def delete(self, notify=True):
"""
Remove the folder where the shared file is stored.
"""
shutil.rmtree(os.path.join(app.config['FLASKUP_UPLOAD_FOLDER'], self.path))
# notify admins
if 'delete' in app.config['FLASKUP_NOTIFY'] and notify:
subject = render_template('emails/notify_delete_subject.txt', f=self)
body = render_template('emails/notify_delete_body.txt', f=self)
send_mail(subject, body, app.config['FLASKUP_ADMINS'])
def delete(self, notify=True):
"""
Remove the folder where the shared file is stored.
"""
shutil.rmtree(os.path.join(app.config["FLASKUP_UPLOAD_FOLDER"], self.path))
# notify admins
if "delete" in app.config["FLASKUP_NOTIFY"] and notify:
subject = render_template("emails/notify_delete_subject.txt", f=self)
body = render_template("emails/notify_delete_body.txt", f=self)
send_mail(subject, body, app.config["FLASKUP_ADMINS"])
def save(self, notify=True):
"""
Save the uploaded file on disk.
"""
# store the upload file on disk
self.filename = secure_filename(self.upload_file.filename)
self.key = self.gen_key()
self.relative_path = self.key_to_path(self.key)
path = os.path.join(app.config['FLASKUP_UPLOAD_FOLDER'], self.relative_path)
os.makedirs(path)
self.upload_file.save(os.path.join(path, self.filename))
self.size = os.path.getsize(os.path.join(path, self.filename))
# generate a unique key needed to delete the file
self.delete_key = uuid.uuid4().hex[:app.config['FLASKUP_DELETE_KEY_LENGTH']]
# number of days to keep the file
self.expire_date = date.today() + timedelta(app.config['FLASKUP_MAX_DAYS'])
# store informations to keep with the file
infos = {}
infos['filename'] = self.filename
infos['key'] = self.key
infos['path'] = self.relative_path
infos['upload_date'] = date.today()
infos['expire_date'] = self.expire_date
infos['delete_key'] = self.delete_key
infos['remote_ip'] = self.remote_ip
infos['size'] = self.size
infos['password_identifier'] = self.password_identifier
path = os.path.join(app.config['FLASKUP_UPLOAD_FOLDER'], self.relative_path)
with open(os.path.join(path, self.key + self._JSON_FILENAME), 'w') as json_file:
simplejson.dump(infos, json_file, cls=date_encoder)
# notify admins
if 'add' in app.config['FLASKUP_NOTIFY'] and notify:
subject = render_template('emails/notify_add_subject.txt', f=self)
body = render_template('emails/notify_add_body.txt', f=self)
send_mail(subject, body, app.config['FLASKUP_ADMINS'])
def save(self, notify=True):
"""
Save the uploaded file on disk.
"""
# store the upload file on disk
self.filename = secure_filename(self.upload_file.filename)
self.key = self.gen_key()
self.relative_path = self.key_to_path(self.key)
path = os.path.join(app.config["FLASKUP_UPLOAD_FOLDER"], self.relative_path)
os.makedirs(path)
self.upload_file.save(os.path.join(path, self.filename))
self.size = os.path.getsize(os.path.join(path, self.filename))
# generate a unique key needed to delete the file
self.delete_key = uuid.uuid4().hex[: app.config["FLASKUP_DELETE_KEY_LENGTH"]]
# number of days to keep the file
self.expire_date = date.today() + timedelta(app.config["FLASKUP_MAX_DAYS"])
# store informations to keep with the file
infos = {}
infos["filename"] = self.filename
infos["key"] = self.key
infos["path"] = self.relative_path
infos["upload_date"] = date.today()
infos["expire_date"] = self.expire_date
infos["delete_key"] = self.delete_key
infos["remote_ip"] = self.remote_ip
infos["size"] = self.size
infos["password_identifier"] = self.password_identifier
path = os.path.join(app.config["FLASKUP_UPLOAD_FOLDER"], self.relative_path)
with open(os.path.join(path, self.key + self._JSON_FILENAME), "w") as json_file:
simplejson.dump(infos, json_file, cls=date_encoder)
# notify admins
if "add" in app.config["FLASKUP_NOTIFY"] and notify:
subject = render_template("emails/notify_add_subject.txt", f=self)
body = render_template("emails/notify_add_body.txt", f=self)
send_mail(subject, body, app.config["FLASKUP_ADMINS"])
def upload_file():
if request.headers.getlist("X-Forwarded-For"):
remote_ip = request.headers.getlist("X-Forwarded-For")[0]
else:
remote_ip = request.environ.get('REMOTE_ADDR', None)
upload_file = None
password_identifier = None
passwords = app.config['FLASKUP_UPLOAD_PASSWORDS']
if passwords:
# check if user provided a valid password
mypassword = request.form.get('mypassword')
check_password = app.config.get('FLASKUP_UPLOAD_PASSWORDS_CHECK')
valid_password = False
for hashed_password, info in passwords:
try:
if check_password(mypassword, hashed_password):
password_identifier = info
valid_password = True
continue
except:
# An exception was raised when cheking the password.
# Treat this as a password check failure, so do nothing
# more.
pass
if not valid_password:
message = _("Incorrect password")
return jsonify(message=message), 400
if app.config['FLASKUP_NGINX_UPLOAD_MODULE_ENABLED']:
# Nginx Upload Module
if 'myfile.name' in request.form and 'myfile.path' in request.form:
realpath = os.path.realpath(request.form['myfile.path'])
storepath = app.config['FLASKUP_NGINX_UPLOAD_MODULE_STORE']
storepath = os.path.realpath(storepath)
if realpath.startswith(storepath):
upload_file = NginxUploadFile(
filename=request.form['myfile.name'],
path=request.form['myfile.path']
)
else:
# the path given in `myfile.path` is outside the store path
# this should not happen
message = "'{0}' not in the Nginx upload-module store".format(
request.form['myfile.path']
)
return jsonify(message=message), 400
else:
# Werkzeug `FileStorage` (normal HTTP Post)
if 'myfile' in request.files and request.files['myfile']:
upload_file = request.files['myfile']
if upload_file is None:
# no upload file
message = _("The file is required.")
if request.is_xhr:
return jsonify(message=message), 400
else:
return render_template('show_upload_form.html', error=message)
shared_file = SharedFile()
shared_file.upload_file = upload_file
shared_file.remote_ip = remote_ip
shared_file.password_identifier = password_identifier
shared_file.save()
# notify the user
myemail = request.form.get('myemail', '').strip()
if myemail:
subject = render_template('emails/notify_me_subject.txt',
f=shared_file,
recipient=myemail)
body = render_template('emails/notify_me_body.txt',
f=shared_file,
recipient=myemail)
send_mail(subject, body, [myemail])
# notify contacts
max_contacts = app.config['FLASKUP_MAX_CONTACTS']
if 'mycontacts' in request.form:
mycontacts = request.form['mycontacts']
all_contacts = [c.strip() for c in mycontacts.splitlines()]
for contact in all_contacts[:max_contacts]:
if contact:
subject = render_template('emails/notify_contact_subject.txt',
f=shared_file,
sender=myemail,
recipient=contact)
body = render_template('emails/notify_contact_body.txt',
f=shared_file,
sender=myemail,
recipient=contact)
send_mail(subject, body, [contact])
if request.is_xhr:
return jsonify(url=url_for('show_uploaded_file', key=shared_file.key,
secret=shared_file.delete_key))
else:
return redirect(url_for('show_uploaded_file', key=shared_file.key,
secret=shared_file.delete_key))
def upload_file():
if request.headers.getlist("X-Forwarded-For"):
remote_ip = request.headers.getlist("X-Forwarded-For")[0]
else:
remote_ip = request.environ.get('REMOTE_ADDR', None)
upload_file = None
password_identifier = None
passwords = app.config['FLASKUP_UPLOAD_PASSWORDS']
if passwords:
# check if user provided a valid password
mypassword = request.form.get('mypassword')
check_password = app.config.get('FLASKUP_UPLOAD_PASSWORDS_CHECK')
valid_password = False
for hashed_password, info in passwords:
try:
if check_password(mypassword, hashed_password):
password_identifier = info
valid_password = True
continue
except:
# An exception was raised when cheking the password.
# Treat this as a password check failure, so do nothing
# more.
pass
if not valid_password:
message = _("Incorrect password")
return jsonify(message=message), 400
if app.config['FLASKUP_NGINX_UPLOAD_MODULE_ENABLED']:
# Nginx Upload Module
if 'myfile.name' in request.form and 'myfile.path' in request.form:
realpath = os.path.realpath(request.form['myfile.path'])
storepath = app.config['FLASKUP_NGINX_UPLOAD_MODULE_STORE']
storepath = os.path.realpath(storepath)
if realpath.startswith(storepath):
upload_file = NginxUploadFile(
filename=request.form['myfile.name'],
path=request.form['myfile.path'])
else:
# the path given in `myfile.path` is outside the store path
# this should not happen
message = "'{0}' not in the Nginx upload-module store".format(
request.form['myfile.path'])
return jsonify(message=message), 400
else:
# Werkzeug `FileStorage` (normal HTTP Post)
if 'myfile' in request.files and request.files['myfile']:
upload_file = request.files['myfile']
if upload_file is None:
# no upload file
message = _("The file is required.")
if request.is_xhr:
return jsonify(message=message), 400
else:
return render_template('show_upload_form.html', error=message)
shared_file = SharedFile()
shared_file.upload_file = upload_file
shared_file.remote_ip = remote_ip
shared_file.password_identifier = password_identifier
shared_file.save()
# notify the user
myemail = request.form.get('myemail', '').strip()
if myemail:
subject = render_template('emails/notify_me_subject.txt',
f=shared_file,
recipient=myemail)
body = render_template('emails/notify_me_body.txt',
f=shared_file,
recipient=myemail)
send_mail(subject, body, [myemail])
# notify contacts
max_contacts = app.config['FLASKUP_MAX_CONTACTS']
if 'mycontacts' in request.form:
mycontacts = request.form['mycontacts']
all_contacts = [c.strip() for c in mycontacts.splitlines()]
for contact in all_contacts[:max_contacts]:
if contact:
subject = render_template('emails/notify_contact_subject.txt',
f=shared_file,
sender=myemail,
recipient=contact)
body = render_template('emails/notify_contact_body.txt',
f=shared_file,
sender=myemail,
recipient=contact)
send_mail(subject, body, [contact])
if request.is_xhr:
return jsonify(url=url_for('show_uploaded_file',
key=shared_file.key,
secret=shared_file.delete_key))
else:
return redirect(
url_for('show_uploaded_file',
key=shared_file.key,
secret=shared_file.delete_key))
