Skip to content

Instantly share code, notes, and snippets.

@WJDigby
Created September 19, 2021 16:23
Show Gist options
  • Save WJDigby/95666165bd3ac112224804d6dbdf26f8 to your computer and use it in GitHub Desktop.
Save WJDigby/95666165bd3ac112224804d6dbdf26f8 to your computer and use it in GitHub Desktop.
Simple insecure webserver for transferring text and files between hosts
import base64
from datetime import datetime
from hashlib import md5
from math import ceil
import os
import web
from jinja2 import Environment, BaseLoader
# Tool is not designed for security, but might as disable this unless needed
web.config.debug = False
urls = ('/b64/.*$', 'B64',
'.*$', 'index')
TEMPLATE = """
<html>
<head>
<title>CopyPasta</title>
</head>
<body>
<style>
body{ font-family: 'Arial'}
a:link { color: black; }
a:visited { color: gray; }
</style>
<h2 id="header">Paste</h2>
<form action="./index" method="post">
<textarea id="text" name="text" rows="5" cols="30">{{ text }}</textarea>
<br><br>
<button name="paste" type="submit">Paste</button>
<button name="save_text" type="submit">Save text</button>
<button name="save_b64" type="submit">Save B64 file</button>
</form>
<pre>curl -F text="your text here" {{ host }}</pre>
<br>
<h2 id="header">Upload</h2>
<form action="./index" method="post" enctype="multipart/form-data">
<input type="file" id="file" name="upload">
<button type="submit">Upload</button>
</form>
<pre>curl -F upload=@/path/to/file {{ host }}</pre>
<br>
<h2 id="header">Download</h2>
{% if downloads %}
<table style="border-collapse: collapse;">
<tr>
<th>File</th>
<th>Download</th>
<th>Preview</th>
<th>To Base64</th>
<th>Size</th>
<th>Date</th>
<th>MD5</th>
</tr>
{% for filename, attrs in downloads.items() %}
<tr style="background-color: {{ loop.cycle('white', 'lightgray') }}">
<td style="padding: 10px;">{{ filename }}</td>
<td><a href="{{ attrs[0] }}" download>{{ download_icon }}</a></td>
<td><a href="{{ attrs[0] }}">{{ preview_icon }}</a></td>
<td><a href="./b64/{{ filename }}">{{ to_b64_icon }}</a></td>
<td>{{ attrs[1] }}</td>
<td>{{ attrs[2] }}</td>
<td>{{ attrs[3] }}</td>
</tr>
{% endfor %}
</table>
{% endif %}
</body>
</html>
"""
class B64:
""" Generate base64-encoded versions of files stored in the ./static/ directory.
Return to the user as a text blob in the browser."""
def GET(self):
file = web.ctx.env['PATH_INFO'].split('/')[-1]
if file in os.listdir('./static'):
with open('./static/' + file, 'rb') as f:
data = f.read()
b64_data = base64.b64encode(data)
web.header('Content-Type', 'text/plain')
return b64_data
raise web.seeother('/')
class index:
"""Handle all GET and POST requests other than those directed at /b64.
Displays current text held in "clipboard" and list of available downloads."""
def GET(self):
if not web.ctx.env['PATH_INFO'] == '/':
raise web.seeother('/')
host = web.ctx.env['HTTP_HOST']
download_icon = """
<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-download" viewBox="0 0 16 16" title="Download">
<path d="M.5 9.9a.5.5 0 0 1 .5.5v2.5a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1v-2.5a.5.5 0 0 1 1 0v2.5a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2v-2.5a.5.5 0 0 1 .5-.5z"/>
<path d="M7.646 11.854a.5.5 0 0 0 .708 0l3-3a.5.5 0 0 0-.708-.708L8.5 10.293V1.5a.5.5 0 0 0-1 0v8.793L5.354 8.146a.5.5 0 1 0-.708.708l3 3z"/>
<title>Download</title>
</svg>
"""
preview_icon = """
<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-eyeglasses" viewBox="0 0 16 16">
<path d="M4 6a2 2 0 1 1 0 4 2 2 0 0 1 0-4zm2.625.547a3 3 0 0 0-5.584.953H.5a.5.5 0 0 0 0 1h.541A3 3 0 0 0 7 8a1 1 0 0 1 2 0 3 3 0 0 0 5.959.5h.541a.5.5 0 0 0 0-1h-.541a3 3 0 0 0-5.584-.953A1.993 1.993 0 0 0 8 6c-.532 0-1.016.208-1.375.547zM14 8a2 2 0 1 1-4 0 2 2 0 0 1 4 0z"/>
<title>Preview</title>
</svg>
"""
to_b64_icon = """
<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-file-code" viewBox="0 0 16 16">
<path d="M6.646 5.646a.5.5 0 1 1 .708.708L5.707 8l1.647 1.646a.5.5 0 0 1-.708.708l-2-2a.5.5 0 0 1 0-.708l2-2zm2.708 0a.5.5 0 1 0-.708.708L10.293 8 8.646 9.646a.5.5 0 0 0 .708.708l2-2a.5.5 0 0 0 0-.708l-2-2z"/>
<path d="M2 2a2 2 0 0 1 2-2h8a2 2 0 0 1 2 2v12a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V2zm10-1H4a1 1 0 0 0-1 1v12a1 1 0 0 0 1 1h8a1 1 0 0 0 1-1V2a1 1 0 0 0-1-1z"/>
<title>Convert to Base64</title>
</svg>
"""
# Use a file in case app crashes, last pasted input remains
with open('clipboard', 'r') as f:
text = f.read()
downloads = {}
for download in os.listdir('./static'): # web.py automatically treats files in static directory as such
path = './static/' + download
size = os.stat(path).st_size
if size > 1024:
size = str(ceil(size / 1024)) + 'K'
else:
size = str(size) + 'B'
md5sum = md5(open(path, 'rb').read()).hexdigest()
ctime = datetime.fromtimestamp(os.stat(path).st_ctime).strftime('%d %b %Y %H:%M:%S')
downloads[download] = [path, size, ctime, md5sum]
# Sort the download list by date, descending
downloads = dict(sorted(downloads.items(), key=lambda item: item[1][2], reverse=True))
template = Environment(loader=BaseLoader).from_string(TEMPLATE)
return template.render(text=text,
host=host,
downloads=downloads,
download_icon=download_icon,
preview_icon=preview_icon,
to_b64_icon=to_b64_icon)
def POST(self):
# If user wants to simply paste text to the "clipboard"
# Use a file in case app crashes, last pasted input remains
if all([k in ['paste', 'text'] for k in web.input().keys()]):
text = web.input().get('text') # Don't care if it's empty
with open('clipboard', 'w') as f:
f.write(text)
raise web.seeother('/')
# If user wants to save pasted text to a text file
if all([k in ['save_text', 'text'] for k in web.input().keys()]):
text = web.input().get('text')
if text:
filename = datetime.now().strftime('%d%b%Y_%H%M%S.txt')
with open('./static/' + filename, 'w') as f:
f.write(text)
raise web.seeother('/')
else:
raise web.seeother('/')
# If user wants to save a Base64-encoded blob as a (decoded) file
if all([k in ['save_b64', 'text'] for k in web.input().keys()]):
text = web.input().get('text').encode()
if text:
filename = datetime.now().strftime('%d%b%Y_%H%M%S')
data = base64.b64decode(text)
with open('./static/' + filename, 'wb') as f:
f.write(data)
raise web.seeother('/')
else:
raise web.seeother('/')
file = web.input().get('upload')
if file:
ul = web.input(upload={})
storage_dir = './static'
if 'upload' in ul:
filepath = ul.upload.filename.replace('\\', '/')
filename = filepath.split('/')[-1]
file_out = open(storage_dir + '/' + filename, 'wb')
file_out.write(ul.upload.file.read())
raise web.seeother('/')
return
if __name__ == '__main__':
if not os.path.exists('./clipboard'):
with open('./clipboard', 'wb') as f:
f.write(b'')
if not os.path.exists('./static/'):
os.mkdir('./static')
app = web.application(urls, globals())
app.run()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment