From 9097ff1e4ecdf42c99585bc9d399590442720052 Mon Sep 17 00:00:00 2001 From: Patrick Simianer Date: Sun, 19 Jun 2016 21:54:57 +0200 Subject: init --- file_upload.rb | 133 +++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 106 insertions(+), 27 deletions(-) (limited to 'file_upload.rb') diff --git a/file_upload.rb b/file_upload.rb index ce2c65f..5bb1d44 100644 --- a/file_upload.rb +++ b/file_upload.rb @@ -1,7 +1,5 @@ -# encoding: utf-8 - require 'sinatra/base' -require 'slim' +require 'haml' class FileUpload < Sinatra::Base configure do @@ -10,48 +8,129 @@ class FileUpload < Sinatra::Base set :views, File.join(File.dirname(__FILE__), 'views') set :public_folder, File.join(File.dirname(__FILE__), 'public') - set :files, File.join(settings.public_folder, 'files') - set :unallowed_paths, ['.', '..'] end - helpers do - def flash(message = '') - session[:flash] = message - end + not_found do + 'err 404' end - before do - @flash = session.delete(:flash) + error do + "err (#{request.env['sinatra.error']})" end - not_found do - slim 'h1 404' + get '/' do + haml :index end - error do - slim "Error (#{request.env['sinatra.error']})" + def log name, params + STDERR.write "[#{name}] #{params.to_s}\n" end - get '/' do - @files = Dir.entries(settings.files) - settings.unallowed_paths + def check_token dir, token + saved_token = `cat #{dir}/.token`.strip + if token == saved_token + return true + end + return false + end + + def check_dirname dirname + return dirname.match /^[a-zA-Z0-9_-]+$/ + end - slim :index + def get_dir dirname + return "upload/#{dirname}" end - + post '/upload' do - if params[:file] - filename = params[:file][:filename] - file = params[:file][:tempfile] + log '/upload', params + + if params[:qqfile] && params[:dirname] && params[:token] + + dirname = params[:dirname] + dir = get_dir params[:dirname] + token = params[:token] + + allowed = check_dirname(dirname) && check_token(dir, token) + + if allowed + filename = params[:qqfile][:filename] + file = params[:qqfile][:tempfile] + + File.open(File.join(dir, filename), 'wb') do |f| + f.write file.read + end - File.open(File.join(settings.files, filename), 'wb') do |f| - f.write file.read + return '{"success":true}' end - flash 'Upload successful' + end + + return '{"success":false}' + end + + post '/mkdir' do + log '/mkdir', params + + dirname = params[:dirname] + token = params[:token] + + return "err" if !dirname||!token + + dir = get_dir params[:dirname] + + return "err" if !check_dirname(dirname) + + allowed = false + if Dir.exists? dir + if check_token dir, token + allowed = true + end else - flash 'You have to choose a file' + `mkdir -p #{dir}` + `echo #{token} >> #{dir}/.token` + allowed = true end - redirect '/' + if allowed + redirect "upload.html?dirname=#{dirname}&token=#{token}" + else + "Falsches token/Wrong token Zurück/Back" + end end + + get "/list_dir/:dirname/:token" do + log '/list_dir', params + + dirname = params[:dirname] + dir = get_dir dirname + token = params[:token] + + allowed = check_dirname(dirname) && check_token(dir, token) + + if allowed + s = "" + return s + end + + return "" + end + + get '/check/:dirname/:token' do + log '/check', params + + dirname = params[:dirname] + dir = get_dir dirname + token = params[:token] + + if check_dirname(dirname) && check_token(dir, token) + return "true" + end + + return "false" + end + end + -- cgit v1.2.3