diff options
author | Patrick Simianer <p@simianer.de> | 2016-06-19 21:54:57 +0200 |
---|---|---|
committer | Patrick Simianer <p@simianer.de> | 2016-06-19 21:54:57 +0200 |
commit | 9097ff1e4ecdf42c99585bc9d399590442720052 (patch) | |
tree | c298079001da6f986ea2b0fd92b3f7178479a345 /file_upload.rb | |
parent | 6cb1b8d9f1447bad605bcecdab9bb0d5e5b2f123 (diff) |
init
Diffstat (limited to 'file_upload.rb')
-rw-r--r-- | file_upload.rb | 133 |
1 files changed, 106 insertions, 27 deletions
diff --git a/file_upload.rb b/file_upload.rb index ce2c65f..5bb1d44 100644 --- a/file_upload.rb +++ b/file_upload.rb @@ -1,7 +1,5 @@ -# encoding: utf-8 - require 'sinatra/base' -require 'slim' +require 'haml' class FileUpload < Sinatra::Base configure do @@ -10,48 +8,129 @@ class FileUpload < Sinatra::Base set :views, File.join(File.dirname(__FILE__), 'views') set :public_folder, File.join(File.dirname(__FILE__), 'public') - set :files, File.join(settings.public_folder, 'files') - set :unallowed_paths, ['.', '..'] end - helpers do - def flash(message = '') - session[:flash] = message - end + not_found do + 'err 404' end - before do - @flash = session.delete(:flash) + error do + "err (#{request.env['sinatra.error']})" end - not_found do - slim 'h1 404' + get '/' do + haml :index end - error do - slim "Error (#{request.env['sinatra.error']})" + def log name, params + STDERR.write "[#{name}] #{params.to_s}\n" end - get '/' do - @files = Dir.entries(settings.files) - settings.unallowed_paths + def check_token dir, token + saved_token = `cat #{dir}/.token`.strip + if token == saved_token + return true + end + return false + end + + def check_dirname dirname + return dirname.match /^[a-zA-Z0-9_-]+$/ + end - slim :index + def get_dir dirname + return "upload/#{dirname}" end - + post '/upload' do - if params[:file] - filename = params[:file][:filename] - file = params[:file][:tempfile] + log '/upload', params + + if params[:qqfile] && params[:dirname] && params[:token] + + dirname = params[:dirname] + dir = get_dir params[:dirname] + token = params[:token] + + allowed = check_dirname(dirname) && check_token(dir, token) + + if allowed + filename = params[:qqfile][:filename] + file = params[:qqfile][:tempfile] + + File.open(File.join(dir, filename), 'wb') do |f| + f.write file.read + end - File.open(File.join(settings.files, filename), 'wb') do |f| - f.write file.read + return '{"success":true}' end - flash 'Upload successful' + end + + return '{"success":false}' + end + + post '/mkdir' do + log '/mkdir', params + + dirname = params[:dirname] + token = params[:token] + + return "err" if !dirname||!token + + dir = get_dir params[:dirname] + + return "err" if !check_dirname(dirname) + + allowed = false + if Dir.exists? dir + if check_token dir, token + allowed = true + end else - flash 'You have to choose a file' + `mkdir -p #{dir}` + `echo #{token} >> #{dir}/.token` + allowed = true end - redirect '/' + if allowed + redirect "upload.html?dirname=#{dirname}&token=#{token}" + else + "Falsches token/Wrong token <a href='/'>Zurück/Back</a>" + end end + + get "/list_dir/:dirname/:token" do + log '/list_dir', params + + dirname = params[:dirname] + dir = get_dir dirname + token = params[:token] + + allowed = check_dirname(dirname) && check_token(dir, token) + + if allowed + s = "<ul>" + s += Dir[dir+"/*"].map { |i| i.gsub(get_dir(""),"") }.map { |i| "<li>#{i}</li>" }.join "\n" + s += "</ul>" + return s + end + + return "" + end + + get '/check/:dirname/:token' do + log '/check', params + + dirname = params[:dirname] + dir = get_dir dirname + token = params[:token] + + if check_dirname(dirname) && check_token(dir, token) + return "true" + end + + return "false" + end + end + |