summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--module/Utils.py9
-rw-r--r--module/database/UserDatabase.py34
-rw-r--r--module/plugins/hoster/BasePlugin.py7
-rw-r--r--module/web/json_app.py13
-rw-r--r--module/web/pyload_app.py14
-rw-r--r--module/web/templates/jinja/default/base.html8
-rw-r--r--module/web/utils.py23
-rw-r--r--module/web/webinterface.py5
8 files changed, 80 insertions, 33 deletions
diff --git a/module/Utils.py b/module/Utils.py
index b023a981d..6f889118d 100644
--- a/module/Utils.py
+++ b/module/Utils.py
@@ -13,6 +13,13 @@ def chmod(*args):
except:
pass
+def decode(string):
+ """ decode string with utf if possible """
+ try:
+ return string.decode("utf8", "ignore")
+ except:
+ return string
+
def save_join(*args):
""" joins a path, encoding aware """
paths = []
@@ -21,6 +28,8 @@ def save_join(*args):
if i:
path = path.replace(":","")
+ path = decode(path)
+
tmp = path.encode(sys.getfilesystemencoding(), "replace")
paths.append(tmp)
return join(*paths)
diff --git a/module/database/UserDatabase.py b/module/database/UserDatabase.py
index a69dfff0e..6137581ed 100644
--- a/module/database/UserDatabase.py
+++ b/module/database/UserDatabase.py
@@ -22,20 +22,36 @@ from DatabaseBackend import style
from hashlib import sha1
import random
+class PERMS:
+ ADD = 1 # can add packages
+ DELETE = 2 # can delete packages
+ STATUS = 4 # see and change server status
+ SEE_DOWNLOADS = 16 # see queue and collector
+ DOWNLOAD = 32 # can download from webinterface
+ SETTINGS = 64 # can access settings
+
+class ROLE:
+ ADMIN = 0 #admin has all permissions implicit
+ USER = 1
+
+def has_permission(current, perms):
+ # bytewise or perms before if needed
+ return current == (current & perms)
+
class UserMethods():
@style.queue
def checkAuth(db, user, password):
c = db.c
- c.execute('SELECT name, password, role, permission, template FROM "users" WHERE name=?', (user, ))
+ c.execute('SELECT id, name, password, role, permission, template FROM "users" WHERE name=?', (user, ))
r = c.fetchone()
if not r:
return {}
- salt = r[1][:5]
- pw = r[1][5:]
+ salt = r[2][:5]
+ pw = r[2][5:]
h = sha1(salt + password)
if h.hexdigest() == pw:
- return {"name": r[0], "role": r[2], "permission": r[3], "template": r[4]}
+ return {"id": r[0], "name": r[1], "role": r[3], "permission": r[4], "template": r[5]}
else:
return {}
@@ -51,6 +67,11 @@ class UserMethods():
c.execute('UPDATE users SET password=? WHERE name=?', (password, user))
else:
c.execute('INSERT INTO users (name, password) VALUES (?, ?)', (user, password))
+
+
+ @style.queue
+ def setPermission(db, userid, perms):
+ db.c.execute("UPDATE users SET permission=? WHERE id=?", (perms, userid))
@style.queue
def listUsers(db):
@@ -63,10 +84,7 @@ class UserMethods():
@style.queue
def removeUser(db, user):
- c = db.c
- c.execute('SELECT name FROM users WHERE name=?', (user, ))
- if c.fetchone() is not None:
- c.execute('DELETE FROM users WHERE name=?', (user, ))
+ c.execute('DELETE FROM users WHERE name=?', (user, ))
DatabaseBackend.registerSub(UserMethods)
diff --git a/module/plugins/hoster/BasePlugin.py b/module/plugins/hoster/BasePlugin.py
index b1ae630fd..0248ca624 100644
--- a/module/plugins/hoster/BasePlugin.py
+++ b/module/plugins/hoster/BasePlugin.py
@@ -22,9 +22,14 @@ class BasePlugin(Hoster):
# self.__name__ = "NetloadIn"
# pyfile.name = "test"
-# self.load("http://localhost:9000/short")
+# self.html = self.load("http://localhost:9000/short")
# self.download("http://localhost:9000/short")
+# self.api = self.load("http://localhost:9000/short")
# self.decryptCaptcha("http://localhost:9000/captcha")
+#
+# if pyfile.url == "79":
+# self.core.server_methods.add_package("test", [str(i) for i in range(80)], 1)
+#
# return
if pyfile.url.startswith("http"):
diff --git a/module/web/json_app.py b/module/web/json_app.py
index f10c09498..8eb2dbbfe 100644
--- a/module/web/json_app.py
+++ b/module/web/json_app.py
@@ -210,7 +210,7 @@ def link_order(ids):
@route("/json/add_package", method="POST")
@login_required('can_add')
def add_package():
- name = request.forms['add_name']
+ name = request.forms.get("add_name", "New Package")
queue = int(request.forms['add_dest'])
links = request.forms['add_links'].decode("utf8", "ignore")
links = links.split("\n")
@@ -219,7 +219,7 @@ def add_package():
try:
f = request.files['add_file']
- if name is None or name == "":
+ if name == "New Package":
name = f.name
fpath = join(PYLOAD.get_conf_val("general", "download_folder"), "tmp_" + f.filename)
@@ -230,9 +230,6 @@ def add_package():
except:
pass
- if name is None or name == "":
- return HTTPError()
-
name = name.decode("utf8", "ignore")
links = map(lambda x: x.strip(), links)
@@ -283,10 +280,10 @@ def move_package(dest, id):
def edit_package():
try:
id = int(request.forms.get("pack_id"))
- data = {"name": request.forms.get("pack_name"),
- "folder": request.forms.get("pack_folder"),
+ data = {"name": request.forms.get("pack_name").decode("utf8", "ignore"),
+ "folder": request.forms.get("pack_folder").decode("utf8", "ignore"),
"priority": request.forms.get("pack_prio"),
- "password": request.forms.get("pack_pws")}
+ "password": request.forms.get("pack_pws").decode("utf8", "ignore")}
PYLOAD.set_package_data(id, data)
return "success"
diff --git a/module/web/pyload_app.py b/module/web/pyload_app.py
index 82701e755..643e1e75c 100644
--- a/module/web/pyload_app.py
+++ b/module/web/pyload_app.py
@@ -38,7 +38,7 @@ from webinterface import PYLOAD, PROJECT_DIR, SETUP
from utils import render_to_response, parse_permissions, parse_userdata, login_required
from filters import relpath, unquotepath
-from module.utils import formatSize
+from module.utils import formatSize, decode
# Helper
@@ -69,6 +69,9 @@ def base(messages):
## Views
@error(500)
def error500(error):
+ if request.header.get('X-Requested-With') == 'XMLHttpRequest':
+ return HTTPError(500, error.traceback)
+
return base(["An Error occured, please enable debug mode to get more details.", error,
error.traceback.replace("\n", "<br>") if error.traceback else "No Traceback"])
@@ -103,6 +106,7 @@ def login_post():
s = request.environ.get('beaker.session')
s["authenticated"] = True
+ s["id"] = info["id"]
s["name"] = info["name"]
s["role"] = info["role"]
s["perms"] = info["permission"]
@@ -171,14 +175,14 @@ def downloads():
for item in sorted(listdir(root)):
if isdir(join(root, item)):
folder = {
- 'name': item,
- 'path': item,
+ 'name': decode(item),
+ 'path': decode(item),
'files': []
}
for file in sorted(listdir(join(root, item))):
try:
if isfile(join(root, item, file)):
- folder['files'].append(file)
+ folder['files'].append(decode(file))
except:
pass
@@ -466,7 +470,7 @@ def logs(item=-1):
if counter >= item:
try:
- date, time, level, message = l.split(" ", 3)
+ date, time, level, message = l.decode("utf8", "ignore").split(" ", 3)
dtime = datetime.strptime(date + ' ' + time, '%d.%m.%Y %H:%M:%S')
except:
dtime = None
diff --git a/module/web/templates/jinja/default/base.html b/module/web/templates/jinja/default/base.html
index f5e2b9634..0931291b7 100644
--- a/module/web/templates/jinja/default/base.html
+++ b/module/web/templates/jinja/default/base.html
@@ -30,9 +30,9 @@ document.addEvent("domready", function(){
$('add_form').onsubmit=function() {
$('add_form').target = 'upload_target';
- if ($('add_name').value == "" && $('add_file').value != " "){
+ if ($('add_name').value == "" && $('add_file').value == ""){
alert("{{_("Please Enter a packagename.")}}");
- return false
+ return false;
}else{
out();
}
@@ -259,7 +259,7 @@ function AddBox()
<div style="clear:both;"></div>
</div>
-{% if perms.can_change_status %}
+{% if perms.status %}
<ul id="page-actions2">
<li id="action_play"><a href="#" class="action play" accesskey="o" rel="nofollow">{{_("Start")}}</a></li>
<li id="action_stop"><a href="#" class="action stop" accesskey="o" rel="nofollow">{{_("Stop")}}</a></li>
@@ -268,7 +268,7 @@ function AddBox()
</ul>
{% endif %}
-{% if perms.can_see_dl %}
+{% if perms.see_downloads %}
<ul id="page-actions">
<li><span class="time">{{_("Download:")}}</span><a id="time" style=" background-color: {% if status.download %}#8ffc25{% else %} #fc6e26{% endif %}; padding-left: 0cm; padding-right: 0.1cm; "> {% if status.download %}{{_("on")}}{% else %}{{_("off")}}{% endif %}</a></li>
<li><span class="reconnect">{{_("Reconnect:")}}</span><a id="reconnect" style=" background-color: {% if status.reconnect %}#8ffc25{% else %} #fc6e26{% endif %}; padding-left: 0cm; padding-right: 0.1cm; "> {% if status.reconnect %}{{_("on")}}{% else %}{{_("off")}}{% endif %}</a></li>
diff --git a/module/web/utils.py b/module/web/utils.py
index f738560f7..8674fea1c 100644
--- a/module/web/utils.py
+++ b/module/web/utils.py
@@ -20,6 +20,8 @@ from bottle import request, HTTPError, redirect, ServerAdapter
from webinterface import env, TEMPLATE
+from module.database.UserDatabase import has_permission, PERMS, ROLE
+
def render_to_response(name, args={}, proc=[]):
for p in proc:
args.update(p())
@@ -28,14 +30,27 @@ def render_to_response(name, args={}, proc=[]):
return t.render(**args)
def parse_permissions(session):
- perms = {"can_change_status": False,
- "can_see_dl": False}
+ perms = {"add": False,
+ "delete": False,
+ "status": False,
+ "see_downloads": False,
+ "download" : False,
+ "settings": False}
if not session.get("authenticated", False):
return perms
- perms["can_change_status"] = True
- perms["can_see_dl"] = True
+ if session.get("role") == ROLE.ADMIN:
+ for k in perms.iterkeys():
+ perms[k] = True
+ else:
+ p = session.get("permission")
+ perms["add"] = has_permission(p, PERMS.ADD)
+ perms["delete"] = has_permission(p, PERMS.DELETE)
+ perms["status"] = has_permission(p, PERMS.STATUS)
+ perms["see_downloads"] = has_permission(p, PERMS.SEE_DOWNLOADS)
+ perms["download"] = has_permission(p, PERMS.DOWNLOAD)
+ perms["settings"] = has_permission(p, PERMS.SETTINGS)
return perms
diff --git a/module/web/webinterface.py b/module/web/webinterface.py
index 0d94fb4dc..54468d936 100644
--- a/module/web/webinterface.py
+++ b/module/web/webinterface.py
@@ -90,14 +90,14 @@ JS = JsEngine()
TEMPLATE = config.get('webinterface', 'template')
DL_ROOT = config.get('general', 'download_folder')
LOG_ROOT = config.get('log', 'log_folder')
-DEBUG = config.get("general","debug_mode")
+DEBUG = config.get("general","debug_mode") or "-d" in sys.argv or "--debug" in sys.argv
bottle.debug(DEBUG)
cache = join("tmp", "jinja_cache")
if not exists(cache):
makedirs(cache)
-bcc = FileSystemBytecodeCache(cache)
+bcc = FileSystemBytecodeCache(cache, '%s.cache')
loader = PrefixLoader({
"default": FileSystemLoader(join(PROJECT_DIR, "templates", "jinja", "default"))
})
@@ -133,7 +133,6 @@ import pyload_app
import json_app
import cnl_app
-
def run_simple(host="0.0.0.0", port="8000"):
run(app=web, host=host, port=port, quiet=True)