mirror of
https://github.com/jackeilles/xygt.git
synced 2024-11-10 00:42:39 +01:00
more fixessssss
This commit is contained in:
Jack Eilles
parent
59e9250b15
commit
39c084ea00
3 changed files with 78 additions and 50 deletions
|
|
@ -164,42 +164,45 @@ def getData(id):
|
||||||
return random.choice(Errors.file404)
|
return random.choice(Errors.file404)
|
||||||
|
|
||||||
@csrf.exempt
|
@csrf.exempt
|
||||||
@app.route('/<id>/delete')
|
@app.route('/<id>/delete', methods=["GET", "POST"])
|
||||||
def delete(id):
|
def delete(id):
|
||||||
if Config.files.find_one({"id": id}) is not None:
|
if request.method == "GET":
|
||||||
|
return "You're not very smart, are you? GET request on a DELETE endpoint LMAOOO\n\n"
|
||||||
|
elif request.method == "POST":
|
||||||
|
if Config.files.find_one({"id": id}) is not None:
|
||||||
|
|
||||||
data = Config.files.find_one({"id": id})
|
data = Config.files.find_one({"id": id})
|
||||||
|
|
||||||
if data["userid"] == request.form.get("userid") and bcrypt.check_password_hash(Config.users.find_one({"userid": data["userid"]})["idpass"], request.form.get("idpass")):
|
if data["userid"] == request.form.get("userid") and bcrypt.check_password_hash(Config.users.find_one({"userid": data["userid"]})["idpass"], request.form.get("idpass")):
|
||||||
Config.files.delete_one({"id": id})
|
Config.files.delete_one({"id": id})
|
||||||
os.remove(os.path.join(Config.fileDir, secure_filename(id)))
|
os.remove(os.path.join(Config.fileDir, secure_filename(id)))
|
||||||
return "File deleted."
|
return "File deleted."
|
||||||
|
|
||||||
elif data["userid"] == current_user.userid:
|
elif data["userid"] == current_user.userid:
|
||||||
Config.files.delete_one({"id": id})
|
Config.files.delete_one({"id": id})
|
||||||
os.remove(os.path.join(Config.fileDir, secure_filename(id)))
|
os.remove(os.path.join(Config.fileDir, secure_filename(id)))
|
||||||
return "File deleted."
|
return "File deleted."
|
||||||
|
|
||||||
|
else:
|
||||||
|
return "You are not the owner of this file."
|
||||||
|
|
||||||
|
elif Config.url.find_one({"id": id}) is not None:
|
||||||
|
|
||||||
|
data = Config.url.find_one({"id": id})
|
||||||
|
|
||||||
|
if data["userid"] == current_user.userid:
|
||||||
|
Config.files.delete_one({"id": id})
|
||||||
|
return "URL deleted."
|
||||||
|
|
||||||
|
elif data["userid"] == request.form.get("userid") and bcrypt.check_password_hash(Config.users.find_one({"userid": data["userid"]})["idpass"], request.form.get("idpass")):
|
||||||
|
Config.files.delete_one({"id": id})
|
||||||
|
return "URL deleted."
|
||||||
|
|
||||||
|
else:
|
||||||
|
return "You are not the owner of this link."
|
||||||
|
|
||||||
else:
|
else:
|
||||||
return "You are not the owner of this file."
|
return "This ID does not exist."
|
||||||
|
|
||||||
elif Config.url.find_one({"id": id}) is not None:
|
|
||||||
|
|
||||||
data = Config.url.find_one({"id": id})
|
|
||||||
|
|
||||||
if data["userid"] == current_user.userid:
|
|
||||||
Config.files.delete_one({"id": id})
|
|
||||||
return "URL deleted."
|
|
||||||
|
|
||||||
elif data["userid"] == request.form.get("userid") and bcrypt.check_password_hash(Config.users.find_one({"userid": data["userid"]})["idpass"], request.form.get("idpass")):
|
|
||||||
Config.files.delete_one({"id": id})
|
|
||||||
return "URL deleted."
|
|
||||||
|
|
||||||
else:
|
|
||||||
return "You are not the owner of this link."
|
|
||||||
|
|
||||||
else:
|
|
||||||
return "This ID does not exist."
|
|
||||||
|
|
||||||
@app.route('/teapot')
|
@app.route('/teapot')
|
||||||
def teapot():
|
def teapot():
|
||||||
|
|
@ -261,22 +264,36 @@ def resetidpass():
|
||||||
return f"Your new IDPass is \n {idpass}\n This will only be shown once, please save it somewhere safe."
|
return f"Your new IDPass is \n {idpass}\n This will only be shown once, please save it somewhere safe."
|
||||||
|
|
||||||
### API Endpoints ###
|
### API Endpoints ###
|
||||||
|
@csrf.exempt
|
||||||
@app.route('/api')
|
@app.route('/api', methods=["GET", "POST"])
|
||||||
def api():
|
def api():
|
||||||
return {"error": "Specify an API version."}
|
return {"error": "Specify an API version."}
|
||||||
|
|
||||||
@app.route('/api/v1')
|
@csrf.exempt
|
||||||
|
@app.route('/api/v1', methods=["GET", "POST"])
|
||||||
def v3():
|
def v3():
|
||||||
return {"status": "ok"}
|
return {"status": "ok"}
|
||||||
|
|
||||||
@app.route('/api/v1/user/<id>')
|
@csrf.exempt
|
||||||
|
@app.route('/api/v1/user/<id>', methods=["GET", "POST"])
|
||||||
def getUser(id):
|
def getUser(id):
|
||||||
return worker.userInfo(id)
|
data = Config.users.find_one({"userid": id})
|
||||||
|
if data["userid"] == request.form.get("userid") and bcrypt.check_password_hash(Config.users.find_one({"userid": data["userid"]})["idpass"], request.form.get("idpass")):
|
||||||
|
return worker.userInfo(id)
|
||||||
|
else:
|
||||||
|
return "Incorrect userID or IDPass", 401
|
||||||
|
|
||||||
@app.route('/api/v1/file/<id>')
|
@csrf.exempt
|
||||||
|
@app.route('/api/v1/file/<id>', methods=["GET", "POST"])
|
||||||
def getInfo(id):
|
def getInfo(id):
|
||||||
return worker.idInfo(id)
|
data = Config.files.find_one({"id": id})
|
||||||
|
|
||||||
|
if data["userid"] == request.form.get("userid") and bcrypt.check_password_hash(Config.users.find_one({"userid": data["userid"]})["idpass"], request.form.get("idpass")):
|
||||||
|
cred = True
|
||||||
|
else:
|
||||||
|
cred = False
|
||||||
|
|
||||||
|
return worker.idInfo(id, cred)
|
||||||
|
|
||||||
### Error Handlers ###
|
### Error Handlers ###
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,6 @@
|
||||||
<table>
|
<table>
|
||||||
<tr>
|
<tr>
|
||||||
<th>ID</th>
|
<th>ID</th>
|
||||||
|
|
||||||
<th>Filename</th>
|
<th>Filename</th>
|
||||||
<th>Size</th>
|
<th>Size</th>
|
||||||
<th>Retention</th>
|
<th>Retention</th>
|
||||||
|
|
|
||||||
|
|
@ -108,17 +108,29 @@ def shortenURL(url, ip, userid, id, retention):
|
||||||
|
|
||||||
return f"https://xygt.cc/{id}", 200
|
return f"https://xygt.cc/{id}", 200
|
||||||
|
|
||||||
def idInfo(id):
|
def idInfo(id, cred):
|
||||||
# Check files and url for the ID
|
# Check if cred is true
|
||||||
if Config.files.find_one({"id": id}) is not None:
|
if cred:
|
||||||
check = Config.files.find_one({"id": id}, {'_id': False, "ip": False})
|
# Check files and url for the ID
|
||||||
# "ip": False removes the IP from the returned data.
|
if Config.files.find_one({"id": id}) is not None:
|
||||||
# If it's not there then check url
|
check = Config.files.find_one({"id": id}, {'_id': False})
|
||||||
elif Config.url.find_one({"id": id}) is not None:
|
|
||||||
check = Config.url.find_one({"id": id}, {'_id': False, "ip": False})
|
|
||||||
|
|
||||||
# Return the mongodb info about the file, removing IP if its present
|
# If it's not there then check url
|
||||||
return check
|
elif Config.url.find_one({"id": id}) is not None:
|
||||||
|
check = Config.url.find_one({"id": id}, {'_id': False})
|
||||||
|
|
||||||
|
# Return the mongodb info about the file
|
||||||
|
return check
|
||||||
|
else:
|
||||||
|
# Check files and url for the ID
|
||||||
|
if Config.files.find_one({"id": id}) is not None:
|
||||||
|
check = Config.files.find_one({"id": id}, {'_id': False, "ip": False, "userid": False})
|
||||||
|
# If it's not there then check url
|
||||||
|
elif Config.url.find_one({"id": id}) is not None:
|
||||||
|
check = Config.url.find_one({"id": id}, {'_id': False, "ip": False, "userid": False})
|
||||||
|
|
||||||
|
# Return the mongodb info about the file
|
||||||
|
return check
|
||||||
|
|
||||||
def userInfo(id):
|
def userInfo(id):
|
||||||
# Grab user entry from userID
|
# Grab user entry from userID
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue