect to the photo feed """ raise cherrypy.HTTPRedirect('feed', 302) @cherrypy.expose def feed(self, page=0, pgsize=25): """ /feed - main photo feed - show photos sorted by date, newest first """ page, pgsize = int(page), int(pgsize) total_sets = photoset_auth_filter(db.query(func.count(PhotoSet.id))).first()[0] images = photoset_auth_filter(db.query(PhotoSet)).order_by(PhotoSet.date.desc()). \ offset(pgsize * page).limit(pgsize).all() yield self.render("feed.html", images=[i for i in images], page=page, pgsize=int(pgsize), total_sets=total_sets) @cherrypy.expose def stats(self): """ /stats - show server statistics """ images = photoset_auth_filter(db.query(func.count(PhotoSet.uuid), date_format('%Y', PhotoSet.date).label('year'), date_format('%m', PhotoSet.date).label('month'))). \ group_by('year', 'month').order_by(desc('year'), desc('month')).all() tsize = photoset_auth_filter(db.query(func.sum(Photo.size)).join(PhotoSet)).scalar() # pragma: manual auth yield self.render("monthly.html", images=images, tsize=tsize) @cherrypy.expose def map(self, i=None, a=None, zoom=3): """ /map - show all photos on the a map. Passing $i will show a single photo, or passing $a will show photos under the given tag. TODO using so many coordinates is slow in the browser. dedupe them somehow. """ query = photoset_auth_filter(db.query(PhotoSet)).filter(PhotoSet.lat != 0, PhotoSet.lon != 0) if a: query = query.join(TagItem).join(Tag).filter(Tag.uuid == a) if i: query = query.filter(PhotoSet.uuid == i) yield self.render("map.html", images=query.all(), zoom=int(zoom)) @cherrypy.expose @require_auth def create_tags(self, fromdate=None, uuid=None, tag=None, newtag=None, remove=None): """ /create_tags - tag multiple items selected by day of photo :param fromdate: act upon photos taken on this day :param uuid: act upon a single photo with this uuid :param tag: target photos will have a tag specified by this uuid added :param remove: target photos will have the tag specified by this uuid removed :param newtag: new tag name to create """ def get_photos(): if fromdate: dt = datetime.strptime(fromdate, "%Y-%m-%d") dt_end = dt + timedelta(days=1) photos = db.query(PhotoSet).filter(and_(PhotoSet.date >= dt, PhotoSet.date < dt_end)).order_by(PhotoSet.date.desc()) num_photos = db.query(func.count(PhotoSet.id)). \ filter(and_(PhotoSet.date >= dt, PhotoSet.date < dt_end)).order_by(PhotoSet.date.desc()).scalar() if uuid: photos = db.query(PhotoSet).filter(PhotoSet.uuid == uuid) num_photos = db.query(func.count(PhotoSet.id)).filter(PhotoSet.uuid == uuid).scalar() return photos, num_photos if remove: rmtag = db.query(Tag).filter(Tag.uuid == remove).first() photoq, _ = get_photos() for photo in photoq: db.query(TagItem).filter(TagItem.tag_id == rmtag.id, TagItem.set_id == photo.id).delete() db.commit() if newtag: db.add(Tag(title=newtag.capitalize(), name=newtag, slug=slugify(newtag))) db.commit() photos, num_photos = get_photos() if tag: # Create the tag on all the photos tag = db.query(Tag).filter(Tag.uuid == tag).first() for photo in photos.all(): if 0 == db.query(func.count(TagItem.id)).filter(TagItem.tag_id == tag.id, TagItem.set_id == photo.id).scalar(): db.add(TagItem(tag_id=tag.id, set_id=photo.id)) db.commit() alltags = db.query(Tag).order_by(Tag.name).all() yield self.render("create_tags.html", images=photos, alltags=alltags, num_photos=num_photos, fromdate=fromdate, uuid=uuid) @cherrypy.expose def login(self): """ /login - enable super features by logging into the app """ cherrypy.session['authed'] = cherrypy.request.login print("Authed as", cherrypy.session['authed']) dest = "/feed" if "Referer" not in cherrypy.request.headers \ else urlparse(cherrypy.request.headers["Referer"]).path raise cherrypy.HTTPRedirect(dest, 302) @cherrypy.expose def logout(self): """ /logout """ cherrypy.session.clear() dest = "/feed" if "Referer" not in cherrypy.request.headers \ else urlparse(cherrypy.request.headers["Referer"]).path raise cherrypy.HTTPRedirect(dest, 302) @cherrypy.expose def error(self, status, message, traceback, version): yield self.render("error.html", status=status, message=message, traceback=traceback) @cherrypy.popargs('date') class DateView(object): """ View all the photos shot on a given date """ def __init__(self, master): self.master = master @cherrypy.expose def index(self, date=None, page=0): if date: page = int(page) pgsize = 100 dt = datetime.strptime(date, "%Y-%m-%d") dt_end = dt + timedelta(days=1) total_sets = photoset_auth_filter(db.query(func.count(PhotoSet.id))). \ filter(and_(PhotoSet.date >= dt, PhotoSet.date < dt_end)).first()[0] images = photoset_auth_filter(db.query(PhotoSet)). \ filter(and_(PhotoSet.date >= dt, PhotoSet.date < dt_end)). \ order_by(PhotoSet.date.desc()). \ offset(page * pgsize).limit(pgsize).all() yield self.master.render("date.html", page=page, pgsize=pgsize, total_sets=total_sets, images=[i for i in images], date=dt) return images = photoset_auth_filter(db.query( func.count(PhotoSet.id), date_format('%Y', PhotoSet.date).label('year'), date_format('%m', PhotoSet.date).label('month'), date_format('%d', PhotoSet.date).label('day'))). \ group_by('year', 'month', 'day').order_by(desc('year'), 'month', 'day').all() yield self.master.render("dates.html", images=images) @cherrypy.popargs('item_type', 'thumb_size', 'uuid') class ThumbnailView(object): """ Generate and serve thumbnails on-demand """ def __init__(self, master): self.master = master @cherrypy.expose def index(self, item_type, thumb_size, uuid): uuid = uuid.split(".")[0] query = photoset_auth_filter(db.query(Photo).join(PhotoSet)) query = query.filter(Photo.set.has(uuid=uuid)) if item_type == "set" \ else query.filter(Photo.uuid == uuid) if item_type == "one" \ else None assert query # prefer making thumbs from jpeg to avoid loading large raws # jk we can't load raws anyway first = None best = None for photo in query.all(): if first is None: first = photo if photo.format == "image/jpeg": best = photo break thumb_from = best or first if not thumb_from: raise cherrypy.HTTPError(404) # TODO some lock around calls to this based on uuid thumb_fobj = self.master.thumbtool.make_thumb(thumb_from, thumb_size) if thumb_fobj: return cherrypy.lib.static.serve_fileobj(thumb_fobj, "image/jpeg") else: return cherrypy.lib.static.serve_file(os.path.join(APPROOT, "assets/img/unknown.svg"), "image/svg+xml") @cherrypy.popargs('item_type', 'uuid') class DownloadView(object): """ View original files or force-download them """ def __init__(self, master): self.master = master @cherrypy.expose def index(self, item_type, uuid, preview=False): uuid = uuid.split(".")[0] query = None if item_type == "set" \ else photoset_auth_filter(db.query(Photo).join(PhotoSet)).filter(Photo.uuid == uuid) if item_type == "one" \ else None # TODO set download query item = query.first() if not item: raise cherrypy.HTTPError(404) extra = {} if not preview: extra.update(disposition="attachement", name=item.fname) return cherrypy.lib.static.serve_fileobj(self.master.library.storage.open(item.path, 'rb'), content_type=item.format, **extra) @cherrypy.popargs('uuid') class PhotoView(object): """ View a single photo """ def __init__(self, master): self.master = master @cherrypy.expose def index(self, uuid): # uuid = uuid.split(".")[0] photo = photoset_auth_filter(db.query(PhotoSet)).filter(or_(PhotoSet.uuid == uuid, PhotoSet.slug == uuid)).first() if not photo: raise cherrypy.HTTPError(404) yield self.master.render("photo.html", image=photo) @cherrypy.expose @require_auth def op(self, uuid, op, title=None, description=None, offset=None): """ Modify a photo :param op: operation to perform: * "Make public": * "Make private": * "Save": update the photo's title, description, and date_offset fields """ photo = db.query(PhotoSet).filter(PhotoSet.uuid == uuid).first() if op == "Make public": photo.status = PhotoStatus.public elif op == "Make private": photo.status = PhotoStatus.private elif op == "Save": photo.title = title photo.description = description photo.slug = slugify(title) or None photo.date_offset = int(offset) if offset else 0 db.commit() raise cherrypy.HTTPRedirect('/photo/{}'.format(photo.slug or photo.uuid), 302) @cherrypy.expose @require_auth def edit(self, uuid): photo = photoset_auth_filter(db.query(PhotoSet)).filter(PhotoSet.uuid == uuid).first() yield self.master.render("photo_edit.html", image=photo) @cherrypy.popargs('uuid') class TagView(object): """ View the photos associated with a single tag """ def __init__(self, master): self.master = master @cherrypy.expose def index(self, uuid, page=0): page = int(page) pgsize = 100 if uuid == "untagged": numphotos = photoset_auth_filter(db.query(func.count(PhotoSet.id))). \ filter(~PhotoSet.id.in_(db.query(TagItem.set_id))).scalar() photos = photoset_auth_filter(db.query(PhotoSet)).filter(~PhotoSet.id.in_(db.query(TagItem.set_id))). \ order_by(PhotoSet.date.desc()). \ offset(page * pgsize). \ limit(pgsize).all() yield self.master.render("untagged.html", images=photos, total_items=numphotos, pgsize=pgsize, page=page) else: tag = db.query(Tag).filter(or_(Tag.uuid == uuid, Tag.slug == uuid)).first() numphotos = photoset_auth_filter(db.query(func.count(Tag.id)).join(TagItem).join(PhotoSet)). \ filter(Tag.id == tag.id).scalar() photos = photoset_auth_filter(db.query(PhotoSet)).join(TagItem).join(Tag). \ filter(Tag.id == tag.id). \ order_by(PhotoSet.date.desc()). \ offset(page * pgsize). \ limit(pgsize).all() yield self.master.render("album.html", tag=tag, images=photos, total_items=numphotos, pgsize=pgsize, page=page) @cherrypy.expose @require_auth def op(self, uuid, op, title=None, description=None): """ Perform some action on this tag - Promote: label this tag an album - Demote: label this tag as only a tag and not an album - Delete: remove this tag - Make all public: mark all photos under this tag as public - Make all private: mark all photos under this tag as private """ tag = db.query(Tag).filter(or_(Tag.uuid == uuid, Tag.slug == uuid)).first() if op == "Demote to tag": tag.is_album = 0 elif op == "Promote to album": tag.is_album = 1 elif op == "Delete tag": db.query(TagItem).filter(TagItem.tag_id == tag.id).delete() db.delete(tag) db.commit() raise cherrypy.HTTPRedirect('/', 302) elif op == "Make all public": # TODO smarter query for photo in db.query(PhotoSet).join(TagItem).join(Tag).filter(Tag.id == tag.id).all(): photo.status = PhotoStatus.public elif op == "Make all private": # TODO smarter query for photo in db.query(PhotoSet).join(TagItem).join(Tag).filter(Tag.id == tag.id).all(): photo.status = PhotoStatus.private elif op == "Save": tag.title = title.capitalize() tag.name = title tag.description = description tag.slug = slugify(title) else: raise Exception("Invalid op: '{}'".format(op)) db.commit() raise cherrypy.HTTPRedirect('/tag/{}'.format(tag.slug or tag.uuid), 302) @cherrypy.expose @require_auth def edit(self, uuid): tag = db.query(Tag).filter(Tag.uuid == uuid).first() yield self.master.render("tag_edit.html", tag=tag) def main(): import argparse import signal parser = argparse.ArgumentParser(description="Photod photo server") parser.add_argument('-p', '--port', help="tcp port to listen on", default=int(os.environ.get("PHOTOLIB_PORT", 8080)), type=int) parser.add_argument('-l', '--library', default=os.environ.get("STORAGE_URL"), help="library path") parser.add_argument('-c', '--cache', default=os.environ.get("CACHE_URL"), help="cache url") # https://docs.sqlalchemy.org/en/13/core/engines.html parser.add_argument('-s', '--database', help="sqlalchemy database connection uri", default=os.environ.get("DATABASE_URL")), parser.add_argument('--debug', action="store_true", help="enable development options") tunables = parser.add_argument_group(title="tunables") tunables.add_argument('--max-upload', help="maximum file upload size accepted in bytes", default=1024**3, type=int) args = parser.parse_args() if not args.database: parser.error("--database or DATABASE_URL is required") if not args.library: parser.error("--library or STORAGE_URL is required") if not args.cache: parser.error("--cache or CACHE_URL is required") logging.basicConfig(level=logging.INFO if args.debug else logging.WARNING, format="%(asctime)-15s %(levelname)-8s %(filename)s:%(lineno)d %(message)s") # Get database connection engine = get_db_engine(args.database) # Setup database in web framework cherrypy.tools.db = SATool() SAEnginePlugin(cherrypy.engine, engine).subscribe() # Create various internal tools library_storage = uri_to_storage(args.library) library_manager = LibraryManager(library_storage) thumbnail_tool = ThumbGenerator(library_manager, uri_to_storage(args.cache)) # Setup and mount web ui tpl_dir = os.path.join(APPROOT, "templates") if not args.debug else "templates" web = PhotosWeb(library_manager, thumbnail_tool, tpl_dir) cherrypy.tree.mount(web, '/', {'/': {'tools.trailing_slash.on': False, 'tools.db.on': True, 'error_page.403': web.error, 'error_page.404': web.error}, '/static': {"tools.staticdir.on": True, "tools.staticdir.dir": os.path.join(APPROOT, "styles/dist") if not args.debug else os.path.abspath("styles/dist")}, '/thumb': {'tools.expires.on': True, 'tools.expires.secs': 7 * 86400}, '/login': {'tools.auth_basic.on': True, 'tools.auth_basic.realm': 'photolib', 'tools.auth_basic.checkpassword': validate_password}}) # Setup and mount API api = PhotosApi(library_manager) cherrypy.tree.mount(api, '/api', {'/': {'tools.sessions.on': False, 'tools.trailing_slash.on': False, 'tools.auth_basic.on': True, 'tools.auth_basic.realm': 'photolib', 'tools.auth_basic.checkpassword': validate_password, 'tools.db.on': True}}) # General config options cherrypy.config.update({ 'tools.sessions.storage_class': DatabaseSession, 'tools.sessions.on': True, 'tools.sessions.locking': 'explicit', 'tools.sessions.timeout': 525600, 'request.show_tracebacks': True, 'server.socket_port': args.port, 'server.thread_pool': 25, 'server.socket_host': '0.0.0.0', 'server.show_tracebacks': True, 'log.screen': False, 'engine.autoreload.on': args.debug, 'server.max_request_body_size': args.max_upload }) # Setup signal handling and run it. def signal_handler(signum, stack): logging.critical('Got sig {}, exiting...'.format(signum)) cherrypy.engine.exit() signal.signal(signal.SIGINT, signal_handler) signal.signal(signal.SIGTERM, signal_handler) try: cherrypy.engine.start() cherrypy.engine.block() finally: logging.info("API has shut down") cherrypy.engine.exit() if __name__ == '__main__': main()