add a simple backoffice view to show proxied content for simple html pages (#520)

Co-authored-by: Thomas Steen Rasmussen <tykling@bornhack.org>

src/backoffice/templates/backoffice_proxy.html

@@ -0,0 +1,18 @@
+{% extends 'base.html' %}
+{% load bootstrap3 %}
+
+{% block content %}
+<div class="panel panel-default">
+  <div class="panel-heading"><h3 class="panel-title">See proxied content</h3></div>
+  <div class="panel-body">
+    <form method="POST">
+        {% csrf_token %}
+        {% bootstrap_form form %}
+        <button type="submit" class="btn btn-primary"><i class='fas fa-check'></i> Show me!</button>
+        <a href="{% url 'backoffice:index' camp_slug=camp.slug %}" class="btn btn-default"><i class="fas fa-undo"></i> Cancel</a>
+    </form>
+  </div>
+</div>
+
+{% endblock content %}
+

src/backoffice/templates/index.html

@@ -109,6 +109,12 @@
         <p class="list-group-item-text">Use this view to see and approve/reject revenues.</p>
       </a>
       {% endif %}
+
+      <h3>External Content</h3>
+      <a href="{% url 'backoffice:proxy' camp_slug=camp.slug %}" class="list-group-item">
+        <h4 class="list-group-item-heading">Proxied Content</h4>
+        <p class="list-group-item-text">Use this view to see proxied content</p>
+      </a>
     </div>
 </div>
 

src/backoffice/urls.py

@@ -4,6 +4,7 @@ from .views import (
     ApproveFeedbackView,
     ApproveNamesView,
     BackofficeIndexView,
+    BackofficeProxyView,
     BadgeHandoutView,
     ChainDetailView,
     ChainListView,
@@ -36,6 +37,9 @@ app_name = "backoffice"
 
 urlpatterns = [
     path("", BackofficeIndexView.as_view(), name="index"),
+    # proxy view
+    path("proxy/", BackofficeProxyView.as_view(), name="proxy"),
+    # facility feedback
     path(
         "feedback/facilities/<slug:team_slug>/",
         include([path("", FacilityFeedbackView.as_view(), name="facilityfeedback")]),

src/backoffice/views.py

@@ -2,7 +2,9 @@ import logging
 import os
 from itertools import chain
 
+import requests
 from camps.mixins import CampViewMixin
+from django import forms
 from django.conf import settings
 from django.contrib import messages
 from django.contrib.auth.mixins import LoginRequiredMixin
@@ -11,6 +13,7 @@ from django.core.exceptions import PermissionDenied
 from django.core.files import File
 from django.db.models import Sum
 from django.forms import modelformset_factory
+from django.http import HttpResponse
 from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse
 from django.utils import timezone
@@ -771,3 +774,41 @@ class ShopTicketOverview(LoginRequiredMixin, CampViewMixin, ListView):
     def get_context_data(self, *, object_list=None, **kwargs):
         kwargs["ticket_types"] = TicketType.objects.filter(camp=self.camp)
         return super().get_context_data(object_list=object_list, **kwargs)
+
+
+class BackofficeProxyView(CampViewMixin, RaisePermissionRequiredMixin, FormView):
+    """
+    Show proxied stuff, only for simple HTML pages with no external content
+    Define URLs in settings.BACKOFFICE_PROXY_URLS as a dict of description: url pairs
+    """
+
+    permission_required = "camps.backoffice_permission"
+    template_name = "backoffice_proxy.html"
+
+    def setup(self, *args, **kwargs):
+        super().setup(*args, **kwargs)
+        self.form_class = forms.Form
+
+    def get_form(self, *args, **kwargs):
+        form = super().get_form(*args, **kwargs)
+        form.fields["url"] = forms.ChoiceField(
+            choices=[
+                (url, desc) for desc, url in settings.BACKOFFICE_PROXY_URLS.items()
+            ],
+            widget=forms.RadioSelect,
+            help_text="Pick the URL you wish to see",
+        )
+        return form
+
+    def form_valid(self, form):
+        """ Perform the request and return the response """
+        if form.cleaned_data["url"] not in settings.BACKOFFICE_PROXY_URLS.values():
+            # this is not one of the urls from settings
+            messages.error(self.request, "Unknown URL")
+            return redirect(
+                reverse("backoffice:proxy", kwargs={"camp_slug": self.camp.slug})
+            )
+        # perform the request
+        r = requests.get(form.cleaned_data["url"])
+        # return the response, keeping the status code but no headers
+        return HttpResponse(r.content, status=r.status_code)

src/bornhack/environment_settings.py.dist

@@ -96,3 +96,5 @@ ECONOMYTEAM_NAME = "Economy"
 
 BORNHACK_2019_OLD_TOKEN_TOKEN = "{{ bornhack_2019_old_token_token }}"
 KORTFORSYNINGEN_TOKEN = "{{ kortforsyningen_token }}"
+BACKOFFICE_PROXY_URLS = {}
+

src/maps/views.py

@@ -45,7 +45,7 @@ class MapProxyView(View):
             "upgrade",
         ]
         # proxy all headers from our upstream request to the response to our client,
-        # if they headers are not in our list of troublemakers
+        # if the headers are not in our list of troublemakers
         for key, value in r.headers.items():
             if key.lower() not in excluded_headers:
                 response[key] = value