import os import subprocess import xml.etree.ElementTree as ET import zipfile import json import shutil import time import io import threading from flask import Flask, request, jsonify, send_file, redirect from flask_cors import CORS from werkzeug.utils import secure_filename from datetime import datetime from flask_sqlalchemy import SQLAlchemy from flask_bcrypt import Bcrypt from flask_login import ( LoginManager, UserMixin, login_user, login_required, logout_user, current_user, ) from flask_admin import Admin, AdminIndexView, expose from flask_admin.contrib.sqla import ModelView from main import process_single_file, generate_manifests, slugify from utils import ( ALLOWED_EXTENSIONS, ALLOWED_SAMPLE_EXTENSIONS, MMP_FOLDER, MMPZ_FOLDER, DATA_FOLDER, BASE_DATA, SRC_MMPSEARCH, SAMPLE_SRC, XML_IMPORTED_PATH_PREFIX, SAMPLE_MANIFEST, ) app = Flask(__name__) # --- CONFIGURAÇÃO DE SEGURANÇA E BANCO --- app.config["SECRET_KEY"] = ( "25de5592bf94c2ca18e27baa0ae2d4ee22a63012f32e1be719d31f530c215a387b9ec0c9d96be38e80a7ccdd859e04408facefff8fd9119e7f5a2d987d85abb7" ) app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///" + os.path.join( DATA_FOLDER, "users.db" ) app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False # CORS precisa suportar credenciais para o cookie de login funcionar CORS(app, supports_credentials=True) db = SQLAlchemy(app) bcrypt = Bcrypt(app) login_manager = LoginManager(app) login_manager.login_view = "login" # ============================================================================== # CLASSES UTILIZADAS # ============================================================================== # --- MODELO DE USUÁRIO --- class User(UserMixin, db.Model): id = db.Column(db.Integer, primary_key=True) username = db.Column(db.String(150), unique=True, nullable=False) password = db.Column(db.String(150), nullable=False) is_admin = db.Column(db.Boolean, default=False) # Detalhes do usuário bio = db.Column(db.String(240), default="") tags = db.Column(db.String(500), default="") # Vamos salvar separado por vírgula avatar_url = db.Column(db.String(255), default="/assets/img/default_avatar.png") cover_url = db.Column(db.String(255), default="/assets/img/default_cover.jpg") projects = db.relationship("Project", backref="owner", lazy=True) samples = db.relationship("Sample", backref="owner", lazy=True) recordings = db.relationship("Recording", backref="owner", lazy=True) class SecureModelView(ModelView): def is_accessible(self): return current_user.is_authenticated and current_user.is_admin def inaccessible_callback(self, name, **kwargs): # Retorna erro JSON ou redireciona (como é painel, melhor redirecionar ou negar) return jsonify({"error": "Acesso restrito a administradores."}), 403 class SecureIndexView(AdminIndexView): @expose("/") def index(self): if not current_user.is_authenticated or not current_user.is_admin: # Em vez de retornar JSON, redireciona para a home # O usuário verá o botão de login lá. return redirect("/") # OU, se quiser ser mais explícito, retorna 403 mas em HTML (opcional) # return "

Acesso Negado

Você precisa ser admin.

", 403 return super(SecureIndexView, self).index() # ============================================================================== # CLASSES DE ARTEFATOS # ============================================================================== # Tabela de Projetos class Project(db.Model): id = db.Column(db.Integer, primary_key=True) filename = db.Column(db.String(255), nullable=False) # Nome do arquivo físico .mmp display_name = db.Column( db.String(255), nullable=False ) # Nome "bonito" para exibir created_at = db.Column(db.DateTime, default=datetime.utcnow) # Chave estrangeira ligando ao usuário user_id = db.Column(db.Integer, db.ForeignKey("user.id"), nullable=False) class Sample(db.Model): id = db.Column(db.Integer, primary_key=True) filename = db.Column(db.String(255), nullable=False) display_name = db.Column(db.String(255), nullable=False) category = db.Column(db.String(50), default="Uncategorized") # Ex: drums, bass created_at = db.Column(db.DateTime, default=datetime.utcnow) user_id = db.Column(db.Integer, db.ForeignKey("user.id"), nullable=False) class Recording(db.Model): id = db.Column(db.Integer, primary_key=True) filename = db.Column(db.String(255), nullable=False) display_name = db.Column(db.String(255), nullable=False) created_at = db.Column(db.DateTime, default=datetime.utcnow) user_id = db.Column(db.Integer, db.ForeignKey("user.id"), nullable=False) # Cria o banco na inicialização se não existir with app.app_context(): db.create_all() @login_manager.user_loader def load_user(user_id): return User.query.get(int(user_id)) # --- FUNÇÕES UTILITÁRIAS --- def allowed_file(filename): return "." in filename and filename.rsplit(".", 1)[1].lower() in ALLOWED_EXTENSIONS def allowed_sample(filename): return ( "." in filename and filename.rsplit(".", 1)[1].lower() in ALLOWED_SAMPLE_EXTENSIONS ) def run_jekyll_build(): RUBY_BIN_PATH = "/usr/bin/ruby3.2" BUNDLE_PATH = ( "/nethome/jotachina/projetos/mmpSearch/vendor/bundle/ruby/3.2.0/bin/bundle" ) # Prepara o ambiente para o subprocesso env_vars = os.environ.copy() # Adiciona o caminho do Ruby ao PATH do usuário www-data temporariamente env_vars["PATH"] = f"{RUBY_BIN_PATH}:{env_vars.get('PATH', '')}" print("Iniciando build do Jekyll...") command = [ BUNDLE_PATH, "exec", "jekyll", "build", "--destination", "/var/www/html/trens/mmpSearch/", ] try: # Redirecionamos a saída para DEVNULL para não encher o buffer e travar subprocess.Popen( command, cwd=BASE_DATA, env=env_vars, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL, ) print("Jekyll Build iniciado em segundo plano (background).") except Exception as e: print(f"Erro ao iniciar Jekyll: {e}") def load_manifest_keys(): """Carrega as pastas de fábrica (keys do manifesto).""" if not os.path.exists(SAMPLE_MANIFEST): return ["drums", "instruments", "effects", "presets", "samples"] try: with open(SAMPLE_MANIFEST, "r", encoding="utf-8") as f: data = json.load(f) return list(data.keys()) except Exception: return [] def convert_mmpz_to_mmp(mmpz_path, mmp_target_path): LMMS_PATH = "/usr/bin/lmms" """Tenta descompactar .mmpz usando Python ou LMMS CLI.""" print(f"Tentando converter: {mmpz_path} -> {mmp_target_path}") content = None try: with open(mmpz_path, "rb") as f: content = f.read() except Exception: pass if content: # --- Fallback para LMMS CLI --- # VERIFICAÇÃO DE SEGURANÇA: O binário existe? if not os.path.exists(LMMS_PATH): print(f"ERRO CRÍTICO: Executável do LMMS não encontrado em {LMMS_PATH}") return False print("Métodos Python falharam. Tentando fallback via LMMS CLI...") cmd = [LMMS_PATH, "--dump", mmpz_path] env_vars = os.environ.copy() env_vars["QT_QPA_PLATFORM"] = "offscreen" try: with open(mmp_target_path, "w") as f_out: subprocess.run( cmd, stdout=f_out, stderr=subprocess.PIPE, check=True, env=env_vars ) if os.path.exists(mmp_target_path) and os.path.getsize(mmp_target_path) > 0: print("Sucesso: Descompactado via LMMS CLI (--dump).") return True else: print("Erro: LMMS CLI rodou, mas arquivo de saída está vazio.") return False except subprocess.CalledProcessError as e: print( f"Falha crítica no LMMS CLI: {e.stderr.decode('utf-8') if e.stderr else str(e)}" ) return False except Exception as e: print(f"Erro inesperado ao chamar LMMS: {e}") return False def analyze_mmp_dependencies(mmp_filename): """Analisa um arquivo .mmp XML puro.""" filepath = os.path.join(MMP_FOLDER, mmp_filename) if not os.path.exists(filepath): print(f"Erro: Arquivo não encontrado: {filepath}") return False, [] try: tree = ET.parse(filepath) except ET.ParseError as e: print(f"Erro Fatal: O arquivo {mmp_filename} não é um XML válido: {e}") return False, [] root = tree.getroot() factory_folders = load_manifest_keys() missing_samples = set() for audio_node in root.findall(".//audiofileprocessor"): src = audio_node.get("src", "") if not src: continue is_factory = any(src.startswith(folder + "/") for folder in factory_folders) is_already_imported = src.startswith("src_mmpSearch/samples/imported/") if not is_factory and not is_already_imported: file_name = os.path.basename(src) missing_samples.add(file_name) return len(missing_samples) == 0, list(missing_samples) def update_xml_paths_exact(mmp_filename, replacements): """Substitui caminhos no XML baseando-se no mapeamento exato.""" filepath = os.path.join(MMP_FOLDER, mmp_filename) try: tree = ET.parse(filepath) root = tree.getroot() changes_made = False replacements_lower = {k.lower(): v for k, v in replacements.items()} for audio_node in root.findall(".//audiofileprocessor"): src = audio_node.get("src", "") if not src: continue current_basename = os.path.basename(src) current_basename_lower = current_basename.lower() if current_basename_lower in replacements_lower: new_filename = replacements_lower[current_basename_lower] new_src = f"{XML_IMPORTED_PATH_PREFIX}/{new_filename}" audio_node.set("src", new_src) audio_node.set("vol", audio_node.get("vol", "1")) print(f"[XML FIX] Substituído: {current_basename} -> {new_src}") changes_made = True if changes_made: tree.write(filepath, encoding="UTF-8", xml_declaration=True) return True return True except Exception as e: print(f"Erro crítico ao editar XML: {e}") return False def run_heavy_tasks_in_background(): """Esta função roda isolada sem travar o usuário""" print("--- [BACKGROUND] Iniciando reconstrução de índices ---") try: # 1. Isso é Python puro e PESADO (aqui é onde estava travando) rebuild_indexes() # 2. Isso gera os manifestos (Python puro) generate_manifests(SRC_MMPSEARCH) # 3. Isso chama o subprocesso do Jekyll (Externo) # Mantém sua função original que usa subprocess run_jekyll_build() print("--- [BACKGROUND] Tarefas concluídas com sucesso ---") except Exception as e: print(f"--- [BACKGROUND] Erro: {e} ---") def process_and_build(filename): """Função chamada pela rota de upload""" # Processamento inicial do arquivo (rápido) result = process_single_file(filename) if result["success"]: # Em vez de chamar rebuild_indexes() direto, criamos a Thread # O Flask vai responder o return abaixo imediatamente, # enquanto a thread continua rodando no servidor. task_thread = threading.Thread(target=run_heavy_tasks_in_background) task_thread.start() return jsonify( { "message": "Sucesso! O projeto foi recebido. O site será atualizado em instantes.", "data": result["data"], } ), 200 else: return jsonify({"error": f"Erro no processamento: {result['error']}"}), 500 # ============================================================================== # ROTAS DE AUTENTICAÇÃO # ============================================================================== @app.route("/api/register", methods=["POST"]) def register(): data = request.json if not data or not data.get("username") or not data.get("password"): return jsonify({"message": "Dados incompletos"}), 400 if User.query.filter_by(username=data["username"]).first(): return jsonify({"message": "Usuário já existe"}), 400 hashed_password = bcrypt.generate_password_hash(data["password"]).decode("utf-8") new_user = User(username=data["username"], password=hashed_password) try: db.session.add(new_user) db.session.commit() return jsonify({"message": "Usuário criado com sucesso!"}), 201 except Exception as e: return jsonify({"message": f"Erro: {str(e)}"}), 500 @app.route("/api/login", methods=["POST"]) def login(): data = request.json user = User.query.filter_by(username=data["username"]).first() if user and bcrypt.check_password_hash(user.password, data["password"]): login_user(user) return jsonify({"message": "Login realizado", "user": user.username}), 200 return jsonify({"message": "Credenciais inválidas"}), 401 @app.route("/api/logout", methods=["POST"]) @login_required def logout(): logout_user() return jsonify({"message": "Logout realizado"}), 200 @app.route("/api/check_auth", methods=["GET"]) def check_auth(): if current_user.is_authenticated: return jsonify({"logged_in": True, "user": current_user.username}) return jsonify({"logged_in": False}) # No upload_server.py, adicione esta rota @app.route("/api/user/update", methods=["POST"]) @login_required def update_profile(): data = request.json new_username = data.get("username") if new_username and new_username != current_user.username: if User.query.filter_by(username=new_username).first(): return jsonify({"error": "Nome em uso."}), 400 current_user.username = new_username if "bio" in data: current_user.bio = data["bio"][:240] if "tags" in data: current_user.tags = data["tags"] try: db.session.commit() return jsonify({"message": "Perfil atualizado!"}), 200 except Exception: return jsonify({"error": "Erro ao salvar."}), 500 # Atualize a rota user_profile antiga para retornar os novos dados @app.route("/api/user/profile", methods=["GET"]) @login_required def user_profile(): # Projetos user_projects = [] for p in current_user.projects: user_projects.append( { "id": p.id, "display_name": p.display_name, "filename": p.filename, "created_at": p.created_at.strftime("%d/%m/%Y"), "download_link": f"/api/download/{p.filename}", } ) # Samples user_samples = [] for s in current_user.samples: # Ajuste do prefixo exato solicitado public_url = f"/mmpSearch/src_mmpSearch/samples/{s.category}/{s.filename}" user_samples.append( { "id": s.id, "display_name": s.display_name, "category": s.category, "created_at": s.created_at.strftime("%d/%m/%Y"), "download_link": public_url, } ) return jsonify( { "username": current_user.username, "bio": current_user.bio, "tags": current_user.tags, "avatar": current_user.avatar_url, "cover": current_user.cover_url, "projects": user_projects, "samples": user_samples, } ) @app.route("/api/project/", methods=["DELETE"]) @login_required def delete_project(project_id): project = Project.query.get_or_404(project_id) # Segurança: Só o dono ou admin pode apagar if project.owner != current_user and not current_user.is_admin: return jsonify({"error": "Permissão negada"}), 403 try: # 1. Remove do Banco db.session.delete(project) db.session.commit() # 2. Remove o arquivo físico (Opcional, mas recomendado para não lotar o disco) file_path = os.path.join(MMP_FOLDER, project.filename) if os.path.exists(file_path): os.remove(file_path) # Nota: Você pode querer rodar o rebuild_indexes() aqui também se apagar o arquivo return jsonify({"message": "Projeto removido com sucesso"}), 200 except Exception as e: return jsonify({"error": str(e)}), 500 # ============================================================================== # ROTAS PRINCIPAIS # ============================================================================== @app.route("/api/download/", methods=["GET"]) def download_project_package(project_name): """Gera um ZIP com caminhos limpos (Não exige login para baixar).""" if not project_name.lower().endswith(".mmp"): project_name += ".mmp" clean_name = secure_filename(project_name) mmp_path = os.path.join(MMP_FOLDER, clean_name) if not os.path.exists(mmp_path): return jsonify({"error": "Projeto não encontrado"}), 404 memory_file = io.BytesIO() try: tree = ET.parse(mmp_path) root = tree.getroot() samples_to_pack = set() for audio_node in root.findall(".//audiofileprocessor"): src = audio_node.get("src", "") if src.startswith(XML_IMPORTED_PATH_PREFIX): filename = os.path.basename(src) short_path = f"imported/{filename}" audio_node.set("src", short_path) samples_to_pack.add(filename) with zipfile.ZipFile(memory_file, "w", zipfile.ZIP_DEFLATED) as zf: xml_str = ET.tostring(root, encoding="utf-8", method="xml") zf.writestr(clean_name, xml_str) for sample_name in samples_to_pack: physical_path = os.path.join(XML_IMPORTED_PATH_PREFIX, sample_name) zip_entry_name = f"imported/{sample_name}" if os.path.exists(physical_path): zf.write(physical_path, arcname=zip_entry_name) memory_file.seek(0) return send_file( memory_file, mimetype="application/zip", as_attachment=True, download_name=f"{os.path.splitext(clean_name)[0]}.zip", ) except Exception as e: return jsonify({"error": f"Erro ao gerar pacote: {str(e)}"}), 500 @app.route("/api/upload", methods=["POST"]) @login_required # <--- PROTEGIDO def upload_file(): if "project_file" not in request.files: return jsonify({"error": "Nenhum arquivo enviado"}), 400 file = request.files["project_file"] if file.filename == "": return jsonify({"error": "Nome do arquivo vazio"}), 400 if file and allowed_file(file.filename): original_name = file.filename name_without_ext = os.path.splitext(original_name)[0] ext = os.path.splitext(original_name)[1].lower() clean_name = slugify(name_without_ext) if not clean_name: clean_name = f"upload-{int(time.time())}" final_mmp_filename = f"{clean_name}.mmp" final_mmp_path = os.path.join(MMP_FOLDER, final_mmp_filename) upload_filename = f"{clean_name}{ext}" if ext == ".mmpz": upload_path = os.path.join(MMPZ_FOLDER, upload_filename) else: upload_path = os.path.join(MMP_FOLDER, upload_filename) try: file.save(upload_path) print(f"Upload salvo em: {upload_path} (User: {current_user.username})") if ext == ".mmpz": success = convert_mmpz_to_mmp(upload_path, final_mmp_path) if not success: return jsonify({"error": "Falha crítica na descompactação."}), 400 elif ext == ".mmp" and upload_path != final_mmp_path: shutil.move(upload_path, final_mmp_path) # Registra no banco de dados vinculado ao usuário logado new_project = Project( filename=final_mmp_filename, display_name=clean_name, # Ou name_without_ext se preferir o original owner=current_user, # Flask-Login pega o user atual ) db.session.add(new_project) db.session.commit() print(f"Projeto {clean_name} associado ao usuário {current_user.username}") # ----------------------------- # is_clean, missing_files = analyze_mmp_dependencies(final_mmp_filename) if not is_clean: return jsonify( { "status": "missing_samples", "message": "Samples externos detectados.", "project_file": final_mmp_filename, "missing_files": missing_files, } ), 202 return process_and_build(final_mmp_filename) except Exception as e: return jsonify({"error": f"Erro interno: {str(e)}"}), 500 return jsonify({"error": "Tipo de arquivo não permitido"}), 400 @app.route("/api/upload/resolve", methods=["POST"]) @login_required # <--- PROTEGIDO def resolve_samples(): project_filename = request.form.get("project_file") if not project_filename: return jsonify({"error": "Nome do projeto não informado"}), 400 os.makedirs(XML_IMPORTED_PATH_PREFIX, exist_ok=True) replacements = {} for original_name, file_storage in request.files.items(): if file_storage and allowed_sample(file_storage.filename): safe_new_name = secure_filename(file_storage.filename) if not safe_new_name: safe_new_name = f"sample_{int(time.time())}.wav" save_path = os.path.join(XML_IMPORTED_PATH_PREFIX, safe_new_name) file_storage.save(save_path) replacements[original_name] = safe_new_name if not replacements: return jsonify({"error": "Nenhum arquivo válido enviado."}), 400 if update_xml_paths_exact(project_filename, replacements): return process_and_build(project_filename) else: return jsonify({"error": "Falha ao atualizar o arquivo de projeto."}), 500 @app.route("/api/upload/sample", methods=["POST"]) @login_required def upload_sample_standalone(): if "sample_file" not in request.files: return jsonify({"error": "Nenhum arquivo"}), 400 file = request.files["sample_file"] # Pega a pasta escolhida pelo usuário, padrão 'uncategorized' raw_subfolder = request.form.get("subfolder", "uncategorized").strip() # Limpa o nome da pasta para evitar ../../etc/passwd safe_subfolder = secure_filename(raw_subfolder) if not safe_subfolder: safe_subfolder = "uncategorized" if file and allowed_sample(file.filename): filename = secure_filename(file.filename) # Cria o caminho físico final: SAMPLE_SRC + Categoria + Arquivo target_dir = os.path.join(SAMPLE_SRC, safe_subfolder) os.makedirs(target_dir, exist_ok=True) file_path = os.path.join(target_dir, filename) file.save(file_path) # Salva no Banco new_sample = Sample( filename=filename, display_name=filename, category=safe_subfolder, owner=current_user, ) db.session.add(new_sample) db.session.commit() generate_manifests(SRC_MMPSEARCH) run_jekyll_build() return jsonify({"message": "Sample enviado com sucesso!"}), 200 return jsonify({"error": "Tipo de arquivo inválido"}), 400 @app.route("/api/sample/", methods=["DELETE"]) @login_required def delete_sample(sample_id): sample = Sample.query.get_or_404(sample_id) if sample.owner != current_user and not current_user.is_admin: return jsonify({"error": "Proibido"}), 403 try: # 1. Tenta remover o arquivo físico file_path = os.path.join(SAMPLE_SRC, sample.category, sample.filename) if os.path.exists(file_path): os.remove(file_path) # 2. Remove do banco db.session.delete(sample) db.session.commit() return jsonify({"message": "Sample apagado"}), 200 except Exception as e: return jsonify({"error": str(e)}), 500 # Inicializa o Flask-Admin admin = Admin(app, name="MMP Admin", url="/api/admin", index_view=SecureIndexView()) # Adiciona a visualização da tabela de Usuários admin.add_view(SecureModelView(User, db.session, name="Gerenciar Usuários")) if __name__ == "__main__": admin = Admin(app, name="MMP Admin", url="/api/admin", index_view=SecureIndexView()) admin.add_view(SecureModelView(User, db.session, name="Gerenciar Usuários")) app.run(host="0.0.0.0", port=33002, debug=True)