moonq/flees
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

direct links

Browse Source
This commit is contained in:
q
2018-01-25 21:56:03 +02:00
parent db3ee2abfd
commit 938f688693
3 changed files with 48 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
code/app.py
View File

@@ -93,7 +93,13 @@ def list_view(name, password = None):
return share
files = []
for file in sorted(os.listdir(share['path'])):
files.append(file_stat(os.path.join(share['path'],file)))
status = file_stat(os.path.join(share['path'],file))
status.update({
'token': get_direct_token(share, file)
})
files.append(status)
# direct share links not allowed if password isnt set
allow_direct = get_or_none(share,'direct_links') if get_or_none(share,'pass_hash') else False
return render_template(
"list.html",
name = share['name'],
@@ -102,7 +108,7 @@ def list_view(name, password = None):
public = get_or_none(share,'public'),
upload = get_or_none(share,'upload'),
overwrite = get_or_none(share,'overwrite'),
direct = get_or_none(share,'direct_links'),
direct = allow_direct,
expire = get_or_none(share,'expire')
)
@@ -115,12 +121,27 @@ def logout(name, password = None):
name = name
)
@app.route('/direct/<name>/<password>/<filename>', methods=['GET'])
def download_direct(name,password,filename):
if password != None:
session[name] = password
(ok,share) = get_share(name, require_auth = False)
if not ok:
return share
token = get_direct_token(share, filename)
if token == None:
return 'Cannot generate token', 400
if password != token:
return 'Incorrect token', 403
file_path = os.path.join(share['path'], filename)
if not os.path.exists(file_path):
return 'no such file', 404
return send_from_directory(directory=share['path'], filename=filename)
@app.route('/download/<name>/<password>/<filename>', methods=['GET'])
@app.route('/download/<name>/<filename>', methods=['GET'])
def download_file(name,filename,password = None):
if password != None:
session[name] = password
(ok,share) = get_share(name)
if not ok:
return share
@@ -151,6 +172,12 @@ def file_date_human(num):
).strftime(app.config['DATE_FORMAT'])
def get_direct_token(share, filename):
if not 'pass_hash' in share:
return None
return hashlib.sha1(
share['pass_hash'].encode('utf-8') + filename.encode('utf-8')
).hexdigest()
def get_or_none(d,key):
@@ -159,7 +186,8 @@ def get_or_none(d,key):
else:
return None
def get_share(name):
def get_share(name, require_auth = True):
share = [x for x in g.shares if x['name'] == name]
if len(share) < 1:
return (False,'No such share')
@@ -167,16 +195,18 @@ def get_share(name):
if is_expired(share):
return (False, 'Share has expired')
authenticated = True
if 'pass_hash' in share:
authenticated = False
if name in session:
if session[name] == share['pass_hash']:
authenticated = True
if 'pass_plain' in share:
authenticated = False
if name in session:
if session[name] == hashlib.sha1(share['pass_plain'].encode('utf-8')).hexdigest():
authenticated = True
if require_auth:
if 'pass_plain' in share:
authenticated = False
if name in session:
if session[name] == hashlib.sha1(share['pass_plain'].encode('utf-8')).hexdigest():
authenticated = True
if 'pass_hash' in share:
authenticated = False
if name in session:
if session[name] == share['pass_hash']:
authenticated = True
if not authenticated:
return (False,redirect(url_for('authenticate',name=name)))
if not 'path' in share:

2
code/templates/list.html
View File

@@ -51,7 +51,7 @@
<tr>
<td><a href="{{ url_for('download_file', name = name, filename = entry.name) }}">{{ entry.name }}</a>
{% if direct %}
&nbsp;<a href="{{ url_for('download_file', name = name, password = password, filename = entry.name ) }}" title="Direct share link">&#x2756;</a>
&nbsp;<a href="{{ url_for('download_direct', name = name, password = entry.token, filename = entry.name ) }}" title="Direct share link">&#x2756;</a>
{% endif %}
<td class=td_right>{{ entry.size|safe }}
<td>{{ entry.mtime|safe }}