Passwords for files

2023-08-20 22:23:42 +03:00
parent 80bce10987
commit 9af21b5f58
7 changed files with 103 additions and 16 deletions
--- a/code/utils/files.py
+++ b/code/utils/files.py
@@ -13,14 +13,14 @@ def get_db():
    return db, c


-def db_store_file(token, name, expires, max_dl):
+def db_store_file(token, name, expires, max_dl, password):
    db, c = get_db()
    c.execute(
        """
-        insert into files(token,name,added,expires,downloads,max_downloads)
-                values (?,?,?,?,?,?)
+        insert into files(token,name,added,expires,downloads,max_downloads,passhash)
+                values (?,?,?,?,?,?,?)
                """,
-        (token, name, int(time.time()), expires, 0, max_dl),
+        (token, name, int(time.time()), expires, 0, max_dl, password),
    )
    if c.rowcount > 0:
        db.commit()
@@ -31,7 +31,7 @@ def db_get_file(token, name):
    db, c = get_db()
    return db.execute(
        """
-        SELECT added,expires,downloads,max_downloads
+        SELECT added,expires,downloads,max_downloads,passhash
        FROM files WHERE token = ? AND name = ?
                """,
        (token, name),
@@ -42,7 +42,7 @@ def db_get_files():
    db, c = get_db()
    return db.execute(
        """
-        SELECT token,name,added,expires,downloads,max_downloads
+        SELECT token,name,added,expires,downloads,max_downloads,passhash
        FROM files
        WHERE expires > ? and (downloads < max_downloads or max_downloads = -1)
        ORDER BY added
@@ -157,7 +157,7 @@ def file_details(token, name):
        s = os.stat(full_path)
        db_stat = db_get_file(token, name)
        if db_stat:
-            added, expires, downloads, max_dl = db_stat
+            added, expires, downloads, max_dl, password = db_stat
        else:
            return {}
        return {
@@ -169,6 +169,7 @@ def file_details(token, name):
            "expires": file_time_human(expires),
            "downloaded": downloads,
            "max-dl": max_dl,
+            "protected": password is not None,
        }
    except FileNotFoundError:
        return {}
@@ -190,7 +191,8 @@ def file_list():
        url = file_full_url(file[0], file[1])
        added = file_date_human(file[2])
        expiry = file_date_human(file[3])
-        details.append(f"{added}/{expiry} {file[4]:4d}/{file[5]:4d} {url}")
+        pw = " (PW)" if file[6] else ""
+        details.append(f"{added}/{expiry} {file[4]:4d}/{file[5]:4d} {url}{pw}")

    return details

--- a/code/utils/misc.py
+++ b/code/utils/misc.py
@@ -1,6 +1,7 @@
 from datetime import datetime
 import secrets
 import string
+import passlib.hash

 VALID_TOKEN_CHARS = string.digits + string.ascii_letters

@@ -29,3 +30,11 @@ def file_size_human(num, HTML=True):

 def file_size_MB(num):
    return "{:,.2f}".format(num / (1024 * 1024))
+
+
+def hash_password(password):
+    return passlib.hash.argon2.hash(password)
+
+
+def verify_password(password, hash):
+    return passlib.hash.argon2.verify(password, hash)