Created
October 1, 2018 15:57
-
-
Save cwfitzgerald/ac6616df148b80f0c54390c887228f76 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@app.route("/s/<path:url>") | |
def ret_hosted_file(url): | |
return send_from_directory("s/", url) | |
@app.route("/api/fdel/<path:url>", methods=['POST']) | |
def delete_file(url): | |
form_data = request.form | |
filename = os.path.abspath(os.path.join("s/", url)) | |
if 'pin' not in form_data or form_data['pin'] != os.getenv('CWF_UPLOAD_PIN'): | |
return app.response_class( | |
response=json.dumps({"error":"invalid pin"}), | |
status=403, | |
mimetype='application/json' | |
) | |
storage = os.path.abspath("s") | |
file = os.path.abspath(filename) | |
common = os.path.commonpath([storage, file]) | |
if common != storage: | |
return app.response_class( | |
response=json.dumps({"error" : "invalid path"}), | |
status=403, | |
mimetype='application/json' | |
) | |
if os.path.exists(filename): | |
os.remove(filename) | |
return app.response_class( | |
response='', | |
status=204 | |
) | |
@app.route("/api/fhost", methods=['POST']) | |
def file_host(): | |
if 'file' not in request.files: | |
return app.response_class( | |
response=json.dumps(error="File 'file' not found"), | |
status=400, | |
mimetype='application/json' | |
) | |
file = request.files['file'] # type: werkzeug.datastructures.FileStorage | |
if file.filename == '': | |
return app.response_class( | |
response=json.dumps(error="Empty Filename"), | |
status=400, | |
mimetype='application/json' | |
) | |
form_data = request.form | |
preserve_filename = 'preserve_filename' in form_data | |
if 'pin' not in form_data or form_data['pin'] != os.getenv('CWF_UPLOAD_PIN'): | |
return app.response_class( | |
response=json.dumps({"error":"invalid pin"}), | |
status=403, | |
mimetype='application/json' | |
) | |
if preserve_filename: | |
prefix = datetime.datetime.now().strftime('%y%j-%H%M%S-') | |
filename = werkzeug.utils.secure_filename(file.filename) | |
filename = prefix + filename | |
else: | |
ext = os.path.splitext(file.filename)[-1] | |
filename = secrets.token_urlsafe(4) + ext | |
while os.path.exists(filename): | |
filename = secrets.token_urlsafe(4) + ext | |
filepath = os.path.join("s/", filename) | |
if not os.path.exists("s/"): | |
os.mkdir("s/") | |
file.save(filepath) | |
return jsonify(url="https://connorwfitzgerald.com/s/{}".format(filename), | |
deleter="https://connorwfitzgerald.com/api/fdel/{}".format(filename)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment