diff options
| -rw-r--r-- | module/Utils.py | 9 | ||||
| -rw-r--r-- | module/database/UserDatabase.py | 34 | ||||
| -rw-r--r-- | module/plugins/hoster/BasePlugin.py | 7 | ||||
| -rw-r--r-- | module/web/json_app.py | 13 | ||||
| -rw-r--r-- | module/web/pyload_app.py | 14 | ||||
| -rw-r--r-- | module/web/templates/jinja/default/base.html | 8 | ||||
| -rw-r--r-- | module/web/utils.py | 23 | ||||
| -rw-r--r-- | module/web/webinterface.py | 5 |
8 files changed, 80 insertions, 33 deletions
diff --git a/module/Utils.py b/module/Utils.py index b023a981d..6f889118d 100644 --- a/module/Utils.py +++ b/module/Utils.py @@ -13,6 +13,13 @@ def chmod(*args): except: pass +def decode(string): + """ decode string with utf if possible """ + try: + return string.decode("utf8", "ignore") + except: + return string + def save_join(*args): """ joins a path, encoding aware """ paths = [] @@ -21,6 +28,8 @@ def save_join(*args): if i: path = path.replace(":","") + path = decode(path) + tmp = path.encode(sys.getfilesystemencoding(), "replace") paths.append(tmp) return join(*paths) diff --git a/module/database/UserDatabase.py b/module/database/UserDatabase.py index a69dfff0e..6137581ed 100644 --- a/module/database/UserDatabase.py +++ b/module/database/UserDatabase.py @@ -22,20 +22,36 @@ from DatabaseBackend import style from hashlib import sha1 import random +class PERMS: + ADD = 1 # can add packages + DELETE = 2 # can delete packages + STATUS = 4 # see and change server status + SEE_DOWNLOADS = 16 # see queue and collector + DOWNLOAD = 32 # can download from webinterface + SETTINGS = 64 # can access settings + +class ROLE: + ADMIN = 0 #admin has all permissions implicit + USER = 1 + +def has_permission(current, perms): + # bytewise or perms before if needed + return current == (current & perms) + class UserMethods(): @style.queue def checkAuth(db, user, password): c = db.c - c.execute('SELECT name, password, role, permission, template FROM "users" WHERE name=?', (user, )) + c.execute('SELECT id, name, password, role, permission, template FROM "users" WHERE name=?', (user, )) r = c.fetchone() if not r: return {} - salt = r[1][:5] - pw = r[1][5:] + salt = r[2][:5] + pw = r[2][5:] h = sha1(salt + password) if h.hexdigest() == pw: - return {"name": r[0], "role": r[2], "permission": r[3], "template": r[4]} + return {"id": r[0], "name": r[1], "role": r[3], "permission": r[4], "template": r[5]} else: return {} @@ -51,6 +67,11 @@ class UserMethods(): c.execute('UPDATE users SET password=? WHERE name=?', (password, user)) else: c.execute('INSERT INTO users (name, password) VALUES (?, ?)', (user, password)) + + + @style.queue + def setPermission(db, userid, perms): + db.c.execute("UPDATE users SET permission=? WHERE id=?", (perms, userid)) @style.queue def listUsers(db): @@ -63,10 +84,7 @@ class UserMethods(): @style.queue def removeUser(db, user): - c = db.c - c.execute('SELECT name FROM users WHERE name=?', (user, )) - if c.fetchone() is not None: - c.execute('DELETE FROM users WHERE name=?', (user, )) + c.execute('DELETE FROM users WHERE name=?', (user, )) DatabaseBackend.registerSub(UserMethods) diff --git a/module/plugins/hoster/BasePlugin.py b/module/plugins/hoster/BasePlugin.py index b1ae630fd..0248ca624 100644 --- a/module/plugins/hoster/BasePlugin.py +++ b/module/plugins/hoster/BasePlugin.py @@ -22,9 +22,14 @@ class BasePlugin(Hoster): # self.__name__ = "NetloadIn" # pyfile.name = "test" -# self.load("http://localhost:9000/short") +# self.html = self.load("http://localhost:9000/short") # self.download("http://localhost:9000/short") +# self.api = self.load("http://localhost:9000/short") # self.decryptCaptcha("http://localhost:9000/captcha") +# +# if pyfile.url == "79": +# self.core.server_methods.add_package("test", [str(i) for i in range(80)], 1) +# # return if pyfile.url.startswith("http"): diff --git a/module/web/json_app.py b/module/web/json_app.py index f10c09498..8eb2dbbfe 100644 --- a/module/web/json_app.py +++ b/module/web/json_app.py @@ -210,7 +210,7 @@ def link_order(ids): @route("/json/add_package", method="POST") @login_required('can_add') def add_package(): - name = request.forms['add_name'] + name = request.forms.get("add_name", "New Package") queue = int(request.forms['add_dest']) links = request.forms['add_links'].decode("utf8", "ignore") links = links.split("\n") @@ -219,7 +219,7 @@ def add_package(): try: f = request.files['add_file'] - if name is None or name == "": + if name == "New Package": name = f.name fpath = join(PYLOAD.get_conf_val("general", "download_folder"), "tmp_" + f.filename) @@ -230,9 +230,6 @@ def add_package(): except: pass - if name is None or name == "": - return HTTPError() - name = name.decode("utf8", "ignore") links = map(lambda x: x.strip(), links) @@ -283,10 +280,10 @@ def move_package(dest, id): def edit_package(): try: id = int(request.forms.get("pack_id")) - data = {"name": request.forms.get("pack_name"), - "folder": request.forms.get("pack_folder"), + data = {"name": request.forms.get("pack_name").decode("utf8", "ignore"), + "folder": request.forms.get("pack_folder").decode("utf8", "ignore"), "priority": request.forms.get("pack_prio"), - "password": request.forms.get("pack_pws")} + "password": request.forms.get("pack_pws").decode("utf8", "ignore")} PYLOAD.set_package_data(id, data) return "success" diff --git a/module/web/pyload_app.py b/module/web/pyload_app.py index 82701e755..643e1e75c 100644 --- a/module/web/pyload_app.py +++ b/module/web/pyload_app.py @@ -38,7 +38,7 @@ from webinterface import PYLOAD, PROJECT_DIR, SETUP from utils import render_to_response, parse_permissions, parse_userdata, login_required from filters import relpath, unquotepath -from module.utils import formatSize +from module.utils import formatSize, decode # Helper @@ -69,6 +69,9 @@ def base(messages): ## Views @error(500) def error500(error): + if request.header.get('X-Requested-With') == 'XMLHttpRequest': + return HTTPError(500, error.traceback) + return base(["An Error occured, please enable debug mode to get more details.", error, error.traceback.replace("\n", "<br>") if error.traceback else "No Traceback"]) @@ -103,6 +106,7 @@ def login_post(): s = request.environ.get('beaker.session') s["authenticated"] = True + s["id"] = info["id"] s["name"] = info["name"] s["role"] = info["role"] s["perms"] = info["permission"] @@ -171,14 +175,14 @@ def downloads(): for item in sorted(listdir(root)): if isdir(join(root, item)): folder = { - 'name': item, - 'path': item, + 'name': decode(item), + 'path': decode(item), 'files': [] } for file in sorted(listdir(join(root, item))): try: if isfile(join(root, item, file)): - folder['files'].append(file) + folder['files'].append(decode(file)) except: pass @@ -466,7 +470,7 @@ def logs(item=-1): if counter >= item: try: - date, time, level, message = l.split(" ", 3) + date, time, level, message = l.decode("utf8", "ignore").split(" ", 3) dtime = datetime.strptime(date + ' ' + time, '%d.%m.%Y %H:%M:%S') except: dtime = None diff --git a/module/web/templates/jinja/default/base.html b/module/web/templates/jinja/default/base.html index f5e2b9634..0931291b7 100644 --- a/module/web/templates/jinja/default/base.html +++ b/module/web/templates/jinja/default/base.html @@ -30,9 +30,9 @@ document.addEvent("domready", function(){ $('add_form').onsubmit=function() {
$('add_form').target = 'upload_target';
- if ($('add_name').value == "" && $('add_file').value != " "){
+ if ($('add_name').value == "" && $('add_file').value == ""){
alert("{{_("Please Enter a packagename.")}}");
- return false
+ return false;
}else{
out();
}
@@ -259,7 +259,7 @@ function AddBox() <div style="clear:both;"></div>
</div>
-{% if perms.can_change_status %}
+{% if perms.status %}
<ul id="page-actions2">
<li id="action_play"><a href="#" class="action play" accesskey="o" rel="nofollow">{{_("Start")}}</a></li>
<li id="action_stop"><a href="#" class="action stop" accesskey="o" rel="nofollow">{{_("Stop")}}</a></li>
@@ -268,7 +268,7 @@ function AddBox() </ul>
{% endif %}
-{% if perms.can_see_dl %}
+{% if perms.see_downloads %}
<ul id="page-actions">
<li><span class="time">{{_("Download:")}}</span><a id="time" style=" background-color: {% if status.download %}#8ffc25{% else %} #fc6e26{% endif %}; padding-left: 0cm; padding-right: 0.1cm; "> {% if status.download %}{{_("on")}}{% else %}{{_("off")}}{% endif %}</a></li>
<li><span class="reconnect">{{_("Reconnect:")}}</span><a id="reconnect" style=" background-color: {% if status.reconnect %}#8ffc25{% else %} #fc6e26{% endif %}; padding-left: 0cm; padding-right: 0.1cm; "> {% if status.reconnect %}{{_("on")}}{% else %}{{_("off")}}{% endif %}</a></li>
diff --git a/module/web/utils.py b/module/web/utils.py index f738560f7..8674fea1c 100644 --- a/module/web/utils.py +++ b/module/web/utils.py @@ -20,6 +20,8 @@ from bottle import request, HTTPError, redirect, ServerAdapter from webinterface import env, TEMPLATE +from module.database.UserDatabase import has_permission, PERMS, ROLE + def render_to_response(name, args={}, proc=[]): for p in proc: args.update(p()) @@ -28,14 +30,27 @@ def render_to_response(name, args={}, proc=[]): return t.render(**args) def parse_permissions(session): - perms = {"can_change_status": False, - "can_see_dl": False} + perms = {"add": False, + "delete": False, + "status": False, + "see_downloads": False, + "download" : False, + "settings": False} if not session.get("authenticated", False): return perms - perms["can_change_status"] = True - perms["can_see_dl"] = True + if session.get("role") == ROLE.ADMIN: + for k in perms.iterkeys(): + perms[k] = True + else: + p = session.get("permission") + perms["add"] = has_permission(p, PERMS.ADD) + perms["delete"] = has_permission(p, PERMS.DELETE) + perms["status"] = has_permission(p, PERMS.STATUS) + perms["see_downloads"] = has_permission(p, PERMS.SEE_DOWNLOADS) + perms["download"] = has_permission(p, PERMS.DOWNLOAD) + perms["settings"] = has_permission(p, PERMS.SETTINGS) return perms diff --git a/module/web/webinterface.py b/module/web/webinterface.py index 0d94fb4dc..54468d936 100644 --- a/module/web/webinterface.py +++ b/module/web/webinterface.py @@ -90,14 +90,14 @@ JS = JsEngine() TEMPLATE = config.get('webinterface', 'template') DL_ROOT = config.get('general', 'download_folder') LOG_ROOT = config.get('log', 'log_folder') -DEBUG = config.get("general","debug_mode") +DEBUG = config.get("general","debug_mode") or "-d" in sys.argv or "--debug" in sys.argv bottle.debug(DEBUG) cache = join("tmp", "jinja_cache") if not exists(cache): makedirs(cache) -bcc = FileSystemBytecodeCache(cache) +bcc = FileSystemBytecodeCache(cache, '%s.cache') loader = PrefixLoader({ "default": FileSystemLoader(join(PROJECT_DIR, "templates", "jinja", "default")) }) @@ -133,7 +133,6 @@ import pyload_app import json_app import cnl_app - def run_simple(host="0.0.0.0", port="8000"): run(app=web, host=host, port=port, quiet=True) |