Initial import

2016-11-18 14:12:55 +01:00 · 2016-11-18 14:12:55 +01:00 · c54898da7a
commit c54898da7a
11 changed files with 318 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,4 @@
 venv
 __pycache__/
 *.egg-info
--- a/README.md
+++ b/README.md
@ -0,0 +1,13 @@
 This is a simple file storage and permanent archive service.
 It allows people to drop off files which are then assigned a uuid to link to.
 =Install dependencies=
 export VENV=/path/to/venv
 python3 -m venv $VENV
 $VENV/bin/pip install -e .
 =Run the application stand-alone=
 $VENV/bin/pserve settings.ini --reload
--- a/filestorage/init.py
+++ b/filestorage/init.py
@ -0,0 +1,61 @@
 import os
 import shelve
 from wsgiref.simple_server import make_server
 from pyramid.config import Configurator
 """
 Main entrance point that returns a wsgi application
 """
 def main(global_config, **settings):
    config = Configurator(settings=settings)
    # Home view when visiting the app on /
    config.add_route('home', '/')
    # REST-API view behind /files
    config.add_route('files', '/files')
    config.add_route('files_uuid', '/files/{file_id}')
    config.add_route('file_details', '/files/{file_id}/info')
    config.add_route('file_uuid_key', '/files/{file_id}/{file_key}')
    # Route for static files
    config.add_static_view(name='static', path='filestorage:static')
    # Add pyramid_jinja2 module to app config for web_views
    config.include('pyramid_jinja2')
    # Do a config scan to get all the views
    config.scan()
    # Make sure the infrastructure (folders, database) are set up
    setup_infrastructure(config.registry.settings)
    # Finally build and return the app
    app = config.make_wsgi_app()
    return app
 """
 Checkup routine to make sure folders and database are fine
 """
 def setup_infrastructure(settings):
    # Check temp folder
    tmp_folder = settings['path_tmp']
    if not os.path.exists(tmp_folder):
        os.makedirs(tmp_folder)
    if not os.access(tmp_folder, os.W_OK):
        raise PermissionError('Unable to write to temporary folder: %s' % tmp_folder)
    # Check file storage folder
    path_file_storage = settings['path_file_storage']
    if not os.path.exists(path_file_storage):
        os.makedirs(path_file_storage)
    if not os.access(path_file_storage, os.W_OK):
        raise PermissionError('Unable to write to file storage folder: %s' % path_file_storage)
    # Make sure shelve database works (and exists)
    path_database = settings['path_database']
    db = shelve.open(path_database, flag='c')
    db.close()
    pass
--- a/filestorage/api_views.py
+++ b/filestorage/api_views.py
@ -0,0 +1,134 @@
 import datetime
 import hashlib
 import os
 import shelve
 import shutil
 import uuid
 from pyramid.view import view_defaults
 from pyramid.view import view_config
 from pyramid.response import Response, FileResponse
 """
 This REST API provides a file resource to upload, update, download
 and delete files.
 """
@view_defaults(route_name='files', renderer='json')
 class RESTView(object):
    def __init__(self, request):
        self.request = request
        self.path_db = request.registry.settings['path_database']
        self.path_tmp = request.registry.settings['path_tmp']
        self.path_file_storage = request.registry.settings['path_file_storage']
    def db_fetch_file(self, file_id):
        with shelve.open(self.path_db, flag='r') as db:
            if file_id not in db:
                raise LookupError('File with uuid %s does not exist!' % uuid)
            else:
                return db[file_id]
    def db_add_file(self, file_id, data):
        with shelve.open(self.path_db, flag='w') as db:
            if file_id in db:
                raise Error('File with uuid %s already exists!' % uuid)
            else:
                db[file_id] = data
    def db_update_file(self, file_id, data):
        with shelve.open(self.path_db, flag='w') as db:
            if file_id not in db:
                raise LookupError('File with uuid %s does not exist, cannot update!' % uuid)
            else:
                db[file_id] = data
    def db_delete_file(self, file_id):
        with shelve.open(self.path_db, flag='w') as db:
            if file_id in db:
                del db[file_id]
            else:
                raise LookupError('File with uuid %s does not exist, cannot delete!' % uuid)
    """
    Helper method to calculate hash of file
    """
    def hash_file(self, filename, hasher):
        BLOCKSIZE = 65536
        with open(filename, 'rb') as infile:
            buf = infile.read(BLOCKSIZE)
            while len(buf) > 0:
                hasher.update(buf)
                buf = infile.read(BLOCKSIZE)
        return hasher.hexdigest()
    @view_config(request_method='PUT')
    def put(self):
        try:
            # Create a fresh uuid for the new file
            file_id = str(uuid.uuid4())
            # Use PUT /files to create a new file
            input_file = self.request.POST['file'].file
            # Write the data into a temporary file
            temp_file_path = os.path.join(self.path_tmp, '%s' % file_id) + '~'
            input_file.seek(0)
            with open(temp_file_path, 'wb') as output_file:
                shutil.copyfileobj(input_file, output_file)
            # Now that we know the file has been fully saved to disk move it into place.
            target_file_path = os.path.join(self.path_file_storage, '%s' % file_id)
            os.rename(temp_file_path, target_file_path)
            # Calculate file hash
            filehash_md5 = self.hash_file(target_file_path, hashlib.md5())
            filehash_sha1 = self.hash_file(target_file_path, hashlib.sha1())
            filehash_sha256 = self.hash_file(target_file_path, hashlib.sha256())
            # Gather all data about the file
            file_data = dict(uuid=file_id,name=self.request.POST['file'].filename, key=str(uuid.uuid4()), create_utc=str(datetime.datetime.utcnow()), sha256=filehash_sha256, sha1=filehash_sha1, md5=filehash_md5)
            # Store file data in database
            self.db_add_file(file_id, file_data)
            # Hopefully everything worked out, so return the data from the file
            return file_data
        except:
            return dict(success=False)
    @view_config(request_method='GET', route_name='files_uuid')
    def get(self):
        # Use GET /files/<uuid> to retrieve the file
        file_id = self.request.matchdict['file_id']
        try:
            file_data = self.db_fetch_file(file_id)
            external_filename = file_data['name']
            file_response = FileResponse(os.path.join(self.path_file_storage, '%s' % file_id))
            file_response.content_disposition = 'attachment; filename=%s' % external_filename
            return file_response
        except:
            return dict(success=False)
    @view_config(request_method='GET', route_name='file_details')
    def get_info(self):
        # Use GET /files/<uuid>/info to get file details
        file_id = self.request.matchdict['file_id']
        try:
            file_data = self.db_fetch_file(file_id)
            del file_data['key'] # Remove the secret key only the creator is supposed to know
            return file_data
        except:
            return dict(success=False)
    @view_config(request_method='DELETE', route_name='file_uuid_key')
    def delete(self):
        # Use DELETE /files/<uuid>/<key> to delete file
        file_id = self.request.matchdict['file_id']
        file_key = self.request.matchdict['file_key']
        try:
            file_data = self.db_fetch_file(file_id)
        except:
            return dict(success=False)
        if file_data['key'] == file_key:
            # Delete file and db entry
            file_path = os.path.join(self.path_file_storage, '%s' % file_id)
            os.remove(file_path)
            self.db_delete_file(file_id)
            return dict(success=True)
        else:
            return dict(success=False)
--- a/filestorage/static/app.css
+++ b/filestorage/static/app.css
@ -0,0 +1,4 @@
 body {
    margin: 2em;
    font-family: sans-serif;
 }
--- a/filestorage/static/app.js
+++ b/filestorage/static/app.js
@ -0,0 +1 @@
 # TODO: Implement the jQuery REST API client!
--- a/filestorage/static/jquery-3.1.1.min.js
+++ b/filestorage/static/jquery-3.1.1.min.js
--- a/filestorage/templates/home.jinja2
+++ b/filestorage/templates/home.jinja2
@ -0,0 +1,29 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
    <title>Filestorage Service</title>
    <meta charset="utf-8">
    <link rel="stylesheet" href="{{ request.static_url('filestorage:static/app.css') }}"/>
    <script type="text/javascript" src="{{ request.static_url('filestorage:static/jquery-3.1.1.min.js') }}"></script>
    <script type="text/javascript" src="{{ request.static_url('filestorage:static/app.js') }}"></script>
 </head>
 <body>
  <h1>Welcome!</h1>
  <p>
    This site enables users to upload files for temporary or permanent access.
    Since the PUT method of the API is used to upload files, please enable javascript.
  </p>
  <p>
    Use this command to upload a file using curl:
    <pre>curl {{ request.route_url('files') }} -X PUT -F "file=@/path/to/your/file"</pre>
  </p>
  <p>
    Use this form to upload a file! (TODO: Implement with jQuery, properly display results)
    <form action="/files" method="PUT" accept-charset="utf-8" enctype="multipart/form-data">
      <label for="file">File</label>
      <input id="file" name="file" type="file" value="" />
      <input type="submit" value="Upload!" />
    </form>
  </p>
 </body>
 </html>
--- a/filestorage/web_views.py
+++ b/filestorage/web_views.py
@ -0,0 +1,44 @@
 import cgi
 from pyramid.httpexceptions import HTTPFound
 from pyramid.response import Response
 from pyramid.view import view_config
@view_config(route_name='home', renderer='templates/home.jinja2')
 def home_view(request):
    return dict()
    # This is how params can be passed to the renderer
    #return dict(name=request.matchdict['name'])
 """
 # /howdy?name=alice which links to the next view
@view_config(route_name='hello')
 def hello_view(request):
    name = request.params.get('name', 'No Name')
    body = '<p>Hi %s, this <a href="/goto">redirects</a></p>'
    # cgi.escape to prevent Cross-Site Scripting (XSS) [CWE 79]
    return Response(body % cgi.escape(name))
 # /goto which issues HTTP redirect to the last view
@view_config(route_name='redirect')
 def redirect_view(request):
    return HTTPFound(location="/problem")
 # /problem which causes a site error
@view_config(route_name='exception')
 def exception_view(request):
    raise Exception()
 # /get which shows a file by its uuid
@view_config(route_name='get_file')
 def get_file_view(request):
    body = 'Param: $(uuid)' % request.matchdict
    return Response(body)
 view_config(route_name='home', renderer='json')
 def hello_json(request):
    return [1, 2, 3]
 """
--- a/settings.ini
+++ b/settings.ini
@ -0,0 +1,10 @@
 [app:main]
 use = egg:filestorage
 path_tmp = /tmp
 path_file_storage = /tmp/bucket
 path_database = /tmp/filestorage.shelve
 [server:main]
 use = egg:pyramid#wsgiref
 host = 127.0.0.1
 port = 6543
--- a/setup.py
+++ b/setup.py
@ -0,0 +1,14 @@
 from setuptools import setup
 requires = [
    'pyramid',
    'pyramid_jinja2',
 ]
 setup(name='filestorage',
      install_requires=requires,
      entry_points="""\
      [paste.app_factory]
      main = filestorage:main
      """,
 )
		`@ -0,0 +1 @@`
							`# TODO: Implement the jQuery REST API client!`