1 files changed, 106 insertions, 27 deletions

diff --git a/file_upload.rb b/file_upload.rb
index ce2c65f..5bb1d44 100644
--- a/file_upload.rb
+++ b/file_upload.rb
@@ -1,7 +1,5 @@
-# encoding: utf-8
-
 require 'sinatra/base'
-require 'slim'
+require 'haml'
 
 class FileUpload < Sinatra::Base
   configure do
@@ -10,48 +8,129 @@ class FileUpload < Sinatra::Base
 
     set :views, File.join(File.dirname(__FILE__), 'views')
     set :public_folder, File.join(File.dirname(__FILE__), 'public')
-    set :files, File.join(settings.public_folder, 'files')
-    set :unallowed_paths, ['.', '..']
   end
 
-  helpers do
-    def flash(message = '')
-      session[:flash] = message
-    end
+  not_found do
+    'err 404'
   end
 
-  before do
-    @flash = session.delete(:flash)
+  error do
+    "err (#{request.env['sinatra.error']})"
   end
 
-  not_found do
-    slim 'h1 404'
+  get '/' do
+    haml :index
   end
 
-  error do
-    slim "Error (#{request.env['sinatra.error']})"
+  def log name, params
+    STDERR.write "[#{name}] #{params.to_s}\n"
   end
 
-  get '/' do
-    @files = Dir.entries(settings.files) - settings.unallowed_paths
+  def check_token dir, token
+    saved_token = `cat #{dir}/.token`.strip
+    if token == saved_token
+      return true
+    end 
+    return false
+  end
+
+  def check_dirname dirname
+    return dirname.match /^[a-zA-Z0-9_-]+$/
+  end
 
-    slim :index
+  def get_dir dirname
+    return "upload/#{dirname}"
   end
-  
+
   post '/upload' do
-    if params[:file]
-      filename = params[:file][:filename]
-      file = params[:file][:tempfile]
+    log '/upload', params
+
+    if params[:qqfile] && params[:dirname] && params[:token]
+
+      dirname = params[:dirname]
+      dir = get_dir params[:dirname]
+      token = params[:token]
+
+      allowed = check_dirname(dirname) && check_token(dir, token)
+
+      if allowed
+        filename = params[:qqfile][:filename]
+        file = params[:qqfile][:tempfile]
+
+        File.open(File.join(dir, filename), 'wb') do |f|
+          f.write file.read
+        end
 
-      File.open(File.join(settings.files, filename), 'wb') do |f|
-        f.write file.read
+        return '{"success":true}'
       end
 
-      flash 'Upload successful'
+    end
+
+    return '{"success":false}'
+  end
+
+  post '/mkdir' do
+    log '/mkdir', params
+
+    dirname = params[:dirname]
+    token = params[:token]
+
+    return "err" if !dirname||!token
+
+    dir = get_dir params[:dirname]
+
+    return "err" if !check_dirname(dirname)
+
+    allowed = false
+    if Dir.exists? dir
+      if check_token dir, token
+        allowed = true
+      end
     else
-      flash 'You have to choose a file'
+      `mkdir -p #{dir}`
+      `echo #{token} >> #{dir}/.token`
+      allowed = true
     end
 
-    redirect '/'
+    if allowed
+      redirect "upload.html?dirname=#{dirname}&token=#{token}"
+    else
+      "Falsches token/Wrong token <a href='/'>Zur&uuml;ck/Back</a>"
+    end
   end
+
+  get "/list_dir/:dirname/:token" do
+    log '/list_dir', params
+    
+    dirname = params[:dirname]
+    dir = get_dir dirname
+    token = params[:token]
+
+    allowed = check_dirname(dirname) && check_token(dir, token)
+
+    if allowed
+      s = "<ul>"
+      s += Dir[dir+"/*"].map { |i| i.gsub(get_dir(""),"") }.map { |i| "<li>#{i}</li>" }.join "\n"
+      s += "</ul>"
+      return s
+    end
+
+    return ""
+  end
+
+  get '/check/:dirname/:token' do
+    log '/check', params
+
+    dirname = params[:dirname]
+    dir = get_dir dirname
+    token = params[:token]
+
+    if check_dirname(dirname) && check_token(dir, token)
+      return "true"
+    end
+
+    return "false"
+  end
+
 end
+