fix retention issue and add wipe / autoclean

This commit is contained in:
Jack Eilles 2024-01-05 11:17:46 +00:00
parent 4aaf68c1be
commit b26327627d
7 changed files with 75 additions and 13 deletions

View file

@ -19,7 +19,7 @@ from werkzeug.datastructures import FileStorage
from werkzeug.utils import secure_filename from werkzeug.utils import secure_filename
from app import app, worker, bcrypt, loginManager, csrf from app import app, worker, bcrypt, loginManager, csrf
from app.models import User from app.models import User
from config import Config, Errors from config import Config, Errors, quotes
class RegistrationForm(FlaskForm): class RegistrationForm(FlaskForm):
username = StringField('Username', validators=[DataRequired(), Length(min=2, max=16)]) username = StringField('Username', validators=[DataRequired(), Length(min=2, max=16)])
@ -49,8 +49,10 @@ def index():
# Check for a GET or POST request # Check for a GET or POST request
if request.method == "GET": if request.method == "GET":
print(current_user.is_authenticated) randomQuote = random.choice(list(quotes.items()))
return render_template('index.html') author = randomQuote[0]
quote = randomQuote[1]
return render_template('index.html', author=author, quote=quote)
elif request.method == "POST": elif request.method == "POST":

View file

@ -13,6 +13,7 @@
<li class="nav-item"><a href="{{ url_for('faq') }}">FAQ</a></li> <li class="nav-item"><a href="{{ url_for('faq') }}">FAQ</a></li>
<li class="nav-item"><a href="{{ url_for('contact') }}">Contact</a></li> <li class="nav-item"><a href="{{ url_for('contact') }}">Contact</a></li>
{% if current_user.is_authenticated %} {% if current_user.is_authenticated %}
<li class="nav-item"><a href="{{ url_for('dashboard') }}">Dashboard</a></li>
<li class="nav-item"><a href="{{ url_for('logout') }}">Logout</a></li> <li class="nav-item"><a href="{{ url_for('logout') }}">Logout</a></li>
{% else %} {% else %}
<li class="nav-item"><a href="{{ url_for('login') }}">Login</a></li> <li class="nav-item"><a href="{{ url_for('login') }}">Login</a></li>

View file

@ -8,6 +8,10 @@
<h5>Temporary file-hosting and URL shortening</h5> <h5>Temporary file-hosting and URL shortening</h5>
{% endif %} {% endif %}
<p>Welcome to xygt.cc, a no-bullshit, anonymous and temporary file-hosting and URL shortening solution, similar to the likes of pastebin and 0x0.</p> <p>Welcome to xygt.cc, a no-bullshit, anonymous and temporary file-hosting and URL shortening solution, similar to the likes of pastebin and 0x0.</p>
<hr>
<p>From {{ author }}:</p>
<p><i>"{{ quote }}" - Donate more than £5 to get your own quote here!</i></p>
<hr>
<p>Our default file retention is a minimum of 7 days and a maximum of 365 days, and is calculated using file size.</p> <p>Our default file retention is a minimum of 7 days and a maximum of 365 days, and is calculated using file size.</p>
<h3>How do I upload files?</h3> <h3>How do I upload files?</h3>
<p>You can either use the `upload` form, or use a POST request.</p> <p>You can either use the `upload` form, or use a POST request.</p>

View file

@ -27,7 +27,7 @@ def uploadFile(file, ip, userid, filename, id, retention):
# Calculate retention before the file is written, we'll grab the filesize here as it's needed for the equation. # Calculate retention before the file is written, we'll grab the filesize here as it's needed for the equation.
file.seek(0, os.SEEK_END) file.seek(0, os.SEEK_END)
fileSize = round(float(file.tell()) / 1024, 2) fileSize = round(float(file.tell()) / (1024 * 1024), 2)
# Set the position back to 0 # Set the position back to 0
file.seek(0) file.seek(0)
@ -51,11 +51,12 @@ def uploadFile(file, ip, userid, filename, id, retention):
'id': id, 'id': id,
'filename': filename, 'filename': filename,
'filesize': fileSize, 'filesize': fileSize,
'retention': round(retention * 86400), # Convert to seconds 'mimetype': file.content_type,
'retention': retention,
'userid': userid, 'userid': userid,
'ip': ip, 'ip': ip,
'date': date, 'date': date,
'expiry': date + round(retention * 86400) 'expiry': date + retention
} }
# Add the data and verify its there. # Add the data and verify its there.
@ -83,9 +84,9 @@ def shortenURL(url, ip, userid, id, retention):
userid = 0 userid = 0
if retention == None: if retention == None:
retention = 14 retention = 604800
elif retention > 365: elif retention > 31540000:
retention = 365 retention = 31540000
data = { data = {
"id": id, "id": id,
@ -116,6 +117,10 @@ def randomHex():
hexRand = ''.join(secrets.choice('0123456789abcdef') for _ in range(6)) hexRand = ''.join(secrets.choice('0123456789abcdef') for _ in range(6))
return hexRand return hexRand
def genIDPass():
idpass = ''.join(secrets.choice('0123456789abcdef') for _ in range(16))
return idpass
def registerUser(username, password): def registerUser(username, password):
# Initialise some values # Initialise some values
try: try:
@ -135,7 +140,7 @@ def registerUser(username, password):
def resetIDPass(userid): def resetIDPass(userid):
try: try:
idpass = randomHex(8) idpass = genIDPass()
hashedPass = bcrypt.generate_password_hash(idpass).decode("utf-8") hashedPass = bcrypt.generate_password_hash(idpass).decode("utf-8")
Config.users.update_one({"userid": userid}, {"$set": {"idpass": hashedPass}}) Config.users.update_one({"userid": userid}, {"$set": {"idpass": hashedPass}})
return idpass return idpass

48
autoclean.py Executable file
View file

@ -0,0 +1,48 @@
#!/usr/bin/env python
"""
xygt.cc cleanup script
This script will run once hourly to remove expired files and URL's from the database as well as local storage.
"""
import datetime
import os
from pymongo import MongoClient
from config import Config
class Config:
# MongoDB init stuff
client = MongoClient("mongodb://localhost:27017/")
db = client["xygt"]
files = db["file"]
url = db["url"]
users = db["users"]
fileDir = "./data"
def main():
print("Starting cleanup script...")
# Get current time in unix timestamp
now = datetime.datetime.now()
now = now.timestamp()
# Get all expired files
expiredFiles = Config.files.find({"expiry": {"$lt": now}})
expiredURLs = Config.url.find({"expiry": {"$lt": now}})
# Delete all expired files
for file in expiredFiles:
print(f"Deleting file {file['id']}")
Config.files.delete_one({"id": file["id"]})
os.remove(os.path.join(Config.fileDir, file["filename"]))
# Delete all expired URL's
for url in expiredURLs:
print(f"Deleting URL {url['id']}")
Config.url.delete_one({"id": url["id"]})
print("Cleanup complete.")
if __name__ == "__main__":
main()

View file

@ -12,8 +12,8 @@ class Config:
# Basic configs # Basic configs
maxFileSize = 256 maxFileSize = 256
premMaxFileSize = 512 premMaxFileSize = 512
maxretention = 365 maxretention = 31540000
minretention = 7 minretention = 604800
fileDir = "./data" fileDir = "./data"
ipLogEnabled = False ipLogEnabled = False
secretKey = "CHANGEINPRODUCTION" secretKey = "CHANGEINPRODUCTION"

View file

@ -6,6 +6,7 @@ This wipes all files and DB entries for Files, URL's and users.
""" """
import os import os
import subprocess
from pymongo import MongoClient from pymongo import MongoClient
class Config: class Config:
@ -31,7 +32,8 @@ def main():
print("Clearing user db") print("Clearing user db")
Config.url.delete_many({}) Config.url.delete_many({})
print("Deleting local files") print("Deleting local files")
os.remove(f"{Config.fileDir}/*") subprocess.run(["rm", "-rf", f"{Config.fileDir}"])
os.mkdir(f"{Config.fileDir}")
print("Done. xygt.cc is ready to start clean.") print("Done. xygt.cc is ready to start clean.")
exit() exit()