Share a file with a link

Wervice · Jul 19, 2023 · dbc174e · dbc174e
1 parent e9faacc
commit dbc174e
Show file tree

Hide file tree

Showing 5 changed files with 157 additions and 3 deletions.
diff --git a/__main__.py b/__main__.py
@@ -135,7 +135,7 @@ def file_html_gen(username):
     files = os.listdir("users/"+username+"/")
     html_code = ""
     for file in files:
-        if file != "userpassword.cfg" and file != "enced_files" and file != "Thumbs.db" and file != "ckey.cfg" and not file.startswith("chat_log_file_") and file != "chat_inbox":
+        if file != "userpassword.cfg" and file != "enced_files" and file != "Thumbs.db" and file != "ckey.cfg" and not file.startswith("chat_log_file_") and file != "chat_inbox" and file != "shared_files":
             # mime_image.svg
             # mime_doc.svg
             # mime_presentation.svg
@@ -295,7 +295,7 @@ def forbiden(error):
     print("Block binaries")
 else:
     blacklist_extensions = []
-blacklist_filenames = ["is_admin", "userconfig.cfg", "enced_files", "Thumbs.db", "decryption_tempfile.tmp", "", "chat_inbox", "userpassword.cfg", "ckey.cfg"]
+blacklist_filenames = ["is_admin", "userconfig.cfg", "enced_files", "Thumbs.db", "decryption_tempfile.tmp", "", "chat_inbox", "userpassword.cfg", "ckey.cfg", "shared_files"]
 
 def validate_access_permissions(filename):
     if secure_filename(filename) in blacklist_filenames or filename.startswith('chat_log_file_'):
@@ -583,6 +583,15 @@ def delete_file(filename):
                     'users/'+username+"/enced_files", "w")
                 loggedin_users_writer.write(json.dumps(json_array_enced))
                 loggedin_users_writer.close()
+            filename = str(secure_filename(filename))
+            username = json_array[request.remote_addr]
+            user_shared_list = open('users/'+username+"/shared_files")
+            user_shared_list_parsed = json.load(user_shared_list)
+            try:
+                del user_shared_list_parsed[filename]
+            except:
+                pass
+            open('users/'+username+"/shared_files", "w").write(json.dumps(user_shared_list_parsed))
             return "<style>* { background-color: #02050f}</style><script>history.back()</script>"
         else:
             return "You aren't allowed to access this file", 403
@@ -1151,5 +1160,68 @@ def security_advisor_start():
         return render_template("security_advisor_overview.html", p_score = p_score).replace("[[ m_f_list_html ]]", m_f_list_html)
     else:
         return "You are not allowed to access this page", 403
+
+@app.route("/share/link/<string:username>/<string:filename>/<string:code>")
+def share_link(username, filename, code):
+    username = decode_from_base64(str(username))
+    user_shared_list = open('users/'+encode_as_base64(secure_filename(username))+"/shared_files")
+    user_shared_list_parsed = json.load(user_shared_list)
+    if secure_filename(filename) in user_shared_list_parsed and user_shared_list_parsed[secure_filename(filename)] == code and not validate_access_permissions(filename):
+        return send_file(
+            "users/"+encode_as_base64(secure_filename(username))+"/"+secure_filename(filename),
+            mimetype=secure_filename(filename),
+            as_attachment=True,
+            download_name=filename
+        )
+    else:
+        return render_template("share_wrong_code.html")
+
+@app.route("/share/info/<string:filename>")
+def share_info(filename):
+    login_user_input_file = open('loggedin_users')
+    json_array = json.load(login_user_input_file)
+    if request.remote_addr in json_array:
+        username = json_array[request.remote_addr]
+        user_shared_list = open('users/'+username+"/shared_files")
+        user_shared_list_parsed = json.load(user_shared_list)
+        filename = decode_from_base64(str(filename))
+        if filename in user_shared_list_parsed:
+            return "shared"
+        else:
+            return "not_shared"
+    else:
+        return "This part of the API is locked down for you"
+
+@app.route("/share/reglink/<string:filename>")
+def share_reglink(filename):
+    login_user_input_file = open('loggedin_users')
+    json_array = json.load(login_user_input_file)
+    if request.remote_addr in json_array:
+        filename = secure_filename(decode_from_base64(str(filename)))
+        username = json_array[request.remote_addr]
+        user_shared_list = open('users/'+username+"/shared_files")
+        user_shared_list_parsed = json.load(user_shared_list)
+        share_code = str(hashlib.sha256(str(random.randint(1,1000000)).encode("utf-8")).hexdigest())
+        user_shared_list_parsed[filename] = share_code
+        open('users/'+username+"/shared_files", "w").write(json.dumps(user_shared_list_parsed))
+        return "/share/link/"+username+"/"+filename+"/"+share_code
+    else:
+        return "This part of the API is locked down for you"
+
+@app.route("/share/unreg/<string:filename>")
+def share_unreg(filename):
+    login_user_input_file = open('loggedin_users')
+    json_array = json.load(login_user_input_file)
+    if request.remote_addr in json_array:
+        filename = secure_filename(decode_from_base64(str(filename)))
+        username = json_array[request.remote_addr]
+        user_shared_list = open('users/'+username+"/shared_files")
+        user_shared_list_parsed = json.load(user_shared_list)
+        del user_shared_list_parsed[filename]
+        open('users/'+username+"/shared_files", "w").write(json.dumps(user_shared_list_parsed))
+        return "done"
+    else:
+        return "This part of the API is locked down for you"
+
 
 app.run(host="0.0.0.0", port=5000, debug=False, ssl_context="adhoc")
diff --git a/asset/homescreen.css b/asset/homescreen.css
@@ -32,6 +32,10 @@
     background-color: transparent;
 }
 
+*.selectable::selection {
+    background-color: var(--accent-color);
+}
+
 *:focus {
     outline: none;
 }

diff --git a/asset/homescreen.js b/asset/homescreen.js
@@ -103,6 +103,54 @@ function show_file_menu(file, event) {
             }
         })
     }
+    document.getElementById("file_menu_share_button").onclick = async function () {
+        filename = event.srcElement.innerHTML.split("> ")[1].replaceAll(" ", "_")
+        console.log("/share/info/" + btoa(filename))
+        fetch("/share/info/" + btoa(filename))
+            .then((response) => {
+                if (response.ok) {
+                    return response.text()
+                }
+                else {
+                    return "Error"
+                }
+            })
+            .then(
+                function (response) {
+                    if (response == "not_shared") {
+                        l_confirm("Do you want to create a sharing link for " + filename + "?", function () {
+                            fetch("/share/reglink/" + btoa(filename)).then(
+                                (response) => {
+                                    if (response.ok) {
+                                        return response.text()
+                                    }
+                                    else {
+                                        return "Failed to get"
+                                    }
+                                }
+                            )
+                                .then(
+                                    function (response) {
+                                        document.getElementById("confirm_popup").hidden = true;
+                                        code = "https://"+location.host+response
+                                        l_confirm("Copy this code with CTRL+C. <div style=max-width:200px;overflow:scroll; class=selectable oncontextmenu='return true;'>"+code+"</div>", function () {
+                                            document.getElementById("confirm_popup").hidden = true;
+                                        })
+                                    }
+                                )
+                        })
+                    }
+                    else {
+                        l_confirm("Do you want to remove the sharing link for this file?", function () {
+                            fetch("/share/unreg/"+btoa(filename))
+                            l_confirm("The share link is removed for this file.", function () {
+                                document.getElementById("confirm_popup").hidden = true;
+                            })
+                        })
+                    }
+                }
+            )
+    }
 
     var x = event.clientX;
     var y = event.clientY;
@@ -258,7 +306,7 @@ function upload_new_file() {
 function security_advisor() {
     var advisorElement = document.getElementById("security_advisor");
     advisorElement.hidden = false;
-  
+
     setTimeout(function () {
         window.addEventListener("click", function hideAdvisor() {
             advisorElement.hidden = true;

diff --git a/templates/homescreen.html b/templates/homescreen.html
@@ -15,9 +15,11 @@
 </head>
 
 <body oncontextmenu="return false;">
+    <textarea id="share_code_copy" hidden></textarea>
     <iframe src="/security_advisor" id="security_advisor" hidden></iframe>
 
     <iframe id="editor_popup" src="" frameborder="0" hidden></iframe>
+
     <div id="info_msg" hidden>
         <big id="info_message">
             None
@@ -67,6 +69,7 @@
         <button id="file_menu_rename_button">Rename</button><br>
         <button id="file_menu_download_button">Download</button>
         <button id="file_menu_rawedit_button">Edit</button>
+        <button id="file_menu_share_button">Share</button>
     </div>
 
     <div id="menu" onmouseleave="hide_menu()" hidden>

diff --git a/templates/share_wrong_code.html b/templates/share_wrong_code.html
@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Wrong code</title>
+    <link rel="stylesheet" href="/asset/lui.css">
+    <link rel="stylesheet" href="/asset/homescreen.css">
+    <link rel="stylesheet" href="/asset/themeoverride.css">
+    <style>
+        body {
+            margin: 10px;
+        }
+
+        span#title {
+            width: 100%;
+            display: inline-block;
+            font-size: x-large;
+        }
+    </style>
+</head>
+<body>
+    <span style="opacity: 50%; font-size: medium;">Lumos</span><br>
+    <span id="title" align="center">This link is wrong<br><small>The sharing link for this file was removed or is incorrect.</small><br>
+    <button onclick="location.href = '/'">Go back</button></span>
+</body>
+</html>