cwfitzgerald/filehost.py

## filehost.py
@app.route("/s/<path:url>")
def ret_hosted_file(url):
    return send_from_directory("s/", url)


@app.route("/api/fdel/<path:url>", methods=['POST'])
def delete_file(url):
    form_data = request.form

    filename = os.path.abspath(os.path.join("s/", url))

    if 'pin' not in form_data or form_data['pin'] != os.getenv('CWF_UPLOAD_PIN'):
        return app.response_class(
            response=json.dumps({"error":"invalid pin"}),
            status=403,
            mimetype='application/json'
        )

    storage = os.path.abspath("s")
    file = os.path.abspath(filename)
    common = os.path.commonpath([storage, file])

    if common != storage:
        return app.response_class(
            response=json.dumps({"error" : "invalid path"}),
            status=403,
            mimetype='application/json'
        )

    if os.path.exists(filename):
        os.remove(filename)

    return app.response_class(
            response='',
            status=204
        )


@app.route("/api/fhost", methods=['POST'])
def file_host():
    if 'file' not in request.files:
        return app.response_class(
            response=json.dumps(error="File 'file' not found"),
            status=400,
            mimetype='application/json'
        )

    file = request.files['file']  # type: werkzeug.datastructures.FileStorage

    if file.filename == '':
        return app.response_class(
            response=json.dumps(error="Empty Filename"),
            status=400,
            mimetype='application/json'
        )

    form_data = request.form

    preserve_filename = 'preserve_filename' in form_data

    if 'pin' not in form_data or form_data['pin'] != os.getenv('CWF_UPLOAD_PIN'):
        return app.response_class(
            response=json.dumps({"error":"invalid pin"}),
            status=403,
            mimetype='application/json'
        )

    if preserve_filename:
        prefix = datetime.datetime.now().strftime('%y%j-%H%M%S-')
        filename = werkzeug.utils.secure_filename(file.filename)
        filename = prefix + filename
    else:
        ext = os.path.splitext(file.filename)[-1]

        filename = secrets.token_urlsafe(4) + ext
        while os.path.exists(filename):
            filename = secrets.token_urlsafe(4) + ext

    filepath = os.path.join("s/", filename)

    if not os.path.exists("s/"):
        os.mkdir("s/")

    file.save(filepath)

    return jsonify(url="https://connorwfitzgerald.com/s/{}".format(filename),
                   deleter="https://connorwfitzgerald.com/api/fdel/{}".format(filename))
	@app.route("/s/<path:url>")
	def ret_hosted_file(url):
	return send_from_directory("s/", url)


	@app.route("/api/fdel/<path:url>", methods=['POST'])
	def delete_file(url):
	form_data = request.form

	filename = os.path.abspath(os.path.join("s/", url))

	if 'pin' not in form_data or form_data['pin'] != os.getenv('CWF_UPLOAD_PIN'):
	return app.response_class(
	response=json.dumps({"error":"invalid pin"}),
	status=403,
	mimetype='application/json'
	)

	storage = os.path.abspath("s")
	file = os.path.abspath(filename)
	common = os.path.commonpath([storage, file])

	if common != storage:
	return app.response_class(
	response=json.dumps({"error" : "invalid path"}),
	status=403,
	mimetype='application/json'
	)

	if os.path.exists(filename):
	os.remove(filename)

	return app.response_class(
	response='',
	status=204
	)


	@app.route("/api/fhost", methods=['POST'])
	def file_host():
	if 'file' not in request.files:
	return app.response_class(
	response=json.dumps(error="File 'file' not found"),
	status=400,
	mimetype='application/json'
	)

	file = request.files['file'] # type: werkzeug.datastructures.FileStorage

	if file.filename == '':
	return app.response_class(
	response=json.dumps(error="Empty Filename"),
	status=400,
	mimetype='application/json'
	)

	form_data = request.form

	preserve_filename = 'preserve_filename' in form_data

	if 'pin' not in form_data or form_data['pin'] != os.getenv('CWF_UPLOAD_PIN'):
	return app.response_class(
	response=json.dumps({"error":"invalid pin"}),
	status=403,
	mimetype='application/json'
	)

	if preserve_filename:
	prefix = datetime.datetime.now().strftime('%y%j-%H%M%S-')
	filename = werkzeug.utils.secure_filename(file.filename)
	filename = prefix + filename
	else:
	ext = os.path.splitext(file.filename)[-1]

	filename = secrets.token_urlsafe(4) + ext
	while os.path.exists(filename):
	filename = secrets.token_urlsafe(4) + ext

	filepath = os.path.join("s/", filename)

	if not os.path.exists("s/"):
	os.mkdir("s/")

	file.save(filepath)

	return jsonify(url="https://connorwfitzgerald.com/s/{}".format(filename),
	deleter="https://connorwfitzgerald.com/api/fdel/{}".format(filename))