From dbc174e5506f969f5dc04b9b9061fc89ac4e959b Mon Sep 17 00:00:00 2001 From: Wervice Date: Thu, 20 Jul 2023 00:44:11 +0200 Subject: [PATCH] Share a file with a link --- __main__.py | 76 ++++++++++++++++++++++++++++++++- asset/homescreen.css | 4 ++ asset/homescreen.js | 50 +++++++++++++++++++++- templates/homescreen.html | 3 ++ templates/share_wrong_code.html | 27 ++++++++++++ 5 files changed, 157 insertions(+), 3 deletions(-) create mode 100644 templates/share_wrong_code.html diff --git a/__main__.py b/__main__.py index 1cd79af..e7daef9 100644 --- a/__main__.py +++ b/__main__.py @@ -135,7 +135,7 @@ def file_html_gen(username): files = os.listdir("users/"+username+"/") html_code = "" for file in files: - if file != "userpassword.cfg" and file != "enced_files" and file != "Thumbs.db" and file != "ckey.cfg" and not file.startswith("chat_log_file_") and file != "chat_inbox": + if file != "userpassword.cfg" and file != "enced_files" and file != "Thumbs.db" and file != "ckey.cfg" and not file.startswith("chat_log_file_") and file != "chat_inbox" and file != "shared_files": # mime_image.svg # mime_doc.svg # mime_presentation.svg @@ -295,7 +295,7 @@ def forbiden(error): print("Block binaries") else: blacklist_extensions = [] -blacklist_filenames = ["is_admin", "userconfig.cfg", "enced_files", "Thumbs.db", "decryption_tempfile.tmp", "", "chat_inbox", "userpassword.cfg", "ckey.cfg"] +blacklist_filenames = ["is_admin", "userconfig.cfg", "enced_files", "Thumbs.db", "decryption_tempfile.tmp", "", "chat_inbox", "userpassword.cfg", "ckey.cfg", "shared_files"] def validate_access_permissions(filename): if secure_filename(filename) in blacklist_filenames or filename.startswith('chat_log_file_'): @@ -583,6 +583,15 @@ def delete_file(filename): 'users/'+username+"/enced_files", "w") loggedin_users_writer.write(json.dumps(json_array_enced)) loggedin_users_writer.close() + filename = str(secure_filename(filename)) + username = json_array[request.remote_addr] + user_shared_list = open('users/'+username+"/shared_files") + user_shared_list_parsed = json.load(user_shared_list) + try: + del user_shared_list_parsed[filename] + except: + pass + open('users/'+username+"/shared_files", "w").write(json.dumps(user_shared_list_parsed)) return "" else: return "You aren't allowed to access this file", 403 @@ -1151,5 +1160,68 @@ def security_advisor_start(): return render_template("security_advisor_overview.html", p_score = p_score).replace("[[ m_f_list_html ]]", m_f_list_html) else: return "You are not allowed to access this page", 403 + +@app.route("/share/link///") +def share_link(username, filename, code): + username = decode_from_base64(str(username)) + user_shared_list = open('users/'+encode_as_base64(secure_filename(username))+"/shared_files") + user_shared_list_parsed = json.load(user_shared_list) + if secure_filename(filename) in user_shared_list_parsed and user_shared_list_parsed[secure_filename(filename)] == code and not validate_access_permissions(filename): + return send_file( + "users/"+encode_as_base64(secure_filename(username))+"/"+secure_filename(filename), + mimetype=secure_filename(filename), + as_attachment=True, + download_name=filename + ) + else: + return render_template("share_wrong_code.html") + +@app.route("/share/info/") +def share_info(filename): + login_user_input_file = open('loggedin_users') + json_array = json.load(login_user_input_file) + if request.remote_addr in json_array: + username = json_array[request.remote_addr] + user_shared_list = open('users/'+username+"/shared_files") + user_shared_list_parsed = json.load(user_shared_list) + filename = decode_from_base64(str(filename)) + if filename in user_shared_list_parsed: + return "shared" + else: + return "not_shared" + else: + return "This part of the API is locked down for you" + +@app.route("/share/reglink/") +def share_reglink(filename): + login_user_input_file = open('loggedin_users') + json_array = json.load(login_user_input_file) + if request.remote_addr in json_array: + filename = secure_filename(decode_from_base64(str(filename))) + username = json_array[request.remote_addr] + user_shared_list = open('users/'+username+"/shared_files") + user_shared_list_parsed = json.load(user_shared_list) + share_code = str(hashlib.sha256(str(random.randint(1,1000000)).encode("utf-8")).hexdigest()) + user_shared_list_parsed[filename] = share_code + open('users/'+username+"/shared_files", "w").write(json.dumps(user_shared_list_parsed)) + return "/share/link/"+username+"/"+filename+"/"+share_code + else: + return "This part of the API is locked down for you" + +@app.route("/share/unreg/") +def share_unreg(filename): + login_user_input_file = open('loggedin_users') + json_array = json.load(login_user_input_file) + if request.remote_addr in json_array: + filename = secure_filename(decode_from_base64(str(filename))) + username = json_array[request.remote_addr] + user_shared_list = open('users/'+username+"/shared_files") + user_shared_list_parsed = json.load(user_shared_list) + del user_shared_list_parsed[filename] + open('users/'+username+"/shared_files", "w").write(json.dumps(user_shared_list_parsed)) + return "done" + else: + return "This part of the API is locked down for you" + app.run(host="0.0.0.0", port=5000, debug=False, ssl_context="adhoc") diff --git a/asset/homescreen.css b/asset/homescreen.css index 2e9a621..0ecbc3b 100644 --- a/asset/homescreen.css +++ b/asset/homescreen.css @@ -32,6 +32,10 @@ background-color: transparent; } +*.selectable::selection { + background-color: var(--accent-color); +} + *:focus { outline: none; } diff --git a/asset/homescreen.js b/asset/homescreen.js index c8db44c..90f9aef 100644 --- a/asset/homescreen.js +++ b/asset/homescreen.js @@ -103,6 +103,54 @@ function show_file_menu(file, event) { } }) } + document.getElementById("file_menu_share_button").onclick = async function () { + filename = event.srcElement.innerHTML.split("> ")[1].replaceAll(" ", "_") + console.log("/share/info/" + btoa(filename)) + fetch("/share/info/" + btoa(filename)) + .then((response) => { + if (response.ok) { + return response.text() + } + else { + return "Error" + } + }) + .then( + function (response) { + if (response == "not_shared") { + l_confirm("Do you want to create a sharing link for " + filename + "?", function () { + fetch("/share/reglink/" + btoa(filename)).then( + (response) => { + if (response.ok) { + return response.text() + } + else { + return "Failed to get" + } + } + ) + .then( + function (response) { + document.getElementById("confirm_popup").hidden = true; + code = "https://"+location.host+response + l_confirm("Copy this code with CTRL+C.
"+code+"
", function () { + document.getElementById("confirm_popup").hidden = true; + }) + } + ) + }) + } + else { + l_confirm("Do you want to remove the sharing link for this file?", function () { + fetch("/share/unreg/"+btoa(filename)) + l_confirm("The share link is removed for this file.", function () { + document.getElementById("confirm_popup").hidden = true; + }) + }) + } + } + ) + } var x = event.clientX; var y = event.clientY; @@ -258,7 +306,7 @@ function upload_new_file() { function security_advisor() { var advisorElement = document.getElementById("security_advisor"); advisorElement.hidden = false; - + setTimeout(function () { window.addEventListener("click", function hideAdvisor() { advisorElement.hidden = true; diff --git a/templates/homescreen.html b/templates/homescreen.html index e546c0a..118cf70 100644 --- a/templates/homescreen.html +++ b/templates/homescreen.html @@ -15,9 +15,11 @@ + +