Sanitize input tags

[cookbook.git] / cookbook / server.py

# Copyright (C) 2010 W. Trevor King <wking@drexel.edu>
#
# This file is part of Cookbook.
#
# Cookbook is free software: you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# Cookbook is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Cookbook.  If not, see <http://www.gnu.org/licenses/>.

"""Serve cookbooks over HTTP.
"""

import os
import random
import re
import types
from xml.sax import saxutils

import cherrypy
from jinja2 import Environment, FileSystemLoader


class Server (object):
    """Cookbook web interface."""

    def __init__(self, cookbook, template_root):
        self.cookbook = cookbook
        self.cookbook.make_index()
        self.env = Environment(loader=FileSystemLoader(template_root))
        self.tag_regexp = re.compile('[a-zA-Z./ ].*')  # allowed characters

    def cleanup(self):
        #self.cookbook.save('new-recipe')
        pass

    @cherrypy.expose
    def index(self, tag=None):
        """Recipe index page.

        Recipes can be filtered by tag.
        """
        if isinstance(tag, types.StringTypes):
            tag = [tag]
        template = self.env.get_template('recipes.html')
        return template.render(cookbook=self.cookbook,
                               recipes=list(self.cookbook.tagged(tag)),
                               selected_tags=tag)

    @cherrypy.expose
    def recipe(self, name=None):
        """Single recipe page.
        """
        if name == None:
            recipe = random.choice(self.cookbook)
        else:
            if type(name) == types.StringType:
                name = unicode(name, encoding='utf-8')
            recipe = self.cookbook.index[name]
        template = self.env.get_template('recipe.html')
        return template.render(cookbook=self.cookbook, recipe=recipe)

    @cherrypy.expose
    def add_tag(self, name, tag):
        """Add a tag to a single recipe."""
        if type(name) == types.StringType:
            name = unicode(name, encoding='utf-8')
        recipe = self.cookbook.index[name]
        if recipe.tags == None:
            recipe.tags = []
        tag = self._clean_tag(tag)
        if tag == None:
            return
        if tag not in recipe.tags:
            recipe.tags.append(tag)
            with open(recipe.path, 'w') as f:
                recipe.save(f)
        raise cherrypy.HTTPRedirect(
            'recipe?name=%s' % recipe.clean_name(), status=302)

    @cherrypy.expose
    def remove_tag(self, name, tag):
        """Remove a tag from a single recipe."""
        if type(name) == types.StringType:
            name = unicode(name, encoding='utf-8')
        recipe = self.cookbook.index[name]
        if recipe.tags == None:
            return
        tag = self._clean_tag(tag)
        if tag == None:
            return
        if tag in recipe.tags:
            recipe.tags.remove(tag)
            with open(recipe.path, 'w') as f:
                recipe.save(f)
        raise cherrypy.HTTPRedirect(
            'recipe?name=%s' % recipe.clean_name(), status=302)

    def _clean_tag(self, tag):
        """Sanitize tag."""
        tags = []
        m = self.tag_regexp.match(t)
        if m != None:
            return m.group()
        return None


def test():
    import doctest
    doctest.testmod()