def prep_response(self, request, path, data, contenttype, params):
if path and os.path.exists(path):
status = 200
# FIXME: These are not terribly well designed flow control
# mechanisms
if path.endswith("page_error.png"):
status = 500
elif path.endswith(".404"):
status = 404
fp = wrap_file(request.environ, open(path, 'rb'))
headers = Headers({"Content-length": os.path.getsize(path)})
elif data:
fp = wrap_file(request.environ, BytesIO(data))
status = 200
headers = Headers({"Content-length": len(data)})
else:
msg = "No acceptable media could be found for requested type(s) %s" % request.headers.get(
"Accept")
if path:
# then os.path.exists(path) must be false
msg += " (%s does not exist)" % path
raise NotAcceptable(msg)
return Response(fp,
status,
headers,
mimetype=contenttype,
direct_passthrough=True)
def test_range_wrapper():
response = BaseResponse(b"Hello World")
range_wrapper = _RangeWrapper(response.response, 6, 4)
assert next(range_wrapper) == b"Worl"
response = BaseResponse(b"Hello World")
range_wrapper = _RangeWrapper(response.response, 1, 0)
with pytest.raises(StopIteration):
next(range_wrapper)
response = BaseResponse(b"Hello World")
range_wrapper = _RangeWrapper(response.response, 6, 100)
assert next(range_wrapper) == b"World"
response = BaseResponse(x
for x in (b"He", b"ll", b"o ", b"Wo", b"rl", b"d"))
range_wrapper = _RangeWrapper(response.response, 6, 4)
assert not range_wrapper.seekable
assert next(range_wrapper) == b"Wo"
assert next(range_wrapper) == b"rl"
response = BaseResponse(x for x in (b"He", b"ll", b"o W", b"o", b"rld"))
range_wrapper = _RangeWrapper(response.response, 6, 4)
assert next(range_wrapper) == b"W"
assert next(range_wrapper) == b"o"
assert next(range_wrapper) == b"rl"
with pytest.raises(StopIteration):
next(range_wrapper)
response = BaseResponse(x for x in (b"Hello", b" World"))
range_wrapper = _RangeWrapper(response.response, 1, 1)
assert next(range_wrapper) == b"e"
with pytest.raises(StopIteration):
next(range_wrapper)
resources = os.path.join(os.path.dirname(__file__), "res")
env = create_environ()
with open(os.path.join(resources, "test.txt"), "rb") as f:
response = BaseResponse(wrap_file(env, f))
range_wrapper = _RangeWrapper(response.response, 1, 2)
assert range_wrapper.seekable
assert next(range_wrapper) == b"OU"
with pytest.raises(StopIteration):
next(range_wrapper)
with open(os.path.join(resources, "test.txt"), "rb") as f:
response = BaseResponse(wrap_file(env, f))
range_wrapper = _RangeWrapper(response.response, 2)
assert next(range_wrapper) == b"UND\n"
with pytest.raises(StopIteration):
next(range_wrapper)
def test_range_wrapper():
response = BaseResponse(b'Hello World')
range_wrapper = _RangeWrapper(response.response, 6, 4)
assert next(range_wrapper) == b'Worl'
response = BaseResponse(b'Hello World')
range_wrapper = _RangeWrapper(response.response, 1, 0)
with pytest.raises(StopIteration):
next(range_wrapper)
response = BaseResponse(b'Hello World')
range_wrapper = _RangeWrapper(response.response, 6, 100)
assert next(range_wrapper) == b'World'
response = BaseResponse(
(x for x in (b'He', b'll', b'o ', b'Wo', b'rl', b'd')))
range_wrapper = _RangeWrapper(response.response, 6, 4)
assert not range_wrapper.seekable
assert next(range_wrapper) == b'Wo'
assert next(range_wrapper) == b'rl'
response = BaseResponse((x for x in (b'He', b'll', b'o W', b'o', b'rld')))
range_wrapper = _RangeWrapper(response.response, 6, 4)
assert next(range_wrapper) == b'W'
assert next(range_wrapper) == b'o'
assert next(range_wrapper) == b'rl'
with pytest.raises(StopIteration):
next(range_wrapper)
response = BaseResponse((x for x in (b'Hello', b' World')))
range_wrapper = _RangeWrapper(response.response, 1, 1)
assert next(range_wrapper) == b'e'
with pytest.raises(StopIteration):
next(range_wrapper)
resources = os.path.join(os.path.dirname(__file__), 'res')
env = create_environ()
with open(os.path.join(resources, 'test.txt'), 'rb') as f:
response = BaseResponse(wrap_file(env, f))
range_wrapper = _RangeWrapper(response.response, 1, 2)
assert range_wrapper.seekable
assert next(range_wrapper) == b'OU'
with pytest.raises(StopIteration):
next(range_wrapper)
with open(os.path.join(resources, 'test.txt'), 'rb') as f:
response = BaseResponse(wrap_file(env, f))
range_wrapper = _RangeWrapper(response.response, 2)
assert next(range_wrapper) == b'UND\n'
with pytest.raises(StopIteration):
next(range_wrapper)
def test_range_wrapper():
response = BaseResponse(b'Hello World')
range_wrapper = _RangeWrapper(response.response, 6, 4)
assert next(range_wrapper) == b'Worl'
response = BaseResponse(b'Hello World')
range_wrapper = _RangeWrapper(response.response, 1, 0)
with pytest.raises(StopIteration):
next(range_wrapper)
response = BaseResponse(b'Hello World')
range_wrapper = _RangeWrapper(response.response, 6, 100)
assert next(range_wrapper) == b'World'
response = BaseResponse((x for x in (b'He', b'll', b'o ', b'Wo', b'rl', b'd')))
range_wrapper = _RangeWrapper(response.response, 6, 4)
assert not range_wrapper.seekable
assert next(range_wrapper) == b'Wo'
assert next(range_wrapper) == b'rl'
response = BaseResponse((x for x in (b'He', b'll', b'o W', b'o', b'rld')))
range_wrapper = _RangeWrapper(response.response, 6, 4)
assert next(range_wrapper) == b'W'
assert next(range_wrapper) == b'o'
assert next(range_wrapper) == b'rl'
with pytest.raises(StopIteration):
next(range_wrapper)
response = BaseResponse((x for x in (b'Hello', b' World')))
range_wrapper = _RangeWrapper(response.response, 1, 1)
assert next(range_wrapper) == b'e'
with pytest.raises(StopIteration):
next(range_wrapper)
resources = os.path.join(os.path.dirname(__file__), 'res')
env = create_environ()
with open(os.path.join(resources, 'test.txt'), 'rb') as f:
response = BaseResponse(wrap_file(env, f))
range_wrapper = _RangeWrapper(response.response, 1, 2)
assert range_wrapper.seekable
assert next(range_wrapper) == b'OU'
with pytest.raises(StopIteration):
next(range_wrapper)
with open(os.path.join(resources, 'test.txt'), 'rb') as f:
response = BaseResponse(wrap_file(env, f))
range_wrapper = _RangeWrapper(response.response, 2)
assert next(range_wrapper) == b'UND\n'
with pytest.raises(StopIteration):
next(range_wrapper)
def test_range_wrapper():
response = BaseResponse(b"Hello World")
range_wrapper = _RangeWrapper(response.response, 6, 4)
assert next(range_wrapper) == b"Worl"
response = BaseResponse(b"Hello World")
range_wrapper = _RangeWrapper(response.response, 1, 0)
with pytest.raises(StopIteration):
next(range_wrapper)
response = BaseResponse(b"Hello World")
range_wrapper = _RangeWrapper(response.response, 6, 100)
assert next(range_wrapper) == b"World"
response = BaseResponse((x for x in (b"He", b"ll", b"o ", b"Wo", b"rl", b"d")))
range_wrapper = _RangeWrapper(response.response, 6, 4)
assert not range_wrapper.seekable
assert next(range_wrapper) == b"Wo"
assert next(range_wrapper) == b"rl"
response = BaseResponse((x for x in (b"He", b"ll", b"o W", b"o", b"rld")))
range_wrapper = _RangeWrapper(response.response, 6, 4)
assert next(range_wrapper) == b"W"
assert next(range_wrapper) == b"o"
assert next(range_wrapper) == b"rl"
with pytest.raises(StopIteration):
next(range_wrapper)
response = BaseResponse((x for x in (b"Hello", b" World")))
range_wrapper = _RangeWrapper(response.response, 1, 1)
assert next(range_wrapper) == b"e"
with pytest.raises(StopIteration):
next(range_wrapper)
resources = os.path.join(os.path.dirname(__file__), "res")
env = create_environ()
with open(os.path.join(resources, "test.txt"), "rb") as f:
response = BaseResponse(wrap_file(env, f))
range_wrapper = _RangeWrapper(response.response, 1, 2)
assert range_wrapper.seekable
assert next(range_wrapper) == b"OU"
with pytest.raises(StopIteration):
next(range_wrapper)
with open(os.path.join(resources, "test.txt"), "rb") as f:
response = BaseResponse(wrap_file(env, f))
range_wrapper = _RangeWrapper(response.response, 2)
assert next(range_wrapper) == b"UND\n"
with pytest.raises(StopIteration):
next(range_wrapper)
def get_media_streamed(media_id):
if not app.auth.authorized([], 'assets', 'GET'):
return app.auth.authenticate()
try:
media_file = app.media.get(media_id, 'upload')
except bson.errors.InvalidId:
media_file = None
if media_file:
data = wrap_file(request.environ, media_file, buffer_size=1024 * 256)
response = app.response_class(data,
mimetype=media_file.content_type,
direct_passthrough=True)
response.content_length = media_file.length
response.last_modified = media_file.upload_date
response.set_etag(media_file.md5)
response.cache_control.max_age = cache_for
response.cache_control.s_max_age = cache_for
response.cache_control.public = True
response.make_conditional(request)
response.headers['Content-Disposition'] = 'inline'
get_resource_service('api_audit').audit_item(
{
'type': 'asset',
'uri': request.url
}, media_id)
return response
raise FileNotFoundError('File not found on media storage.')
def send_file(fileobj, version=-1, mimetype=None, filename=None, cache_for=31536000):
"""
#pour fs.get_version(filename=filename, version=version)
version=-1,
#number of seconds
cache_for=31536000
#date de création ?
fileobj.upload_date
"""
# print("filename: ", fileobj.filename)
# print("metadata : ", fileobj.metadata)
filename = filename or fileobj.filename
data = wrap_file(request.environ, fileobj, buffer_size=1024 * 256)
response = current_app.response_class(data, mimetype=mimetype or fileobj.content_type, direct_passthrough=True)
response.headers["Content-disposition"] = "attachment; filename=%s" % filename
response.content_length = fileobj.length
response.last_modified = fileobj.upload_date
response.set_etag(fileobj.md5)
"""
response.cache_control.max_age = cache_for
response.cache_control.s_max_age = cache_for
response.cache_control.public = True
"""
response.make_conditional(request)
return response
def view_file(req):
if "uploaded_file" not in req.files:
return BaseResponse("no file uploaded")
f = req.files["uploaded_file"]
return BaseResponse(wrap_file(req.environ, f),
mimetype=f.content_type,
direct_passthrough=True)
def __call__(self, environ, start_response):
if self.context is None:
self.context = self.site.build()
for input_file in self.context.input_files:
self.extra_files.append(
os.path.join(self.site.source_path, input_file))
cleaned_path = get_path_info(environ)
cleaned_path = cleaned_path.lstrip('/')
cleaned_path = '/' + cleaned_path
static_file_path = None
if cleaned_path.lstrip('/') in self.context.output_files:
static_file_path = cleaned_path
elif cleaned_path.endswith('/'):
try_cleaned_path = cleaned_path + 'index.html'
if try_cleaned_path.lstrip('/') in self.context.output_files:
static_file_path = try_cleaned_path
if static_file_path is None:
return self.application(environ, start_response)
real_path = os.path.join(self.context.site.build_path,
static_file_path.lstrip('/'))
guessed_type = mimetypes.guess_type(real_path)
mime_type = guessed_type[0] or 'text/plain'
file_size = int(os.path.getsize(real_path))
headers = [
('Content-Type', mime_type),
('Content-Length', str(file_size)),
]
start_response('200 OK', headers)
return wrap_file(environ, open(real_path, 'rb'))
def download_rev(request, title, rev):
"""Serve the raw content of a page directly from disk."""
mime = hatta.page.page_mime(title)
if mime == 'text/x-wiki':
mime = 'text/plain'
revision = request.wiki.storage.get_revision(title, rev)
data = wsgi.wrap_file(request.environ, revision.file)
resp = response(request,
title,
data,
'/download',
mime,
rev=revision.rev,
date=revision.date)
resp.headers.add('Cache-Control', 'no-cache')
# give browsers a useful filename hint
if rev:
filename = '%s-%s' % (rev, title)
else:
filename = title
resp.headers.add('Content-Disposition',
'filename="%s"' % urls.url_quote(filename))
resp.direct_passthrough = True
return resp
def serve_static_files(request):
"""Serve a static file."""
# First, match the path against the regex.
matcher = re.match(url_re, request.path)
if not matcher: # Just for safety - the dispatcher should have matched this
logging.error('Static file handler found no match for %s',
request.path)
return wrappers.Response(status=httplib.NOT_FOUND)
# Use the match and the files regex backref to choose a filename.
filename = matcher.expand(files_mapping)
# Check to see if the normalized path matched is in the upload regex.
# This provides path traversal protection, although apps running on Google
# servers are protected by the Google frontend (GFE)'s own path traversal
# protection as well.
if not re.match(upload_re, os.path.normpath(filename)):
logging.warn('Requested filename %s not in `upload`', filename)
return wrappers.Response(status=httplib.NOT_FOUND)
try:
fp = open(filename, 'rb')
# fp is not closed in this function as it is handed to the WSGI server
# directly.
except IOError:
logging.warn('Requested non-existent filename %s', filename)
return wrappers.Response(status=httplib.NOT_FOUND)
wrapped_file = wsgi.wrap_file(request.environ, fp)
return wrappers.Response(
wrapped_file, direct_passthrough=True,
mimetype=mime_type or mimetypes.guess_type(filename)[0])
def generate_response_for_file(
file: SuperdeskFile,
cache_for: int = 3600 * 24 * 30, # 30d cache
buffer_size: int = 1024 * 256,
content_disposition: str = None,
):
data = wrap_file(request.environ, file, buffer_size=buffer_size)
response = app.response_class(data,
mimetype=file.content_type,
direct_passthrough=True)
response.content_length = file.length
response.last_modified = file.upload_date
response.set_etag(file.md5)
response.cache_control.max_age = cache_for
response.cache_control.s_max_age = cache_for
response.cache_control.public = True
# Add ``accept_ranges`` & ``complete_length`` so video seeking is supported
response.make_conditional(request,
accept_ranges=True,
complete_length=file.length)
if content_disposition:
response.headers["Content-Disposition"] = content_disposition
else:
filename = "; filename={}".format(
file.filename or file.name) if file.filename or file.name else ""
if strtobool(request.args.get("download", "False")):
response.headers["Content-Disposition"] = "Attachment" + filename
else:
response.headers["Content-Disposition"] = "Inline" + filename
return response
def get_file(self, environ, request):
try:
file = open('images/'+request.query_string.decode(), 'rb')
except Exception as e:
debug_logger.debug("could not read file" + str(e))
raise NotFound()
return Response(wrap_file(environ, file), direct_passthrough=True)
def send_private_file(path):
path = os.path.join(frappe.local.conf.get("private_path", "private"),
path.strip("/"))
filename = os.path.basename(path)
if frappe.local.request.headers.get("X-Use-X-Accel-Redirect"):
path = "/protected/" + path
response = Response()
response.headers["X-Accel-Redirect"] = quote(frappe.utils.encode(path))
else:
filepath = frappe.utils.get_site_path(path)
try:
f = open(filepath, "rb")
except IOError:
raise NotFound
response = Response(wrap_file(frappe.local.request.environ, f),
direct_passthrough=True)
# no need for content disposition and force download. let browser handle its opening.
# Except for those that can be injected with scripts.
extension = os.path.splitext(path)[1]
blacklist = [".svg", ".html", ".htm", ".xml"]
if extension.lower() in blacklist:
response.headers.add("Content-Disposition",
"attachment",
filename=filename.encode("utf-8"))
response.mimetype = mimetypes.guess_type(
filename)[0] or "application/octet-stream"
return response
def get_upload(media_id):
try:
media_file = flask.current_app.media.get(media_id, ASSETS_RESOURCE)
except bson.errors.InvalidId:
media_file = None
if not media_file:
flask.abort(404)
data = wrap_file(flask.request.environ, media_file, buffer_size=1024 * 256)
response = flask.current_app.response_class(
data, mimetype=media_file.content_type, direct_passthrough=True)
response.content_length = media_file.length
response.last_modified = media_file.upload_date
response.set_etag(media_file.md5)
response.cache_control.max_age = cache_for
response.cache_control.s_max_age = cache_for
response.cache_control.public = True
response.make_conditional(flask.request)
if flask.request.args.get('filename'):
response.headers['Content-Type'] = media_file.content_type
response.headers[
'Content-Disposition'] = 'attachment; filename="%s"' % flask.request.args[
'filename']
else:
response.headers['Content-Disposition'] = 'inline'
return response
def send_private_file(path):
path = os.path.join(frappe.local.conf.get('private_path', 'private'), path.strip("/"))
filename = os.path.basename(path)
if frappe.local.request.headers.get('X-Use-X-Accel-Redirect'):
path = '/protected/' + path
response = Response()
response.headers['X-Accel-Redirect'] = frappe.utils.encode(quote(path))
else:
filepath = frappe.utils.get_site_path(path)
try:
f = open(filepath, 'rb')
except IOError:
raise NotFound
response = Response(wrap_file(frappe.local.request.environ, f), direct_passthrough=True)
# no need for content disposition and force download. let browser handle its opening.
# Except for those that can be injected with scripts.
extension = os.path.splitext(path)[1]
blacklist = ['.svg', '.html', '.htm', '.xml']
if extension.lower() in blacklist:
response.headers.add(b'Content-Disposition', b'attachment', filename=filename.encode("utf-8"))
response.mimetype = mimetypes.guess_type(filename)[0] or 'application/octet-stream'
return response
def handle(environ, start_response):
with self.db_env.begin(self.metadata_db, write=True) as tx:
message = pickle.loads(tx.get(message_id.encode('ascii')))
self._update_tracking(
tx,
message_id,
message,
downloadTimestamp=datetime.datetime.now().strftime(
TIMESTAMP_FORMAT))
assert message.recipient == mailbox
status = '206 Partial Content' if message.chunks > chunk_num else '200 OK'
chunk_header = "{}:{}".format(chunk_num, message.chunks)
headers = Headers([('Content-Type', 'application/octet-stream'),
('Mex-Chunk-Range', chunk_header),
('Mex-MessageID', str(message_id))])
for k, v in message.extra_headers.items():
headers[k] = v
f = open(self.get_filename(mailbox, message_id, chunk_num), 'rb')
if "gzip" in environ.get('HTTP_ACCEPT_ENCODING', ''):
headers['Content-Encoding'] = 'gzip'
start_response(status, headers.items())
return wrap_file(environ, f)
else:
start_response(status, headers.items())
return decompress_file(f)
def file_response(id, download=False):
try:
file = GridFS(mongo.db).get(id)
except NoFile:
raise NotFound()
data = wrap_file(request.environ, file, buffer_size=1024 * 255)
response = current_app.response_class(
data,
mimetype=file.content_type,
direct_passthrough=True,
)
response.content_length = file.length
response.last_modified = file.upload_date
response.set_etag(file.md5)
response.cache_control.max_age = 365 * 24 * 3600
response.cache_control.public = True
response.make_conditional(request)
if download:
response.headers.set('Content-Disposition',
'attachment',
filename=file.filename.encode('utf-8'))
return response
def get(self, dbid, sessid, restype, resid=None):
if resid == None:
return "You want alist of %s/%s/%s" % (dbid, sessid, restype)
else:
datadb = self.get_data_db(dbid)
if datadb == None:
return Response("{ \"error \" : \"Invalid database id %s\"}" % (dbid), status=405)
conn.register([Session])
sessobj = datadb["sessions"].Session.find_one({"_id" : ObjectId(sessid)})
if sessobj == None:
return Response("{ \"error \" : \"Session %s does not exist in db %s\"}" % (sessid, dbid), status=405)
# TODO: Make sure that resid exists in this session before being obtained from gridfs
if restype == "attachments" or restype == "rawfiles":
gf = gridfs.GridFS(datadb , restype)
fileobj = gf.get(ObjectId(resid))
data = wrap_file(request.environ, fileobj)
response = current_app.response_class(
data,
mimetype=fileobj.content_type,
direct_passthrough=True)
response.content_length = fileobj.length
response.last_modified = fileobj.upload_date
response.set_etag(fileobj.md5)
response.cache_control.max_age = 0
response.cache_control.s_max_age = 0
response.cache_control.public = True
response.headers['Content-Disposition'] = 'attachment; filename=' + fileobj.filename
response.make_conditional(request)
return response
else:
return "You want %s from views in %s/%s" % (resid, dbid, sessid)
def logo_login(self, **post):
p = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
number_rnd = random.randint(1, 15)
p = os.path.join(p, 'static/src/img/fundo_{0}.jpg'.format(number_rnd))
image = open(p, 'rb')
return BaseResponse(wrap_file(request.httprequest.environ, image),
mimetype='image/png')
def application(request):
"""
To use this application, the user must send a POST request with
base64 or form encoded encoded HTML content and the wkhtmltopdf Options in
request data, with keys 'base64_html' and 'options'.
The application will return a response with the PDF file.
"""
parsed = urlparse.urlparse(request.url)
if request.method == 'GET' and parsed.path == '/ping':
return Response(status=200)
if request.method != 'POST':
return Response(status=405)
request_is_json = request.content_type == 'application/json'
with tempfile.NamedTemporaryFile(suffix='.html') as source_file:
if request_is_json:
# If a JSON payload is there, all data is in the payload
payload = json.loads(request.data)
try:
source_file.write(payload['contents'].encode('utf-8'))
except KeyError:
logger.warn('The request content is not specified')
return Response(status=400)
options = payload.get('options', {})
elif request.files:
# First check if any files were uploaded
source_file.write(request.files['file'].read())
# Load any options that may have been provided in options
options = json.loads(request.form.get('options', '{}'))
else:
logging.warn(
'The request was neither json, not had files, cannot convert.')
return Response(status=400)
source_file.flush()
# Evaluate argument to run with subprocess
args = ['wkhtmltopdf']
# Add Global Options
options.update({'quiet': '', 'disable-javascript': ''})
for option, value in options.items():
args.append('--%s' % option)
if value:
args.append('"%s"' % value)
# Add source file name and output file name
file_name = source_file.name
args += [file_name, file_name + ".pdf"]
# Execute the command using executor
execute(' '.join(args))
result = file_name + '.pdf'
response = Response(
wrap_file(request.environ, open(result)),
mimetype='application/pdf',
)
os.remove(result)
return response
def send_from_memory(filename):
"""
:param filename: Name of the file to be loaded.
"""
if not os.path.isfile(filename):
raise NotFound()
#if filename is not None:
#if not os.path.isabs(filename):
#filename = os.path.join(current_app.root_path, filename)
mimetype = mimetypes.guess_type(filename)[0]
if mimetype is None:
mimetype = 'application/octet-stream'
if current_app.config['cache_enabled']:
data = jsOptimizer().get_file(os.path.abspath(filename), current_app.storekv)
else:
data = None
if data:
headers = Headers()
headers['Content-Encoding'] = 'gzip'
headers['Content-Length'] = len(data)
headers['Cache-Control'] = "max-age=172800, public, must-revalidate"
rv = current_app.response_class(data, mimetype=mimetype, headers=headers,
direct_passthrough=True)
else:
file = open(filename, 'rb')
data = wrap_file(request.environ, file)
headers = Headers()
rv = current_app.response_class(data, mimetype=mimetype, headers=headers,
direct_passthrough=False)
return rv
def build_response(request, pdf_file):
response = Response(wrap_file(request.environ, pdf_file))
response.headers.add('Access-Control-Allow-Origin', '*')
response.headers.add('content-type', 'application/pdf')
return response
def send_private_file(path):
path = os.path.join(frappe.local.conf.get('private_path', 'private'),
path.strip("/"))
filename = os.path.basename(path)
if frappe.local.request.headers.get('X-Use-X-Accel-Redirect'):
path = '/protected/' + path
response = Response()
response.headers[b'X-Accel-Redirect'] = path
else:
filepath = frappe.utils.get_site_path(path)
try:
f = open(filepath, 'rb')
except IOError:
raise NotFound
response = Response(wrap_file(frappe.local.request.environ, f),
direct_passthrough=True)
# no need for content disposition and force download. let browser handle its opening.
# response.headers.add(b'Content-Disposition', b'attachment', filename=filename.encode("utf-8"))
response.headers[b'Content-Type'] = mimetypes.guess_type(
filename)[0] or b'application/octet-stream'
return response
def content_common(self, xmlid=None, model='ir.attachment', id=None,
field='datas', filename=None,
filename_field='datas_fname', unique=None,
mimetype=None, download=None, data=None, token=None,
access_token=None, related_id=None, access_mode=None,
**kw):
status, headers, content = binary_content(
xmlid=xmlid, model=model, id=id, field=field, unique=unique,
filename=filename, filename_field=filename_field,
download=download, mimetype=mimetype, access_token=access_token,
related_id=related_id, access_mode=access_mode)
if status == 304:
response = werkzeug.wrappers.Response(
status=status, headers=headers)
elif status == 301:
return werkzeug.utils.redirect(content, code=301)
elif status != 200:
response = http.request.not_found()
else:
content_base64 = base64.b64decode(content)
headers.append(('Content-Length', len(content_base64)))
buf = BytesIO(content_base64)
data = wrap_file(http.request.httprequest.environ, buf)
response = http.Response(
data,
headers=headers,
direct_passthrough=True)
if token:
response.set_cookie('fileToken', token)
return response
def trans(self, track_id, output_format, seek=0, **kwargs):
Track = request.env['oomusic.track'].browse([track_id])
fn_ext = os.path.splitext(Track.path)[1]
Transcoder = request.env['oomusic.transcoder'].search(
[('input_formats.name', '=', fn_ext[1:]),
('output_format.name', '=', output_format)],
limit=1,
)
if Transcoder:
generator = Transcoder.transcode(track_id, seek=seek).stdout
mimetype = Transcoder.output_format.mimetype
if not Transcoder:
_logger.warning('Could not find converter from "%s" to "%s"',
fn_ext[1:], output_format)
return http.send_file(Track.path)
# FIXME: see http://librelist.com/browser/flask/2011/10/5/response-to-a-range-request/#1e95dd715f412161d3db2fc8aaf8666f
# Set a buffer size of 200 KB. The default value (8 KB) seems too small and leads to chunk
# download errors. Since the player is not fault-tolerant, a single download error leads to
# a complete stop of the music. Maybe consider this value as a user option for people with
# bad network.
data = wrap_file(request.httprequest.environ,
generator,
buffer_size=Transcoder.buffer_size * 1024)
return Response(data, mimetype=mimetype, direct_passthrough=True)
def send_private_file(path):
path = os.path.join(frappe.local.conf.get(
'private_path', 'private'), path.strip("/"))
filename = os.path.basename(path)
if frappe.local.request.headers.get('X-Use-X-Accel-Redirect'):
path = '/protected/' + path
response = Response()
response.headers[b'X-Accel-Redirect'] = frappe.utils.encode(path)
else:
filepath = frappe.utils.get_site_path(path)
try:
f = open(filepath, 'rb')
except IOError:
raise NotFound
response = Response(
wrap_file(frappe.local.request.environ, f), direct_passthrough=True)
# no need for content disposition and force download. let browser handle its opening.
# response.headers.add(b'Content-Disposition', b'attachment', filename=filename.encode("utf-8"))
response.mimetype = mimetypes.guess_type(
filename)[0] or b'application/octet-stream'
return response
def server(filename):
print filename
storage_setup = current_app.config['storage']
if 'local' in storage_setup and 'absolut_path' in storage_setup['local']:
STORAGE = storage_setup['local']['absolut_path']
else:
STORAGE = '.'
filename = filename.split('.')[0]
node = CaliopeDocument.pull(filename)
file = open(os.path.join(STORAGE, filename), 'rb')
data = wrap_file(request.environ, file)
headers = Headers()
try:
mimetype = node.mimetype
except:
mimetype = 'application/octet-stream'
rv = current_app.response_class(data,
mimetype=mimetype,
headers=headers,
direct_passthrough=False)
return rv
def view_file(req):
if "uploaded_file" not in req.files:
return BaseResponse("no file uploaded")
f = req.files["uploaded_file"]
return BaseResponse(
wrap_file(req.environ, f), mimetype=f.content_type, direct_passthrough=True
)
def dbfile_handler(self, environ, args):
try:
fobj = self.file_cacher.get_file(args['digest'])
except KeyError:
raise NotFound()
response = Response()
response.status_code = 200
response.mimetype = 'application/octet-stream'
if 'name' in args:
if args["name"].endswith(".pdf"):
# Add header to allow the official pdf.js to work
response.headers.add_header(b'Access-Control-Allow-Origin',
b'https://mozilla.github.io')
else:
# Don't do this on pdf files because it breaks the native pdf reader
response.headers.add_header(
b'Content-Disposition', b'attachment',
filename=args['name'])
mimetype = mimetypes.guess_type(args['name'])[0]
if mimetype is not None:
response.mimetype = mimetype
response.response = wrap_file(environ, fobj)
response.direct_passthrough = True
response.cache_control.max_age = 31536000
response.cache_control.public = True
return response
def serve_static_files(request):
"""Serve a static file."""
# First, match the path against the regex...
matcher = re.match(regex, request.path)
# ... and use the files regex backref to choose a filename.
filename = matcher.expand(files)
# Check to see if the normalized path matched is in the upload regex.
# This provides path traversal protection, although apps running on Google
# servers are protected by the Google frontend (GFE)'s own path traversal
# protection as well.
if not re.match(upload, os.path.normpath(filename)):
logging.warn('Requested filename %s not in `upload`', filename)
return Response(status=404)
try:
fp = open(filename, 'rb')
# fp is not closed in this function as it is handed to the WSGI server
# directly.
except IOError:
logging.warn('Requested non-existent filename %s', filename)
return Response(status=404)
wrapped_file = wrap_file(request.environ, fp)
return Response(wrapped_file,
direct_passthrough=True,
mimetype=mime_type
or mimetypes.guess_type(filename)[0])
def build_response(request, pdf_file):
response = Response(wrap_file(request.environ, pdf_file))
response.headers.add('Access-Control-Allow-Origin', '*')
response.headers.add('content-type', 'application/pdf')
return response
def serve_static_files(request):
"""Serve a static file."""
# First, match the path against the regex...
matcher = re.match(regex, request.path)
# ... and use the files regex backref to choose a filename.
filename = matcher.expand(files)
# Rudimentary protection against path traversal outside of the app. This
# code should never be hit in production, as Google's frontend servers
# (GFE) rewrite traversal attempts and respond with a 302 immediately.
filename = os.path.abspath(filename)
if not filename.startswith(os.path.join(os.getcwd(), '')):
logging.warn('Path traversal protection triggered for %s, '
'returning 404', filename)
return Response(status=404)
try:
fp = open(filename, 'rb')
# fp is not closed in this function as it is handed to the WSGI server
# directly.
except IOError:
logging.warn('Requested non-existent filename %s', filename)
return Response(status=404)
wrapped_file = wrap_file(request.environ, fp)
return Response(wrapped_file, direct_passthrough=True,
mimetype=mime_type or mimetypes.guess_type(filename)[0])
def server(filename):
print filename
storage_setup = current_app.config['storage']
if 'local' in storage_setup and 'absolut_path' in storage_setup['local']:
STORAGE = storage_setup['local']['absolut_path']
else:
STORAGE = '.'
filename = filename.split('.')[0]
node = CaliopeDocument.pull(filename)
file = open(os.path.join(STORAGE, filename), 'rb')
data = wrap_file(request.environ, file)
headers = Headers()
try:
mimetype = node.mimetype
except:
mimetype = 'application/octet-stream'
rv = current_app.response_class(data, mimetype=mimetype, headers=headers,
direct_passthrough=False)
return rv
def get(self, digest):
"""Fill the local Response to serve the requested file.
Set the fields of the Response object saved in the greenlet-
local storage to make it then serve the file identified by the
given digest when called as a WSGI application.
digest (bytes): the digest of the file we want to retrieve.
raise: NotFound if the cacher cannot provide the file.
"""
try:
fobj = self._file_cacher.get_file(digest)
except KeyError:
raise NotFound()
local.response.status_code = 200
# XXX We could use get_size to determine Content-Length.
if "filename" in local.request.args:
local.response.headers.add_header(
b'Content-Disposition', b'attachment',
filename=local.request.args["filename"])
# FIXME Determine from filename (if given) or file contents.
local.response.mimetype = 'application/octet-stream'
local.response.response = wrap_file(local.request.environ, fobj)
local.response.direct_passthrough = True
def file_response(id, download=False):
# 获取 GridFS 文件
try:
file = GridFS(mongo.db).get(id)
except NoFile:
raise NotFound()
# 将 GridFS 文件对象包装为一个 WSGI 文件对象
data = wrap_file(request.environ, file, buffer_size=1024 * 255)
# 创建一个 Flask Response 对象来响应文件内容
response = current_app.response_class(
data,
mimetype=file.content_type,
direct_passthrough=True,
)
# 设置内容长度响应头
response.content_length = file.length
# 设置内容最后修改时间 和 Etag 响应头,浏览器可根据这些信息来判断文件内容是否有更新
response.last_modified = file.upload_date
response.set_etag(file.md5)
# 设置缓存时间和公开性响应头,这里缓存时间设为了大约一年
response.cache_control.max_age = 365 * 24 * 3600
response.cache_control.public = True
# 让响应变为条件性地,如果跟 request 里的头信息对比发现浏览器里已经缓存有最新内容,那么本次响应内容将为空
response.make_conditional(request)
# 如果是下载模式,需要添加 Content-Disposition 响应头
# 注意 filename 需要编码为 utf-8,否则中文会乱码
if download:
response.headers.set('Content-Disposition',
'attachment',
filename=file.filename.encode('utf-8'))
return response
def render(self):
f = open(self.file_path, 'rb')
response = Response(wrap_file(frappe.local.request.environ, f),
direct_passthrough=True)
response.mimetype = mimetypes.guess_type(
self.file_path)[0] or 'application/octet-stream'
return response
def get(self, filename=None):
"""return a static file"""
if self.module is not None:
try:
fp = pkg_resources.resource_stream(self.module.import_name, os.path.join(self.module.config.static_folder, filename))
except IOError:
raise werkzeug.exceptions.NotFound()
config = self.module.config
else:
try:
fp = pkg_resources.resource_stream(self.app.import_name, os.path.join(self.app.config.static_folder, filename))
except IOError:
raise werkzeug.exceptions.NotFound()
config = self.app.config
mimetype = mimetypes.guess_type(filename)[0]
if mimetype is None:
mimetype = 'application/octet-stream'
headers = Headers()
data = wrap_file(self.request.environ, fp)
rv = self.app.response_class(data, mimetype=mimetype, headers=headers,
direct_passthrough=True)
rv.cache_control.public = True
cache_timeout = self.config.static_cache_timeout
if cache_timeout is not None:
rv.cache_control.max_age = cache_timeout
rv.expires = int(time.time() + cache_timeout)
return rv
def logo_login(self, **post):
p = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
number_rnd = random.randint(1, 15)
p = os.path.join(p, 'static/src/img/fundo_{0}.jpg'.format(number_rnd))
image = open(p, 'rb')
return BaseResponse(wrap_file(request.httprequest.environ, image),
mimetype='image/png')
def get_upload_as_data_uri(media_id):
if not request.args.get('resource'):
media_id = app.media.getFilename(media_id)
media_file = app.media.get(media_id, 'upload')
else:
media_file = app.media.get(media_id, request.args['resource'])
if media_file:
data = wrap_file(request.environ, media_file, buffer_size=1024 * 256)
response = app.response_class(data,
mimetype=media_file.content_type,
direct_passthrough=True)
response.content_length = media_file.length
response.last_modified = media_file.upload_date
response.set_etag(media_file.md5)
response.cache_control.max_age = cache_for
response.cache_control.s_max_age = cache_for
response.cache_control.public = True
response.make_conditional(request)
if strtobool(request.args.get('download', 'False')):
response.headers['Content-Disposition'] = 'attachment'
else:
response.headers['Content-Disposition'] = 'inline'
return response
raise SuperdeskApiError.notFoundError('File not found on media storage.')
def dispatch_request(self, environ, request):
filename = request.path if request.path != "/" else "index.html"
try:
fp = open('app/%s' % filename, 'rb')
except IOError:
raise NotFound()
return Response(wrap_file(environ, fp), mimetype='text/html')
def on_get(self, request, category, filename):
path = pjoin(category, secure_filename(filename))
full_path = self._full_path(path)
if not os.path.exists(full_path):
raise NotFound()
return Response(wrap_file(request.environ, open(full_path, 'rb')),
mimetype='audio/mpeg')
def view_file(req):
if not 'uploaded_file' in req.files:
return BaseResponse('no file uploaded')
f = req.files['uploaded_file']
return BaseResponse(wrap_file(req.environ, f),
mimetype=f.content_type,
direct_passthrough=True)
def package(app, request, path):
# Get our filename and filepath from the request path
filename = os.path.basename(path)
filepath = safe_join(os.path.abspath(app.config.paths.packages), path)
# If we cannot safely join the requested path with our directory
# return a 404
if filepath is None:
raise NotFound("{} was not found".format(filename))
# Open the file and attempt to wrap in the wsgi.file_wrapper if it's
# available, otherwise read it directly.
try:
fp = open(filepath, "rb")
data = wrap_file(request.environ, fp)
except IOError:
raise NotFound("{} was not found".format(filename))
# Get the project name and normalize it
lookup_filename = filename[:-4] if filename.endswith(".asc") else filename
project = app.db.packaging.get_project_for_filename(lookup_filename)
# Get the MD5 hash of the file
content_md5 = app.db.packaging.get_filename_md5(filename)
headers = {}
# Add in additional headers if we're using Fastly
headers["Surrogate-Key"] = " ".join(
fastly.projects.format_keys(project=project), )
# Look up the last serial for this file
serial = app.db.packaging.get_last_serial(project)
if serial is not None:
headers["X-PyPI-Last-Serial"] = serial
# Pass through the data directly to the response object
resp = Response(
data,
headers=headers,
mimetype=get_mimetype(filename),
direct_passthrough=True,
)
# Setup the Last-Modified header
resp.last_modified = os.path.getmtime(filepath)
# Setup the Content-Length header
resp.content_length = os.path.getsize(filepath)
if content_md5:
# Setup the Content-MD5 headers
resp.content_md5 = content_md5
# Setup Conditional Responses
resp.set_etag(content_md5)
resp.make_conditional(request)
return resp
def application(request):
"""
To use this application, the user must send a POST request with
base64 or form encoded encoded HTML content and the wkhtmltopdf Options in
request data, with keys 'base64_html' and 'options'.
The application will return a response with the PDF file.
"""
if request.method != 'POST':
return
request_is_json = request.content_type.endswith('json')
with tempfile.NamedTemporaryFile(suffix='.html',
delete=False) as source_file:
if request_is_json:
# If a JSON payload is there, all data is in the payload
payload = json.loads(request.data)
source_file.write(payload['contents'].decode('base64'))
options = payload.get('options', {})
elif request.files:
# First check if any files were uploaded
source_file.write(request.files['file'].read())
# Load any options that may have been provided in options
options = json.loads(request.form.get('options', '{}'))
source_file.flush()
# Evaluate argument to run with subprocess
args = ['wkhtmltopdf']
# Add Global Options
if options:
for option, value in options.items():
args.append('--%s' % option)
if value:
args.append('"%s"' % value)
# Check if footer is present
if payload.get('footer'):
with tempfile.NamedTemporaryFile(
suffix='.html', delete=False) as footer_source_file:
footer_source_file.write(payload['footer'].decode('base64'))
args += ['--footer-html ' + footer_source_file.name]
footer_source_file.flush()
# Add source file name and output file name
file_name = source_file.name
args += [file_name, file_name + ".pdf"]
# Execute the command using executor
execute(' '.join(args))
return Response(
wrap_file(request.environ, open(file_name + '.pdf')),
mimetype='application/pdf',
)
def craete_object(request):
driver = get_driver_instance(providers, request)
data = {"container_name": request.args["container"]}
container = entries.ContainerEntry._get_object(data, driver)
extra = {"content_type": request.content_type}
result = driver.upload_object_via_stream(
wrap_file(request.environ, request.stream, 8096), container, request.args["object_name"], extra
)
return Response(entries.ObjectEntry.to_json(result), status=httplib.OK)
def attachments():
"""
Interface for managing attachments
first step is to download attachments
Just knowing attachid is not enough. It should belong to the session one has access to
- /tile/4e695114587718175c000006/t.jpg searches and returns the image
"""
# Get variables
db = request.args.get('sessdb', None)
attachid = request.args.get('attachid', None)
sessid = request.args.get('sessid', None)
cmd = request.args.get('cmd', "get")
if cmd == "get":
if(db == None or attachid == None or sessid == None):
flash('sessdb, attachid and sessid must all be set', "error")
return redirect('/home')
pass
# TODO: Can we store this information in the session information (or a database information)
conn.register([model.Database])
admindb = conn[current_app.config["CONFIGDB"]]
try:
dbid = ObjectId(db)
except:
flash('dbid is not a valid id', "error")
return redirect('/home')
dbobj = admindb["databases"].find_one({"_id" : dbid})
db = conn[dbobj['dbname']]
if not model.VerifySessionAccess(model.SEE_SESSION, db, sessid):
flash('Forbidden Access ', "error")
return redirect('/home')
# try:
gf = gridfs.GridFS(db , "attachments")
fileobj = gf.get(ObjectId(attachid))
# except:
# flash('Error locating file', "error")
# return redirect('/home')
# mostly copied from flask/helpers.py, with
# modifications for GridFS
data = wrap_file(request.environ, fileobj)
response = current_app.response_class(
data,
mimetype=fileobj.content_type,
direct_passthrough=True)
response.content_length = fileobj.length
response.last_modified = fileobj.upload_date
response.set_etag(fileobj.md5)
response.cache_control.max_age = 0
response.cache_control.s_max_age = 0
response.cache_control.public = True
response.headers['Content-Disposition'] = 'attachment; filename=' + fileobj.filename
response.make_conditional(request)
return response
def get_static_file_response(): try: f = open(frappe.flags.file_path, 'rb') except IOError: raise NotFound response = Response(wrap_file(frappe.local.request.environ, f), direct_passthrough=True) response.mimetype = mimetypes.guess_type(frappe.flags.file_path)[0] or b'application/octet-stream' return response
def send_file_csv(fileobj, mimetype=None, content_length=0):
data = wrap_file(request.environ, fileobj, buffer_size=1024*256)
response = current_app.response_class(
data,
mimetype=mimetype,
)
response.status_code = 200
response.make_conditional(request)
return response
def serve_full_file_request(request, headers, file, callbacks=[]):
headers.update({
'Content-Length': file.length,
'Accept-Ranges': 'bytes',
})
file_iterator = wrap_file(request.environ, file)
response = Response(ClosingIterator(file_iterator, callbacks=callbacks),
direct_passthrough=True, mimetype=file.content_type,
headers=headers)
response.last_modified = file.uploadDate
response.set_etag(file.md5)
return response
def request_font_awesome(self, path, **post):
current_dir = os.path.dirname(os.path.realpath(__file__))
ressource_path = os.path.join(
current_dir,
"../static/lib/fontawesome/fonts",
path)
response = Response(
wrap_file(request.httprequest.environ, open(ressource_path)),
headers=HEADERS,
direct_passthrough=True
)
return response
def handle_get_su3 (self, request):
if os.path.isdir(os.path.join(self.netdb_path,'..','su3netDb')):
selectedNum = binascii.crc32(hashlib.sha256(request.remote_addr).digest()) % 50
selSU3File = os.path.join(self.netdb_path,'..','su3netDb',str(selectedNum)+'.su3')
print selSU3File
if os.path.isfile(selSU3File):
res = Response (wrap_file(request.environ, open(selSU3File, 'rb')),content_type = 'application/octet-stream',direct_passthrough = True)
res.headers.add ('Content-Length', os.path.getsize (selSU3File))
return res
else:
return Response('v2 not supported',status=404)
else:
return Response('v2 not supported',status=404)
def handle_get_file (self, request, b64hash):
name = 'routerInfo-' + b64hash + '.dat'
prefix = 'r' + b64hash[0]
filename = os.path.join (self.netdb_path, prefix, name)
try:
res = Response (wrap_file (request.environ, open(filename, 'rb')),
content_type = 'application/octet-stream',
direct_passthrough = True)
res.headers.add ('Content-Length', os.path.getsize (filename))
return res
except IOError, err:
if err.errno not in (errno.ENOENT,): raise
raise NotFound()
def file_handler(self, environ, filename):
path = os.path.join(pkg_resources.resource_filename("cms.web", "practice"), filename)
response = Response()
response.status_code = 200
response.mimetype = "application/octet-stream"
mimetype = mimetypes.guess_type(filename)[0]
if mimetype is not None:
response.mimetype = mimetype
response.last_modified = datetime.utcfromtimestamp(os.path.getmtime(path)).replace(microsecond=0)
response.response = wrap_file(environ, io.open(path, "rb"))
response.direct_passthrough = True
return response
def on_static(self, request, folder, filename):
path = os.path.join(folder, secure_filename(filename))
if path.endswith('.css'):
mimetype = 'text/css'
elif path.endswith('.js'):
mimetype = 'text/javascript'
else:
mimetype = 'text/plain'
if not os.path.isfile(path):
raise NotFound()
return Response(wrap_file(request.environ, open(path, 'rb')), mimetype=mimetype)
def wsgi_app(self, environ, start_response):
"""Execute this instance as a WSGI application.
See the PEP for the meaning of parameters. The separation of
__call__ and wsgi_app eases the insertion of middlewares.
"""
original_response = Response.from_app(self.wrapped_app, environ)
# We send relative locations to play nice with reverse proxies
# but Werkzeug by default turns them into absolute ones.
original_response.autocorrect_location_header = False
if self.DIGEST_HEADER not in original_response.headers:
return original_response
digest = original_response.headers.pop(self.DIGEST_HEADER)
filename = original_response.headers.pop(self.FILENAME_HEADER, None)
mimetype = original_response.mimetype
try:
fobj = self.file_cacher.get_file(digest)
size = self.file_cacher.get_size(digest)
except KeyError:
return NotFound()
except TombstoneError:
return ServiceUnavailable()
request = Request(environ)
request.encoding_errors = "strict"
response = Response()
response.status_code = 200
response.mimetype = mimetype
if filename is not None:
response.headers.add(
"Content-Disposition", "attachment", filename=filename)
response.set_etag(digest)
response.cache_control.max_age = SECONDS_IN_A_YEAR
response.cache_control.private = True
response.response = \
wrap_file(environ, fobj, buffer_size=FileCacher.CHUNK_SIZE)
response.direct_passthrough = True
try:
# This takes care of conditional and partial requests.
response.make_conditional(
request, accept_ranges=True, complete_length=size)
except HTTPException as exc:
return exc
return response
def get_upload_as_data_uri(media_id):
media_file = app.media.get(media_id, "upload")
if media_file:
data = wrap_file(request.environ, media_file, buffer_size=1024 * 256)
response = app.response_class(data, mimetype=media_file.content_type, direct_passthrough=True)
response.content_length = media_file.length
response.last_modified = media_file.upload_date
response.set_etag(media_file.md5)
response.cache_control.max_age = cache_for
response.cache_control.s_max_age = cache_for
response.cache_control.public = True
response.make_conditional(request)
return response
raise SuperdeskApiError.notFoundError("File not found on media storage.")