-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathview_pdf.py
74 lines (61 loc) · 2.53 KB
/
view_pdf.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
"""View presenting the PDF viewer."""
import hashlib
from base64 import b64encode
from datetime import timedelta
from h_vialib import Configuration
from h_vialib.secure import quantized_expiry
from pyramid import view
from via.views.decorators import checkmate_block, has_secure_url_token
@view.view_config(
renderer="via:templates/pdf_viewer.html.jinja2",
route_name="view_pdf",
# We have to keep the leash short here for caching so we can pick up new
# immutable assets when they are deployed
http_cache=0,
decorator=(checkmate_block, has_secure_url_token),
)
def view_pdf(context, request):
"""HTML page with client and the PDF embedded."""
nginx_server = request.registry.settings["nginx_server"]
proxy_pdf_url = _pdf_url(
context.url(),
nginx_server,
request.registry.settings["nginx_secure_link_secret"],
)
_, h_config = Configuration.extract_from_params(request.params)
return {
# The upstream PDF URL that should be associated with any annotations.
"pdf_url": context.url(),
# The CORS-proxied PDF URL which the viewer should actually load the PDF from.
"proxy_pdf_url": proxy_pdf_url,
"client_embed_url": request.registry.settings["client_embed_url"],
"static_url": request.static_url,
"hypothesis_config": h_config,
}
def _pdf_url(url, nginx_server, secret):
"""Return the URL from which the PDF viewer should load the PDF."""
# Compute the expiry time to put into the URL.
exp = int(quantized_expiry(max_age=timedelta(hours=2)).timestamp())
# The expression to be hashed.
#
# This matches the hash expression that we tell the NGINX secure link
# module to use with the secure_link_md5 setting in our NGINX config file.
#
# http://nginx.org/en/docs/http/ngx_http_secure_link_module.html#secure_link_md5
hash_expression = f"/proxy/static/{exp}/{url} {secret}"
# Compute the hash value to put into the URL.
#
# This implements the NGINX secure link module's hashing algorithm:
#
# http://nginx.org/en/docs/http/ngx_http_secure_link_module.html#secure_link_md5
hash_ = hashlib.md5()
hash_.update(hash_expression.encode("utf-8"))
sec = hash_.digest()
sec = b64encode(sec)
sec = sec.replace(b"+", b"-")
sec = sec.replace(b"/", b"_")
sec = sec.replace(b"=", b"")
sec = sec.decode()
# Construct the URL, inserting sec and exp where our NGINX config file
# expects to find them.
return f"{nginx_server}/proxy/static/{sec}/{exp}/{url}"