add CLI tools support

code/app.py

@@ -47,14 +47,18 @@ def authenticate(name):
         return render_template('authenticate.html',name=name)
     if request.method == 'POST':
         user_password = request.form['password'].encode('utf-8')
-        session[name] = hashlib.sha256(user_password).hexdigest()
+        session[name] = hashlib.sha1(user_password).hexdigest()
         return redirect(url_for('list_view',name=name))
 
+@app.route('/upload/<name>/<password>', methods=['POST'])
 @app.route('/upload', methods=['POST'])
-def upload():
+def upload(name = None, password = None):
     if request.method == 'POST':
         file = request.files['file']
-        name = request.form['name']
+        if name == None:
+            name = request.form['name']
+        if password != None:
+            session[name] = password
         (ok,share) = get_share(name)
         if not ok:
             return share
@@ -65,6 +69,8 @@ def upload():
                     file.filename
                 )
             )
+            if get_or_none(share, 'overwrite') == False:
+                return "Overwrite forbidden", 403
             file.save(filename)
             os.chown(filename, app.config['UID'], -1)
             return redirect(url_for('list_view',name=name))
@@ -76,8 +82,11 @@ def send(name):
         return share
     return render_template('send.html',name=name)
 
+@app.route('/list/<name>/<password>', methods=['GET'])
 @app.route('/list/<name>', methods=['GET'])
-def list_view(name):
+def list_view(name, password = None):
+    if password != None:
+        session[name] = password
     (ok,share) = get_share(name)
     if not ok:
         return share
@@ -92,16 +101,28 @@ def list_view(name):
         upload = get_or_none(share,'upload'),
         expire = get_or_none(share,'expire')
     )
-    #~ return jsonify({"share":share, "files": files})
 
+@app.route('/logout/<name>', methods=['GET'])
+def logout(name, password = None):
+    if name in session:
+        del session[name]
+    return render_template(
+        "logout.html",
+        name = name
+    )
+
+
+@app.route('/download/<name>/<password>/<filename>', methods=['GET'])
 @app.route('/download/<name>/<filename>', methods=['GET'])
-def download_file(name,filename):
+def download_file(name,filename,password = None):
+    if password != None:
+        session[name] = password
     (ok,share) = get_share(name)
     if not ok:
         return share
     file_path = os.path.join(share['path'], filename)
     if not os.path.exists(file_path):
-        return 'no such file'
+        return 'no such file', 404
     return send_from_directory(directory=share['path'], filename=filename)
 
 def file_stat(filename):
@@ -150,7 +171,7 @@ def get_share(name):
     if 'pass_plain' in share:
         authenticated = False
         if name in session:
-            if session[name] == hashlib.sha256(share['pass_plain'].encode('utf-8')).hexdigest():
+            if session[name] == hashlib.sha1(share['pass_plain'].encode('utf-8')).hexdigest():
                 authenticated = True
     if not authenticated:
         return (False,redirect(url_for('authenticate',name=name)))

code/templates/list.html

@@ -20,7 +20,7 @@
   {% if public %}
    Share is <a href="{{ url_for('index') }}">public</a>
   {% else %}
-   Share is private
+   Share is <a href="{{ url_for('index') }}">unlisted</a>
   {% endif %}
   </div>
   <div id=list_expire>
@@ -30,6 +30,9 @@
    Share never expires
   {% endif %}
   </div>
+  <div id=list_logout>
+   <a href="{{ url_for('logout',name=name) }}">Logout</a> from this share
+  </div>
   </div>
   <div class=clear></div>
   <table class="sortable" id="list_table">

code/templates/logout.html

@@ -0,0 +1,4 @@
+{% extends "layout.html" %}
+{% block body %}
+  You are logged out from <a href="{{ url_for('list_view',name=name) }}">{{ name|safe  }}</a>
+{% endblock %}