summaryrefslogtreecommitdiff
path: root/fbin/fbin.py
AgeCommit message (Collapse)AuthorFilesLines
2021-03-28Add mimetype blacklistingJon Bergli Heier1-1/+9
Add two new configuration options: MIMETYPE_BLACKLIST and MIMETYPE_USER_WHITELIST. Any mimetype in MIMETYPE_BLACKLIST will be sent as either text/plain or application/octet-stream depending on the actual mimetype returned. If the uploader's username is specified in MIMETYPE_USER_WHITELIST, the blacklist is ignored.
2020-11-09Rotate thumbnails if orientation is setJon Bergli Heier1-1/+10
This fixes thumbnails being in the incorrect orientation after we removed the call to mogrify.
2020-10-29Clean up leftover file path referencesJon Bergli Heier1-38/+4
This change removes and direct references to the filesystem from the pyfbin code other that file_storage.filesystem. This should hopyfully be the last changes needed for pyfbin to be successfully run using the file_storage.s3 module without any issues.
2020-10-28Use flask-sqlalchemy instead of using sqlalchemy directlyJon Bergli Heier1-80/+72
This makes database access a bit easier and also greatly simplifies some upcoming changes.
2020-08-02Add missing values() call to scan result checkJon Bergli Heier1-1/+1
scans is a dict, not a list, so we need to call values() to retrieve the result dicts.
2020-07-28Allow single VT match on specific resultsJon Bergli Heier1-1/+3
By including a result name in the VIRUSTOTAL_SINGULAR_MATCHES setting we can override VIRUSTOTAL_MINIMUM_POSITIVES. This is useful for some matches that's usually only matched by a few engines, such as phishing.
2019-12-07Add max file size configurationJon Bergli Heier1-1/+5
This allows configuring max file sizes for both registered and anonymous users. For registered users the USER_FILE_SIZE_LIMIT is used, and ANONYMOUS_FILE_SIZE_LIMIT for anonymous users. If the size is not specified or None, the limit is not enforced. Setting the limit to 0 effectively disables uploads.
2019-12-06Fix displaying total file sizeJon Bergli Heier1-3/+3
Wrap the call to get_size() in a generator so we don't have to look up the files (if needed) twice.
2019-08-17Fetch and store thumbnails via storage modulesJon Bergli Heier1-24/+28
This will allow us to remotely store thumbnails in case of S3. For S3 the thumb bucket is configurable to allow these to be stored separately. The S3 key for thumbnails does not conflict with files, so these can be stored in the same bucket if needed.
2019-08-14Allow specifying minimum positives for virustotal resultsJon Bergli Heier1-1/+1
2019-07-24Add file storage modulesJon Bergli Heier1-39/+30
Allows for storing files other places than the local file system. Currently the local filesystem and S3 are supported.
2019-04-02Add support for blocking filesJon Bergli Heier1-1/+1
Files are blocked if blocked_reason is non-NULL. This value is currently not exposed publicly, instead a 404 will be returned. Files are scanned using virustotal.com's public API if scanned is False. Scans are performed by the fbin-scanner.py script. If a match is found, blocked_reason is set to the payload received. Files that are not in VT's database will be automatically submitted and the script will wait for the scan to complete before continuing.
2019-03-27Return 404 if physical file does not existJon Bergli Heier1-1/+1
2018-08-06Add video list and video thumbnailsJon Bergli Heier1-9/+29
Add a separate video page for listing uploaded videos. The thumbnail endpoint now supports generating video thumbnails using ffmpegthumbnailer.
2018-07-18Fix writing thumbnails from transparent imagesJon Bergli Heier1-1/+1
JPEG does not support alpha channels, so remove RGBA from the list of valid modes.
2017-04-22Added upload API.Jon Bergli Heier1-8/+72
Also updated the API (previously help) page.
2017-04-09Fixed renaming files.Jon Bergli Heier1-1/+2
2017-04-09Major rewrite to use jab/oauth.Jon Bergli Heier1-0/+353
Highlights: - Uses the oauth branch of jab. - Changed design to use bootstrap. - Some minor changes to functionality in file uploading and listing. - API is currently disabled and incomplete.