From 596d683fc26e18e68f2a7a13520dd2b85674814b Mon Sep 17 00:00:00 2001 From: cbdev Date: Sun, 10 Jul 2022 21:57:27 +0200 Subject: Factor out common functions into utils --- backend/main.py | 43 +++++++++++++++---------------------------- 1 file changed, 15 insertions(+), 28 deletions(-) (limited to 'backend/main.py') diff --git a/backend/main.py b/backend/main.py index 2156d0e..baf8b1d 100644 --- a/backend/main.py +++ b/backend/main.py @@ -4,24 +4,14 @@ import cgi import os import sqlite3 import mimetypes +import urllib.parse import Admin -from utils import redirect +import utils def playout(filename, content = "text/html"): return ["", [('Content-Type', content if content else "application/octet-stream"), ("X-Accel-Redirect", filename)], None] -def target_filename_internal(alias, filename): - target = alias["path"] + "/" - if filename: - target += filename - if config.user_subdirs: - target = alias["user"] + "/" + target - return target - -def target_filename(alias, file): - return config.fileroot + target_filename_internal(alias, file) - def resolve_alias(alias): resolved = None db = sqlite3.connect(config.database, check_same_thread = False) @@ -38,16 +28,12 @@ def resolve_alias(alias): def listing(alias): listing = {"total": 0, "files": [], "access": alias["access"], "display": alias["display"]} - # TODO make sorting configurable if 'r' in alias["access"]: - directory = target_filename(alias, None) - files = sorted(os.listdir(directory)) - - for filename in files: - if os.path.isfile(directory + filename): - size = os.path.getsize(directory + filename) - listing["files"].append({"name": filename, "size": size}) - listing["total"] += size + directory = utils.target_filename(alias, None) + listing["files"] = utils.dirlisting(directory, True, False) + # Calculate total size + for file in listing["files"]: + listing["total"] += file["size"] return [json.dumps(listing), [('Content-Type','application/json')], "200 OK"] @@ -55,7 +41,7 @@ def upload(alias, post): if 'c' not in alias["access"]: return ["", [('Content-Type','text/html')], "403 No"] if post["file"].filename: - target = target_filename(alias, os.path.basename(post["file"].filename)) + target = utils.target_filename(alias, utils.sanitize_filename(post["file"].filename)) while os.path.isfile(target): target += "_dup" @@ -85,11 +71,11 @@ def route(path, env, post): alias = resolve_alias(path[0]) if not alias: - return redirect(config.homepage) + return utils.redirect(config.homepage) # Redirect if no slash after alias if len(path) == 1: - return redirect(path[0] + "/"); + return utils.redirect(path[0] + "/"); if len(path) > 1 and path[1] == "upload": return upload(alias, post) @@ -98,11 +84,12 @@ def route(path, env, post): return listing(alias) if len(path) > 1 and path[1] == "file": - print("/data/" + target_filename_internal(alias, path[2])) - return playout("/data/" + target_filename_internal(alias, path[2]), mimetypes.guess_type(path[2])[0]) + filename = utils.sanitize_filename(path[2]) + return playout("/data/" + utils.target_filename_internal(alias, filename), mimetypes.guess_type(filename)[0]) if len(path) > 1 and path[1] == "preview" and alias["display"] == "gallery": - return playout("/data/" + target_filename_internal(alias, "preview/" + path[2]), mimetypes.guess_type(path[2])[0]) + filename = utils.sanitize_filename(path[2]) + return playout("/data/" + utils.target_filename_internal(alias, "preview/" + filename), mimetypes.guess_type(filename)[0]) return playout("/interface/listing.htm") @@ -118,7 +105,7 @@ def handle_request(env, response): else: content_length = int(env.get('CONTENT_LENGTH', '0')) post_raw = env["wsgi.input"].read(content_length).decode('utf-8') - post = post_raw + post = urllib.parse.parse_qs(post_raw) except ValueError as e: post = None -- cgit v1.2.3