cista-storage/cista/app.py

import mimetypes
from importlib.resources import files
from urllib.parse import unquote

import asyncio
import brotli
from sanic import Blueprint, Sanic, raw
from sanic.exceptions import Forbidden, NotFound

from cista import auth, config, session, watching
from cista.api import bp
from cista.util import filename
from cista.util.apphelpers import handle_sanic_exception

app = Sanic("cista", strict_slashes=True)
app.blueprint(auth.bp)
app.blueprint(bp)
app.exception(Exception)(handle_sanic_exception)


@app.before_server_start
async def main_start(app, loop):
    config.load_config()
    await watching.start(app, loop)


@app.after_server_stop
async def main_stop(app, loop):
    await watching.stop(app, loop)


@app.on_request
async def use_session(req):
    req.ctx.session = session.get(req)
    try:
        req.ctx.user = config.config.users[req.ctx.session["username"]]  # type: ignore
    except (AttributeError, KeyError, TypeError):
        req.ctx.user = None
    # CSRF protection
    if req.method == "GET" and req.headers.upgrade != "websocket":
        return  # Ordinary GET requests are fine
    # Check that origin matches host, for browsers which should all send Origin.
    # Curl doesn't send any Origin header, so we allow it anyway.
    origin = req.headers.origin
    if origin and origin.split("//", 1)[1] != req.host:
        raise Forbidden("Invalid origin: Cross-Site requests not permitted")


@app.before_server_start
def http_fileserver(app, _):
    bp = Blueprint("fileserver")
    bp.on_request(auth.verify)
    bp.static(
        "/files/",
        config.config.path,
        use_content_range=True,
        stream_large_files=True,
        directory_view=True,
    )
    app.blueprint(bp)


www = {}


@app.before_server_start
def load_wwwroot(app):
    global www
    wwwnew = {}
    base = files("cista") / "wwwroot"
    paths = ["."]
    while paths:
        path = paths.pop(0)
        current = base / path
        for p in current.iterdir():
            if p.is_dir():
                paths.append(current / p.parts[-1])
                continue
            name = p.relative_to(base).as_posix()
            mime = mimetypes.guess_type(name)[0] or "application/octet-stream"
            data = p.read_bytes()
            # Use old data if not changed
            if name in www and www[name][0] == data:
                wwwnew[name] = www[name]
                continue
            # Precompress with Brotli
            br = brotli.compress(data)
            if len(br) >= len(data):
                br = False
            wwwnew[name] = data, br, mime
    www = wwwnew

@app.add_task
async def refresh_wwwroot():
    while app.debug:
        await asyncio.sleep(0.5)
        load_wwwroot(app)

@app.get("/<path:path>", static=True)
async def wwwroot(req, path=""):
    """Frontend files only"""
    name = unquote(path) or "index.html"
    if name not in www:
        raise NotFound(f"File not found: /{path}", extra={"name": name})
    data, br, mime = www[name]
    headers = {}
    # Brotli compressed?
    if br and "br" in req.headers.accept_encoding.split(", "):
        headers["content-encoding"] = "br"
        data = br
    return raw(data, content_type=mime, headers=headers)
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`import mimetypes`
Cleanup 2023-10-15 05:31:54 +01:00			`from importlib.resources import files`
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`from urllib.parse import unquote`
Restructuring as a Python package. 2023-10-14 23:29:50 +01:00
Realtime updates of wwwroot files when --dev is used. 2023-11-01 14:53:57 +00:00			`import asyncio`
Merged something 2023-11-01 14:03:17 +00:00			`import brotli`
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`from sanic import Blueprint, Sanic, raw`
			`from sanic.exceptions import Forbidden, NotFound`
Restructuring as a Python package. 2023-10-14 23:29:50 +01:00
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`from cista import auth, config, session, watching`
			`from cista.api import bp`
Frontend included in repository. 2023-10-21 20:30:47 +01:00			`from cista.util import filename`
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`from cista.util.apphelpers import handle_sanic_exception`

			`app = Sanic("cista", strict_slashes=True)`
			`app.blueprint(auth.bp)`
			`app.blueprint(bp)`
			`app.exception(Exception)(handle_sanic_exception)`
Restructuring as a Python package. 2023-10-14 23:29:50 +01:00
Formatting and fix Internal Server Error on upload 2023-10-28 21:20:34 +01:00
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`@app.before_server_start`
			`async def main_start(app, loop):`
			`config.load_config()`
			`await watching.start(app, loop)`

Formatting and fix Internal Server Error on upload 2023-10-28 21:20:34 +01:00
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`@app.after_server_stop`
			`async def main_stop(app, loop):`
			`await watching.stop(app, loop)`
Restructuring as a Python package. 2023-10-14 23:29:50 +01:00
Formatting and fix Internal Server Error on upload 2023-10-28 21:20:34 +01:00
Implemented control commands and tests. Rewritten error and session/flash handling. 2023-10-21 02:44:43 +01:00			`@app.on_request`
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`async def use_session(req):`
			`req.ctx.session = session.get(req)`
			`try:`
Fix field name in session cookie; prevented logged in useds authenticating. 2023-10-23 23:47:57 +01:00			`req.ctx.user = config.config.users[req.ctx.session["username"]] # type: ignore`
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`except (AttributeError, KeyError, TypeError):`
			`req.ctx.user = None`
Implemented control commands and tests. Rewritten error and session/flash handling. 2023-10-21 02:44:43 +01:00			`# CSRF protection`
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`if req.method == "GET" and req.headers.upgrade != "websocket":`
Implemented control commands and tests. Rewritten error and session/flash handling. 2023-10-21 02:44:43 +01:00			`return # Ordinary GET requests are fine`
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`# Check that origin matches host, for browsers which should all send Origin.`
			`# Curl doesn't send any Origin header, so we allow it anyway.`
			`origin = req.headers.origin`
			`if origin and origin.split("//", 1)[1] != req.host:`
Implemented control commands and tests. Rewritten error and session/flash handling. 2023-10-21 02:44:43 +01:00			`raise Forbidden("Invalid origin: Cross-Site requests not permitted")`

Formatting and fix Internal Server Error on upload 2023-10-28 21:20:34 +01:00
Restructuring as a Python package. 2023-10-14 23:29:50 +01:00			`@app.before_server_start`
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`def http_fileserver(app, _):`
			`bp = Blueprint("fileserver")`
			`bp.on_request(auth.verify)`
Formatting and fix Internal Server Error on upload 2023-10-28 21:20:34 +01:00			`bp.static(`
			`"/files/",`
			`config.config.path,`
			`use_content_range=True,`
			`stream_large_files=True,`
			`directory_view=True,`
			`)`
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`app.blueprint(bp)`

Formatting and fix Internal Server Error on upload 2023-10-28 21:20:34 +01:00
Merged something 2023-11-01 14:03:17 +00:00			`www = {}`


			`@app.before_server_start`
Faster wwwroot serving, uses RAM cache of brotli compressed data for all assets. 2023-11-01 14:40:08 +00:00			`def load_wwwroot(app):`
Realtime updates of wwwroot files when --dev is used. 2023-11-01 14:53:57 +00:00			`global www`
			`wwwnew = {}`
Faster wwwroot serving, uses RAM cache of brotli compressed data for all assets. 2023-11-01 14:40:08 +00:00			`base = files("cista") / "wwwroot"`
			`paths = ["."]`
			`while paths:`
			`path = paths.pop(0)`
			`current = base / path`
Merged something 2023-11-01 14:03:17 +00:00			`for p in current.iterdir():`
			`if p.is_dir():`
			`paths.append(current / p.parts[-1])`
			`continue`
			`name = p.relative_to(base).as_posix()`
			`mime = mimetypes.guess_type(name)[0] or "application/octet-stream"`
			`data = p.read_bytes()`
Realtime updates of wwwroot files when --dev is used. 2023-11-01 14:53:57 +00:00			`# Use old data if not changed`
			`if name in www and www[name][0] == data:`
			`wwwnew[name] = www[name]`
			`continue`
			`# Precompress with Brotli`
Merged something 2023-11-01 14:03:17 +00:00			`br = brotli.compress(data)`
			`if len(br) >= len(data):`
			`br = False`
Realtime updates of wwwroot files when --dev is used. 2023-11-01 14:53:57 +00:00			`wwwnew[name] = data, br, mime`
			`www = wwwnew`

			`@app.add_task`
			`async def refresh_wwwroot():`
			`while app.debug:`
			`await asyncio.sleep(0.5)`
			`load_wwwroot(app)`
Merged something 2023-11-01 14:03:17 +00:00
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`@app.get("/<path:path>", static=True)`
			`async def wwwroot(req, path=""):`
			`"""Frontend files only"""`
Faster wwwroot serving, uses RAM cache of brotli compressed data for all assets. 2023-11-01 14:40:08 +00:00			`name = unquote(path) or "index.html"`
			`if name not in www:`
			`raise NotFound(f"File not found: /{path}", extra={"name": name})`
			`data, br, mime = www[name]`
			`headers = {}`
			`# Brotli compressed?`
			`if br and "br" in req.headers.accept_encoding.split(", "):`
			`headers["content-encoding"] = "br"`
			`data = br`
			`return raw(data, content_type=mime, headers=headers)`