From b87909c9dd7aabe7b8f8bd63138876dff5cd2200 Mon Sep 17 00:00:00 2001 From: cbdev Date: Fri, 29 Oct 2021 20:22:18 +0200 Subject: Implement gallery view, add noscript notice, implement rudimentary overwrite protection --- backend/HTTP.py | 16 ---------------- backend/main.py | 29 ++++++++++++++++++----------- 2 files changed, 18 insertions(+), 27 deletions(-) delete mode 100644 backend/HTTP.py (limited to 'backend') diff --git a/backend/HTTP.py b/backend/HTTP.py deleted file mode 100644 index 4ba3d90..0000000 --- a/backend/HTTP.py +++ /dev/null @@ -1,16 +0,0 @@ -def cookies(data): - cookies = {} - for cookie in data.split(';'): - data = cookie.strip().split('=', 1) - if(len(data) == 2): - cookies[data[0]] = data[1] - return cookies - -def formdata(data): - fields = {} - for field in data.split('&'): - data = field.strip().split('=', 1) - if len(data) == 2: - fields[data[0]] = data[1] - # FIXME URLdecode the entries - return fields diff --git a/backend/main.py b/backend/main.py index 592b7a3..bbb853d 100644 --- a/backend/main.py +++ b/backend/main.py @@ -26,27 +26,27 @@ def resolve_alias(alias): session = None db = sqlite3.connect(config.database, check_same_thread = False) cursor = db.cursor() - cursor.execute("SELECT user, real, access, storage FROM aliases WHERE alias=:alias", {"alias": alias}) + cursor.execute("SELECT user, real, access, storage, display FROM aliases WHERE alias=:alias", {"alias": alias}) data = cursor.fetchone() if data: - session = {"user": data[0], "path": data[1], "access": data[2], "limit": data[3]} + session = {"user": data[0], "path": data[1], "access": data[2], "limit": data[3], "display": data[4]} else: print("Unknown alias " + alias) db.close() return session def listing(session): - listing = {"total": 0, "files": []} - if 'r' not in session["access"]: - return ["", [('Content-Type','text/html')], "403 No"] + listing = {"total": 0, "files": [], "access": session["access"], "display": session["display"]} - directory = target_filename(session, None) - files = os.listdir(directory) + if 'r' in session["access"]: + directory = target_filename(session, None) + files = os.listdir(directory) - for filename in files: - size = os.path.getsize(directory + filename) - listing["files"].append({"name": filename, "size": size}) - listing["total"] += size + for filename in files: + if os.path.isfile(directory + filename): + size = os.path.getsize(directory + filename) + listing["files"].append({"name": filename, "size": size}) + listing["total"] += size return [json.dumps(listing), [('Content-Type','application/json')], "200 OK"] @@ -55,6 +55,10 @@ def upload(session, post): return ["", [('Content-Type','text/html')], "403 No"] if post["file"].filename: target = target_filename(session, os.path.basename(post["file"].filename)) + + while os.path.isfile(target): + target += "_dup" + try: open(target, 'wb').write(post["file"].file.read()) print("Uploaded " + target) @@ -85,6 +89,9 @@ def route(path, env, session, post): print("/data/" + target_filename_internal(session, path[2])) return playout("/data/" + target_filename_internal(session, path[2]), mimetypes.guess_type(path[2])[0]) + if len(path) > 1 and path[1] == "preview" and session["display"] == "gallery": + return playout("/data/" + target_filename_internal(session, "preview/" + path[2]), mimetypes.guess_type(path[2])[0]) + return playout("/interface/listing.htm") def handle_request(env, response): -- cgit v1.2.3