kleinpanic/File-Transfer-Website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

login added

Browse Source
This commit is contained in:
klein panic
2024-10-01 16:09:46 -04:00
parent 8779643d5b
commit b3e876bd4c
3 changed files with 75 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
server/__pycache__/security.cpython-311.pyc Normal file
View File

Binary file not shown.

53
server/app.py
View File

@@ -1,9 +1,11 @@
# server/app.py # server/app.py
from flask import Flask, request, jsonify, render_template, redirect, url_for, send_from_directory from flask import Flask, request, jsonify, render_template, redirect, url_for, session
from flask_talisman import Talisman from flask_talisman import Talisman
import os import os
from security import validate_user, identify_uploader
app = Flask(__name__, template_folder='../templates') app = Flask(__name__, template_folder='../templates')
app.secret_key = 'super_secret_key' # Change this to a more secure key for production
Talisman(app) Talisman(app)
RECEIVED_FILES_DIR = "../assets" RECEIVED_FILES_DIR = "../assets"
@@ -16,33 +18,58 @@ uploaded_images = []
@app.route('/') @app.route('/')
def index(): def index():
if 'username' not in session:
return redirect(url_for('login'))
return render_template("index.html") return render_template("index.html")
@app.route('/login', methods=['GET', 'POST'])
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
if validate_user(username, password):
session['username'] = username
return redirect(url_for('index'))
else:
return "Invalid credentials. Please try again.", 403
return render_template("login.html")
@app.route('/logout')
def logout():
session.pop('username', None)
return redirect(url_for('login'))
@app.route('/upload/link', methods=['POST']) @app.route('/upload/link', methods=['POST'])
def upload_link(): def upload_link():
if 'username' not in session:
return redirect(url_for('login'))
data = request.form data = request.form
if 'link' not in data or 'uploader' not in data: if 'link' not in data:
return jsonify({"error": "Link and uploader's name are required"}), 400 return jsonify({"error": "No link provided"}), 400
link_info = {'link': data['link'], 'uploader': data['uploader']} uploader = identify_uploader()
link_info = {'link': data['link'], 'uploader': uploader}
uploaded_links.append(link_info) uploaded_links.append(link_info)
with open(os.path.join(RECEIVED_FILES_DIR, "links.txt"), "a") as f: with open(os.path.join(RECEIVED_FILES_DIR, "links.txt"), "a") as f:
f.write(f"{data['uploader']}: {data['link']}\n") f.write(f"{uploader}: {data['link']}\n")
return redirect(url_for('index')) return redirect(url_for('index'))
@app.route('/upload/image', methods=['POST']) @app.route('/upload/image', methods=['POST'])
def upload_image(): def upload_image():
if 'file' not in request.files or 'uploader' not in request.form: if 'username' not in session:
return jsonify({"error": "File and uploader's name are required"}), 400 return redirect(url_for('login'))
if 'file' not in request.files:
return jsonify({"error": "No file provided"}), 400
file = request.files['file'] file = request.files['file']
uploader = request.form['uploader']
if file.filename == '': if file.filename == '':
return jsonify({"error": "No selected file"}), 400 return jsonify({"error": "No selected file"}), 400
uploader = identify_uploader()
save_path = os.path.join(RECEIVED_FILES_DIR, file.filename) save_path = os.path.join(RECEIVED_FILES_DIR, file.filename)
file.save(save_path) file.save(save_path)
@@ -52,6 +79,9 @@ def upload_image():
@app.route('/uploads') @app.route('/uploads')
def view_uploads(): def view_uploads():
if 'username' not in session:
return redirect(url_for('login'))
return render_template("uploads.html", links=uploaded_links, images=uploaded_images) return render_template("uploads.html", links=uploaded_links, images=uploaded_images)
@app.route('/assets/<filename>') @app.route('/assets/<filename>')
@@ -60,11 +90,13 @@ def get_image(filename):
@app.route('/rename/<filename>', methods=['POST']) @app.route('/rename/<filename>', methods=['POST'])
def rename_file(filename): def rename_file(filename):
if 'username' not in session:
return redirect(url_for('login'))
new_name = request.form.get('new_name') new_name = request.form.get('new_name')
if new_name and os.path.exists(os.path.join(RECEIVED_FILES_DIR, filename)): if new_name and os.path.exists(os.path.join(RECEIVED_FILES_DIR, filename)):
os.rename(os.path.join(RECEIVED_FILES_DIR, filename), os.path.join(RECEIVED_FILES_DIR, new_name)) os.rename(os.path.join(RECEIVED_FILES_DIR, filename), os.path.join(RECEIVED_FILES_DIR, new_name))
# Update internal records
for image in uploaded_images: for image in uploaded_images:
if image['filename'] == filename: if image['filename'] == filename:
image['filename'] = new_name image['filename'] = new_name
@@ -75,4 +107,3 @@ def rename_file(filename):
if __name__ == '__main__': if __name__ == '__main__':
app.run(host='0.0.0.0', port=5000, ssl_context='adhoc') app.run(host='0.0.0.0', port=5000, ssl_context='adhoc')

33
server/security.py Normal file
View File

@@ -0,0 +1,33 @@
# server/security.py
from flask import request
import platform
import hashlib
# Mock user database (username: password) - replace with a real database
USER_DATABASE = {
"iphone_user": hashlib.sha256("iphone_password".encode()).hexdigest(),
"laptop_user": hashlib.sha256("laptop_password".encode()).hexdigest(),
}
# Function to validate user credentials
def validate_user(username, password):
hashed_password = hashlib.sha256(password.encode()).hexdigest()
return USER_DATABASE.get(username) == hashed_password
# Function to extract device information
def get_device_info():
user_agent = request.headers.get('User-Agent', 'Unknown')
return {
"ip": request.remote_addr,
"user_agent": user_agent,
"isa": platform.machine(), # Get system architecture
"os": platform.system(), # Get OS
}
# Function to identify the uploader based on device info
def identify_uploader():
device_info = get_device_info()
if "iPhone" in device_info['user_agent']:
return f"Uploaded by iPhone (IP: {device_info['ip']})"
else:
return f"Uploaded by {device_info['isa']} {device_info['os']} (IP: {device_info['ip']})"