diff --git a/__main__.py b/__main__.py
index 1cd79af..e7daef9 100644
--- a/__main__.py
+++ b/__main__.py
@@ -135,7 +135,7 @@ def file_html_gen(username):
files = os.listdir("users/"+username+"/")
html_code = ""
for file in files:
- if file != "userpassword.cfg" and file != "enced_files" and file != "Thumbs.db" and file != "ckey.cfg" and not file.startswith("chat_log_file_") and file != "chat_inbox":
+ if file != "userpassword.cfg" and file != "enced_files" and file != "Thumbs.db" and file != "ckey.cfg" and not file.startswith("chat_log_file_") and file != "chat_inbox" and file != "shared_files":
# mime_image.svg
# mime_doc.svg
# mime_presentation.svg
@@ -295,7 +295,7 @@ def forbiden(error):
print("Block binaries")
else:
blacklist_extensions = []
-blacklist_filenames = ["is_admin", "userconfig.cfg", "enced_files", "Thumbs.db", "decryption_tempfile.tmp", "", "chat_inbox", "userpassword.cfg", "ckey.cfg"]
+blacklist_filenames = ["is_admin", "userconfig.cfg", "enced_files", "Thumbs.db", "decryption_tempfile.tmp", "", "chat_inbox", "userpassword.cfg", "ckey.cfg", "shared_files"]
def validate_access_permissions(filename):
if secure_filename(filename) in blacklist_filenames or filename.startswith('chat_log_file_'):
@@ -583,6 +583,15 @@ def delete_file(filename):
'users/'+username+"/enced_files", "w")
loggedin_users_writer.write(json.dumps(json_array_enced))
loggedin_users_writer.close()
+ filename = str(secure_filename(filename))
+ username = json_array[request.remote_addr]
+ user_shared_list = open('users/'+username+"/shared_files")
+ user_shared_list_parsed = json.load(user_shared_list)
+ try:
+ del user_shared_list_parsed[filename]
+ except:
+ pass
+ open('users/'+username+"/shared_files", "w").write(json.dumps(user_shared_list_parsed))
return ""
else:
return "You aren't allowed to access this file", 403
@@ -1151,5 +1160,68 @@ def security_advisor_start():
return render_template("security_advisor_overview.html", p_score = p_score).replace("[[ m_f_list_html ]]", m_f_list_html)
else:
return "You are not allowed to access this page", 403
+
+@app.route("/share/link///")
+def share_link(username, filename, code):
+ username = decode_from_base64(str(username))
+ user_shared_list = open('users/'+encode_as_base64(secure_filename(username))+"/shared_files")
+ user_shared_list_parsed = json.load(user_shared_list)
+ if secure_filename(filename) in user_shared_list_parsed and user_shared_list_parsed[secure_filename(filename)] == code and not validate_access_permissions(filename):
+ return send_file(
+ "users/"+encode_as_base64(secure_filename(username))+"/"+secure_filename(filename),
+ mimetype=secure_filename(filename),
+ as_attachment=True,
+ download_name=filename
+ )
+ else:
+ return render_template("share_wrong_code.html")
+
+@app.route("/share/info/")
+def share_info(filename):
+ login_user_input_file = open('loggedin_users')
+ json_array = json.load(login_user_input_file)
+ if request.remote_addr in json_array:
+ username = json_array[request.remote_addr]
+ user_shared_list = open('users/'+username+"/shared_files")
+ user_shared_list_parsed = json.load(user_shared_list)
+ filename = decode_from_base64(str(filename))
+ if filename in user_shared_list_parsed:
+ return "shared"
+ else:
+ return "not_shared"
+ else:
+ return "This part of the API is locked down for you"
+
+@app.route("/share/reglink/")
+def share_reglink(filename):
+ login_user_input_file = open('loggedin_users')
+ json_array = json.load(login_user_input_file)
+ if request.remote_addr in json_array:
+ filename = secure_filename(decode_from_base64(str(filename)))
+ username = json_array[request.remote_addr]
+ user_shared_list = open('users/'+username+"/shared_files")
+ user_shared_list_parsed = json.load(user_shared_list)
+ share_code = str(hashlib.sha256(str(random.randint(1,1000000)).encode("utf-8")).hexdigest())
+ user_shared_list_parsed[filename] = share_code
+ open('users/'+username+"/shared_files", "w").write(json.dumps(user_shared_list_parsed))
+ return "/share/link/"+username+"/"+filename+"/"+share_code
+ else:
+ return "This part of the API is locked down for you"
+
+@app.route("/share/unreg/")
+def share_unreg(filename):
+ login_user_input_file = open('loggedin_users')
+ json_array = json.load(login_user_input_file)
+ if request.remote_addr in json_array:
+ filename = secure_filename(decode_from_base64(str(filename)))
+ username = json_array[request.remote_addr]
+ user_shared_list = open('users/'+username+"/shared_files")
+ user_shared_list_parsed = json.load(user_shared_list)
+ del user_shared_list_parsed[filename]
+ open('users/'+username+"/shared_files", "w").write(json.dumps(user_shared_list_parsed))
+ return "done"
+ else:
+ return "This part of the API is locked down for you"
+
app.run(host="0.0.0.0", port=5000, debug=False, ssl_context="adhoc")
diff --git a/asset/homescreen.css b/asset/homescreen.css
index 2e9a621..0ecbc3b 100644
--- a/asset/homescreen.css
+++ b/asset/homescreen.css
@@ -32,6 +32,10 @@
background-color: transparent;
}
+*.selectable::selection {
+ background-color: var(--accent-color);
+}
+
*:focus {
outline: none;
}
diff --git a/asset/homescreen.js b/asset/homescreen.js
index c8db44c..90f9aef 100644
--- a/asset/homescreen.js
+++ b/asset/homescreen.js
@@ -103,6 +103,54 @@ function show_file_menu(file, event) {
}
})
}
+ document.getElementById("file_menu_share_button").onclick = async function () {
+ filename = event.srcElement.innerHTML.split("> ")[1].replaceAll(" ", "_")
+ console.log("/share/info/" + btoa(filename))
+ fetch("/share/info/" + btoa(filename))
+ .then((response) => {
+ if (response.ok) {
+ return response.text()
+ }
+ else {
+ return "Error"
+ }
+ })
+ .then(
+ function (response) {
+ if (response == "not_shared") {
+ l_confirm("Do you want to create a sharing link for " + filename + "?", function () {
+ fetch("/share/reglink/" + btoa(filename)).then(
+ (response) => {
+ if (response.ok) {
+ return response.text()
+ }
+ else {
+ return "Failed to get"
+ }
+ }
+ )
+ .then(
+ function (response) {
+ document.getElementById("confirm_popup").hidden = true;
+ code = "https://"+location.host+response
+ l_confirm("Copy this code with CTRL+C. "+code+"
", function () {
+ document.getElementById("confirm_popup").hidden = true;
+ })
+ }
+ )
+ })
+ }
+ else {
+ l_confirm("Do you want to remove the sharing link for this file?", function () {
+ fetch("/share/unreg/"+btoa(filename))
+ l_confirm("The share link is removed for this file.", function () {
+ document.getElementById("confirm_popup").hidden = true;
+ })
+ })
+ }
+ }
+ )
+ }
var x = event.clientX;
var y = event.clientY;
@@ -258,7 +306,7 @@ function upload_new_file() {
function security_advisor() {
var advisorElement = document.getElementById("security_advisor");
advisorElement.hidden = false;
-
+
setTimeout(function () {
window.addEventListener("click", function hideAdvisor() {
advisorElement.hidden = true;
diff --git a/templates/homescreen.html b/templates/homescreen.html
index e546c0a..118cf70 100644
--- a/templates/homescreen.html
+++ b/templates/homescreen.html
@@ -15,9 +15,11 @@
+
+
None
@@ -67,6 +69,7 @@
+