summaryrefslogtreecommitdiff
path: root/fbin
diff options
context:
space:
mode:
authorJon Bergli Heier <snakebite@jvnv.net>2017-04-09 09:02:09 +0200
committerJon Bergli Heier <snakebite@jvnv.net>2017-04-09 09:02:09 +0200
commitb36f9c05071ea549ed59e703270fcf223b60df03 (patch)
tree8992c6bcaa5b0d64cbd589588b2539523125548c /fbin
parentaf750a6598d53b8a5cb58092dd5b523ea7e967ca (diff)
Major rewrite to use jab/oauth.
Highlights: - Uses the oauth branch of jab. - Changed design to use bootstrap. - Some minor changes to functionality in file uploading and listing. - API is currently disabled and incomplete.
Diffstat (limited to 'fbin')
-rw-r--r--fbin/__init__.py39
-rw-r--r--fbin/api.py62
-rw-r--r--fbin/db.py121
-rwxr-xr-xfbin/fbin.py353
-rw-r--r--fbin/login.py92
-rw-r--r--fbin/monkey.py25
-rw-r--r--fbin/static/css/bootstrap.min.css6
-rw-r--r--fbin/static/css/style.css18
-rw-r--r--fbin/static/fonts/glyphicons-halflings-regular.eotbin0 -> 20127 bytes
-rw-r--r--fbin/static/fonts/glyphicons-halflings-regular.svg288
-rw-r--r--fbin/static/fonts/glyphicons-halflings-regular.ttfbin0 -> 45404 bytes
-rw-r--r--fbin/static/fonts/glyphicons-halflings-regular.woffbin0 -> 23424 bytes
-rw-r--r--fbin/static/fonts/glyphicons-halflings-regular.woff2bin0 -> 18028 bytes
-rw-r--r--fbin/static/img/no-thumbnail.pngbin0 -> 1546 bytes
-rw-r--r--fbin/static/js/bootstrap-filestyle.min.js1
-rw-r--r--fbin/static/js/bootstrap.min.js7
-rw-r--r--fbin/static/js/jquery.lazy.min.js2
-rw-r--r--fbin/static/js/jquery.min.js4
-rw-r--r--fbin/templates/base.html70
-rw-r--r--fbin/templates/file-modals.html59
-rw-r--r--fbin/templates/files.html73
-rw-r--r--fbin/templates/help.html30
-rw-r--r--fbin/templates/images.html29
-rw-r--r--fbin/templates/modal.html17
-rw-r--r--fbin/templates/upload.html25
-rw-r--r--fbin/templates/uploaded.html14
26 files changed, 1335 insertions, 0 deletions
diff --git a/fbin/__init__.py b/fbin/__init__.py
new file mode 100644
index 0000000..bdeaa5d
--- /dev/null
+++ b/fbin/__init__.py
@@ -0,0 +1,39 @@
+from flask import Flask, url_for, Markup, request
+from flask_login import current_user
+from werkzeug.routing import BaseConverter
+
+app = Flask(__name__)
+app.config.from_pyfile('fbin.cfg')
+
+# Set up some custom converters. These are needed for file URLs to be properly parsed.
+
+class HashConverter(BaseConverter):
+ regex = r'\w+'
+
+class ExtensionConverter(BaseConverter):
+ regex = r'\.\w+'
+
+app.url_map.converters['hash'] = HashConverter
+app.url_map.converters['ext'] = ExtensionConverter
+
+@app.context_processor
+def context_processors():
+ def nav_html(view, name=None):
+ url = url_for(view)
+ if not name:
+ name = view.rsplit('.', 1)[-1].replace('_', ' ').capitalize()
+ if view == '.logout':
+ name += ' [{}]'.format(current_user.username)
+ return Markup('<li{}><a href="{}">{}</a></li>'.format(' class="active"' if url == request.path else '', url, name))
+ return {
+ 'nav_html': nav_html,
+ }
+
+with app.app_context():
+ # TODO: Enable API when done
+ from .fbin import app as fbin
+ #from .api import app as api
+ from .login import login_manager
+ app.register_blueprint(fbin)
+ #app.register_blueprint(api, url_prefix = '/api')
+ login_manager.init_app(app)
diff --git a/fbin/api.py b/fbin/api.py
new file mode 100644
index 0000000..e652019
--- /dev/null
+++ b/fbin/api.py
@@ -0,0 +1,62 @@
+import functools
+
+from flask import Blueprint, current_app, request, jsonify
+from flask.views import MethodView
+from flask_login import current_user
+
+from . import db
+# FIXME
+from .fbin import get_file
+
+app = Blueprint('api', __name__)
+
+# TODO: Implement this stuff.
+
+def makejson(f):
+ @functools.wraps(f)
+ def wrapper(*args, **kwargs):
+ r = f(*args, **kwargs)
+ if isinstance(r, dict):
+ r = jsonify(r)
+ return r
+ return wrapper
+
+def api_login_required(f):
+ def wrapper(*args, **kwargs):
+ if not current_user.is_authenticated:
+ return {
+ 'status': False,
+ 'message': 'Not authenticated'
+ }
+ return f(*args, **kwargs)
+ return wrapper
+
+class FileAPI(MethodView):
+ decorators = [api_login_required, makejson]
+
+ def put(self, hash):
+ f = get_file(hash, user_id = current_user.get_id())
+ if not f:
+ return {
+ 'status': False,
+ 'message': 'File not found'
+ }
+ filename = request.form.get('filename')
+ if not filename:
+ return {
+ 'status': False,
+ 'message': 'Empty or missing filename',
+ }
+ with db.session_scope() as sess:
+ f.filename = filename
+ sess.add(f)
+ return {
+ 'status': True,
+ }
+
+ def delete(self, hash):
+ pass
+
+file_api_view = FileAPI.as_view('file_api')
+app.add_url_rule('/file/<hash>', view_func = file_api_view, methods = ['PUT', 'DELETE'])
+
diff --git a/fbin/db.py b/fbin/db.py
new file mode 100644
index 0000000..dfe3b17
--- /dev/null
+++ b/fbin/db.py
@@ -0,0 +1,121 @@
+from contextlib import contextmanager
+import mimetypes
+import os
+
+from flask import current_app
+from sqlalchemy import create_engine, Column, Integer, String, DateTime, Text, Index, ForeignKey, Boolean
+from sqlalchemy.ext.declarative import declarative_base
+from sqlalchemy.orm import sessionmaker, relation, backref
+from sqlalchemy.orm.exc import NoResultFound
+from sqlalchemy.exc import IntegrityError
+from sqlalchemy.sql import and_
+
+engine = create_engine(current_app.config['DB_URI'])
+
+Base = declarative_base(bind = engine)
+
+class User(Base):
+ __tablename__ = 'users'
+
+ id = Column(Integer, primary_key = True)
+ username = Column(String, unique = True, index = True)
+ jab_id = Column(String(24), unique = True, index = True)
+ files = relation('File', backref = 'user', order_by = 'File.date.desc()')
+
+ def __init__(self, username, jab_id):
+ self.username = username
+ self.jab_id = jab_id
+
+class UserSession(Base):
+ __tablename__ = 'sessions'
+
+ id = Column(Integer, primary_key = True)
+ user_id = Column(Integer, ForeignKey('users.id'), index = True)
+ access_token = Column(String)
+ refresh_token = Column(String)
+ updated = Column(DateTime)
+
+ def __init__(self, user_id, access_token, refresh_token):
+ self.user_id = user_id
+ self.access_token = access_token
+ self.refresh_token = refresh_token
+
+class File(Base):
+ __tablename__ = 'files'
+
+ id = Column(Integer, primary_key = True)
+ hash = Column(String, unique = True, index = True)
+ filename = Column(String)
+ date = Column(DateTime)
+ user_id = Column(Integer, ForeignKey('users.id'), nullable = True)
+ ip = Column(String)
+ accessed = Column(DateTime)
+
+ def __init__(self, hash, filename, date, user_id = None, ip = None):
+ self.hash = hash
+ self.filename = filename
+ self.date = date
+ self.user_id = user_id
+ self.ip = ip
+
+ @staticmethod
+ def pretty_size(size):
+ if size is None:
+ return 'N/A'
+ suffixes = (('TiB', 2**40), ('GiB', 2**30), ('MiB', 2**20), ('KiB', 2**10))
+ for suf, threshold in suffixes:
+ if size >= threshold:
+ return '{:.2f} {}'.format(size / threshold, suf)
+ else:
+ continue
+ return '{} B'.format(size)
+
+ def get_path(self):
+ return os.path.join(current_app.config['FILE_DIRECTORY'], self.hash + os.path.splitext(self.filename)[1])
+
+ def get_thumb_path(self):
+ return os.path.join(current_app.config['THUMB_DIRECTORY'], self.hash + '.jpg')
+
+ def get_size(self):
+ try:
+ return os.path.getsize(self.get_path())
+ except OSError:
+ return None
+
+ @property
+ def formatted_size(self):
+ return self.pretty_size(self.get_size())
+
+ @property
+ def formatted_date(self):
+ return self.date.strftime('%Y-%m-%d %H:%M:%S UTC')
+
+ def get_mime_type(self):
+ return mimetypes.guess_type(self.filename, strict = False)[0] or 'application/octet-stream'
+
+ def is_image(self):
+ return self.get_mime_type().startswith('image')
+
+ @property
+ def ext(self):
+ return os.path.splitext(self.filename)[1]
+
+ @property
+ def exists(self):
+ return os.path.exists(self.get_path())
+
+Base.metadata.create_all()
+Session = sessionmaker(bind = engine, autoflush = True, autocommit = False)
+
+@contextmanager
+def session_scope():
+ session = Session()
+ try:
+ session.expire_on_commit = False
+ yield session
+ session.commit()
+ except:
+ session.rollback()
+ raise
+ finally:
+ session.close()
diff --git a/fbin/fbin.py b/fbin/fbin.py
new file mode 100755
index 0000000..42c371f
--- /dev/null
+++ b/fbin/fbin.py
@@ -0,0 +1,353 @@
+#!/usr/bin/env python
+
+import base64
+import cgi
+import datetime
+import hashlib
+import io
+import json
+import mimetypes
+import os
+import random
+import subprocess
+import tempfile
+import urllib
+from urllib.parse import urlencode, urljoin
+
+from flask import Blueprint, redirect, current_app, url_for, request, render_template, session, flash, send_file, abort, jsonify, Markup
+from flask_login import login_user, logout_user, current_user, login_required
+import jwt
+from PIL import Image
+import requests
+from werkzeug.utils import secure_filename
+
+from . import db
+from .monkey import patch as monkey_patch
+from .login import login_manager, load_user
+
+monkey_patch()
+
+base62_alphabet = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
+
+if not os.path.isdir(current_app.config['FILE_DIRECTORY']):
+ os.mkdir(current_app.config['FILE_DIRECTORY'])
+
+if not os.path.isdir(current_app.config['THUMB_DIRECTORY']):
+ os.mkdir(current_app.config['THUMB_DIRECTORY'])
+
+try:
+ # Throws OSError if mogrify doesn't exist.
+ subprocess.call(['mogrify', '-quiet'])
+except OSError:
+ has_mogrify = False
+else:
+ has_mogrify = True
+
+def get_or_create_user(username, jab_id):
+ with db.session_scope() as sess:
+ try:
+ return sess.query(db.User).filter(db.User.jab_id == jab_id).one()
+ except db.NoResultFound:
+ try:
+ user = db.User(username, jab_id)
+ sess.add(user)
+ sess.commit()
+ sess.refresh(user)
+ return user
+ except db.IntegrityError:
+ return None
+
+def add_file(path, filename, user = None, ip = None):
+ file_hash = ''.join(random.choice(base62_alphabet) for x in range(5))
+ new_path = os.path.join(current_app.config['FILE_DIRECTORY'], file_hash + os.path.splitext(filename)[1])
+ os.rename(path, new_path)
+ if current_app.config.get('DESTINATION_MODE'):
+ os.chmod(new_path, current_app.config.get('DESTINATION_MODE'))
+ with db.session_scope() as sess:
+ f = db.File(file_hash, filename, datetime.datetime.utcnow(), user.id if user else None, ip)
+ sess.add(f)
+ sess.commit()
+ sess.refresh(f)
+ return f
+
+def get_file(file_hash, user_id=None, update_accessed=False):
+ with db.session_scope() as sess:
+ try:
+ f = sess.query(db.File).filter(db.File.hash == file_hash)
+ if user_id:
+ f = f.filter(db.File.user_id == user_id)
+ f = f.one()
+ except db.NoResultFound:
+ return None
+ if update_accessed:
+ f.accessed = datetime.datetime.utcnow()
+ sess.add(f)
+ sess.commit()
+ # Refresh after field update.
+ sess.refresh(f)
+ return f
+
+def get_files(user):
+ with db.session_scope() as sess:
+ try:
+ sess.add(user)
+ files = user.files
+ except db.NoResultFound:
+ return []
+ return files
+
+def delete_file(file):
+ with db.session_scope() as sess:
+ sess.delete(file)
+ sess.commit()
+ filename = file.get_path()
+ if os.path.exists(filename):
+ os.unlink(filename)
+ thumbfile = file.get_thumb_path()
+ if os.path.exists(thumbfile):
+ os.unlink(thumbfile)
+
+app = Blueprint('fbin', __name__)
+
+@app.route('/')
+def index():
+ return redirect(url_for('.upload'))
+
+@app.route('/u')
+@app.route('/upload', methods = ['GET', 'POST'])
+def upload():
+ context = {
+ 'title': 'Upload',
+ }
+ if request.method == 'GET':
+ return render_template('upload.html', **context)
+ if not current_user.is_authenticated and not current_app.config.get('ALLOW_ANONYMOUS_UPLOADS'):
+ abort(403)
+ uploaded_file = request.files.get('file')
+ if not uploaded_file or not uploaded_file.filename:
+ flash('No valid file or filename was provided.', 'warning')
+ return render_template('upload.html', **context)
+ if hasattr(uploaded_file.stream, 'file'):
+ temp = None
+ temp_path = uploaded_file.stream.name
+ else:
+ temp = tempfile.NamedTemporaryFile(prefix = 'upload_', dir = current_app.config['FILE_DIRECTORY'], delete = False)
+ uploaded_file.save(temp.file)
+ temp_path = temp.name
+ new_file = add_file(temp_path, uploaded_file.filename, current_user.user if current_user.is_authenticated else None, request.remote_addr)
+
+ mime = new_file.get_mime_type()
+ # TODO: Apparently TIFF also supports EXIF, test this.
+ if has_mogrify and mime == 'image/jpeg':
+ # NOTE: PIL doesn't support lossless rotation, so we call mogrify to do this.
+ # NOTE: This changes the file, so the file_hash applies to the ORIGINAL file contents only.
+ # NOTE: The file hash is only used to detect duplicates when uploading, so this should not be a problem.
+ subprocess.call(['mogrify', '-auto-orient', new_file.get_path()])
+
+ if bool(request.form.get('api')):
+ return 'OK {hash}'.format(hash = new_file.hash)
+ else:
+ context = {
+ 'file': new_file,
+ }
+ return redirect(url_for('.uploaded', hash = new_file.hash))
+
+@app.route('/uploaded/<hash>')
+def uploaded(hash):
+ f = get_file(hash, update_accessed = False)
+ if not f:
+ abort(404)
+ if f.user_id and (not current_user.is_authenticated or f.user_id != current_user.get_user_id()):
+ abort(404)
+ context = {
+ 'title': 'Uploaded',
+ 'subtitle': f.filename,
+ 'file': f,
+ }
+ return render_template('uploaded.html', **context)
+
+@app.route('/f/<hash:hash>')
+@app.route('/f/<hash:hash><ext:ext>')
+@app.route('/f/<hash:hash>/<path:filename>')
+@app.route('/file/<hash:hash>', endpoint = 'file')
+@app.route('/file/<hash:hash><ext:ext>', endpoint = 'file')
+@app.route('/file/<hash:hash>/<path:filename>', endpoint = 'file')
+def _file(hash, ext=None, filename=None):
+ f = get_file(hash)
+ if not f:
+ abort(404)
+ return send_file(f.get_path())
+
+@app.route('/l')
+@app.route('/login')
+def login():
+ session['oauth_state'] = base64.urlsafe_b64encode(os.urandom(30)).decode()
+ return redirect(urljoin(current_app.config['OAUTH_URL'], 'authorize') + '?' + urlencode({
+ 'response_type': 'code',
+ 'client_id': current_app.config['OAUTH_CLIENT_ID'],
+ 'redirect_uri': urljoin(request.host_url, url_for('.auth')),
+ 'state': session['oauth_state'],
+ }))
+
+@app.route('/account')
+def account():
+ return redirect(current_app.config['ACCOUNT_URL'])
+
+@app.route('/o')
+@app.route('/logout')
+def logout():
+ if not current_user.is_authenticated:
+ return redirect(url_for('.index'))
+ session_id = int(current_user.get_id().split(':', 1)[-1])
+ with db.session_scope() as s:
+ try:
+ s.query(db.UserSession).filter_by(id = session_id).delete()
+ except:
+ raise
+ logout_user()
+ return redirect(url_for('.index'))
+
+@app.route('/auth')
+def auth():
+ if 'error' in request.args:
+ error = request.args['error']
+ error_description = request.args.get('error_description')
+ msg = 'OAuth error: {}'.format(error)
+ if error_description:
+ msg += ' ({})'.format(error_description)
+ flash(msg, 'error')
+ return redirect(url_for('.index'))
+ session_state = session.pop('oauth_state', None)
+ state = request.args.get('state')
+ if session_state != state:
+ flash('Invalid OAuth state', 'error')
+ return redirect(url_for('.index'))
+ code = request.args.get('code')
+ if not code:
+ flash('Missing OAuth code', 'error')
+ return redirect(url_for('.index'))
+ rs = requests.Session()
+ response = rs.post(urljoin(current_app.config['OAUTH_URL'], 'token'), data = {
+ 'grant_type': 'authorization_code',
+ 'code': code,
+ 'client_id': current_app.config['OAUTH_CLIENT_ID'],
+ 'client_secret': current_app.config['OAUTH_CLIENT_SECRET'],
+ 'redirect_uri': urljoin(request.host_url, url_for('.auth')),
+ })
+ token = response.json()
+ if 'error' in token:
+ msg = 'OAuth error: {}'.format(token['error'])
+ flash(msg, 'error')
+ return redirect(url_for('.index'))
+ try:
+ access_data = jwt.decode(token['access_token'], key = current_app.config['JWT_PUBLIC_KEY'], audience = current_app.config['OAUTH_CLIENT_ID'])
+ refresh_data = jwt.decode(token['refresh_token'], key = current_app.config['JWT_PUBLIC_KEY'], audience = current_app.config['OAUTH_CLIENT_ID'])
+ except jwt.InvalidTokenError as e:
+ flash('Failed to verify token: {!s}'.format(e), 'error')
+ return redirect(url_for('.index'))
+ response = rs.get(urljoin(current_app.config['OAUTH_URL'], '/api/user'), headers = {'Authorization': 'Bearer {}'.format(token['access_token'])})
+ user = response.json()
+ user = get_or_create_user(user['username'], user['id'])
+ with db.session_scope() as s:
+ us = db.UserSession(user.id, token['access_token'], token['refresh_token'])
+ us.updated = datetime.datetime.utcnow()
+ s.add(us)
+ s.commit()
+ s.refresh(us)
+ user = load_user('{}:{}'.format(user.id, us.id))
+ if not user:
+ flash('Failed to retrieve user instance.', 'error')
+ else:
+ login_user(user, remember = True)
+ return redirect(url_for('.index'))
+
+@app.route('/m')
+@app.route('/files')
+@login_required
+def files():
+ files = get_files(current_user.user)
+ context = {
+ 'title': 'Files',
+ 'files': files,
+ 'total_size': db.File.pretty_size(sum(f.get_size() for f in files if f.exists)),
+ }
+ return render_template('files.html', **context)
+
+@app.route('/files', methods = ['POST'])
+@login_required
+def file_edit():
+ f = get_file(request.form.get('hash'), user_id = current_user.get_id(), update_accessed = False)
+ if not f:
+ flash('File not found.', 'error')
+ return redirect(url_for('.files'))
+ if 'filename' in request.form:
+ with db.session_scope() as sess:
+ old_path = f.get_path()
+ filename = request.form.get('filename', f.filename)
+ f.filename = filename
+ new_path = f.get_path()
+ # If extension changed, the local filename also changes. We could just store the file without the extension,
+ # but that would break the existing files, requiring a manual rename.
+ if old_path != new_path:
+ try:
+ if os.path.exists(new_path):
+ # This shouldn't happen unless we have two files with the same hash, which should be impossible.
+ raise RuntimeError()
+ else:
+ os.rename(old_path, new_path)
+ except:
+ flash(Markup('Internal rename failed; file may have become unreachable. '
+ 'Please contact an admin and specify <strong>hash={}</strong>.'.format(f.hash)), 'error')
+ sess.add(f)
+ flash('Filename changed to "{}".'.format(f.filename), 'success')
+ elif 'delete' in request.form:
+ try:
+ delete_file(f)
+ except:
+ flash('Failed to delete file.', 'error')
+ else:
+ flash('File deleted.', 'success')
+ else:
+ flash('No action was performed.', 'warning')
+ return redirect(url_for('.files'))
+
+@app.route('/i')
+@app.route('/images')
+@login_required
+def images():
+ files = [f for f in get_files(current_user.user) if f.is_image()]
+ context = {
+ 'title': 'Images',
+ 'fullwidth': True,
+ 'files': files,
+ 'total_size': db.File.pretty_size(sum(f.get_size() for f in files if f.exists)),
+ }
+ return render_template('images.html', **context)
+
+@app.route('/t/<hash:hash>')
+@app.route('/thumb/<hash:hash>')
+def thumb(hash):
+ thumbfile = os.path.join(current_app.config['THUMB_DIRECTORY'], hash + '.jpg')
+ if not os.access(thumbfile, os.F_OK):
+ f = get_file(hash, update_accessed = False)
+ try:
+ im = Image.open(f.get_path())
+ except IOError:
+ # We can't generate a thumbnail for this file, just say it doesn't exist.
+ abort(404)
+ # Check for valid JPEG modes.
+ if im.mode not in ('1', 'L', 'RGB', 'RGBA', 'RGBX', 'CMYK', 'YCbCr'):
+ im = im.convert('RGB')
+ im.thumbnail(current_app.config.get('THUMB_SIZE', (128, 128)), Image.ANTIALIAS)
+ im.save(thumbfile)
+ return send_file(thumbfile)
+
+@app.route('/h')
+@app.route('/help')
+def help():
+ context = {
+ 'title': 'Help',
+ }
+ return render_template('help.html', **context)
+
+login_manager.login_view = '.login'
diff --git a/fbin/login.py b/fbin/login.py
new file mode 100644
index 0000000..7647e13
--- /dev/null
+++ b/fbin/login.py
@@ -0,0 +1,92 @@
+import datetime
+import traceback
+from urllib.parse import urljoin
+
+from flask import current_app, flash
+from flask_login import LoginManager
+import jwt
+import requests
+
+from . import db
+
+login_manager = LoginManager()
+
+class User:
+ def __init__(self, user, user_session):
+ self.user = user
+ self.user_session = user_session
+ self.token = None
+
+ def refresh_access_token(self):
+ response = requests.post(urljoin(current_app.config['OAUTH_URL'], 'token'), data = {
+ 'grant_type': 'refresh_token',
+ 'client_id': current_app.config['OAUTH_CLIENT_ID'],
+ 'client_secret': current_app.config['OAUTH_CLIENT_SECRET'],
+ 'refresh_token': self.user_session.refresh_token,
+ })
+ if response.status_code != 200:
+ flash('Failed to refresh authentication token (API call returned {} {})'.format(response.status_code, response.reason), 'error')
+ return
+ token = response.json()
+ try:
+ access_data = jwt.decode(token['access_token'], key = current_app.config['JWT_PUBLIC_KEY'], audience = current_app.config['OAUTH_CLIENT_ID'])
+ refresh_data = jwt.decode(token['refresh_token'], key = current_app.config['JWT_PUBLIC_KEY'], audience = current_app.config['OAUTH_CLIENT_ID'])
+ except jwt.InvalidTokenError as e:
+ traceback.print_exc()
+ flash('Failed to refresh authentication token (verification failed)', 'error')
+ return
+ with db.session_scope() as sess:
+ self.user_session.access_token = token['access_token']
+ self.user_session.refresh_token = token['refresh_token']
+ self.user_session.updated = datetime.datetime.utcnow()
+ sess.add(self.user_session)
+ return True
+
+ @property
+ def is_authenticated(self):
+ if self.user is None:
+ return False
+ if self.token:
+ return True
+ try:
+ self.token = jwt.decode(self.user_session.access_token, key = current_app.config['JWT_PUBLIC_KEY'], audience = current_app.config['OAUTH_CLIENT_ID'])
+ except jwt.ExpiredSignatureError:
+ try:
+ if not self.refresh_access_token():
+ return False
+ except:
+ traceback.print_exc()
+ flash('Failed to refresh authentication token (unhandled error; contact an admin)', 'error')
+ return False
+ except jwt.InvalidTokenError:
+ return False
+ return True
+
+ @property
+ def is_active(self):
+ return True
+
+ @property
+ def is_anonymous(self):
+ return False
+
+ def get_id(self):
+ return '{}:{}'.format(self.user.id, self.user_session.id)
+
+ def get_user_id(self):
+ return self.user.id if self.is_authenticated else None
+
+ @property
+ def username(self):
+ return self.user.username
+
+@login_manager.user_loader
+def load_user(user_id):
+ user_id, session_id = map(int, user_id.split(':', 1))
+ try:
+ with db.session_scope() as sess:
+ user, user_session = sess.query(db.User, db.UserSession).join(db.UserSession).filter(db.User.id == user_id, db.UserSession.id == session_id).one()
+ return User(user, user_session)
+ except:
+ traceback.print_exc()
+ return None
diff --git a/fbin/monkey.py b/fbin/monkey.py
new file mode 100644
index 0000000..c6458ad
--- /dev/null
+++ b/fbin/monkey.py
@@ -0,0 +1,25 @@
+import tempfile
+
+from flask import current_app
+import werkzeug.formparser
+import werkzeug.wrappers
+
+def werkzeug_patch():
+ global werkzeug_orig_stream_factory
+
+ werkzeug_orig_stream_factory = werkzeug.formparser.default_stream_factory
+
+ def custom_stream_factory(total_content_length, filename, content_type, content_length=None):
+ if total_content_length > 1024 * 500:
+ return tempfile.NamedTemporaryFile('wb+', prefix = 'upload_', dir = current_app.config['FILE_DIRECTORY'], delete = True)
+ return werkzeug_orig_stream_factory(total_content_length, filename, content_type, content_length)
+
+ werkzeug.formparser.default_stream_factory = custom_stream_factory
+ werkzeug.wrappers.default_stream_factory = custom_stream_factory
+
+def werkzeug_reset():
+ werkzeug.formparser.default_stream_factory = werkzeug_orig_stream_factory
+ werkzeug.wrappers.default_stream_factory = werkzeug_orig_stream_factory
+
+def patch():
+ werkzeug_patch()
diff --git a/fbin/static/css/bootstrap.min.css b/fbin/static/css/bootstrap.min.css
new file mode 100644
index 0000000..ed3905e
--- /dev/null
+++ b/fbin/static/css/bootstrap.min.css
@@ -0,0 +1,6 @@
+/*!
+ * Bootstrap v3.3.7 (http://getbootstrap.com)
+ * Copyright 2011-2016 Twitter, Inc.
+ * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
+ *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{margin:.67em 0;font-size:2em}mark{color:#000;background:#ff0}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{height:0;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{margin:0;font:inherit;color:inherit}button{overflow:visible}button,select{text-transform:none}button,html input[type=button],input[type=reset],input[type=submit]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{padding:0;border:0}input{line-height:normal}input[type=checkbox],input[type=radio]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;padding:0}input[type=number]::-webkit-inner-spin-button,input[type=number]::-webkit-outer-spin-button{height:auto}input[type=search]{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-appearance:textfield}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}fieldset{padding:.35em .625em .75em;margin:0 2px;border:1px solid silver}legend{padding:0;border:0}textarea{overflow:auto}optgroup{font-weight:700}table{border-spacing:0;border-collapse:collapse}td,th{padding:0}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,:after,:before{color:#000!important;text-shadow:none!important;background:0 0!important;-webkit-box-shadow:none!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}a[href^="javascript:"]:after,a[href^="#"]:after{content:""}blockquote,pre{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}img,tr{page-break-inside:avoid}img{max-width:100%!important}h2,h3,p{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}.btn>.caret,.dropup>.btn>.caret{border-top-color:#000!important}.label{border:1px solid #000}.table{border-collapse:collapse!important}.table td,.table th{background-color:#fff!important}.table-bordered td,.table-bordered th{border:1px solid #ddd!important}}@font-face{font-family:'Glyphicons Halflings';src:url(../fonts/glyphicons-halflings-regular.eot);src:url(../fonts/glyphicons-halflings-regular.eot?#iefix) format('embedded-opentype'),url(../fonts/glyphicons-halflings-regular.woff2) format('woff2'),url(../fonts/glyphicons-halflings-regular.woff) format('woff'),url(../fonts/glyphicons-halflings-regular.ttf) format('truetype'),url(../fonts/glyphicons-halflings-regular.svg#glyphicons_halflingsregular) format('svg')}.glyphicon{position:relative;top:1px;display:inline-block;font-family:'Glyphicons Halflings';font-style:normal;font-weight:400;line-height:1;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.glyphicon-asterisk:before{content:"\002a"}.glyphicon-plus:before{content:"\002b"}.glyphicon-eur:before,.glyphicon-euro:before{content:"\20ac"}.glyphicon-minus:before{content:"\2212"}.glyphicon-cloud:before{content:"\2601"}.glyphicon-envelope:before{content:"\2709"}.glyphicon-pencil:before{content:"\270f"}.glyphicon-glass:before{content:"\e001"}.glyphicon-music:before{content:"\e002"}.glyphicon-search:before{content:"\e003"}.glyphicon-heart:before{content:"\e005"}.glyphicon-star:before{content:"\e006"}.glyphicon-star-empty:before{content:"\e007"}.glyphicon-user:before{content:"\e008"}.glyphicon-film:before{content:"\e009"}.glyphicon-th-large:before{content:"\e010"}.glyphicon-th:before{content:"\e011"}.glyphicon-th-list:before{content:"\e012"}.glyphicon-ok:before{content:"\e013"}.glyphicon-remove:before{content:"\e014"}.glyphicon-zoom-in:before{content:"\e015"}.glyphicon-zoom-out:before{content:"\e016"}.glyphicon-off:before{content:"\e017"}.glyphicon-signal:before{content:"\e018"}.glyphicon-cog:before{content:"\e019"}.glyphicon-trash:before{content:"\e020"}.glyphicon-home:before{content:"\e021"}.glyphicon-file:before{content:"\e022"}.glyphicon-time:before{content:"\e023"}.glyphicon-road:before{content:"\e024"}.glyphicon-download-alt:before{content:"\e025"}.glyphicon-download:before{content:"\e026"}.glyphicon-upload:before{content:"\e027"}.glyphicon-inbox:before{content:"\e028"}.glyphicon-play-circle:before{content:"\e029"}.glyphicon-repeat:before{content:"\e030"}.glyphicon-refresh:before{content:"\e031"}.glyphicon-list-alt:before{content:"\e032"}.glyphicon-lock:before{content:"\e033"}.glyphicon-flag:before{content:"\e034"}.glyphicon-headphones:before{content:"\e035"}.glyphicon-volume-off:before{content:"\e036"}.glyphicon-volume-down:before{content:"\e037"}.glyphicon-volume-up:before{content:"\e038"}.glyphicon-qrcode:before{content:"\e039"}.glyphicon-barcode:before{content:"\e040"}.glyphicon-tag:before{content:"\e041"}.glyphicon-tags:before{content:"\e042"}.glyphicon-book:before{content:"\e043"}.glyphicon-bookmark:before{content:"\e044"}.glyphicon-print:before{content:"\e045"}.glyphicon-camera:before{content:"\e046"}.glyphicon-font:before{content:"\e047"}.glyphicon-bold:before{content:"\e048"}.glyphicon-italic:before{content:"\e049"}.glyphicon-text-height:before{content:"\e050"}.glyphicon-text-width:before{content:"\e051"}.glyphicon-align-left:before{content:"\e052"}.glyphicon-align-center:before{content:"\e053"}.glyphicon-align-right:before{content:"\e054"}.glyphicon-align-justify:before{content:"\e055"}.glyphicon-list:before{content:"\e056"}.glyphicon-indent-left:before{content:"\e057"}.glyphicon-indent-right:before{content:"\e058"}.glyphicon-facetime-video:before{content:"\e059"}.glyphicon-picture:before{content:"\e060"}.glyphicon-map-marker:before{content:"\e062"}.glyphicon-adjust:before{content:"\e063"}.glyphicon-tint:before{content:"\e064"}.glyphicon-edit:before{content:"\e065"}.glyphicon-share:before{content:"\e066"}.glyphicon-check:before{content:"\e067"}.glyphicon-move:before{content:"\e068"}.glyphicon-step-backward:before{content:"\e069"}.glyphicon-fast-backward:before{content:"\e070"}.glyphicon-backward:before{content:"\e071"}.glyphicon-play:before{content:"\e072"}.glyphicon-pause:before{content:"\e073"}.glyphicon-stop:before{content:"\e074"}.glyphicon-forward:before{content:"\e075"}.glyphicon-fast-forward:before{content:"\e076"}.glyphicon-step-forward:before{content:"\e077"}.glyphicon-eject:before{content:"\e078"}.glyphicon-chevron-left:before{content:"\e079"}.glyphicon-chevron-right:before{content:"\e080"}.glyphicon-plus-sign:before{content:"\e081"}.glyphicon-minus-sign:before{content:"\e082"}.glyphicon-remove-sign:before{content:"\e083"}.glyphicon-ok-sign:before{content:"\e084"}.glyphicon-question-sign:before{content:"\e085"}.glyphicon-info-sign:before{content:"\e086"}.glyphicon-screenshot:before{content:"\e087"}.glyphicon-remove-circle:before{content:"\e088"}.glyphicon-ok-circle:before{content:"\e089"}.glyphicon-ban-circle:before{content:"\e090"}.glyphicon-arrow-left:before{content:"\e091"}.glyphicon-arrow-right:before{content:"\e092"}.glyphicon-arrow-up:before{content:"\e093"}.glyphicon-arrow-down:before{content:"\e094"}.glyphicon-share-alt:before{content:"\e095"}.glyphicon-resize-full:before{content:"\e096"}.glyphico