shareable upload tokens

code/app.py

@@ -27,6 +27,9 @@ from utils.files import (
     db_get_file,
     db_delete_file,
     db_maintenance,
+    validate_upload_token,
+    invalidate_upload_token,
+    new_upload_token,
 )
 import logging
 
@@ -97,8 +100,13 @@ def upload():
         return "Name required", 500
     safe_filename = secure_filename(name)
     secret = request.headers.get("Secret", "")
-    if secret != app.config["ACCESS_TOKEN"]:
-        return "Error", 401
+    upload_token = request.headers.get("Token", False)
+    if upload_token:
+        if not validate_upload_token(upload_token):
+            return "Error", 401
+    else:
+        if secret != app.config["ACCESS_TOKEN"]:
+            return "Error", 401
     max_dl = request.headers.get("Max-Downloads", app.config["DEFAULT_MAX_DL"])
     expires = int(time.time()) + int(app.config["DEFAULT_EXPIRE"])
     if "Expires-days" in request.headers:
@@ -142,9 +150,34 @@ def upload():
     app.logger.info(
         f"Upload: {download_url} MaxDL:{max_dl} Exp:{file_date_human(expires)}"
     )
+    if upload_token:
+        invalidate_upload_token(upload_token)
     return "File uploaded\n%s\n" % (download_url,), 200
 
 
+@app.route("/new_token", methods=["GET"])
+def upload_token():
+    """
+        Get JSON of file details. Size, added date, download times, etc.
+
+        curl -fL -w "\n" \
+        -H "Expires-Days: 14" \
+        -H "Secret: dff789f0bbe8183d32542" \
+        "$FLASK_PUBLIC_URL"/new_token
+
+    """
+    secret = request.headers.get("Secret", "")
+    if secret != app.config["ACCESS_TOKEN"]:
+        return "Error", 401
+    expires = int(time.time()) + int(app.config["DEFAULT_EXPIRE"])
+    if "Expires-days" in request.headers:
+        expires = int(time.time()) + 24 * 3600 * int(
+            request.headers.get("Expires-days")
+        )
+    token = new_upload_token(expires)
+    return token, 200
+
+
 @app.route("/details/<token>/<name>", methods=["GET"])
 def details(token, name):
     """