getting there

code/Dockerfile

@@ -14,13 +14,13 @@ RUN apt-get update -yqq \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
-ARG UID
-ARG GID
+ARG UUID
+ARG UGID
 ARG TZ
 RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
-RUN groupadd -g $GID user && \
-    useradd -u $UID -g $GID -ms /bin/bash user && \
-    mkdir -p /opt/venv && chown $UID:$GID /opt/venv
+RUN groupadd -g $UGID user && \
+    useradd -u $UUID -g $UGID -ms /bin/bash user && \
+    mkdir -p /opt/venv && chown $UUID:$UGID /opt/venv
 COPY ./requirements.txt /requirements.txt
 COPY docker-builder.sh /
 USER user
@@ -28,7 +28,7 @@ USER user
 RUN bash /docker-builder.sh
 COPY ./ /app
 USER root
-RUN chown -R $UID:$GID /app
+RUN chown -R $UUID:$UGID /app
 USER user
 
 WORKDIR /app

code/app.py

@@ -1,37 +1,33 @@
 # -*- coding: utf-8 -*-
 
-import os, sys, time
-import json
-from datetime import datetime
+import os
+import sys
+import time
 from flask import (
     Flask,
     render_template,
     jsonify,
-    current_app,
-    Response,
-    redirect,
-    url_for,
     request,
-    g,
-    session,
-    send_file,
     send_from_directory,
-    abort,
 )
 from werkzeug.utils import secure_filename
 from revprox import ReverseProxied
-from utils import (
+from utils.misc import (
     random_token,
+)
+from utils.files import (
     db_store_file,
     file_details,
     file_list,
+    file_full_path,
+    file_full_url,
     db_add_download,
     db_get_file,
     db_delete_file,
     db_maintenance,
 )
 
-__MINI_FLEES_VERSION__ = "20230818.0"
+__VERSION__ = "20230818.0"
 app = Flask(__name__)
 app.config.from_object(__name__)
 app.config.from_prefixed_env()
@@ -42,11 +38,30 @@ app.wsgi_app = ReverseProxied(app.wsgi_app)
 
 @app.route("/")
 def index():
+    """Returns Nothing"""
     return "", 200
 
 
 @app.route("/upload", methods=["POST"])
 def upload():
+    """
+    Upload a file, example CURL:
+
+    cat file | \
+        curl -fL -w "\n" -F file="@-" -X POST \
+        -H "Name: my.file.ext" \
+        -H "Max-Downloads: 4000" \
+        -H "Expires-Days: 14" \
+        -H "Secret: dff789f0bbe8183d32542" \
+        "$FLASK_PUBLIC_URL"/upload
+
+    - Additionally, "Expires-Hours" can be used.
+    - Max-Dowloads: -1  means no upper limit
+
+
+    Returns the file download URL
+    """
+
     if request.method == "POST":
         file = request.files.get("file")
         name = request.headers.get("Name", None)
@@ -68,13 +83,16 @@ def upload():
 
         if file:
             safe_filename = secure_filename(name)
-            token = random_token()
-            folder = os.path.join(app.config["DATAFOLDER"], token)
+            while True:
+                token = random_token()
+                folder = os.path.join(app.config["DATAFOLDER"], token)
+                if not os.path.exists(folder):
+                    break
             os.mkdir(folder)
-            filename = os.path.join(folder, safe_filename)
+            filename = file_full_path(token, safe_filename)
             file.save(filename)
             db_store_file(token, safe_filename, expires, max_dl)
-            download_url = f"{app.config['PUBLIC_URL']}/dl/{token}/{safe_filename}"
+            download_url = file_full_url(token, safe_filename)
             return "File uploaded\n%s\n" % (download_url,), 200
         else:
             return "Use the 'file' variable to upload\n", 400
@@ -82,6 +100,14 @@ def upload():
 
 @app.route("/details/<token>/<name>", methods=["GET"])
 def details(token, name):
+    """
+        Get JSON of file details. Size, added date, download times, etc.
+
+      curl -fL -w "\n" \
+        -H "Secret: dff789f0bbe8183d3254258b33a147d580c1131f39a698c56d3f640ac8415714" \
+        "$ROOTURL"/details/OdD7X0aKOGM/big_file1.ext
+
+    """
     secret = request.headers.get("Secret", "")
     if secret != app.config["ACCESS_TOKEN"]:
         return "Error", 401
@@ -91,11 +117,14 @@ def details(token, name):
 
 @app.route("/delete/<token>/<name>", methods=["GET"])
 def delete_file(name, token):
+    """
+    Delete a file from the system
+    """
     secret = request.headers.get("Secret", "")
     if secret != app.config["ACCESS_TOKEN"]:
         return "Error", 401
     try:
-        os.remove(os.path.join(os.getenv("DATAFOLDER"), token, name))
+        os.remove(os.path.join(app.config["DATAFOLDER"], token, name))
     except Exception:
         pass
     db_delete_file(token, name)
@@ -104,6 +133,9 @@ def delete_file(name, token):
 
 @app.route("/ls", methods=["GET"])
 def ls():
+    """
+    Lists all uploaded files
+    """
     secret = request.headers.get("Secret", "")
     if secret != app.config["ACCESS_TOKEN"]:
         return "Error", 401
@@ -112,6 +144,11 @@ def ls():
 
 @app.route("/maintenance", methods=["GET"])
 def maintenance():
+    """
+    Clears DB of expired entries.
+    Deletes folders without DB entry
+    """
+
     secret = request.headers.get("Secret", "")
     if secret != app.config["ACCESS_TOKEN"]:
         return "Error", 401
@@ -120,29 +157,30 @@ def maintenance():
 
 @app.route("/dl/<token>/<name>", methods=["GET"])
 def download(name, token):
+    """
+    Download a file
+    """
     return download_file(token, name)
 
 
-@app.route("/script/client", methods=["GET"])
-def script_client():
+@app.route("/script/mfl", methods=["GET"])
+def script_mfl():
+    secret = request.headers.get("Secret", "")
+    if secret != app.config["ACCESS_TOKEN"]:
+        return "Error", 401
     return render_template(
-        "client.py", name=name, token=token, rooturl=request.url_root
-    )
-
-
-@app.route("/script/flip", methods=["GET"])
-def script_flip():
-    return render_template(
-        "flip",
-        name=name,
-        token=token,
-        rooturl=request.url_root,
-        version=__FLEES_VERSION__,
+        "mfl",
+        token=app.config["ACCESS_TOKEN"],
+        rooturl=app.config["PUBLIC_URL"],
+        version=__VERSION__,
     )
 
 
 def download_file(token, name):
-    full_path = os.path.join(os.getenv("FLASK_DATAFOLDER"), token, name)
+    """
+    check for file expiry, and send file if allowed
+    """
+    full_path = os.path.join(app.config["DATAFOLDER"], token, name)
     if not os.path.exists(full_path):
         return "Error", 404
     db_stat = db_get_file(token, name)
@@ -150,13 +188,13 @@ def download_file(token, name):
         added, expires, downloads, max_dl = db_stat
     else:
         return "Error", 404
-    if downloads >= max_dl:
+    if downloads >= max_dl and max_dl > -1:
         return "Expired", 401
     if expires < time.time():
         return "Expired", 401
     db_add_download(token, name)
     return send_from_directory(
-        directory=os.path.join(os.getenv("FLASK_DATAFOLDER"), token), path=name
+        directory=os.path.join(app.config["DATAFOLDER"], token), path=name
     )
 
 

code/utils/__init__.py

@@ -1,3 +1 @@
-from .misc import *
-from .files import *
-from .crypt import *
+

code/utils/crypt.py

@@ -1,5 +0,0 @@
-import secrets
-
-
-def random_token():
-    return secrets.token_urlsafe(8)

code/utils/files.py

@@ -1,19 +1,14 @@
 import os
 from datetime import datetime
 from flask import current_app as app
-import re
-import sys
-import json
-import stat
 import time
 import sqlite3
 import shutil
-from .misc import *
-from .crypt import *
+from .misc import file_size_MB, file_size_human, file_date_human
 
 
 def get_db():
-    db = sqlite3.connect(os.getenv("FLASK_DB"), timeout=5)
+    db = sqlite3.connect(app.config["DB"], timeout=5)
     c = db.cursor()
     return db, c
 
@@ -49,8 +44,8 @@ def db_get_files():
         """
         SELECT token,name,added,expires,downloads,max_downloads
         FROM files
-        WHERE expires > ? and downloads < max_downloads
-                """,
+        WHERE expires > ? and (downloads < max_downloads or max_downloads = -1)
+        """,
         (time.time(),),
     )
 
@@ -82,14 +77,15 @@ def db_add_download(token, name):
 
 def db_maintenance():
     messages = []
+    # === Delete DB entries where expiry or max DL is used up ===
     db, c = get_db()
     rows = db.execute(
         """
             select
               token, name
             from files
-            where expires < ? or downloads >= max_downloads
-            """,
+            where expires < ? or (downloads >= max_downloads and max_downloads != -1)
+        """,
         (int(time.time()),),
     )
     deleted_tokens = []
@@ -101,7 +97,7 @@ def db_maintenance():
         c.executemany("DELETE FROM files WHERE token = ?", deleted_tokens)
         if c.rowcount > 0:
             db.commit()
-
+    # Delete files, if DB entry is gone
     subdirs = next(os.walk(app.config["DATAFOLDER"]))[1]
     db, c = get_db()
     for d in subdirs:
@@ -111,13 +107,35 @@ def db_maintenance():
         ).fetchone()
         if not keep:
             try:
-                for fname in os.listdir(os.path.join(app.config["DATAFOLDER"],d)):
-                    os.remove(os.path.join(app.config["DATAFOLDER"],d,fname))
+                for fname in os.listdir(os.path.join(app.config["DATAFOLDER"], d)):
+                    os.remove(os.path.join(app.config["DATAFOLDER"], d, fname))
                     messages.append(f"Deleting file {d}/{fname}")
             except Exception:
                 pass
-            shutil.rmtree(os.path.join(app.config["DATAFOLDER"],d), ignore_errors=True)
+            shutil.rmtree(os.path.join(app.config["DATAFOLDER"], d), ignore_errors=True)
             messages.append(f"Deleting folder {d}")
+
+    # Delete DB entries, if files have been deleted (probably manually)
+    db, c = get_db()
+    rows = db.execute(
+        """
+            select
+              token, name
+            from files
+        """
+    )
+    deleted_tokens = []
+    for row in rows:
+        full_path = file_full_path(row[0], row[1])
+        if not os.path.exists(full_path):
+            deleted_tokens.append((row[0],))
+            messages.append(f"Deleting DB {row[0]}/{row[1]} - files missing")
+    if len(deleted_tokens) > 0:
+        db, c = get_db()
+        c.executemany("DELETE FROM files WHERE token = ?", deleted_tokens)
+        if c.rowcount > 0:
+            db.commit()
+    messages.append("Maintenance done.")
     return "\n".join(messages)
 
 
@@ -133,7 +151,7 @@ def file_age(path):
 
 
 def file_details(token, name):
-    full_path = os.path.join(os.getenv("FLASK_DATAFOLDER"), token, name)
+    full_path = file_full_path(token, name)
     try:
         s = os.stat(full_path)
         db_stat = db_get_file(token, name)
@@ -146,7 +164,7 @@ def file_details(token, name):
             "hsize": file_size_human(s.st_size, HTML=False),
             "added": file_date_human(added),
             "name": name,
-            "url": f"{app.config['PUBLIC_URL']}/dl/{token}/{name}",
+            "url": file_full_url(token, name),
             "expires": file_date_human(expires),
             "downloaded": downloads,
             "max-dl": max_dl,
@@ -155,76 +173,23 @@ def file_details(token, name):
         return {}
 
 
+def file_full_path(token, name):
+    return os.path.join(app.config["DATAFOLDER"], token, name)
+
+
+def file_full_url(token, name):
+    return f"{app.config['PUBLIC_URL']}/dl/{token}/{name}"
+
+
 def file_list():
     files = list(db_get_files())
     details = []
-    details.append("   Added/Expiry     DL/MaxDL  URL")
+    details.append("   Added/Expiry   DL/MaxDL  URL")
     details.append("=" * 75)
     for file in files:
-        url = f"{app.config['PUBLIC_URL']}/dl/{file[0]}/{file[1]}"
-        details.append(
-            f"{file_date_human(file[2])}/{file_date_human(file[3])} {file[4]:4d}/{file[5]:4d} {url}"
-        )
+        url = file_full_url(file[0], file[1])
+        added = file_date_human(file[2])
+        expiry = file_date_human(file[3])
+        details.append(f"{added}/{expiry} {file[4]:4d}/{file[5]:4d} {url}")
 
     return details
-
-
-def get_expiring_file(ehash):
-    connection = apsw.Connection(app.config["SQLITE_FILE"])
-    cursor = connection.cursor()
-
-    for row in cursor.execute(
-        "SELECT file, expires FROM expiring WHERE hash = ?", (ehash,)
-    ):
-        return row[0], row[1]
-    return None, None
-
-
-def get_script_url(public_url, share, end_point, token="[TOKEN]"):
-    cmd = None
-    doc = None
-    if get_or_none("direct_links", share) and end_point == "download":
-        end_point = "direct"
-    url = "%s/script/%s/%s/%s" % (public_url, end_point, share["name"], token)
-    if end_point in ("download", "direct"):
-        cmd = "curl -s %s | bash /dev/stdin [-f]" % (url,)
-        doc = "Download all files in the share. -f to force overwrite existing files."
-    if end_point == "client":
-        cmd = "python <( curl -s %s )" % (url,)
-        doc = "Console client to download and upload files."
-    if end_point == "upload_split":
-        cmd = (
-            "curl -s %s | python - [-s split_size_in_Mb] file_to_upload.ext [second.file.ext]"
-            % (url,)
-        )
-        doc = "Upload files to the share. -s to set splitting size."
-    if end_point == "flip":
-        cmd = "curl -s %s > flip && ./flip" % (url,)
-        doc = "Use the share as a command line clipboard"
-    return {"cmd": cmd, "doc": doc}
-
-
-def set_expiring_file(share, filename, expires):
-    connection = apsw.Connection(app.config["SQLITE_FILE"])
-    cursor = connection.cursor()
-
-    while True:
-        ehash = random_expiring_hash()
-        matches = len(
-            list(cursor.execute("SELECT file FROM expiring WHERE hash = ?", (ehash,)))
-        )
-        if matches == 0:
-            break
-
-    cursor.execute(
-        "INSERT INTO expiring (hash, file, expires) VALUES (?,?,?)",
-        (ehash, filename, expires),
-    )
-    return "/".join((app.config["PUBLIC_URL"], "e", ehash, os.path.basename(filename)))
-
-
-def remove_expiring_file(share, filename):
-    connection = apsw.Connection(app.config["SQLITE_FILE"])
-    cursor = connection.cursor()
-
-    cursor.execute("DELETE FROM expiring WHERE file = ?", (filename,))

code/utils/misc.py

@@ -1,5 +1,12 @@
 from datetime import datetime
-from flask import current_app as app
+import secrets
+import string
+
+VALID_TOKEN_CHARS = string.digits + string.ascii_letters
+
+
+def random_token():
+    return "".join(secrets.choice(VALID_TOKEN_CHARS) for i in range(8))
 
 
 def file_date_human(num):
@@ -22,45 +29,3 @@ def file_size_human(num, HTML=True):
 
 def file_size_MB(num):
     return "{:,.2f}".format(num / (1024 * 1024))
-
-
-def get_or_none(key, d, none=None):
-    if key in d:
-        return d[key]
-    else:
-        return none
-
-
-def is_path_safe(path):
-    if path.startswith("."):
-        return False
-    if "/." in path:
-        return False
-    return True
-
-
-def is_valid_url(url, qualifying=None):
-    min_attributes = ("scheme", "netloc")
-    qualifying = min_attributes if qualifying is None else qualifying
-    token = urlparse(url)
-    return all([getattr(token, qualifying_attr) for qualifying_attr in qualifying])
-
-
-def path2url(path):
-    return pathname2url(path)
-
-
-def safe_name(s):
-    return safe_string(s, "-_")
-
-
-def safe_path(s):
-    return safe_string(s, "-_/")
-
-
-def safe_string(s, valid, no_repeat=False):
-    """return a safe string, replace non alnum characters with _ . all characters in valid are considered valid."""
-    safe = "".join([c if c.isalnum() or c in valid else "_" for c in s])
-    if no_repeat:
-        safe = re.sub(r"_+", "_", safe)
-    return safe