SFS/fs.py

450 lines
17 KiB
Python
Raw Normal View History

2020-11-04 17:59:18 +00:00
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import flask
import flask_login as fll
import datetime
from db import db, File, User, levels_users
import settings
from werkzeug.utils import secure_filename
import os
import os.path
_here = os.path.dirname(os.path.realpath(__file__))
login_manager = fll.LoginManager()
app = flask.Flask(__name__)
app.config.from_pyfile('settings.cfg')
app.config['UPLOAD_FOLDER'] = settings.UPLOAD_FOLDER
app.config['MAX_CONTENT_LENGTH'] = settings.MAX_FILE_SIZE * 1024 * 1024
#######################################################################
# Plugin management #
#######################################################################
# Login manager
login_manager.init_app(app)
# Database management
db.app = app
db.init_app(app)
db.create_all()
db.session.commit()
# Insert admin if not exist
if User.query.limit(1).first() is None:
admin = User(login='admin', name='Admin', is_admin=levels_users['Admin'])
admin.set_password('admin')
db.session.add(admin)
db.session.commit()
# Login management
@login_manager.user_loader
def load_user(user_id):
if user_id is None :
return None
return User.query.get(user_id)
@login_manager.unauthorized_handler
def unauthorized_callback():
return flask.redirect('/login?next=' + flask.request.path)
#######################################################################
# Global variables or fuctions #
#######################################################################
URL_DEFAULT = '/myrepo'
@app.route('/')
def home():
user = fll.current_user
if not hasattr(user, 'is_admin'):
user = None
return flask.render_template("index.html", user=user)
@app.route('/favicon.ico')
def favicon():
return flask.redirect('/static/favicon.ico')
#######################################################################
# Login, logout #
#######################################################################
@app.route('/login', methods=['GET', 'POST'])
def login():
if fll.current_user.is_authenticated:
return flask.redirect(URL_DEFAULT)
if flask.request.method=="POST":
username = flask.request.form['username']
password = flask.request.form['password']
user = User.query.get(username)
if user and user.is_admin > levels_users['Inactive'] and user.check_password(password):
fll.login_user(user)
next = flask.request.args.get('next')
if next is not None and next[0]=='/':
return flask.redirect(next)
else:
return flask.redirect(URL_DEFAULT)
else:
app.logger.warning('Login fail for user {} from {}'.format(user, flask.request.remote_addr))
flask.flash('Nom d\'utilisateur ou mot de passe incorrect')
return flask.render_template('login.html', user=None)
@app.route('/logout')
def logout():
fll.logout_user()
return flask.redirect('/')
#######################################################################
# Upload form #
#######################################################################
def check_filename_in_db(filename, user):
exist = File.query.filter_by(name=filename, user=user.login).first()
return exist is not None
def check_filename(filename, user):
filepath = genpath(filename, user)
if os.path.lexists(filepath) or check_filename_in_db(filename, user):
fn, ext = os.path.splitext(filename)
i = 0
if settings.NMAX_EXTENSION == 0:
return None
filename = '{}_{:04d}{}'.format(fn, i, ext)
while os.path.lexists(genpath(filename, user)) or check_filename_in_db(filename, user):
i+=1
filename = '{}_{:04d}{}'.format(fn, i, ext)
if i > settings.NMAX_EXTENSION:
break
else:
return filename
return None
return filename
def genpath(filename, user):
if isinstance(user, str):
username = user
else:
username = user.login
return os.path.join(app.config['UPLOAD_FOLDER'], username, filename)
@app.route('/up', methods=['GET', 'POST'])
def uploaderpage():
user = fll.current_user
if not hasattr(user, 'is_admin') or user.is_admin < levels_users['Simple user']:
user = None
if not flask.request.method=="POST":
return flask.render_template('up.html', user=user)
if flask.request.method=="POST" :
# Parse global things
if 'graphical' in flask.request.form and flask.request.form['graphical'] == '1':
graphical = True
else:
graphical = False
if 'visible' in flask.request.form and flask.request.form['visible']:
visible = True
else:
visible = False
if 'filepwd' in flask.request.form and len(flask.request.form['filepwd'])>0:
filepwd = flask.request.form['filepwd']
else:
filepwd = None
# Check auth first
if user is None:
if 'username' not in flask.request.form or 'password' not in flask.request.form:
return returnuploader(graphical, 'ERR: You have to provide creedentials or log in', None)
username = flask.request.form['username']
password = flask.request.form['password']
user = User.query.get(username)
if not user or user.is_admin <= levels_users['Inactive'] or not user.check_password(password):
return returnuploader(graphical, 'ERR: Incorrect login credentials', None)
fll.login_user(user)
# When auth ok, check for files !
if 'file[]' not in flask.request.files:
return returnuploader(graphical, 'ERR: File have to be provided (file[] field)', user)
lfiles = flask.request.files.getlist('file[]')
lnewnames = flask.request.form.getlist('filename[]')
ldesc = flask.request.form.getlist('desc[]')
done = 0
ret="OK"
for i in range(len(lfiles)):
# if user does not select file, browser also
# submit an empty part without filename
f = lfiles[i]
if f.filename == '':
continue
if i<len(lnewnames) and len(lnewnames[i])>0:
name = lnewnames[i]
else:
name = f.filename
if i<len(ldesc) and len(ldesc[i])>0:
desc = ldesc[i]
else:
desc = ''
name = secure_filename(name)
name1 = check_filename(name, user)
if name1 is None:
return returnuploader(graphical, 'ERR: Already existing name {}'.format(name), user)
# Add to database
toadd = File(name=name1, user=user.login, visible=visible, date=datetime.datetime.now(), desc=desc)
toadd.set_password(filepwd)
db.session.add(toadd)
db.session.commit()
# Save it to disk
path = genpath(name1, user)
try:
if not os.path.isdir(os.path.dirname(path)):
os.mkdir(os.path.dirname(path))
f.save(path)
ret += "\n/d/{}/{}".format(user.login, name1)
except IOError as err:
return returnuploader(graphical, 'ERR: Something went wrong when trying to write file to disk', user)
done += 1
# return
if done == 0:
return returnuploader(graphical, 'ERR: You have to provide at least one valid file', user)
if graphical:
return flask.redirect(URL_DEFAULT)
else:
return ret
def returnuploader(graphical, info, user):
"""
Function to create return value for uploaderpage function
If graphical is True, return the web page, otherwise return simple text
graphical:bool: it is graphical session ?
info:str: text to send
user:User instance or None if not logged in
"""
if not graphical:
return info
else:
flask.flash(info)
return flask.render_template('up.html', user=user)
#######################################################################
# Download pages #
#######################################################################
@app.route('/d/<user>/<filename>', defaults={'raw': False}, methods=['GET', 'POST'])
@app.route('/d/<user>/<filename>/raw', defaults = {'raw': True}, methods=['GET', 'POST'])
def dl(user, filename, raw=False):
cuser = fll.current_user
if not hasattr(cuser, 'is_admin') or cuser.is_admin < levels_users['Simple user']:
cuser = None
fl = File.query.filter_by(name=filename, user=user).first()
if fl is None:
return flask.abort(404)
pwd = None
if flask.request.method=="POST":
if 'password' in flask.request.form:
pwd = flask.request.form['password']
if fl.check_password(pwd):
path = genpath(filename, user)
folder = os.path.dirname(path)
fn = os.path.basename(path)
if raw:
return flask.send_from_directory(folder, filename=fn, as_attachment=False)
else:
return flask.send_from_directory(folder, filename=fn, as_attachment=False)
else:
if raw:
return 'ERR: Incorrect password'
else:
if flask.request.method == "POST":
flask.flash('Incorrect password')
return flask.render_template('dl_pwd.html', user=cuser, filename=filename)
pass
#######################################################################
# Show repos #
#######################################################################
@app.route('/myrepo')
@fll.login_required
def myrepo():
return flask.redirect('/d/{}'.format(fll.current_user.login))
@app.route('/d/<user>')
def repo(user):
user = User.query.get(user)
if user is None:
return flask.abort(404)
cuser = fll.current_user
if not hasattr(cuser, 'is_admin') or cuser.is_admin < levels_users['Simple user']:
cuser = None
ismine = user.login == cuser.login if cuser is not None else False
isadmin = cuser.is_admin>=levels_users['Admin'] or ismine if cuser is not None else False
if isadmin:
l = File.query.filter_by(user=user.login).all()
else:
l = File.query.filter_by(user=user.login, visible=True).all()
return flask.render_template('repo.html', user=cuser, isadmin=isadmin, ismine=ismine, folder=user.login, l=l)
#######################################################################
# Edit files #
#######################################################################
@app.route('/f/<id>/edit', methods=['GET', 'POST'])
@fll.login_required
def editfile(id):
user = fll.current_user
f = File.query.get(id)
if f is None:
return flask.redirect(URL_DEFAULT)
if f.user != user and user.is_admin<levels_users['Admin']:
return flask.redirect(URL_DEFAULT)
if flask.request.method == "POST":
if 'desc' in flask.request.form:
f.desc = flask.request.form['desc']
f.visible = False
if 'visible' in flask.request.form:
if flask.request.form['visible']=='1':
f.visible = True
if 'password' in flask.request.form and len(flask.request.form['password'])>0:
f.set_password(flask.request.form['password'])
# TODO: Add name change but this have to be done with file also ! <04-11-20, Léo Viallon-Galinier> #
db.session.commit()
return flask.redirect('/d/{}'.format(f.user))
else:
return flask.render_template('file_edit.html', user=user, f=f)
@app.route('/f/<id>/del')
@fll.login_required
def delfile(id):
user = fll.current_user
f = File.query.get(id)
if f is None:
return flask.redirect(URL_DEFAULT)
if f.user != user and user.is_admin<levels_users['Admin']:
return flask.redirect(URL_DEFAULT)
confirm = flask.request.args.get('confirm')
if confirm is not None:
fpath = genpath(f.name, f.user)
if os.path.isfile(fpath):
os.remove(fpath)
db.session.delete(f)
db.session.commit()
return flask.redirect('/d/{}'.format(f.user))
return flask.render_template('file_del.html', user=user, f=f)
#######################################################################
# Users management #
#######################################################################
@app.route('/admin/users')
@fll.login_required
def admin_users():
if fll.current_user.is_admin < levels_users['Admin users']:
return flask.redirect(URL_DEFAULT)
users = User.query.all()
return flask.render_template('admin_users.html', user=fll.current_user, users=users)
@app.route('/admin/users/<user>', methods=['GET', 'POST'])
@fll.login_required
def edituser(user):
new = user=='new'
user = User.query.get(user)
if not new and user is None:
return flask.redirect('/admin/users')
if fll.current_user.is_admin >= levels_users['Admin users'] and \
(new or fll.current_user.is_admin >= user.is_admin):
if flask.request.method=="POST":
username = flask.request.form['username']
name = flask.request.form['name']
password = flask.request.form['password']
level = int(flask.request.form['level'])
if level not in levels_users.values():
flask.flash('Level unknown')
return flask.render_template("admin_user_edit.html", user=fll.current_user, useredit=user, levels_users=levels_users)
if fll.current_user.is_admin < levels_users['Admin']:
if not level < fll.current_user.is_admin:
flask.flash('Invalid level')
return flask.render_template("admin_user_edit.html", user=fll.current_user, useredit=user, levels_users=levels_users)
if len(password)<2 and new:
flask.flash('Mot de passe trop court')
return flask.render_template("admin_user_edit.html", user=fll.current_user, useredit=user, levels_users=levels_users)
if new and User.query.get(username) is not None:
flask.flash('Login déjà utilisé ! Choisissez un autre !')
return flask.render_template("admin_user_edit.html", user=fll.current_user, useredit=user, levels_users=levels_users)
if new:
usertoadd = User(login=username, name=name, is_admin=level)
usertoadd.set_password(password)
db.session.add(usertoadd)
else:
user.name = name
if len(password)>=2:
user.set_password(password)
user.is_admin = level
db.session.commit()
return flask.redirect('/admin/users')
else:
return flask.render_template("admin_user_edit.html", user=fll.current_user, useredit=user, levels_users=levels_users)
return flask.redirect(URL_DEFAULT)
@app.route('/admin/users/<user>/del')
@fll.login_required
def deluser(user):
user = User.query.get(user)
if user is None:
return flask.redirect('/admin/users')
if fll.current_user.is_admin >= levels_users['Admin'] or \
fll.current_user.is_admin >= levels_users['Admin users'] and \
fll.current_user.is_admin > user.is_admin:
confirm = flask.request.args.get('confirm')
if confirm is not None:
delete_files(user=user)
db.session.delete(user)
db.session.commit()
return flask.redirect('/admin/users')
return flask.render_template("admin_user_del.html", user=fll.current_user, useredit=user)
@app.route('/password', methods=['GET', 'POST'])
@fll.login_required
def change_password():
if flask.request.method=="POST":
password = flask.request.form['password']
if len(password) < 5:
flask.flash('Mot de passe trop court !')
else:
fll.current_user.set_password(password)
db.session.commit()
return flask.redirect(URL_DEFAULT)
return flask.render_template("password.html", user=fll.current_user)
#######################################################################
# Files managament #
#######################################################################
def delete_files(user=None):
if isinstance(user, str):
username = user
else:
username = user.login
lf = File.query.filter_by(user=username).all()
for f in lf:
fpath = genpath(f.name, f.user)
if os.path.isfile(fpath):
os.remove(fpath)
db.session.delete(f)
db.session.commit()
if __name__ == '__main__':
app.run(debug=True, host='127.0.0.1', port=8080 )