From 42ad2da90aa45fb6a6f655392e60297e60fff3ce Mon Sep 17 00:00:00 2001
From: Ville Rantanen <q@moonq.org>
Date: Sun, 1 Jul 2018 16:20:09 +0300
Subject: [PATCH] more notifier magic

---
 code/app.py               | 42 ++++++++++++++++++++++++++++++++++++++-
 code/notifier.py.template | 15 ++++++++------
 2 files changed, 50 insertions(+), 7 deletions(-)

diff --git a/code/app.py b/code/app.py
index 73443d1..981c2ab 100644
--- a/code/app.py
+++ b/code/app.py
@@ -14,7 +14,7 @@ from utils.utils import *
 from utils.crypt import *
 
 
-__FLEES_VERSION__ = "20180629.0"
+__FLEES_VERSION__ = "20180701.0"
 app = Flask(__name__)
 app.config.from_object(__name__)
 # Read config from json !
@@ -96,6 +96,11 @@ def upload(name = None, token = None):
             name = request.form['name']
         (ok,share) = get_share(name, token = token)
         if not ok:
+            notify({
+                "recipient": get_or_none('recipient', share),
+                "share": name,
+                "operation": "unauthorized_upload"
+            })
             return share
         if not get_or_none('upload', share) == True:
             return "Upload not allowed\n",400
@@ -131,6 +136,11 @@ def upload_join_splitted(name, token):
     if request.method == 'POST':
         (ok,share) = get_share(name, token = token)
         if not ok:
+            notify({
+                "recipient": get_or_none('recipient', share),
+                "share": name,
+                "operation": "unauthorized_split_upload"
+            })
             return share
         if not get_or_none('upload', share) == True:
             return "Upload not allowed",400
@@ -182,6 +192,11 @@ def upload_url():
             return "URL not valid", 400
         (ok,share) = get_share(name)
         if not ok:
+            notify({
+                "recipient": get_or_none('recipient', share),
+                "share": name,
+                "operation": "unauthorized_URL_upload"
+            })
             return share
         if not get_or_none('upload', share) == True:
             return "Upload not allowed\n",400
@@ -262,6 +277,11 @@ def file_size(name, token, filename):
 def list_view(name, token = None):
     (ok,share) = get_share(name, token = token)
     if not ok:
+        notify({
+            "recipient": get_or_none('recipient', share),
+            "share": name,
+            "operation": "unauthorized_list"
+        })
         return share
     if token != None and 'pass_hash' in share:
         session[name] = share['pass_hash']
@@ -327,6 +347,11 @@ def download_direct(name,token,filename):
     if file_token == None:
         return 'Cannot generate token', 400
     if file_token != token:
+        notify({
+            "recipient": get_or_none('recipient', share),
+            "share": name,
+            "operation": "unauthorized_direct_download"
+        })
         return 'Incorrect token', 403
     file_path = os.path.join(share['path'], filename)
     if not os.path.exists(file_path):
@@ -355,6 +380,11 @@ def download_token(name, filename, token):
 def download_zip(name, token = None):
     (ok,share) = get_share(name, token = token)
     if not ok:
+        notify({
+            "recipient": get_or_none('recipient', share),
+            "share": name,
+            "operation": "unauthorized_zip_download"
+        })
         return share
     folder_size = get_folder_size(share['path'])
     if folder_size/(1024*1024) > app.config['MAX_ZIP_SIZE']:
@@ -378,6 +408,11 @@ def download_zip(name, token = None):
 def script_client(name = None, token = None):
     (ok,share) = get_share(name, token = token)
     if not ok:
+        notify({
+            "recipient": get_or_none('recipient', share),
+            "share": name,
+            "operation": "unauthorized_script_client"
+        })
         return share
     return render_template(
         "client.py",
@@ -566,6 +601,11 @@ class uploadJoiner:
 def download_file(name, filename, token = None):
     (ok,share) = get_share(name, token = token)
     if not ok:
+        notify({
+            "recipient": get_or_none('recipient', share),
+            "share": name,
+            "operation": "unauthorized_download"
+        })
         return share
     if not is_path_safe(filename):
         return "Incorrect path", 403
diff --git a/code/notifier.py.template b/code/notifier.py.template
index 9ac7d00..461449d 100644
--- a/code/notifier.py.template
+++ b/code/notifier.py.template
@@ -1,12 +1,15 @@
 import sys
-import time
+import json
+from datetime import datetime
 
 class Notifier:
     def __init__(self):
-        self.output = open('notifier.log','at')
+        pass
     def notify(self, msg):
-        self.output.write(str(time.time())+"\n")
-        self.output.write(str(msg)+"\n")
-        self.output.flush()
-
+        self.output = open('/code/data/notifier.log','at')
+        msg['address'] = msg['environment']['HTTP_X_FORWARDED_FOR']
+        msg['date'] = datetime.now().isoformat()
+        del msg['environment']
+        self.output.write(json.dumps(msg, sort_keys = True)+"\n")
+        self.output.close()