Werkzeug uses tempfile.SpooledTemporaryFile, so we can make use of
file-like object properties. This may result in more disk writes,
but that’s probably better than eating up RAM.
I hope this fixes#84.
This moves preexisting blacklists to the database, and adds the
following filter types:
* IP address
* IP network
* MIME type
* User agent
In addition, IP address handling is now done with the ipaddress
module.
when a file without an extension was uploaded
and the mimetypes.guess_extension returned None
because there is no official file extension
for that mimetype a NoneType was subscripted
which yielded a 500 http error
Long names would get truncated at the end, causing problems
including unresolvable file URLs. Example with default settings:
.package.lst → .package.
Fixes#61
This introduces the X-Token header field in the response of newly
uploaded files as a simple way for users to manage their own files.
It does not need to be particularly secure.
SUPPLEMENTALLY:
- Add an `expiration` field to the `file` table of the database
- Produce a migration for the above change
- Overhaul the cleanup script, and integrate into fhost.py
(now run using FLASK_APP=fhost flask prune)
- Replace the old cleanup script with a deprecation notice
- Add information about how to expire files to the index
- Update the README with information about the new script
Squashed commits:
Add a note explaining that expired files aren't immediately removed
Show correct times on the index page graph
Improve the migration script, removing the need for --legacy
Use automap in place of an explicit file map in migration
Remove vestigial `touch()`
Don't crash when upgrading a fresh database
Remove vestigial warning about legacy files
More efficiently filter to unexpired files when migrating
#72 (comment)
Coalesce updates to the database during migration
#72 (comment)
Remove vestigial database model
#72 (comment)
prune: Stream expired files from the database
(as opposed to collecting them all first)
config.example.py: Add min & max expiration + description
This PR removes the short_url dependency as per issue #41.
This implementation is pretty much the same as in short_url except I've rewritten the enbase() function to be iterative instead of recursive.
The only functions of the class are enbase() and debase() since those were the only functions being used by fhost.
Co-authored-by: 7415963987456321 <hrs70@hi.is>
Reviewed-on: #53
Co-authored-by: mia <mia@0x0.st>
Co-committed-by: mia <mia@0x0.st>
Some servers (like IPFS gateways) will use chunked transfer encoding on
anything but identity content encoding. Also, probably fix a potential
zip bomb vulnerability.