Add flash messages to receive template, and begin implementing upload POST

onionshare/web.py

@@ -31,9 +31,10 @@ from distutils.version import LooseVersion as Version
 from urllib.request import urlopen
 
 from flask import (
-    Flask, Response, request, render_template, abort, make_response,
+    Flask, Response, request, render_template, abort, make_response, flash,
-    __version__ as flask_version
+    redirect, __version__ as flask_version
 )
+from werkzeug.utils import secure_filename
 
 from . import strings, common
 
@@ -48,6 +49,7 @@ class Web(object):
         self.app = Flask(__name__,
                          static_folder=common.get_resource_path('static'),
                          template_folder=common.get_resource_path('templates'))
+        self.app.secret_key = self.common.random_string(8)
 
         # Debug mode?
         if self.common.debug:
@@ -61,6 +63,8 @@ class Web(object):
 
         # Are we using receive mode?
         self.receive_mode = receive_mode
+        if self.receive_mode:
+            self.app.config['UPLOAD_FOLDER'] = self.common.settings.get('downloads_dir')
 
         # Starting in Flask 0.11, render_template_string autoescapes template variables
         # by default. To prevent content injection through template variables in
@@ -257,12 +261,26 @@ class Web(object):
         def index(slug_candidate):
             self.check_slug_candidate(slug_candidate)
 
-            # If download is allowed to continue, serve download page
             r = make_response(render_template(
                 'receive.html',
                 slug=self.slug))
             return self.add_security_headers(r)
 
+        @self.app.route("/<slug_candidate>/upload", methods=['POST'])
+        def upload(slug_candidate):
+            # Note that flash strings are on English, and not translated, on purpose,
+            # to avoid leaking the locale of the OnionShare user
+            self.check_slug_candidate(slug_candidate)
+            self.common.log('Web', 'upload, request.files: {}'.format(request.files))
+
+            # Check if the post request has the file part
+            if 'file' not in request.files:
+                flash('No files were selected to upload')
+                return redirect('/{}'.format(slug_candidate))
+
+            files = request.files['file']
+            return ''
+
     def common_routes(self):
         """
         Common web app routes between sending and receiving

share/static/css/style.css

@@ -115,3 +115,15 @@ table.file-list td:last-child {
   color: #666666;
   margin: 0 0 20px 0;
 }
+
+ul.flashes {
+  list-style: none;
+  margin: 0;
+  padding: 0;
+  color: #cc0000;
+}
+
+ul.flashes li {
+  margin: 0;
+  padding: 10px;
+}

share/templates/receive.html

@@ -12,12 +12,22 @@
         <h1>OnionShare</h1>
     </header>
 
+    {% with messages = get_flashed_messages() %}
+      {% if messages %}
+        <ul class=flashes>
+        {% for message in messages %}
+          <li>{{ message }}</li>
+        {% endfor %}
+        </ul>
+      {% endif %}
+    {% endwith %}
+
     <div class="upload-wrapper">
       <div class="upload">
         <p><img class="logo" src="/static/img/logo_large.png" title="OnionShare"></p>
         <p class="upload-header">Send Files</p>
         <p class="upload-description">Select the files you want to send, then click "Send Files"...</p>
-        <form method="post" enctype="multipart/form-data" action="/{{ slug }}/">
+        <form method="post" enctype="multipart/form-data" action="/{{ slug }}/upload">
            <p><input type="file" multiple /></p>
            <p><input type="submit" class="button" value="Upload Files" /></p>
         </form>