def login():
if current_user.is_authenticated:
flash('You are already logged in.', 'info')
return redirect(url_for('admin'))
form = LoginForm()
if form.validate_on_submit():
try:
user = User.load(form.username.data)
if not user.authenticate(form.password.data):
raise ValueError('Invalid password.')
login_user(user)
flash('Successfully logged in.', 'success')
log(user.get_id(), request.remote_addr, 'login', '')
next_addr = request.args.get('next')
if not is_safe_url(next_addr, {request.host, }):
return redirect(url_for('admin'))
return redirect(next_addr or url_for('admin'))
except (NameError, ValueError):
flash('Invalid username or password.', 'danger')
return redirect(url_for('login'))
return render_template('login.html', title='Sign in', form=form)
def files(file_id):
conn = sqlite3.connect(app.config['DB_FILE'])
cursor = conn.cursor()
cursor.execute('SELECT filename FROM files WHERE id=?', (file_id,))
filename = cursor.fetchone()
conn.close()
if filename is not None:
username = current_user.get_id() if current_user.is_authenticated else 'not_authenticated'
log(username, request.remote_addr, 'download', f'file_id: {file_id}, ' +
f'filename: {filename[0]}')
return send_from_directory(app.config['FILES_DIRECTORY'], filename[0],
as_attachment=True)
return 'Invalid file id.', 404
def upload():
if request.method == 'POST':
file_id = None
if 'file' not in request.files:
flash('Invalid upload: no file uploaded.', 'danger')
return redirect(url_for('upload'))
f = request.files['file']
if f.filename == '':
flash('Invalid upload: empty filename.', 'danger')
return redirect(url_for('upload'))
if f and allowed_file(f.filename):
filename = secure_filename(f.filename)
if os.path.isfile(os.path.join(app.config['FILES_DIRECTORY'], filename)):
flash('Invalid upload: file already exists.', 'danger')
return redirect(url_for('upload'))
f.save(os.path.join(app.config['FILES_DIRECTORY'], filename))
file_id = id_from_filename(filename)
time_uploaded = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
size = os.stat(os.path.join(app.config['FILES_DIRECTORY'], filename)).st_size
conn = sqlite3.connect(app.config['DB_FILE'])
cursor = conn.cursor()
cursor.execute('INSERT INTO files VALUES (?, ?, ?, ?)', (file_id, filename, time_uploaded, size))
conn.commit()
conn.close()
flash('Successfully uploaded file.', 'success')
log(current_user.get_id(), request.remote_addr, 'upload', f'file_id: {file_id}, ' +
f'filename: {filename}')
else:
flash('Invalid upload: file extension not allowed.', 'danger')
if file_id is not None:
# escape file_id
return render_template('upload.html', title='Upload file', file_id=quote(file_id, safe=''))
else:
return render_template('upload.html', title='Upload file')
else:
return render_template('upload.html', title='Upload file')
def delete(file_id):
conn = sqlite3.connect(app.config['DB_FILE'])
cursor = conn.cursor()
cursor.execute('SELECT filename FROM files WHERE id=?', (file_id,))
res = cursor.fetchone()
if res is not None:
cursor.execute('DELETE FROM files WHERE id=?', (file_id,))
conn.commit()
os.remove(os.path.join(app.config['FILES_DIRECTORY'], res[0]))
flash('Successfully deleted file.', 'success')
log(current_user.get_id(), request.remote_addr, 'delete', f'file_id: {file_id}, ' +
f'filename: {res[0]}')
else:
flash('Invalid id.', 'danger')
conn.close()
return redirect(url_for('list_files'))
if cursor.fetchone() is None:
print(
'ERROR: No file with this file ID exists in the database. Aborted.'
)
conn.close()
exit(1)
choice = input(
f'Do you really want to delete file {sys.argv[1]} with file ID "{file_id}"? (Y/n) '
)
choice = False if choice == 'n' else True
if not choice:
print('Aborted.')
conn.close()
exit(1)
cursor.execute('DELETE FROM files WHERE id=?', (file_id, ))
conn.commit()
conn.close()
os.remove(os.path.join(app.config['FILES_DIRECTORY'], sys.argv[1]))
log('terminal', 'terminal', 'delete',
f'file_id: {file_id}, filename: {sys.argv[1]}')
print(
f'Deleted file {sys.argv[1]} with file ID {file_id} from the database.'
)
def logout():
log(current_user.get_id(), request.remote_addr, 'logout', '')
logout_user()
flash('Successfully logged out.', 'success')
return redirect(url_for('admin'))
cursor.execute('SELECT filename FROM files WHERE id=?', (file_id,))
if cursor.fetchone() is not None:
print('ERROR: A file with this file ID already exists in the database. Aborted.')
conn.close()
exit(1)
choice = input(f'Do you want to add file {sys.argv[1]} with file ID "{file_id}"? (Y/n) ')
choice = False if choice == 'n' else True
if not choice:
print('Aborted.')
conn.close()
exit(1)
if not os.path.isfile(os.path.join(app.config['FILES_DIRECTORY'], sys.argv[1])):
print(f'ERROR: No file named {sys.argv[1]} exists in {app.config["FILES_DIRECTORY"]}/.')
print('Aborted.')
conn.close()
exit(1)
time_uploaded = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
size = os.stat(os.path.join(app.config['FILES_DIRECTORY'], sys.argv[1])).st_size
cursor.execute('INSERT INTO files VALUES(?, ?, ?, ?)', (file_id, sys.argv[1], time_uploaded, size))
conn.commit()
conn.close()
log('terminal', 'terminal', 'upload', f'file_id: {file_id}, filename: {sys.argv[1]}')
print(f'Added file {sys.argv[1]} to database. File ID: {file_id}')