swee / Original fastfile code (without templates)

from flask import Flask, send_file, request, redirect, abort, render_template, Response import pyotp import uuid fastfile = """<body class="container text-white bg-dark"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css" rel="stylesheet"> <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/bootstrap.bundle.min.js"></script> <script src="https://kit.fontawesome.com/30bde606c1.js" crossorigin="anonymous"></script> <style> center { position: absolute; top: 50%; left: 50%; transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); /* IE 9 */ -webkit-transform: translate(-50%, -50%); /* Chrome, Safari, Opera */} </style> <center>""" #FastFiles otp = pyotp.TOTP('<REDACTED>') @app.route('/host/raw/<file>') def fastfile_raw(file): if ".." in file: return("Nice try") elif os.path.isfile("/home/swee/fastfile/" + file): return send_file("/home/swee/fastfile/" + file, mimetype=mime.from_file("/home/swee/fastfile/" + file)) else: abort(404) @app.route('/host/<file>') def fastfile_new(file): if ".." in file: return("Nice try") elif os.path.isfile("/home/swee/fastfile/" + file): try: if mime.from_file("/home/swee/fastfile/" + file).split("/")[0] == "image": return render_template("fastfile-image.html", name = file, mime = mime.from_file("/home/swee/fastfile/" + file)) elif mime.from_file("/home/swee/fastfile/" + file).split("/")[0] == "video": return render_template("fastfile-video.html", name = file, mime = mime.from_file("/home/swee/fastfile/" + file)) elif mime.from_file("/home/swee/fastfile/" + file).split("/")[0] == "text": return render_template("fastfile-text.html", name = file, code = open("/home/swee/fastfile/" + file).read(), mime = mime.from_file("/home/swee/fastfile/" + file)) else: return render_template("fastfile.html", name = file, mime = mime.from_file("/home/swee/fastfile/" + file)) except: return render_template("fastfile.html", name = file, mime = mime.from_file("/home/swee/fastfile/" + file)) else: abort(404) @app.route('/upload') def uploader(): return send_file("/home/swee/uploader.html", mimetype='text/html') @app.route('/host-upload', methods=['GET', 'POST']) def fastfile_upload(): if request.method == 'POST': try: recovery = str(open("/home/swee/mysite/recovery").read()) if otp.verify(request.form.get('token')) or request.form.get('token') == recovery: if request.form.get('token') == recovery: recovery = generate_random_code(6) open("/home/swee/mysite/recovery", "w").write(recovery) file = request.files['file'] filer = file.filename.replace(" ", "_").replace("(", "_").replace(")", "_") try: anony = request.form.get('anony') == "true" except: anony = False if anony: filer = str(uuid.uuid4()) while os.path.isfile("/home/swee/fastfile/" + filer): filer = str(uuid.uuid4()) else: if os.path.isfile("/home/swee/fastfile/" + filer): i = 1 while os.path.isfile("/home/swee/fastfile/" + str(i) + filer): i+=1 filer = str(i) + filer open("/home/swee/fastfile/" + filer, "wb").write(file.read()) return render_template("success.html", text = urllib.parse.quote(filer), recovery=recovery) else: return render_template("otpfail.html", text = "TOTP authentication failed, enter a new OTP code or use your one-time recovery code. If you can't access one of these, > except: return render_template("otpfail.html", text = traceback.format_exc()) else: return render_template("otpfail.html", text = "GET requests cannot be used for uploading.") return 'hmm... your request went through my code, that wasn\'t supposed to happen...'