-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathuploader.py
More file actions
104 lines (82 loc) · 2.97 KB
/
uploader.py
File metadata and controls
104 lines (82 loc) · 2.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
import os
import time
from uuid import uuid4
from functools import wraps
from flask import Flask, render_template, session, request, redirect, url_for, send_file
from werkzeug.utils import secure_filename
from pathlib import Path
app = Flask(__name__)
app.secret_key = os.getenv("SECRET_KEY") or "pepegaman123pepegaman123"
UPLOADS_FOLDER = Path('uploads/')
@app.template_filter('hsize')
def sizeof_fmt(num, suffix="B"):
for unit in ("", "Ki", "Mi", "Gi", "Ti", "Pi", "Ei", "Zi"):
if abs(num) < 1024.0:
return f"{num:3.1f}{unit}{suffix}"
num /= 1024.0
return f"{num:.1f}Yi{suffix}"
@app.template_filter('ctime')
def timectime(s):
return time.ctime(s)
@app.template_filter('path_normalize')
def path_normalize(s):
while '//' in s:
s = s.replace('//', '/')
return s
def session_required(f):
@wraps(f)
def decorated(*args, **kwargs):
if 'id' not in session:
session['id'] = str(uuid4())
session.permanent = True
# create user folder if it doesn't exist
p = UPLOADS_FOLDER / session['id']
if not p.exists():
p.mkdir(parents=True)
return f(*args, **kwargs)
return decorated
@app.route("/", methods=['GET', 'POST'])
@session_required
def main():
path = request.args.get('path')
if path is None:
return redirect(url_for('main', path="/"))
path += '/'
# filter out LFI stuff
orig_path = path
path = path.replace('../', '')
prev = str(Path(path).parent)
full_path_str = str(UPLOADS_FOLDER / session['id']) + path
full_path = Path(full_path_str)
# redirect back to root if this file/folder doesn't exist
if not full_path.exists():
return redirect(url_for('main', path="/"))
# if this is a file, print it out
if full_path.is_file():
return send_file(full_path)
if request.method == 'POST':
if 'dirname' in request.form:
dirname = secure_filename(request.form['dirname'])
new_dir = full_path / dirname
if not new_dir.exists():
new_dir.mkdir()
if 'file' in request.files:
file = request.files['file']
# no empty filename
if file.filename == '':
abort(400)
filename = secure_filename(file.filename)
file.save(str(UPLOADS_FOLDER / session['id'] / filename))
# we want file name, size, date modified, and if it's a directory
files = [p for p in full_path.iterdir()]
names = [f.name for f in files]
stats = [f.stat() for f in files]
is_dir = [f.is_dir() for f in files]
combined = [(f, s, d) for f, s, d in zip(names, stats, is_dir)]
combined.sort(key=lambda x: x[0])
return render_template("index.html", files=combined, prev=prev, path=orig_path)
if __name__ == '__main__':
import logging
from waitress import serve
logging.getLogger('waitress').setLevel(logging.DEBUG)
serve(app, host="0.0.0.0", port=8000)