Compare commits
1 Commits
master
...
developmen
| Author | SHA1 | Date | |
|---|---|---|---|
| 54a3bb8cc7 |
22
app.py
22
app.py
@ -782,9 +782,15 @@ def serve_file(subpath):
|
|||||||
root, *relative_parts = subpath.split('/')
|
root, *relative_parts = subpath.split('/')
|
||||||
|
|
||||||
dltoken = request.args.get('dltoken')
|
dltoken = request.args.get('dltoken')
|
||||||
|
token_payload = None
|
||||||
if dltoken:
|
if dltoken:
|
||||||
as_attachment = True
|
as_attachment = True
|
||||||
full_path = auth.decode_token(dltoken)['filename']
|
try:
|
||||||
|
token_payload = auth.decode_token(dltoken)
|
||||||
|
full_path = token_payload['filename']
|
||||||
|
except Exception as e:
|
||||||
|
app.logger.warning(f"Invalid dltoken: {e}")
|
||||||
|
return jsonify({'Unauthorized': 'Invalid token'}), 403
|
||||||
else:
|
else:
|
||||||
as_attachment = False
|
as_attachment = False
|
||||||
base_path = session['folders'].get(root)
|
base_path = session['folders'].get(root)
|
||||||
@ -811,6 +817,8 @@ def serve_file(subpath):
|
|||||||
user_agent = request.headers.get('User-Agent')
|
user_agent = request.headers.get('User-Agent')
|
||||||
range_header = request.headers.get('Range', '')
|
range_header = request.headers.get('Range', '')
|
||||||
req_id = request.args.get('req') or request.headers.get('X-Request-Id')
|
req_id = request.args.get('req') or request.headers.get('X-Request-Id')
|
||||||
|
token_device_id = token_payload.get('device_id') if token_payload else None
|
||||||
|
device_id = token_device_id or session.get('device_id')
|
||||||
|
|
||||||
def is_range_prefetch(header, ua):
|
def is_range_prefetch(header, ua):
|
||||||
"""
|
"""
|
||||||
@ -932,7 +940,7 @@ def serve_file(subpath):
|
|||||||
mime,
|
mime,
|
||||||
ip_address,
|
ip_address,
|
||||||
user_agent,
|
user_agent,
|
||||||
session['device_id'],
|
device_id,
|
||||||
cached_hit,
|
cached_hit,
|
||||||
request.method
|
request.method
|
||||||
)
|
)
|
||||||
@ -995,7 +1003,7 @@ def serve_file(subpath):
|
|||||||
mime,
|
mime,
|
||||||
ip_address,
|
ip_address,
|
||||||
user_agent,
|
user_agent,
|
||||||
session['device_id'],
|
device_id,
|
||||||
cached_hit,
|
cached_hit,
|
||||||
request.method
|
request.method
|
||||||
)
|
)
|
||||||
@ -1145,6 +1153,11 @@ def create_dltoken(subpath):
|
|||||||
root, *relative_parts = subpath.split('/')
|
root, *relative_parts = subpath.split('/')
|
||||||
base_path = session['folders'].get(root)
|
base_path = session['folders'].get(root)
|
||||||
full_path = os.path.join(base_path or '', *relative_parts)
|
full_path = os.path.join(base_path or '', *relative_parts)
|
||||||
|
|
||||||
|
device_id = session.get('device_id')
|
||||||
|
if not device_id:
|
||||||
|
device_id = os.urandom(32).hex()
|
||||||
|
session['device_id'] = device_id
|
||||||
|
|
||||||
try:
|
try:
|
||||||
full_path = check_path(full_path)
|
full_path = check_path(full_path)
|
||||||
@ -1158,7 +1171,8 @@ def create_dltoken(subpath):
|
|||||||
validity_date = datetime.now().strftime('%d.%m.%Y')
|
validity_date = datetime.now().strftime('%d.%m.%Y')
|
||||||
data = {
|
data = {
|
||||||
"validity": validity_date,
|
"validity": validity_date,
|
||||||
"filename": str(full_path)
|
"filename": str(full_path),
|
||||||
|
"device_id": device_id
|
||||||
}
|
}
|
||||||
|
|
||||||
token = auth.generate_token(data)
|
token = auth.generate_token(data)
|
||||||
|
|||||||
2
auth.py
2
auth.py
@ -354,6 +354,8 @@ KEY_MAP = {
|
|||||||
"folders": "f",
|
"folders": "f",
|
||||||
"foldername": "n",
|
"foldername": "n",
|
||||||
"folderpath": "p",
|
"folderpath": "p",
|
||||||
|
"filename": "fn",
|
||||||
|
"device_id": "d",
|
||||||
}
|
}
|
||||||
# Build the inverse map automatically
|
# Build the inverse map automatically
|
||||||
INV_KEY_MAP = {short: long for long, short in KEY_MAP.items()}
|
INV_KEY_MAP = {short: long for long, short in KEY_MAP.items()}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user