cista-storage/cista/app.py

import mimetypes
from importlib.resources import files
from urllib.parse import unquote

import brotli
from sanic import Blueprint, Sanic, raw
from sanic.exceptions import Forbidden, NotFound

from cista import auth, config, session, watching
from cista.api import bp
from cista.util import filename
from cista.util.apphelpers import handle_sanic_exception

app = Sanic("cista", strict_slashes=True)
app.blueprint(auth.bp)
app.blueprint(bp)
app.exception(Exception)(handle_sanic_exception)


@app.before_server_start
async def main_start(app, loop):
    config.load_config()
    await watching.start(app, loop)


@app.after_server_stop
async def main_stop(app, loop):
    await watching.stop(app, loop)


@app.on_request
async def use_session(req):
    req.ctx.session = session.get(req)
    try:
        req.ctx.user = config.config.users[req.ctx.session["username"]]  # type: ignore
    except (AttributeError, KeyError, TypeError):
        req.ctx.user = None
    # CSRF protection
    if req.method == "GET" and req.headers.upgrade != "websocket":
        return  # Ordinary GET requests are fine
    # Check that origin matches host, for browsers which should all send Origin.
    # Curl doesn't send any Origin header, so we allow it anyway.
    origin = req.headers.origin
    if origin and origin.split("//", 1)[1] != req.host:
        raise Forbidden("Invalid origin: Cross-Site requests not permitted")


@app.before_server_start
def http_fileserver(app, _):
    bp = Blueprint("fileserver")
    bp.on_request(auth.verify)
    bp.static(
        "/files/",
        config.config.path,
        use_content_range=True,
        stream_large_files=True,
        directory_view=True,
    )
    app.blueprint(bp)


www = {}


@app.before_server_start
def load_wwwroot(app, _):
    www.clear()
    base = files("cista")
    paths = ["wwwroot"]
    while path := paths.pop(0):
        current = files("cista") / path
        for p in current.iterdir():
            if p.is_dir():
                print(p)
                paths.append(current / p.parts[-1])
                continue
            name = p.relative_to(base).as_posix()
            mime = mimetypes.guess_type(name)[0] or "application/octet-stream"
            data = p.read_bytes()
            br = brotli.compress(data)
            if len(br) >= len(data):
                br = False
            www[name] = data, br, mime


@app.get("/<path:path>", static=True)
async def wwwroot(req, path=""):
    """Frontend files only"""
    name = filename.sanitize(unquote(path)) if path else "index.html"
    try:
        index = files("cista").joinpath("wwwroot", name).read_bytes()
    except OSError as e:
        raise NotFound(
            f"File not found: /{path}", extra={"name": name, "exception": repr(e)}
        )
    mime = mimetypes.guess_type(name)[0] or "application/octet-stream"
    return raw(index, content_type=mime)
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`import mimetypes`
Cleanup 2023-10-15 05:31:54 +01:00			`from importlib.resources import files`
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`from urllib.parse import unquote`
Restructuring as a Python package. 2023-10-14 23:29:50 +01:00
Merged something 2023-11-01 14:03:17 +00:00			`import brotli`
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`from sanic import Blueprint, Sanic, raw`
			`from sanic.exceptions import Forbidden, NotFound`
Restructuring as a Python package. 2023-10-14 23:29:50 +01:00
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`from cista import auth, config, session, watching`
			`from cista.api import bp`
Frontend included in repository. 2023-10-21 20:30:47 +01:00			`from cista.util import filename`
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`from cista.util.apphelpers import handle_sanic_exception`

			`app = Sanic("cista", strict_slashes=True)`
			`app.blueprint(auth.bp)`
			`app.blueprint(bp)`
			`app.exception(Exception)(handle_sanic_exception)`
Restructuring as a Python package. 2023-10-14 23:29:50 +01:00
Formatting and fix Internal Server Error on upload 2023-10-28 21:20:34 +01:00
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`@app.before_server_start`
			`async def main_start(app, loop):`
			`config.load_config()`
			`await watching.start(app, loop)`

Formatting and fix Internal Server Error on upload 2023-10-28 21:20:34 +01:00
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`@app.after_server_stop`
			`async def main_stop(app, loop):`
			`await watching.stop(app, loop)`
Restructuring as a Python package. 2023-10-14 23:29:50 +01:00
Formatting and fix Internal Server Error on upload 2023-10-28 21:20:34 +01:00
Implemented control commands and tests. Rewritten error and session/flash handling. 2023-10-21 02:44:43 +01:00			`@app.on_request`
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`async def use_session(req):`
			`req.ctx.session = session.get(req)`
			`try:`
Fix field name in session cookie; prevented logged in useds authenticating. 2023-10-23 23:47:57 +01:00			`req.ctx.user = config.config.users[req.ctx.session["username"]] # type: ignore`
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`except (AttributeError, KeyError, TypeError):`
			`req.ctx.user = None`
Implemented control commands and tests. Rewritten error and session/flash handling. 2023-10-21 02:44:43 +01:00			`# CSRF protection`
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`if req.method == "GET" and req.headers.upgrade != "websocket":`
Implemented control commands and tests. Rewritten error and session/flash handling. 2023-10-21 02:44:43 +01:00			`return # Ordinary GET requests are fine`
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`# Check that origin matches host, for browsers which should all send Origin.`
			`# Curl doesn't send any Origin header, so we allow it anyway.`
			`origin = req.headers.origin`
			`if origin and origin.split("//", 1)[1] != req.host:`
Implemented control commands and tests. Rewritten error and session/flash handling. 2023-10-21 02:44:43 +01:00			`raise Forbidden("Invalid origin: Cross-Site requests not permitted")`

Formatting and fix Internal Server Error on upload 2023-10-28 21:20:34 +01:00
Restructuring as a Python package. 2023-10-14 23:29:50 +01:00			`@app.before_server_start`
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`def http_fileserver(app, _):`
			`bp = Blueprint("fileserver")`
			`bp.on_request(auth.verify)`
Formatting and fix Internal Server Error on upload 2023-10-28 21:20:34 +01:00			`bp.static(`
			`"/files/",`
			`config.config.path,`
			`use_content_range=True,`
			`stream_large_files=True,`
			`directory_view=True,`
			`)`
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`app.blueprint(bp)`

Formatting and fix Internal Server Error on upload 2023-10-28 21:20:34 +01:00
Merged something 2023-11-01 14:03:17 +00:00			`www = {}`


			`@app.before_server_start`
			`def load_wwwroot(app, _):`
			`www.clear()`
			`base = files("cista")`
			`paths = ["wwwroot"]`
			`while path := paths.pop(0):`
			`current = files("cista") / path`
			`for p in current.iterdir():`
			`if p.is_dir():`
			`print(p)`
			`paths.append(current / p.parts[-1])`
			`continue`
			`name = p.relative_to(base).as_posix()`
			`mime = mimetypes.guess_type(name)[0] or "application/octet-stream"`
			`data = p.read_bytes()`
			`br = brotli.compress(data)`
			`if len(br) >= len(data):`
			`br = False`
			`www[name] = data, br, mime`


Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`@app.get("/<path:path>", static=True)`
			`async def wwwroot(req, path=""):`
			`"""Frontend files only"""`
Frontend included in repository. 2023-10-21 20:30:47 +01:00			`name = filename.sanitize(unquote(path)) if path else "index.html"`
			`try:`
			`index = files("cista").joinpath("wwwroot", name).read_bytes()`
			`except OSError as e:`
Formatting and fix Internal Server Error on upload 2023-10-28 21:20:34 +01:00			`raise NotFound(`
			`f"File not found: /{path}", extra={"name": name, "exception": repr(e)}`
			`)`
Frontend included in repository. 2023-10-21 20:30:47 +01:00			`mime = mimetypes.guess_type(name)[0] or "application/octet-stream"`
			`return raw(index, content_type=mime)`