Add flash messages to receive template, and begin implementing upload POST

This commit is contained in:
Micah Lee 2018-03-13 05:50:26 -07:00
parent 8e82c07039
commit 000d9620c1
No known key found for this signature in database
GPG key ID: 403C2657CD994F73
3 changed files with 44 additions and 4 deletions

View file

@ -31,9 +31,10 @@ from distutils.version import LooseVersion as Version
from urllib.request import urlopen from urllib.request import urlopen
from flask import ( from flask import (
Flask, Response, request, render_template, abort, make_response, Flask, Response, request, render_template, abort, make_response, flash,
__version__ as flask_version redirect, __version__ as flask_version
) )
from werkzeug.utils import secure_filename
from . import strings, common from . import strings, common
@ -48,6 +49,7 @@ class Web(object):
self.app = Flask(__name__, self.app = Flask(__name__,
static_folder=common.get_resource_path('static'), static_folder=common.get_resource_path('static'),
template_folder=common.get_resource_path('templates')) template_folder=common.get_resource_path('templates'))
self.app.secret_key = self.common.random_string(8)
# Debug mode? # Debug mode?
if self.common.debug: if self.common.debug:
@ -61,6 +63,8 @@ class Web(object):
# Are we using receive mode? # Are we using receive mode?
self.receive_mode = receive_mode self.receive_mode = receive_mode
if self.receive_mode:
self.app.config['UPLOAD_FOLDER'] = self.common.settings.get('downloads_dir')
# Starting in Flask 0.11, render_template_string autoescapes template variables # Starting in Flask 0.11, render_template_string autoescapes template variables
# by default. To prevent content injection through template variables in # by default. To prevent content injection through template variables in
@ -257,12 +261,26 @@ class Web(object):
def index(slug_candidate): def index(slug_candidate):
self.check_slug_candidate(slug_candidate) self.check_slug_candidate(slug_candidate)
# If download is allowed to continue, serve download page
r = make_response(render_template( r = make_response(render_template(
'receive.html', 'receive.html',
slug=self.slug)) slug=self.slug))
return self.add_security_headers(r) return self.add_security_headers(r)
@self.app.route("/<slug_candidate>/upload", methods=['POST'])
def upload(slug_candidate):
# Note that flash strings are on English, and not translated, on purpose,
# to avoid leaking the locale of the OnionShare user
self.check_slug_candidate(slug_candidate)
self.common.log('Web', 'upload, request.files: {}'.format(request.files))
# Check if the post request has the file part
if 'file' not in request.files:
flash('No files were selected to upload')
return redirect('/{}'.format(slug_candidate))
files = request.files['file']
return ''
def common_routes(self): def common_routes(self):
""" """
Common web app routes between sending and receiving Common web app routes between sending and receiving

View file

@ -115,3 +115,15 @@ table.file-list td:last-child {
color: #666666; color: #666666;
margin: 0 0 20px 0; margin: 0 0 20px 0;
} }
ul.flashes {
list-style: none;
margin: 0;
padding: 0;
color: #cc0000;
}
ul.flashes li {
margin: 0;
padding: 10px;
}

View file

@ -12,12 +12,22 @@
<h1>OnionShare</h1> <h1>OnionShare</h1>
</header> </header>
{% with messages = get_flashed_messages() %}
{% if messages %}
<ul class=flashes>
{% for message in messages %}
<li>{{ message }}</li>
{% endfor %}
</ul>
{% endif %}
{% endwith %}
<div class="upload-wrapper"> <div class="upload-wrapper">
<div class="upload"> <div class="upload">
<p><img class="logo" src="/static/img/logo_large.png" title="OnionShare"></p> <p><img class="logo" src="/static/img/logo_large.png" title="OnionShare"></p>
<p class="upload-header">Send Files</p> <p class="upload-header">Send Files</p>
<p class="upload-description">Select the files you want to send, then click "Send Files"...</p> <p class="upload-description">Select the files you want to send, then click "Send Files"...</p>
<form method="post" enctype="multipart/form-data" action="/{{ slug }}/"> <form method="post" enctype="multipart/form-data" action="/{{ slug }}/upload">
<p><input type="file" multiple /></p> <p><input type="file" multiple /></p>
<p><input type="submit" class="button" value="Upload Files" /></p> <p><input type="submit" class="button" value="Upload Files" /></p>
</form> </form>