feat: use jupyter data dirs to load snippets

Author: mariobuikhuizen

README.md

@@ -22,11 +22,7 @@ jupyter lab build
 
 ## Usage
 
-In `jupyter_notebook_config.py`:
-
-```python
-c.JupyterLabCodeSnippets.snippet_dir = "/path/to/snippets"
-```
+Add snippets in `[jupyter_data_dir]/code_snippets` (see: https://jupyter.readthedocs.io/en/latest/projects/jupyter-directories.html#id2)
 
 In JupyterLab, use the "Code Snippets" menu to select the snippet:
 

jupyterlab-code-snippets/__init__.py

@@ -16,8 +16,6 @@ def load_jupyter_server_extension(nb_app):
     nb_app: notebook.notebookapp.NotebookApp
         Notebook application instance
     """
-    snippet_dir = nb_app.config.get('JupyterLabCodeSnippets', {}).get('snippet_dir', '')
-    # TODO: add snippets from jupyter paths?
 
-    loader = SnippetsLoader(snippet_dir)
+    loader = SnippetsLoader()
     setup_handlers(nb_app.web_app, loader)

jupyterlab-code-snippets/loader.py

@@ -2,29 +2,40 @@
 
 from pathlib import PurePath
 
+from jupyter_core.paths import jupyter_path
+
+import tornado
+
 
 class SnippetsLoader:
-    def __init__(self, snippet_dir):
-        self.snippet_dir = snippet_dir
+    def __init__(self):
+        self.snippet_paths = jupyter_path("code_snippets")
 
     def collect_snippets(self):
-        # TODO: handle multiple directories
-        root = self.snippet_dir
         snippets = []
-        for dirpath, dirnames, filenames in os.walk(root):
-            for f in filenames:
-                fullpath = PurePath(dirpath).relative_to(root).joinpath(f)
-                snippets.append(fullpath.parts)
+        for root_path in self.snippet_paths:
+            for dirpath, dirnames, filenames in os.walk(root_path):
+                for f in filenames:
+                    fullpath = PurePath(dirpath).relative_to(root_path).joinpath(f)
+
+                    if fullpath.parts not in snippets:
+                        snippets.append(fullpath.parts)
+
         snippets.sort()
         return snippets
 
     def get_snippet_content(self, snippet):
         try:
-            path = os.path.join(self.snippet_dir, *snippet)
-            with open(path) as f:
-                content = f.read()
-        except:
-            content = ''
+            for root_path in self.snippet_paths:
+                path = os.path.join(root_path, *snippet)
+
+                # Prevent access to the entire file system when the path contains '..'
+                accessible = os.path.realpath(path).startswith(root_path)
 
-        return content
+                if accessible and os.path.isfile(path):
+                    with open(path) as f:
+                        return f.read()
+        except:
+            raise tornado.web.HTTPError(status_code=500)
 
+        raise tornado.web.HTTPError(status_code=404)