Пример #1
0
def verify_share():
    fid = request.args.get('fid')
    nonce = request.args.get('nonce')
    # 查询分享数据库中是否有该文件
    f = Share.get_by(fid = fid, nonce = nonce)
    if(not f):
        return 404
    else:
        f = File.get_by(fileid = fid)
        fname = f.filename
        uid = f.uid
        name = User.get_by(usrid = uid).usrname
        return render_template('unlock.html', form=EnsureForm(fid=fid, nonce=nonce), \
            fname=fname, name=name)
Пример #2
0
def download_shared():
    from config import shared_path
    from flask import make_response
    from collections import OrderedDict
    import unicodedata
    from werkzeug.urls import url_quote

    form = EnsureForm()
    fid = form.fid.data
    nonce = form.nonce.data
    sharekey = form.sharekey.data
    f = Share.get_by(fid=fid, nonce=nonce)
    if f is None:
        return 404
    else:
        # 验证分享码是否正确
        sharekey = bytes.fromhex(sharekey)
        saved = f.sharekey
        success = argon2.verify(sharekey, saved)
        if not success:
            flash('分享码不正确!')
            return redirect('/msg_box')
        # 用分享码解密获得对称密钥
        enc_key = f.enc_key
        sym_key = secret.symmetric_decrypt(sharekey, enc_key)
        f = File.get_by(fileid=fid)
        uid = f.uid
        hash_value = f.sha256
        PublicKey = User.get_by(usrid=uid).pubkey
        # 对称解密
        path = shared_path + str(uid) + '/' + hash_value
        with open(path, 'rb') as f_:
            content = f_.read()
            decrypted_content = secret.symmetric_decrypt(sym_key, content)
        response = make_response(decrypted_content)
        filename = f.filename
        filenames = OrderedDict()
        try:
            filename = filename.encode('latin-1')
        except UnicodeEncodeError:
            filenames['filename'] = unicodedata.normalize('NFKD', filename).encode('latin-1', 'ignore')
            filenames['filename*']:"UTF-8''{}".format(url_quote(filename))
        else:
            filenames['filename'] = filename
        response.headers.set('Content-Disposition', 'attachment', **filenames)
        return response
Пример #3
0
def show_msg_detail():
    from config import domain_name, sy_private_key
    from flask import jsonify
    from models import Share
    import secret, traceback

    try:
        shareid = request.form['sid']
        msgid = request.form['mid']
        share = Share.get_by(id_=shareid)
        Message.set_readed(msgid)
        link = 'http://' + domain_name + '/share/verify?fid=' + str(
            share.fid) + '&nonce=' + share.nonce
        # 使用服务器私钥解密分享码
        sk = secret.decrypt(bytes.fromhex(sy_private_key), share.enc_sharekey)
        return jsonify(link=link, sharekey=sk.hex())
    except Exception as e:
        return e.args