redo ttm customizations

2023-08-25 16:32:59 -04:00 · 2023-08-25 16:32:59 -04:00 · 60347713b8
parent 8a912e8744
commit 60347713b8
4 changed files with 91 additions and 17 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 __pycache__/
 .py[cod]
 instance/
+up/
--- a/fhost.py
+++ b/fhost.py
@ -18,6 +18,7 @@
    See the License for the specific language governing permissions
    and limitations under the License.
 """
+import subprocess

 from flask import Flask, abort, make_response, redirect, request, send_from_directory, url_for, Response, render_template
 from flask_sqlalchemy import SQLAlchemy
@ -279,6 +280,32 @@ class File(db.Model):
        else:
            mime = get_mime()
            ext = get_ext(mime)
+
+            # strip all exif tags, saving orientation
+            # requires exiftool available on PATH
+            if app.config["STRIP_IMAGE_EXIF"] and mime.startswith("image/"):
+                p = subprocess.Popen(
+                    [
+                        "exiftool",
+                        "-stay_open",
+                        "true",
+                        "-all=",
+                        "-tagsfromfile",
+                        "@",
+                        "-Orientation",
+                        "-",
+                    ],
+                    stdout=subprocess.PIPE,
+                    stdin=subprocess.PIPE,
+                )
+                p.stdin.write(data)
+                p.stdin.close()
+                data = p.stdout.read()
+                digest = sha256(data).hexdigest()
+                f = File.query.filter_by(sha256=digest).first()
+                if f:
+                    return f
+
            mgmt_token = secrets.token_urlsafe()
            f = File(digest, ext, mime, addr, ua, expiration, mgmt_token)

@ -294,7 +321,9 @@ class File(db.Model):
        storage.mkdir(parents=True, exist_ok=True)
        p = storage / digest

-        if not p.is_file():
+        if p.is_file():
+            p.touch()
+        else:
            with open(p, "wb") as of:
                of.write(data)

@ -340,23 +369,12 @@ def fhost_url(scheme=None):
 def is_fhost_url(url):
    return url.startswith(fhost_url()) or url.startswith(fhost_url("https"))

-def shorten(url):
-    if len(url) > app.config["MAX_URL_LENGTH"]:
-        abort(414)
-
-    if not url_valid(url) or is_fhost_url(url) or "\n" in url:
-        abort(400)
-
-    u = URL.get(url)
-
-    return u.geturl()
-
 def in_upload_bl(addr):
    if app.config["FHOST_UPLOAD_BLACKLIST"]:
        with app.open_instance_resource(app.config["FHOST_UPLOAD_BLACKLIST"], "r") as bl:
            check = addr.lstrip("::ffff:")
            for l in bl.readlines():
-                if not l.startswith("#"):
+                if not l.startswith(b"#"):
                    if check == l.rstrip():
                        return True

@ -497,7 +515,7 @@ def fhost():
        if "file" in request.files:
            try:
                # Store the file with the requested expiration date
-                return store_file(
+                sf = store_file(
                    request.files["file"],
                    int(request.form["expires"]),
                    request.remote_addr,
@ -509,7 +527,7 @@ def fhost():
                abort(400)
            except KeyError:
                # No expiration date was requested, store with the max lifespan
-                return store_file(
+                sf = store_file(
                    request.files["file"],
                    None,
                    request.remote_addr,
@ -517,14 +535,17 @@ def fhost():
                    secret
                )
        elif "url" in request.form:
-            return store_url(
+            sf = store_url(
                request.form["url"],
                request.remote_addr,
                request.user_agent.string,
                secret
            )
        elif "shorten" in request.form:
-            return shorten(request.form["shorten"])
+            abort(403)
+
+        if sf is not None:
+            return Response(sf, mimetype="text/plain")

        abort(400)
    else:
--- a/nginx.conf
+++ b/nginx.conf
@ -0,0 +1,35 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name ttm.sh;
+    return 307 https://$server_name$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name ttm.sh;
+
+    # include your certs 
+    ssl_certificate /etc/letsencrypt/live/ttm.sh/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/ttm.sh/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    root /opt/ttm.sh;
+
+    location / {
+        include uwsgi_params;
+        uwsgi_param UWSGI_SCHEME $scheme;
+
+        # make sure this matches the port you're running uwsgi on
+        uwsgi_pass 127.0.0.1:3031;
+    }
+
+    location /up/ {
+        internal;
+    }
+    location /favicon.ico {
+        try_files $uri =404;
+    }
+}
--- a/ttm.service
+++ b/ttm.service
@ -0,0 +1,17 @@
+# /etc/systemd/system/ttm.service
+[Unit]
+Description=null pointer
+After=ttm.service
+
+[Service]
+Type=simple
+WorkingDirectory=/srv/ttm/ttm.sh
+ExecStart=/usr/local/bin/uwsgi --socket 127.0.0.1:3031 --wsgi-file fhost.py --callable app --processes 4 --threads 2
+User=ttm
+Restart=always
+RestartSec=5
+StartLimitInterval=60s
+StartLimitBurst=3
+
+[Install]
+WantedBy=default.target