davrot/overleaf-registration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial commit

Browse source
This commit is contained in:
Marco Aceti 2022-02-21 18:32:14 +01:00
commit 70d158712a
No known key found for this signature in database
GPG key ID: E4ABA81298E4F14D
14 changed files with 694 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

213
.dockerignore Normal file
View file

@ -0,0 +1,213 @@
### JetBrains template
# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
# User-specific stuff
.idea/**/workspace.xml
.idea/**/tasks.xml
.idea/**/usage.statistics.xml
.idea/**/dictionaries
.idea/**/shelf
# Generated files
.idea/**/contentModel.xml
# Sensitive or high-churn files
.idea/**/dataSources/
.idea/**/dataSources.ids
.idea/**/dataSources.local.xml
.idea/**/sqlDataSources.xml
.idea/**/dynamic.xml
.idea/**/uiDesigner.xml
.idea/**/dbnavigator.xml
# Gradle
.idea/**/gradle.xml
.idea/**/libraries
# Gradle and Maven with auto-import
# When using Gradle or Maven with auto-import, you should exclude module files,
# since they will be recreated, and may cause churn. Uncomment if using
# auto-import.
# .idea/artifacts
# .idea/compiler.xml
# .idea/jarRepositories.xml
# .idea/modules.xml
# .idea/*.iml
# .idea/modules
# *.iml
# *.ipr
# CMake
cmake-build-*/
# Mongo Explorer plugin
.idea/**/mongoSettings.xml
# File-based project format
*.iws
# IntelliJ
out/
# mpeltonen/sbt-idea plugin
.idea_modules/
# JIRA plugin
atlassian-ide-plugin.xml
# Cursive Clojure plugin
.idea/replstate.xml
# Crashlytics plugin (for Android Studio and IntelliJ)
com_crashlytics_export_strings.xml
crashlytics.properties
crashlytics-build.properties
fabric.properties
# Editor-based Rest Client
.idea/httpRequests
# Android studio 3.1+ serialized cache file
.idea/caches/build_file_checksums.ser
### Python template
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
cover/
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
.pybuilder/
target/
# Jupyter Notebook
.ipynb_checkpoints
# IPython
profile_default/
ipython_config.py
# pyenv
# For a library or package, you might want to ignore these files since the code is
# intended to run in multiple environments; otherwise, check them in:
# .python-version
# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock
# PEP 582; used by e.g. github.com/David-OConnor/pyflow
__pypackages__/
# Celery stuff
celerybeat-schedule
celerybeat.pid
# SageMath parsed files
*.sage.py
# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
.dmypy.json
dmypy.json
# Pyre type checker
.pyre/
# pytype static type analyzer
.pytype/
# Cython debug symbols
cython_debug/

35
.github/workflows/docker.yml vendored Normal file
View file

@ -0,0 +1,35 @@
name: Docker build and push
on:
push:
branches: [ master ]
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Login to ghcr registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ secrets.GH_USERNAME }}
password: ${{ secrets.GH_ACCESS_TOKEN }}
- name: Prepare version info
run: |
echo "LATEST_COMMIT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- name: Build and push Docker images
uses: docker/build-push-action@v2.2.2
with:
context: .
file: ./Dockerfile
tags: |
ghcr.io/studentiunimi/overleaf-registration:${{ env.LATEST_COMMIT_SHA }}
ghcr.io/studentiunimi/overleaf-registration:latest
push: true

213
.gitignore vendored Normal file
View file

@ -0,0 +1,213 @@
### JetBrains template
# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
# User-specific stuff
.idea/**/workspace.xml
.idea/**/tasks.xml
.idea/**/usage.statistics.xml
.idea/**/dictionaries
.idea/**/shelf
# Generated files
.idea/**/contentModel.xml
# Sensitive or high-churn files
.idea/**/dataSources/
.idea/**/dataSources.ids
.idea/**/dataSources.local.xml
.idea/**/sqlDataSources.xml
.idea/**/dynamic.xml
.idea/**/uiDesigner.xml
.idea/**/dbnavigator.xml
# Gradle
.idea/**/gradle.xml
.idea/**/libraries
# Gradle and Maven with auto-import
# When using Gradle or Maven with auto-import, you should exclude module files,
# since they will be recreated, and may cause churn. Uncomment if using
# auto-import.
# .idea/artifacts
# .idea/compiler.xml
# .idea/jarRepositories.xml
# .idea/modules.xml
# .idea/*.iml
# .idea/modules
# *.iml
# *.ipr
# CMake
cmake-build-*/
# Mongo Explorer plugin
.idea/**/mongoSettings.xml
# File-based project format
*.iws
# IntelliJ
out/
# mpeltonen/sbt-idea plugin
.idea_modules/
# JIRA plugin
atlassian-ide-plugin.xml
# Cursive Clojure plugin
.idea/replstate.xml
# Crashlytics plugin (for Android Studio and IntelliJ)
com_crashlytics_export_strings.xml
crashlytics.properties
crashlytics-build.properties
fabric.properties
# Editor-based Rest Client
.idea/httpRequests
# Android studio 3.1+ serialized cache file
.idea/caches/build_file_checksums.ser
### Python template
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
cover/
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
.pybuilder/
target/
# Jupyter Notebook
.ipynb_checkpoints
# IPython
profile_default/
ipython_config.py
# pyenv
# For a library or package, you might want to ignore these files since the code is
# intended to run in multiple environments; otherwise, check them in:
# .python-version
# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock
# PEP 582; used by e.g. github.com/David-OConnor/pyflow
__pypackages__/
# Celery stuff
celerybeat-schedule
celerybeat.pid
# SageMath parsed files
*.sage.py
# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
.dmypy.json
dmypy.json
# Pyre type checker
.pyre/
# pytype static type analyzer
.pytype/
# Cython debug symbols
cython_debug/

15
Dockerfile Normal file
View file

@ -0,0 +1,15 @@
FROM python:slim
COPY requirements.txt .
RUN pip3 install -r requirements.txt
COPY . .
EXPOSE 8000
ENTRYPOINT ["gunicorn", "wsgi:app", \
"--env", "CAPTCHA_CLIENT_KEY=$CAPTCHA_CLIENT_KEY", \
"--env", "CAPTCHA_SERVER_KEY=$CAPTCHA_SERVER_KEY", \
"--env", "OF_INSTANCE=$OF_INSTANCE", \
"--env", "OF_ADMIN_EMAIL=$OF_ADMIN_EMAIL", \
"--env", "OF_ADMIN_PASSWORD=$OF_ADMIN_PASSWORD" \
]

21
LICENSE Normal file
View file

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2022 StudentiUniMi
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

35
README.md Normal file
View file

@ -0,0 +1,35 @@
# Overleaf registration worker
Public user registration for a self-hosted
[Overleaf](https://github.com/overleaf/overleaf) instance.
### Why?
We are planning to offer a public Overleaf instance to our users (students and teachers),
but the Community Edition does not support autonomous user registration: only the site
administrator can create users via the admin panel.
This limitation is unacceptable for our use case, so we implemented it ourselves.
### How?
A simple form (available on `/register` path) is offered to the user asking for its email;
the application then logs into the Overleaf instance with the administrator account
and sends a request to create a user.
The user can now create an account by clicking the confirmation link on its mailbox.
## Deployment
There is a Docker image available on
[ghcr.io/studentiunimi/overleaf-registration](https://ghcr.io/studentiunimi/overleaf-registration),
automatically built by GitHub Actions.
You can check the example `docker-compose.yml` file and tweak it with your configuration.
### Environment variables
The Docker container needs all the following environment variables to function properly:
| Environment variable | Description |
|----------------------|------------------------------------------------------|
| `CAPTCHA_SERVER_KEY` | reCAPTCHA v3 server key |
| `CAPTCHA_CLIENT_KEY` | reCAPTCHA v3 client key |
| `OL_INSTANCE` | Overleaf self-hosted instance (without trailing `/`) |
| `OL_ADMIN_EMAIL` | Overleaf administrator account email |
| `OL_ADMIN_PASSWORD` | Overleaf administrator account password |

22
docker-compose.yml Normal file
View file

@ -0,0 +1,22 @@
version: '3'
networks:
traefik_net:
external: true
services:
overleaf-registration:
image: ghcr.io/studentiunimi/overleaf-registration
container_name: overleaf-registration
environment:
- CAPTCHA_SERVER_KEY=
- CAPTCHA_CLIENT_KEY=
- OL_INSTANCE=
- OL_ADMIN_EMAIL=
- OL_ADMIN_PASSWORD=
networks:
- traefik_net
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.services.overleaf-registration.loadbalancer.server.port=8000"

42
main.py Normal file
View file

@ -0,0 +1,42 @@
import re
import os
import requests
from flask import Flask, render_template, Response, request
import overleaf
app = Flask(__name__)
def _check_captcha(code: str) -> bool:
r = requests.post("https://www.google.com/recaptcha/api/siteverify", data={
"secret": os.environ.get("CAPTCHA_SERVER_KEY"),
"response": code,
})
return r.json()["success"]
def _check_email(email: str) -> bool:
return bool(re.fullmatch(r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)", email))
@app.route("/register", methods=["GET", "POST"])
def index() -> Response:
if request.method == "GET":
return render_template("register.html", CAPTCHA_CLIENT_KEY=os.environ.get("CAPTCHA_CLIENT_KEY"))
elif request.method == "POST":
captcha_code: str = request.form.get("g-recaptcha-response")
if not _check_captcha(captcha_code):
return render_template("error.html", error="Invalid CAPTCHA"), 403
email: str = request.form.get("email")
if not _check_email(email):
return render_template("error.html", error="Invalid email"), 400
ol = overleaf.Overleaf(os.environ.get("OL_INSTANCE"))
ol.login(os.environ.get("OL_ADMIN_EMAIL"), os.environ.get("OL_ADMIN_PASSWORD"))
ol.register_user(email)
ol.logout()
return render_template("done.html", submitted_email=email)

45
overleaf.py Normal file
View file

@ -0,0 +1,45 @@
import requests
from bs4 import BeautifulSoup
class Overleaf:
def __init__(self, instance_url: str):
self.url = instance_url
self.session = requests.session()
self._csrf = None
self._init_session()
def _get(self, *args, **kwargs) -> requests.Response:
return self.session.get(self.url + args[0], *args[1:], **kwargs)
def _post(self, url, data=None) -> requests.Response:
self._obtain_csrf()
url = self.url + url
if data is None:
data = {}
data["_csrf"] = self._csrf
return self.session.post(url, json=data)
def _init_session(self) -> None:
self._get("/")
def _obtain_csrf(self) -> str:
resp: requests.Response = self._get("/login")
soup = BeautifulSoup(resp.text, "html.parser")
self._csrf = soup.find("meta", {"name": "ol-csrfToken"})["content"]
def login(self, email, password) -> None:
r = self._post("/login", data={
"email": email,
"password": password,
})
if r.status_code != 200:
raise ValueError("incorrect email or password")
def logout(self) -> None:
self._post("/logout")
def register_user(self, email) -> None:
self._post("/admin/register", data={
"email": email,
})

2
requirements.txt Normal file
View file

@ -0,0 +1,2 @@
flask
gunicorn

9
templates/done.html Normal file
View file

@ -0,0 +1,9 @@
<html lang="en">
<head>
<title>Overleaf registration: done</title>
</head>
<body>
<h1>Done!</h1>
Please check your email (<b>{{ submitted_email }}</b>) and click on the link to confirm your account.
</body>
</html>

9
templates/error.html Normal file
View file

@ -0,0 +1,9 @@
<html lang="en">
<head>
<title>Overleaf registration: done</title>
</head>
<body>
<h1>Error: {{ error }}</h1>
Please retry on the <a href="/register">previous page</a>.
</body>
</html>

29
templates/register.html Normal file
View file

@ -0,0 +1,29 @@
<html lang="en">
<head>
<title>StudentiUniMi Overleaf registration</title>
</head>
<body>
<h1>StudentiUniMi Overleaf registration</h1>
<form id="registration-form" method="POST" action="/register">
<label for="email-input">Email</label>
<input id="email-input" name="email" type="email" />
<br />
We suggest you to use your @studenti.unimi.it or @unimi.it email.
<br />
<button class="g-recaptcha"
data-sitekey="{{ CAPTCHA_CLIENT_KEY }}"
data-callback="onSubmit"
data-action="submit">Submit</button>
</form>
<script src="https://www.google.com/recaptcha/api.js"></script>
<script>
function onSubmit(token) {
document.getElementById("registration-form").submit();
}
</script>
</body>
</html>

4
wsgi.py Normal file
View file

@ -0,0 +1,4 @@
from main import app
if __name__ == "__main__":
app.run(debug=False)