Git-Mirrors/mat2-web
1
0
Fork 0
mirror of https://0xacab.org/jvoisin/mat2-web.git synced 2025-02-24 00:59:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

added more logging for the helpers and the frontend

Browse Source
This commit is contained in:
Jan Friedli 2020-08-30 14:44:41 +02:00 committed by jfriedli
parent 7a252eaa90
commit 58709ebca0
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
matweb/frontend.py
View File

@ -27,8 +27,10 @@ def download_file(key: str, secret: str, filename: str):
file_removal_scheduler.run_file_removal_job(current_app.config['UPLOAD_FOLDER']) file_removal_scheduler.run_file_removal_job(current_app.config['UPLOAD_FOLDER'])
if not os.path.exists(complete_path): if not os.path.exists(complete_path):
current_app.logger.error('Non existing file requested')
return redirect(url_for('routes.upload_file')) return redirect(url_for('routes.upload_file'))
if hmac.compare_digest(utils.hash_file(complete_path, secret), key) is False: if hmac.compare_digest(utils.hash_file(complete_path, secret), key) is False:
current_app.logger.error('Non matching digest for file')
return redirect(url_for('routes.upload_file')) return redirect(url_for('routes.upload_file'))
@after_this_request @after_this_request
@ -47,28 +49,33 @@ def upload_file():
if request.method == 'POST': if request.method == 'POST':
if 'file' not in request.files: # check if the post request has the file part if 'file' not in request.files: # check if the post request has the file part
flash('No file part') flash('No file part')
current_app.logger.error('Missing file part in upload')
return redirect(request.url) return redirect(request.url)
uploaded_file = request.files['file'] uploaded_file = request.files['file']
if not uploaded_file.filename: if not uploaded_file.filename:
flash('No selected file') flash('No selected file')
current_app.logger.error('Missing filename in upload')
return redirect(request.url) return redirect(request.url)
try: try:
filename, filepath = utils.save_file(uploaded_file, current_app.config['UPLOAD_FOLDER']) filename, filepath = utils.save_file(uploaded_file, current_app.config['UPLOAD_FOLDER'])
except ValueError: except ValueError:
flash('Invalid Filename') flash('Invalid Filename')
current_app.logger.error('Invalid Filename in upload')
return redirect(request.url) return redirect(request.url)
parser, mime = utils.get_file_parser(filepath) parser, mime = utils.get_file_parser(filepath)
if parser is None: if parser is None:
flash('The type %s is not supported' % mime) flash('The type %s is not supported' % mime)
current_app.logger.error('Unsupported type %s', mime)
return redirect(url_for('routes.upload_file')) return redirect(url_for('routes.upload_file'))
meta = parser.get_meta() meta = parser.get_meta()
if parser.remove_all() is not True: if parser.remove_all() is not True:
flash('Unable to clean %s' % mime) flash('Unable to clean %s' % mime)
current_app.logger.error('Unable to clean %s', mime)
return redirect(url_for('routes.upload_file')) return redirect(url_for('routes.upload_file'))
key, secret, meta_after, output_filename = utils.cleanup(parser, filepath, current_app.config['UPLOAD_FOLDER']) key, secret, meta_after, output_filename = utils.cleanup(parser, filepath, current_app.config['UPLOAD_FOLDER'])

6
matweb/utils.py
View File

@ -3,7 +3,7 @@ import os
import hashlib import hashlib
import mimetypes as mtype import mimetypes as mtype
from flask_restful import abort from flask_restful import abort, current_app
from libmat2 import parser_factory from libmat2 import parser_factory
from werkzeug.utils import secure_filename from werkzeug.utils import secure_filename
@ -31,6 +31,7 @@ def hash_file(filepath: str, secret: str) -> str:
def check_upload_folder(upload_folder): def check_upload_folder(upload_folder):
if not os.path.exists(upload_folder): if not os.path.exists(upload_folder):
current_app.logger.info('Upload folder does not exist - creating it')
os.mkdir(upload_folder) os.mkdir(upload_folder)
@ -98,14 +99,17 @@ def get_file_paths(filename, upload_folder):
def is_valid_api_download_file(filename: str, key: str, secret: str, upload_folder: str) -> [str, str]: def is_valid_api_download_file(filename: str, key: str, secret: str, upload_folder: str) -> [str, str]:
if filename != secure_filename(filename): if filename != secure_filename(filename):
current_app.logger.error('Insecure filename %', filename)
abort(400, message='Insecure filename') abort(400, message='Insecure filename')
complete_path, filepath = get_file_paths(filename, upload_folder) complete_path, filepath = get_file_paths(filename, upload_folder)
if not os.path.exists(complete_path): if not os.path.exists(complete_path):
current_app.logger.error('File not found')
abort(404, message='File not found') abort(404, message='File not found')
if hmac.compare_digest(hash_file(complete_path, secret), key) is False: if hmac.compare_digest(hash_file(complete_path, secret), key) is False:
current_app.logger.error('The file hash does not match')
abort(400, message='The file hash does not match') abort(400, message='The file hash does not match')
return complete_path, filepath return complete_path, filepath