diff options
Diffstat (limited to 'Filer.py')
-rwxr-xr-x | Filer.py | 164 |
1 files changed, 164 insertions, 0 deletions
diff --git a/Filer.py b/Filer.py new file mode 100755 index 0000000..b7defd8 --- /dev/null +++ b/Filer.py | |||
@@ -0,0 +1,164 @@ | |||
1 | #!venv/bin/python | ||
2 | |||
3 | import os | ||
4 | import hashlib | ||
5 | import base64 | ||
6 | import time | ||
7 | from shutil import rmtree | ||
8 | |||
9 | from flask import Flask, render_template, jsonify, request, redirect, send_from_directory | ||
10 | from flask_dropzone import Dropzone | ||
11 | from argparse import ArgumentParser | ||
12 | from werkzeug.utils import secure_filename | ||
13 | |||
14 | app = Flask(__name__) | ||
15 | app.config['SECRET_KEY'] = 'Silence is golden. Gerd Eist.' | ||
16 | #app.jinja_env.trim_blocks = True | ||
17 | #app.jinja_env.lstrip_blocks = True | ||
18 | |||
19 | app.config['PREFERRED_URL_SCHEME'] = 'https' | ||
20 | app.config['DROPZONE_SERVE_LOCAL'] = True | ||
21 | app.config['DROPZONE_MAX_FILE_SIZE'] = 128 | ||
22 | app.config['DROPZONE_UPLOAD_MULTIPLE'] = True | ||
23 | app.config['DROPZONE_PARALLEL_UPLOADS'] = 10 | ||
24 | |||
25 | app.config['DROPZONE_ALLOWED_FILE_CUSTOM'] = True | ||
26 | app.config['DROPZONE_ALLOWED_FILE_TYPE'] = '' | ||
27 | |||
28 | app.config['DROPZONE_DEFAULT_MESSAGE'] = 'Ziehe die Dateien hier hin, um sie hochzuladen oder klicken Sie zur Auswahl.' | ||
29 | |||
30 | dropzone = Dropzone(app) | ||
31 | |||
32 | basedir = 'Daten' | ||
33 | |||
34 | #### ADMIN FACING DIRECTORY LISTS #### | ||
35 | #### | ||
36 | #### | ||
37 | @app.route("/admin", methods=['GET']) | ||
38 | def admin(): | ||
39 | url_root = request.url_root.replace('http://', 'https://', 1) | ||
40 | users = os.listdir(os.path.join(basedir, 'Mandanten')) | ||
41 | return render_template('admin.html', users = users, tree = make_tree(basedir, 'Public'), url_root = url_root) | ||
42 | |||
43 | @app.route("/admin/Dokumente/<user>", methods=['GET']) | ||
44 | def admin_dokumente(user): | ||
45 | return render_template('mandant.html', admin = 'admin/', user = user, tree = make_tree(basedir, os.path.join('Dokumente', user))) | ||
46 | |||
47 | @app.route("/admin/del-user/<user>", methods=['POST']) | ||
48 | def admin_deluser(user): | ||
49 | method = request.form.get('_method', 'POST') | ||
50 | if method == 'DELETE': | ||
51 | rmtree(os.path.join(basedir, 'Dokumente', secure_filename(user))) | ||
52 | os.unlink(os.path.join(basedir, 'Mandanten', secure_filename(user))) | ||
53 | return redirect('/admin') | ||
54 | |||
55 | @app.route("/admin/new-user", methods=['POST']) | ||
56 | def admin_newuser(): | ||
57 | password = request.form.get('password', '') | ||
58 | user = request.form.get('user', '') | ||
59 | if not password or not user: | ||
60 | return "Username or password missing", 400 | ||
61 | directory = secure_filename(user) | ||
62 | |||
63 | salt = os.urandom(4) | ||
64 | sha = hashlib.sha1(password.encode('utf-8')) | ||
65 | sha.update(salt) | ||
66 | |||
67 | digest_salt_b64 = base64.b64encode(sha.digest()+ salt) | ||
68 | tagged_digest_salt = '{{SSHA}}{}'.format(digest_salt_b64.decode('ascii')) | ||
69 | |||
70 | try: | ||
71 | if not os.path.exists(os.path.join(basedir, 'Dokumente', directory)): | ||
72 | os.mkdir(os.path.join(basedir, 'Dokumente', directory)) | ||
73 | with open(os.path.join(basedir, 'Mandanten', directory), 'w+', encoding='utf-8') as htpasswd: | ||
74 | htpasswd.write("{}:{}\n".format(user, tagged_digest_salt)) | ||
75 | except OSError as error: | ||
76 | return "Couldn't create user scope", 500 | ||
77 | return redirect('/admin') | ||
78 | |||
79 | #### USER FACING DIRECTORY LIST #### | ||
80 | #### | ||
81 | #### | ||
82 | @app.route("/Dokumente/<user>", methods=['GET']) | ||
83 | def mandant(user): | ||
84 | return render_template('mandant.html', admin = '', user = user, tree = make_tree(basedir, os.path.join('Dokumente', user))) | ||
85 | |||
86 | #### UPLOAD FILE ROUTES #### | ||
87 | #### | ||
88 | #### | ||
89 | @app.route('/Dokumente/<user>', methods=['POST']) | ||
90 | @app.route('/admin/Dokumente/<user>', methods=['POST']) | ||
91 | def upload_mandant(user): | ||
92 | for key, f in request.files.items(): | ||
93 | if key.startswith('file'): | ||
94 | username = secure_filename(user) | ||
95 | filename = secure_filename(f.filename) | ||
96 | f.save(os.path.join(basedir, 'Dokumente', username, filename)) | ||
97 | return 'upload template' | ||
98 | |||
99 | @app.route('/admin', methods=['POST']) | ||
100 | def upload_admin(): | ||
101 | for key, f in request.files.items(): | ||
102 | if key.startswith('file'): | ||
103 | filename = secure_filename(f.filename) | ||
104 | f.save(os.path.join(basedir, 'Public', filename)) | ||
105 | return 'upload template' | ||
106 | |||
107 | #### DELETE FILE ROUTES #### | ||
108 | #### | ||
109 | #### | ||
110 | @app.route('/Dokumente/<user>/<path:filename>', methods=['POST']) | ||
111 | def delete_file_mandant(user, filename): | ||
112 | method = request.form.get('_method', 'POST') | ||
113 | if method == 'DELETE': | ||
114 | os.unlink(os.path.join(basedir, 'Dokumente', secure_filename(user), secure_filename(filename))) | ||
115 | return redirect('/Dokumente/'+user) | ||
116 | |||
117 | @app.route('/admin/Dokumente/<user>/<path:filename>', methods=['POST']) | ||
118 | def delete_file_mandant_admin(user, filename): | ||
119 | method = request.form.get('_method', 'POST') | ||
120 | if method == 'DELETE': | ||
121 | os.unlink(os.path.join(basedir, 'Dokumente', secure_filename(user), secure_filename(filename))) | ||
122 | return redirect('/admin/Dokumente/'+user) | ||
123 | |||
124 | @app.route('/admin/Public/<path:filename>', methods=['POST']) | ||
125 | def delete_file_admin(filename): | ||
126 | method = request.form.get('_method', 'POST') | ||
127 | if method == 'DELETE': | ||
128 | os.unlink(os.path.join(basedir, 'Public', secure_filename(filename))) | ||
129 | return redirect('/admin') | ||
130 | |||
131 | #### SERVE FILES RULES #### | ||
132 | #### | ||
133 | #### | ||
134 | @app.route('/admin/Dokumente/<user>/<path:filename>', methods=['GET']) | ||
135 | @app.route('/Dokumente/<user>/<path:filename>', methods=['GET']) | ||
136 | def custom_static(user, filename): | ||
137 | return send_from_directory(os.path.join(basedir, 'Dokumente'), os.path.join(user, filename)) | ||
138 | |||
139 | @app.route('/Public/<path:filename>') | ||
140 | def custom_static_public(filename): | ||
141 | return send_from_directory(os.path.join(basedir, 'Public'), filename) | ||
142 | |||
143 | def make_tree(rel, path): | ||
144 | tree = dict(name=path, download=os.path.basename(path), children=[]) | ||
145 | try: lst = os.listdir(os.path.join(rel,path)) | ||
146 | except OSError: | ||
147 | pass #ignore errors | ||
148 | else: | ||
149 | for name in lst: | ||
150 | fn = os.path.join(path, name) | ||
151 | if os.path.isdir(os.path.join(rel,fn)): | ||
152 | tree['children'].append(make_tree(rel, fn)) | ||
153 | else: | ||
154 | ttl = 10 - int((time.time() - os.path.getmtime(os.path.join(rel,fn))) / (24*3600)) | ||
155 | tree['children'].append(dict(name=fn, download=name, ttl = ttl)) | ||
156 | return tree | ||
157 | |||
158 | if __name__ == "__main__": | ||
159 | parser = ArgumentParser(description="Filer") | ||
160 | parser.add_argument("-H", "--host", help="Hostname of the Flask app " + "[default %s]" % "127.0.0.1", default="127.0.0.1") | ||
161 | parser.add_argument("-P", "--port", help="Port for the Flask app " + "[default %s]" % "5000", default="5000") | ||
162 | args = parser.parse_args() | ||
163 | |||
164 | app.run(host=args.host, port=int(args.port)) | ||