diff options
Diffstat (limited to 'fhost.py')
| -rwxr-xr-x | fhost.py | 203 |
1 files changed, 39 insertions, 164 deletions
@@ -1,5 +1,6 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- +# https://stackoverflow.com/a/34831345/3569534 """ Copyright © 2020 Mia Herkt @@ -21,7 +22,7 @@ from flask import Flask, abort, escape, make_response, redirect, request, send_from_directory, url_for, Response from flask_sqlalchemy import SQLAlchemy -from flask_script import Manager +from flask_script import Manager, Server from flask_migrate import Migrate, MigrateCommand from hashlib import sha256 from humanize import naturalsize @@ -68,6 +69,13 @@ app.config["FHOST_UPLOAD_BLACKLIST"] = "tornodes.txt" app.config["NSFW_DETECT"] = False app.config["NSFW_THRESHOLD"] = 0.608 +# read config file +app.config.from_pyfile("hex-zero.conf", silent=True) + +# read html template file +with open(app.config["FHOST_FRONTPAGE"], "r") as j: + frontpagestring = j.read() + if app.config["NSFW_DETECT"]: from nsfw_detect import NSFWDetector nsfw = NSFWDetector() @@ -124,11 +132,13 @@ class File(db.Model): def geturl(self): n = self.getname() + o = n if self.nsfw_score and self.nsfw_score > app.config["NSFW_THRESHOLD"]: - return url_for("get", path=n, _external=True, _anchor="nsfw") + "\n" + o = url_for("get", path=n, _external=True, _anchor="nsfw") + "\n" else: - return url_for("get", path=n, _external=True) + "\n" + o = url_for("get", path=n, _external=True) + "\n" + return o.replace("http://" + app.config["APP_HOST_LISTEN"] + ":" + str(app.config["APP_PORT"]),app.config["APP_URL"]) def pprint(self): print("url: {}".format(self.getname())) @@ -142,6 +152,7 @@ def getpath(fn): return os.path.join(app.config["FHOST_STORAGE_PATH"], fn) def fhost_url(scheme=None): + return app.config["APP_URL"] if not scheme: return url_for(".fhost", _external=True).rstrip("/") else: @@ -328,6 +339,19 @@ def get(path): abort(404) +@app.route("/dump_files/") +@app.route("/dump_files/<int:start>") +def dump_files(start=0): + meta = "#FORMAT: BEACON\n#PREFIX: {}/\n\n".format(fhost_url("https")) + + def gen(): + yield meta + + for file in File.query.order_by(File.id.asc()).offset(start): + yield file.getname() + "|" + str(file.id) + "\n" + + return Response(gen(), mimetype="text/plain") + @app.route("/dump_urls/") @app.route("/dump_urls/<int:start>") def dump_urls(start=0): @@ -352,7 +376,11 @@ def fhost(): out = None if "file" in request.files: - out = store_file(request.files["file"], request.remote_addr) + if app.config["USE_HTTP_X_FORWARDED_FOR"]: + stored_ip_address = request.environ["HTTP_X_FORWARDED_FOR"] + else: + stored_ip_address = request.remote_addr + out = store_file(request.files["file"], stored_ip_address) elif "url" in request.form: out = store_url(request.form["url"], request.remote_addr) elif "shorten" in request.form: @@ -375,153 +403,12 @@ def fhost(): if maxsizehalf.is_integer(): maxsizehalf = int(maxsizehalf) - return """<!DOCTYPE html> -<html lang="en"> - <head> - <title>{6}</title> - <meta http-equiv="content-type" content="text/html; charset=utf-8" /> - <meta name="description" content="envs.sh | Null Pointer" /> - <link rel="stylesheet" href="https://envs.net/css/css_style.css" /> - </head> - <body id="body" class="dark-mode"> - <div class="clear" style="min-width: 1150px;"> - - <div id="main"> -<div class="block"> -<h1><em>envs.sh | THE NULL POINTER</em></h1> -<h2><em>file hosting and URL shortening service.</em></h2> -<br /> -</div> - -<h2>USAGE</h2> -<pre> -HTTP POST files here: - <code>curl -F'file=@yourfile.png' {0}</code> -post your text directly: - <code>echo "text here" | curl -F'file=@-;' {0}</code> -you can also POST remote URLs: - <code>curl -F'url=https://example.com/image.jpg' {0}</code> -or you can shorten URLs: - <code>curl -F'shorten=http://example.com/some/long/url' {0}</code> - -file URLs are valid for at least 30 days and up to a year (see below). -shortened URLs do not expire. -not allowed: {5} -maximum file size: {1} -</pre> -<br /> - -<h2>ACCEPTABLE USE POLICY</h2> -<pre> -please do not post any informations that -may violate law (login/password lists, email lists, personal information). - -envs.sh is NOT a platform for: -</pre> -<br /> -<ul> - <li>child pornography</li> - <li>malware, including “potentially unwanted applications”</li> - <li>botnet command and control schemes involving this service</li> - <li>anything even remotely related to crypto currencies</li> - <li>hosting your backups</li> - <li>spamming the service with CI build artifacts</li> - <li>piracy</li> - <li>alt-right shitposting</li> -</ul> -<br /> -<h2>REQUIREMENTS</h2> -<pre> -there is only one thing you need to use this service - curl. -curl is available on most platforms, including Windows, Mac OS X and Linux. - -if you run a server and like this site, clone it! centralization is bad. -<small><a href="https://github.com/envs-net/0x0" target="_blank">https://github.com/envs-net/0x0</a></small> -you can also support it financially via liberapay. -<a href="https://en.liberapay.com/envs.net/donate" target="_blank" style="border-bottom-color: transparent;"><img src="https://img.shields.io/liberapay/receives/envs.net.svg?logo=liberapay" alt="img_shield_receives_via_liberapay"></a> -</pre> -<br /> - -<h2>ALIAS</h2> -<pre> -to make your life easier, you can add aliases to your <code>.bash_aliases</code> on Linux -and <code>.bash_profile</code> on Mac OS X. just remember to reset your terminal session after that. -<code>0file() { curl -F"file=@$1" {0} ; } -0pb() { curl -F"file=@-;" {0} ; } -0url() { curl -F"url=$1" {0} ; } -0short() { curl -F"shorten=$1" {0} ; }</code> - -now you can use: -<code>0file "yourfile.png" -# or -echo "text here" | 0pb</code> - -<em>if you want a nice wrapper, try <a href="https://git.envs.net/envs/pb">~tomasino's pb</a></em> -</pre> -<br /> - -<h2>FILE RETENTION PERIOD</h2> -<pre> -retention = min_age + (-max_age + min_age) * pow((file_size / max_size - 1), 3) - - days - 365 | \\ - | \\ - | \\ - | \\ - | \\ - | \\ - | .. - | \\ - 197.5 | ----------..------------------------------------------- - | .. - | \\ - | .. - | ... - | .. - | ... - | .... - | ...... - 30 | .................... - 0{2}{3} - {4} -</pre> -<br /> - -<h2>ABUSE</h2> -<pre> -if you would like to request permanent deletion, please -send an email to <a href="mailto:hostmaster@envs.net?subject=Abuse%200x0%20-%20envs.sh" target="_blank">hostmaster@envs.net</a>. - -please allow up to 24 hours for a response. -</pre> - </div> - -<!-- UPLOAD --> - - <div id="sidebar"> -<div class="block"> -<h2>UPLOAD DIRECTLY</h2> -<br /> -<form action="{0}" method="POST" enctype="multipart/form-data"> -<label>File:</label><br /> -<input class="form-control" type="file" name="file" style="width:250px;"><br /> -<input class="form-control" type="submit" value="Submit"> -</form> -</div> - </div> - - <footer><pre class="clean">a <a href="https://envs.net/">envs.net</a> service | by <a href="https://envs.net/~creme/">~creme</a> | <a href="https://envs.net/impressum/">impressum</a></pre></footer> - - </div> - - </body> -</html> - -""".format(fhost_url(), + # python-interpreted variables + return frontpagestring.format(fhost_url(), maxsize, str(maxsizehalf).rjust(27), str(maxsizenum).rjust(27), maxsizeunit.rjust(54), - ", ".join(app.config["FHOST_MIME_BLACKLIST"]),fhost_url().split("/",2)[2]) + ", ".join(app.config["FHOST_MIME_BLACKLIST"]),fhost_url().split("/",2)[2], + app.config["APP_URL"], app.config["ADMIN_EMAIL"]) @app.route("/robots.txt") def robots(): @@ -541,21 +428,7 @@ def segfault(e): @app.errorhandler(404) def notfound(e): - return u"""<pre>Process {0} stopped -* thread #1: tid = {0}, {1:#018x}, name = '{2}' - frame #0: -Process {0} stopped -* thread #8: tid = {0}, {3:#018x} fhost`get(path='{4}') + 27 at fhost.c:139, name = 'fhost/responder', stop reason = invalid address (fault address: 0x30) - frame #0: {3:#018x} fhost`get(path='{4}') + 27 at fhost.c:139 - 136 get(SrvContext *ctx, const char *path) - 137 {{ - 138 StoredObj *obj = ctx->store->query(shurl_debase(path)); --> 139 switch (obj->type) {{ - 140 case ObjTypeFile: - 141 ctx->serve_file_id(obj->id); - 142 break; -(lldb) q</pre> -""".format(os.getpid(), id(app), "fhost", id(get), escape(request.path)), e.code + return make_response("404 File not found: {0}/{1}".format(fhost_url(),request.path.lstrip("/")),404) @manager.command def debug(): @@ -667,4 +540,6 @@ def querybl(nsfw=False, removed=False): f.pprint() if __name__ == "__main__": + # allow port adjustment + manager.add_command('runserver', Server(host=app.config["APP_HOST_LISTEN"], port=app.config["APP_PORT"])) manager.run() |