Remove hashed URL mode

Also simplified how view class routing works.

Refs #1661
This commit is contained in:
Simon Willison 2022-03-18 17:12:03 -07:00 committed by GitHub
commit d4f60c2388
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 79 additions and 266 deletions

View file

@ -1097,7 +1097,7 @@ class Datasette:
)
add_route(
TableView.as_view(self),
r"/(?P<db_name>[^/]+)/(?P<table_and_format>[^/]+?$)",
r"/(?P<db_name>[^/]+)/(?P<table>[^\/\.]+)(\.[a-zA-Z0-9_]+)?$",
)
add_route(
RowView.as_view(self),

View file

@ -122,11 +122,11 @@ class BaseView:
async def delete(self, request, *args, **kwargs):
return Response.text("Method not allowed", status=405)
async def dispatch_request(self, request, *args, **kwargs):
async def dispatch_request(self, request):
if self.ds:
await self.ds.refresh_schemas()
handler = getattr(self, request.method.lower(), None)
return await handler(request, *args, **kwargs)
return await handler(request)
async def render(self, templates, request, context=None):
context = context or {}
@ -169,9 +169,7 @@ class BaseView:
def as_view(cls, *class_args, **class_kwargs):
async def view(request, send):
self = view.view_class(*class_args, **class_kwargs)
return await self.dispatch_request(
request, **request.scope["url_route"]["kwargs"]
)
return await self.dispatch_request(request)
view.view_class = cls
view.__doc__ = cls.__doc__
@ -200,90 +198,14 @@ class DataView(BaseView):
add_cors_headers(r.headers)
return r
async def data(self, request, database, hash, **kwargs):
async def data(self, request):
raise NotImplementedError
async def resolve_db_name(self, request, db_name, **kwargs):
hash = None
name = None
decoded_name = tilde_decode(db_name)
if decoded_name not in self.ds.databases and "-" in db_name:
# No matching DB found, maybe it's a name-hash?
name_bit, hash_bit = db_name.rsplit("-", 1)
if tilde_decode(name_bit) not in self.ds.databases:
raise NotFound(f"Database not found: {name}")
else:
name = tilde_decode(name_bit)
hash = hash_bit
else:
name = decoded_name
try:
db = self.ds.databases[name]
except KeyError:
raise NotFound(f"Database not found: {name}")
# Verify the hash
expected = "000"
if db.hash is not None:
expected = db.hash[:HASH_LENGTH]
correct_hash_provided = expected == hash
if not correct_hash_provided:
if "table_and_format" in kwargs:
async def async_table_exists(t):
return await db.table_exists(t)
table, _format = await resolve_table_and_format(
table_and_format=tilde_decode(kwargs["table_and_format"]),
table_exists=async_table_exists,
allowed_formats=self.ds.renderers.keys(),
)
kwargs["table"] = table
if _format:
kwargs["as_format"] = f".{_format}"
elif kwargs.get("table"):
kwargs["table"] = tilde_decode(kwargs["table"])
should_redirect = self.ds.urls.path(f"{name}-{expected}")
if kwargs.get("table"):
should_redirect += "/" + tilde_encode(kwargs["table"])
if kwargs.get("pk_path"):
should_redirect += "/" + kwargs["pk_path"]
if kwargs.get("as_format"):
should_redirect += kwargs["as_format"]
if kwargs.get("as_db"):
should_redirect += kwargs["as_db"]
if (
(self.ds.setting("hash_urls") or "_hash" in request.args)
and
# Redirect only if database is immutable
not self.ds.databases[name].is_mutable
):
return name, expected, correct_hash_provided, should_redirect
return name, expected, correct_hash_provided, None
def get_templates(self, database, table=None):
assert NotImplemented
async def get(self, request, db_name, **kwargs):
(
database,
hash,
correct_hash_provided,
should_redirect,
) = await self.resolve_db_name(request, db_name, **kwargs)
if should_redirect:
return self.redirect(request, should_redirect, remove_args={"_hash"})
return await self.view_get(
request, database, hash, correct_hash_provided, **kwargs
)
async def as_csv(self, request, database, hash, **kwargs):
async def as_csv(self, request, database):
kwargs = {}
stream = request.args.get("_stream")
# Do not calculate facets or counts:
extra_parameters = [
@ -313,9 +235,7 @@ class DataView(BaseView):
kwargs["_size"] = "max"
# Fetch the first page
try:
response_or_template_contexts = await self.data(
request, database, hash, **kwargs
)
response_or_template_contexts = await self.data(request)
if isinstance(response_or_template_contexts, Response):
return response_or_template_contexts
elif len(response_or_template_contexts) == 4:
@ -367,10 +287,11 @@ class DataView(BaseView):
next = None
while first or (next and stream):
try:
kwargs = {}
if next:
kwargs["_next"] = next
if not first:
data, _, _ = await self.data(request, database, hash, **kwargs)
data, _, _ = await self.data(request, **kwargs)
if first:
if request.args.get("_header") != "off":
await writer.writerow(headings)
@ -445,60 +366,39 @@ class DataView(BaseView):
if not trace:
content_type = "text/csv; charset=utf-8"
disposition = 'attachment; filename="{}.csv"'.format(
kwargs.get("table", database)
request.url_vars.get("table", database)
)
headers["content-disposition"] = disposition
return AsgiStream(stream_fn, headers=headers, content_type=content_type)
async def get_format(self, request, database, args):
"""Determine the format of the response from the request, from URL
parameters or from a file extension.
`args` is a dict of the path components parsed from the URL by the router.
"""
# If ?_format= is provided, use that as the format
_format = request.args.get("_format", None)
if not _format:
_format = (args.pop("as_format", None) or "").lstrip(".")
def get_format(self, request):
# Format is the bit from the path following the ., if one exists
last_path_component = request.path.split("/")[-1]
if "." in last_path_component:
return last_path_component.split(".")[-1]
else:
args.pop("as_format", None)
if "table_and_format" in args:
db = self.ds.databases[database]
return None
async def async_table_exists(t):
return await db.table_exists(t)
table, _ext_format = await resolve_table_and_format(
table_and_format=tilde_decode(args["table_and_format"]),
table_exists=async_table_exists,
allowed_formats=self.ds.renderers.keys(),
)
_format = _format or _ext_format
args["table"] = table
del args["table_and_format"]
elif "table" in args:
args["table"] = tilde_decode(args["table"])
return _format, args
async def view_get(self, request, database, hash, correct_hash_provided, **kwargs):
_format, kwargs = await self.get_format(request, database, kwargs)
async def get(self, request):
db_name = request.url_vars["db_name"]
database = tilde_decode(db_name)
_format = self.get_format(request)
data_kwargs = {}
if _format == "csv":
return await self.as_csv(request, database, hash, **kwargs)
return await self.as_csv(request, database)
if _format is None:
# HTML views default to expanding all foreign key labels
kwargs["default_labels"] = True
data_kwargs["default_labels"] = True
extra_template_data = {}
start = time.perf_counter()
status_code = None
templates = []
try:
response_or_template_contexts = await self.data(
request, database, hash, **kwargs
)
response_or_template_contexts = await self.data(request, **data_kwargs)
if isinstance(response_or_template_contexts, Response):
return response_or_template_contexts
# If it has four items, it includes an HTTP status code
@ -650,10 +550,7 @@ class DataView(BaseView):
ttl = request.args.get("_ttl", None)
if ttl is None or not ttl.isdigit():
if correct_hash_provided:
ttl = self.ds.setting("default_cache_ttl_hashed")
else:
ttl = self.ds.setting("default_cache_ttl")
ttl = self.ds.setting("default_cache_ttl")
return self.set_response_headers(r, ttl)

View file

@ -12,6 +12,7 @@ from datasette.utils import (
await_me_maybe,
check_visibility,
derive_named_parameters,
tilde_decode,
to_css_class,
validate_sql_select,
is_url,
@ -21,7 +22,7 @@ from datasette.utils import (
sqlite3,
InvalidSql,
)
from datasette.utils.asgi import AsgiFileDownload, Response, Forbidden
from datasette.utils.asgi import AsgiFileDownload, NotFound, Response, Forbidden
from datasette.plugins import pm
from .base import DatasetteError, DataView
@ -30,7 +31,8 @@ from .base import DatasetteError, DataView
class DatabaseView(DataView):
name = "database"
async def data(self, request, database, hash, default_labels=False, _size=None):
async def data(self, request, default_labels=False, _size=None):
database = tilde_decode(request.url_vars["db_name"])
await self.check_permissions(
request,
[
@ -45,10 +47,13 @@ class DatabaseView(DataView):
sql = request.args.get("sql")
validate_sql_select(sql)
return await QueryView(self.ds).data(
request, database, hash, sql, _size=_size, metadata=metadata
request, sql, _size=_size, metadata=metadata
)
db = self.ds.databases[database]
try:
db = self.ds.databases[database]
except KeyError:
raise NotFound("Database not found: {}".format(database))
table_counts = await db.table_counts(5)
hidden_table_names = set(await db.hidden_table_names())
@ -156,7 +161,8 @@ class DatabaseView(DataView):
class DatabaseDownload(DataView):
name = "database_download"
async def view_get(self, request, database, hash, correct_hash_present, **kwargs):
async def get(self, request):
database = tilde_decode(request.url_vars["db_name"])
await self.check_permissions(
request,
[
@ -191,8 +197,6 @@ class QueryView(DataView):
async def data(
self,
request,
database,
hash,
sql,
editable=True,
canned_query=None,
@ -201,6 +205,7 @@ class QueryView(DataView):
named_parameters=None,
write=False,
):
database = tilde_decode(request.url_vars["db_name"])
params = {key: request.args.get(key) for key in request.args}
if "sql" in params:
params.pop("sql")

View file

@ -18,7 +18,8 @@ COUNT_DB_SIZE_LIMIT = 100 * 1024 * 1024
class IndexView(BaseView):
name = "index"
async def get(self, request, as_format):
async def get(self, request):
as_format = request.url_vars["as_format"]
await self.check_permission(request, "view-instance")
databases = []
for name, db in self.ds.databases.items():

View file

@ -14,7 +14,8 @@ class JsonDataView(BaseView):
self.data_callback = data_callback
self.needs_request = needs_request
async def get(self, request, as_format):
async def get(self, request):
as_format = request.url_vars["as_format"]
await self.check_permission(request, "view-instance")
if self.needs_request:
data = self.data_callback(request)

View file

@ -271,20 +271,18 @@ class RowTableShared(DataView):
class TableView(RowTableShared):
name = "table"
async def post(self, request, db_name, table_and_format):
async def post(self, request):
db_name = tilde_decode(request.url_vars["db_name"])
table = tilde_decode(request.url_vars["table"])
# Handle POST to a canned query
canned_query = await self.ds.get_canned_query(
db_name, table_and_format, request.actor
)
canned_query = await self.ds.get_canned_query(db_name, table, request.actor)
assert canned_query, "You may only POST to a canned query"
return await QueryView(self.ds).data(
request,
db_name,
None,
canned_query["sql"],
metadata=canned_query,
editable=False,
canned_query=table_and_format,
canned_query=table,
named_parameters=canned_query.get("params"),
write=bool(canned_query.get("write")),
)
@ -325,20 +323,22 @@ class TableView(RowTableShared):
async def data(
self,
request,
database,
hash,
table,
default_labels=False,
_next=None,
_size=None,
):
database = tilde_decode(request.url_vars["db_name"])
table = tilde_decode(request.url_vars["table"])
try:
db = self.ds.databases[database]
except KeyError:
raise NotFound("Database not found: {}".format(database))
# If this is a canned query, not a table, then dispatch to QueryView instead
canned_query = await self.ds.get_canned_query(database, table, request.actor)
if canned_query:
return await QueryView(self.ds).data(
request,
database,
hash,
canned_query["sql"],
metadata=canned_query,
editable=False,
@ -347,9 +347,6 @@ class TableView(RowTableShared):
write=bool(canned_query.get("write")),
)
table = tilde_decode(table)
db = self.ds.databases[database]
is_view = bool(await db.get_view_definition(table))
table_exists = bool(await db.table_exists(table))
@ -940,8 +937,9 @@ async def _sql_params_pks(db, table, pk_values):
class RowView(RowTableShared):
name = "row"
async def data(self, request, database, hash, table, pk_path, default_labels=False):
table = tilde_decode(table)
async def data(self, request, default_labels=False):
database = tilde_decode(request.url_vars["db_name"])
table = tilde_decode(request.url_vars["table"])
await self.check_permissions(
request,
[
@ -950,7 +948,7 @@ class RowView(RowTableShared):
"view-instance",
],
)
pk_values = urlsafe_components(pk_path)
pk_values = urlsafe_components(request.url_vars["pk_path"])
db = self.ds.databases[database]
sql, params, pks = await _sql_params_pks(db, table, pk_values)
results = await db.execute(sql, params, truncate=True)