Improve access logic and URL structure

[odkhang]

This PR related to issue fossasia/eventyay-video#240 Improve access logic and URL structure
It implement point 2 + 3 of the issue (point 1 is implemented by update nginx)

New button in event page of common, will redirect to video system with admin permission

Summary by Sourcery

Enhance the event management system by adding support for creating video platforms for events. Introduce a new button on the event page to enable video access, and implement a VideoAccessAuthenticator to manage video access permissions and redirection. Refactor event creation and update workflows to integrate video platform creation, and improve URL structure and access logic with new utility functions.

New Features:

• Introduce a new feature allowing users to create a video platform for events, with an option to enable video access directly from the event page.
• Add a new VideoAccessAuthenticator view to handle video access authentication and redirection to the video system with appropriate permissions.

Enhancements:

• Refactor the event creation and update processes to include video platform creation logic, ensuring that video systems are created when the option is selected.
• Improve URL structure and access logic by adding a new utility function to generate tokens for video system access and checking user permissions.

Build:

• Add a new configuration setting for VIDEO_SERVER_HOSTNAME to manage video server connections.

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request improves access logic and URL structure for the video system integration in the eventyay platform. It adds functionality to create and manage video platforms for events, enhances the event creation and update forms, and implements new API endpoints for video access authentication.

Sequence diagram for video access authentication

sequenceDiagram
    actor User
    participant EventPage
    participant VideoAccessAuthenticator
    participant VideoSystem

    User->>EventPage: Click 'Enable video access'
    EventPage->>VideoAccessAuthenticator: GET /event/{organizer}/{event}/
    VideoAccessAuthenticator->>VideoAccessAuthenticator: Check video configuration
    alt Configuration not fulfilled
        VideoAccessAuthenticator-->>User: PermissionDenied
    else Configuration fulfilled
        VideoAccessAuthenticator->>VideoAccessAuthenticator: Check user permissions
        alt User has permission
            VideoAccessAuthenticator->>VideoSystem: Redirect with token
            VideoSystem-->>User: Video access granted
        else User lacks permission
            VideoAccessAuthenticator-->>User: PermissionDenied
        end
    end

Loading

Architecture diagram for video system integration

graph TD;
    subgraph EventyayPlatform
        EventService
        VideoAccessAuthenticator
        CreateWorldTask
    end
    subgraph VideoSystem
        VideoServer
    end
    EventService --> VideoAccessAuthenticator
    VideoAccessAuthenticator -->|Token| VideoServer
    CreateWorldTask -->|API Call| VideoServer

Loading

Updated class diagram for Event model

classDiagram
    class Event {
        +Boolean is_video_create
        +BooleanField is_video_create
    }
    class EventWizardFoundationForm {
        +BooleanField is_video_create
    }
    class EventUpdateForm {
        +BooleanField is_video_create
    }
    EventWizardFoundationForm --> Event
    EventUpdateForm --> Event

Loading

File-Level Changes

Change	Details	Files
Added video platform creation functionality to event creation and update processes	Introduced 'is_video_create' field in Event model Updated EventWizardFoundationForm and EventUpdateForm to include 'is_video_create' field Implemented 'create_world' task for creating video systems Added video creation option in event creation and update templates	src/pretix/base/models/event.py src/pretix/control/forms/event.py src/pretix/eventyay_common/tasks.py src/pretix/eventyay_common/templates/eventyay_common/events/create_foundation.html src/pretix/eventyay_common/templates/eventyay_common/event/settings.html
Implemented video access authentication and authorization	Created VideoAccessAuthenticator class for handling video access requests Added utility functions for token generation and permission checking Implemented new URL route for video access authentication	src/pretix/eventyay_common/views/event.py src/pretix/eventyay_common/utils.py src/pretix/eventyay_common/urls.py
Enhanced event list view with video access button	Added video access button in event list template Implemented logic to display video access button based on plugin availability	src/pretix/eventyay_common/templates/eventyay_common/events/index.html src/pretix/eventyay_common/views/event.py
Updated configuration and settings	Added VIDEO_SERVER_HOSTNAME setting Removed EventWizardCommonFoundationForm Added migration for 'is_video_create' field	src/pretix/settings.py src/pretix/eventyay_common/forms/event.py src/pretix/base/migrations/0005_event_add_video.py

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey @odkhang - I've reviewed your changes - here's some feedback:

Overall Comments:

• Consider making the create_world task more resilient to failures of the external video service, possibly by implementing a retry mechanism or making it fully asynchronous.
• The encode_email function in utils.py uses a combination of hashing and random characters. While this provides some obfuscation, it may not be necessary if the email is not sensitive information. Consider simplifying this if possible.

Here's what I looked at during the review

• 🟡 General issues: 1 issue found
• 🟡 Security: 3 issues found
• 🟢 Testing: all looks good
• 🟢 Complexity: all looks good
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

🚨 suggestion (security): Improve JWT implementation for video access authentication

Consider using a shorter expiration time for the JWT (e.g., 1 hour instead of 30 days) and use a dedicated secret key for signing instead of the event settings. This will enhance security by reducing the window of opportunity for token misuse and separating concerns.

[sourcery-ai]

suggestion (bug_risk): Enhance error handling and consider rate limiting for external API calls

Implement more robust error handling for the HTTP request to the external service. Consider adding rate limiting to prevent potential abuse of the video creation functionality.

def create_world(self, is_video_create, data):
    try:
        with RateLimiter(max_calls=5, period=60):  # Rate limit: 5 calls per minute
            response = self.make_api_call(is_video_create, data)
            response.raise_for_status()
    except requests.exceptions.RequestException as e:
        logger.error(f"Error creating video system: {str(e)}")
        raise self.retry(exc=e, countdown=60)

[sourcery-ai]

🚨 suggestion (security): Refine permission check for video creation

Consider implementing a more specific permission check for video creation, rather than relying solely on the 'can_create_events' permission. This will provide finer-grained control over who can create video platforms.

def check_create_video_permission(request):
    """
    Check if the user has permission to create videos.
    """
    return request.user.has_perm('eventyay_common.create_video')

[sourcery-ai]

🚨 question (security): Clarify purpose and security implications of email encoding

The purpose and security benefits of the email encoding function are not clear. If this is intended for privacy or security purposes, consider using a more robust method or explain the rationale behind this implementation.