shareable upload tokens

2023-08-28 22:13:22 +03:00
parent 4629bf2976
commit 3b69ce7ae1
6 changed files with 145 additions and 8 deletions
--- a/code/utils/files.py
+++ b/code/utils/files.py
@@ -4,7 +4,7 @@ from flask import current_app as app
 import time
 import sqlite3
 import shutil
-from .misc import file_size_human, file_date_human, file_time_human
+from .misc import file_size_human, file_date_human, file_time_human, random_token


 def get_db():
@@ -136,6 +136,28 @@ def db_maintenance():
        c.executemany("DELETE FROM files WHERE token = ?", deleted_tokens)
        if c.rowcount > 0:
            db.commit()
+
+    # === Delete upload token entries where expiry is used up ===
+    db, c = get_db()
+    rows = db.execute(
+        """
+            select
+              token
+            from upload_tokens
+            where expires < ?
+        """,
+        (int(time.time()),),
+    )
+    deleted_tokens = []
+    for row in rows:
+        deleted_tokens.append((row[0],))
+        messages.append(f"Deleting upload_token {row[0]}")
+    if len(deleted_tokens) > 0:
+        db, c = get_db()
+        c.executemany("DELETE FROM upload_tokens WHERE token = ?", deleted_tokens)
+        if c.rowcount > 0:
+            db.commit()
+
    messages.append("Maintenance done.")
    return "\n".join(messages)

@@ -199,3 +221,41 @@ def file_list():

 def file_list_simple():
    return [f"{r[0]}/{r[1]}" for r in db_get_files()]
+
+
+def new_upload_token(expires):
+    db, c = get_db()
+    token = random_token(32)
+    c.execute(
+        """
+        insert into upload_tokens(token,added,expires)
+                values (?,?,?)
+                """,
+        (token, int(time.time()), expires),
+    )
+    if c.rowcount > 0:
+        db.commit()
+    return token
+
+
+def validate_upload_token(token):
+    db, c = get_db()
+    return db.execute(
+        """
+        SELECT 1
+        FROM upload_tokens WHERE token = ? AND expires > ?
+                """,
+        (token, int(time.time())),
+    ).fetchone()
+
+
+def invalidate_upload_token(token):
+    db, c = get_db()
+    c.execute(
+        """
+        DELETE FROM upload_tokens WHERE token = ?
+        """,
+        (token,),
+    )
+    if c.rowcount > 0:
+        db.commit()
--- a/code/utils/misc.py
+++ b/code/utils/misc.py
@@ -6,8 +6,8 @@ import passlib.hash
 VALID_TOKEN_CHARS = string.digits + string.ascii_letters


-def random_token():
-    return "".join(secrets.choice(VALID_TOKEN_CHARS) for i in range(8))
+def random_token(n=8):
+    return "".join(secrets.choice(VALID_TOKEN_CHARS) for i in range(n))


 def file_date_human(num):