#!/usr/bin/env python3 """ Simple file host using Flask. """ import os import time import urllib from flask import Flask, session, request, abort, redirect, url_for, g, \ render_template from flask_socketio import SocketIO, emit, join_room from flask_paranoid import Paranoid import MySQLdb import bleach class ReverseProxied(object): """ Wrap the application in this middleware and configure the front-end server to add these headers, to let you quietly bind this to a URL other than / and to an HTTP scheme that is different than what is used locally. In nginx: location /myprefix { proxy_pass http://192.168.0.1:5001; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_set_header X-Script-Name /myprefix; } :param app: the WSGI application """ def __init__(self, app): self.app = app def __call__(self, environ, start_response): script_name = environ.get('HTTP_X_SCRIPT_NAME', '') if script_name: environ['SCRIPT_NAME'] = script_name path_info = environ['PATH_INFO'] if path_info.startswith(script_name): environ['PATH_INFO'] = path_info[len(script_name):] scheme = environ.get('HTTP_X_SCHEME', '') if scheme: environ['wsgi.url_scheme'] = scheme return self.app(environ, start_response) app = Flask(__name__) app.wsgi_app = ReverseProxied(app.wsgi_app) app.config['MAX_CONTENT_LENGTH'] = 16 * 1024 * 1024 socketio = SocketIO(app) paranoid = Paranoid(app) paranoid.redirect_view = 'index' def db_execute(*args, **kwargs): """ Opens a connection to the app's database and executes the SQL statements passed to this function. """ passwd = app.config.get("DB_KEY") with MySQLdb.connect(user="anonkun", passwd=passwd, db="anonkun") as cur: cur.execute(*args, **kwargs) return cur def init(): """ Initializes the application. """ # init secret key if os.path.exists("secret_key"): with open("secret_key", "rb") as file: secret_key = file.read() else: secret_key = os.urandom(64) with open("secret_key", "wb") as file: file.write(secret_key) app.secret_key = secret_key # init db with open("db_key", "r") as file: passwd = file.read().strip() # TODO: encrypt this app.config["DB_KEY"] = passwd try: db_execute("SELECT * FROM `users`").fetchone() except MySQLdb.ProgrammingError: # database not initialized with open("anonkun.sql", "r") as file: commands = file.read().split(";") for cmd in commands: cmd = cmd.strip() if not cmd: continue db_execute(cmd) @socketio.on('joined', namespace="/chat") def joined(data): """ Sent by clients when they enter a room. """ room = data["room"] join_room(room) @socketio.on('message', namespace="/chat") def text(data): """ Sent by a client when the user entered a new message. """ room = data["room"] message = data["message"] name = data["name"] date = int(time.time()) data["date"] = date emit('message', data, room=room) @app.template_filter("strftime") def unix2string(unix): """ Converts a unix timestamp into a string. """ form = "%Y-%m-%d %H:%M:%S" t = time.localtime(unix) return time.strftime(form, t) messages = [{"name":"Anonymous", "date":1528998539, "message":"lol"}, {"name":"Namefag", "date":1528998521, "message":"kek"}] @app.route("/quest/") def quest(quest_title): """ An arbituary quest page. """ quest_title, _, extra = quest_title.partition("/") res = db_execute("SELECT * FROM `quests` WHERE `ident_title` = %s", (quest_title,)) data = res.fetchone() if not data: abort(404) quest_id, quest_title, _, owner_id, quest_data = data res = db_execute("SELECT * FROM `chat_messages` WHERE `room_id` = '%s'", (quest_id,)) messages = res.fetchall() return render_template('quest.html', quest_title=quest_title, quest_body=quest_data, room_id=quest_id, messages=messages) @app.route("/create_quest", methods=["GET", "POST"]) def create_quest(): """ Starts a new quest. """ if request.method == "GET": return render_template("create_quest.html") canon_title = request.form.get("quest_title") quest_body = request.form.get("quest_body") ident_title = sanitize_title(canon_title) quest_body = bleach.clean(quest_body.strip()) quest_body = quest_body.replace("\n", "
") db_execute( "INSERT INTO `quests` (`canon_title`, `ident_title`, `quest_data`) " \ "VALUES (%s, %s, %s)", (canon_title, ident_title, quest_body)) return redirect(url_for('quest', quest_title=ident_title)) @app.route("/") def index(): """ The index page. """ return render_template("index.html") def sanitize_title(canon_title): """ Sanitizes the given canonical title for a quest and returns a url-friendly version. """ ident_title = canon_title.lower().replace(" ", "-") ident_title = urllib.parse.quote(ident_title) return ident_title init() if __name__ == "__main__": app.run(host='0.0.0.0', port=5050)