From c39495149fb25510350c6aed0564ff55382e30f6 Mon Sep 17 00:00:00 2001 From: Jack Eilles Date: Thu, 4 Jan 2024 18:58:42 +0000 Subject: [PATCH] add idpass reset, finish dashboard functionality --- app/routes.py | 49 +++++++++++++++++++++----- app/templates/dashboard.html | 68 ++++++++++++++++++++++++++++++++++++ app/worker.py | 24 ++++++++++--- 3 files changed, 128 insertions(+), 13 deletions(-) create mode 100644 app/templates/dashboard.html diff --git a/app/routes.py b/app/routes.py index 7838ad9..65c6e16 100644 --- a/app/routes.py +++ b/app/routes.py @@ -76,8 +76,6 @@ def index(): # Call the function to upload the file, this will return either HTTP Status codes or a 200 with a URL. result, status = worker.uploadFile(file, ip, userid, filename, id, retention) - result = "https://xygt.cc/{}".format(result) - return result, status elif 'file' in request.form: @@ -85,8 +83,6 @@ def index(): file = FileStorage(stream=BytesIO(request.form['file'].encode("utf-8")), filename=id, content_type="text/plain") result, status = worker.uploadFile(file, ip, userid, filename, id, retention) - - result = "https://xygt.cc/{}".format(result) return result, status @@ -96,8 +92,6 @@ def index(): result, status = worker.shortenURL(url, ip, userid, id, retention) - result = "https://xygt.cc/{}".format(result) - return result, status @app.route('/about') @@ -128,6 +122,11 @@ def transparency(): def public(): return "Nothing here yet." +@app.route('/dashboard') +@login_required +def dashboard(): + return render_template('dashboard.html', files=Config.files.find({"userid": current_user.userid}), urls=Config.url.find({"userid": current_user.userid})) + @app.route('/') def getData(id): @@ -161,6 +160,28 @@ def getInfo(id): return worker.idInfo(id) +@app.route('//delete') +@login_required +def delete(id): + if Config.files.find_one({"id": id}) is not None: + if Config.files.find_one({"id": id}) is None: + return Errors.file404 + else: + data = Config.files.find_one({"id": id}) + + if data["userid"] == current_user.userid: + Config.files.delete_one({"id": id}) + os.remove(os.path.join(Config.fileDir, secure_filename(id))) + return "File deleted." + + elif data["userid"] == request.form.get("userid") and bcrypt.check_password_hash(Config.user.find_one({"userid": data["userid"]})["idpass"], request.form.get("idpass")): + Config.files.delete_one({"id": id}) + os.remove(os.path.join(Config.fileDir, secure_filename(id))) + return "File deleted." + + else: + return "You are not the owner of this file." + @app.route('/teapot') def teapot(): return 'I\'m a teapot. 418.', 418 @@ -201,7 +222,6 @@ def login(): if user and bcrypt.check_password_hash(user.password, password): login_user(user) - print(current_user.is_authenticated) flash("Successfully logged in!", "success") return redirect("/") else: @@ -211,4 +231,17 @@ def login(): @app.route('/logout') def logout(): logout_user() - return redirect("/") \ No newline at end of file + return redirect("/") + +@app.route('/resetidpass') +def resetidpass(): + idpass = worker.resetIDPass(current_user.userid) + if idpass == False: + return "Something went wrong, sorry. Please try again." + else: + return f"Your new IDPass is \n {idpass}\n This will only be shown once, please save it somewhere safe." + + +@app.errorhandler(404) +def page_not_found(e): + return random.choice(Errors.file404), 404 \ No newline at end of file diff --git a/app/templates/dashboard.html b/app/templates/dashboard.html new file mode 100644 index 0000000..54106d7 --- /dev/null +++ b/app/templates/dashboard.html @@ -0,0 +1,68 @@ +{% extends 'base.html' %} + +{% block content %} + +

Dashboard

+

Hello, {{ current_user.user }}

+

Files

+ + + + + + + + + + {% for file in files %} + + + + + + + + + {% endfor %} +
IDFilenameSizeRetentionUploadedActions
{{ file['id'] }}{{ file["filename"] }}{{ file["size"] }}{{ file["retention"] }}{{ file["uploaded"] }}Delete
+
+

URL's

+ + + + + + + + + {% for url in urls %} + + + + + + + + {% endfor %} +
IDURLRetentionUploadedActions
{{ url['id'] }}{{ url["url"] }}{{ url["retention"] }}{{ url["uploaded"] }}Delete
+
+

Forgot your UserID?

+

Click below to view it.

+ + +
+

Generate a new IDPass.

+

If you've just created an account, lost your IDPass, or believe someone else is using your IDPass, you can reset it here.

+ Reset IDPass +{% endblock %} \ No newline at end of file diff --git a/app/worker.py b/app/worker.py index 20ea33f..c72fc72 100644 --- a/app/worker.py +++ b/app/worker.py @@ -28,7 +28,9 @@ def uploadFile(file, ip, userid, filename, id, retention): # Calculate retention before the file is written, we'll grab the filesize here as it's needed for the equation. file.seek(0, os.SEEK_END) fileSize = round(float(file.tell()) / 1024, 2) - print(fileSize) + + # Set the position back to 0 + file.seek(0) if retention == None: retention = (Config.minretention+(-Config.maxretention + Config.minretention)*pow((fileSize / Config.maxFileSize -1), 3)) @@ -60,7 +62,7 @@ def uploadFile(file, ip, userid, filename, id, retention): Config.files.insert_one(data) print(Config.files.find_one({"id": id})) - return id, 200 + return f"https://xygt.cc/{id}", 200 else: return random.choice(Errors.fileTooLarge), 400 else: @@ -96,7 +98,7 @@ def shortenURL(url, ip, userid, id, retention): Config.url.insert_one(data) print(Config.url.find_one({"id": data["id"]})) - return id, 200 + return f"https://xygt.cc/{id}", 200 def idInfo(id): # Check files and url for the ID @@ -118,12 +120,24 @@ def registerUser(username, password): # Initialise some values try: level = 1 - userid = randomHex() - idpass = bcrypt.generate_password_hash(randomHex()).decode("utf-8") + while True: + userid = randomHex() + if Config.users.find_one({"userid": userid}) is None: + break + idpass = bcrypt.generate_password_hash(randomHex()).decode("utf-8") # The user will not know this, they'll need to generate a new one. password = bcrypt.generate_password_hash(password).decode("utf-8") user = User(username, userid, password, idpass, level) Config.users.insert_one(user.__dict__) return True + except: + return False + +def resetIDPass(userid): + try: + idpass = randomHex(8) + hashedPass = bcrypt.generate_password_hash(idpass).decode("utf-8") + Config.users.update_one({"userid": userid}, {"$set": {"idpass": hashedPass}}) + return idpass except: return False \ No newline at end of file