1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
from django.shortcuts import get_object_or_404
from django.http import HttpResponseRedirect
from django.db import connection
from django.template.defaultfilters import slugify
from django.views.decorators.csrf import csrf_exempt
from pgweb.util.contexts import render_pgweb
from pgweb.util.misc import get_client_ip, varnish_purge
from pgweb.util.helpers import HttpSimpleResponse
from .models import Survey, SurveyAnswer, SurveyLock
def results(request, surveyid, junk=None):
survey = get_object_or_404(Survey, pk=surveyid)
surveylist = Survey.objects.all().order_by('-posted')
return render_pgweb(request, 'community', 'survey/results.html', {
'survey': survey,
'surveylist': surveylist,
})
# Served over insecure HTTP, the Varnish proxy strips cookies
@csrf_exempt
def vote(request, surveyid):
surv = get_object_or_404(Survey, pk=surveyid)
# Check that we have a valid answer number
try:
ansnum = int(request.POST['answer'])
if ansnum < 1 or ansnum > 8:
return HttpSimpleResponse(request, "Response error", "Invalid answer")
except Exception as e:
# When no answer is given, redirect to results instead
return HttpResponseRedirect("/community/survey/%s-%s" % (surv.id, slugify(surv.question)))
attrname = "tot%s" % ansnum
# Do IP based locking...
addr = get_client_ip(request)
# Clean out any old junk
curs = connection.cursor()
curs.execute("DELETE FROM survey_surveylock WHERE (\"time\" + '15 minutes') < now()")
# Check if we are locked
lock = SurveyLock.objects.filter(ipaddr=addr)
if len(lock) > 0:
return HttpSimpleResponse(request, "Rate limited", "Too many requests from your IP in the past 15 minutes")
# Generate a new lock item, and store it
lock = SurveyLock(ipaddr=addr)
lock.save()
answers = SurveyAnswer.objects.get_or_create(survey=surv)[0]
setattr(answers, attrname, getattr(answers, attrname) + 1)
answers.save()
# Do explicit varnish purge, since it seems that the model doesn't
# do it properly. Possibly because of the cute stuff we do with
# getattr/setattr above.
varnish_purge("/community/survey/%s/" % surveyid)
return HttpResponseRedirect("/community/survey/%s/" % surveyid)
|