reborked the token system
This commit is contained in:
Ville Rantanen
87
code/app.py
87
code/app.py
@@ -40,7 +40,6 @@ if 'notifier' in config_values:
|
||||
|
||||
app.secret_key = config_values['app_secret_key']
|
||||
app.wsgi_app = ReverseProxied(app.wsgi_app)
|
||||
app.config['CRYPTO'] = Crypto(app.secret_key)
|
||||
|
||||
@app.before_request
|
||||
def before_request():
|
||||
@@ -80,16 +79,14 @@ def authenticate(name):
|
||||
session[name] = password_hash(user_password, app.secret_key)
|
||||
return redirect(url_for('list_view',name=name))
|
||||
|
||||
@app.route('/upload/<name>/<password>', methods=['POST'])
|
||||
@app.route('/upload/<name>/<token>', methods=['POST'])
|
||||
@app.route('/upload', methods=['POST'])
|
||||
def upload(name = None, password = None):
|
||||
def upload(name = None, token = None):
|
||||
if request.method == 'POST':
|
||||
file = request.files['file']
|
||||
if name == None:
|
||||
name = request.form['name']
|
||||
if password != None:
|
||||
session[name] = app.config['CRYPTO'].decrypt(password)
|
||||
(ok,share) = get_share(name)
|
||||
(ok,share) = get_share(name, token = token)
|
||||
if not ok:
|
||||
return share
|
||||
if not get_or_none('upload', share) == True:
|
||||
@@ -121,11 +118,10 @@ def upload(name = None, password = None):
|
||||
return "Use the 'file' variable to upload\n",400
|
||||
|
||||
|
||||
@app.route('/upload_join/<name>/<password>', methods=['POST'])
|
||||
def upload_join_splitted(name, password):
|
||||
@app.route('/upload_join/<name>/<token>', methods=['POST'])
|
||||
def upload_join_splitted(name, token):
|
||||
if request.method == 'POST':
|
||||
session[name] = app.config['CRYPTO'].decrypt(password)
|
||||
(ok,share) = get_share(name)
|
||||
(ok,share) = get_share(name, token = token)
|
||||
if not ok:
|
||||
return share
|
||||
if not get_or_none('upload', share) == True:
|
||||
@@ -173,15 +169,16 @@ def send(name):
|
||||
return share
|
||||
return render_template('send.html',name=name)
|
||||
|
||||
@app.route('/list/<name>/<password>', methods=['GET'])
|
||||
@app.route('/list/<name>/<token>', methods=['GET'])
|
||||
@app.route('/list/<name>', methods=['GET'])
|
||||
def list_view(name, password = None):
|
||||
if password != None:
|
||||
session[name] = app.config['CRYPTO'].decrypt(password)
|
||||
return redirect(url_for('list_view',name=name))
|
||||
(ok,share) = get_share(name)
|
||||
def list_view(name, token = None):
|
||||
(ok,share) = get_share(name, token = token)
|
||||
if not ok:
|
||||
return share
|
||||
if token != None and 'pass_hash' in share:
|
||||
session[name] = share['pass_hash']
|
||||
return redirect(url_for('list_view',name=name))
|
||||
|
||||
files = []
|
||||
for file in sorted(os.listdir(share['path'])):
|
||||
fp = os.path.join(share['path'],file)
|
||||
@@ -247,12 +244,10 @@ def download_direct(name,token,filename):
|
||||
return send_from_directory(directory=share['path'], filename=filename)
|
||||
|
||||
|
||||
@app.route('/download/<name>/<password>/<filename>', methods=['GET'])
|
||||
@app.route('/download/<name>/<token>/<filename>', methods=['GET'])
|
||||
@app.route('/download/<name>/<filename>', methods=['GET'])
|
||||
def download_file(name,filename,password = None):
|
||||
if password != None:
|
||||
session[name] = app.config['CRYPTO'].decrypt(password)
|
||||
(ok,share) = get_share(name)
|
||||
def download_file(name, filename, token = None):
|
||||
(ok,share) = get_share(name, token = token)
|
||||
if not ok:
|
||||
return share
|
||||
file_path = os.path.join(share['path'], filename)
|
||||
@@ -267,12 +262,10 @@ def download_file(name,filename,password = None):
|
||||
return send_from_directory(directory=share['path'], filename=filename)
|
||||
|
||||
|
||||
@app.route('/zip/<name>/<password>', methods=['GET'])
|
||||
@app.route('/zip/<name>/<token>', methods=['GET'])
|
||||
@app.route('/zip/<name>', methods=['GET'])
|
||||
def download_zip(name,password = None):
|
||||
if password != None:
|
||||
session[name] = app.config['CRYPTO'].decrypt(password)
|
||||
(ok,share) = get_share(name)
|
||||
def download_zip(name, token = None):
|
||||
(ok,share) = get_share(name, token = token)
|
||||
if not ok:
|
||||
return share
|
||||
folder_size = get_folder_size(share['path'])
|
||||
@@ -292,10 +285,9 @@ def download_zip(name,password = None):
|
||||
attachment_filename = name + ".zip"
|
||||
)
|
||||
|
||||
@app.route('/script/upload/<name>/<password>', methods=['GET'])
|
||||
def script_upload(name = None, password = None):
|
||||
session[name] = app.config['CRYPTO'].decrypt(password)
|
||||
(ok,share) = get_share(name)
|
||||
@app.route('/script/upload/<name>/<token>', methods=['GET'])
|
||||
def script_upload(name = None, token = None):
|
||||
(ok,share) = get_share(name, token = token)
|
||||
if not ok:
|
||||
return share
|
||||
if not get_or_none('upload', share) == True:
|
||||
@@ -335,14 +327,13 @@ done
|
||||
"""%(
|
||||
request.url_root,
|
||||
name,
|
||||
password
|
||||
token
|
||||
)
|
||||
|
||||
|
||||
@app.route('/script/download/<name>/<password>', methods=['GET'])
|
||||
def script_download(name = None, password = None):
|
||||
session[name] = app.config['CRYPTO'].decrypt(password)
|
||||
(ok,share) = get_share(name)
|
||||
@app.route('/script/download/<name>/<token>', methods=['GET'])
|
||||
def script_download(name = None, token = None):
|
||||
(ok,share) = get_share(name, token = token)
|
||||
if not ok:
|
||||
return share
|
||||
files = []
|
||||
@@ -385,7 +376,7 @@ get_file() {
|
||||
"""%(
|
||||
request.url_root,
|
||||
name,
|
||||
password
|
||||
token
|
||||
)
|
||||
|
||||
for file in files:
|
||||
@@ -395,10 +386,9 @@ get_file() {
|
||||
return script
|
||||
|
||||
|
||||
@app.route('/script/direct/<name>/<password>', methods=['GET'])
|
||||
def script_direct(name = None, password = None):
|
||||
session[name] = app.config['CRYPTO'].decrypt(password)
|
||||
(ok,share) = get_share(name)
|
||||
@app.route('/script/direct/<name>/<token>', methods=['GET'])
|
||||
def script_direct(name = None, token = None):
|
||||
(ok,share) = get_share(name, token = token)
|
||||
if not ok:
|
||||
return share
|
||||
files = []
|
||||
@@ -451,10 +441,9 @@ get_file() {
|
||||
return script
|
||||
|
||||
|
||||
@app.route('/script/upload_split/<name>/<password>', methods=['GET'])
|
||||
def script_upload_split(name = None, password = None):
|
||||
session[name] = app.config['CRYPTO'].decrypt(password)
|
||||
(ok,share) = get_share(name)
|
||||
@app.route('/script/upload_split/<name>/<token>', methods=['GET'])
|
||||
def script_upload_split(name = None, token = None):
|
||||
(ok,share) = get_share(name, token = token)
|
||||
if not ok:
|
||||
return share
|
||||
if not get_or_none('upload', share) == True:
|
||||
@@ -509,7 +498,7 @@ done
|
||||
"""%(
|
||||
request.url_root,
|
||||
name,
|
||||
password
|
||||
token
|
||||
)
|
||||
|
||||
class uploadJoiner:
|
||||
@@ -554,7 +543,7 @@ def file_versionize(filename):
|
||||
os.rename(filename,new_name)
|
||||
|
||||
|
||||
def get_share(name, require_auth = True):
|
||||
def get_share(name, require_auth = True, token = None):
|
||||
share = [x for x in g.shares if x['name'] == name]
|
||||
if len(share) < 1:
|
||||
return (False,redirect(url_for('authenticate',name=name)))
|
||||
@@ -562,6 +551,10 @@ def get_share(name, require_auth = True):
|
||||
if is_expired(share):
|
||||
return (False, 'Share has expired')
|
||||
authenticated = "no-pass"
|
||||
if not token == None:
|
||||
if has_token(token, share):
|
||||
require_auth = False
|
||||
authenticated = "token"
|
||||
if require_auth:
|
||||
if 'pass_hash' in share:
|
||||
authenticated = False
|
||||
@@ -584,6 +577,7 @@ def get_share(name, require_auth = True):
|
||||
makedirs_rights(share['path'])
|
||||
return (True,share)
|
||||
|
||||
|
||||
def is_expired(share):
|
||||
expires = get_or_none('expire', share)
|
||||
if expires:
|
||||
@@ -607,6 +601,7 @@ def makedirs_rights(path):
|
||||
os.mkdir(current_path)
|
||||
set_rights(current_path)
|
||||
|
||||
|
||||
def notify(msg):
|
||||
if 'notifier' in app.config:
|
||||
msg['environment'] = request.environ
|
||||
|
||||
Reference in New Issue
Block a user