diff --git a/fileHost.py b/fileHost.py index 0adce35..2f920a3 100755 --- a/fileHost.py +++ b/fileHost.py @@ -3,11 +3,11 @@ Simple file host using Flask. """ import os -import time import string import secrets import sqlite3 import threading +from datetime import datetime from passlib.hash import argon2 from flask import Flask, session, request, abort, redirect, url_for, g, \ @@ -147,27 +147,41 @@ def verify_username(username): return False -@app.route("/delete_file", methods=["POST"]) -def delete_file(): +def delete_file(filename): """ - Allows an admin to delete a file from the upload directory and the database. + Deletes a file from the upload directory and from the database. """ - username = request.form.get("user") - password = request.form.get("pass") - filename = request.form.get("fname") - - if not verify_password(username, password): - abort(401) - if not g.admin: - abort(401) - try: os.remove(os.path.join(app.config.get("UPLOAD_DIR"), filename)) - db.execute("DELETE FROM uploads WHERE filename = ?", (filename,)) - con.commit() + db_execute("DELETE FROM uploads WHERE filename = ?", (filename,)) except FileNotFoundError: + return False + return True + + + +@app.route("/delete_file", methods=["POST"]) +def deleteFile(): + """ + Allows a user to delete a file from the upload directory and the database. + """ + username = session.get("username") + filename = request.form.get("fname") + + if not verify_username(username): + abort(401) + if not g.admin: + uploader = db_execute( + "SELECT uploaded_by FROM uploads WHERE filename=?", + (filename,)).fetchone()[0] + if uploader != username: + abort(401) + + res = delete_file(filename) + if res: + return "Success" + else: return "Error: File not found." - return "Success" @app.route("/add_user", methods=["POST"]) @@ -258,18 +272,29 @@ def manage_uploads(): if not verify_username(username): abort(401) - uploads = db_execute( - "SELECT filename, uploaded_date FROM uploads WHERE uploaded_by = ?", - (username,)).fetchall() - - new_uploads = [] - for file, date in uploads: - file = app.config.get("UPLOAD_URL") + file - date = time.strftime("%Y-%m-%d %H:%M", date) - new_uploads.append((file, date)) - if request.method == "GET": - return render_template("manage_uploads.html", uploads=new_uploads) + uploads = db_execute( + "SELECT filename, uploaded_date FROM uploads WHERE uploaded_by = ?", + (username,)).fetchall() + + new_uploads = [] + for file, date in uploads: + date = datetime.fromtimestamp(date).strftime("%Y-%m-%d %H:%M") + new_uploads.append((file, date)) + + return render_template("manage_uploads.html", uploads=new_uploads, + upload_dir=app.config.get("UPLOAD_URL")) + + deletes = [fname for fname,_ in request.form.items()] + deletes.remove("submit") + for filename in deletes: + uploader = db_execute( + "SELECT uploaded_by FROM uploads WHERE filename=?", + (filename,)).fetchone()[0] + if uploader != username: + abort(401) + delete_file(filename) + return redirect(url_for("manage_uploads")) @app.route("/", methods=["POST", "GET"]) diff --git a/templates/index.html b/templates/index.html index 6f5fae2..a581dba 100644 --- a/templates/index.html +++ b/templates/index.html @@ -5,11 +5,12 @@
- Hello, {{ session.username }}
- Change password
- Logout
-

Select file to upload: -


+ Hello, {{ session.username }}
+ Change password
+ Logout
+ Manage Uploads
+

Select file to upload: +


Generate random filename.

diff --git a/templates/manage_uploads.html b/templates/manage_uploads.html index aaabd44..4f5d3ca 100644 --- a/templates/manage_uploads.html +++ b/templates/manage_uploads.html @@ -4,17 +4,22 @@ Manage your uploads +
+ {% for file, date in uploads %} - - + + + {% endfor %}
File Date UploadedDelete
{{ upload_url + file }}{{ date|string }}{{ file }}{{ date }}
+ +