summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2021-06-09Fix linting errorsJon Bergli Heier14-86/+145
Style, unused imports, unused variables, etc. as reported by flake8. Configuration for flake8 has been added to setup.cfg.
2021-06-09file_storage.s3: Fix deleting object on file_add errorJon Bergli Heier1-2/+2
Make sure obj is returned from upload_file so that we can delete it if add_file raises an exception.
2021-04-11file_storage.filesystem: Close temp file after saveJon Bergli Heier1-0/+1
This will ensure the file content is flushed and lets us get the actual file size, which will fix very small files being stored with size == 0.
2021-04-09fbin-scanner: Skip missing filesJon Bergli Heier1-0/+6
If a file has been deleted, mark it as scanned and continue.
2021-03-28Add mimetype blacklistingJon Bergli Heier1-1/+9
Add two new configuration options: MIMETYPE_BLACKLIST and MIMETYPE_USER_WHITELIST. Any mimetype in MIMETYPE_BLACKLIST will be sent as either text/plain or application/octet-stream depending on the actual mimetype returned. If the uploader's username is specified in MIMETYPE_USER_WHITELIST, the blacklist is ignored.
2020-11-09Rotate thumbnails if orientation is setJon Bergli Heier1-1/+10
This fixes thumbnails being in the incorrect orientation after we removed the call to mogrify.
2020-10-29Update Dockerfile and requirements.txtJon Bergli Heier2-3/+2
2020-10-29Clean up leftover file path referencesJon Bergli Heier4-70/+42
This change removes and direct references to the filesystem from the pyfbin code other that file_storage.filesystem. This should hopyfully be the last changes needed for pyfbin to be successfully run using the file_storage.s3 module without any issues.
2020-10-28Add fbin-backup.pyJon Bergli Heier4-9/+131
This is a backup script which will copy files to a target storage, and optionally add database entries as well. It works by specifying a source and a target config file. Both should have separate storage configured, and files will be copied from the source storage to the target storage. The list of files to copy is read from the source database, which means this must be accessible from where the script is run, not just the storage. If updating databse entries the target database must also be accessible. The target database is also check for any existing file hashes, and any files that would cause a collision will be skipped.
2020-10-28Use flask-sqlalchemy instead of using sqlalchemy directlyJon Bergli Heier7-197/+164
This makes database access a bit easier and also greatly simplifies some upcoming changes.
2020-08-02Add missing values() call to scan result checkJon Bergli Heier1-1/+1
scans is a dict, not a list, so we need to call values() to retrieve the result dicts.
2020-07-28Allow single VT match on specific resultsJon Bergli Heier1-1/+3
By including a result name in the VIRUSTOTAL_SINGULAR_MATCHES setting we can override VIRUSTOTAL_MINIMUM_POSITIVES. This is useful for some matches that's usually only matched by a few engines, such as phishing.
2019-12-08filesystem: Fix error on max file sizeJon Bergli Heier1-3/+2
Move the chmod call into the try block so we always call this when add_file succeeds, otherwise new_file might not be set yet and we will get an UnboundLocalError.
2019-12-07s3: Delete file if add_file raises an exceptionJon Bergli Heier1-1/+5
2019-12-07Add max file size configurationJon Bergli Heier4-3/+19
This allows configuring max file sizes for both registered and anonymous users. For registered users the USER_FILE_SIZE_LIMIT is used, and ANONYMOUS_FILE_SIZE_LIMIT for anonymous users. If the size is not specified or None, the limit is not enforced. Setting the limit to 0 effectively disables uploads.
2019-12-06Default Storage.get_file thumb to FalseJon Bergli Heier1-1/+1
Usually we want the file data, not the thumbnail.
2019-12-06Change bootstrap-filestyle name on drop or pasteJon Bergli Heier1-0/+2
This makes sure the upload form is visually updated when dropping or pasting a file.
2019-12-06Fix displaying total file sizeJon Bergli Heier1-3/+3
Wrap the call to get_size() in a generator so we don't have to look up the files (if needed) twice.
2019-12-06Flash oauth error when server returns an error fieldJon Bergli Heier1-0/+3
2019-12-06login: Add missing commit when updating sessionJon Bergli Heier1-0/+1
2019-12-05s3: Fix typosJon Bergli Heier1-2/+2
2019-08-17Fetch and store thumbnails via storage modulesJon Bergli Heier4-28/+80
This will allow us to remotely store thumbnails in case of S3. For S3 the thumb bucket is configurable to allow these to be stored separately. The S3 key for thumbnails does not conflict with files, so these can be stored in the same bucket if needed.
2019-08-17file_storage.filesystem: Set file mode if configuredJon Bergli Heier1-0/+3
Regression since b72ecc321c315bafe40cc7406e87e088564ab8a9. This is needed eg. when using X-Sendfile so that the web server can access the files.
2019-08-14Allow specifying minimum positives for virustotal resultsJon Bergli Heier1-1/+1
2019-07-24fbin-scanner: Default STORAGE_MODULE to fbin.file_storage.filesystemJon Bergli Heier1-1/+1
2019-07-24Add Docker configJon Bergli Heier3-0/+38
2019-07-24fbin-scanner: Add support for file storage modulesJon Bergli Heier1-17/+20
2019-07-24gitignore: Add *.sqliteJon Bergli Heier1-0/+1
2019-07-24Add file storage modulesJon Bergli Heier5-41/+174
Allows for storing files other places than the local file system. Currently the local filesystem and S3 are supported.
2019-07-23Make no file uploads message use all five columnsJon Bergli Heier1-1/+1
2019-04-08fbin-scanner: Fix size limitJon Bergli Heier1-1/+1
2019-04-02fbin-scanner: Remove debug filterJon Bergli Heier1-1/+1
2019-04-02fbin-scanner: Remove debug breakJon Bergli Heier1-1/+0
2019-04-02Add support for blocking filesJon Bergli Heier3-2/+131
Files are blocked if blocked_reason is non-NULL. This value is currently not exposed publicly, instead a 404 will be returned. Files are scanned using virustotal.com's public API if scanned is False. Scans are performed by the fbin-scanner.py script. If a match is found, blocked_reason is set to the payload received. Files that are not in VT's database will be automatically submitted and the script will wait for the scan to complete before continuing.
2019-03-27Return 404 if physical file does not existJon Bergli Heier1-1/+1
2018-08-06Add video list and video thumbnailsJon Bergli Heier4-11/+35
Add a separate video page for listing uploaded videos. The thumbnail endpoint now supports generating video thumbnails using ffmpegthumbnailer.
2018-07-18Fix writing thumbnails from transparent imagesJon Bergli Heier1-1/+1
JPEG does not support alpha channels, so remove RGBA from the list of valid modes.
2018-02-15Add support for pasting files.Jon Bergli Heier1-0/+6
2017-08-16Added drag and drop support to the upload form.Jon Bergli Heier2-1/+51
2017-08-16Run debug app with threads to avoid hanging.Jon Bergli Heier1-1/+1
For some reason chrome sometimes does two requests on redirect, where the first in unused, causing the second to hang because we only process one request at a time.
2017-04-22Added upload API.Jon Bergli Heier7-48/+205
Also updated the API (previously help) page.
2017-04-09Fixed renaming files.Jon Bergli Heier1-1/+2
2017-04-09Major rewrite to use jab/oauth.Jon Bergli Heier44-966/+1342
Highlights: - Uses the oauth branch of jab. - Changed design to use bootstrap. - Some minor changes to functionality in file uploading and listing. - API is currently disabled and incomplete.
2017-02-11Fixed uploading small files.Jon Bergli Heier1-2/+4
For small files the file attribute is a StringIO object instead of a NamedTemporaryFile. For cStringIO we're not allowed to set the delete attribute, so check wether the object already has a delete attribute before attempting to set it.
2016-04-03Delete thumbnails when deleting files.Jon Bergli Heier1-0/+3
2016-03-28Auto-delete temporary files by default.Jon Bergli Heier1-3/+2
This fixes multipart upload where temporary files are created for all fields. Instead we explicitly set the uploaded file itself to not be auto-deleted. This doesn't work on Windows (see NamedTemporaryFile for more details).
2016-03-27Fixed formatting in API 'Unknown method' message.Jon Bergli Heier1-1/+1
2016-03-27Added the test_token API method.Jon Bergli Heier1-0/+8
This API method checks whether the provided token is valid or not.
2016-03-26Fixed error handling on image thumbnails.Jon Bergli Heier4-12/+19
Replaced jquery-lazyload with jquery.lazy which provides an onError event handler.
2014-02-10Use jab id instead of username as user key.Jon Bergli Heier2-35/+24