def delete(self, notify=True): """ Remove the folder where the shared file is stored. """ shutil.rmtree(os.path.join(app.config['FLASKUP_UPLOAD_FOLDER'], self.path)) # notify admins if 'delete' in app.config['FLASKUP_NOTIFY'] and notify: subject = render_template('emails/notify_delete_subject.txt', f=self) body = render_template('emails/notify_delete_body.txt', f=self) send_mail(subject, body, app.config['FLASKUP_ADMINS'])
def delete(self, notify=True): """ Remove the folder where the shared file is stored. """ shutil.rmtree(os.path.join(app.config["FLASKUP_UPLOAD_FOLDER"], self.path)) # notify admins if "delete" in app.config["FLASKUP_NOTIFY"] and notify: subject = render_template("emails/notify_delete_subject.txt", f=self) body = render_template("emails/notify_delete_body.txt", f=self) send_mail(subject, body, app.config["FLASKUP_ADMINS"])
def save(self, notify=True): """ Save the uploaded file on disk. """ # store the upload file on disk self.filename = secure_filename(self.upload_file.filename) self.key = self.gen_key() self.relative_path = self.key_to_path(self.key) path = os.path.join(app.config['FLASKUP_UPLOAD_FOLDER'], self.relative_path) os.makedirs(path) self.upload_file.save(os.path.join(path, self.filename)) self.size = os.path.getsize(os.path.join(path, self.filename)) # generate a unique key needed to delete the file self.delete_key = uuid.uuid4().hex[:app.config['FLASKUP_DELETE_KEY_LENGTH']] # number of days to keep the file self.expire_date = date.today() + timedelta(app.config['FLASKUP_MAX_DAYS']) # store informations to keep with the file infos = {} infos['filename'] = self.filename infos['key'] = self.key infos['path'] = self.relative_path infos['upload_date'] = date.today() infos['expire_date'] = self.expire_date infos['delete_key'] = self.delete_key infos['remote_ip'] = self.remote_ip infos['size'] = self.size infos['password_identifier'] = self.password_identifier path = os.path.join(app.config['FLASKUP_UPLOAD_FOLDER'], self.relative_path) with open(os.path.join(path, self.key + self._JSON_FILENAME), 'w') as json_file: simplejson.dump(infos, json_file, cls=date_encoder) # notify admins if 'add' in app.config['FLASKUP_NOTIFY'] and notify: subject = render_template('emails/notify_add_subject.txt', f=self) body = render_template('emails/notify_add_body.txt', f=self) send_mail(subject, body, app.config['FLASKUP_ADMINS'])
def save(self, notify=True): """ Save the uploaded file on disk. """ # store the upload file on disk self.filename = secure_filename(self.upload_file.filename) self.key = self.gen_key() self.relative_path = self.key_to_path(self.key) path = os.path.join(app.config["FLASKUP_UPLOAD_FOLDER"], self.relative_path) os.makedirs(path) self.upload_file.save(os.path.join(path, self.filename)) self.size = os.path.getsize(os.path.join(path, self.filename)) # generate a unique key needed to delete the file self.delete_key = uuid.uuid4().hex[: app.config["FLASKUP_DELETE_KEY_LENGTH"]] # number of days to keep the file self.expire_date = date.today() + timedelta(app.config["FLASKUP_MAX_DAYS"]) # store informations to keep with the file infos = {} infos["filename"] = self.filename infos["key"] = self.key infos["path"] = self.relative_path infos["upload_date"] = date.today() infos["expire_date"] = self.expire_date infos["delete_key"] = self.delete_key infos["remote_ip"] = self.remote_ip infos["size"] = self.size infos["password_identifier"] = self.password_identifier path = os.path.join(app.config["FLASKUP_UPLOAD_FOLDER"], self.relative_path) with open(os.path.join(path, self.key + self._JSON_FILENAME), "w") as json_file: simplejson.dump(infos, json_file, cls=date_encoder) # notify admins if "add" in app.config["FLASKUP_NOTIFY"] and notify: subject = render_template("emails/notify_add_subject.txt", f=self) body = render_template("emails/notify_add_body.txt", f=self) send_mail(subject, body, app.config["FLASKUP_ADMINS"])
def upload_file(): if request.headers.getlist("X-Forwarded-For"): remote_ip = request.headers.getlist("X-Forwarded-For")[0] else: remote_ip = request.environ.get('REMOTE_ADDR', None) upload_file = None password_identifier = None passwords = app.config['FLASKUP_UPLOAD_PASSWORDS'] if passwords: # check if user provided a valid password mypassword = request.form.get('mypassword') check_password = app.config.get('FLASKUP_UPLOAD_PASSWORDS_CHECK') valid_password = False for hashed_password, info in passwords: try: if check_password(mypassword, hashed_password): password_identifier = info valid_password = True continue except: # An exception was raised when cheking the password. # Treat this as a password check failure, so do nothing # more. pass if not valid_password: message = _("Incorrect password") return jsonify(message=message), 400 if app.config['FLASKUP_NGINX_UPLOAD_MODULE_ENABLED']: # Nginx Upload Module if 'myfile.name' in request.form and 'myfile.path' in request.form: realpath = os.path.realpath(request.form['myfile.path']) storepath = app.config['FLASKUP_NGINX_UPLOAD_MODULE_STORE'] storepath = os.path.realpath(storepath) if realpath.startswith(storepath): upload_file = NginxUploadFile( filename=request.form['myfile.name'], path=request.form['myfile.path'] ) else: # the path given in `myfile.path` is outside the store path # this should not happen message = "'{0}' not in the Nginx upload-module store".format( request.form['myfile.path'] ) return jsonify(message=message), 400 else: # Werkzeug `FileStorage` (normal HTTP Post) if 'myfile' in request.files and request.files['myfile']: upload_file = request.files['myfile'] if upload_file is None: # no upload file message = _("The file is required.") if request.is_xhr: return jsonify(message=message), 400 else: return render_template('show_upload_form.html', error=message) shared_file = SharedFile() shared_file.upload_file = upload_file shared_file.remote_ip = remote_ip shared_file.password_identifier = password_identifier shared_file.save() # notify the user myemail = request.form.get('myemail', '').strip() if myemail: subject = render_template('emails/notify_me_subject.txt', f=shared_file, recipient=myemail) body = render_template('emails/notify_me_body.txt', f=shared_file, recipient=myemail) send_mail(subject, body, [myemail]) # notify contacts max_contacts = app.config['FLASKUP_MAX_CONTACTS'] if 'mycontacts' in request.form: mycontacts = request.form['mycontacts'] all_contacts = [c.strip() for c in mycontacts.splitlines()] for contact in all_contacts[:max_contacts]: if contact: subject = render_template('emails/notify_contact_subject.txt', f=shared_file, sender=myemail, recipient=contact) body = render_template('emails/notify_contact_body.txt', f=shared_file, sender=myemail, recipient=contact) send_mail(subject, body, [contact]) if request.is_xhr: return jsonify(url=url_for('show_uploaded_file', key=shared_file.key, secret=shared_file.delete_key)) else: return redirect(url_for('show_uploaded_file', key=shared_file.key, secret=shared_file.delete_key))
def upload_file(): if request.headers.getlist("X-Forwarded-For"): remote_ip = request.headers.getlist("X-Forwarded-For")[0] else: remote_ip = request.environ.get('REMOTE_ADDR', None) upload_file = None password_identifier = None passwords = app.config['FLASKUP_UPLOAD_PASSWORDS'] if passwords: # check if user provided a valid password mypassword = request.form.get('mypassword') check_password = app.config.get('FLASKUP_UPLOAD_PASSWORDS_CHECK') valid_password = False for hashed_password, info in passwords: try: if check_password(mypassword, hashed_password): password_identifier = info valid_password = True continue except: # An exception was raised when cheking the password. # Treat this as a password check failure, so do nothing # more. pass if not valid_password: message = _("Incorrect password") return jsonify(message=message), 400 if app.config['FLASKUP_NGINX_UPLOAD_MODULE_ENABLED']: # Nginx Upload Module if 'myfile.name' in request.form and 'myfile.path' in request.form: realpath = os.path.realpath(request.form['myfile.path']) storepath = app.config['FLASKUP_NGINX_UPLOAD_MODULE_STORE'] storepath = os.path.realpath(storepath) if realpath.startswith(storepath): upload_file = NginxUploadFile( filename=request.form['myfile.name'], path=request.form['myfile.path']) else: # the path given in `myfile.path` is outside the store path # this should not happen message = "'{0}' not in the Nginx upload-module store".format( request.form['myfile.path']) return jsonify(message=message), 400 else: # Werkzeug `FileStorage` (normal HTTP Post) if 'myfile' in request.files and request.files['myfile']: upload_file = request.files['myfile'] if upload_file is None: # no upload file message = _("The file is required.") if request.is_xhr: return jsonify(message=message), 400 else: return render_template('show_upload_form.html', error=message) shared_file = SharedFile() shared_file.upload_file = upload_file shared_file.remote_ip = remote_ip shared_file.password_identifier = password_identifier shared_file.save() # notify the user myemail = request.form.get('myemail', '').strip() if myemail: subject = render_template('emails/notify_me_subject.txt', f=shared_file, recipient=myemail) body = render_template('emails/notify_me_body.txt', f=shared_file, recipient=myemail) send_mail(subject, body, [myemail]) # notify contacts max_contacts = app.config['FLASKUP_MAX_CONTACTS'] if 'mycontacts' in request.form: mycontacts = request.form['mycontacts'] all_contacts = [c.strip() for c in mycontacts.splitlines()] for contact in all_contacts[:max_contacts]: if contact: subject = render_template('emails/notify_contact_subject.txt', f=shared_file, sender=myemail, recipient=contact) body = render_template('emails/notify_contact_body.txt', f=shared_file, sender=myemail, recipient=contact) send_mail(subject, body, [contact]) if request.is_xhr: return jsonify(url=url_for('show_uploaded_file', key=shared_file.key, secret=shared_file.delete_key)) else: return redirect( url_for('show_uploaded_file', key=shared_file.key, secret=shared_file.delete_key))