main.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

import os
import hashlib
import hmac

from libmat2 import parser_factory

from flask import Flask, flash, request, redirect, url_for, render_template
from flask import send_from_directory, after_this_request

from werkzeug.utils import secure_filename


app = Flask(__name__)
app.config['SECRET_KEY'] = os.urandom(32)
app.config['UPLOAD_FOLDER'] = './uploads/'
app.config['MAX_CONTENT_LENGTH'] = 16 * 1024 * 1024  # 16MB

def __hash_file(filepath: str) -> str:
    sha256 = hashlib.sha256()
    with open(filepath, 'rb') as f:
        while True:
            data = f.read(65536)  # read the file by chunk of 64k
            if not data:
                break
            sha256.update(data)
    return sha256.hexdigest()


@app.route('/download/<string:key>/<string:filename>')
def download_file(key:str, filename:str):
    if filename != secure_filename(filename):
        return redirect(url_for('upload_file'))

    filepath = secure_filename(filename)

    complete_path = os.path.join(app.config['UPLOAD_FOLDER'], filepath)
    if not os.path.exists(complete_path):
        return redirect(url_for('upload_file'))
    if hmac.compare_digest(__hash_file(complete_path), key) is False:
        print('hash: %s, key: %s' % (__hash_file(complete_path), key))
        return redirect(url_for('upload_file'))

    @after_this_request
    def remove_file(response):
        os.remove(complete_path)
        return response
    return send_from_directory(app.config['UPLOAD_FOLDER'], filepath)

@app.route('/', methods=['GET', 'POST'])
def upload_file():
    if not os.path.exists(app.config['UPLOAD_FOLDER']):
        os.mkdir(app.config['UPLOAD_FOLDER'])

    mimetypes = set()
    for parser in parser_factory._get_parsers():
        mimetypes = mimetypes | parser.mimetypes

    if request.method == 'POST':
        if 'file' not in request.files: # check if the post request has the file part
            flash('No file part')
            return redirect(request.url)
        uploaded_file = request.files['file']
        if not uploaded_file.filename:
            flash('No selected file')
            return redirect(request.url)
        filename = secure_filename(uploaded_file.filename)
        filepath = os.path.join(app.config['UPLOAD_FOLDER'], filename)
        uploaded_file.save(os.path.join(filepath))

        parser, mime = parser_factory.get_parser(filepath)
        if parser is None:
            flash('The type %s is not supported' % mime)
            return redirect(url_for('upload_file'))

        meta = parser.get_meta()

        if parser.remove_all() is not True:
            flash('Unable to clean ' % mime)
            return redirect(url_for('upload_file'))
        output_filename = os.path.basename(parser.output_filename)

        # Get metadata after cleanup 
        parser, _ = parser_factory.get_parser(parser.output_filename)
        meta_after = parser.get_meta()
        os.remove(filepath)

        key = __hash_file(os.path.join(app.config['UPLOAD_FOLDER'], output_filename))

        return render_template('download.html', mimetypes=mimetypes, meta=meta, filename=output_filename, meta_after=meta_after, key=key)

    return render_template('index.html', mimetypes=mimetypes)


if __name__ == '__main__':  # pragma: no cover
    app.run()