From 50b2311409cd93814324a4570e8bdc5d032748c8 Mon Sep 17 00:00:00 2001 From: Micah Lee Date: Wed, 29 May 2019 18:21:53 -0700 Subject: [PATCH] Generate a new static_url_path each time the server is stopped and started again --- onionshare/web/web.py | 18 +++++++++++++----- onionshare_gui/threads.py | 3 +++ 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/onionshare/web/web.py b/onionshare/web/web.py index c6e902ed..1e040b54 100644 --- a/onionshare/web/web.py +++ b/onionshare/web/web.py @@ -51,16 +51,12 @@ class Web(object): self.common = common self.common.log('Web', '__init__', 'is_gui={}, mode={}'.format(is_gui, mode)) - # The static URL path has a 128-bit random number in it to avoid having name - # collisions with files that might be getting shared - self.static_url_path = '/static_{}'.format(self.common.random_string(16)) - # The flask app self.app = Flask(__name__, - static_url_path=self.static_url_path, static_folder=self.common.get_resource_path('static'), template_folder=self.common.get_resource_path('templates')) self.app.secret_key = self.common.random_string(8) + self.generate_static_url_path() self.auth = HTTPBasicAuth() self.auth.error_handler(self.error401) @@ -238,6 +234,18 @@ class Web(object): self.password = self.common.build_password() self.common.log('Web', 'generate_password', 'built random password: "{}"'.format(self.password)) + def generate_static_url_path(self): + # The static URL path has a 128-bit random number in it to avoid having name + # collisions with files that might be getting shared + self.static_url_path = '/static_{}'.format(self.common.random_string(16)) + self.common.log('Web', 'generate_static_url_path', 'new static_url_path is {}'.format(self.static_url_path)) + + # Update the flask route to handle the new static URL path + self.app.static_url_path = self.static_url_path + self.app.add_url_rule( + self.static_url_path + '/', + endpoint='static', view_func=self.app.send_static_file) + def verbose_mode(self): """ Turn on verbose mode, which will log flask errors to a file. diff --git a/onionshare_gui/threads.py b/onionshare_gui/threads.py index bee1b6bc..57e0f0af 100644 --- a/onionshare_gui/threads.py +++ b/onionshare_gui/threads.py @@ -42,6 +42,9 @@ class OnionThread(QtCore.QThread): def run(self): self.mode.common.log('OnionThread', 'run') + # Make a new static URL path for each new share + self.mode.web.generate_static_url_path() + # Choose port and password early, because we need them to exist in advance for scheduled shares self.mode.app.stay_open = not self.mode.common.settings.get('close_after_first_download') if not self.mode.app.port: