don't log if the same user access they shared files
Build and Push Docker Container / build-and-push (push) Successful in 1m30s
Build and Push Docker Container / build-and-push (push) Successful in 1m30s
This commit is contained in:
+14
-5
@@ -26,23 +26,30 @@ async def files(user):
|
||||
@login_required
|
||||
async def file_info(file_id, user):
|
||||
files_data = await current_app.edgedb.get_files(user_id=user['sub'])
|
||||
return await render_template("views/webpage/.htm", files=files_data)
|
||||
return await render_template("views/webpage/file_info.htm", files=files_data)
|
||||
|
||||
@side_main_bp.route('/files/<path:file_id>/edit')
|
||||
@login_required
|
||||
async def file_edit(file_id, user):
|
||||
files_data = await current_app.edgedb.get_files(user_id=user['sub'])
|
||||
return await render_template("views/webpage/.htm", files=files_data)
|
||||
return await render_template("views/webpage/file_edit.htm", files=files_data)
|
||||
|
||||
@side_main_bp.route("/-<file_id>")
|
||||
@LIMITER.limit("10 per minute;500 per hour;")
|
||||
async def serve_file(file_id: str):
|
||||
file_data = await current_app.edgedb.get_file(file_id=file_id)
|
||||
disable_logging = False
|
||||
|
||||
if not file_data:
|
||||
abort(404)
|
||||
|
||||
user = session.get('user')
|
||||
if user and user['sub'] == file_data['user_id']:
|
||||
disable_logging = True
|
||||
|
||||
if is_expired(file_data.get("expires_at")):
|
||||
await current_app.edgedb.add_file_access(file_id=file_id, ip_address=get_ip(), user_agent=request.user_agent, status="expired", accessed_at=datetime.now(timezone.utc))
|
||||
if disable_logging:
|
||||
await current_app.edgedb.add_file_access(file_id=file_id, ip_address=get_ip(), user_agent=request.user_agent, status="expired", accessed_at=datetime.now(timezone.utc))
|
||||
return Response("This file has expired.", status=410, headers={
|
||||
"Cache-Control": "no-store",
|
||||
"X-Content-Type-Options": "nosniff",
|
||||
@@ -55,10 +62,12 @@ async def serve_file(file_id: str):
|
||||
|
||||
path = current_app.upload_folder / file_name
|
||||
if not path.exists() or not path.is_file():
|
||||
await current_app.edgedb.add_file_access(file_id=file_id, ip_address=get_ip(), user_agent=request.user_agent, status="error", accessed_at=datetime.now(timezone.utc))
|
||||
if disable_logging:
|
||||
await current_app.edgedb.add_file_access(file_id=file_id, ip_address=get_ip(), user_agent=request.user_agent, status="error", accessed_at=datetime.now(timezone.utc))
|
||||
abort(404)
|
||||
|
||||
await current_app.edgedb.add_file_access(file_id=file_id, ip_address=get_ip(), user_agent=request.user_agent, status="ok", accessed_at=datetime.now(timezone.utc))
|
||||
if disable_logging:
|
||||
await current_app.edgedb.add_file_access(file_id=file_id, ip_address=get_ip(), user_agent=request.user_agent, status="ok", accessed_at=datetime.now(timezone.utc))
|
||||
return await send_from_directory(
|
||||
directory=current_app.upload_folder,
|
||||
file_name=file_name,
|
||||
|
||||
Reference in New Issue
Block a user