2023-10-23 02:51:39 +01:00
|
|
|
import mimetypes
|
2023-10-15 05:31:54 +01:00
|
|
|
from importlib.resources import files
|
2023-10-23 02:51:39 +01:00
|
|
|
from urllib.parse import unquote
|
2023-10-14 23:29:50 +01:00
|
|
|
|
2023-10-17 23:06:27 +01:00
|
|
|
from html5tagger import E
|
2023-10-23 02:51:39 +01:00
|
|
|
from sanic import Blueprint, Sanic, raw
|
|
|
|
|
from sanic.exceptions import Forbidden, NotFound
|
2023-10-14 23:29:50 +01:00
|
|
|
|
2023-10-23 02:51:39 +01:00
|
|
|
from cista import auth, config, session, watching
|
|
|
|
|
from cista.api import bp
|
2023-10-21 20:30:47 +01:00
|
|
|
from cista.util import filename
|
2023-10-23 02:51:39 +01:00
|
|
|
from cista.util.apphelpers import handle_sanic_exception
|
|
|
|
|
|
|
|
|
|
app = Sanic("cista", strict_slashes=True)
|
|
|
|
|
app.blueprint(auth.bp)
|
|
|
|
|
app.blueprint(bp)
|
|
|
|
|
app.exception(Exception)(handle_sanic_exception)
|
2023-10-14 23:29:50 +01:00
|
|
|
|
2023-10-23 02:51:39 +01:00
|
|
|
@app.before_server_start
|
|
|
|
|
async def main_start(app, loop):
|
|
|
|
|
config.load_config()
|
|
|
|
|
await watching.start(app, loop)
|
|
|
|
|
|
|
|
|
|
@app.after_server_stop
|
|
|
|
|
async def main_stop(app, loop):
|
|
|
|
|
await watching.stop(app, loop)
|
2023-10-14 23:29:50 +01:00
|
|
|
|
2023-10-21 02:44:43 +01:00
|
|
|
@app.on_request
|
2023-10-23 02:51:39 +01:00
|
|
|
async def use_session(req):
|
|
|
|
|
req.ctx.session = session.get(req)
|
|
|
|
|
try:
|
2023-10-23 23:47:57 +01:00
|
|
|
req.ctx.user = config.config.users[req.ctx.session["username"]] # type: ignore
|
2023-10-23 02:51:39 +01:00
|
|
|
except (AttributeError, KeyError, TypeError):
|
|
|
|
|
req.ctx.user = None
|
2023-10-21 02:44:43 +01:00
|
|
|
# CSRF protection
|
2023-10-23 02:51:39 +01:00
|
|
|
if req.method == "GET" and req.headers.upgrade != "websocket":
|
2023-10-21 02:44:43 +01:00
|
|
|
return # Ordinary GET requests are fine
|
2023-10-23 02:51:39 +01:00
|
|
|
# Check that origin matches host, for browsers which should all send Origin.
|
|
|
|
|
# Curl doesn't send any Origin header, so we allow it anyway.
|
|
|
|
|
origin = req.headers.origin
|
|
|
|
|
if origin and origin.split("//", 1)[1] != req.host:
|
2023-10-21 02:44:43 +01:00
|
|
|
raise Forbidden("Invalid origin: Cross-Site requests not permitted")
|
|
|
|
|
|
2023-10-14 23:29:50 +01:00
|
|
|
@app.before_server_start
|
2023-10-23 02:51:39 +01:00
|
|
|
def http_fileserver(app, _):
|
|
|
|
|
bp = Blueprint("fileserver")
|
|
|
|
|
bp.on_request(auth.verify)
|
|
|
|
|
bp.static("/files/", config.config.path, use_content_range=True, stream_large_files=True, directory_view=True)
|
|
|
|
|
app.blueprint(bp)
|
|
|
|
|
|
|
|
|
|
@app.get("/<path:path>", static=True)
|
|
|
|
|
async def wwwroot(req, path=""):
|
|
|
|
|
"""Frontend files only"""
|
2023-10-21 20:30:47 +01:00
|
|
|
name = filename.sanitize(unquote(path)) if path else "index.html"
|
|
|
|
|
try:
|
|
|
|
|
index = files("cista").joinpath("wwwroot", name).read_bytes()
|
|
|
|
|
except OSError as e:
|
|
|
|
|
raise NotFound(f"File not found: /{path}", extra={"name": name, "exception": repr(e)})
|
|
|
|
|
mime = mimetypes.guess_type(name)[0] or "application/octet-stream"
|
|
|
|
|
return raw(index, content_type=mime)
|
