manage_uploads deletes files now
This commit is contained in:
parent
90f7bf75ed
commit
62c444f703
65
fileHost.py
65
fileHost.py
|
@ -3,11 +3,11 @@
|
|||
Simple file host using Flask.
|
||||
"""
|
||||
import os
|
||||
import time
|
||||
import string
|
||||
import secrets
|
||||
import sqlite3
|
||||
import threading
|
||||
from datetime import datetime
|
||||
|
||||
from passlib.hash import argon2
|
||||
from flask import Flask, session, request, abort, redirect, url_for, g, \
|
||||
|
@ -147,27 +147,41 @@ def verify_username(username):
|
|||
return False
|
||||
|
||||
|
||||
@app.route("/delete_file", methods=["POST"])
|
||||
def delete_file():
|
||||
def delete_file(filename):
|
||||
"""
|
||||
Allows an admin to delete a file from the upload directory and the database.
|
||||
Deletes a file from the upload directory and from the database.
|
||||
"""
|
||||
username = request.form.get("user")
|
||||
password = request.form.get("pass")
|
||||
filename = request.form.get("fname")
|
||||
|
||||
if not verify_password(username, password):
|
||||
abort(401)
|
||||
if not g.admin:
|
||||
abort(401)
|
||||
|
||||
try:
|
||||
os.remove(os.path.join(app.config.get("UPLOAD_DIR"), filename))
|
||||
db.execute("DELETE FROM uploads WHERE filename = ?", (filename,))
|
||||
con.commit()
|
||||
db_execute("DELETE FROM uploads WHERE filename = ?", (filename,))
|
||||
except FileNotFoundError:
|
||||
return "Error: File not found."
|
||||
return False
|
||||
return True
|
||||
|
||||
|
||||
|
||||
@app.route("/delete_file", methods=["POST"])
|
||||
def deleteFile():
|
||||
"""
|
||||
Allows a user to delete a file from the upload directory and the database.
|
||||
"""
|
||||
username = session.get("username")
|
||||
filename = request.form.get("fname")
|
||||
|
||||
if not verify_username(username):
|
||||
abort(401)
|
||||
if not g.admin:
|
||||
uploader = db_execute(
|
||||
"SELECT uploaded_by FROM uploads WHERE filename=?",
|
||||
(filename,)).fetchone()[0]
|
||||
if uploader != username:
|
||||
abort(401)
|
||||
|
||||
res = delete_file(filename)
|
||||
if res:
|
||||
return "Success"
|
||||
else:
|
||||
return "Error: File not found."
|
||||
|
||||
|
||||
@app.route("/add_user", methods=["POST"])
|
||||
|
@ -258,18 +272,29 @@ def manage_uploads():
|
|||
if not verify_username(username):
|
||||
abort(401)
|
||||
|
||||
if request.method == "GET":
|
||||
uploads = db_execute(
|
||||
"SELECT filename, uploaded_date FROM uploads WHERE uploaded_by = ?",
|
||||
(username,)).fetchall()
|
||||
|
||||
new_uploads = []
|
||||
for file, date in uploads:
|
||||
file = app.config.get("UPLOAD_URL") + file
|
||||
date = time.strftime("%Y-%m-%d %H:%M", date)
|
||||
date = datetime.fromtimestamp(date).strftime("%Y-%m-%d %H:%M")
|
||||
new_uploads.append((file, date))
|
||||
|
||||
if request.method == "GET":
|
||||
return render_template("manage_uploads.html", uploads=new_uploads)
|
||||
return render_template("manage_uploads.html", uploads=new_uploads,
|
||||
upload_dir=app.config.get("UPLOAD_URL"))
|
||||
|
||||
deletes = [fname for fname,_ in request.form.items()]
|
||||
deletes.remove("submit")
|
||||
for filename in deletes:
|
||||
uploader = db_execute(
|
||||
"SELECT uploaded_by FROM uploads WHERE filename=?",
|
||||
(filename,)).fetchone()[0]
|
||||
if uploader != username:
|
||||
abort(401)
|
||||
delete_file(filename)
|
||||
return redirect(url_for("manage_uploads"))
|
||||
|
||||
|
||||
@app.route("/", methods=["POST", "GET"])
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
Hello, {{ session.username }}<br />
|
||||
<a href="{{ url_for('change_password') }}">Change password</a><br />
|
||||
<a href="{{ url_for('logout') }}">Logout</a><br />
|
||||
<a href="{{ url_for('manage_uploads') }}">Manage Uploads</a><br />
|
||||
<p>Select file to upload:
|
||||
<p><input type="file" name="file" required/><br />
|
||||
<input type="checkbox" name="randname"> Generate random filename.
|
||||
|
|
|
@ -4,17 +4,22 @@
|
|||
<title>Manage your uploads</title>
|
||||
</head>
|
||||
<body>
|
||||
<form method="post" enctype="multipart/form-data" action="{{ url_for('manage_uploads') }}">
|
||||
<table>
|
||||
<tr>
|
||||
<th>File</th>
|
||||
<th>Date Uploaded</th>
|
||||
<th>Delete</th>
|
||||
</tr>
|
||||
{% for file, date in uploads %}
|
||||
<tr>
|
||||
<td>{{ upload_url + file }}</td>
|
||||
<td>{{ date|string }}</td>
|
||||
<td><a href="{{ upload_dir + file }}">{{ file }}</a></td>
|
||||
<td>{{ date }}</td>
|
||||
<td><input type="checkbox" name="{{ file }}"/></td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</table>
|
||||
<input type="submit" value="Delete this" name="submit"/>
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
|
|
Loading…
Reference in New Issue
Block a user