pgweb/survey/views.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

from django.shortcuts import get_object_or_404
from django.http import HttpResponseRedirect
from django.db import connection
from django.template.defaultfilters import slugify
from django.views.decorators.csrf import csrf_exempt

from pgweb.util.contexts import render_pgweb
from pgweb.util.misc import get_client_ip, varnish_purge
from pgweb.util.helpers import HttpSimpleResponse

from .models import Survey, SurveyAnswer, SurveyLock


def results(request, surveyid, junk=None):
    survey = get_object_or_404(Survey, pk=surveyid)
    surveylist = Survey.objects.all().order_by('-posted')

    return render_pgweb(request, 'community', 'survey/results.html', {
        'survey': survey,
        'surveylist': surveylist,
    })


# Served over insecure HTTP, the Varnish proxy strips cookies
@csrf_exempt
def vote(request, surveyid):
    surv = get_object_or_404(Survey, pk=surveyid)

    # Check that we have a valid answer number
    try:
        ansnum = int(request.POST['answer'])
        if ansnum < 1 or ansnum > 8:
            return HttpSimpleResponse(request, "Response error", "Invalid answer")
    except Exception as e:
        # When no answer is given, redirect to results instead
        return HttpResponseRedirect("/community/survey/%s-%s" % (surv.id, slugify(surv.question)))
    attrname = "tot%s" % ansnum

    # Do IP based locking...
    addr = get_client_ip(request)

    # Clean out any old junk
    curs = connection.cursor()
    curs.execute("DELETE FROM survey_surveylock WHERE (\"time\" + '15 minutes') < now()")

    # Check if we are locked
    lock = SurveyLock.objects.filter(ipaddr=addr)
    if len(lock) > 0:
        return HttpSimpleResponse(request, "Rate limited", "Too many requests from your IP in the past 15 minutes")

    # Generate a new lock item, and store it
    lock = SurveyLock(ipaddr=addr)
    lock.save()

    answers = SurveyAnswer.objects.get_or_create(survey=surv)[0]
    setattr(answers, attrname, getattr(answers, attrname) + 1)
    answers.save()

    # Do explicit varnish purge, since it seems that the model doesn't
    # do it properly. Possibly because of the cute stuff we do with
    # getattr/setattr above.
    varnish_purge("/community/survey/%s/" % surveyid)

    return HttpResponseRedirect("/community/survey/%s/" % surveyid)