def uploadExistingFile(self):
"""Server Side Upload Function for existing files
Creates a new ciphertext and new access files to all
users who have access to the file. DB File Information updated
Security: Authenticate User Message by users session key
Concurrency control"""
lcHDRS = {}
for key, val in cherrypy.request.headers.iteritems():
lcHDRS[key.lower()] = val
username = lcHDRS['username']
sessionKey = um.getSessionKey(username)
if sessionKey != -1:
try:
data = json.loads(
security.decryptS_AES(lcHDRS['data'].decode('hex'),
sessionKey.decode('hex')))
usr_id = DBmodule.db_getUserID(username)
fn = data['filename']
iv = data['iv']
aes = lcHDRS['aes']
sign = data['sign']
files = DBmodule.db_listMyFiles(usr_id)
filenames = [x.encode('latin-1') for x in files]
if fn in filenames:
file_id = DBmodule.db_getFileId(usr_id, fn)
# Concurrent Access
while (DBmodule.db_fileStatus(file_id) is True):
time.sleep(2)
status = DBmodule.db_fileInUse(file_id)
if status:
destination = os.path.join('storage',
str(file_id) + '.file')
# Save Ciphertext
with open(destination, 'wb') as f:
shutil.copyfileobj(cherrypy.request.body, f)
userList = DBmodule.db_whoHasAccess(file_id)
# Save FILE Encrypted by RSA for every user
for i in range(0, len(userList)):
with open(destination + '.key' + str(userList[i]),
'wb') as f:
f.write(aes[i])
# Add File Information to DB
uni = iv.decode('hex').decode('latin-1')
DBmodule.db_fileInfoUpdate(file_id, usr_id, sign, uni)
statusF = DBmodule.db_fileNotInUse(file_id)
if statusF is True:
return 'Okay, File Updated'
else:
raise cherrypy.HTTPError(
408,
'Request Timeout! Please Try Again\nSafeBox Team'
)
else:
raise cherrypy.HTTPError(
408,
'Request Timeout! Please Try Again\nSafeBox Team')
except:
raise cherrypy.HTTPError(
401, 'Currently, you are not a valid user!\nSafeBox Team')
def shareFile(self):
"""Server Side Share Final Commnunication
Saves the access file of the new user and update
Database Information of the AccessManagement Table
Security: Authenticate User Message
Concurrency control"""
lcHDRS = {}
for key, val in cherrypy.request.headers.iteritems():
lcHDRS[key.lower()] = val
username = lcHDRS['username']
sessionKey = um.getSessionKey(username)
if sessionKey != -1:
try:
data = json.loads(
security.decryptS_AES(lcHDRS['data'].decode('hex'),
sessionKey.decode('hex')))
filename = data['filename']
usr_dst_name = data['usrdstname']
file_key = data['filekey']
usr_id = DBmodule.db_getUserID(username)
file_id = DBmodule.db_getFileId(usr_id, filename)
# Concurrent Access
while (DBmodule.db_fileStatus(file_id) is True):
time.sleep(2)
status = DBmodule.db_fileInUse(file_id)
# Verify if the user is valid and has permission to access the file
if status and um.validUser(
username) and DBmodule.db_filePermission(
usr_id, file_id):
usr_dst_id = DBmodule.db_getUserID(usr_dst_name)
destination = os.path.join('storage',
str(file_id) + '.file')
# Save FILE Encrypted by RSA
with open(destination + '.key' + str(usr_dst_id),
'wb') as f:
f.write(file_key)
# Add information to the Database
DBmodule.db_fileNewAccess(file_id, usr_dst_id, usr_id,
data['permission'])
statusF = DBmodule.db_fileNotInUse(file_id)
if statusF is True:
return 'Okay'
else:
raise cherrypy.HTTPError(
408,
'Request Timeout! Please Try Again\nSafeBox Team')
else:
raise cherrypy.HTTPError(
401,
'Currently, you are not a valid user!\nSafeBox Team')
except:
raise cherrypy.HTTPError(
401, 'Currently, you are not a valid user!\nSafeBox Team')
else:
raise cherrypy.HTTPError(
401, 'Currently, you are not a valid user!\nSafeBox Team')
def share(self, **kwargs):
"""Server Side Share Initial Commnunication
Gets user access file by his user id from the File System and the
user destination public key, from the DB, by his ID and sends the
information to client
Security: Authenticate User Message
Concurrency control"""
username = kwargs['username']
sessionKey = um.getSessionKey(username)
if sessionKey != -1:
try:
data = json.loads(
security.decryptS_AES(kwargs['data'].decode('hex'),
sessionKey.decode('hex')))
file_name = data['filename']
usr_dst_name = data['usrdstname']
usr_id = DBmodule.db_getUserID(username)
file_id = DBmodule.db_getFileId(usr_id, file_name)
# Concurrent Access
while (DBmodule.db_fileStatus(file_id) is True):
time.sleep(2)
status = DBmodule.db_fileInUse(file_id)
# Verify if the user is valid and have access to the file
if status and um.validUser(
username) and DBmodule.db_filePermission(
usr_id, file_id):
destination = os.path.join('storage',
str(file_id) + '.file')
# Get User Access File
with open(destination + '.key' + str(usr_id)) as f:
aes = f.read()
usr_dst_id = DBmodule.db_getUserID(usr_dst_name)
pub_key = DBmodule.db_getUserPubKey(usr_dst_id)
message = {'aes': aes, 'pubkey': pub_key}
messageToSend = security.encryptS_AES(
json.dumps(message),
sessionKey.decode('hex')).encode('hex')
cherrypy.response.headers['data'] = messageToSend
statusF = DBmodule.db_fileNotInUse(file_id)
if statusF is True:
return "Okay"
else:
raise cherrypy.HTTPError(
408,
'Request Timeout! Please Try Again\nSafeBox Team')
else:
raise cherrypy.HTTPError(
401,
'Currently, you are not a valid user!\nSafeBox Team')
except:
raise cherrypy.HTTPError(
401, 'Currently, you are not a valid user!\nSafeBox Team')
else:
raise cherrypy.HTTPError(
401, 'Currently, you are not a valid user!\nSafeBox Team')
def unShare(self, **kwargs):
"""Server Side Unshare
Remove user AccessFile to the File by its ID and update Database
AccessManagement Table
Security: Authenticate User Message
Concurrency control"""
username = kwargs['username']
sessionKey = um.getSessionKey(username)
if sessionKey != -1:
try:
data = json.loads(
security.decryptS_AES(kwargs['data'].decode('hex'),
sessionKey.decode('hex')))
filename = data['filename']
user_id = DBmodule.db_getUserID(username)
# Concurrent Access
file_id = DBmodule.db_getFileId(user_id, filename)
while (DBmodule.db_fileStatus(file_id) is True):
time.sleep(2)
status = DBmodule.db_fileInUse(file_id)
# Verify if the user is valid and have access to the file
if status and um.validUser(
kwargs['username']) and DBmodule.db_filePermission(
user_id, file_id):
unsharename = data['unshare']
unshareid = DBmodule.db_getUserID(unsharename)
userlist = [unshareid
] + DBmodule.db_getAllShareDependencies(
unshareid, file_id)
# Remove access permission from the database
DBmodule.db_removeShare(user_id, file_id, unshareid)
# Remoce user access file from the server
for usr in userlist:
os.remove('storage/' + str(file_id) + '.file.key' +
str(usr))
statusF = DBmodule.db_fileNotInUse(file_id)
if statusF is True:
return 'Okay'
else:
raise cherrypy.HTTPError(
408,
'Request Timeout! Please Try Again\nSafeBox Team')
else:
raise cherrypy.HTTPError(
401,
'Currently, you are not a valid user!\nSafeBox Team')
except:
raise cherrypy.HTTPError(
401, 'Currently, you are not a valid user!\nSafeBox Team')
else:
raise cherrypy.HTTPError(
401, 'Currently, you are not a valid user!\nSafeBox Team')
def removeFile(self):
"""Server Side Remove
Remove ciphertext of the file and all user AccessFiles to it
by its ID and update Database AccessManagement Table
Security: Authenticate User Message
Concurrency control"""
lcHDRS = {}
for key, val in cherrypy.request.headers.iteritems():
lcHDRS[key.lower()] = val
username = lcHDRS['username']
sessionKey = um.getSessionKey(username)
if sessionKey != -1:
try:
data = json.loads(
security.decryptS_AES(lcHDRS['data'].decode('hex'),
sessionKey.decode('hex')))
filename = data['filename']
user_id = DBmodule.db_getUserID(username)
file_id = DBmodule.db_getFileId(user_id, filename)
# Concurrent Access
while (DBmodule.db_fileStatus(file_id) is True):
time.sleep(2)
status = DBmodule.db_fileInUse(file_id)
# Verify if the user is valid and has access to the file
if status and um.validUser(
username) and DBmodule.db_filePermission(
user_id, file_id):
# If the user is the owner of the file, all the users loose the file
if DBmodule.db_isOwner(user_id, file_id) == 1:
DBmodule.db_removeFile(file_id)
pattern = '^' + str(file_id) + '.file'
mypath = 'storage'
for root, dirs, files in os.walk(mypath):
for fileFound in filter(
lambda x: re.match(pattern, x), files):
os.remove(os.path.join(root, fileFound))
# If the user is not the owner, only removes it's access to the file
else:
userlist = [user_id
] + DBmodule.db_getAllShareDependencies(
user_id, file_id)
for usr in userlist:
DBmodule.db_removeAccess(file_id, usr)
os.remove('storage/' + str(file_id) + '.file.key' +
str(usr))
statusF = DBmodule.db_fileNotInUse(file_id)
if statusF is True:
return 'Okay'
else:
raise cherrypy.HTTPError(
408,
'Request Timeout! Please Try Again\nSafeBox Team'
)
else:
raise cherrypy.HTTPError(
401,
'Currently, you are not a valid user!\nSafeBox Team')
except:
raise cherrypy.HTTPError(
401, 'Currently, you are not a valid user!\nSafeBox Team')
else:
raise cherrypy.HTTPError(
401, 'Currently, you are not a valid user!\nSafeBox Team')
def download(self, **kwargs):
"""Server Side Download a file
Gets the ciphertext of the file by file ID, user access file by his
user id from the File System and the IV from the DB
Security: Authenticate User Message
Concurrency control"""
# Multipart aux function
def read(i_file, chunk_size=16 * 1024):
while True:
ret = i_file.read(chunk_size)
if not ret:
break
yield ret
username = kwargs['username']
sessionKey = um.getSessionKey(username)
if sessionKey != -1:
try:
data = json.loads(
security.decryptS_AES(kwargs['data'].decode('hex'),
sessionKey.decode('hex')))
usr_id = DBmodule.db_getUserID(username)
filename = data['filename']
file_id = DBmodule.db_getFileId(usr_id, filename)
# Concurrent Access
while (DBmodule.db_fileStatus(file_id) is True):
time.sleep(2)
status = DBmodule.db_fileInUse(file_id)
# Verify if the user is valid and have permission to access the file
if (status and um.validUser(username)
and DBmodule.db_filePermission(usr_id, file_id)):
destination = os.path.join('storage',
str(file_id) + '.file')
# Get User Access File
with open(destination + '.key' + str(usr_id)) as f:
aes = f.read()
iv = DBmodule.db_getFileIV(file_id).encode(
'latin-1').encode('hex')
sign = DBmodule.db_getFileHash(file_id)
message = {'iv': iv, 'sign': sign}
messageToSend = security.encryptS_AES(
json.dumps(message),
sessionKey.decode('hex')).encode('hex')
cherrypy.response.headers['data'] = messageToSend
cherrypy.response.headers['aes'] = aes
statusF = DBmodule.db_fileNotInUse(file_id)
if statusF is True:
return read(open(destination, 'rb'))
else:
raise cherrypy.HTTPError(
408,
'Request Timeout! Please Try Again\nSafeBox Team')
else:
raise cherrypy.HTTPError(
401,
'Currently, you are not a valid user!\nSafeBox Team')
except:
raise cherrypy.HTTPError(
401, 'Currently, you are not a valid user!\nSafeBox Team')
else:
raise cherrypy.HTTPError(
401, 'Currently, you are not a valid user!\nSafeBox Team')