redo ttm customizations
This commit is contained in:
parent
8a912e8744
commit
60347713b8
|
@ -1,3 +1,4 @@
|
|||
__pycache__/
|
||||
.py[cod]
|
||||
instance/
|
||||
up/
|
||||
|
|
55
fhost.py
55
fhost.py
|
@ -18,6 +18,7 @@
|
|||
See the License for the specific language governing permissions
|
||||
and limitations under the License.
|
||||
"""
|
||||
import subprocess
|
||||
|
||||
from flask import Flask, abort, make_response, redirect, request, send_from_directory, url_for, Response, render_template
|
||||
from flask_sqlalchemy import SQLAlchemy
|
||||
|
@ -279,6 +280,32 @@ class File(db.Model):
|
|||
else:
|
||||
mime = get_mime()
|
||||
ext = get_ext(mime)
|
||||
|
||||
# strip all exif tags, saving orientation
|
||||
# requires exiftool available on PATH
|
||||
if app.config["STRIP_IMAGE_EXIF"] and mime.startswith("image/"):
|
||||
p = subprocess.Popen(
|
||||
[
|
||||
"exiftool",
|
||||
"-stay_open",
|
||||
"true",
|
||||
"-all=",
|
||||
"-tagsfromfile",
|
||||
"@",
|
||||
"-Orientation",
|
||||
"-",
|
||||
],
|
||||
stdout=subprocess.PIPE,
|
||||
stdin=subprocess.PIPE,
|
||||
)
|
||||
p.stdin.write(data)
|
||||
p.stdin.close()
|
||||
data = p.stdout.read()
|
||||
digest = sha256(data).hexdigest()
|
||||
f = File.query.filter_by(sha256=digest).first()
|
||||
if f:
|
||||
return f
|
||||
|
||||
mgmt_token = secrets.token_urlsafe()
|
||||
f = File(digest, ext, mime, addr, ua, expiration, mgmt_token)
|
||||
|
||||
|
@ -294,7 +321,9 @@ class File(db.Model):
|
|||
storage.mkdir(parents=True, exist_ok=True)
|
||||
p = storage / digest
|
||||
|
||||
if not p.is_file():
|
||||
if p.is_file():
|
||||
p.touch()
|
||||
else:
|
||||
with open(p, "wb") as of:
|
||||
of.write(data)
|
||||
|
||||
|
@ -340,23 +369,12 @@ def fhost_url(scheme=None):
|
|||
def is_fhost_url(url):
|
||||
return url.startswith(fhost_url()) or url.startswith(fhost_url("https"))
|
||||
|
||||
def shorten(url):
|
||||
if len(url) > app.config["MAX_URL_LENGTH"]:
|
||||
abort(414)
|
||||
|
||||
if not url_valid(url) or is_fhost_url(url) or "\n" in url:
|
||||
abort(400)
|
||||
|
||||
u = URL.get(url)
|
||||
|
||||
return u.geturl()
|
||||
|
||||
def in_upload_bl(addr):
|
||||
if app.config["FHOST_UPLOAD_BLACKLIST"]:
|
||||
with app.open_instance_resource(app.config["FHOST_UPLOAD_BLACKLIST"], "r") as bl:
|
||||
check = addr.lstrip("::ffff:")
|
||||
for l in bl.readlines():
|
||||
if not l.startswith("#"):
|
||||
if not l.startswith(b"#"):
|
||||
if check == l.rstrip():
|
||||
return True
|
||||
|
||||
|
@ -497,7 +515,7 @@ def fhost():
|
|||
if "file" in request.files:
|
||||
try:
|
||||
# Store the file with the requested expiration date
|
||||
return store_file(
|
||||
sf = store_file(
|
||||
request.files["file"],
|
||||
int(request.form["expires"]),
|
||||
request.remote_addr,
|
||||
|
@ -509,7 +527,7 @@ def fhost():
|
|||
abort(400)
|
||||
except KeyError:
|
||||
# No expiration date was requested, store with the max lifespan
|
||||
return store_file(
|
||||
sf = store_file(
|
||||
request.files["file"],
|
||||
None,
|
||||
request.remote_addr,
|
||||
|
@ -517,14 +535,17 @@ def fhost():
|
|||
secret
|
||||
)
|
||||
elif "url" in request.form:
|
||||
return store_url(
|
||||
sf = store_url(
|
||||
request.form["url"],
|
||||
request.remote_addr,
|
||||
request.user_agent.string,
|
||||
secret
|
||||
)
|
||||
elif "shorten" in request.form:
|
||||
return shorten(request.form["shorten"])
|
||||
abort(403)
|
||||
|
||||
if sf is not None:
|
||||
return Response(sf, mimetype="text/plain")
|
||||
|
||||
abort(400)
|
||||
else:
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name ttm.sh;
|
||||
return 307 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name ttm.sh;
|
||||
|
||||
# include your certs
|
||||
ssl_certificate /etc/letsencrypt/live/ttm.sh/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/ttm.sh/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
root /opt/ttm.sh;
|
||||
|
||||
location / {
|
||||
include uwsgi_params;
|
||||
uwsgi_param UWSGI_SCHEME $scheme;
|
||||
|
||||
# make sure this matches the port you're running uwsgi on
|
||||
uwsgi_pass 127.0.0.1:3031;
|
||||
}
|
||||
|
||||
location /up/ {
|
||||
internal;
|
||||
}
|
||||
location /favicon.ico {
|
||||
try_files $uri =404;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,17 @@
|
|||
# /etc/systemd/system/ttm.service
|
||||
[Unit]
|
||||
Description=null pointer
|
||||
After=ttm.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
WorkingDirectory=/srv/ttm/ttm.sh
|
||||
ExecStart=/usr/local/bin/uwsgi --socket 127.0.0.1:3031 --wsgi-file fhost.py --callable app --processes 4 --threads 2
|
||||
User=ttm
|
||||
Restart=always
|
||||
RestartSec=5
|
||||
StartLimitInterval=60s
|
||||
StartLimitBurst=3
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
Loading…
Reference in New Issue