hidden files, allow ips

code/utils/files.py

@@ -1,10 +1,12 @@
 import os
-from datetime import datetime
-from flask import current_app as app
-import time
-import sqlite3
 import shutil
-from .misc import file_size_human, file_date_human, file_time_human, random_token
+import sqlite3
+import time
+from datetime import datetime
+
+from flask import current_app as app
+
+from .misc import file_date_human, file_size_human, file_time_human, random_token
 
 
 def get_db():
@@ -13,14 +15,14 @@ def get_db():
     return db, c
 
 
-def db_store_file(token, name, expires, max_dl, password):
+def db_store_file(token, name, expires, max_dl, password, ips=None, hidden=None):
     db, c = get_db()
     c.execute(
         """
-        insert into files(token,name,added,expires,downloads,max_downloads,passhash)
-                values (?,?,?,?,?,?,?)
+        insert into files(token,name,added,expires,downloads,max_downloads,passhash,allowed_ip,hidden)
+                values (?,?,?,?,?,?,?,?,?)
                 """,
-        (token, name, int(time.time()), expires, 0, max_dl, password),
+        (token, name, int(time.time()), expires, 0, max_dl, password, ips, hidden),
     )
     if c.rowcount > 0:
         db.commit()
@@ -31,7 +33,7 @@ def db_get_file(token, name):
     db, c = get_db()
     return db.execute(
         """
-        SELECT added,expires,downloads,max_downloads,passhash
+        SELECT added,expires,downloads,max_downloads,passhash,hidden,allowed_ip
         FROM files WHERE token = ? AND name = ?
                 """,
         (token, name),
@@ -42,9 +44,11 @@ def db_get_files():
     db, c = get_db()
     return db.execute(
         """
-        SELECT token,name,added,expires,downloads,max_downloads,passhash
+        SELECT token,name,added,expires,downloads,max_downloads,passhash,allowed_ip
         FROM files
-        WHERE expires > ? and (downloads < max_downloads or max_downloads = -1)
+        WHERE expires > ?
+              AND (downloads < max_downloads or max_downloads = -1)
+              AND (hidden IS NULL OR hidden = 0)
         ORDER BY added
         """,
         (time.time(),),
@@ -168,8 +172,7 @@ def file_age(path):
     diff = now - then
     return (
         diff,
-        "%03d d %s"
-        % (diff.days, datetime.utcfromtimestamp(diff.seconds).strftime("%H:%M:%S")),
+        "%03d d %s" % (diff.days, datetime.utcfromtimestamp(diff.seconds).strftime("%H:%M:%S")),
     )
 
 
@@ -179,7 +182,7 @@ def file_details(token, name):
         s = os.stat(full_path)
         db_stat = db_get_file(token, name)
         if db_stat:
-            added, expires, downloads, max_dl, password = db_stat
+            added, expires, downloads, max_dl, password, hidden, allowed_ip = db_stat
         else:
             return {}
         return {
@@ -192,6 +195,8 @@ def file_details(token, name):
             "downloaded": downloads,
             "max-dl": max_dl,
             "protected": password is not None,
+            "hidden": hidden,
+            "allowed_ip": allowed_ip,
         }
     except FileNotFoundError:
         return {}
@@ -214,7 +219,9 @@ def file_list():
         added = file_date_human(file[2])
         expiry = file_date_human(file[3])
         pw = " (PW)" if file[6] else ""
-        details.append(f"{added}/{expiry} {file[4]:4d}/{file[5]:4d} {url}{pw}")
+        ips = f" [{file[7]}]" if file[7] else ""
+
+        details.append(f"{added}/{expiry} {file[4]:4d}/{file[5]:4d} {url}{pw}{ips}")
 
     return details
 

code/utils/misc.py

@@ -1,6 +1,8 @@
-from datetime import datetime
+import fnmatch
 import secrets
 import string
+from datetime import datetime
+
 import passlib.hash
 
 VALID_TOKEN_CHARS = string.digits + string.ascii_letters
@@ -38,3 +40,11 @@ def hash_password(password):
 
 def verify_password(password, hash):
     return passlib.hash.argon2.verify(password, hash)
+
+
+def is_ip_allowed(allowed_ip, ip, app):
+    for rule in allowed_ip.split(","):
+        rule = rule.strip()
+        if fnmatch.fnmatch(ip, rule):
+            return True
+    return False