diff options
author | Dirk Engling <erdgeist@erdgeist.org> | 2020-04-20 00:52:33 +0200 |
---|---|---|
committer | Dirk Engling <erdgeist@erdgeist.org> | 2020-04-20 00:52:33 +0200 |
commit | 2460ef593a17eecad863e8702904292cc9706d9e (patch) | |
tree | e872cee22c8f77b1f25976d794d48564723627dd |
Kickoff
-rwxr-xr-x | Filer.py | 164 | ||||
-rw-r--r-- | Makefile | 11 | ||||
-rw-r--r-- | requirements.txt | 8 | ||||
-rw-r--r-- | static/style.css | 86 | ||||
-rw-r--r-- | templates/admin.html | 67 | ||||
-rw-r--r-- | templates/mandant.html | 37 |
6 files changed, 373 insertions, 0 deletions
diff --git a/Filer.py b/Filer.py new file mode 100755 index 0000000..b7defd8 --- /dev/null +++ b/Filer.py | |||
@@ -0,0 +1,164 @@ | |||
1 | #!venv/bin/python | ||
2 | |||
3 | import os | ||
4 | import hashlib | ||
5 | import base64 | ||
6 | import time | ||
7 | from shutil import rmtree | ||
8 | |||
9 | from flask import Flask, render_template, jsonify, request, redirect, send_from_directory | ||
10 | from flask_dropzone import Dropzone | ||
11 | from argparse import ArgumentParser | ||
12 | from werkzeug.utils import secure_filename | ||
13 | |||
14 | app = Flask(__name__) | ||
15 | app.config['SECRET_KEY'] = 'Silence is golden. Gerd Eist.' | ||
16 | #app.jinja_env.trim_blocks = True | ||
17 | #app.jinja_env.lstrip_blocks = True | ||
18 | |||
19 | app.config['PREFERRED_URL_SCHEME'] = 'https' | ||
20 | app.config['DROPZONE_SERVE_LOCAL'] = True | ||
21 | app.config['DROPZONE_MAX_FILE_SIZE'] = 128 | ||
22 | app.config['DROPZONE_UPLOAD_MULTIPLE'] = True | ||
23 | app.config['DROPZONE_PARALLEL_UPLOADS'] = 10 | ||
24 | |||
25 | app.config['DROPZONE_ALLOWED_FILE_CUSTOM'] = True | ||
26 | app.config['DROPZONE_ALLOWED_FILE_TYPE'] = '' | ||
27 | |||
28 | app.config['DROPZONE_DEFAULT_MESSAGE'] = 'Ziehe die Dateien hier hin, um sie hochzuladen oder klicken Sie zur Auswahl.' | ||
29 | |||
30 | dropzone = Dropzone(app) | ||
31 | |||
32 | basedir = 'Daten' | ||
33 | |||
34 | #### ADMIN FACING DIRECTORY LISTS #### | ||
35 | #### | ||
36 | #### | ||
37 | @app.route("/admin", methods=['GET']) | ||
38 | def admin(): | ||
39 | url_root = request.url_root.replace('http://', 'https://', 1) | ||
40 | users = os.listdir(os.path.join(basedir, 'Mandanten')) | ||
41 | return render_template('admin.html', users = users, tree = make_tree(basedir, 'Public'), url_root = url_root) | ||
42 | |||
43 | @app.route("/admin/Dokumente/<user>", methods=['GET']) | ||
44 | def admin_dokumente(user): | ||
45 | return render_template('mandant.html', admin = 'admin/', user = user, tree = make_tree(basedir, os.path.join('Dokumente', user))) | ||
46 | |||
47 | @app.route("/admin/del-user/<user>", methods=['POST']) | ||
48 | def admin_deluser(user): | ||
49 | method = request.form.get('_method', 'POST') | ||
50 | if method == 'DELETE': | ||
51 | rmtree(os.path.join(basedir, 'Dokumente', secure_filename(user))) | ||
52 | os.unlink(os.path.join(basedir, 'Mandanten', secure_filename(user))) | ||
53 | return redirect('/admin') | ||
54 | |||
55 | @app.route("/admin/new-user", methods=['POST']) | ||
56 | def admin_newuser(): | ||
57 | password = request.form.get('password', '') | ||
58 | user = request.form.get('user', '') | ||
59 | if not password or not user: | ||
60 | return "Username or password missing", 400 | ||
61 | directory = secure_filename(user) | ||
62 | |||
63 | salt = os.urandom(4) | ||
64 | sha = hashlib.sha1(password.encode('utf-8')) | ||
65 | sha.update(salt) | ||
66 | |||
67 | digest_salt_b64 = base64.b64encode(sha.digest()+ salt) | ||
68 | tagged_digest_salt = '{{SSHA}}{}'.format(digest_salt_b64.decode('ascii')) | ||
69 | |||
70 | try: | ||
71 | if not os.path.exists(os.path.join(basedir, 'Dokumente', directory)): | ||
72 | os.mkdir(os.path.join(basedir, 'Dokumente', directory)) | ||
73 | with open(os.path.join(basedir, 'Mandanten', directory), 'w+', encoding='utf-8') as htpasswd: | ||
74 | htpasswd.write("{}:{}\n".format(user, tagged_digest_salt)) | ||
75 | except OSError as error: | ||
76 | return "Couldn't create user scope", 500 | ||
77 | return redirect('/admin') | ||
78 | |||
79 | #### USER FACING DIRECTORY LIST #### | ||
80 | #### | ||
81 | #### | ||
82 | @app.route("/Dokumente/<user>", methods=['GET']) | ||
83 | def mandant(user): | ||
84 | return render_template('mandant.html', admin = '', user = user, tree = make_tree(basedir, os.path.join('Dokumente', user))) | ||
85 | |||
86 | #### UPLOAD FILE ROUTES #### | ||
87 | #### | ||
88 | #### | ||
89 | @app.route('/Dokumente/<user>', methods=['POST']) | ||
90 | @app.route('/admin/Dokumente/<user>', methods=['POST']) | ||
91 | def upload_mandant(user): | ||
92 | for key, f in request.files.items(): | ||
93 | if key.startswith('file'): | ||
94 | username = secure_filename(user) | ||
95 | filename = secure_filename(f.filename) | ||
96 | f.save(os.path.join(basedir, 'Dokumente', username, filename)) | ||
97 | return 'upload template' | ||
98 | |||
99 | @app.route('/admin', methods=['POST']) | ||
100 | def upload_admin(): | ||
101 | for key, f in request.files.items(): | ||
102 | if key.startswith('file'): | ||
103 | filename = secure_filename(f.filename) | ||
104 | f.save(os.path.join(basedir, 'Public', filename)) | ||
105 | return 'upload template' | ||
106 | |||
107 | #### DELETE FILE ROUTES #### | ||
108 | #### | ||
109 | #### | ||
110 | @app.route('/Dokumente/<user>/<path:filename>', methods=['POST']) | ||
111 | def delete_file_mandant(user, filename): | ||
112 | method = request.form.get('_method', 'POST') | ||
113 | if method == 'DELETE': | ||
114 | os.unlink(os.path.join(basedir, 'Dokumente', secure_filename(user), secure_filename(filename))) | ||
115 | return redirect('/Dokumente/'+user) | ||
116 | |||
117 | @app.route('/admin/Dokumente/<user>/<path:filename>', methods=['POST']) | ||
118 | def delete_file_mandant_admin(user, filename): | ||
119 | method = request.form.get('_method', 'POST') | ||
120 | if method == 'DELETE': | ||
121 | os.unlink(os.path.join(basedir, 'Dokumente', secure_filename(user), secure_filename(filename))) | ||
122 | return redirect('/admin/Dokumente/'+user) | ||
123 | |||
124 | @app.route('/admin/Public/<path:filename>', methods=['POST']) | ||
125 | def delete_file_admin(filename): | ||
126 | method = request.form.get('_method', 'POST') | ||
127 | if method == 'DELETE': | ||
128 | os.unlink(os.path.join(basedir, 'Public', secure_filename(filename))) | ||
129 | return redirect('/admin') | ||
130 | |||
131 | #### SERVE FILES RULES #### | ||
132 | #### | ||
133 | #### | ||
134 | @app.route('/admin/Dokumente/<user>/<path:filename>', methods=['GET']) | ||
135 | @app.route('/Dokumente/<user>/<path:filename>', methods=['GET']) | ||
136 | def custom_static(user, filename): | ||
137 | return send_from_directory(os.path.join(basedir, 'Dokumente'), os.path.join(user, filename)) | ||
138 | |||
139 | @app.route('/Public/<path:filename>') | ||
140 | def custom_static_public(filename): | ||
141 | return send_from_directory(os.path.join(basedir, 'Public'), filename) | ||
142 | |||
143 | def make_tree(rel, path): | ||
144 | tree = dict(name=path, download=os.path.basename(path), children=[]) | ||
145 | try: lst = os.listdir(os.path.join(rel,path)) | ||
146 | except OSError: | ||
147 | pass #ignore errors | ||
148 | else: | ||
149 | for name in lst: | ||
150 | fn = os.path.join(path, name) | ||
151 | if os.path.isdir(os.path.join(rel,fn)): | ||
152 | tree['children'].append(make_tree(rel, fn)) | ||
153 | else: | ||
154 | ttl = 10 - int((time.time() - os.path.getmtime(os.path.join(rel,fn))) / (24*3600)) | ||
155 | tree['children'].append(dict(name=fn, download=name, ttl = ttl)) | ||
156 | return tree | ||
157 | |||
158 | if __name__ == "__main__": | ||
159 | parser = ArgumentParser(description="Filer") | ||
160 | parser.add_argument("-H", "--host", help="Hostname of the Flask app " + "[default %s]" % "127.0.0.1", default="127.0.0.1") | ||
161 | parser.add_argument("-P", "--port", help="Port for the Flask app " + "[default %s]" % "5000", default="5000") | ||
162 | args = parser.parse_args() | ||
163 | |||
164 | app.run(host=args.host, port=int(args.port)) | ||
diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..eae1e68 --- /dev/null +++ b/Makefile | |||
@@ -0,0 +1,11 @@ | |||
1 | all: install | ||
2 | |||
3 | run: | ||
4 | ./venv/bin/python Filer.py -P 5000 & | ||
5 | |||
6 | venv: | ||
7 | python3 -m venv ./venv | ||
8 | |||
9 | install: venv | ||
10 | ./venv/bin/pip install --upgrade pip | ||
11 | ./venv/bin/pip install -r requirements.txt | ||
diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..277407d --- /dev/null +++ b/requirements.txt | |||
@@ -0,0 +1,8 @@ | |||
1 | click | ||
2 | Flask | ||
3 | Flask-Dropzone | ||
4 | itsdangerous | ||
5 | Jinja2 | ||
6 | MarkupSafe | ||
7 | sqlite3 | ||
8 | Werkzeug | ||
diff --git a/static/style.css b/static/style.css new file mode 100644 index 0000000..3845959 --- /dev/null +++ b/static/style.css | |||
@@ -0,0 +1,86 @@ | |||
1 | body { | ||
2 | font-family: "HelveticaNeueLight", "HelveticaNeue-Light", "Helvetica Neue Light", "HelveticaNeue", "Helvetica Neue", 'TeXGyreHerosRegular', "Helvetica", "Tahoma", "Geneva", "Arial", sans-serif; font-weight:400; font-size:15pt; font-stretch:normal; | ||
3 | margin: 1em 0; | ||
4 | padding: 0 5%; | ||
5 | } | ||
6 | |||
7 | ul { | ||
8 | list-style-type: none; | ||
9 | } | ||
10 | |||
11 | li { | ||
12 | margin: 0 0 0.5em 0; | ||
13 | } | ||
14 | |||
15 | button { | ||
16 | margin: 0 0.5em 0 0; | ||
17 | min-width: 5.5em; | ||
18 | } | ||
19 | |||
20 | button.add, | ||
21 | button.edit { | ||
22 | box-shadow:inset 0px 1px 0px 0px #bee2f9; | ||
23 | background:linear-gradient(to bottom, #63b8ee 5%, #468ccf 100%); | ||
24 | background-color:#63b8ee; | ||
25 | border-radius:9px; | ||
26 | border:1px solid #3866a3; | ||
27 | display:inline-block; | ||
28 | cursor:pointer; | ||
29 | color:#ffffff; | ||
30 | padding:5px 6px; | ||
31 | text-decoration:none; | ||
32 | text-shadow:0px 1px 0px #7cacde; | ||
33 | } | ||
34 | button.delete { | ||
35 | box-shadow:inset 0px 1px 0px 0px #cf866c; | ||
36 | background:linear-gradient(to bottom, #d0451b 5%, #bc3315 100%); | ||
37 | background-color:#d0451b; | ||
38 | border-radius:9px; | ||
39 | border:1px solid #942911; | ||
40 | display:inline-block; | ||
41 | cursor:pointer; | ||
42 | color:#ffffff; | ||
43 | padding:5px 6px; | ||
44 | text-decoration:none; | ||
45 | text-shadow:0px 1px 0px #854629; | ||
46 | } | ||
47 | button.add:hover, | ||
48 | button.edit:hover { | ||
49 | background:linear-gradient(to bottom, #468ccf 5%, #63b8ee 100%); | ||
50 | background-color:#468ccf; | ||
51 | } | ||
52 | button.delete:hover { | ||
53 | background:linear-gradient(to bottom, #bc3315 5%, #d0451b 100%); | ||
54 | background-color:#bc3315; | ||
55 | } | ||
56 | |||
57 | button.add:active, | ||
58 | button.edit:active, | ||
59 | button.delete:active { | ||
60 | position:relative; | ||
61 | top:1px; | ||
62 | } | ||
63 | |||
64 | input[type="text"] { | ||
65 | padding: 0.3em 0.4em; | ||
66 | |||
67 | border: 1px solid grey; | ||
68 | border-radius: 6px; | ||
69 | |||
70 | font-weight: bold; | ||
71 | font-size: 13pt; | ||
72 | transition: background-color 1s; | ||
73 | color: #444; | ||
74 | min-width: 35%; | ||
75 | } | ||
76 | |||
77 | .age { | ||
78 | display: inline-block; | ||
79 | text-align: right; | ||
80 | border-radius: 4px; | ||
81 | border: solid 1px black; | ||
82 | background-color: grey; | ||
83 | padding: 0 0.2em; | ||
84 | margin-right: 0.5em; | ||
85 | width: 4em; | ||
86 | } | ||
diff --git a/templates/admin.html b/templates/admin.html new file mode 100644 index 0000000..e62979e --- /dev/null +++ b/templates/admin.html | |||
@@ -0,0 +1,67 @@ | |||
1 | <!DOCTYPE html> | ||
2 | <html> | ||
3 | <head> | ||
4 | <title>Filer Admin</title> | ||
5 | <meta charset="UTF-8"> | ||
6 | {{ dropzone.load_css() }} | ||
7 | {{ dropzone.style('border: 2px dashed #0087F7; min-height: 3em;') }} | ||
8 | <link rel="stylesheet" href="/static/style.css"> | ||
9 | <script> | ||
10 | function generatePassword() { | ||
11 | var chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!#$%&'()*+,-./:;<=>?@_{|}~"; | ||
12 | var randarray = new Uint16Array(32); | ||
13 | var retval = ""; | ||
14 | window.crypto.getRandomValues(randarray); | ||
15 | for (var i = 0, n = chars.length; i < randarray.length; ++i) | ||
16 | retval += chars.charAt(Math.floor(randarray[i] * n / 65336)); | ||
17 | console.log(retval); | ||
18 | document.getElementById("password").value = retval; | ||
19 | } | ||
20 | </script> | ||
21 | </head> | ||
22 | <body> | ||
23 | {{ dropzone.load_js() }} | ||
24 | <h1>Kanzlei Hubrig – Administration</h1> | ||
25 | <h2>Mandanten</h2> | ||
26 | <ul> | ||
27 | {%- for item in users %} | ||
28 | <li> | ||
29 | <form action="/admin/del-user/{{item}}" method="post" style="display: inline;" onsubmit="return confirm('Sind Sie sicher?');"> | ||
30 | <input type="hidden" name="_method" value="DELETE"> | ||
31 | <button class="delete">löschen</button> | ||
32 | </form> | ||
33 | <button class="edit" onclick="document.getElementById('user').value='{{item}}'">edit</button> | ||
34 | <a href="/admin/Dokumente/{{item}}">{{item}}</a> <small>Mandanten-URL: {{url_root}}Dokumente/{{item}}</small> | ||
35 | </li> | ||
36 | {%- endfor %} | ||
37 | <li> | ||
38 | <form action="/admin/new-user" method="post"> | ||
39 | <input id="user" name="user" type="text" placeholder="Name" required></input> | ||
40 | <input id="password" name="password" type="text" placeholder="Passwort" autocomplete="off" required></input> | ||
41 | <script>generatePassword()</script> | ||
42 | <button class="add" type="button" onclick="generatePassword()">Zufall</button> | ||
43 | <button class="add">Hinzufügen</button> | ||
44 | </form> | ||
45 | </li> | ||
46 | </ul> | ||
47 | |||
48 | <h2>Öffentliche Dokumente</h2> | ||
49 | <ul> | ||
50 | {%- for item in tree.children recursive %} | ||
51 | <li><form action="/admin/{{ item.name }}" method="post" style="display: inline;" onsubmit="return confirm('Are you sure?');"> | ||
52 | <input type="hidden" name="_method" value="DELETE"> | ||
53 | <button class="delete">löschen</button> | ||
54 | </form> | ||
55 | <a href="{{ item.name }}" download="{{item.download}}">{{ item.download }}</a> | ||
56 | {%- if item.children -%} | ||
57 | <ul>{{ loop(item.children) }}</ul> | ||
58 | {%- endif %}</li> | ||
59 | {%- endfor %} | ||
60 | </ul> | ||
61 | |||
62 | <h2>Öffentliches Dokument hochladen</h2> | ||
63 | <div class="droppy">{{ dropzone.create(action='/admin') }}</div> | ||
64 | |||
65 | {{ dropzone.config() }} | ||
66 | </body> | ||
67 | </html> | ||
diff --git a/templates/mandant.html b/templates/mandant.html new file mode 100644 index 0000000..16c07ab --- /dev/null +++ b/templates/mandant.html | |||
@@ -0,0 +1,37 @@ | |||
1 | <!DOCTYPE html> | ||
2 | <html> | ||
3 | <head> | ||
4 | <title>Filer</title> | ||
5 | <meta charset="UTF-8"> | ||
6 | {{ dropzone.load_css() }} | ||
7 | {{ dropzone.style('border: 2px dashed #0087F7; min-height: 10px;') }} | ||
8 | <link rel="stylesheet" href="/static/style.css"> | ||
9 | </head> | ||
10 | <body> | ||
11 | {{ dropzone.load_js() }} | ||
12 | <h1>Kanzlei Hubrig – Dokumenten-Austausch</h1> | ||
13 | {%- if admin %} | ||
14 | <a href="/admin">Zurück zur Übersicht</a> | ||
15 | {% endif -%} | ||
16 | <h2>Dokumente</h2> | ||
17 | <ul> | ||
18 | {%- for item in tree.children recursive %} | ||
19 | <li><form action="/{{admin}}{{ item.name }}" method="post" style="display: inline;" onsubmit="return confirm('Sind Sie sicher?');"> | ||
20 | <input type="hidden" name="_method" value="DELETE"> | ||
21 | <button class="delete" type="submit">löschen</button> | ||
22 | </form> | ||
23 | <div class="age">{{item.ttl}} Tag{%- if not item.ttl == 1 -%}e{%- endif -%}</div> | ||
24 | {%- if 'children' in item -%} | ||
25 | {{item.download}}<br/> | ||
26 | <ul>{{ loop(item.children) }}</ul> | ||
27 | {%- else -%} | ||
28 | <a href="/{{admin}}{{item.name}}" download="{{item.download}}">{{ item.download }}</a> | ||
29 | {%- endif %}</li> | ||
30 | {%- endfor %} | ||
31 | </ul> | ||
32 | |||
33 | <div class="droppy">{{ dropzone.create(action="/"+admin+"Dokumente/"+user) }}</div> | ||
34 | |||
35 | {{ dropzone.config() }} | ||
36 | </body> | ||
37 | </html> | ||