bbaovanc/imgupload-legacy
Archived
1
1
Fork 0
Code Issues Pull Requests Releases 12 Wiki Activity
This repository has been archived on 2021-01-14. You can view files and clone it, but cannot push or open issues or pull requests.
565a91e4ec
imgupload-legacy/imgupload.py
BBaoVanC 565a91e4ec
Remove uploadkeys encryption features 
It doesn't really make sense to encrypt the keys, but store the secret
literally in the same directory. uploadkeys will now be stored in
plaintext. The branch `legacy` has the old code from before this commit.
2020-09-03 21:44:58 -05:00

98 lines
4.2 KiB
Python
Raw Blame History

from flask import Flask, request, jsonify, abort, Response
from cryptography.fernet import Fernet
from flask_api import status
from pathlib import Path
import random
import os
import datetime
import settings # app settings (such as allowed extensions)
import functions # custom functions
app = Flask(__name__) # app is the app
def allowed_extension(testext):
if testext in settings.ALLOWED_EXTENSIONS:
return True
else:
return False
def log_savelog(key, ip, savedname):
if settings.SAVELOG_KEYPREFIX > 0:
with open(settings.SAVELOG, "a+") as slogf:
slogf.write("[{0}] {1}: {2} - {3}\n".format(datetime.datetime.now(), key[:settings.SAVELOG_KEYPREFIX], ip, savedname))
os.chmod(settings.SAVELOG, settings.SAVELOG_CHMOD)
else:
with open(settings.SAVELOG, "a+") as slogf:
slogf.write("[{0}] {1} - {2}\n".format(datetime.datetime.now(), ip, savedname))
os.chmod(settings.SAVELOG, settings.SAVELOG_CHMOD)
@app.route("/upload", methods = ["POST"])
def upload():
if request.method == "POST": # sanity check: make sure it's a POST request
print("Request method was POST!")
with open("uploadkeys", "r") as keyfile: # load valid keys
validkeys = keyfile.readlines()
validkeys = [x.strip("\n") for x in validkeys]
while "" in validkeys:
validkeys.remove("")
print("Loaded validkeys")
if "uploadKey" in request.form: # if an uploadKey was provided
if request.form["uploadKey"] in validkeys: # check if uploadKey is valid
print("Key is valid!")
if "imageUpload" in request.files: # check if image to upload was provided
f = request.files["imageUpload"] # f is the image to upload
else:
print("No image upload was found!")
return jsonify({'status': 'error', 'error': 'NO_IMAGE_UPLOADED'}), status.HTTP_400_BAD_REQUEST
if f.filename == "": # make sure the filename isn't blank
print("Filename is blank")
return jsonify({'status': 'error', 'error': 'FILENAME_BLANK'}), status.HTTP_400_BAD_REQUEST
fext = Path(f.filename).suffix # get the uploaded extension
if allowed_extension(fext): # if the extension is allowed
print("Generating file with extension {0}".format(fext))
fname = functions.generate_name() + fext # generate file name
print("Generated name: {0}".format(fname))
if f: # if the uploaded image exists
print("Uploaded image exists")
f.save(os.path.join(settings.UPLOAD_FOLDER, fname)) # save the image
print("Saved to {0}".format(fname))
url = settings.ROOTURL + fname # construct the url to the image
if settings.SAVELOG != "/dev/null":
print("Saving to savelog")
log_savelog(request.form["uploadKey"], request.remote_addr, fname)
print("Returning json response")
return jsonify({'status': 'success', 'url': url, 'name': fname, 'uploadedName': f.filename}), status.HTTP_201_CREATED
else: # this shouldn't happen
print("Um... uploaded image... is nonexistent? Please report this error!")
return jsonify({'status': 'error', 'error': 'UPLOADED_IMAGE_FAILED_SANITY_CHECK_1'}), status.HTTP_400_BAD_REQUEST
else: # if the extension was invalid
print("Uploaded extension is invalid!")
abort(415)
else: # if the key was not valid
print("Key is invalid!")
print("Request key: {0}".format(request.form["uploadKey"]))
abort(401)
else: # if uploadKey was not found in request body
print("No uploadKey found in request!")
abort(401)
else: # if the request method wasn't post
print("Request method was not POST!")
abort(405)
if __name__ == "__main__":
print("Run with `flask` or a WSGI server!")
Reference in New Issue View Git Blame Copy Permalink