From 58c22cd3c8815858fbe287fea6808d86d92661b5 Mon Sep 17 00:00:00 2001
From: root <root@fetsite.fet.htu.tuwien.ac.at>
Date: Sun, 15 Mar 2020 09:32:54 +0000
Subject: [PATCH] fixing static paths to absolute, fixing csp script blueimp

---
 {foto_gallery/blueimp => blueimp}/LICENSE.txt |   0
 {foto_gallery/blueimp => blueimp}/README.md   |   0
 .../css/blueimp-gallery-indicator.css         |   0
 .../css/blueimp-gallery-video.css             |   0
 .../css/blueimp-gallery.css                   |   0
 .../css/blueimp-gallery.min.css               |   0
 .../css/blueimp-gallery.min.css.map           |   0
 .../blueimp => blueimp}/css/demo/demo.css     |   0
 .../blueimp => blueimp}/img/error.png         | Bin
 .../blueimp => blueimp}/img/error.svg         |   0
 .../blueimp => blueimp}/img/loading.gif       | Bin
 .../blueimp => blueimp}/img/play-pause.png    | Bin
 .../blueimp => blueimp}/img/play-pause.svg    |   0
 .../blueimp => blueimp}/img/video-play.png    | Bin
 .../blueimp => blueimp}/img/video-play.svg    |   0
 {foto_gallery/blueimp => blueimp}/index.html  |   0
 .../js/blueimp-gallery-fullscreen.js          |   0
 .../js/blueimp-gallery-indicator.js           |   0
 .../js/blueimp-gallery-video.js               |   0
 .../js/blueimp-gallery-vimeo.js               |   0
 .../js/blueimp-gallery-youtube.js             |   0
 .../blueimp => blueimp}/js/blueimp-gallery.js |   0
 .../js/blueimp-gallery.min.js                 |   0
 .../js/blueimp-gallery.min.js.map             |   0
 .../blueimp => blueimp}/js/blueimp-helper.js  |   0
 .../blueimp => blueimp}/js/demo/demo.js       |   0
 .../js/jquery.blueimp-gallery.js              |   0
 .../js/jquery.blueimp-gallery.min.js          |   0
 .../js/jquery.blueimp-gallery.min.js.map      |   0
 .../blueimp => blueimp}/js/vendor/jquery.js   |   0
 .../blueimp => blueimp}/package-lock.json     |   0
 .../blueimp => blueimp}/package.json          |   0
 fet_fotos.service                             |  13 +++++++++
 foto_gallery/__init__.py                      |  15 ++++++++---
 .../blueimp/.github/workflows/nodejs.yml      |  25 ------------------
 foto_gallery/blueimp/.gitignore               |   1 -
 foto_gallery/templates/gallery.html           |  24 ++++++++---------
 foto_gallery/templates/layoutfetbs3.html      |   8 ++++--
 static/init.js                                |  14 ++++++++++
 static/test.txt                               |   2 ++
 40 files changed, 58 insertions(+), 44 deletions(-)
 rename {foto_gallery/blueimp => blueimp}/LICENSE.txt (100%)
 rename {foto_gallery/blueimp => blueimp}/README.md (100%)
 rename {foto_gallery/blueimp => blueimp}/css/blueimp-gallery-indicator.css (100%)
 rename {foto_gallery/blueimp => blueimp}/css/blueimp-gallery-video.css (100%)
 rename {foto_gallery/blueimp => blueimp}/css/blueimp-gallery.css (100%)
 rename {foto_gallery/blueimp => blueimp}/css/blueimp-gallery.min.css (100%)
 rename {foto_gallery/blueimp => blueimp}/css/blueimp-gallery.min.css.map (100%)
 rename {foto_gallery/blueimp => blueimp}/css/demo/demo.css (100%)
 rename {foto_gallery/blueimp => blueimp}/img/error.png (100%)
 rename {foto_gallery/blueimp => blueimp}/img/error.svg (100%)
 rename {foto_gallery/blueimp => blueimp}/img/loading.gif (100%)
 rename {foto_gallery/blueimp => blueimp}/img/play-pause.png (100%)
 rename {foto_gallery/blueimp => blueimp}/img/play-pause.svg (100%)
 rename {foto_gallery/blueimp => blueimp}/img/video-play.png (100%)
 rename {foto_gallery/blueimp => blueimp}/img/video-play.svg (100%)
 rename {foto_gallery/blueimp => blueimp}/index.html (100%)
 rename {foto_gallery/blueimp => blueimp}/js/blueimp-gallery-fullscreen.js (100%)
 rename {foto_gallery/blueimp => blueimp}/js/blueimp-gallery-indicator.js (100%)
 rename {foto_gallery/blueimp => blueimp}/js/blueimp-gallery-video.js (100%)
 rename {foto_gallery/blueimp => blueimp}/js/blueimp-gallery-vimeo.js (100%)
 rename {foto_gallery/blueimp => blueimp}/js/blueimp-gallery-youtube.js (100%)
 rename {foto_gallery/blueimp => blueimp}/js/blueimp-gallery.js (100%)
 rename {foto_gallery/blueimp => blueimp}/js/blueimp-gallery.min.js (100%)
 rename {foto_gallery/blueimp => blueimp}/js/blueimp-gallery.min.js.map (100%)
 rename {foto_gallery/blueimp => blueimp}/js/blueimp-helper.js (100%)
 rename {foto_gallery/blueimp => blueimp}/js/demo/demo.js (100%)
 rename {foto_gallery/blueimp => blueimp}/js/jquery.blueimp-gallery.js (100%)
 rename {foto_gallery/blueimp => blueimp}/js/jquery.blueimp-gallery.min.js (100%)
 rename {foto_gallery/blueimp => blueimp}/js/jquery.blueimp-gallery.min.js.map (100%)
 rename {foto_gallery/blueimp => blueimp}/js/vendor/jquery.js (100%)
 rename {foto_gallery/blueimp => blueimp}/package-lock.json (100%)
 rename {foto_gallery/blueimp => blueimp}/package.json (100%)
 create mode 100644 fet_fotos.service
 delete mode 100644 foto_gallery/blueimp/.github/workflows/nodejs.yml
 delete mode 100644 foto_gallery/blueimp/.gitignore
 create mode 100644 static/init.js
 create mode 100644 static/test.txt

diff --git a/foto_gallery/blueimp/LICENSE.txt b/blueimp/LICENSE.txt
similarity index 100%
rename from foto_gallery/blueimp/LICENSE.txt
rename to blueimp/LICENSE.txt
diff --git a/foto_gallery/blueimp/README.md b/blueimp/README.md
similarity index 100%
rename from foto_gallery/blueimp/README.md
rename to blueimp/README.md
diff --git a/foto_gallery/blueimp/css/blueimp-gallery-indicator.css b/blueimp/css/blueimp-gallery-indicator.css
similarity index 100%
rename from foto_gallery/blueimp/css/blueimp-gallery-indicator.css
rename to blueimp/css/blueimp-gallery-indicator.css
diff --git a/foto_gallery/blueimp/css/blueimp-gallery-video.css b/blueimp/css/blueimp-gallery-video.css
similarity index 100%
rename from foto_gallery/blueimp/css/blueimp-gallery-video.css
rename to blueimp/css/blueimp-gallery-video.css
diff --git a/foto_gallery/blueimp/css/blueimp-gallery.css b/blueimp/css/blueimp-gallery.css
similarity index 100%
rename from foto_gallery/blueimp/css/blueimp-gallery.css
rename to blueimp/css/blueimp-gallery.css
diff --git a/foto_gallery/blueimp/css/blueimp-gallery.min.css b/blueimp/css/blueimp-gallery.min.css
similarity index 100%
rename from foto_gallery/blueimp/css/blueimp-gallery.min.css
rename to blueimp/css/blueimp-gallery.min.css
diff --git a/foto_gallery/blueimp/css/blueimp-gallery.min.css.map b/blueimp/css/blueimp-gallery.min.css.map
similarity index 100%
rename from foto_gallery/blueimp/css/blueimp-gallery.min.css.map
rename to blueimp/css/blueimp-gallery.min.css.map
diff --git a/foto_gallery/blueimp/css/demo/demo.css b/blueimp/css/demo/demo.css
similarity index 100%
rename from foto_gallery/blueimp/css/demo/demo.css
rename to blueimp/css/demo/demo.css
diff --git a/foto_gallery/blueimp/img/error.png b/blueimp/img/error.png
similarity index 100%
rename from foto_gallery/blueimp/img/error.png
rename to blueimp/img/error.png
diff --git a/foto_gallery/blueimp/img/error.svg b/blueimp/img/error.svg
similarity index 100%
rename from foto_gallery/blueimp/img/error.svg
rename to blueimp/img/error.svg
diff --git a/foto_gallery/blueimp/img/loading.gif b/blueimp/img/loading.gif
similarity index 100%
rename from foto_gallery/blueimp/img/loading.gif
rename to blueimp/img/loading.gif
diff --git a/foto_gallery/blueimp/img/play-pause.png b/blueimp/img/play-pause.png
similarity index 100%
rename from foto_gallery/blueimp/img/play-pause.png
rename to blueimp/img/play-pause.png
diff --git a/foto_gallery/blueimp/img/play-pause.svg b/blueimp/img/play-pause.svg
similarity index 100%
rename from foto_gallery/blueimp/img/play-pause.svg
rename to blueimp/img/play-pause.svg
diff --git a/foto_gallery/blueimp/img/video-play.png b/blueimp/img/video-play.png
similarity index 100%
rename from foto_gallery/blueimp/img/video-play.png
rename to blueimp/img/video-play.png
diff --git a/foto_gallery/blueimp/img/video-play.svg b/blueimp/img/video-play.svg
similarity index 100%
rename from foto_gallery/blueimp/img/video-play.svg
rename to blueimp/img/video-play.svg
diff --git a/foto_gallery/blueimp/index.html b/blueimp/index.html
similarity index 100%
rename from foto_gallery/blueimp/index.html
rename to blueimp/index.html
diff --git a/foto_gallery/blueimp/js/blueimp-gallery-fullscreen.js b/blueimp/js/blueimp-gallery-fullscreen.js
similarity index 100%
rename from foto_gallery/blueimp/js/blueimp-gallery-fullscreen.js
rename to blueimp/js/blueimp-gallery-fullscreen.js
diff --git a/foto_gallery/blueimp/js/blueimp-gallery-indicator.js b/blueimp/js/blueimp-gallery-indicator.js
similarity index 100%
rename from foto_gallery/blueimp/js/blueimp-gallery-indicator.js
rename to blueimp/js/blueimp-gallery-indicator.js
diff --git a/foto_gallery/blueimp/js/blueimp-gallery-video.js b/blueimp/js/blueimp-gallery-video.js
similarity index 100%
rename from foto_gallery/blueimp/js/blueimp-gallery-video.js
rename to blueimp/js/blueimp-gallery-video.js
diff --git a/foto_gallery/blueimp/js/blueimp-gallery-vimeo.js b/blueimp/js/blueimp-gallery-vimeo.js
similarity index 100%
rename from foto_gallery/blueimp/js/blueimp-gallery-vimeo.js
rename to blueimp/js/blueimp-gallery-vimeo.js
diff --git a/foto_gallery/blueimp/js/blueimp-gallery-youtube.js b/blueimp/js/blueimp-gallery-youtube.js
similarity index 100%
rename from foto_gallery/blueimp/js/blueimp-gallery-youtube.js
rename to blueimp/js/blueimp-gallery-youtube.js
diff --git a/foto_gallery/blueimp/js/blueimp-gallery.js b/blueimp/js/blueimp-gallery.js
similarity index 100%
rename from foto_gallery/blueimp/js/blueimp-gallery.js
rename to blueimp/js/blueimp-gallery.js
diff --git a/foto_gallery/blueimp/js/blueimp-gallery.min.js b/blueimp/js/blueimp-gallery.min.js
similarity index 100%
rename from foto_gallery/blueimp/js/blueimp-gallery.min.js
rename to blueimp/js/blueimp-gallery.min.js
diff --git a/foto_gallery/blueimp/js/blueimp-gallery.min.js.map b/blueimp/js/blueimp-gallery.min.js.map
similarity index 100%
rename from foto_gallery/blueimp/js/blueimp-gallery.min.js.map
rename to blueimp/js/blueimp-gallery.min.js.map
diff --git a/foto_gallery/blueimp/js/blueimp-helper.js b/blueimp/js/blueimp-helper.js
similarity index 100%
rename from foto_gallery/blueimp/js/blueimp-helper.js
rename to blueimp/js/blueimp-helper.js
diff --git a/foto_gallery/blueimp/js/demo/demo.js b/blueimp/js/demo/demo.js
similarity index 100%
rename from foto_gallery/blueimp/js/demo/demo.js
rename to blueimp/js/demo/demo.js
diff --git a/foto_gallery/blueimp/js/jquery.blueimp-gallery.js b/blueimp/js/jquery.blueimp-gallery.js
similarity index 100%
rename from foto_gallery/blueimp/js/jquery.blueimp-gallery.js
rename to blueimp/js/jquery.blueimp-gallery.js
diff --git a/foto_gallery/blueimp/js/jquery.blueimp-gallery.min.js b/blueimp/js/jquery.blueimp-gallery.min.js
similarity index 100%
rename from foto_gallery/blueimp/js/jquery.blueimp-gallery.min.js
rename to blueimp/js/jquery.blueimp-gallery.min.js
diff --git a/foto_gallery/blueimp/js/jquery.blueimp-gallery.min.js.map b/blueimp/js/jquery.blueimp-gallery.min.js.map
similarity index 100%
rename from foto_gallery/blueimp/js/jquery.blueimp-gallery.min.js.map
rename to blueimp/js/jquery.blueimp-gallery.min.js.map
diff --git a/foto_gallery/blueimp/js/vendor/jquery.js b/blueimp/js/vendor/jquery.js
similarity index 100%
rename from foto_gallery/blueimp/js/vendor/jquery.js
rename to blueimp/js/vendor/jquery.js
diff --git a/foto_gallery/blueimp/package-lock.json b/blueimp/package-lock.json
similarity index 100%
rename from foto_gallery/blueimp/package-lock.json
rename to blueimp/package-lock.json
diff --git a/foto_gallery/blueimp/package.json b/blueimp/package.json
similarity index 100%
rename from foto_gallery/blueimp/package.json
rename to blueimp/package.json
diff --git a/fet_fotos.service b/fet_fotos.service
new file mode 100644
index 0000000..e3a5676
--- /dev/null
+++ b/fet_fotos.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=uWSGI Simple Sample for Flat Page with Index Default
+After=network.target
+
+[Service]
+#User=www-data
+#Group=www-data
+WorkingDirectory=/srv/flask-fet-fotos
+Environment="PATH=/srv/flask-fet-fotos/.env/bin"
+ExecStart=uwsgi --ini uwsgi.ini
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/foto_gallery/__init__.py b/foto_gallery/__init__.py
index 694b77b..8364192 100644
--- a/foto_gallery/__init__.py
+++ b/foto_gallery/__init__.py
@@ -14,6 +14,7 @@ import os
 import re
 from PIL import Image, ExifTags, ImageOps
 from functools import partial
+from flask_csp.csp import csp_header, csp_default
 
 cfg = Config("config.cfg")
 
@@ -36,6 +37,9 @@ app.logger.info('flatpages loaded %d pages' % len(flatpages._pages))
 app.logger.info("Data directory is: %s" % flatpages.root)
 app.logger.info("Url prefix;: %s" % cfg.url_prefix)
 
+csp_d=csp_default()
+csp_d.update({'default-src':"'self' 'unsafe-inline'", 'script-src': "'unsafe-inline' 'self'"})
+
 
 
 freezer = Freezer(app)
@@ -83,6 +87,7 @@ def thumb(size=64,name=''):
 
 @page_blueprint.route('/<path:name>/',strict_slashes=False)
 @page_blueprint.route('/')
+@csp_header()
 def post(name=''):
     print("Post: %s" % name)
     page = flatpages.get(name)
@@ -98,12 +103,16 @@ def post(name=''):
         return send_from_directory(app.config["FLATPAGES_ROOT"],name)
     elif os.path.exists(os.path.join('static',name)):
         print("send from static dir %s" % name)
-        return send_from_directory('static',name)
+        return send_from_directory(os.path.abspath('static'),name)
     elif os.path.exists(os.path.join(cfg["fet_assets"],name)):
         return send_from_directory(cfg["fet_assets"],name)
+    elif os.path.exists(os.path.join("blueimp",name)):
+        return send_from_directory(os.path.abspath('blueimp'),name)
     else:
-        return send_from_directory('blueimp',name)
-
+        print("%s not found" % os.path.abspath(os.path.join('static',name)))
+        print("%s not found" % os.path.abspath(os.path.join(cfg["fet_assets"],name)))
+        
+        return abort(404)
 
 @api_blueprint.route('/<path:name>.json',strict_slashes=False)
 @api_blueprint.route('/.json',strict_slashes=False)
diff --git a/foto_gallery/blueimp/.github/workflows/nodejs.yml b/foto_gallery/blueimp/.github/workflows/nodejs.yml
deleted file mode 100644
index 89973ab..0000000
--- a/foto_gallery/blueimp/.github/workflows/nodejs.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-name: Node CI
-
-on: [push, pull_request]
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-
-    strategy:
-      matrix:
-        node-version: [8.x, 10.x, 12.x]
-
-    steps:
-      - uses: actions/checkout@v1
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v1
-        with:
-          node-version: ${{ matrix.node-version }}
-      - name: npm install, build, and test
-        run: |
-          npm install
-          npm run build --if-present
-          npm test
-        env:
-          CI: true
diff --git a/foto_gallery/blueimp/.gitignore b/foto_gallery/blueimp/.gitignore
deleted file mode 100644
index 3c3629e..0000000
--- a/foto_gallery/blueimp/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-node_modules
diff --git a/foto_gallery/templates/gallery.html b/foto_gallery/templates/gallery.html
index c09ed43..0f976cd 100644
--- a/foto_gallery/templates/gallery.html
+++ b/foto_gallery/templates/gallery.html
@@ -1,5 +1,13 @@
 {# -*-jinja2-*- #}
 {% extends "layoutfetbs3.html" %}
+{% block head %}
+
+<script src="/galleries/js/blueimp-gallery.min.js"></script>
+<script src="/galleries/init.js"></script>
+
+
+{% endblock %}
+
 {% block content %}
 <h1>{{post.title}}</h1>
 <small> von {{post.author}} </small>
@@ -27,19 +35,9 @@
   </a>
   {% endfor %}
 </div>
-<script src="/galleries/js/blueimp-gallery.min.js"></script>
-<script>
-  document.getElementById('links').onclick = function(event) {
-  event = event || window.event
-  var target = event.target || event.srcElement,
-  link = target.src ? target.parentNode : target,
-  options = { index: link, event: event },
-  links = this.getElementsByTagName('a')
-  blueimp.Gallery(links, options)
-  }
-  </script>
-
-
 {% endif %}
 
+
+
+
 {% endblock %}
diff --git a/foto_gallery/templates/layoutfetbs3.html b/foto_gallery/templates/layoutfetbs3.html
index f1b05ac..aaa9495 100644
--- a/foto_gallery/templates/layoutfetbs3.html
+++ b/foto_gallery/templates/layoutfetbs3.html
@@ -12,8 +12,12 @@
     <link rel="stylesheet" href="/galleries/css/blueimp-gallery.min.css" />
 
 
-    <script src="https://www.fet.at/assets/application-7cbec5b180d121b587cfe58e2d4517d1.js" type="text/javascript"></script>
-     <title>Fetsite</title>
+    <script src="https://2020.fet.at/galleries/application-7cbec5b180d121b587cfe58e2d4517d1.js" type="text/javascript"></script>
+
+    {% block head %}
+	  {% endblock %}
+
+    <title>Fetsite</title>
   </head>
 
   <body>
diff --git a/static/init.js b/static/init.js
new file mode 100644
index 0000000..9d4b641
--- /dev/null
+++ b/static/init.js
@@ -0,0 +1,14 @@
+$(
+    function(){
+	console.log("init loaded")
+    })
+  $(function (){
+      document.getElementById('links').onclick = function(event) {
+  event = event || window.event
+  var target = event.target || event.srcElement,
+  link = target.src ? target.parentNode : target,
+  options = { index: link, event: event },
+  links = this.getElementsByTagName('a')
+  blueimp.Gallery(links, options)
+      }
+  })
diff --git a/static/test.txt b/static/test.txt
new file mode 100644
index 0000000..ce7a7c8
--- /dev/null
+++ b/static/test.txt
@@ -0,0 +1,2 @@
+DS
+ADSADQWF