qgis · Xpirix · May 16, 2024 · May 16, 2024 · May 16, 2024 · May 16, 2024
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -0,0 +1,19 @@
+{
+    "files.associations": {
+        "**/*.html": "html",
+        "**/templates/*/*.html": "django-html",
+        "**/templates/*": "django-txt",
+        "**/requirements{/**,*}.{txt,in}": "pip-requirements"
+     },
+
+     "emmet.includeLanguages": {
+        "django-html": "html"
+     },
+     "beautify.language": {
+        "html": [
+            "htm",
+            "html",
+            "django-html"
+        ]
+     }
+}
diff --git a/dockerize/.env.template b/dockerize/.env.template
@@ -31,4 +31,7 @@ DEFAULT_PLUGINS_SITE='https://plugins.qgis.org/'
 QGISPLUGINS_ENV=debug
 
 # Ldap
-ENABLE_LDAP=True
+ENABLE_LDAP=False
+
+# Download limit per minute
+DOWNLOAD_RATE_LIMIT=10
diff --git a/dockerize/docker-compose.yml b/dockerize/docker-compose.yml
@@ -53,6 +53,7 @@ services:
       - EMAIL_HOST_USER=${EMAIL_HOST_USER:-automation}
       - EMAIL_HOST_PASSWORD=${EMAIL_HOST_PASSWORD}
       - DEFAULT_PLUGINS_SITE=${DEFAULT_PLUGINS_SITE:-https://plugins.qgis.org/}
+      - DOWNLOAD_RATE_LIMIT=${DOWNLOAD_RATE_LIMIT:-10}
     volumes:
       - ../qgis-app:/home/web/django_project
       - ./docker/uwsgi.conf:/uwsgi.conf

diff --git a/dockerize/sites-enabled/prod-ssl.conf b/dockerize/sites-enabled/prod-ssl.conf
@@ -4,6 +4,9 @@ upstream uwsgi {
     server uwsgi:8080;
 }
 
+# Define the rate limit zone
+limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
+
 server {
     # OTF gzip compression
     gzip on;
@@ -66,6 +69,11 @@ server {
     }
     # Finally, send all non-media requests to the Django server.
     location / {
+
+        # Apply rate limit
+        limit_req zone=one burst=20 nodelay;
+        limit_req_status 429;
+
         uwsgi_pass  uwsgi;
         # the uwsgi_params file you installed needs to be passed with each
         # request.
@@ -90,6 +98,13 @@ server {
         }
     }
 
+    # New rule to allow download from QGIS user agent only
+    location ~* ^/plugins/[^/]+/version/[^/]+/download/$ {
+        if ($http_user_agent !~* "Mozilla/5.0 QGIS") {
+            return 403 "Forbidden: Please use QGIS to download .zip files.";
+        }
+    }
+
     location /metabase/ {
         # set to webroot path
         proxy_pass http://metabase:3000/;
@@ -184,6 +199,10 @@ server {
     }
     # Finally, send all non-media requests to the Django server.
     location / {
+        # Apply rate limit
+        limit_req zone=one burst=20 nodelay;
+        limit_req_status 429;
+
         uwsgi_pass  uwsgi;
         # the uwsgi_params file you installed needs to be passed with each
         # request.
@@ -209,6 +228,12 @@ server {
 
     }
 
+    # New rule to the download from QGIS user agent only
+    location ~* ^/plugins/[^/]+/version/[^/]+/download/$ {
+        if ($http_user_agent !~* "Mozilla/5.0 QGIS") {
+            return 403 "Forbidden: Please use QGIS to download .zip files.";
+        }
+    }
 
     location /metabase/ {
         # set to webroot path

diff --git a/dockerize/sites-enabled/prod.conf b/dockerize/sites-enabled/prod.conf
@@ -4,6 +4,9 @@ upstream uwsgi {
     server uwsgi:8080;
 }
 
+# Define the rate limit zone
+limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
+
 server {
     # OTF gzip compression
     gzip on;
@@ -63,6 +66,11 @@ server {
     }
     # Finally, send all non-media requests to the Django server.
     location / {
+
+        # Apply rate limit
+        limit_req zone=one burst=20 nodelay;
+        limit_req_status 429;
+
         uwsgi_pass  uwsgi;
         # the uwsgi_params file you installed needs to be passed with each
         # request.
@@ -88,6 +96,12 @@ server {
 
     }
 
+    # New rule to the download from QGIS user agent only
+    location ~* ^/plugins/[^/]+/version/[^/]+/download/$ {
+        if ($http_user_agent !~* "Mozilla/5.0 QGIS") {
+            return 403 "Forbidden: Please use QGIS to download .zip files.";
+        }
+    }
 
     location /metabase/ {
         # set to webroot path

diff --git a/qgis-app/plugins/forms.py b/qgis-app/plugins/forms.py
@@ -269,4 +269,28 @@ class Meta:
         model = PluginOutstandingToken
         fields = (
             "description",
-        )
+        )
+
+class VersionDownloadForm(forms.Form):
+    """Download confirmation for a plugin version"""
+    required_css_class = "required"
+    plugin_name = forms.CharField(
+        label=_("Confirm plugin name"),
+        required=True,
+        help_text=_(
+            "Please insert the plugin name shown above to proceed with the download."
+        ),
+        widget=forms.TextInput,
+    )
+    def __init__(self, *args, original_name=None, **kwargs):
+        super(VersionDownloadForm, self).__init__(*args, **kwargs)
+        self.original_name = original_name
+
+    def clean(self):
+        """
+        Check if plugin name match
+        """
+        super().clean()
+        if self.cleaned_data.get("plugin_name") != self.original_name:
+            raise ValidationError(_("Plugin name mismatch: Please ensure the plugin name matches the one displayed above in order to proceed with the download."))
+        return super(VersionDownloadForm, self).clean()
diff --git a/qgis-app/plugins/models.py b/qgis-app/plugins/models.py
@@ -844,7 +844,7 @@ def get_absolute_url(self):
 
     def get_download_url(self):
         return reverse(
-            "version_download",
+            "version_get",
             args=(
                 self.plugin.package_name,
                 self.version,

diff --git a/qgis-app/plugins/templates/plugins/plugin_download.html b/qgis-app/plugins/templates/plugins/plugin_download.html
@@ -0,0 +1,114 @@
+{% extends 'plugins/plugin_base.html' %}{% load i18n %}
+{% load local_timezone %}
+{% block content %}
+
+<div style="display:flex; align-items: center;">
+    <h2>{% trans "Plugin: " %}</h2> 
+    <div class="tooltip">
+        <span class="tooltiptext" id="copyTooltip">{% trans "Copy to clipboard" %}</span>
+        <span class="copy-text" data-copy="{{plugin_name}}">
+            {{plugin_name}}
+            <i class="icon-copy icon-white"></i>
+        </span>
+
+    </div>
+</div>
+
+{% if form.errors %}
+<div class="alert alert-error">
+  <button type="button" class="close" data-dismiss="alert">&times;</button>
+  <p>{% trans "The form contains errors and cannot be submitted, please check the fields highlighted in red." %}</p>
+</div>
+{% endif %}
+{% if form.non_field_errors %}
+<div class="alert alert-error">
+  <button type="button" class="close" data-dismiss="alert">&times;</button>
+  {% for error in form.non_field_errors %}
+  <p>{{ error }}</p>
+  {% endfor %}
+</div>
+{% endif %}
+<form action="" method="post" class="horizontal" enctype="multipart/form-data">{% csrf_token %}
+  {% include "plugins/form_snippet.html" %}
+  <div class="form-actions">
+    <button class="btn btn-primary" type="submit">{% trans "Download" %}</button>
+  </div>
+</form>
+{% endblock %}
+
+
+{% block extrajs %}
+{{ block.super }}
+<script>
+    document.addEventListener('DOMContentLoaded', function() {
+        const copyText = document.querySelector('.copy-text');
+        const tooltip = document.getElementById("copyTooltip");
+
+        copyText.addEventListener('click', function() {
+          const textToCopy = this.getAttribute('data-copy');
+          navigator.clipboard.writeText(textToCopy)
+            .then(() => {
+                tooltip.innerHTML = "Plugin name copied!";
+            })
+            .catch(err => {
+                tooltip.innerHTML = "An error occured";
+            });
+        });
+      });
+
+</script>
+{% endblock %}
+{% block extracss %}
+{{ block.super }}
+<style>
+    .copy-text {
+        position: relative;
+        display: inline-block;
+        cursor: pointer;
+        background: #eaeaea;
+        padding: 10px;
+        border-radius: 10px;
+        font-size: 14pt
+      }
+
+    .tooltip {
+        position: relative;
+        display: inline-block;
+        opacity: 1 !important;
+        margin-left: 10px;
+      }
+
+      .tooltip .tooltiptext {
+        visibility: hidden;
+        width: 140px;
+        background-color: #555;
+        color: #fff;
+        text-align: center;
+        border-radius: 6px;
+        padding: 5px;
+        position: absolute;
+        z-index: 1;
+        bottom: 150%;
+        left: 50%;
+        margin-left: -75px;
+        opacity: 0;
+        transition: opacity 0.3s;
+      }
+
+      .tooltip .tooltiptext::after {
+        content: "";
+        position: absolute;
+        top: 100%;
+        left: 50%;
+        margin-left: -5px;
+        border-width: 5px;
+        border-style: solid;
+        border-color: #555 transparent transparent transparent;
+      }
+
+      .tooltip:hover .tooltiptext {
+        visibility: visible;
+        opacity: 1;
+      }     
+</style>
+{% endblock %}
diff --git a/qgis-app/plugins/templates/plugins/plugin_download_limit_exceed.html b/qgis-app/plugins/templates/plugins/plugin_download_limit_exceed.html
@@ -0,0 +1,17 @@
+{% extends 'plugins/plugin_base.html' %}{% load i18n %}
+{% block content %}
+    <div class="error">{% trans "Download rate limit exceeded. Try again later." %}</div>
+{% endblock %}
+
+
+{% block extracss %}
+{{ block.super }}
+
+<style>
+    .error {
+        text-align: center;
+        color: red;
+    }
+</style>
+
+{% endblock %}
diff --git a/qgis-app/plugins/templates/plugins/plugin_download_success.html b/qgis-app/plugins/templates/plugins/plugin_download_success.html
@@ -0,0 +1,42 @@
+{% extends 'plugins/plugin_base.html' %}{% load i18n %} {% load local_timezone
+%} {% block content %}
+<h5 style="text-align: center" id="downloadText">
+  The download of the plugin {{plugin_name}} will start shortly...
+</h5>
+
+{% endblock %} {% block extrajs %} {{ block.super }}
+<script>
+  function downloadFile(fileContent, fileName, downloadText) {
+    try {
+      var blob = new Blob([fileContent], { type: "application/zip" });
+      var url = window.URL.createObjectURL(blob);
+      var link = document.createElement("a");
+      link.href = url;
+      link.download = fileName;
+
+      link.click();
+
+      // Clean up resources
+      window.URL.revokeObjectURL(url);
+
+      downloadText.innerHTML =
+        "The plugin {{plugin_name}} has been successfully downloaded.";
+    } catch (e) {
+      downloadText.innerHTML =
+        "The download of the plugin {{plugin_name}} failed.";
+    }
+  }
+
+  var fileContent = "{{ file_content }}";
+  var fileName = "{{ file_name }}";
+
+  document.addEventListener("DOMContentLoaded", function () {
+    const downloadText = document.getElementById("downloadText");
+    setTimeout(function () {
+      downloadFile(fileContent, fileName, downloadText);
+    }, 3000); // Add a delay of 3s before downloading the file
+  });
+</script>
+{% endblock %} {% block extracss %} {{ block.super }}
+<style></style>
+{% endblock %}
diff --git a/qgis-app/plugins/templates/plugins/plugin_list.html b/qgis-app/plugins/templates/plugins/plugin_list.html
@@ -104,8 +104,8 @@ <h2>{% if title %}{{title}}{% else %}{% trans "All plugins" %}{% endif %}</h2>
                 <td>{{ object.latest_version_date|local_timezone:"SHORT_NATURAL_DAY" }}</td>
                 <td>{{ object.created_on|local_timezone:"SHORT" }}</td>
                 <td><div><div class="star-ratings"><span style="width:{% widthratio object.average_vote 5 100 %}%" class="rating"></span></div> ({{ object.rating_votes }})</div></td>
-                <td>{% if object.stable %}<a href="{% url "version_download" object.package_name object.stable.version %}" title="{% trans "Download the stable version" %}" >{{ object.stable.version }}</a>{% else %}&mdash;{% endif %}</td>
-                <td>{% if object.experimental %}<a href="{% url "version_download" object.package_name object.experimental.version %}" title="{% trans "Download the experimental version" %}" >{{ object.experimental.version }}</a>{% else %}&mdash;{% endif %}</td>
+                <td>{% if object.stable %}<a href="{% url "version_get" object.package_name object.stable.version %}" title="{% trans "Download the stable version" %}" >{{ object.stable.version }}</a>{% else %}&mdash;{% endif %}</td>
+                <td>{% if object.experimental %}<a href="{% url "version_get" object.package_name object.experimental.version %}" title="{% trans "Download the experimental version" %}" >{{ object.experimental.version }}</a>{% else %}&mdash;{% endif %}</td>
                 {% if user.is_authenticated %}{% if user in object.editors or user.is_staff %}<td><a class="btn btn-primary btn-mini" href="{% url "plugin_update" object.package_name %}"><i class="icon-pencil icon-white" title="{% trans "Edit" %}"></i></a>
                 <a class="btn btn-danger btn-mini"  class="delete" href="{% url "plugin_delete" object.package_name %}"><i class="icon-remove-sign icon-white" title="{% trans "Delete" %}"></i></a>{% else %}{% endif %}</td>{% endif %}
 

diff --git a/qgis-app/plugins/templates/plugins/version_detail.html b/qgis-app/plugins/templates/plugins/version_detail.html
@@ -2,7 +2,7 @@
 {% load local_timezone %}
 {% block content %}
     <h2>{% trans "Version" %}: {{ version }}</h2>
-    <div class="pull-right"><a href="{% url "version_download" version.plugin.package_name version.version %}" class="btn btn-primary"><i class="icon-download-alt icon-white"></i> {% trans "Download" %}</a></div>
+    <div class="pull-right"><a href="{% url "version_get" version.plugin.package_name version.version %}" class="btn btn-primary"><i class="icon-download-alt icon-white"></i> {% trans "Download" %}</a></div>
 
     {% if not version.created_by.is_active and not version.is_from_token %}
     <div class="alert alert-error">