daniel156161/simple-nanoshare
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

don't log if the same user access they shared files
Build and Push Docker Container / build-and-push (push) Successful in 1m30s
Details

Browse Source
This commit is contained in:
Daniel Dolezal
2025-10-25 13:55:55 +02:00
parent 0ff61a9e81
commit 501acce9ba
2 changed files with 18 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
my_modules/EdgeDB.py
+4 -2
View File
@@ -59,7 +59,8 @@ class EdgeDB:
select files { select files {
file_name, file_name,
content_type, content_type,
expires_at expires_at,
user_id
} }
filter .file_id = <str>$file_id filter .file_id = <str>$file_id
limit 1 limit 1
@@ -71,7 +72,8 @@ class EdgeDB:
return { return {
"file_name": data.file_name, "file_name": data.file_name,
"content_type": data.content_type, "content_type": data.content_type,
"expires_at": data.expires_at "expires_at": data.expires_at,
"user_id": data.user_id
} }
return None return None
routes/side/main.py
+11 -2
View File
@@ -26,22 +26,29 @@ async def files(user):
@login_required @login_required
async def file_info(file_id, user): async def file_info(file_id, user):
files_data = await current_app.edgedb.get_files(user_id=user['sub']) files_data = await current_app.edgedb.get_files(user_id=user['sub'])
return await render_template("views/webpage/.htm", files=files_data) return await render_template("views/webpage/file_info.htm", files=files_data)
@side_main_bp.route('/files/<path:file_id>/edit') @side_main_bp.route('/files/<path:file_id>/edit')
@login_required @login_required
async def file_edit(file_id, user): async def file_edit(file_id, user):
files_data = await current_app.edgedb.get_files(user_id=user['sub']) files_data = await current_app.edgedb.get_files(user_id=user['sub'])
return await render_template("views/webpage/.htm", files=files_data) return await render_template("views/webpage/file_edit.htm", files=files_data)
@side_main_bp.route("/-<file_id>") @side_main_bp.route("/-<file_id>")
@LIMITER.limit("10 per minute;500 per hour;") @LIMITER.limit("10 per minute;500 per hour;")
async def serve_file(file_id: str): async def serve_file(file_id: str):
file_data = await current_app.edgedb.get_file(file_id=file_id) file_data = await current_app.edgedb.get_file(file_id=file_id)
disable_logging = False
if not file_data: if not file_data:
abort(404) abort(404)
user = session.get('user')
if user and user['sub'] == file_data['user_id']:
disable_logging = True
if is_expired(file_data.get("expires_at")): if is_expired(file_data.get("expires_at")):
if disable_logging:
await current_app.edgedb.add_file_access(file_id=file_id, ip_address=get_ip(), user_agent=request.user_agent, status="expired", accessed_at=datetime.now(timezone.utc)) await current_app.edgedb.add_file_access(file_id=file_id, ip_address=get_ip(), user_agent=request.user_agent, status="expired", accessed_at=datetime.now(timezone.utc))
return Response("This file has expired.", status=410, headers={ return Response("This file has expired.", status=410, headers={
"Cache-Control": "no-store", "Cache-Control": "no-store",
@@ -55,9 +62,11 @@ async def serve_file(file_id: str):
path = current_app.upload_folder / file_name path = current_app.upload_folder / file_name
if not path.exists() or not path.is_file(): if not path.exists() or not path.is_file():
if disable_logging:
await current_app.edgedb.add_file_access(file_id=file_id, ip_address=get_ip(), user_agent=request.user_agent, status="error", accessed_at=datetime.now(timezone.utc)) await current_app.edgedb.add_file_access(file_id=file_id, ip_address=get_ip(), user_agent=request.user_agent, status="error", accessed_at=datetime.now(timezone.utc))
abort(404) abort(404)
if disable_logging:
await current_app.edgedb.add_file_access(file_id=file_id, ip_address=get_ip(), user_agent=request.user_agent, status="ok", accessed_at=datetime.now(timezone.utc)) await current_app.edgedb.add_file_access(file_id=file_id, ip_address=get_ip(), user_agent=request.user_agent, status="ok", accessed_at=datetime.now(timezone.utc))
return await send_from_directory( return await send_from_directory(
directory=current_app.upload_folder, directory=current_app.upload_folder,