moonq/flees
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more notifier magic

Browse Source
This commit is contained in:
Ville Rantanen
2018-07-01 16:20:09 +03:00
parent d074932259
commit 42ad2da90a
2 changed files with 50 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
code/app.py
View File

@@ -14,7 +14,7 @@ from utils.utils import *
from utils.crypt import * from utils.crypt import *
__FLEES_VERSION__ = "20180629.0" __FLEES_VERSION__ = "20180701.0"
app = Flask(__name__) app = Flask(__name__)
app.config.from_object(__name__) app.config.from_object(__name__)
# Read config from json ! # Read config from json !
@@ -96,6 +96,11 @@ def upload(name = None, token = None):
name = request.form['name'] name = request.form['name']
(ok,share) = get_share(name, token = token) (ok,share) = get_share(name, token = token)
if not ok: if not ok:
notify({
"recipient": get_or_none('recipient', share),
"share": name,
"operation": "unauthorized_upload"
})
return share return share
if not get_or_none('upload', share) == True: if not get_or_none('upload', share) == True:
return "Upload not allowed\n",400 return "Upload not allowed\n",400
@@ -131,6 +136,11 @@ def upload_join_splitted(name, token):
if request.method == 'POST': if request.method == 'POST':
(ok,share) = get_share(name, token = token) (ok,share) = get_share(name, token = token)
if not ok: if not ok:
notify({
"recipient": get_or_none('recipient', share),
"share": name,
"operation": "unauthorized_split_upload"
})
return share return share
if not get_or_none('upload', share) == True: if not get_or_none('upload', share) == True:
return "Upload not allowed",400 return "Upload not allowed",400
@@ -182,6 +192,11 @@ def upload_url():
return "URL not valid", 400 return "URL not valid", 400
(ok,share) = get_share(name) (ok,share) = get_share(name)
if not ok: if not ok:
notify({
"recipient": get_or_none('recipient', share),
"share": name,
"operation": "unauthorized_URL_upload"
})
return share return share
if not get_or_none('upload', share) == True: if not get_or_none('upload', share) == True:
return "Upload not allowed\n",400 return "Upload not allowed\n",400
@@ -262,6 +277,11 @@ def file_size(name, token, filename):
def list_view(name, token = None): def list_view(name, token = None):
(ok,share) = get_share(name, token = token) (ok,share) = get_share(name, token = token)
if not ok: if not ok:
notify({
"recipient": get_or_none('recipient', share),
"share": name,
"operation": "unauthorized_list"
})
return share return share
if token != None and 'pass_hash' in share: if token != None and 'pass_hash' in share:
session[name] = share['pass_hash'] session[name] = share['pass_hash']
@@ -327,6 +347,11 @@ def download_direct(name,token,filename):
if file_token == None: if file_token == None:
return 'Cannot generate token', 400 return 'Cannot generate token', 400
if file_token != token: if file_token != token:
notify({
"recipient": get_or_none('recipient', share),
"share": name,
"operation": "unauthorized_direct_download"
})
return 'Incorrect token', 403 return 'Incorrect token', 403
file_path = os.path.join(share['path'], filename) file_path = os.path.join(share['path'], filename)
if not os.path.exists(file_path): if not os.path.exists(file_path):
@@ -355,6 +380,11 @@ def download_token(name, filename, token):
def download_zip(name, token = None): def download_zip(name, token = None):
(ok,share) = get_share(name, token = token) (ok,share) = get_share(name, token = token)
if not ok: if not ok:
notify({
"recipient": get_or_none('recipient', share),
"share": name,
"operation": "unauthorized_zip_download"
})
return share return share
folder_size = get_folder_size(share['path']) folder_size = get_folder_size(share['path'])
if folder_size/(1024*1024) > app.config['MAX_ZIP_SIZE']: if folder_size/(1024*1024) > app.config['MAX_ZIP_SIZE']:
@@ -378,6 +408,11 @@ def download_zip(name, token = None):
def script_client(name = None, token = None): def script_client(name = None, token = None):
(ok,share) = get_share(name, token = token) (ok,share) = get_share(name, token = token)
if not ok: if not ok:
notify({
"recipient": get_or_none('recipient', share),
"share": name,
"operation": "unauthorized_script_client"
})
return share return share
return render_template( return render_template(
"client.py", "client.py",
@@ -566,6 +601,11 @@ class uploadJoiner:
def download_file(name, filename, token = None): def download_file(name, filename, token = None):
(ok,share) = get_share(name, token = token) (ok,share) = get_share(name, token = token)
if not ok: if not ok:
notify({
"recipient": get_or_none('recipient', share),
"share": name,
"operation": "unauthorized_download"
})
return share return share
if not is_path_safe(filename): if not is_path_safe(filename):
return "Incorrect path", 403 return "Incorrect path", 403

15
code/notifier.py.template
View File

@@ -1,12 +1,15 @@
import sys import sys
import time import json
from datetime import datetime
class Notifier: class Notifier:
def __init__(self): def __init__(self):
self.output = open('notifier.log','at') pass
def notify(self, msg): def notify(self, msg):
self.output.write(str(time.time())+"\n") self.output = open('/code/data/notifier.log','at')
self.output.write(str(msg)+"\n") msg['address'] = msg['environment']['HTTP_X_FORWARDED_FOR']
self.output.flush() msg['date'] = datetime.now().isoformat()
del msg['environment']
self.output.write(json.dumps(msg, sort_keys = True)+"\n")
self.output.close()