diff --git a/my_modules/EdgeDB.py b/my_modules/EdgeDB.py index 4046a3c..b4826b0 100644 --- a/my_modules/EdgeDB.py +++ b/my_modules/EdgeDB.py @@ -59,7 +59,8 @@ class EdgeDB: select files { file_name, content_type, - expires_at + expires_at, + user_id } filter .file_id = $file_id limit 1 @@ -71,7 +72,8 @@ class EdgeDB: return { "file_name": data.file_name, "content_type": data.content_type, - "expires_at": data.expires_at + "expires_at": data.expires_at, + "user_id": data.user_id } return None diff --git a/routes/side/main.py b/routes/side/main.py index 968a231..e17478f 100644 --- a/routes/side/main.py +++ b/routes/side/main.py @@ -26,23 +26,30 @@ async def files(user): @login_required async def file_info(file_id, user): files_data = await current_app.edgedb.get_files(user_id=user['sub']) - return await render_template("views/webpage/.htm", files=files_data) + return await render_template("views/webpage/file_info.htm", files=files_data) @side_main_bp.route('/files//edit') @login_required async def file_edit(file_id, user): files_data = await current_app.edgedb.get_files(user_id=user['sub']) - return await render_template("views/webpage/.htm", files=files_data) + return await render_template("views/webpage/file_edit.htm", files=files_data) @side_main_bp.route("/-") @LIMITER.limit("10 per minute;500 per hour;") async def serve_file(file_id: str): file_data = await current_app.edgedb.get_file(file_id=file_id) + disable_logging = False + if not file_data: abort(404) + user = session.get('user') + if user and user['sub'] == file_data['user_id']: + disable_logging = True + if is_expired(file_data.get("expires_at")): - await current_app.edgedb.add_file_access(file_id=file_id, ip_address=get_ip(), user_agent=request.user_agent, status="expired", accessed_at=datetime.now(timezone.utc)) + if disable_logging: + await current_app.edgedb.add_file_access(file_id=file_id, ip_address=get_ip(), user_agent=request.user_agent, status="expired", accessed_at=datetime.now(timezone.utc)) return Response("This file has expired.", status=410, headers={ "Cache-Control": "no-store", "X-Content-Type-Options": "nosniff", @@ -55,10 +62,12 @@ async def serve_file(file_id: str): path = current_app.upload_folder / file_name if not path.exists() or not path.is_file(): - await current_app.edgedb.add_file_access(file_id=file_id, ip_address=get_ip(), user_agent=request.user_agent, status="error", accessed_at=datetime.now(timezone.utc)) + if disable_logging: + await current_app.edgedb.add_file_access(file_id=file_id, ip_address=get_ip(), user_agent=request.user_agent, status="error", accessed_at=datetime.now(timezone.utc)) abort(404) - await current_app.edgedb.add_file_access(file_id=file_id, ip_address=get_ip(), user_agent=request.user_agent, status="ok", accessed_at=datetime.now(timezone.utc)) + if disable_logging: + await current_app.edgedb.add_file_access(file_id=file_id, ip_address=get_ip(), user_agent=request.user_agent, status="ok", accessed_at=datetime.now(timezone.utc)) return await send_from_directory( directory=current_app.upload_folder, file_name=file_name,