moonq/flees
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

passwords are now longer separate entities. added description field.

Browse Source
This commit is contained in:
Ville Rantanen
2018-02-15 23:05:15 +02:00
parent 0ff3f59c03
commit 46e9cea720
4 changed files with 76 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
code/app.py
View File

@@ -40,7 +40,7 @@ def index():
authenticated_share = get_share(share['name']) authenticated_share = get_share(share['name'])
password_set = False password_set = False
if authenticated_share[0]: if authenticated_share[0]:
password_set = authenticated_share[1]['authenticated'] in ('hash', 'plain') password_set = authenticated_share[1]['authenticated'] == 'hash'
if not expired: if not expired:
if public or password_set: if public or password_set:
public_shares.append({ public_shares.append({
@@ -130,7 +130,8 @@ def list_view(name, password = None):
upload = get_or_none(share,'upload'), upload = get_or_none(share,'upload'),
overwrite = get_or_none(share,'overwrite'), overwrite = get_or_none(share,'overwrite'),
direct = allow_direct, direct = allow_direct,
expire = get_or_none(share,'expire') expire = get_or_none(share,'expire'),
description = get_or_none(share,'description',"")
) )
@app.route('/logout/<name>', methods=['GET']) @app.route('/logout/<name>', methods=['GET'])
@@ -275,11 +276,11 @@ def get_folder_size(path):
return total_size return total_size
def get_or_none(d,key): def get_or_none(d,key,none = None):
if key in d: if key in d:
return d[key] return d[key]
else: else:
return None return none
def get_share(name, require_auth = True): def get_share(name, require_auth = True):
@@ -291,11 +292,6 @@ def get_share(name, require_auth = True):
return (False, 'Share has expired') return (False, 'Share has expired')
authenticated = "no-pass" authenticated = "no-pass"
if require_auth: if require_auth:
if 'pass_plain' in share:
authenticated = False
if name in session:
if session[name] == hashlib.sha1(share['pass_plain'].encode('utf-8')).hexdigest():
authenticated = "plain"
if 'pass_hash' in share: if 'pass_hash' in share:
authenticated = False authenticated = False
if name in session: if name in session:

5
code/static/css/styles.css
View File

@@ -57,7 +57,10 @@ tr:nth-child(even) {
#list_title { #list_title {
margin-left: 5em; margin-left: 5em;
} }
#list_description {
margin-left: 2em;
margin-bottom: 1em;
}
#list_menu { #list_menu {
float:right; float:right;
padding: 8px; padding: 8px;

1
code/templates/list.html
View File

@@ -40,6 +40,7 @@
</div> </div>
<div id=list_left> <div id=list_left>
<div id=list_title><h1>{{ name }}</h1></div> <div id=list_title><h1>{{ name }}</h1></div>
<div id=list_description>{{ description }}</div>
<table class="sortable" id="list_table"> <table class="sortable" id="list_table">
<thead> <thead>
<tr> <tr>

98
utils/flees-manager.py
View File

@@ -47,30 +47,36 @@ def file_size_human(num):
def list_shares(shares,opts): def list_shares(shares,opts):
table = [] table = []
table.append(('Name', 'Path','Public','Password','Upload','Overwrite','Direct','Expire')) table.append(('Name', 'Path','Public','Password','PassHash','Upload','Overwrite','Direct','Expire','Description'))
for share in shares: for share in shares:
public = get_or_no('public',share, False) public = get_or_no('public',share, False)
password = 'pass_hash' in share or 'pass_plain' in share passhash = '-'
password = 'pass_hash' in share
if opts.show_password: if opts.show_password:
if not password:
password = ""
if 'pass_plain' in share: if 'pass_plain' in share:
password = hashlib.sha1(share['pass_plain'].encode('utf-8')).hexdigest() password = share['pass_plain']
else:
password = ""
if 'pass_hash' in share: if 'pass_hash' in share:
password = share['pass_hash'] passhash = share['pass_hash']
else:
passhash = "-"
upload = get_or_no('upload',share, False) upload = get_or_no('upload',share, False)
overwrite = get_or_no('overwrite',share, True) overwrite = get_or_no('overwrite',share, True)
direct = get_or_no('direct_links',share, False) if password else False direct = get_or_no('direct_links',share, False) if password else False
expire = get_or_no('expire',share, "-") expire = get_or_no('expire',share, "-")
description = get_or_no('description',share, "")[0:20]
table.append(( table.append((
share['name'], share['name'],
share['path']+"/", share['path']+"/",
public, public,
password, password,
passhash,
upload, upload,
overwrite, overwrite,
direct, direct,
expire expire,
description
)) ))
print(tabulate(table, headers = "firstrow")) print(tabulate(table, headers = "firstrow"))
@@ -115,15 +121,13 @@ def add_share(shares, config, opts):
'upload': opts.upload, 'upload': opts.upload,
'overwrite': opts.overwrite, 'overwrite': opts.overwrite,
'direct_links': opts.direct, 'direct_links': opts.direct,
'description': opts.description
} }
if opts.plain:
share.update({ if opts.password:
'pass_plain': opts.plain if opts.plain:
}) share['pass_plain'] = opts.password
if opts.hashed: share['pass_hash'] = hashlib.sha1(opts.password).hexdigest()
share.update({
'pass_hash': hashlib.sha1(opts.hashed).hexdigest()
})
if opts.expire: if opts.expire:
try: try:
date_object = datetime.strptime(opts.expire,"%Y-%m-%d %H:%M") date_object = datetime.strptime(opts.expire,"%Y-%m-%d %H:%M")
@@ -172,18 +176,35 @@ def modify_share(shares, config, opts):
for attr in ('public','upload','direct_links','overwrite'): for attr in ('public','upload','direct_links','overwrite'):
if getattr(opts,attr) != None: if getattr(opts,attr) != None:
share[attr] = getattr(opts,attr) == 'true' share[attr] = getattr(opts,attr) == 'true'
if opts.plain: if opts.description != None:
share['pass_plain'] = opts.plain share['description'] = opts.description
if opts.hashed: # REMOVE password
share['pass_hash'] = hashlib.sha1(opts.hashed).hexdigest() if opts.password == "":
if 'pass_plain' in share:
del share['pass_plain']
if 'pass_hash' in share:
del share['pass_hash']
if opts.password:
# ADD/Change a password
if opts.plain:
share['pass_plain'] = opts.password
share['pass_hash'] = hashlib.sha1(opts.password).hexdigest()
if opts.expire: if opts.expire:
try: if opts.expire == "":
date_object = datetime.strptime(opts.expire,"%Y-%m-%d %H:%M") # REMOVE EXPIRATION
except ValueError as e: if 'expire' in share:
print(e) del share['expire']
print("Date format error") else:
sys.exit(1) # ADD/CHANGE EXPIRATION
share['expire'] = opts.expire try:
date_object = datetime.strptime(opts.expire,"%Y-%m-%d %H:%M")
except ValueError as e:
print(e)
print("Date format error")
sys.exit(1)
share['expire'] = opts.expire
if opts.insert: if opts.insert:
shares[i] = share shares[i] = share
@@ -207,6 +228,9 @@ def modify_share(shares, config, opts):
if orig_share[key] != share[key]: if orig_share[key] != share[key]:
modified.append(key) modified.append(key)
continue continue
for key in orig_share:
if not key in share:
modified.append(key)
print("Modified values: %s"%(", ".join(modified))) print("Modified values: %s"%(", ".join(modified)))
print(json.dumps(share, indent = 2, sort_keys = True)) print(json.dumps(share, indent = 2, sort_keys = True))
@@ -353,15 +377,19 @@ def parse_options():
parser_add.add_argument('-p','--path', action="store", dest="path", required = True, parser_add.add_argument('-p','--path', action="store", dest="path", required = True,
help= "path relative to data folder" help= "path relative to data folder"
) )
parser_add.add_argument('-D','--description', action="store", dest="description", default = "",
help= "Describe the contents"
)
parser_add.add_argument('-P','--public', action="store_true", dest="public", default = False) parser_add.add_argument('-P','--public', action="store_true", dest="public", default = False)
parser_add.add_argument('-u','--upload', action="store_true", dest="upload", default = False) parser_add.add_argument('-u','--upload', action="store_true", dest="upload", default = False)
parser_add.add_argument('-o','--overwrite', action="store_false", dest="overwrite", default = True, parser_add.add_argument('-o','--overwrite', action="store_false", dest="overwrite", default = True,
help = "Disable file overwrites") help = "Disable file overwrites")
parser_add.add_argument('-d','--direct', action="store_true", dest="direct", default = False, parser_add.add_argument('-d','--direct', action="store_true", dest="direct", default = False,
help = "Allow direct file sharing (password hash included in URL)") help = "Allow direct file sharing (password hash included in URL)")
parser_add.add_argument('--pass-plain', action="store", dest="plain", default = False) parser_add.add_argument('--pass-plain', action="store_true", dest="plain", default = False,
parser_add.add_argument('--pass-hash', action="store", dest="hashed", default = False, help = "Save the password as plain text")
help = "Hashed password enables use of login links and direct downloads") parser_add.add_argument('--password', action="store", dest="password", default = False,
help = "Setting a password enables use of login links and direct downloads")
parser_add.add_argument('-e','--expire', action="store", dest="expire", default = False, parser_add.add_argument('-e','--expire', action="store", dest="expire", default = False,
help = "expire date in format '%%Y-%%m-%%d %%H:%%M' ex. '2018-12-24 21:00'" help = "expire date in format '%%Y-%%m-%%d %%H:%%M' ex. '2018-12-24 21:00'"
) )
@@ -374,17 +402,21 @@ def parse_options():
parser_add.add_argument('-p','--path', action="store", dest="path", default = None, parser_add.add_argument('-p','--path', action="store", dest="path", default = None,
help= "path relative to data folder" help= "path relative to data folder"
) )
parser_add.add_argument('-D','--description', action="store", dest="description", default = None,
help= "Describe the contents"
)
parser_add.add_argument('-P','--public', action="store", dest="public", default = None, choices = ['true','false']) parser_add.add_argument('-P','--public', action="store", dest="public", default = None, choices = ['true','false'])
parser_add.add_argument('-u','--upload', action="store", dest="upload", default = None, choices = ['true','false']) parser_add.add_argument('-u','--upload', action="store", dest="upload", default = None, choices = ['true','false'])
parser_add.add_argument('-o','--overwrite', action="store", dest="overwrite", default = None, choices = ['true','false'], parser_add.add_argument('-o','--overwrite', action="store", dest="overwrite", default = None, choices = ['true','false'],
help = "Disable file overwrites") help = "Disable file overwrites")
parser_add.add_argument('-d','--direct', action="store", dest="direct_links", default = None, choices = ['true','false'], parser_add.add_argument('-d','--direct', action="store", dest="direct_links", default = None, choices = ['true','false'],
help = "Allow direct file sharing (password hash included in URL)") help = "Allow direct file sharing (password hash included in URL)")
parser_add.add_argument('--pass-plain', action="store", dest="plain", default = False) parser_add.add_argument('--pass-plain', action="store_true", dest="plain", default = False,
parser_add.add_argument('--pass-hash', action="store", dest="hashed", default = False, help = "Save the password as plain text")
help = "Hashed password enables use of login links and direct downloads") parser_add.add_argument('--password', action="store", dest="password", default = False,
help = "Setting a password enables use of login links and direct downloads. Set as empty string to remove password protection.")
parser_add.add_argument('-e','--expire', action="store", dest="expire", default = False, parser_add.add_argument('-e','--expire', action="store", dest="expire", default = False,
help = "expire date in format '%%Y-%%m-%%d %%H:%%M' ex. '2018-12-24 21:00'" help = "expire date in format '%%Y-%%m-%%d %%H:%%M' ex. '2018-12-24 21:00'. Set as empty string to remove expiration."
) )
parser_add.add_argument('-i','--insert', action="store_true", dest="insert", default = False, parser_add.add_argument('-i','--insert', action="store_true", dest="insert", default = False,
help = "Insert new share directly in the shares.json file" help = "Insert new share directly in the shares.json file"