swee ha revisionato questo gist . Vai alla revisione
Nessuna modifica
swee ha revisionato questo gist . Vai alla revisione
1 file changed, 84 insertions
fastfile.py(file creato)
| @@ -0,0 +1,84 @@ | |||
| 1 | + | from flask import Flask, send_file, request, redirect, abort, render_template, Response | |
| 2 | + | import pyotp | |
| 3 | + | import uuid | |
| 4 | + | fastfile = """<body class="container text-white bg-dark"> | |
| 5 | + | <meta name="viewport" content="width=device-width, initial-scale=1.0"> | |
| 6 | + | <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css" rel="stylesheet"> | |
| 7 | + | <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/bootstrap.bundle.min.js"></script> | |
| 8 | + | <script src="https://kit.fontawesome.com/30bde606c1.js" crossorigin="anonymous"></script> | |
| 9 | + | <style> | |
| 10 | + | center { | |
| 11 | + | position: absolute; | |
| 12 | + | top: 50%; | |
| 13 | + | left: 50%; | |
| 14 | + | transform: translate(-50%, -50%); | |
| 15 | + | -ms-transform: translate(-50%, -50%); /* IE 9 */ | |
| 16 | + | -webkit-transform: translate(-50%, -50%); /* Chrome, Safari, Opera */} | |
| 17 | + | </style> | |
| 18 | + | <center>""" | |
| 19 | + | #FastFiles | |
| 20 | + | otp = pyotp.TOTP('<REDACTED>') | |
| 21 | + | @app.route('/host/raw/<file>') | |
| 22 | + | def fastfile_raw(file): | |
| 23 | + | if ".." in file: | |
| 24 | + | return("Nice try") | |
| 25 | + | elif os.path.isfile("/home/swee/fastfile/" + file): | |
| 26 | + | return send_file("/home/swee/fastfile/" + file, mimetype=mime.from_file("/home/swee/fastfile/" + file)) | |
| 27 | + | else: | |
| 28 | + | abort(404) | |
| 29 | + | ||
| 30 | + | @app.route('/host/<file>') | |
| 31 | + | def fastfile_new(file): | |
| 32 | + | if ".." in file: | |
| 33 | + | return("Nice try") | |
| 34 | + | elif os.path.isfile("/home/swee/fastfile/" + file): | |
| 35 | + | try: | |
| 36 | + | if mime.from_file("/home/swee/fastfile/" + file).split("/")[0] == "image": | |
| 37 | + | return render_template("fastfile-image.html", name = file, mime = mime.from_file("/home/swee/fastfile/" + file)) | |
| 38 | + | elif mime.from_file("/home/swee/fastfile/" + file).split("/")[0] == "video": | |
| 39 | + | return render_template("fastfile-video.html", name = file, mime = mime.from_file("/home/swee/fastfile/" + file)) | |
| 40 | + | elif mime.from_file("/home/swee/fastfile/" + file).split("/")[0] == "text": | |
| 41 | + | return render_template("fastfile-text.html", name = file, code = open("/home/swee/fastfile/" + file).read(), mime = mime.from_file("/home/swee/fastfile/" + file)) | |
| 42 | + | else: | |
| 43 | + | return render_template("fastfile.html", name = file, mime = mime.from_file("/home/swee/fastfile/" + file)) | |
| 44 | + | except: | |
| 45 | + | return render_template("fastfile.html", name = file, mime = mime.from_file("/home/swee/fastfile/" + file)) | |
| 46 | + | else: | |
| 47 | + | abort(404) | |
| 48 | + | @app.route('/upload') | |
| 49 | + | def uploader(): | |
| 50 | + | return send_file("/home/swee/uploader.html", mimetype='text/html') | |
| 51 | + | @app.route('/host-upload', methods=['GET', 'POST']) | |
| 52 | + | def fastfile_upload(): | |
| 53 | + | if request.method == 'POST': | |
| 54 | + | try: | |
| 55 | + | recovery = str(open("/home/swee/mysite/recovery").read()) | |
| 56 | + | if otp.verify(request.form.get('token')) or request.form.get('token') == recovery: | |
| 57 | + | if request.form.get('token') == recovery: | |
| 58 | + | recovery = generate_random_code(6) | |
| 59 | + | open("/home/swee/mysite/recovery", "w").write(recovery) | |
| 60 | + | file = request.files['file'] | |
| 61 | + | filer = file.filename.replace(" ", "_").replace("(", "_").replace(")", "_") | |
| 62 | + | try: | |
| 63 | + | anony = request.form.get('anony') == "true" | |
| 64 | + | except: | |
| 65 | + | anony = False | |
| 66 | + | if anony: | |
| 67 | + | filer = str(uuid.uuid4()) | |
| 68 | + | while os.path.isfile("/home/swee/fastfile/" + filer): | |
| 69 | + | filer = str(uuid.uuid4()) | |
| 70 | + | else: | |
| 71 | + | if os.path.isfile("/home/swee/fastfile/" + filer): | |
| 72 | + | i = 1 | |
| 73 | + | while os.path.isfile("/home/swee/fastfile/" + str(i) + filer): | |
| 74 | + | i+=1 | |
| 75 | + | filer = str(i) + filer | |
| 76 | + | open("/home/swee/fastfile/" + filer, "wb").write(file.read()) | |
| 77 | + | return render_template("success.html", text = urllib.parse.quote(filer), recovery=recovery) | |
| 78 | + | else: | |
| 79 | + | return render_template("otpfail.html", text = "TOTP authentication failed, enter a new OTP code or use your one-time recovery code. If you can't access one of these, > | |
| 80 | + | except: | |
| 81 | + | return render_template("otpfail.html", text = traceback.format_exc()) | |
| 82 | + | else: | |
| 83 | + | return render_template("otpfail.html", text = "GET requests cannot be used for uploading.") | |
| 84 | + | return 'hmm... your request went through my code, that wasn\'t supposed to happen...' | |
Più nuovi
Più vecchi