Add support for blocking files

Files are blocked if blocked_reason is non-NULL. This value is currently
not exposed publicly, instead a 404 will be returned.

Files are scanned using virustotal.com's public API if scanned is False.
Scans are performed by the fbin-scanner.py script. If a match is found,
blocked_reason is set to the payload received. Files that are not in
VT's database will be automatically submitted and the script will wait
for the scan to complete before continuing.

2 files changed, 4 insertions, 2 deletions

diff --git a/fbin/db.py b/fbin/db.py
index 58bf8ab..2bf153b 100644
--- a/fbin/db.py
+++ b/fbin/db.py
@@ -4,7 +4,7 @@ import mimetypes
 import os
 
 from flask import current_app
-from sqlalchemy import create_engine, Column, Integer, String, DateTime, Text, Index, ForeignKey, Boolean
+from sqlalchemy import create_engine, Column, Integer, String, DateTime, Text, Index, ForeignKey, Boolean, JSON
 from sqlalchemy.ext.declarative import declarative_base
 from sqlalchemy.orm import sessionmaker, relation, backref
 from sqlalchemy.orm.exc import NoResultFound
@@ -52,6 +52,8 @@ class File(Base):
     user_id = Column(Integer, ForeignKey('users.id'), nullable = True)
     ip = Column(String)
     accessed = Column(DateTime)
+    scanned = Column(Boolean, nullable=False, default=False)
+    blocked_reason = Column(JSON)
 
     def __init__(self, hash, filename, date, user_id = None, ip = None):
         self.hash = hash
diff --git a/fbin/fbin.py b/fbin/fbin.py
index 91fa1c9..19f82ed 100755
--- a/fbin/fbin.py
+++ b/fbin/fbin.py
@@ -207,7 +207,7 @@ def uploaded(hash):
 @app.route('/file/<hash:hash>/<path:filename>', endpoint = 'file')
 def _file(hash, ext=None, filename=None):
     f = get_file(hash)
-    if not f or not f.exists:
+    if not f or not f.exists or f.blocked_reason:
         abort(404)
     return send_file(f.get_path())