daniel156161/simple-nanoshare
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
Files
1dbf3b36ffc8993d630b7c1b8a177f984831ee89
simple-nanoshare/routes/api/link.py
T
daniel156161 2982d44e55
Build and Push Docker Container / build-and-push (push) Successful in 3m21s
Details
feat: add servicelink RPC mesh endpoint 
- Add the servicelink submodule and register POST /rpc for node-to-node file operations.
- Require bearer tokens with the mesh scope and apply rate/body-size limits to RPC calls.
- Map database connectivity failures to the existing 504 database error flow, with JSON responses for API routes.
- Cover the new RPC handlers and database error handling with focused pytest tests.
- Bump the NanoShare package version to 1.21.0.
2026-06-13 23:59:35 +02:00

140 lines
4.8 KiB
Python
Raw Blame History

'''ServiceLink mesh endpoint for the picoshare/NanoShare node.
Lets other nodes (browser-cli, website) push files in and read file metadata
over the shared servicelink envelope at POST /rpc. Sits alongside the existing
web UI and /api routes.
Security: every call needs a bearer token that decodes to the `mesh` scope
(or `all`); the endpoint is rate limited and body-size capped. Intended to be
reachable only from the internal node network (lock it down at the reverse
proxy), with the token as defence-in-depth.
'''
from __future__ import annotations
import base64
from quart import Blueprint, Response, current_app, request
from my_modules.app.setup import LIMITER
from my_modules.expiry import ensure_utc, parse_expires
from my_modules.file_meta import format_size, iso_stamp_filename
from servicelink import Forbidden, InvalidParams, NotFound, Router, Unauthorized, bearer_verifier, handle_envelope
# Cap the /rpc body. base64 inflates ~33%, so this bounds upload size too.
MAX_RPC_BODY = 16 * 1024 * 1024
MESH_SCOPE = 'mesh'
router = Router('picoshare')
def _user_id(ctx):
if ctx.principal is None:
raise Unauthorized('authentication required')
return ctx.principal.subject
@router.method('files.upload')
async def files_upload(params, ctx):
user_id = _user_id(ctx)
text = params.get('text')
content_b64 = params.get('content_b64')
note = params.get('note', '')
expires_at = ensure_utc(parse_expires(params.get('expires', '')))
if content_b64:
data = base64.b64decode(content_b64)
content_type = params.get('content_type') or 'application/octet-stream'
default_ext = 'bin'
elif text is not None:
data = text.encode('utf-8')
content_type = 'text/plain'
default_ext = 'txt'
else:
raise InvalidParams('provide text or content_b64')
file_name = params.get('file_name') or iso_stamp_filename('mesh', default_ext)
storage_id = await current_app.convex.send_to_storage(data=data, content_type=content_type)
await current_app.convex.add_file(
file_name=file_name,
file_size=format_size(len(data)),
note=note,
content_type=content_type,
expires_at=expires_at,
storage_id=storage_id,
user_id=user_id,
)
return {'file_name': file_name, 'size': len(data), 'content_type': content_type}
@router.method('files.list')
async def files_list(params, ctx):
return {'files': await current_app.convex.get_files(user_id=_user_id(ctx))}
@router.method('files.get')
async def files_get(params, ctx):
file_id = params.get('file_id')
if not file_id:
raise InvalidParams('file_id is required')
meta = await current_app.convex.get_file(file_id)
if not meta:
raise NotFound('no such file', data={'file_id': file_id})
return meta
@router.method('files.info')
async def files_info(params, ctx):
file_id = params.get('file_id')
if not file_id:
raise InvalidParams('file_id is required')
return await current_app.convex.get_file_informations(file_id, _user_id(ctx))
@router.method('files.update')
async def files_update(params, ctx):
file_id = params.get('file_id')
file_name = params.get('file_name')
if not file_id or not file_name:
raise InvalidParams('file_id and file_name are required')
await current_app.convex.update_file(
file_id=file_id,
file_name=file_name,
note=params.get('note', ''),
expires_at=ensure_utc(parse_expires(params.get('expires', ''))),
user_id=_user_id(ctx),
)
return {'updated': True}
@router.method('files.delete')
async def files_delete(params, ctx):
file_id = params.get('file_id')
if not file_id:
raise InvalidParams('file_id is required')
await current_app.convex.delete_file(file_id, _user_id(ctx))
return {'deleted': True}
async def _decode_access_token(token):
payload = await current_app.convex.decode_access_token_payload(access_token=token)
if not payload or payload.get('error') or not payload.get('sub'):
raise ValueError((payload or {}).get('error', 'invalid token'))
return payload
_base_verify = bearer_verifier(_decode_access_token)
async def _verify(authorization, req):
principal = await _base_verify(authorization, req)
if principal is None or not principal.has_scope(MESH_SCOPE):
raise Forbidden(f'token lacks the {MESH_SCOPE!r} scope')
return principal
link_bp = Blueprint('servicelink_picoshare', __name__)
@link_bp.post('/rpc')
@LIMITER.limit('30 per minute')
async def rpc_endpoint():
if (request.content_length or 0) > MAX_RPC_BODY:
return Response('{"error":"payload too large"}', status=413, content_type='application/json')
raw = await request.get_data()
status, body, content_type = await handle_envelope(
router,
raw,
authorization=request.headers.get('Authorization'),
verify=_verify,
content_type=request.headers.get('Content-Type', 'application/json'),
)
return Response(body, status=status, content_type=content_type)
Reference in New Issue View Git Blame Copy Permalink