crafty-4/app/classes/web/upload_handler.py

import tornado.options
import tornado.web
import tornado.httpserver
from tornado.options import options
from app.classes.shared.models import db_helper, Enum_Permissions_Server
from app.classes.shared.helpers import helper
from app.classes.web.websocket_helper import websocket_helper
from app.classes.shared.console import console
import logging
import os
import json
import time

logger = logging.getLogger(__name__)

# Class&Function Defination
MAX_STREAMED_SIZE = 1024 * 1024 * 1024

@tornado.web.stream_request_body
class UploadHandler(tornado.web.RequestHandler):
    def prepare(self):
        self.do_upload = True
        user_data = json.loads(self.get_secure_cookie('user_data'))
        user_id = user_data['user_id']

        server_id = self.request.headers.get('X-ServerId', None)

        if user_id is None:
            logger.warning('User ID not found in upload handler call')
            console.warning('User ID not found in upload handler call')
            self.do_upload = False
        
        if server_id is None:
            logger.warning('Server ID not found in upload handler call')
            console.warning('Server ID not found in upload handler call')
            self.do_upload = False

        user_permissions = db_helper.get_user_permissions_list(user_id, server_id)
        if Enum_Permissions_Server.Files not in user_permissions:
            logger.warning(f'User {user_id} tried to upload a file to {server_id} without permissions!')
            console.warning(f'User {user_id} tried to upload a file to {server_id} without permissions!')
            self.do_upload = False

        path = self.request.headers.get('X-Path', None)
        filename = self.request.headers.get('X-FileName', None)
        full_path = os.path.join(path, filename)

        if not helper.in_path(db_helper.get_server_data_by_id(server_id)['path'], full_path):
            print(user_id, server_id, db_helper.get_server_data_by_id(server_id)['path'], full_path)
            logger.warning(f'User {user_id} tried to upload a file to {server_id} but the path is not inside of the server!')
            console.warning(f'User {user_id} tried to upload a file to {server_id} but the path is not inside of the server!')
            self.do_upload = False
        
        if self.do_upload:
            try:
                self.f = open(full_path, "wb")
            except Exception as e:
                logger.error("Upload failed with error: {}".format(e))
                self.do_upload = False
        # If max_body_size is not set, you cannot upload files > 100MB
        self.request.connection.set_max_body_size(MAX_STREAMED_SIZE)

    def post(self):
        logger.info("Upload completed")
        files_left = int(self.request.headers.get('X-Files-Left', None))
        
        if self.do_upload:
            time.sleep(5)
            if files_left == 0:
                websocket_helper.broadcast('close_upload_box', 'success')
            self.finish('success') # Nope, I'm sending "success"
            self.f.close()
        else:
            time.sleep(5)
            if files_left == 0:
                websocket_helper.broadcast('close_upload_box', 'error')
            self.finish('error')

    def data_received(self, data):
        if self.do_upload:
            self.f.write(data)