mirror of
https://github.com/onionshare/onionshare.git
synced 2025-02-26 09:21:23 -05:00
Merge pull request #774 from micahflee/663_zip_away
Don't zip if only sharing one file, and big refactor of web module
This commit is contained in:
commit
bddddff546
@ -65,13 +65,18 @@ def main(cwd=None):
|
||||
receive = bool(args.receive)
|
||||
config = args.config
|
||||
|
||||
if receive:
|
||||
mode = 'receive'
|
||||
else:
|
||||
mode = 'share'
|
||||
|
||||
# Make sure filenames given if not using receiver mode
|
||||
if not receive and len(filenames) == 0:
|
||||
if mode == 'share' and len(filenames) == 0:
|
||||
parser.print_help()
|
||||
sys.exit()
|
||||
|
||||
# Validate filenames
|
||||
if not receive:
|
||||
if mode == 'share':
|
||||
valid = True
|
||||
for filename in filenames:
|
||||
if not os.path.isfile(filename) and not os.path.isdir(filename):
|
||||
@ -90,7 +95,7 @@ def main(cwd=None):
|
||||
common.debug = debug
|
||||
|
||||
# Create the Web object
|
||||
web = Web(common, False, receive)
|
||||
web = Web(common, False, mode)
|
||||
|
||||
# Start the Onion object
|
||||
onion = Onion(common)
|
||||
@ -116,20 +121,21 @@ def main(cwd=None):
|
||||
print(e.args[0])
|
||||
sys.exit()
|
||||
|
||||
# Prepare files to share
|
||||
print(strings._("preparing_files"))
|
||||
try:
|
||||
web.set_file_info(filenames)
|
||||
app.cleanup_filenames.append(web.zip_filename)
|
||||
except OSError as e:
|
||||
print(e.strerror)
|
||||
sys.exit(1)
|
||||
if mode == 'share':
|
||||
# Prepare files to share
|
||||
print(strings._("preparing_files"))
|
||||
try:
|
||||
web.share_mode.set_file_info(filenames)
|
||||
app.cleanup_filenames += web.share_mode.cleanup_filenames
|
||||
except OSError as e:
|
||||
print(e.strerror)
|
||||
sys.exit(1)
|
||||
|
||||
# Warn about sending large files over Tor
|
||||
if web.zip_filesize >= 157286400: # 150mb
|
||||
print('')
|
||||
print(strings._("large_filesize"))
|
||||
print('')
|
||||
# Warn about sending large files over Tor
|
||||
if web.share_mode.download_filesize >= 157286400: # 150mb
|
||||
print('')
|
||||
print(strings._("large_filesize"))
|
||||
print('')
|
||||
|
||||
# Start OnionShare http service in new thread
|
||||
t = threading.Thread(target=web.start, args=(app.port, stay_open, common.settings.get('public_mode'), common.settings.get('slug')))
|
||||
@ -157,7 +163,7 @@ def main(cwd=None):
|
||||
url = 'http://{0:s}/{1:s}'.format(app.onion_host, web.slug)
|
||||
|
||||
print('')
|
||||
if receive:
|
||||
if mode == 'receive':
|
||||
print(strings._('receive_mode_downloads_dir').format(common.settings.get('downloads_dir')))
|
||||
print('')
|
||||
print(strings._('receive_mode_warning'))
|
||||
@ -186,11 +192,12 @@ def main(cwd=None):
|
||||
if app.shutdown_timeout > 0:
|
||||
# if the shutdown timer was set and has run out, stop the server
|
||||
if not app.shutdown_timer.is_alive():
|
||||
# If there were no attempts to download the share, or all downloads are done, we can stop
|
||||
if web.download_count == 0 or web.done:
|
||||
print(strings._("close_on_timeout"))
|
||||
web.stop(app.port)
|
||||
break
|
||||
if mode == 'share':
|
||||
# If there were no attempts to download the share, or all downloads are done, we can stop
|
||||
if web.share_mode.download_count == 0 or web.done:
|
||||
print(strings._("close_on_timeout"))
|
||||
web.stop(app.port)
|
||||
break
|
||||
# Allow KeyboardInterrupt exception to be handled with threads
|
||||
# https://stackoverflow.com/questions/3788208/python-threading-ignores-keyboardinterrupt-exception
|
||||
time.sleep(0.2)
|
||||
|
@ -1,864 +0,0 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
"""
|
||||
OnionShare | https://onionshare.org/
|
||||
|
||||
Copyright (C) 2014-2018 Micah Lee <micah@micahflee.com>
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
"""
|
||||
|
||||
import hmac
|
||||
import logging
|
||||
import mimetypes
|
||||
import os
|
||||
import queue
|
||||
import socket
|
||||
import sys
|
||||
import tempfile
|
||||
import zipfile
|
||||
import re
|
||||
import io
|
||||
from distutils.version import LooseVersion as Version
|
||||
from urllib.request import urlopen
|
||||
from datetime import datetime
|
||||
|
||||
import flask
|
||||
from flask import (
|
||||
Flask, Response, Request, request, render_template, abort, make_response,
|
||||
flash, redirect, __version__ as flask_version
|
||||
)
|
||||
from werkzeug.utils import secure_filename
|
||||
|
||||
from . import strings
|
||||
from .common import DownloadsDirErrorCannotCreate, DownloadsDirErrorNotWritable
|
||||
|
||||
|
||||
# Stub out flask's show_server_banner function, to avoiding showing warnings that
|
||||
# are not applicable to OnionShare
|
||||
def stubbed_show_server_banner(env, debug, app_import_path, eager_loading):
|
||||
pass
|
||||
|
||||
flask.cli.show_server_banner = stubbed_show_server_banner
|
||||
|
||||
|
||||
class Web(object):
|
||||
"""
|
||||
The Web object is the OnionShare web server, powered by flask
|
||||
"""
|
||||
REQUEST_LOAD = 0
|
||||
REQUEST_STARTED = 1
|
||||
REQUEST_PROGRESS = 2
|
||||
REQUEST_OTHER = 3
|
||||
REQUEST_CANCELED = 4
|
||||
REQUEST_RATE_LIMIT = 5
|
||||
REQUEST_CLOSE_SERVER = 6
|
||||
REQUEST_UPLOAD_FILE_RENAMED = 7
|
||||
REQUEST_UPLOAD_FINISHED = 8
|
||||
REQUEST_ERROR_DOWNLOADS_DIR_CANNOT_CREATE = 9
|
||||
REQUEST_ERROR_DOWNLOADS_DIR_NOT_WRITABLE = 10
|
||||
|
||||
def __init__(self, common, gui_mode, receive_mode=False):
|
||||
self.common = common
|
||||
|
||||
# The flask app
|
||||
self.app = Flask(__name__,
|
||||
static_folder=self.common.get_resource_path('static'),
|
||||
template_folder=self.common.get_resource_path('templates'))
|
||||
self.app.secret_key = self.common.random_string(8)
|
||||
|
||||
# Debug mode?
|
||||
if self.common.debug:
|
||||
self.debug_mode()
|
||||
|
||||
# Are we running in GUI mode?
|
||||
self.gui_mode = gui_mode
|
||||
|
||||
# Are we using receive mode?
|
||||
self.receive_mode = receive_mode
|
||||
if self.receive_mode:
|
||||
# Use custom WSGI middleware, to modify environ
|
||||
self.app.wsgi_app = ReceiveModeWSGIMiddleware(self.app.wsgi_app, self)
|
||||
# Use a custom Request class to track upload progess
|
||||
self.app.request_class = ReceiveModeRequest
|
||||
|
||||
# Starting in Flask 0.11, render_template_string autoescapes template variables
|
||||
# by default. To prevent content injection through template variables in
|
||||
# earlier versions of Flask, we force autoescaping in the Jinja2 template
|
||||
# engine if we detect a Flask version with insecure default behavior.
|
||||
if Version(flask_version) < Version('0.11'):
|
||||
# Monkey-patch in the fix from https://github.com/pallets/flask/commit/99c99c4c16b1327288fd76c44bc8635a1de452bc
|
||||
Flask.select_jinja_autoescape = self._safe_select_jinja_autoescape
|
||||
|
||||
# Information about the file
|
||||
self.file_info = []
|
||||
self.zip_filename = None
|
||||
self.zip_filesize = None
|
||||
self.zip_writer = None
|
||||
|
||||
self.security_headers = [
|
||||
('Content-Security-Policy', 'default-src \'self\'; style-src \'self\'; script-src \'self\'; img-src \'self\' data:;'),
|
||||
('X-Frame-Options', 'DENY'),
|
||||
('X-Xss-Protection', '1; mode=block'),
|
||||
('X-Content-Type-Options', 'nosniff'),
|
||||
('Referrer-Policy', 'no-referrer'),
|
||||
('Server', 'OnionShare')
|
||||
]
|
||||
|
||||
self.q = queue.Queue()
|
||||
|
||||
self.slug = None
|
||||
|
||||
self.download_count = 0
|
||||
self.upload_count = 0
|
||||
|
||||
self.error404_count = 0
|
||||
|
||||
# If "Stop After First Download" is checked (stay_open == False), only allow
|
||||
# one download at a time.
|
||||
self.download_in_progress = False
|
||||
|
||||
self.done = False
|
||||
|
||||
# If the client closes the OnionShare window while a download is in progress,
|
||||
# it should immediately stop serving the file. The client_cancel global is
|
||||
# used to tell the download function that the client is canceling the download.
|
||||
self.client_cancel = False
|
||||
|
||||
# shutting down the server only works within the context of flask, so the easiest way to do it is over http
|
||||
self.shutdown_slug = self.common.random_string(16)
|
||||
|
||||
# Keep track if the server is running
|
||||
self.running = False
|
||||
|
||||
# Define the ewb app routes
|
||||
self.common_routes()
|
||||
if self.receive_mode:
|
||||
self.receive_routes()
|
||||
else:
|
||||
self.send_routes()
|
||||
|
||||
def send_routes(self):
|
||||
"""
|
||||
The web app routes for sharing files
|
||||
"""
|
||||
@self.app.route("/<slug_candidate>")
|
||||
def index(slug_candidate):
|
||||
self.check_slug_candidate(slug_candidate)
|
||||
return index_logic()
|
||||
|
||||
@self.app.route("/")
|
||||
def index_public():
|
||||
if not self.common.settings.get('public_mode'):
|
||||
return self.error404()
|
||||
return index_logic()
|
||||
|
||||
def index_logic(slug_candidate=''):
|
||||
"""
|
||||
Render the template for the onionshare landing page.
|
||||
"""
|
||||
self.add_request(Web.REQUEST_LOAD, request.path)
|
||||
|
||||
# Deny new downloads if "Stop After First Download" is checked and there is
|
||||
# currently a download
|
||||
deny_download = not self.stay_open and self.download_in_progress
|
||||
if deny_download:
|
||||
r = make_response(render_template('denied.html'))
|
||||
return self.add_security_headers(r)
|
||||
|
||||
# If download is allowed to continue, serve download page
|
||||
if self.slug:
|
||||
r = make_response(render_template(
|
||||
'send.html',
|
||||
slug=self.slug,
|
||||
file_info=self.file_info,
|
||||
filename=os.path.basename(self.zip_filename),
|
||||
filesize=self.zip_filesize,
|
||||
filesize_human=self.common.human_readable_filesize(self.zip_filesize)))
|
||||
else:
|
||||
# If download is allowed to continue, serve download page
|
||||
r = make_response(render_template(
|
||||
'send.html',
|
||||
file_info=self.file_info,
|
||||
filename=os.path.basename(self.zip_filename),
|
||||
filesize=self.zip_filesize,
|
||||
filesize_human=self.common.human_readable_filesize(self.zip_filesize)))
|
||||
return self.add_security_headers(r)
|
||||
|
||||
@self.app.route("/<slug_candidate>/download")
|
||||
def download(slug_candidate):
|
||||
self.check_slug_candidate(slug_candidate)
|
||||
return download_logic()
|
||||
|
||||
@self.app.route("/download")
|
||||
def download_public():
|
||||
if not self.common.settings.get('public_mode'):
|
||||
return self.error404()
|
||||
return download_logic()
|
||||
|
||||
def download_logic(slug_candidate=''):
|
||||
"""
|
||||
Download the zip file.
|
||||
"""
|
||||
# Deny new downloads if "Stop After First Download" is checked and there is
|
||||
# currently a download
|
||||
deny_download = not self.stay_open and self.download_in_progress
|
||||
if deny_download:
|
||||
r = make_response(render_template('denied.html'))
|
||||
return self.add_security_headers(r)
|
||||
|
||||
# Each download has a unique id
|
||||
download_id = self.download_count
|
||||
self.download_count += 1
|
||||
|
||||
# Prepare some variables to use inside generate() function below
|
||||
# which is outside of the request context
|
||||
shutdown_func = request.environ.get('werkzeug.server.shutdown')
|
||||
path = request.path
|
||||
|
||||
# Tell GUI the download started
|
||||
self.add_request(Web.REQUEST_STARTED, path, {
|
||||
'id': download_id}
|
||||
)
|
||||
|
||||
dirname = os.path.dirname(self.zip_filename)
|
||||
basename = os.path.basename(self.zip_filename)
|
||||
|
||||
def generate():
|
||||
# The user hasn't canceled the download
|
||||
self.client_cancel = False
|
||||
|
||||
# Starting a new download
|
||||
if not self.stay_open:
|
||||
self.download_in_progress = True
|
||||
|
||||
chunk_size = 102400 # 100kb
|
||||
|
||||
fp = open(self.zip_filename, 'rb')
|
||||
self.done = False
|
||||
canceled = False
|
||||
while not self.done:
|
||||
# The user has canceled the download, so stop serving the file
|
||||
if self.client_cancel:
|
||||
self.add_request(Web.REQUEST_CANCELED, path, {
|
||||
'id': download_id
|
||||
})
|
||||
break
|
||||
|
||||
chunk = fp.read(chunk_size)
|
||||
if chunk == b'':
|
||||
self.done = True
|
||||
else:
|
||||
try:
|
||||
yield chunk
|
||||
|
||||
# tell GUI the progress
|
||||
downloaded_bytes = fp.tell()
|
||||
percent = (1.0 * downloaded_bytes / self.zip_filesize) * 100
|
||||
|
||||
# only output to stdout if running onionshare in CLI mode, or if using Linux (#203, #304)
|
||||
if not self.gui_mode or self.common.platform == 'Linux' or self.common.platform == 'BSD':
|
||||
sys.stdout.write(
|
||||
"\r{0:s}, {1:.2f}% ".format(self.common.human_readable_filesize(downloaded_bytes), percent))
|
||||
sys.stdout.flush()
|
||||
|
||||
self.add_request(Web.REQUEST_PROGRESS, path, {
|
||||
'id': download_id,
|
||||
'bytes': downloaded_bytes
|
||||
})
|
||||
self.done = False
|
||||
except:
|
||||
# looks like the download was canceled
|
||||
self.done = True
|
||||
canceled = True
|
||||
|
||||
# tell the GUI the download has canceled
|
||||
self.add_request(Web.REQUEST_CANCELED, path, {
|
||||
'id': download_id
|
||||
})
|
||||
|
||||
fp.close()
|
||||
|
||||
if self.common.platform != 'Darwin':
|
||||
sys.stdout.write("\n")
|
||||
|
||||
# Download is finished
|
||||
if not self.stay_open:
|
||||
self.download_in_progress = False
|
||||
|
||||
# Close the server, if necessary
|
||||
if not self.stay_open and not canceled:
|
||||
print(strings._("closing_automatically"))
|
||||
self.running = False
|
||||
try:
|
||||
if shutdown_func is None:
|
||||
raise RuntimeError('Not running with the Werkzeug Server')
|
||||
shutdown_func()
|
||||
except:
|
||||
pass
|
||||
|
||||
r = Response(generate())
|
||||
r.headers.set('Content-Length', self.zip_filesize)
|
||||
r.headers.set('Content-Disposition', 'attachment', filename=basename)
|
||||
r = self.add_security_headers(r)
|
||||
# guess content type
|
||||
(content_type, _) = mimetypes.guess_type(basename, strict=False)
|
||||
if content_type is not None:
|
||||
r.headers.set('Content-Type', content_type)
|
||||
return r
|
||||
|
||||
def receive_routes(self):
|
||||
"""
|
||||
The web app routes for receiving files
|
||||
"""
|
||||
def index_logic():
|
||||
self.add_request(Web.REQUEST_LOAD, request.path)
|
||||
|
||||
if self.common.settings.get('public_mode'):
|
||||
upload_action = '/upload'
|
||||
close_action = '/close'
|
||||
else:
|
||||
upload_action = '/{}/upload'.format(self.slug)
|
||||
close_action = '/{}/close'.format(self.slug)
|
||||
|
||||
r = make_response(render_template(
|
||||
'receive.html',
|
||||
upload_action=upload_action,
|
||||
close_action=close_action,
|
||||
receive_allow_receiver_shutdown=self.common.settings.get('receive_allow_receiver_shutdown')))
|
||||
return self.add_security_headers(r)
|
||||
|
||||
@self.app.route("/<slug_candidate>")
|
||||
def index(slug_candidate):
|
||||
self.check_slug_candidate(slug_candidate)
|
||||
return index_logic()
|
||||
|
||||
@self.app.route("/")
|
||||
def index_public():
|
||||
if not self.common.settings.get('public_mode'):
|
||||
return self.error404()
|
||||
return index_logic()
|
||||
|
||||
|
||||
def upload_logic(slug_candidate=''):
|
||||
"""
|
||||
Upload files.
|
||||
"""
|
||||
# Make sure downloads_dir exists
|
||||
valid = True
|
||||
try:
|
||||
self.common.validate_downloads_dir()
|
||||
except DownloadsDirErrorCannotCreate:
|
||||
self.add_request(Web.REQUEST_ERROR_DOWNLOADS_DIR_CANNOT_CREATE, request.path)
|
||||
print(strings._('error_cannot_create_downloads_dir').format(self.common.settings.get('downloads_dir')))
|
||||
valid = False
|
||||
except DownloadsDirErrorNotWritable:
|
||||
self.add_request(Web.REQUEST_ERROR_DOWNLOADS_DIR_NOT_WRITABLE, request.path)
|
||||
print(strings._('error_downloads_dir_not_writable').format(self.common.settings.get('downloads_dir')))
|
||||
valid = False
|
||||
if not valid:
|
||||
flash('Error uploading, please inform the OnionShare user', 'error')
|
||||
if self.common.settings.get('public_mode'):
|
||||
return redirect('/')
|
||||
else:
|
||||
return redirect('/{}'.format(slug_candidate))
|
||||
|
||||
files = request.files.getlist('file[]')
|
||||
filenames = []
|
||||
print('')
|
||||
for f in files:
|
||||
if f.filename != '':
|
||||
# Automatically rename the file, if a file of the same name already exists
|
||||
filename = secure_filename(f.filename)
|
||||
filenames.append(filename)
|
||||
local_path = os.path.join(self.common.settings.get('downloads_dir'), filename)
|
||||
if os.path.exists(local_path):
|
||||
if '.' in filename:
|
||||
# Add "-i", e.g. change "foo.txt" to "foo-2.txt"
|
||||
parts = filename.split('.')
|
||||
name = parts[:-1]
|
||||
ext = parts[-1]
|
||||
|
||||
i = 2
|
||||
valid = False
|
||||
while not valid:
|
||||
new_filename = '{}-{}.{}'.format('.'.join(name), i, ext)
|
||||
local_path = os.path.join(self.common.settings.get('downloads_dir'), new_filename)
|
||||
if os.path.exists(local_path):
|
||||
i += 1
|
||||
else:
|
||||
valid = True
|
||||
else:
|
||||
# If no extension, just add "-i", e.g. change "foo" to "foo-2"
|
||||
i = 2
|
||||
valid = False
|
||||
while not valid:
|
||||
new_filename = '{}-{}'.format(filename, i)
|
||||
local_path = os.path.join(self.common.settings.get('downloads_dir'), new_filename)
|
||||
if os.path.exists(local_path):
|
||||
i += 1
|
||||
else:
|
||||
valid = True
|
||||
|
||||
basename = os.path.basename(local_path)
|
||||
if f.filename != basename:
|
||||
# Tell the GUI that the file has changed names
|
||||
self.add_request(Web.REQUEST_UPLOAD_FILE_RENAMED, request.path, {
|
||||
'id': request.upload_id,
|
||||
'old_filename': f.filename,
|
||||
'new_filename': basename
|
||||
})
|
||||
|
||||
self.common.log('Web', 'receive_routes', '/upload, uploaded {}, saving to {}'.format(f.filename, local_path))
|
||||
print(strings._('receive_mode_received_file').format(local_path))
|
||||
f.save(local_path)
|
||||
|
||||
# Note that flash strings are on English, and not translated, on purpose,
|
||||
# to avoid leaking the locale of the OnionShare user
|
||||
if len(filenames) == 0:
|
||||
flash('No files uploaded', 'info')
|
||||
else:
|
||||
for filename in filenames:
|
||||
flash('Sent {}'.format(filename), 'info')
|
||||
|
||||
if self.common.settings.get('public_mode'):
|
||||
return redirect('/')
|
||||
else:
|
||||
return redirect('/{}'.format(slug_candidate))
|
||||
|
||||
@self.app.route("/<slug_candidate>/upload", methods=['POST'])
|
||||
def upload(slug_candidate):
|
||||
self.check_slug_candidate(slug_candidate)
|
||||
return upload_logic(slug_candidate)
|
||||
|
||||
@self.app.route("/upload", methods=['POST'])
|
||||
def upload_public():
|
||||
if not self.common.settings.get('public_mode'):
|
||||
return self.error404()
|
||||
return upload_logic()
|
||||
|
||||
|
||||
def close_logic(slug_candidate=''):
|
||||
if self.common.settings.get('receive_allow_receiver_shutdown'):
|
||||
self.force_shutdown()
|
||||
r = make_response(render_template('closed.html'))
|
||||
self.add_request(Web.REQUEST_CLOSE_SERVER, request.path)
|
||||
return self.add_security_headers(r)
|
||||
else:
|
||||
return redirect('/{}'.format(slug_candidate))
|
||||
|
||||
@self.app.route("/<slug_candidate>/close", methods=['POST'])
|
||||
def close(slug_candidate):
|
||||
self.check_slug_candidate(slug_candidate)
|
||||
return close_logic(slug_candidate)
|
||||
|
||||
@self.app.route("/close", methods=['POST'])
|
||||
def close_public():
|
||||
if not self.common.settings.get('public_mode'):
|
||||
return self.error404()
|
||||
return close_logic()
|
||||
|
||||
def common_routes(self):
|
||||
"""
|
||||
Common web app routes between sending and receiving
|
||||
"""
|
||||
@self.app.errorhandler(404)
|
||||
def page_not_found(e):
|
||||
"""
|
||||
404 error page.
|
||||
"""
|
||||
return self.error404()
|
||||
|
||||
@self.app.route("/<slug_candidate>/shutdown")
|
||||
def shutdown(slug_candidate):
|
||||
"""
|
||||
Stop the flask web server, from the context of an http request.
|
||||
"""
|
||||
self.check_shutdown_slug_candidate(slug_candidate)
|
||||
self.force_shutdown()
|
||||
return ""
|
||||
|
||||
def error404(self):
|
||||
self.add_request(Web.REQUEST_OTHER, request.path)
|
||||
if request.path != '/favicon.ico':
|
||||
self.error404_count += 1
|
||||
|
||||
# In receive mode, with public mode enabled, skip rate limiting 404s
|
||||
if not self.common.settings.get('public_mode'):
|
||||
if self.error404_count == 20:
|
||||
self.add_request(Web.REQUEST_RATE_LIMIT, request.path)
|
||||
self.force_shutdown()
|
||||
print(strings._('error_rate_limit'))
|
||||
|
||||
r = make_response(render_template('404.html'), 404)
|
||||
return self.add_security_headers(r)
|
||||
|
||||
def add_security_headers(self, r):
|
||||
"""
|
||||
Add security headers to a request
|
||||
"""
|
||||
for header, value in self.security_headers:
|
||||
r.headers.set(header, value)
|
||||
return r
|
||||
|
||||
def set_file_info(self, filenames, processed_size_callback=None):
|
||||
"""
|
||||
Using the list of filenames being shared, fill in details that the web
|
||||
page will need to display. This includes zipping up the file in order to
|
||||
get the zip file's name and size.
|
||||
"""
|
||||
self.cancel_compression = False
|
||||
|
||||
# build file info list
|
||||
self.file_info = {'files': [], 'dirs': []}
|
||||
for filename in filenames:
|
||||
info = {
|
||||
'filename': filename,
|
||||
'basename': os.path.basename(filename.rstrip('/'))
|
||||
}
|
||||
if os.path.isfile(filename):
|
||||
info['size'] = os.path.getsize(filename)
|
||||
info['size_human'] = self.common.human_readable_filesize(info['size'])
|
||||
self.file_info['files'].append(info)
|
||||
if os.path.isdir(filename):
|
||||
info['size'] = self.common.dir_size(filename)
|
||||
info['size_human'] = self.common.human_readable_filesize(info['size'])
|
||||
self.file_info['dirs'].append(info)
|
||||
self.file_info['files'] = sorted(self.file_info['files'], key=lambda k: k['basename'])
|
||||
self.file_info['dirs'] = sorted(self.file_info['dirs'], key=lambda k: k['basename'])
|
||||
|
||||
# Zip up the files and folders
|
||||
self.zip_writer = ZipWriter(self.common, processed_size_callback=processed_size_callback)
|
||||
self.zip_filename = self.zip_writer.zip_filename
|
||||
for info in self.file_info['files']:
|
||||
self.zip_writer.add_file(info['filename'])
|
||||
# Canceling early?
|
||||
if self.cancel_compression:
|
||||
self.zip_writer.close()
|
||||
return False
|
||||
|
||||
for info in self.file_info['dirs']:
|
||||
if not self.zip_writer.add_dir(info['filename']):
|
||||
return False
|
||||
|
||||
self.zip_writer.close()
|
||||
self.zip_filesize = os.path.getsize(self.zip_filename)
|
||||
return True
|
||||
|
||||
def _safe_select_jinja_autoescape(self, filename):
|
||||
if filename is None:
|
||||
return True
|
||||
return filename.endswith(('.html', '.htm', '.xml', '.xhtml'))
|
||||
|
||||
def add_request(self, request_type, path, data=None):
|
||||
"""
|
||||
Add a request to the queue, to communicate with the GUI.
|
||||
"""
|
||||
self.q.put({
|
||||
'type': request_type,
|
||||
'path': path,
|
||||
'data': data
|
||||
})
|
||||
|
||||
def generate_slug(self, persistent_slug=None):
|
||||
self.common.log('Web', 'generate_slug', 'persistent_slug={}'.format(persistent_slug))
|
||||
if persistent_slug != None and persistent_slug != '':
|
||||
self.slug = persistent_slug
|
||||
self.common.log('Web', 'generate_slug', 'persistent_slug sent, so slug is: "{}"'.format(self.slug))
|
||||
else:
|
||||
self.slug = self.common.build_slug()
|
||||
self.common.log('Web', 'generate_slug', 'built random slug: "{}"'.format(self.slug))
|
||||
|
||||
def debug_mode(self):
|
||||
"""
|
||||
Turn on debugging mode, which will log flask errors to a debug file.
|
||||
"""
|
||||
temp_dir = tempfile.gettempdir()
|
||||
log_handler = logging.FileHandler(
|
||||
os.path.join(temp_dir, 'onionshare_server.log'))
|
||||
log_handler.setLevel(logging.WARNING)
|
||||
self.app.logger.addHandler(log_handler)
|
||||
|
||||
def check_slug_candidate(self, slug_candidate):
|
||||
self.common.log('Web', 'check_slug_candidate: slug_candidate={}'.format(slug_candidate))
|
||||
if self.common.settings.get('public_mode'):
|
||||
abort(404)
|
||||
if not hmac.compare_digest(self.slug, slug_candidate):
|
||||
abort(404)
|
||||
|
||||
def check_shutdown_slug_candidate(self, slug_candidate):
|
||||
self.common.log('Web', 'check_shutdown_slug_candidate: slug_candidate={}'.format(slug_candidate))
|
||||
if not hmac.compare_digest(self.shutdown_slug, slug_candidate):
|
||||
abort(404)
|
||||
|
||||
def force_shutdown(self):
|
||||
"""
|
||||
Stop the flask web server, from the context of the flask app.
|
||||
"""
|
||||
# Shutdown the flask service
|
||||
try:
|
||||
func = request.environ.get('werkzeug.server.shutdown')
|
||||
if func is None:
|
||||
raise RuntimeError('Not running with the Werkzeug Server')
|
||||
func()
|
||||
except:
|
||||
pass
|
||||
self.running = False
|
||||
|
||||
def start(self, port, stay_open=False, public_mode=False, persistent_slug=None):
|
||||
"""
|
||||
Start the flask web server.
|
||||
"""
|
||||
self.common.log('Web', 'start', 'port={}, stay_open={}, public_mode={}, persistent_slug={}'.format(port, stay_open, public_mode, persistent_slug))
|
||||
if not public_mode:
|
||||
self.generate_slug(persistent_slug)
|
||||
|
||||
self.stay_open = stay_open
|
||||
|
||||
# In Whonix, listen on 0.0.0.0 instead of 127.0.0.1 (#220)
|
||||
if os.path.exists('/usr/share/anon-ws-base-files/workstation'):
|
||||
host = '0.0.0.0'
|
||||
else:
|
||||
host = '127.0.0.1'
|
||||
|
||||
self.running = True
|
||||
self.app.run(host=host, port=port, threaded=True)
|
||||
|
||||
def stop(self, port):
|
||||
"""
|
||||
Stop the flask web server by loading /shutdown.
|
||||
"""
|
||||
|
||||
# If the user cancels the download, let the download function know to stop
|
||||
# serving the file
|
||||
self.client_cancel = True
|
||||
|
||||
# To stop flask, load http://127.0.0.1:<port>/<shutdown_slug>/shutdown
|
||||
if self.running:
|
||||
try:
|
||||
s = socket.socket()
|
||||
s.connect(('127.0.0.1', port))
|
||||
s.sendall('GET /{0:s}/shutdown HTTP/1.1\r\n\r\n'.format(self.shutdown_slug))
|
||||
except:
|
||||
try:
|
||||
urlopen('http://127.0.0.1:{0:d}/{1:s}/shutdown'.format(port, self.shutdown_slug)).read()
|
||||
except:
|
||||
pass
|
||||
|
||||
|
||||
class ZipWriter(object):
|
||||
"""
|
||||
ZipWriter accepts files and directories and compresses them into a zip file
|
||||
with. If a zip_filename is not passed in, it will use the default onionshare
|
||||
filename.
|
||||
"""
|
||||
def __init__(self, common, zip_filename=None, processed_size_callback=None):
|
||||
self.common = common
|
||||
self.cancel_compression = False
|
||||
|
||||
if zip_filename:
|
||||
self.zip_filename = zip_filename
|
||||
else:
|
||||
self.zip_filename = '{0:s}/onionshare_{1:s}.zip'.format(tempfile.mkdtemp(), self.common.random_string(4, 6))
|
||||
|
||||
self.z = zipfile.ZipFile(self.zip_filename, 'w', allowZip64=True)
|
||||
self.processed_size_callback = processed_size_callback
|
||||
if self.processed_size_callback is None:
|
||||
self.processed_size_callback = lambda _: None
|
||||
self._size = 0
|
||||
self.processed_size_callback(self._size)
|
||||
|
||||
def add_file(self, filename):
|
||||
"""
|
||||
Add a file to the zip archive.
|
||||
"""
|
||||
self.z.write(filename, os.path.basename(filename), zipfile.ZIP_DEFLATED)
|
||||
self._size += os.path.getsize(filename)
|
||||
self.processed_size_callback(self._size)
|
||||
|
||||
def add_dir(self, filename):
|
||||
"""
|
||||
Add a directory, and all of its children, to the zip archive.
|
||||
"""
|
||||
dir_to_strip = os.path.dirname(filename.rstrip('/'))+'/'
|
||||
for dirpath, dirnames, filenames in os.walk(filename):
|
||||
for f in filenames:
|
||||
# Canceling early?
|
||||
if self.cancel_compression:
|
||||
return False
|
||||
|
||||
full_filename = os.path.join(dirpath, f)
|
||||
if not os.path.islink(full_filename):
|
||||
arc_filename = full_filename[len(dir_to_strip):]
|
||||
self.z.write(full_filename, arc_filename, zipfile.ZIP_DEFLATED)
|
||||
self._size += os.path.getsize(full_filename)
|
||||
self.processed_size_callback(self._size)
|
||||
|
||||
return True
|
||||
|
||||
def close(self):
|
||||
"""
|
||||
Close the zip archive.
|
||||
"""
|
||||
self.z.close()
|
||||
|
||||
|
||||
class ReceiveModeWSGIMiddleware(object):
|
||||
"""
|
||||
Custom WSGI middleware in order to attach the Web object to environ, so
|
||||
ReceiveModeRequest can access it.
|
||||
"""
|
||||
def __init__(self, app, web):
|
||||
self.app = app
|
||||
self.web = web
|
||||
|
||||
def __call__(self, environ, start_response):
|
||||
environ['web'] = self.web
|
||||
return self.app(environ, start_response)
|
||||
|
||||
|
||||
class ReceiveModeTemporaryFile(object):
|
||||
"""
|
||||
A custom TemporaryFile that tells ReceiveModeRequest every time data gets
|
||||
written to it, in order to track the progress of uploads.
|
||||
"""
|
||||
def __init__(self, filename, write_func, close_func):
|
||||
self.onionshare_filename = filename
|
||||
self.onionshare_write_func = write_func
|
||||
self.onionshare_close_func = close_func
|
||||
|
||||
# Create a temporary file
|
||||
self.f = tempfile.TemporaryFile('wb+')
|
||||
|
||||
# Make all the file-like methods and attributes actually access the
|
||||
# TemporaryFile, except for write
|
||||
attrs = ['closed', 'detach', 'fileno', 'flush', 'isatty', 'mode',
|
||||
'name', 'peek', 'raw', 'read', 'read1', 'readable', 'readinto',
|
||||
'readinto1', 'readline', 'readlines', 'seek', 'seekable', 'tell',
|
||||
'truncate', 'writable', 'writelines']
|
||||
for attr in attrs:
|
||||
setattr(self, attr, getattr(self.f, attr))
|
||||
|
||||
def write(self, b):
|
||||
"""
|
||||
Custom write method that calls out to onionshare_write_func
|
||||
"""
|
||||
bytes_written = self.f.write(b)
|
||||
self.onionshare_write_func(self.onionshare_filename, bytes_written)
|
||||
|
||||
def close(self):
|
||||
"""
|
||||
Custom close method that calls out to onionshare_close_func
|
||||
"""
|
||||
self.f.close()
|
||||
self.onionshare_close_func(self.onionshare_filename)
|
||||
|
||||
|
||||
class ReceiveModeRequest(Request):
|
||||
"""
|
||||
A custom flask Request object that keeps track of how much data has been
|
||||
uploaded for each file, for receive mode.
|
||||
"""
|
||||
def __init__(self, environ, populate_request=True, shallow=False):
|
||||
super(ReceiveModeRequest, self).__init__(environ, populate_request, shallow)
|
||||
self.web = environ['web']
|
||||
|
||||
# Is this a valid upload request?
|
||||
self.upload_request = False
|
||||
if self.method == 'POST':
|
||||
if self.path == '/{}/upload'.format(self.web.slug):
|
||||
self.upload_request = True
|
||||
else:
|
||||
if self.web.common.settings.get('public_mode'):
|
||||
if self.path == '/upload':
|
||||
self.upload_request = True
|
||||
|
||||
if self.upload_request:
|
||||
# A dictionary that maps filenames to the bytes uploaded so far
|
||||
self.progress = {}
|
||||
|
||||
# Create an upload_id, attach it to the request
|
||||
self.upload_id = self.web.upload_count
|
||||
self.web.upload_count += 1
|
||||
|
||||
# Figure out the content length
|
||||
try:
|
||||
self.content_length = int(self.headers['Content-Length'])
|
||||
except:
|
||||
self.content_length = 0
|
||||
|
||||
print("{}: {}".format(
|
||||
datetime.now().strftime("%b %d, %I:%M%p"),
|
||||
strings._("receive_mode_upload_starting").format(self.web.common.human_readable_filesize(self.content_length))
|
||||
))
|
||||
|
||||
# Tell the GUI
|
||||
self.web.add_request(Web.REQUEST_STARTED, self.path, {
|
||||
'id': self.upload_id,
|
||||
'content_length': self.content_length
|
||||
})
|
||||
|
||||
self.previous_file = None
|
||||
|
||||
def _get_file_stream(self, total_content_length, content_type, filename=None, content_length=None):
|
||||
"""
|
||||
This gets called for each file that gets uploaded, and returns an file-like
|
||||
writable stream.
|
||||
"""
|
||||
if self.upload_request:
|
||||
self.progress[filename] = {
|
||||
'uploaded_bytes': 0,
|
||||
'complete': False
|
||||
}
|
||||
|
||||
return ReceiveModeTemporaryFile(filename, self.file_write_func, self.file_close_func)
|
||||
|
||||
def close(self):
|
||||
"""
|
||||
Closing the request.
|
||||
"""
|
||||
super(ReceiveModeRequest, self).close()
|
||||
if self.upload_request:
|
||||
# Inform the GUI that the upload has finished
|
||||
self.web.add_request(Web.REQUEST_UPLOAD_FINISHED, self.path, {
|
||||
'id': self.upload_id
|
||||
})
|
||||
|
||||
def file_write_func(self, filename, length):
|
||||
"""
|
||||
This function gets called when a specific file is written to.
|
||||
"""
|
||||
if self.upload_request:
|
||||
self.progress[filename]['uploaded_bytes'] += length
|
||||
|
||||
if self.previous_file != filename:
|
||||
if self.previous_file is not None:
|
||||
print('')
|
||||
self.previous_file = filename
|
||||
|
||||
print('\r=> {:15s} {}'.format(
|
||||
self.web.common.human_readable_filesize(self.progress[filename]['uploaded_bytes']),
|
||||
filename
|
||||
), end='')
|
||||
|
||||
# Update the GUI on the upload progress
|
||||
self.web.add_request(Web.REQUEST_PROGRESS, self.path, {
|
||||
'id': self.upload_id,
|
||||
'progress': self.progress
|
||||
})
|
||||
|
||||
def file_close_func(self, filename):
|
||||
"""
|
||||
This function gets called when a specific file is closed.
|
||||
"""
|
||||
self.progress[filename]['complete'] = True
|
21
onionshare/web/__init__.py
Normal file
21
onionshare/web/__init__.py
Normal file
@ -0,0 +1,21 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
"""
|
||||
OnionShare | https://onionshare.org/
|
||||
|
||||
Copyright (C) 2014-2018 Micah Lee <micah@micahflee.com>
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
"""
|
||||
|
||||
from .web import Web
|
325
onionshare/web/receive_mode.py
Normal file
325
onionshare/web/receive_mode.py
Normal file
@ -0,0 +1,325 @@
|
||||
import os
|
||||
import tempfile
|
||||
from datetime import datetime
|
||||
from flask import Request, request, render_template, make_response, flash, redirect
|
||||
from werkzeug.utils import secure_filename
|
||||
|
||||
from ..common import DownloadsDirErrorCannotCreate, DownloadsDirErrorNotWritable
|
||||
from .. import strings
|
||||
|
||||
|
||||
class ReceiveModeWeb(object):
|
||||
"""
|
||||
All of the web logic for receive mode
|
||||
"""
|
||||
def __init__(self, common, web):
|
||||
self.common = common
|
||||
self.common.log('ReceiveModeWeb', '__init__')
|
||||
|
||||
self.web = web
|
||||
|
||||
self.upload_count = 0
|
||||
|
||||
self.define_routes()
|
||||
|
||||
def define_routes(self):
|
||||
"""
|
||||
The web app routes for receiving files
|
||||
"""
|
||||
def index_logic():
|
||||
self.web.add_request(self.web.REQUEST_LOAD, request.path)
|
||||
|
||||
if self.common.settings.get('public_mode'):
|
||||
upload_action = '/upload'
|
||||
close_action = '/close'
|
||||
else:
|
||||
upload_action = '/{}/upload'.format(self.web.slug)
|
||||
close_action = '/{}/close'.format(self.web.slug)
|
||||
|
||||
r = make_response(render_template(
|
||||
'receive.html',
|
||||
upload_action=upload_action,
|
||||
close_action=close_action,
|
||||
receive_allow_receiver_shutdown=self.common.settings.get('receive_allow_receiver_shutdown')))
|
||||
return self.web.add_security_headers(r)
|
||||
|
||||
@self.web.app.route("/<slug_candidate>")
|
||||
def index(slug_candidate):
|
||||
self.web.check_slug_candidate(slug_candidate)
|
||||
return index_logic()
|
||||
|
||||
@self.web.app.route("/")
|
||||
def index_public():
|
||||
if not self.common.settings.get('public_mode'):
|
||||
return self.web.error404()
|
||||
return index_logic()
|
||||
|
||||
|
||||
def upload_logic(slug_candidate=''):
|
||||
"""
|
||||
Upload files.
|
||||
"""
|
||||
# Make sure downloads_dir exists
|
||||
valid = True
|
||||
try:
|
||||
self.common.validate_downloads_dir()
|
||||
except DownloadsDirErrorCannotCreate:
|
||||
self.web.add_request(self.web.REQUEST_ERROR_DOWNLOADS_DIR_CANNOT_CREATE, request.path)
|
||||
print(strings._('error_cannot_create_downloads_dir').format(self.common.settings.get('downloads_dir')))
|
||||
valid = False
|
||||
except DownloadsDirErrorNotWritable:
|
||||
self.web.add_request(self.web.REQUEST_ERROR_DOWNLOADS_DIR_NOT_WRITABLE, request.path)
|
||||
print(strings._('error_downloads_dir_not_writable').format(self.common.settings.get('downloads_dir')))
|
||||
valid = False
|
||||
if not valid:
|
||||
flash('Error uploading, please inform the OnionShare user', 'error')
|
||||
if self.common.settings.get('public_mode'):
|
||||
return redirect('/')
|
||||
else:
|
||||
return redirect('/{}'.format(slug_candidate))
|
||||
|
||||
files = request.files.getlist('file[]')
|
||||
filenames = []
|
||||
print('')
|
||||
for f in files:
|
||||
if f.filename != '':
|
||||
# Automatically rename the file, if a file of the same name already exists
|
||||
filename = secure_filename(f.filename)
|
||||
filenames.append(filename)
|
||||
local_path = os.path.join(self.common.settings.get('downloads_dir'), filename)
|
||||
if os.path.exists(local_path):
|
||||
if '.' in filename:
|
||||
# Add "-i", e.g. change "foo.txt" to "foo-2.txt"
|
||||
parts = filename.split('.')
|
||||
name = parts[:-1]
|
||||
ext = parts[-1]
|
||||
|
||||
i = 2
|
||||
valid = False
|
||||
while not valid:
|
||||
new_filename = '{}-{}.{}'.format('.'.join(name), i, ext)
|
||||
local_path = os.path.join(self.common.settings.get('downloads_dir'), new_filename)
|
||||
if os.path.exists(local_path):
|
||||
i += 1
|
||||
else:
|
||||
valid = True
|
||||
else:
|
||||
# If no extension, just add "-i", e.g. change "foo" to "foo-2"
|
||||
i = 2
|
||||
valid = False
|
||||
while not valid:
|
||||
new_filename = '{}-{}'.format(filename, i)
|
||||
local_path = os.path.join(self.common.settings.get('downloads_dir'), new_filename)
|
||||
if os.path.exists(local_path):
|
||||
i += 1
|
||||
else:
|
||||
valid = True
|
||||
|
||||
basename = os.path.basename(local_path)
|
||||
if f.filename != basename:
|
||||
# Tell the GUI that the file has changed names
|
||||
self.web.add_request(self.web.REQUEST_UPLOAD_FILE_RENAMED, request.path, {
|
||||
'id': request.upload_id,
|
||||
'old_filename': f.filename,
|
||||
'new_filename': basename
|
||||
})
|
||||
|
||||
self.common.log('ReceiveModeWeb', 'define_routes', '/upload, uploaded {}, saving to {}'.format(f.filename, local_path))
|
||||
print(strings._('receive_mode_received_file').format(local_path))
|
||||
f.save(local_path)
|
||||
|
||||
# Note that flash strings are on English, and not translated, on purpose,
|
||||
# to avoid leaking the locale of the OnionShare user
|
||||
if len(filenames) == 0:
|
||||
flash('No files uploaded', 'info')
|
||||
else:
|
||||
for filename in filenames:
|
||||
flash('Sent {}'.format(filename), 'info')
|
||||
|
||||
if self.common.settings.get('public_mode'):
|
||||
return redirect('/')
|
||||
else:
|
||||
return redirect('/{}'.format(slug_candidate))
|
||||
|
||||
@self.web.app.route("/<slug_candidate>/upload", methods=['POST'])
|
||||
def upload(slug_candidate):
|
||||
self.web.check_slug_candidate(slug_candidate)
|
||||
return upload_logic(slug_candidate)
|
||||
|
||||
@self.web.app.route("/upload", methods=['POST'])
|
||||
def upload_public():
|
||||
if not self.common.settings.get('public_mode'):
|
||||
return self.web.error404()
|
||||
return upload_logic()
|
||||
|
||||
|
||||
def close_logic(slug_candidate=''):
|
||||
if self.common.settings.get('receive_allow_receiver_shutdown'):
|
||||
self.web.force_shutdown()
|
||||
r = make_response(render_template('closed.html'))
|
||||
self.web.add_request(self.web.REQUEST_CLOSE_SERVER, request.path)
|
||||
return self.web.add_security_headers(r)
|
||||
else:
|
||||
return redirect('/{}'.format(slug_candidate))
|
||||
|
||||
@self.web.app.route("/<slug_candidate>/close", methods=['POST'])
|
||||
def close(slug_candidate):
|
||||
self.web.check_slug_candidate(slug_candidate)
|
||||
return close_logic(slug_candidate)
|
||||
|
||||
@self.web.app.route("/close", methods=['POST'])
|
||||
def close_public():
|
||||
if not self.common.settings.get('public_mode'):
|
||||
return self.web.error404()
|
||||
return close_logic()
|
||||
|
||||
|
||||
class ReceiveModeWSGIMiddleware(object):
|
||||
"""
|
||||
Custom WSGI middleware in order to attach the Web object to environ, so
|
||||
ReceiveModeRequest can access it.
|
||||
"""
|
||||
def __init__(self, app, web):
|
||||
self.app = app
|
||||
self.web = web
|
||||
|
||||
def __call__(self, environ, start_response):
|
||||
environ['web'] = self.web
|
||||
return self.app(environ, start_response)
|
||||
|
||||
|
||||
class ReceiveModeTemporaryFile(object):
|
||||
"""
|
||||
A custom TemporaryFile that tells ReceiveModeRequest every time data gets
|
||||
written to it, in order to track the progress of uploads.
|
||||
"""
|
||||
def __init__(self, filename, write_func, close_func):
|
||||
self.onionshare_filename = filename
|
||||
self.onionshare_write_func = write_func
|
||||
self.onionshare_close_func = close_func
|
||||
|
||||
# Create a temporary file
|
||||
self.f = tempfile.TemporaryFile('wb+')
|
||||
|
||||
# Make all the file-like methods and attributes actually access the
|
||||
# TemporaryFile, except for write
|
||||
attrs = ['closed', 'detach', 'fileno', 'flush', 'isatty', 'mode',
|
||||
'name', 'peek', 'raw', 'read', 'read1', 'readable', 'readinto',
|
||||
'readinto1', 'readline', 'readlines', 'seek', 'seekable', 'tell',
|
||||
'truncate', 'writable', 'writelines']
|
||||
for attr in attrs:
|
||||
setattr(self, attr, getattr(self.f, attr))
|
||||
|
||||
def write(self, b):
|
||||
"""
|
||||
Custom write method that calls out to onionshare_write_func
|
||||
"""
|
||||
bytes_written = self.f.write(b)
|
||||
self.onionshare_write_func(self.onionshare_filename, bytes_written)
|
||||
|
||||
def close(self):
|
||||
"""
|
||||
Custom close method that calls out to onionshare_close_func
|
||||
"""
|
||||
self.f.close()
|
||||
self.onionshare_close_func(self.onionshare_filename)
|
||||
|
||||
|
||||
class ReceiveModeRequest(Request):
|
||||
"""
|
||||
A custom flask Request object that keeps track of how much data has been
|
||||
uploaded for each file, for receive mode.
|
||||
"""
|
||||
def __init__(self, environ, populate_request=True, shallow=False):
|
||||
super(ReceiveModeRequest, self).__init__(environ, populate_request, shallow)
|
||||
self.web = environ['web']
|
||||
|
||||
# Is this a valid upload request?
|
||||
self.upload_request = False
|
||||
if self.method == 'POST':
|
||||
if self.path == '/{}/upload'.format(self.web.slug):
|
||||
self.upload_request = True
|
||||
else:
|
||||
if self.web.common.settings.get('public_mode'):
|
||||
if self.path == '/upload':
|
||||
self.upload_request = True
|
||||
|
||||
if self.upload_request:
|
||||
# A dictionary that maps filenames to the bytes uploaded so far
|
||||
self.progress = {}
|
||||
|
||||
# Create an upload_id, attach it to the request
|
||||
self.upload_id = self.upload_count
|
||||
self.upload_count += 1
|
||||
|
||||
# Figure out the content length
|
||||
try:
|
||||
self.content_length = int(self.headers['Content-Length'])
|
||||
except:
|
||||
self.content_length = 0
|
||||
|
||||
print("{}: {}".format(
|
||||
datetime.now().strftime("%b %d, %I:%M%p"),
|
||||
strings._("receive_mode_upload_starting").format(self.web.common.human_readable_filesize(self.content_length))
|
||||
))
|
||||
|
||||
# Tell the GUI
|
||||
self.web.add_request(self.web.REQUEST_STARTED, self.path, {
|
||||
'id': self.upload_id,
|
||||
'content_length': self.content_length
|
||||
})
|
||||
|
||||
self.previous_file = None
|
||||
|
||||
def _get_file_stream(self, total_content_length, content_type, filename=None, content_length=None):
|
||||
"""
|
||||
This gets called for each file that gets uploaded, and returns an file-like
|
||||
writable stream.
|
||||
"""
|
||||
if self.upload_request:
|
||||
self.progress[filename] = {
|
||||
'uploaded_bytes': 0,
|
||||
'complete': False
|
||||
}
|
||||
|
||||
return ReceiveModeTemporaryFile(filename, self.file_write_func, self.file_close_func)
|
||||
|
||||
def close(self):
|
||||
"""
|
||||
Closing the request.
|
||||
"""
|
||||
super(ReceiveModeRequest, self).close()
|
||||
if self.upload_request:
|
||||
# Inform the GUI that the upload has finished
|
||||
self.web.add_request(self.web.REQUEST_UPLOAD_FINISHED, self.path, {
|
||||
'id': self.upload_id
|
||||
})
|
||||
|
||||
def file_write_func(self, filename, length):
|
||||
"""
|
||||
This function gets called when a specific file is written to.
|
||||
"""
|
||||
if self.upload_request:
|
||||
self.progress[filename]['uploaded_bytes'] += length
|
||||
|
||||
if self.previous_file != filename:
|
||||
if self.previous_file is not None:
|
||||
print('')
|
||||
self.previous_file = filename
|
||||
|
||||
print('\r=> {:15s} {}'.format(
|
||||
self.web.common.human_readable_filesize(self.progress[filename]['uploaded_bytes']),
|
||||
filename
|
||||
), end='')
|
||||
|
||||
# Update the GUI on the upload progress
|
||||
self.web.add_request(self.web.REQUEST_PROGRESS, self.path, {
|
||||
'id': self.upload_id,
|
||||
'progress': self.progress
|
||||
})
|
||||
|
||||
def file_close_func(self, filename):
|
||||
"""
|
||||
This function gets called when a specific file is closed.
|
||||
"""
|
||||
self.progress[filename]['complete'] = True
|
384
onionshare/web/share_mode.py
Normal file
384
onionshare/web/share_mode.py
Normal file
@ -0,0 +1,384 @@
|
||||
import os
|
||||
import sys
|
||||
import tempfile
|
||||
import zipfile
|
||||
import mimetypes
|
||||
import gzip
|
||||
from flask import Response, request, render_template, make_response
|
||||
|
||||
from .. import strings
|
||||
|
||||
|
||||
class ShareModeWeb(object):
|
||||
"""
|
||||
All of the web logic for share mode
|
||||
"""
|
||||
def __init__(self, common, web):
|
||||
self.common = common
|
||||
self.common.log('ShareModeWeb', '__init__')
|
||||
|
||||
self.web = web
|
||||
|
||||
# Information about the file to be shared
|
||||
self.file_info = []
|
||||
self.is_zipped = False
|
||||
self.download_filename = None
|
||||
self.download_filesize = None
|
||||
self.gzip_filename = None
|
||||
self.gzip_filesize = None
|
||||
self.zip_writer = None
|
||||
|
||||
self.download_count = 0
|
||||
|
||||
# If "Stop After First Download" is checked (stay_open == False), only allow
|
||||
# one download at a time.
|
||||
self.download_in_progress = False
|
||||
|
||||
# If the client closes the OnionShare window while a download is in progress,
|
||||
# it should immediately stop serving the file. The client_cancel global is
|
||||
# used to tell the download function that the client is canceling the download.
|
||||
self.client_cancel = False
|
||||
|
||||
self.define_routes()
|
||||
|
||||
def define_routes(self):
|
||||
"""
|
||||
The web app routes for sharing files
|
||||
"""
|
||||
@self.web.app.route("/<slug_candidate>")
|
||||
def index(slug_candidate):
|
||||
self.web.check_slug_candidate(slug_candidate)
|
||||
return index_logic()
|
||||
|
||||
@self.web.app.route("/")
|
||||
def index_public():
|
||||
if not self.common.settings.get('public_mode'):
|
||||
return self.web.error404()
|
||||
return index_logic()
|
||||
|
||||
def index_logic(slug_candidate=''):
|
||||
"""
|
||||
Render the template for the onionshare landing page.
|
||||
"""
|
||||
self.web.add_request(self.web.REQUEST_LOAD, request.path)
|
||||
|
||||
# Deny new downloads if "Stop After First Download" is checked and there is
|
||||
# currently a download
|
||||
deny_download = not self.web.stay_open and self.download_in_progress
|
||||
if deny_download:
|
||||
r = make_response(render_template('denied.html'))
|
||||
return self.web.add_security_headers(r)
|
||||
|
||||
# If download is allowed to continue, serve download page
|
||||
if self.should_use_gzip():
|
||||
filesize = self.gzip_filesize
|
||||
else:
|
||||
filesize = self.download_filesize
|
||||
|
||||
if self.web.slug:
|
||||
r = make_response(render_template(
|
||||
'send.html',
|
||||
slug=self.web.slug,
|
||||
file_info=self.file_info,
|
||||
filename=os.path.basename(self.download_filename),
|
||||
filesize=filesize,
|
||||
filesize_human=self.common.human_readable_filesize(self.download_filesize),
|
||||
is_zipped=self.is_zipped))
|
||||
else:
|
||||
# If download is allowed to continue, serve download page
|
||||
r = make_response(render_template(
|
||||
'send.html',
|
||||
file_info=self.file_info,
|
||||
filename=os.path.basename(self.download_filename),
|
||||
filesize=filesize,
|
||||
filesize_human=self.common.human_readable_filesize(self.download_filesize),
|
||||
is_zipped=self.is_zipped))
|
||||
return self.web.add_security_headers(r)
|
||||
|
||||
@self.web.app.route("/<slug_candidate>/download")
|
||||
def download(slug_candidate):
|
||||
self.web.check_slug_candidate(slug_candidate)
|
||||
return download_logic()
|
||||
|
||||
@self.web.app.route("/download")
|
||||
def download_public():
|
||||
if not self.common.settings.get('public_mode'):
|
||||
return self.web.error404()
|
||||
return download_logic()
|
||||
|
||||
def download_logic(slug_candidate=''):
|
||||
"""
|
||||
Download the zip file.
|
||||
"""
|
||||
# Deny new downloads if "Stop After First Download" is checked and there is
|
||||
# currently a download
|
||||
deny_download = not self.web.stay_open and self.download_in_progress
|
||||
if deny_download:
|
||||
r = make_response(render_template('denied.html'))
|
||||
return self.web.add_security_headers(r)
|
||||
|
||||
# Each download has a unique id
|
||||
download_id = self.download_count
|
||||
self.download_count += 1
|
||||
|
||||
# Prepare some variables to use inside generate() function below
|
||||
# which is outside of the request context
|
||||
shutdown_func = request.environ.get('werkzeug.server.shutdown')
|
||||
path = request.path
|
||||
|
||||
# If this is a zipped file, then serve as-is. If it's not zipped, then,
|
||||
# if the http client supports gzip compression, gzip the file first
|
||||
# and serve that
|
||||
use_gzip = self.should_use_gzip()
|
||||
if use_gzip:
|
||||
file_to_download = self.gzip_filename
|
||||
filesize = self.gzip_filesize
|
||||
else:
|
||||
file_to_download = self.download_filename
|
||||
filesize = self.download_filesize
|
||||
|
||||
# Tell GUI the download started
|
||||
self.web.add_request(self.web.REQUEST_STARTED, path, {
|
||||
'id': download_id,
|
||||
'use_gzip': use_gzip
|
||||
})
|
||||
|
||||
basename = os.path.basename(self.download_filename)
|
||||
|
||||
def generate():
|
||||
# The user hasn't canceled the download
|
||||
self.client_cancel = False
|
||||
|
||||
# Starting a new download
|
||||
if not self.web.stay_open:
|
||||
self.download_in_progress = True
|
||||
|
||||
chunk_size = 102400 # 100kb
|
||||
|
||||
fp = open(file_to_download, 'rb')
|
||||
self.web.done = False
|
||||
canceled = False
|
||||
while not self.web.done:
|
||||
# The user has canceled the download, so stop serving the file
|
||||
if self.client_cancel:
|
||||
self.web.add_request(self.web.REQUEST_CANCELED, path, {
|
||||
'id': download_id
|
||||
})
|
||||
break
|
||||
|
||||
chunk = fp.read(chunk_size)
|
||||
if chunk == b'':
|
||||
self.web.done = True
|
||||
else:
|
||||
try:
|
||||
yield chunk
|
||||
|
||||
# tell GUI the progress
|
||||
downloaded_bytes = fp.tell()
|
||||
percent = (1.0 * downloaded_bytes / filesize) * 100
|
||||
|
||||
# only output to stdout if running onionshare in CLI mode, or if using Linux (#203, #304)
|
||||
if not self.web.is_gui or self.common.platform == 'Linux' or self.common.platform == 'BSD':
|
||||
sys.stdout.write(
|
||||
"\r{0:s}, {1:.2f}% ".format(self.common.human_readable_filesize(downloaded_bytes), percent))
|
||||
sys.stdout.flush()
|
||||
|
||||
self.web.add_request(self.web.REQUEST_PROGRESS, path, {
|
||||
'id': download_id,
|
||||
'bytes': downloaded_bytes
|
||||
})
|
||||
self.web.done = False
|
||||
except:
|
||||
# looks like the download was canceled
|
||||
self.web.done = True
|
||||
canceled = True
|
||||
|
||||
# tell the GUI the download has canceled
|
||||
self.web.add_request(self.web.REQUEST_CANCELED, path, {
|
||||
'id': download_id
|
||||
})
|
||||
|
||||
fp.close()
|
||||
|
||||
if self.common.platform != 'Darwin':
|
||||
sys.stdout.write("\n")
|
||||
|
||||
# Download is finished
|
||||
if not self.web.stay_open:
|
||||
self.download_in_progress = False
|
||||
|
||||
# Close the server, if necessary
|
||||
if not self.web.stay_open and not canceled:
|
||||
print(strings._("closing_automatically"))
|
||||
self.web.running = False
|
||||
try:
|
||||
if shutdown_func is None:
|
||||
raise RuntimeError('Not running with the Werkzeug Server')
|
||||
shutdown_func()
|
||||
except:
|
||||
pass
|
||||
|
||||
r = Response(generate())
|
||||
if use_gzip:
|
||||
r.headers.set('Content-Encoding', 'gzip')
|
||||
r.headers.set('Content-Length', filesize)
|
||||
r.headers.set('Content-Disposition', 'attachment', filename=basename)
|
||||
r = self.web.add_security_headers(r)
|
||||
# guess content type
|
||||
(content_type, _) = mimetypes.guess_type(basename, strict=False)
|
||||
if content_type is not None:
|
||||
r.headers.set('Content-Type', content_type)
|
||||
return r
|
||||
|
||||
def set_file_info(self, filenames, processed_size_callback=None):
|
||||
"""
|
||||
Using the list of filenames being shared, fill in details that the web
|
||||
page will need to display. This includes zipping up the file in order to
|
||||
get the zip file's name and size.
|
||||
"""
|
||||
self.common.log("ShareModeWeb", "set_file_info")
|
||||
self.web.cancel_compression = False
|
||||
|
||||
self.cleanup_filenames = []
|
||||
|
||||
# build file info list
|
||||
self.file_info = {'files': [], 'dirs': []}
|
||||
for filename in filenames:
|
||||
info = {
|
||||
'filename': filename,
|
||||
'basename': os.path.basename(filename.rstrip('/'))
|
||||
}
|
||||
if os.path.isfile(filename):
|
||||
info['size'] = os.path.getsize(filename)
|
||||
info['size_human'] = self.common.human_readable_filesize(info['size'])
|
||||
self.file_info['files'].append(info)
|
||||
if os.path.isdir(filename):
|
||||
info['size'] = self.common.dir_size(filename)
|
||||
info['size_human'] = self.common.human_readable_filesize(info['size'])
|
||||
self.file_info['dirs'].append(info)
|
||||
self.file_info['files'] = sorted(self.file_info['files'], key=lambda k: k['basename'])
|
||||
self.file_info['dirs'] = sorted(self.file_info['dirs'], key=lambda k: k['basename'])
|
||||
|
||||
# Check if there's only 1 file and no folders
|
||||
if len(self.file_info['files']) == 1 and len(self.file_info['dirs']) == 0:
|
||||
self.download_filename = self.file_info['files'][0]['filename']
|
||||
self.download_filesize = self.file_info['files'][0]['size']
|
||||
|
||||
# Compress the file with gzip now, so we don't have to do it on each request
|
||||
self.gzip_filename = tempfile.mkstemp('wb+')[1]
|
||||
self._gzip_compress(self.download_filename, self.gzip_filename, 6, processed_size_callback)
|
||||
self.gzip_filesize = os.path.getsize(self.gzip_filename)
|
||||
|
||||
# Make sure the gzip file gets cleaned up when onionshare stops
|
||||
self.cleanup_filenames.append(self.gzip_filename)
|
||||
|
||||
self.is_zipped = False
|
||||
|
||||
else:
|
||||
# Zip up the files and folders
|
||||
self.zip_writer = ZipWriter(self.common, processed_size_callback=processed_size_callback)
|
||||
self.download_filename = self.zip_writer.zip_filename
|
||||
for info in self.file_info['files']:
|
||||
self.zip_writer.add_file(info['filename'])
|
||||
# Canceling early?
|
||||
if self.web.cancel_compression:
|
||||
self.zip_writer.close()
|
||||
return False
|
||||
|
||||
for info in self.file_info['dirs']:
|
||||
if not self.zip_writer.add_dir(info['filename']):
|
||||
return False
|
||||
|
||||
self.zip_writer.close()
|
||||
self.download_filesize = os.path.getsize(self.download_filename)
|
||||
|
||||
# Make sure the zip file gets cleaned up when onionshare stops
|
||||
self.cleanup_filenames.append(self.zip_writer.zip_filename)
|
||||
|
||||
self.is_zipped = True
|
||||
|
||||
return True
|
||||
|
||||
def should_use_gzip(self):
|
||||
"""
|
||||
Should we use gzip for this browser?
|
||||
"""
|
||||
return (not self.is_zipped) and ('gzip' in request.headers.get('Accept-Encoding', '').lower())
|
||||
|
||||
def _gzip_compress(self, input_filename, output_filename, level, processed_size_callback=None):
|
||||
"""
|
||||
Compress a file with gzip, without loading the whole thing into memory
|
||||
Thanks: https://stackoverflow.com/questions/27035296/python-how-to-gzip-a-large-text-file-without-memoryerror
|
||||
"""
|
||||
bytes_processed = 0
|
||||
blocksize = 1 << 16 # 64kB
|
||||
with open(input_filename, 'rb') as input_file:
|
||||
output_file = gzip.open(output_filename, 'wb', level)
|
||||
while True:
|
||||
if processed_size_callback is not None:
|
||||
processed_size_callback(bytes_processed)
|
||||
|
||||
block = input_file.read(blocksize)
|
||||
if len(block) == 0:
|
||||
break
|
||||
output_file.write(block)
|
||||
bytes_processed += blocksize
|
||||
|
||||
output_file.close()
|
||||
|
||||
|
||||
class ZipWriter(object):
|
||||
"""
|
||||
ZipWriter accepts files and directories and compresses them into a zip file
|
||||
with. If a zip_filename is not passed in, it will use the default onionshare
|
||||
filename.
|
||||
"""
|
||||
def __init__(self, common, zip_filename=None, processed_size_callback=None):
|
||||
self.common = common
|
||||
self.cancel_compression = False
|
||||
|
||||
if zip_filename:
|
||||
self.zip_filename = zip_filename
|
||||
else:
|
||||
self.zip_filename = '{0:s}/onionshare_{1:s}.zip'.format(tempfile.mkdtemp(), self.common.random_string(4, 6))
|
||||
|
||||
self.z = zipfile.ZipFile(self.zip_filename, 'w', allowZip64=True)
|
||||
self.processed_size_callback = processed_size_callback
|
||||
if self.processed_size_callback is None:
|
||||
self.processed_size_callback = lambda _: None
|
||||
self._size = 0
|
||||
self.processed_size_callback(self._size)
|
||||
|
||||
def add_file(self, filename):
|
||||
"""
|
||||
Add a file to the zip archive.
|
||||
"""
|
||||
self.z.write(filename, os.path.basename(filename), zipfile.ZIP_DEFLATED)
|
||||
self._size += os.path.getsize(filename)
|
||||
self.processed_size_callback(self._size)
|
||||
|
||||
def add_dir(self, filename):
|
||||
"""
|
||||
Add a directory, and all of its children, to the zip archive.
|
||||
"""
|
||||
dir_to_strip = os.path.dirname(filename.rstrip('/'))+'/'
|
||||
for dirpath, dirnames, filenames in os.walk(filename):
|
||||
for f in filenames:
|
||||
# Canceling early?
|
||||
if self.cancel_compression:
|
||||
return False
|
||||
|
||||
full_filename = os.path.join(dirpath, f)
|
||||
if not os.path.islink(full_filename):
|
||||
arc_filename = full_filename[len(dir_to_strip):]
|
||||
self.z.write(full_filename, arc_filename, zipfile.ZIP_DEFLATED)
|
||||
self._size += os.path.getsize(full_filename)
|
||||
self.processed_size_callback(self._size)
|
||||
|
||||
return True
|
||||
|
||||
def close(self):
|
||||
"""
|
||||
Close the zip archive.
|
||||
"""
|
||||
self.z.close()
|
252
onionshare/web/web.py
Normal file
252
onionshare/web/web.py
Normal file
@ -0,0 +1,252 @@
|
||||
import hmac
|
||||
import logging
|
||||
import os
|
||||
import queue
|
||||
import socket
|
||||
import sys
|
||||
import tempfile
|
||||
from distutils.version import LooseVersion as Version
|
||||
from urllib.request import urlopen
|
||||
|
||||
import flask
|
||||
from flask import Flask, request, render_template, abort, make_response, __version__ as flask_version
|
||||
|
||||
from .. import strings
|
||||
|
||||
from .share_mode import ShareModeWeb
|
||||
from .receive_mode import ReceiveModeWeb, ReceiveModeWSGIMiddleware, ReceiveModeTemporaryFile, ReceiveModeRequest
|
||||
|
||||
|
||||
# Stub out flask's show_server_banner function, to avoiding showing warnings that
|
||||
# are not applicable to OnionShare
|
||||
def stubbed_show_server_banner(env, debug, app_import_path, eager_loading):
|
||||
pass
|
||||
|
||||
flask.cli.show_server_banner = stubbed_show_server_banner
|
||||
|
||||
|
||||
class Web(object):
|
||||
"""
|
||||
The Web object is the OnionShare web server, powered by flask
|
||||
"""
|
||||
REQUEST_LOAD = 0
|
||||
REQUEST_STARTED = 1
|
||||
REQUEST_PROGRESS = 2
|
||||
REQUEST_OTHER = 3
|
||||
REQUEST_CANCELED = 4
|
||||
REQUEST_RATE_LIMIT = 5
|
||||
REQUEST_CLOSE_SERVER = 6
|
||||
REQUEST_UPLOAD_FILE_RENAMED = 7
|
||||
REQUEST_UPLOAD_FINISHED = 8
|
||||
REQUEST_ERROR_DOWNLOADS_DIR_CANNOT_CREATE = 9
|
||||
REQUEST_ERROR_DOWNLOADS_DIR_NOT_WRITABLE = 10
|
||||
|
||||
def __init__(self, common, is_gui, mode='share'):
|
||||
self.common = common
|
||||
self.common.log('Web', '__init__', 'is_gui={}, mode={}'.format(is_gui, mode))
|
||||
|
||||
# The flask app
|
||||
self.app = Flask(__name__,
|
||||
static_folder=self.common.get_resource_path('static'),
|
||||
template_folder=self.common.get_resource_path('templates'))
|
||||
self.app.secret_key = self.common.random_string(8)
|
||||
|
||||
# Debug mode?
|
||||
if self.common.debug:
|
||||
self.debug_mode()
|
||||
|
||||
# Are we running in GUI mode?
|
||||
self.is_gui = is_gui
|
||||
|
||||
# Are we using receive mode?
|
||||
self.mode = mode
|
||||
if self.mode == 'receive':
|
||||
# Use custom WSGI middleware, to modify environ
|
||||
self.app.wsgi_app = ReceiveModeWSGIMiddleware(self.app.wsgi_app, self)
|
||||
# Use a custom Request class to track upload progess
|
||||
self.app.request_class = ReceiveModeRequest
|
||||
|
||||
# Starting in Flask 0.11, render_template_string autoescapes template variables
|
||||
# by default. To prevent content injection through template variables in
|
||||
# earlier versions of Flask, we force autoescaping in the Jinja2 template
|
||||
# engine if we detect a Flask version with insecure default behavior.
|
||||
if Version(flask_version) < Version('0.11'):
|
||||
# Monkey-patch in the fix from https://github.com/pallets/flask/commit/99c99c4c16b1327288fd76c44bc8635a1de452bc
|
||||
Flask.select_jinja_autoescape = self._safe_select_jinja_autoescape
|
||||
|
||||
self.security_headers = [
|
||||
('Content-Security-Policy', 'default-src \'self\'; style-src \'self\'; script-src \'self\'; img-src \'self\' data:;'),
|
||||
('X-Frame-Options', 'DENY'),
|
||||
('X-Xss-Protection', '1; mode=block'),
|
||||
('X-Content-Type-Options', 'nosniff'),
|
||||
('Referrer-Policy', 'no-referrer'),
|
||||
('Server', 'OnionShare')
|
||||
]
|
||||
|
||||
self.q = queue.Queue()
|
||||
self.slug = None
|
||||
self.error404_count = 0
|
||||
|
||||
self.done = False
|
||||
|
||||
# shutting down the server only works within the context of flask, so the easiest way to do it is over http
|
||||
self.shutdown_slug = self.common.random_string(16)
|
||||
|
||||
# Keep track if the server is running
|
||||
self.running = False
|
||||
|
||||
# Define the web app routes
|
||||
self.define_common_routes()
|
||||
|
||||
# Create the mode web object, which defines its own routes
|
||||
self.share_mode = None
|
||||
self.receive_mode = None
|
||||
if self.mode == 'receive':
|
||||
self.receive_mode = ReceiveModeWeb(self.common, self)
|
||||
elif self.mode == 'share':
|
||||
self.share_mode = ShareModeWeb(self.common, self)
|
||||
|
||||
|
||||
def define_common_routes(self):
|
||||
"""
|
||||
Common web app routes between sending and receiving
|
||||
"""
|
||||
@self.app.errorhandler(404)
|
||||
def page_not_found(e):
|
||||
"""
|
||||
404 error page.
|
||||
"""
|
||||
return self.error404()
|
||||
|
||||
@self.app.route("/<slug_candidate>/shutdown")
|
||||
def shutdown(slug_candidate):
|
||||
"""
|
||||
Stop the flask web server, from the context of an http request.
|
||||
"""
|
||||
self.check_shutdown_slug_candidate(slug_candidate)
|
||||
self.force_shutdown()
|
||||
return ""
|
||||
|
||||
def error404(self):
|
||||
self.add_request(Web.REQUEST_OTHER, request.path)
|
||||
if request.path != '/favicon.ico':
|
||||
self.error404_count += 1
|
||||
|
||||
# In receive mode, with public mode enabled, skip rate limiting 404s
|
||||
if not self.common.settings.get('public_mode'):
|
||||
if self.error404_count == 20:
|
||||
self.add_request(Web.REQUEST_RATE_LIMIT, request.path)
|
||||
self.force_shutdown()
|
||||
print(strings._('error_rate_limit'))
|
||||
|
||||
r = make_response(render_template('404.html'), 404)
|
||||
return self.add_security_headers(r)
|
||||
|
||||
def add_security_headers(self, r):
|
||||
"""
|
||||
Add security headers to a request
|
||||
"""
|
||||
for header, value in self.security_headers:
|
||||
r.headers.set(header, value)
|
||||
return r
|
||||
|
||||
def _safe_select_jinja_autoescape(self, filename):
|
||||
if filename is None:
|
||||
return True
|
||||
return filename.endswith(('.html', '.htm', '.xml', '.xhtml'))
|
||||
|
||||
def add_request(self, request_type, path, data=None):
|
||||
"""
|
||||
Add a request to the queue, to communicate with the GUI.
|
||||
"""
|
||||
self.q.put({
|
||||
'type': request_type,
|
||||
'path': path,
|
||||
'data': data
|
||||
})
|
||||
|
||||
def generate_slug(self, persistent_slug=None):
|
||||
self.common.log('Web', 'generate_slug', 'persistent_slug={}'.format(persistent_slug))
|
||||
if persistent_slug != None and persistent_slug != '':
|
||||
self.slug = persistent_slug
|
||||
self.common.log('Web', 'generate_slug', 'persistent_slug sent, so slug is: "{}"'.format(self.slug))
|
||||
else:
|
||||
self.slug = self.common.build_slug()
|
||||
self.common.log('Web', 'generate_slug', 'built random slug: "{}"'.format(self.slug))
|
||||
|
||||
def debug_mode(self):
|
||||
"""
|
||||
Turn on debugging mode, which will log flask errors to a debug file.
|
||||
"""
|
||||
temp_dir = tempfile.gettempdir()
|
||||
log_handler = logging.FileHandler(
|
||||
os.path.join(temp_dir, 'onionshare_server.log'))
|
||||
log_handler.setLevel(logging.WARNING)
|
||||
self.app.logger.addHandler(log_handler)
|
||||
|
||||
def check_slug_candidate(self, slug_candidate):
|
||||
self.common.log('Web', 'check_slug_candidate: slug_candidate={}'.format(slug_candidate))
|
||||
if self.common.settings.get('public_mode'):
|
||||
abort(404)
|
||||
if not hmac.compare_digest(self.slug, slug_candidate):
|
||||
abort(404)
|
||||
|
||||
def check_shutdown_slug_candidate(self, slug_candidate):
|
||||
self.common.log('Web', 'check_shutdown_slug_candidate: slug_candidate={}'.format(slug_candidate))
|
||||
if not hmac.compare_digest(self.shutdown_slug, slug_candidate):
|
||||
abort(404)
|
||||
|
||||
def force_shutdown(self):
|
||||
"""
|
||||
Stop the flask web server, from the context of the flask app.
|
||||
"""
|
||||
# Shutdown the flask service
|
||||
try:
|
||||
func = request.environ.get('werkzeug.server.shutdown')
|
||||
if func is None:
|
||||
raise RuntimeError('Not running with the Werkzeug Server')
|
||||
func()
|
||||
except:
|
||||
pass
|
||||
self.running = False
|
||||
|
||||
def start(self, port, stay_open=False, public_mode=False, persistent_slug=None):
|
||||
"""
|
||||
Start the flask web server.
|
||||
"""
|
||||
self.common.log('Web', 'start', 'port={}, stay_open={}, public_mode={}, persistent_slug={}'.format(port, stay_open, public_mode, persistent_slug))
|
||||
if not public_mode:
|
||||
self.generate_slug(persistent_slug)
|
||||
|
||||
self.stay_open = stay_open
|
||||
|
||||
# In Whonix, listen on 0.0.0.0 instead of 127.0.0.1 (#220)
|
||||
if os.path.exists('/usr/share/anon-ws-base-files/workstation'):
|
||||
host = '0.0.0.0'
|
||||
else:
|
||||
host = '127.0.0.1'
|
||||
|
||||
self.running = True
|
||||
self.app.run(host=host, port=port, threaded=True)
|
||||
|
||||
def stop(self, port):
|
||||
"""
|
||||
Stop the flask web server by loading /shutdown.
|
||||
"""
|
||||
|
||||
if self.mode == 'share':
|
||||
# If the user cancels the download, let the download function know to stop
|
||||
# serving the file
|
||||
self.share_mode.client_cancel = True
|
||||
|
||||
# To stop flask, load http://127.0.0.1:<port>/<shutdown_slug>/shutdown
|
||||
if self.running:
|
||||
try:
|
||||
s = socket.socket()
|
||||
s.connect(('127.0.0.1', port))
|
||||
s.sendall('GET /{0:s}/shutdown HTTP/1.1\r\n\r\n'.format(self.shutdown_slug))
|
||||
except:
|
||||
try:
|
||||
urlopen('http://127.0.0.1:{0:d}/{1:s}/shutdown'.format(port, self.shutdown_slug)).read()
|
||||
except:
|
||||
pass
|
@ -34,7 +34,7 @@ class ReceiveMode(Mode):
|
||||
Custom initialization for ReceiveMode.
|
||||
"""
|
||||
# Create the Web object
|
||||
self.web = Web(self.common, True, True)
|
||||
self.web = Web(self.common, True, 'receive')
|
||||
|
||||
# Server status
|
||||
self.server_status.set_mode('receive')
|
||||
@ -100,7 +100,7 @@ class ReceiveMode(Mode):
|
||||
Starting the server.
|
||||
"""
|
||||
# Reset web counters
|
||||
self.web.upload_count = 0
|
||||
self.web.receive_mode.upload_count = 0
|
||||
self.web.error404_count = 0
|
||||
|
||||
# Hide and reset the uploads if we have previously shared
|
||||
|
@ -43,7 +43,7 @@ class ShareMode(Mode):
|
||||
self.compress_thread = None
|
||||
|
||||
# Create the Web object
|
||||
self.web = Web(self.common, True, False)
|
||||
self.web = Web(self.common, True, 'share')
|
||||
|
||||
# File selection
|
||||
self.file_selection = FileSelection(self.common)
|
||||
@ -125,7 +125,7 @@ class ShareMode(Mode):
|
||||
The shutdown timer expired, should we stop the server? Returns a bool
|
||||
"""
|
||||
# If there were no attempts to download the share, or all downloads are done, we can stop
|
||||
if self.web.download_count == 0 or self.web.done:
|
||||
if self.web.share_mode.download_count == 0 or self.web.done:
|
||||
self.server_status.stop_server()
|
||||
self.server_status_label.setText(strings._('close_on_timeout', True))
|
||||
return True
|
||||
@ -139,7 +139,7 @@ class ShareMode(Mode):
|
||||
Starting the server.
|
||||
"""
|
||||
# Reset web counters
|
||||
self.web.download_count = 0
|
||||
self.web.share_mode.download_count = 0
|
||||
self.web.error404_count = 0
|
||||
|
||||
# Hide and reset the downloads if we have previously shared
|
||||
@ -177,7 +177,7 @@ class ShareMode(Mode):
|
||||
self._zip_progress_bar = None
|
||||
|
||||
# Warn about sending large files over Tor
|
||||
if self.web.zip_filesize >= 157286400: # 150mb
|
||||
if self.web.share_mode.download_filesize >= 157286400: # 150mb
|
||||
self.filesize_warning.setText(strings._("large_filesize", True))
|
||||
self.filesize_warning.show()
|
||||
|
||||
@ -229,7 +229,11 @@ class ShareMode(Mode):
|
||||
"""
|
||||
Handle REQUEST_STARTED event.
|
||||
"""
|
||||
self.downloads.add(event["data"]["id"], self.web.zip_filesize)
|
||||
if event["data"]["use_gzip"]:
|
||||
filesize = self.web.share_mode.gzip_filesize
|
||||
else:
|
||||
filesize = self.web.share_mode.download_filesize
|
||||
self.downloads.add(event["data"]["id"], filesize)
|
||||
self.downloads_in_progress += 1
|
||||
self.update_downloads_in_progress()
|
||||
|
||||
@ -242,7 +246,7 @@ class ShareMode(Mode):
|
||||
self.downloads.update(event["data"]["id"], event["data"]["bytes"])
|
||||
|
||||
# Is the download complete?
|
||||
if event["data"]["bytes"] == self.web.zip_filesize:
|
||||
if event["data"]["bytes"] == self.web.share_mode.download_filesize:
|
||||
self.system_tray.showMessage(strings._('systray_download_completed_title', True), strings._('systray_download_completed_message', True))
|
||||
|
||||
# Update the total 'completed downloads' info
|
||||
@ -388,6 +392,7 @@ class ZipProgressBar(QtWidgets.QProgressBar):
|
||||
|
||||
def update_processed_size(self, val):
|
||||
self._processed_size = val
|
||||
|
||||
if self.processed_size < self.total_files_size:
|
||||
self.setValue(int((self.processed_size * 100) / self.total_files_size))
|
||||
elif self.total_files_size != 0:
|
||||
|
@ -41,13 +41,13 @@ class CompressThread(QtCore.QThread):
|
||||
self.mode.common.log('CompressThread', 'run')
|
||||
|
||||
try:
|
||||
if self.mode.web.set_file_info(self.mode.filenames, processed_size_callback=self.set_processed_size):
|
||||
if self.mode.web.share_mode.set_file_info(self.mode.filenames, processed_size_callback=self.set_processed_size):
|
||||
self.success.emit()
|
||||
else:
|
||||
# Cancelled
|
||||
pass
|
||||
|
||||
self.mode.app.cleanup_filenames.append(self.mode.web.zip_filename)
|
||||
self.mode.app.cleanup_filenames += self.mode.web.share_mode.cleanup_filenames
|
||||
except OSError as e:
|
||||
self.error.emit(e.strerror)
|
||||
|
||||
|
Binary file not shown.
Before Width: | Height: | Size: 45 KiB |
1
setup.py
1
setup.py
@ -67,6 +67,7 @@ setup(
|
||||
url=url, license=license, keywords=keywords,
|
||||
packages=[
|
||||
'onionshare',
|
||||
'onionshare.web',
|
||||
'onionshare_gui',
|
||||
'onionshare_gui.share_mode',
|
||||
'onionshare_gui.receive_mode'
|
||||
|
@ -10,18 +10,18 @@
|
||||
<body>
|
||||
|
||||
<header class="clearfix">
|
||||
<div class="right">
|
||||
<ul>
|
||||
<li>Total size: <strong>{{ filesize_human }}</strong> (compressed)</li>
|
||||
{% if slug %}
|
||||
<li><a class="button" href='/{{ slug }}/download'>Download Files</a></li>
|
||||
{% else %}
|
||||
<li><a class="button" href='/download'>Download Files</a></li>
|
||||
{% endif %}
|
||||
</ul>
|
||||
</div>
|
||||
<img class="logo" src="/static/img/logo.png" title="OnionShare">
|
||||
<h1>OnionShare</h1>
|
||||
<div class="right">
|
||||
<ul>
|
||||
<li>Total size: <strong>{{ filesize_human }}</strong> {% if is_zipped %} (compressed){% endif %}</li>
|
||||
{% if slug %}
|
||||
<li><a class="button" href='/{{ slug }}/download'>Download Files</a></li>
|
||||
{% else %}
|
||||
<li><a class="button" href='/download'>Download Files</a></li>
|
||||
{% endif %}
|
||||
</ul>
|
||||
</div>
|
||||
<img class="logo" src="/static/img/logo.png" title="OnionShare">
|
||||
<h1>OnionShare</h1>
|
||||
</header>
|
||||
|
||||
<table class="file-list" id="file-list">
|
||||
|
@ -64,7 +64,7 @@ def temp_file_1024_delete():
|
||||
# pytest > 2.9 only needs @pytest.fixture
|
||||
@pytest.yield_fixture(scope='session')
|
||||
def custom_zw():
|
||||
zw = web.ZipWriter(
|
||||
zw = web.share_mode.ZipWriter(
|
||||
common.Common(),
|
||||
zip_filename=common.Common.random_string(4, 6),
|
||||
processed_size_callback=lambda _: 'custom_callback'
|
||||
@ -77,7 +77,7 @@ def custom_zw():
|
||||
# pytest > 2.9 only needs @pytest.fixture
|
||||
@pytest.yield_fixture(scope='session')
|
||||
def default_zw():
|
||||
zw = web.ZipWriter(common.Common())
|
||||
zw = web.share_mode.ZipWriter(common.Common())
|
||||
yield zw
|
||||
zw.close()
|
||||
tmp_dir = os.path.dirname(zw.zip_filename)
|
||||
|
@ -38,11 +38,11 @@ DEFAULT_ZW_FILENAME_REGEX = re.compile(r'^onionshare_[a-z2-7]{6}.zip$')
|
||||
RANDOM_STR_REGEX = re.compile(r'^[a-z2-7]+$')
|
||||
|
||||
|
||||
def web_obj(common_obj, receive_mode, num_files=0):
|
||||
def web_obj(common_obj, mode, num_files=0):
|
||||
""" Creates a Web object, in either share mode or receive mode, ready for testing """
|
||||
common_obj.load_settings()
|
||||
|
||||
web = Web(common_obj, False, receive_mode)
|
||||
web = Web(common_obj, False, mode)
|
||||
web.generate_slug()
|
||||
web.stay_open = True
|
||||
web.running = True
|
||||
@ -50,14 +50,14 @@ def web_obj(common_obj, receive_mode, num_files=0):
|
||||
web.app.testing = True
|
||||
|
||||
# Share mode
|
||||
if not receive_mode:
|
||||
if mode == 'share':
|
||||
# Add files
|
||||
files = []
|
||||
for i in range(num_files):
|
||||
with tempfile.NamedTemporaryFile(delete=False) as tmp_file:
|
||||
tmp_file.write(b'*' * 1024)
|
||||
files.append(tmp_file.name)
|
||||
web.set_file_info(files)
|
||||
web.share_mode.set_file_info(files)
|
||||
# Receive mode
|
||||
else:
|
||||
pass
|
||||
@ -67,8 +67,8 @@ def web_obj(common_obj, receive_mode, num_files=0):
|
||||
|
||||
class TestWeb:
|
||||
def test_share_mode(self, common_obj):
|
||||
web = web_obj(common_obj, False, 3)
|
||||
assert web.receive_mode is False
|
||||
web = web_obj(common_obj, 'share', 3)
|
||||
assert web.mode is 'share'
|
||||
with web.app.test_client() as c:
|
||||
# Load 404 pages
|
||||
res = c.get('/')
|
||||
@ -91,7 +91,7 @@ class TestWeb:
|
||||
assert res.mimetype == 'application/zip'
|
||||
|
||||
def test_share_mode_close_after_first_download_on(self, common_obj, temp_file_1024):
|
||||
web = web_obj(common_obj, False, 3)
|
||||
web = web_obj(common_obj, 'share', 3)
|
||||
web.stay_open = False
|
||||
|
||||
assert web.running == True
|
||||
@ -106,7 +106,7 @@ class TestWeb:
|
||||
assert web.running == False
|
||||
|
||||
def test_share_mode_close_after_first_download_off(self, common_obj, temp_file_1024):
|
||||
web = web_obj(common_obj, False, 3)
|
||||
web = web_obj(common_obj, 'share', 3)
|
||||
web.stay_open = True
|
||||
|
||||
assert web.running == True
|
||||
@ -120,8 +120,8 @@ class TestWeb:
|
||||
assert web.running == True
|
||||
|
||||
def test_receive_mode(self, common_obj):
|
||||
web = web_obj(common_obj, True)
|
||||
assert web.receive_mode is True
|
||||
web = web_obj(common_obj, 'receive')
|
||||
assert web.mode is 'receive'
|
||||
|
||||
with web.app.test_client() as c:
|
||||
# Load 404 pages
|
||||
@ -139,7 +139,7 @@ class TestWeb:
|
||||
assert res.status_code == 200
|
||||
|
||||
def test_receive_mode_allow_receiver_shutdown_on(self, common_obj):
|
||||
web = web_obj(common_obj, True)
|
||||
web = web_obj(common_obj, 'receive')
|
||||
|
||||
common_obj.settings.set('receive_allow_receiver_shutdown', True)
|
||||
|
||||
@ -154,7 +154,7 @@ class TestWeb:
|
||||
assert web.running == False
|
||||
|
||||
def test_receive_mode_allow_receiver_shutdown_off(self, common_obj):
|
||||
web = web_obj(common_obj, True)
|
||||
web = web_obj(common_obj, 'receive')
|
||||
|
||||
common_obj.settings.set('receive_allow_receiver_shutdown', False)
|
||||
|
||||
@ -167,9 +167,9 @@ class TestWeb:
|
||||
# Should redirect to index, and server should still be running
|
||||
assert res.status_code == 302
|
||||
assert web.running == True
|
||||
|
||||
|
||||
def test_public_mode_on(self, common_obj):
|
||||
web = web_obj(common_obj, True)
|
||||
web = web_obj(common_obj, 'receive')
|
||||
common_obj.settings.set('public_mode', True)
|
||||
|
||||
with web.app.test_client() as c:
|
||||
@ -182,9 +182,9 @@ class TestWeb:
|
||||
res = c.get('/{}'.format(web.slug))
|
||||
data2 = res.get_data()
|
||||
assert res.status_code == 404
|
||||
|
||||
|
||||
def test_public_mode_off(self, common_obj):
|
||||
web = web_obj(common_obj, True)
|
||||
web = web_obj(common_obj, 'receive')
|
||||
common_obj.settings.set('public_mode', False)
|
||||
|
||||
with web.app.test_client() as c:
|
||||
|
Loading…
x
Reference in New Issue
Block a user