Merge branch 'main' of git+ssh://nicole/home/q/repos/mini-flees

2023-08-20 22:24:06 +03:00
parent e92ab0cdbf 9af21b5f58
commit aa131c5279
7 changed files with 103 additions and 16 deletions
--- a/code/app.py
+++ b/code/app.py
@@ -8,13 +8,14 @@ from flask import (
    render_template,
    jsonify,
    request,
+    url_for,
+    redirect,
    send_from_directory,
+    session,
 )
 from werkzeug.utils import secure_filename
 from revprox import ReverseProxied
-from utils.misc import (
-    random_token,
-)
+from utils.misc import random_token, hash_password, verify_password
 from utils.files import (
    db_store_file,
    file_details,
@@ -53,6 +54,7 @@ def upload():
        -H "Name: my.file.ext" \
        -H "Max-Downloads: 4000" \
        -H "Expires-Days: 14" \
+        -H "Password: mypass" \
        -H "Secret: dff789f0bbe8183d32542" \
        "$FLASK_PUBLIC_URL"/upload

@@ -87,12 +89,17 @@ def upload():
        )
    if "Expires-hours" in request.headers:
        expires = int(time.time()) + 3600 * int(request.headers.get("Expires-hours"))
+    password = None
+    if "Password" in request.headers:
+        if request.headers["Password"] != "":
+            password = hash_password(request.headers["Password"])

    while True:
        token = random_token()
        folder = os.path.join(app.config["DATAFOLDER"], token)
        if not os.path.exists(folder):
            break
+
    filename = file_full_path(token, safe_filename)
    os.mkdir(folder)

@@ -112,7 +119,7 @@ def upload():
                    break
                f.write(chunk)

-    db_store_file(token, safe_filename, expires, max_dl)
+    db_store_file(token, safe_filename, expires, max_dl, password)
    download_url = file_full_url(token, safe_filename)
    return "File uploaded\n%s\n" % (download_url,), 200

@@ -190,6 +197,10 @@ def download(name, token):
    """
    Download a file
    """
+
+    if "Password" in request.headers:
+        session[token] = request.headers["Password"]
+
    return download_file(token, name)


@@ -206,6 +217,26 @@ def script_mfl():
    )


+@app.route("/login", methods=["GET", "POST"])
+def login():
+    if request.method == "POST":
+        session[request.form["token"]] = request.form["password"]
+        return redirect(request.form["redirect"])
+
+    return render_template(
+        "login.html",
+        filename=session["name"],
+        redirect=session["redirect"],
+        token=session["token"],
+    )
+
+
+@app.route("/logout", methods=["GET"])
+def logout():
+    session.clear()
+    return "OK", 200
+
+
 def download_file(token, name):
    """
    check for file expiry, and send file if allowed
@@ -215,13 +246,22 @@ def download_file(token, name):
        return "Error", 404
    db_stat = db_get_file(token, name)
    if db_stat:
-        added, expires, downloads, max_dl = db_stat
+        added, expires, downloads, max_dl, password_hash = db_stat
    else:
        return "Error", 404
    if downloads >= max_dl and max_dl > -1:
        return "Expired", 401
    if expires < time.time():
        return "Expired", 401
+    if password_hash:
+        if verify_password(session.get(token, ""), password_hash):
+            pass
+        else:
+            session["token"] = token
+            session["name"] = name
+            session["redirect"] = url_for("download", name=name, token=token)
+            return redirect(url_for("login"))
+
    db_add_download(token, name)
    return send_from_directory(
        directory=os.path.join(app.config["DATAFOLDER"], token), path=name