def download(download_hash): if not download_hash: return response(request, 'No download hash specified', 400) if re.search('[^A-Za-z0-9_]', download_hash): return response(request, 'invalid download hash', 400) fb = FbQuery() # fetch file f = fb.file_get(download_hash) if not f: return response(request, 'Could not find file', 404) if f.expire != '0': # Expire date exists if fb.file_expired(f.expire): # Remove expired file from storage and database fb.file_remove(download_hash, f.filename) return response(request, 'This download has expired', 410) if f.download_password: # This file is password protected. if request.method == 'POST': # Validate download_password from database with user input pw = Password(config.get('settings', 'secret_key')) if not pw.validate(f.download_password, request.form['password']): return render_template('download.html', error='Invalid Password') else: return render_template('download.html', error=None) if f.one_time_download: # Set expire date to current time, download will be invalid in a minute fb.file_set_expiry(download_hash, datetime.now().strftime('%Y%m%d%H%M%S')) # Serve images in browser type = guess_type( os.path.join(app.config['UPLOAD_FOLDER'], download_hash, f.filename))[0] attachment = True if type and 'image' in type: attachment = False # Serve file, everything is ok return send_from_directory(os.path.join(app.config['UPLOAD_FOLDER'], download_hash), f.filename, as_attachment=attachment, cache_timeout=0)