add ClamAV support

Dockerfile

@@ -20,6 +20,8 @@ RUN DATABASE_URL=postgres://x/x \
     OIDC_RP_REALM_URL=x \
     OIDC_RP_CLIENT_ID=x \
     OIDC_RP_CLIENT_SECRET=x \
+    CLAMD_TCP_SOCKET=x \
+    CLAMD_TCP_ADDR=x \
     DEFAULT_COUNTRY=x \
     DEFAULT_CONTRACTEE_NAME=x \
     DEFAULT_CONTRACTEE_STREET=x \

contracts/migrations/0032_alter_signee_address_country.py

+# Generated by Django 4.1.4 on 2023-04-03 21:35
+
+import contracts.models
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('contracts', '0031_alter_contract_cost_unit_other_and_more'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='signee',
+            name='address_country',
+            field=models.CharField(blank=True, default=contracts.models.get_default_country, max_length=256, null=True, verbose_name='Země'),
+        ),
+    ]

contracts/models.py

@@ -81,6 +81,10 @@ class RepresentativeMixin:
         return result
 
 
+def get_default_country():
+    return settings.DEFAULT_COUNTRY
+
+
 class Signee(CreatedByMixin, OwnPermissionsMixin, SignatureCountMixin, models.Model):
     name = models.CharField(
         max_length=256,
@@ -129,7 +133,7 @@ class Signee(CreatedByMixin, OwnPermissionsMixin, SignatureCountMixin, models.Mo
         blank=True,
         null=True,
         verbose_name="Země",
-        default=settings.DEFAULT_COUNTRY,
+        default=get_default_country,
     )
 
     ico_number = models.CharField(

env.example

@@ -10,6 +10,9 @@ OIDC_RP_CLIENT_SECRET=VCn4LVAUc6RGLSup7VaAKsmrKUbWguaP
 
 DEFAULT_COUNTRY="Česká Republika"
 
+CLAMD_TCP_SOCKET=3310
+CLAMD_TCP_ADDR=127.0.0.1
+
 DEFAULT_CONTRACTEE_NAME="Česká pirátská strana"
 DEFAULT_CONTRACTEE_STREET="Na Moráni 360/3"
 DEFAULT_CONTRACTEE_ZIP="128 00"

registry/settings/base.py

@@ -70,14 +70,14 @@ INSTALLED_APPS = [
 MIDDLEWARE = [
     "django.middleware.security.SecurityMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
+    "django.contrib.auth.middleware.AuthenticationMiddleware",
     "django.middleware.common.CommonMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",
-    "django.contrib.auth.middleware.AuthenticationMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
     "django_http_exceptions.middleware.ExceptionHandlerMiddleware",
     "django_http_exceptions.middleware.ThreadLocalRequestMiddleware",
-    # "django_downloadview.SmartDownloadMiddleware",
+    "shared.middlewares.ClamAVMiddleware"
 ]
 
 ROOT_URLCONF = "registry.urls"
@@ -216,6 +216,13 @@ ADMIN_ORDERING = {
 }
 
 
+# ClamAV
+
+CLAMD_USE_TCP = True
+CLAMD_TCP_SOCKET = env.int("CLAMD_TCP_SOCKET")
+CLAMD_TCP_ADDR = env.str("CLAMD_TCP_ADDR")
+
+
 ## App-specific
 
 DEFAULT_CONTRACTEE_NAME = env.str("DEFAULT_CONTRACTEE_NAME")

requirements/base.txt

+clamd==1.0.2
 django==4.1.4
 django-admin-index==2.0.2
 django-admin-interface==0.24.2

shared/middlewares.py

+import clamd
+
+from io import BytesIO
+from django.http import HttpResponseForbidden
+
+class ClamAVMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+        # One-time configuration and initialization.
+
+    def __call__(self, request):
+        # Code to be executed for each request before
+        # the view (and later middleware) are called.
+
+        cd = clamd.ClamdUnixSocket()
+
+        if request.method == "POST" and len(request.FILES) > 0:
+            for file_ in request.FILES.values():
+                scan_result = cd.instream(BytesIO(file_.read()))
+
+                if scan_result["stream"][0] == "FOUND":
+                    return HttpResponseForbidden(
+                        "Nahraný soubor obsahuje potenciálně škodlivý obsah."
+                    )
+
+        response = self.get_response(request)
+
+        # Code to be executed for each request/response after
+        # the view is called.
+
+        return response