def static_file(file_id=None, filename = None):
#if not funcs.f_exists(filename): abort(404)
ufile = UFile.query.filter(UFile.id == file_id).first()
if not ufile: abort(404)
if not funcs.f_exists(ufile.filename): abort(404)
is_download = request.args.get('download')
if is_download == 'yes':
if not ufile.download: abort(403)
as_attachment = True
try:
attachment_filename = filename.encode('UTF-8')
except:
attachment_filename = None
else:
as_attachment = False
attachment_filename = None
# reference
if not as_attachment and request.referrer.startswith(config.URL_ROOT):
self_ref = True
else:
self_ref = False
key = request.args.get('key')
v_key = request.cookies.get(sf_cookie_name(ufile.filename))
if self_ref or (key and v_key and v_key == sf_cookie_val(ufile.filename, key)):
pass
else:
abort(403)
return send_from_directory(os.path.normpath(os.path.join(config.ROOT_PATH, config.UPLOAD_FILE_PATH)), ufile.filename, as_attachment=as_attachment, attachment_filename=attachment_filename)
def file_serve(file_indicator = None):
if file_indicator is None: return homepage()
ufile = _get_ufile(file_indicator)
preview = _get_preview(ufile)
fileext = _get_fileext(ufile)
# unlock password protection file
if funcs.is_admin_login(): ufile.password = ''
if ufile.password and request.method == 'POST':
password = request.form.get('p-word')
if ufile.password == password: ufile.password = ''
if ufile.password:
preview = 'icon'
fileext = 'secret'
# is_expired
if isinstance(ufile.expire_at, datetime):
ufile.is_expired = ufile.expire_at < datetime.utcnow()
else:
ufile.is_expired = False
visitkey = gen_passwd()
page_title = ufile.name
#beautiful filename
pos = ufile.filename.rfind('.')
if pos != -1:
ufile.beautiful_filename = "%s%s" % (ufile.name, ufile.filename[pos:])
else:
ufile.beautiful_filename = ufile.name
response = make_response(render_template('file.html', ufile=ufile, preview = preview, fileext = fileext, file_indicator = file_indicator, visitkey=visitkey, edit_page = True, title=page_title))
if not ufile.password and not ufile.is_expired:
response.set_cookie(sf_cookie_name(ufile.filename), sf_cookie_val(ufile.filename, visitkey))
else:
response.set_cookie(sf_cookie_name(ufile.filename), "")
return response
def edit_file(file_indicator = None):
if request.method == 'GET' and file_indicator is None: return homepage()
if not funcs.is_admin_login():
abort(403)
ufile = None
if request.method == 'POST':
try:
ufile = UFile.query.filter(UFile.id == int(request.form.get('file_id'))).first()
except:
ufile = None
if not ufile:
abort(403)
err = False
name = Markup(request.form.get('name')).striptags().strip()
if not name:
err = True
flash('Title is empty or contains illegal characters.')
else:
ufile.name = name
url = re.sub('[^%a-zA-Z0-9_\-\.]', '', request.form.get('url')).strip('-')
if not url:
err = True
flash('URL is empty or contains illegal characters.')
else:
ufile.url = url
if UFile.query.filter(UFile.url == 'url').count() > 0:
err = True
flash('URL has already existed.')
ufile.password = request.form.get('password').strip()
if not ufile.password: ufile.password = None
ufile.description = request.form.get('description').strip()
if not ufile.description: ufile.description = None
try:
expire_delta = int(request.form.get('expire_delta'))
except:
expire_delta = -1
if expire_delta == -1:
pass
else:
if expire_delta == 0:
ufile.expire_at = None
else:
ufile.expire_at = datetime.utcnow()+timedelta(hours=expire_delta)
for item in ['linkable', 'download', 'homeshow']:
if request.form.get(item) == 'yes':
setattr(ufile, item, True)
else:
setattr(ufile, item, False)
if not err:
db_session.add(ufile)
try:
db_session.commit()
return redirect(url_for('file_serve',file_indicator=url))
except:
flash('Failed to update database.')
if ufile is None: ufile = _get_ufile(file_indicator)
preview = _get_preview(ufile)
fileext = _get_fileext(ufile)
visitkey = gen_passwd()
page_title = "Edit \"%s\"" % ufile.name
if ufile.description is None: ufile.description = ''
if ufile.password is None: ufile.password = ''
response = make_response(render_template('edit.html', ufile=ufile, preview = preview, fileext = fileext, file_indicator = file_indicator, visitkey=visitkey, edit_page = False, title=page_title))
response.set_cookie(sf_cookie_name(ufile.filename), sf_cookie_val(ufile.filename, visitkey))
return response