6 files changed, 373 insertions, 0 deletions

diff --git a/Filer.py b/Filer.py
new file mode 100755
index 0000000..b7defd8
--- /dev/null
+++ b/Filer.py
@@ -0,0 +1,164 @@
+#!venv/bin/python
+
+import os
+import hashlib
+import base64
+import time
+from shutil import rmtree
+
+from flask import Flask, render_template, jsonify, request, redirect, send_from_directory
+from flask_dropzone import Dropzone
+from argparse import ArgumentParser
+from werkzeug.utils import secure_filename
+
+app = Flask(__name__)
+app.config['SECRET_KEY'] = 'Silence is golden. Gerd Eist.'
+#app.jinja_env.trim_blocks = True
+#app.jinja_env.lstrip_blocks = True
+
+app.config['PREFERRED_URL_SCHEME'] = 'https'
+app.config['DROPZONE_SERVE_LOCAL'] = True
+app.config['DROPZONE_MAX_FILE_SIZE'] = 128
+app.config['DROPZONE_UPLOAD_MULTIPLE'] = True
+app.config['DROPZONE_PARALLEL_UPLOADS'] = 10
+
+app.config['DROPZONE_ALLOWED_FILE_CUSTOM'] = True
+app.config['DROPZONE_ALLOWED_FILE_TYPE'] = ''
+
+app.config['DROPZONE_DEFAULT_MESSAGE'] = 'Ziehe die Dateien hier hin, um sie hochzuladen oder klicken Sie zur Auswahl.'
+
+dropzone = Dropzone(app)
+
+basedir = 'Daten'
+
+#### ADMIN FACING DIRECTORY LISTS ####
+####
+####
+@app.route("/admin", methods=['GET'])
+def admin():
+    url_root = request.url_root.replace('http://', 'https://', 1)
+    users = os.listdir(os.path.join(basedir, 'Mandanten'))
+    return render_template('admin.html', users = users, tree = make_tree(basedir, 'Public'), url_root = url_root)
+
+@app.route("/admin/Dokumente/<user>", methods=['GET'])
+def admin_dokumente(user):
+    return render_template('mandant.html', admin = 'admin/', user = user, tree = make_tree(basedir, os.path.join('Dokumente', user)))
+
+@app.route("/admin/del-user/<user>", methods=['POST'])
+def admin_deluser(user):
+    method = request.form.get('_method', 'POST')
+    if method == 'DELETE':
+        rmtree(os.path.join(basedir, 'Dokumente', secure_filename(user)))
+        os.unlink(os.path.join(basedir, 'Mandanten', secure_filename(user)))
+    return redirect('/admin')
+
+@app.route("/admin/new-user", methods=['POST'])
+def admin_newuser():
+    password = request.form.get('password', '')
+    user = request.form.get('user', '')
+    if not password or not user:
+        return "Username or password missing", 400
+    directory = secure_filename(user)
+
+    salt = os.urandom(4)
+    sha = hashlib.sha1(password.encode('utf-8'))
+    sha.update(salt)
+
+    digest_salt_b64 = base64.b64encode(sha.digest()+ salt)
+    tagged_digest_salt = '{{SSHA}}{}'.format(digest_salt_b64.decode('ascii'))
+
+    try:
+        if not os.path.exists(os.path.join(basedir, 'Dokumente', directory)):
+            os.mkdir(os.path.join(basedir, 'Dokumente', directory))
+        with open(os.path.join(basedir, 'Mandanten', directory), 'w+', encoding='utf-8') as htpasswd:
+            htpasswd.write("{}:{}\n".format(user, tagged_digest_salt))
+    except OSError as error:
+        return "Couldn't create user scope", 500
+    return redirect('/admin')
+
+#### USER FACING DIRECTORY LIST ####
+####
+####
+@app.route("/Dokumente/<user>", methods=['GET'])
+def mandant(user):
+    return render_template('mandant.html', admin = '', user = user, tree = make_tree(basedir, os.path.join('Dokumente', user)))
+
+#### UPLOAD FILE ROUTES ####
+####
+####
+@app.route('/Dokumente/<user>', methods=['POST'])
+@app.route('/admin/Dokumente/<user>', methods=['POST'])
+def upload_mandant(user):
+    for key, f in request.files.items():
+        if key.startswith('file'):
+            username = secure_filename(user)
+            filename = secure_filename(f.filename)
+            f.save(os.path.join(basedir, 'Dokumente', username, filename))
+    return 'upload template'
+
+@app.route('/admin', methods=['POST'])
+def upload_admin():
+    for key, f in request.files.items():
+        if key.startswith('file'):
+            filename = secure_filename(f.filename)
+            f.save(os.path.join(basedir, 'Public', filename))
+    return 'upload template'
+
+#### DELETE FILE ROUTES ####
+####
+####
+@app.route('/Dokumente/<user>/<path:filename>', methods=['POST'])
+def delete_file_mandant(user, filename):
+    method = request.form.get('_method', 'POST')
+    if method == 'DELETE':
+        os.unlink(os.path.join(basedir, 'Dokumente', secure_filename(user), secure_filename(filename)))
+    return redirect('/Dokumente/'+user)
+
+@app.route('/admin/Dokumente/<user>/<path:filename>', methods=['POST'])
+def delete_file_mandant_admin(user, filename):
+    method = request.form.get('_method', 'POST')
+    if method == 'DELETE':
+        os.unlink(os.path.join(basedir, 'Dokumente', secure_filename(user), secure_filename(filename)))
+    return redirect('/admin/Dokumente/'+user)
+
+@app.route('/admin/Public/<path:filename>', methods=['POST'])
+def delete_file_admin(filename):
+    method = request.form.get('_method', 'POST')
+    if method == 'DELETE':
+        os.unlink(os.path.join(basedir, 'Public', secure_filename(filename)))
+    return redirect('/admin')
+
+#### SERVE FILES RULES ####
+####
+####
+@app.route('/admin/Dokumente/<user>/<path:filename>', methods=['GET'])
+@app.route('/Dokumente/<user>/<path:filename>', methods=['GET'])
+def custom_static(user, filename):
+    return send_from_directory(os.path.join(basedir, 'Dokumente'), os.path.join(user, filename))
+
+@app.route('/Public/<path:filename>')
+def custom_static_public(filename):
+    return send_from_directory(os.path.join(basedir, 'Public'), filename)
+
+def make_tree(rel, path):
+    tree = dict(name=path, download=os.path.basename(path), children=[])
+    try: lst = os.listdir(os.path.join(rel,path))
+    except OSError:
+        pass #ignore errors
+    else:
+        for name in lst:
+            fn = os.path.join(path, name)
+            if os.path.isdir(os.path.join(rel,fn)):
+                tree['children'].append(make_tree(rel, fn))
+            else:
+                ttl = 10 -  int((time.time() - os.path.getmtime(os.path.join(rel,fn))) / (24*3600))
+                tree['children'].append(dict(name=fn, download=name, ttl = ttl))
+    return tree
+
+if __name__ == "__main__":
+    parser = ArgumentParser(description="Filer")
+    parser.add_argument("-H", "--host", help="Hostname of the Flask app " + "[default %s]" % "127.0.0.1", default="127.0.0.1")
+    parser.add_argument("-P", "--port", help="Port for the Flask app " + "[default %s]" % "5000", default="5000")
+    args = parser.parse_args()
+
+    app.run(host=args.host, port=int(args.port))
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..eae1e68
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,11 @@
+all: install
+
+run:
+        ./venv/bin/python Filer.py -P 5000 &
+
+venv:
+        python3 -m venv ./venv
+
+install: venv
+        ./venv/bin/pip install --upgrade pip
+        ./venv/bin/pip install -r requirements.txt
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..277407d
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,8 @@
+click
+Flask
+Flask-Dropzone
+itsdangerous
+Jinja2
+MarkupSafe
+sqlite3
+Werkzeug
diff --git a/static/style.css b/static/style.css
new file mode 100644
index 0000000..3845959
--- /dev/null
+++ b/static/style.css
@@ -0,0 +1,86 @@
+body {
+    font-family: "HelveticaNeueLight", "HelveticaNeue-Light", "Helvetica Neue Light", "HelveticaNeue", "Helvetica Neue", 'TeXGyreHerosRegular', "Helvetica", "Tahoma", "Geneva", "Arial", sans-serif; font-weight:400; font-size:15pt; font-stretch:normal;
+    margin: 1em 0;
+    padding: 0 5%;
+}
+
+ul {
+    list-style-type: none;
+}
+
+li {
+    margin: 0 0 0.5em 0;
+}
+
+button {
+    margin: 0 0.5em 0 0;
+    min-width: 5.5em;
+}
+
+button.add,
+button.edit {
+    box-shadow:inset 0px 1px 0px 0px #bee2f9;
+    background:linear-gradient(to bottom, #63b8ee 5%, #468ccf 100%);
+    background-color:#63b8ee;
+    border-radius:9px;
+    border:1px solid #3866a3;
+    display:inline-block;
+    cursor:pointer;
+    color:#ffffff;
+    padding:5px 6px;
+    text-decoration:none;
+    text-shadow:0px 1px 0px #7cacde;
+}
+button.delete {
+    box-shadow:inset 0px 1px 0px 0px #cf866c;
+    background:linear-gradient(to bottom, #d0451b 5%, #bc3315 100%);
+    background-color:#d0451b;
+    border-radius:9px;
+    border:1px solid #942911;
+    display:inline-block;
+    cursor:pointer;
+    color:#ffffff;
+    padding:5px 6px;
+    text-decoration:none;
+    text-shadow:0px 1px 0px #854629;
+}
+button.add:hover,
+button.edit:hover {
+    background:linear-gradient(to bottom, #468ccf 5%, #63b8ee 100%);
+    background-color:#468ccf;
+}
+button.delete:hover {
+    background:linear-gradient(to bottom, #bc3315 5%, #d0451b 100%);
+    background-color:#bc3315;
+}
+
+button.add:active,
+button.edit:active,
+button.delete:active {
+    position:relative;
+    top:1px;
+}
+
+input[type="text"] {
+    padding: 0.3em 0.4em;
+
+    border: 1px solid grey;
+    border-radius: 6px;
+
+    font-weight: bold;
+    font-size: 13pt;
+    transition: background-color 1s;
+    color: #444;
+    min-width: 35%;
+}
+
+.age {
+    display: inline-block;
+    text-align: right;
+    border-radius: 4px;
+    border: solid 1px black;
+    background-color: grey;
+    padding: 0 0.2em;
+    margin-right: 0.5em;
+    width: 4em;
+}
diff --git a/templates/admin.html b/templates/admin.html
new file mode 100644
index 0000000..e62979e
--- /dev/null
+++ b/templates/admin.html
@@ -0,0 +1,67 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Filer Admin</title>
+<meta charset="UTF-8">
+{{ dropzone.load_css() }}
+{{ dropzone.style('border: 2px dashed #0087F7; min-height: 3em;') }}
+<link rel="stylesheet" href="/static/style.css">
+<script>
+function generatePassword() {
+  var chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!#$%&'()*+,-./:;<=>?@_{|}~";
+  var randarray = new Uint16Array(32);
+  var retval = "";
+  window.crypto.getRandomValues(randarray);
+  for (var i = 0, n = chars.length; i < randarray.length; ++i)
+    retval += chars.charAt(Math.floor(randarray[i] * n / 65336));
+  console.log(retval);
+  document.getElementById("password").value = retval;
+}
+</script>
+</head>
+<body>
+{{ dropzone.load_js() }}
+<h1>Kanzlei Hubrig – Administration</h1>
+<h2>Mandanten</h2>
+<ul>
+{%- for item in users %}
+  <li>
+    <form action="/admin/del-user/{{item}}" method="post" style="display: inline;" onsubmit="return confirm('Sind Sie sicher?');">
+        <input type="hidden" name="_method" value="DELETE">
+        <button class="delete">löschen</button>
+    </form>
+    <button class="edit" onclick="document.getElementById('user').value='{{item}}'">edit</button>
+    <a href="/admin/Dokumente/{{item}}">{{item}}</a> <small>Mandanten-URL: {{url_root}}Dokumente/{{item}}</small>
+  </li>
+{%- endfor %}
+<li>
+  <form action="/admin/new-user" method="post">
+  <input id="user" name="user" type="text" placeholder="Name" required></input>
+  <input id="password" name="password" type="text" placeholder="Passwort" autocomplete="off" required></input>
+  <script>generatePassword()</script>
+  <button class="add" type="button" onclick="generatePassword()">Zufall</button>
+  <button class="add">Hinzufügen</button>
+  </form>
+</li>
+</ul>
+
+<h2>Öffentliche Dokumente</h2>
+<ul>
+{%- for item in tree.children recursive %}
+    <li><form action="/admin/{{ item.name }}" method="post" style="display: inline;" onsubmit="return confirm('Are you sure?');">
+        <input type="hidden" name="_method" value="DELETE">
+        <button class="delete">löschen</button>
+        </form>
+        <a href="{{ item.name }}" download="{{item.download}}">{{ item.download }}</a>
+    {%- if item.children -%}
+        <ul>{{ loop(item.children) }}</ul>
+    {%- endif %}</li>
+{%- endfor %}
+</ul>
+
+<h2>Öffentliches Dokument hochladen</h2>
+<div class="droppy">{{ dropzone.create(action='/admin') }}</div>
+
+{{ dropzone.config() }}
+</body>
+</html>
diff --git a/templates/mandant.html b/templates/mandant.html
new file mode 100644
index 0000000..16c07ab
--- /dev/null
+++ b/templates/mandant.html
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Filer</title>
+<meta charset="UTF-8">
+{{ dropzone.load_css() }}
+{{ dropzone.style('border: 2px dashed #0087F7; min-height: 10px;') }}
+<link rel="stylesheet" href="/static/style.css">
+</head>
+<body>
+{{ dropzone.load_js() }}
+<h1>Kanzlei Hubrig – Dokumenten-Austausch</h1>
+{%- if admin %}
+<a href="/admin">Zurück zur Übersicht</a>
+{% endif -%}
+<h2>Dokumente</h2>
+<ul>
+{%- for item in tree.children recursive %}
+    <li><form action="/{{admin}}{{ item.name }}" method="post" style="display: inline;" onsubmit="return confirm('Sind Sie sicher?');">
+        <input type="hidden" name="_method" value="DELETE">
+        <button class="delete" type="submit">löschen</button>
+        </form>
+        <div class="age">{{item.ttl}} Tag{%- if not item.ttl == 1 -%}e{%- endif -%}</div>
+    {%- if 'children' in item -%}
+        {{item.download}}<br/>
+        <ul>{{ loop(item.children) }}</ul>
+    {%- else -%}
+        <a href="/{{admin}}{{item.name}}" download="{{item.download}}">{{ item.download }}</a>
+    {%- endif %}</li>
+{%- endfor %}
+</ul>
+
+<div class="droppy">{{ dropzone.create(action="/"+admin+"Dokumente/"+user) }}</div>
+
+{{ dropzone.config() }}
+</body>
+</html>