summaryrefslogtreecommitdiff
path: root/matweb
diff options
context:
space:
mode:
Diffstat (limited to 'matweb')
-rw-r--r--matweb/frontend.py7
-rw-r--r--matweb/utils.py6
2 files changed, 12 insertions, 1 deletions
diff --git a/matweb/frontend.py b/matweb/frontend.py
index 8295f4e..48e4c19 100644
--- a/matweb/frontend.py
+++ b/matweb/frontend.py
@@ -27,8 +27,10 @@ def download_file(key: str, secret: str, filename: str):
27 file_removal_scheduler.run_file_removal_job(current_app.config['UPLOAD_FOLDER']) 27 file_removal_scheduler.run_file_removal_job(current_app.config['UPLOAD_FOLDER'])
28 28
29 if not os.path.exists(complete_path): 29 if not os.path.exists(complete_path):
30 current_app.logger.error('Non existing file requested')
30 return redirect(url_for('routes.upload_file')) 31 return redirect(url_for('routes.upload_file'))
31 if hmac.compare_digest(utils.hash_file(complete_path, secret), key) is False: 32 if hmac.compare_digest(utils.hash_file(complete_path, secret), key) is False:
33 current_app.logger.error('Non matching digest for file')
32 return redirect(url_for('routes.upload_file')) 34 return redirect(url_for('routes.upload_file'))
33 35
34 @after_this_request 36 @after_this_request
@@ -47,28 +49,33 @@ def upload_file():
47 if request.method == 'POST': 49 if request.method == 'POST':
48 if 'file' not in request.files: # check if the post request has the file part 50 if 'file' not in request.files: # check if the post request has the file part
49 flash('No file part') 51 flash('No file part')
52 current_app.logger.error('Missing file part in upload')
50 return redirect(request.url) 53 return redirect(request.url)
51 54
52 uploaded_file = request.files['file'] 55 uploaded_file = request.files['file']
53 if not uploaded_file.filename: 56 if not uploaded_file.filename:
54 flash('No selected file') 57 flash('No selected file')
58 current_app.logger.error('Missing filename in upload')
55 return redirect(request.url) 59 return redirect(request.url)
56 try: 60 try:
57 filename, filepath = utils.save_file(uploaded_file, current_app.config['UPLOAD_FOLDER']) 61 filename, filepath = utils.save_file(uploaded_file, current_app.config['UPLOAD_FOLDER'])
58 except ValueError: 62 except ValueError:
59 flash('Invalid Filename') 63 flash('Invalid Filename')
64 current_app.logger.error('Invalid Filename in upload')
60 return redirect(request.url) 65 return redirect(request.url)
61 66
62 parser, mime = utils.get_file_parser(filepath) 67 parser, mime = utils.get_file_parser(filepath)
63 68
64 if parser is None: 69 if parser is None:
65 flash('The type %s is not supported' % mime) 70 flash('The type %s is not supported' % mime)
71 current_app.logger.error('Unsupported type %s', mime)
66 return redirect(url_for('routes.upload_file')) 72 return redirect(url_for('routes.upload_file'))
67 73
68 meta = parser.get_meta() 74 meta = parser.get_meta()
69 75
70 if parser.remove_all() is not True: 76 if parser.remove_all() is not True:
71 flash('Unable to clean %s' % mime) 77 flash('Unable to clean %s' % mime)
78 current_app.logger.error('Unable to clean %s', mime)
72 return redirect(url_for('routes.upload_file')) 79 return redirect(url_for('routes.upload_file'))
73 80
74 key, secret, meta_after, output_filename = utils.cleanup(parser, filepath, current_app.config['UPLOAD_FOLDER']) 81 key, secret, meta_after, output_filename = utils.cleanup(parser, filepath, current_app.config['UPLOAD_FOLDER'])
diff --git a/matweb/utils.py b/matweb/utils.py
index 915d735..ea84f4f 100644
--- a/matweb/utils.py
+++ b/matweb/utils.py
@@ -3,7 +3,7 @@ import os
3import hashlib 3import hashlib
4import mimetypes as mtype 4import mimetypes as mtype
5 5
6from flask_restful import abort 6from flask_restful import abort, current_app
7from libmat2 import parser_factory 7from libmat2 import parser_factory
8from werkzeug.utils import secure_filename 8from werkzeug.utils import secure_filename
9 9
@@ -31,6 +31,7 @@ def hash_file(filepath: str, secret: str) -> str:
31 31
32def check_upload_folder(upload_folder): 32def check_upload_folder(upload_folder):
33 if not os.path.exists(upload_folder): 33 if not os.path.exists(upload_folder):
34 current_app.logger.info('Upload folder does not exist - creating it')
34 os.mkdir(upload_folder) 35 os.mkdir(upload_folder)
35 36
36 37
@@ -98,14 +99,17 @@ def get_file_paths(filename, upload_folder):
98 99
99def is_valid_api_download_file(filename: str, key: str, secret: str, upload_folder: str) -> [str, str]: 100def is_valid_api_download_file(filename: str, key: str, secret: str, upload_folder: str) -> [str, str]:
100 if filename != secure_filename(filename): 101 if filename != secure_filename(filename):
102 current_app.logger.error('Insecure filename %', filename)
101 abort(400, message='Insecure filename') 103 abort(400, message='Insecure filename')
102 104
103 complete_path, filepath = get_file_paths(filename, upload_folder) 105 complete_path, filepath = get_file_paths(filename, upload_folder)
104 106
105 if not os.path.exists(complete_path): 107 if not os.path.exists(complete_path):
108 current_app.logger.error('File not found')
106 abort(404, message='File not found') 109 abort(404, message='File not found')
107 110
108 if hmac.compare_digest(hash_file(complete_path, secret), key) is False: 111 if hmac.compare_digest(hash_file(complete_path, secret), key) is False:
112 current_app.logger.error('The file hash does not match')
109 abort(400, message='The file hash does not match') 113 abort(400, message='The file hash does not match')
110 return complete_path, filepath 114 return complete_path, filepath
111 115