Create blueprints for files and urls.

Author: vremes

app/__init__.py

@@ -1,17 +1,17 @@
 from flask import Flask
 from werkzeug.exceptions import HTTPException
 
-from app.config import Config
 from app.core.utils import (
     create_stdout_logger,
     http_error_handler,
-    setup_db
+    setup_db,
+    get_config
 )
 from app.core.files import add_unsupported_mimetypes
 
 db = setup_db()
 logger = create_stdout_logger()
-config = Config.from_env()
+config = get_config()
 
 def create_app() -> Flask:
     """Flask application factory."""
@@ -26,11 +26,13 @@ def handle_exception(e):
         return http_error_handler(e)
 
     # Import blueprints
-    from app.blueprints.api import api
     from app.blueprints.main import main
+    from app.blueprints.files import files
+    from app.blueprints.urls import urls
 
     # Register blueprints
     app.register_blueprint(main)
-    app.register_blueprint(api, url_prefix='/api')
+    app.register_blueprint(files, url_prefix='/api')
+    app.register_blueprint(urls, url_prefix='/api')
 
     return app

app/blueprints/api.py

@@ -0,0 +1,103 @@
+from http import HTTPStatus
+
+from werkzeug.security import safe_join
+from flask import Blueprint, jsonify, url_for, abort, request
+
+from app import config, logger
+from app.core.utils import (
+    auth_required,
+    create_hmac_hash,
+    safe_str_comparison
+)
+from app.core.discord import (
+    create_discord_webhooks,
+    create_uploaded_file_embed,
+    execute_webhooks_with_embed
+)
+from app.core.files import (
+    get_file_extension_from_file,
+    is_file_extension_allowed,
+    create_directory,
+    generate_filename,
+    get_secure_filename,
+    delete_file,
+)
+
+files = Blueprint('files', __name__)
+
+@files.get('/sharex/upload')
+def upload_config():
+    return jsonify({
+        "Name": "{} (File uploader)".format(request.host),
+        "Version": "1.0.0",
+        "DestinationType": "ImageUploader, FileUploader",
+        "RequestMethod": "POST",
+        "RequestURL": url_for('files.upload', _external=True),
+        "Body": "MultipartFormData",
+        "FileFormName": "file",
+        "URL": "$json:url$",
+        "DeletionURL": "$json:delete_url$",
+        "Headers": {
+            "Authorization": "YOUR-UPLOAD-PASSWORD-HERE",
+        },
+        "ErrorMessage": "$json:status$"
+    })
+
+@files.post('/upload')
+@auth_required
+def upload():
+    f = request.files.get('file')
+
+    if f is None:
+        abort(HTTPStatus.BAD_REQUEST, 'Invalid file.')
+
+    file_extension = get_file_extension_from_file(f.stream, config.magic_buffer_bytes)
+
+    if is_file_extension_allowed(file_extension, config.allowed_extensions) is False:
+        abort(HTTPStatus.UNPROCESSABLE_ENTITY, 'Invalid file type.')
+
+    create_directory(config.upload_directory)
+
+    filename = generate_filename()
+
+    if config.use_original_filename:
+        secure_filename = get_secure_filename(f.filename)
+        filename = f'{filename}-{secure_filename}'
+
+    save_filename = filename + file_extension
+    save_path = safe_join(config.upload_directory, save_filename)
+
+    f.save(save_path)
+
+    hmac_hash = create_hmac_hash(save_filename, config.flask_secret)
+    file_url = url_for('main.uploads', filename=save_filename, _external=True)
+    deletion_url = url_for('files.delete_file_with_hash', hmac_hash=hmac_hash, filename=save_filename, _external=True)
+
+    logger.info(f'Saved file: {save_filename}, URL: {file_url}, deletion URL: {deletion_url}')
+
+    # Send data to Discord webhooks
+    discord_webhooks = create_discord_webhooks(config.discord_webhook_urls, config.discord_webhook_timeout)
+    if discord_webhooks:
+        embed = create_uploaded_file_embed(file_url, deletion_url)
+        execute_webhooks_with_embed(discord_webhooks, embed)
+
+    # Return JSON
+    return jsonify(url=file_url, delete_url=deletion_url)
+
+@files.get('/delete-file/<hmac_hash>/<filename>')
+def delete_file_with_hash(hmac_hash, filename):
+    new_hmac_hash = create_hmac_hash(filename, config.flask_secret)
+
+    # If digest is invalid
+    if safe_str_comparison(hmac_hash, new_hmac_hash) is False:
+        abort(HTTPStatus.NOT_FOUND)
+
+    file_path = safe_join(config.upload_directory, filename)
+    file_deleted = delete_file(file_path)
+
+    if file_deleted is False:
+        abort(HTTPStatus.GONE)
+
+    logger.info(f'Deleted a file {filename}')
+
+    return jsonify(message='This file has been deleted, you can now close this page.')

app/blueprints/files.py

@@ -0,0 +1,85 @@
+from http import HTTPStatus
+from secrets import token_urlsafe
+
+from flask import Blueprint, jsonify, url_for, abort, request
+
+from app import config, logger
+from app.core.utils import (
+    auth_required, safe_str_comparison,
+    create_hmac_hash
+)
+from app.core.discord import (
+    create_short_url_embed,
+    create_discord_webhooks,
+    execute_webhooks_with_embed
+)
+from app.core.urls import (
+    is_valid_url, 
+    add_https_scheme_to_url,
+    save_url_and_token_to_database, 
+    delete_url_from_database_by_token
+)
+
+urls = Blueprint('urls', __name__)
+
+@urls.get('/sharex/shorten')
+def shorten_config():
+    return jsonify({
+        "Name": "{} (URL shortener)".format(request.host),
+        "Version": "1.0.0",
+        "DestinationType": "URLShortener",
+        "RequestMethod": "POST",
+        "Body": "MultipartFormData",
+        "RequestURL": url_for('urls.shorten', _external=True),
+        "Headers": {
+            "Authorization": "YOUR-UPLOAD-PASSWORD-HERE"
+        },
+        "Arguments": {
+            "url": "$input$"
+        },
+        "URL": "$json:url$",
+        "ErrorMessage": "$json:status$"
+    })
+
+@urls.post('/shorten')
+@auth_required
+def shorten():
+    url = request.form.get('url')
+
+    if is_valid_url(url) is False:
+        abort(HTTPStatus.BAD_REQUEST, 'Invalid URL.')
+
+    url = add_https_scheme_to_url(url)
+    token = token_urlsafe(config.url_token_bytes)
+
+    saved_to_database = save_url_and_token_to_database(url, token)
+
+    if saved_to_database is False:
+        abort(HTTPStatus.INTERNAL_SERVER_ERROR, 'Unable to save URL to database.')
+
+    hmac_hash = create_hmac_hash(token, config.flask_secret)
+    shortened_url = url_for('main.short_url', token=token, _external=True)
+    deletion_url = url_for('urls.delete_short_url_with_hash', hmac_hash=hmac_hash, token=token, _external=True)
+
+    logger.info(f'Saved short URL: {shortened_url} for {url}, deletion URL: {deletion_url}')
+
+    # Send data to Discord webhooks
+    discord_webhooks = create_discord_webhooks(config.discord_webhook_urls, config.discord_webhook_timeout)
+    if discord_webhooks:
+        embed = create_short_url_embed(url, shortened_url, deletion_url)
+        execute_webhooks_with_embed(discord_webhooks, embed)
+
+    return jsonify(url=shortened_url)
+
+@urls.get('/delete-short-url/<hmac_hash>/<token>')
+def delete_short_url_with_hash(hmac_hash, token):
+    new_hmac_hash = create_hmac_hash(token, config.flask_secret)
+
+    # If digest is invalid
+    if safe_str_comparison(hmac_hash, new_hmac_hash) is False:
+        abort(HTTPStatus.NOT_FOUND)
+
+    if delete_url_from_database_by_token(token) is False:
+        abort(HTTPStatus.GONE)
+
+    return jsonify(message='This short URL has been deleted, you can now close this page.')

app/blueprints/urls.py

@@ -7,7 +7,8 @@
 
 def is_file_extension_allowed(file_extension: str , allowed_file_extensions: list) -> bool:
     """Returns True if given file_extension is allowed."""
-    return file_extension in allowed_file_extensions
+    extension_without_dot = file_extension.replace('.', '')
+    return extension_without_dot in allowed_file_extensions
 
 def delete_file(file_path: str) -> bool:
     """Deletes a given file if it exists."""