summaryrefslogtreecommitdiff
path: root/file_upload.rb
diff options
context:
space:
mode:
authorPatrick Simianer <p@simianer.de>2016-06-19 21:54:57 +0200
committerPatrick Simianer <p@simianer.de>2016-06-19 21:54:57 +0200
commit9097ff1e4ecdf42c99585bc9d399590442720052 (patch)
treec298079001da6f986ea2b0fd92b3f7178479a345 /file_upload.rb
parent6cb1b8d9f1447bad605bcecdab9bb0d5e5b2f123 (diff)
init
Diffstat (limited to 'file_upload.rb')
-rw-r--r--file_upload.rb133
1 files changed, 106 insertions, 27 deletions
diff --git a/file_upload.rb b/file_upload.rb
index ce2c65f..5bb1d44 100644
--- a/file_upload.rb
+++ b/file_upload.rb
@@ -1,7 +1,5 @@
-# encoding: utf-8
-
require 'sinatra/base'
-require 'slim'
+require 'haml'
class FileUpload < Sinatra::Base
configure do
@@ -10,48 +8,129 @@ class FileUpload < Sinatra::Base
set :views, File.join(File.dirname(__FILE__), 'views')
set :public_folder, File.join(File.dirname(__FILE__), 'public')
- set :files, File.join(settings.public_folder, 'files')
- set :unallowed_paths, ['.', '..']
end
- helpers do
- def flash(message = '')
- session[:flash] = message
- end
+ not_found do
+ 'err 404'
end
- before do
- @flash = session.delete(:flash)
+ error do
+ "err (#{request.env['sinatra.error']})"
end
- not_found do
- slim 'h1 404'
+ get '/' do
+ haml :index
end
- error do
- slim "Error (#{request.env['sinatra.error']})"
+ def log name, params
+ STDERR.write "[#{name}] #{params.to_s}\n"
end
- get '/' do
- @files = Dir.entries(settings.files) - settings.unallowed_paths
+ def check_token dir, token
+ saved_token = `cat #{dir}/.token`.strip
+ if token == saved_token
+ return true
+ end
+ return false
+ end
+
+ def check_dirname dirname
+ return dirname.match /^[a-zA-Z0-9_-]+$/
+ end
- slim :index
+ def get_dir dirname
+ return "upload/#{dirname}"
end
-
+
post '/upload' do
- if params[:file]
- filename = params[:file][:filename]
- file = params[:file][:tempfile]
+ log '/upload', params
+
+ if params[:qqfile] && params[:dirname] && params[:token]
+
+ dirname = params[:dirname]
+ dir = get_dir params[:dirname]
+ token = params[:token]
+
+ allowed = check_dirname(dirname) && check_token(dir, token)
+
+ if allowed
+ filename = params[:qqfile][:filename]
+ file = params[:qqfile][:tempfile]
+
+ File.open(File.join(dir, filename), 'wb') do |f|
+ f.write file.read
+ end
- File.open(File.join(settings.files, filename), 'wb') do |f|
- f.write file.read
+ return '{"success":true}'
end
- flash 'Upload successful'
+ end
+
+ return '{"success":false}'
+ end
+
+ post '/mkdir' do
+ log '/mkdir', params
+
+ dirname = params[:dirname]
+ token = params[:token]
+
+ return "err" if !dirname||!token
+
+ dir = get_dir params[:dirname]
+
+ return "err" if !check_dirname(dirname)
+
+ allowed = false
+ if Dir.exists? dir
+ if check_token dir, token
+ allowed = true
+ end
else
- flash 'You have to choose a file'
+ `mkdir -p #{dir}`
+ `echo #{token} >> #{dir}/.token`
+ allowed = true
end
- redirect '/'
+ if allowed
+ redirect "upload.html?dirname=#{dirname}&token=#{token}"
+ else
+ "Falsches token/Wrong token <a href='/'>Zur&uuml;ck/Back</a>"
+ end
end
+
+ get "/list_dir/:dirname/:token" do
+ log '/list_dir', params
+
+ dirname = params[:dirname]
+ dir = get_dir dirname
+ token = params[:token]
+
+ allowed = check_dirname(dirname) && check_token(dir, token)
+
+ if allowed
+ s = "<ul>"
+ s += Dir[dir+"/*"].map { |i| i.gsub(get_dir(""),"") }.map { |i| "<li>#{i}</li>" }.join "\n"
+ s += "</ul>"
+ return s
+ end
+
+ return ""
+ end
+
+ get '/check/:dirname/:token' do
+ log '/check', params
+
+ dirname = params[:dirname]
+ dir = get_dir dirname
+ token = params[:token]
+
+ if check_dirname(dirname) && check_token(dir, token)
+ return "true"
+ end
+
+ return "false"
+ end
+
end
+