From 0da1c405d19d96e859f38a2849dc982777685342 Mon Sep 17 00:00:00 2001 From: Andrew Simonson Date: Thu, 17 Oct 2024 16:07:44 -0400 Subject: [PATCH] basic filesystem explorer --- docker-compose.yml | 8 +------- src/app.py | 23 ++++++++++++++++++++++- 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index b6f5ebb..948555a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,10 +7,4 @@ services: dockerfile: Dockerfile restart: 'no' volumes: - - ${READ_VOLUME:-/dev/null}:/mnt/readonly:ro # Read-only mount for sharing from host to public - # ports: - # - 8080 -networks: - default: - external: true - name: proxy + - ${READ_VOLUME:-/dev/null}:/mnt/readonly:ro # Read-only mount for sharing from host to public \ No newline at end of file diff --git a/src/app.py b/src/app.py index 5677e19..02acfb8 100644 --- a/src/app.py +++ b/src/app.py @@ -80,12 +80,33 @@ def page404(e): def static_from_root(): return flask.send_from_directory(app.static_folder, flask.request.path[1:]) +@app.route('/files') +@app.route('/files/') +def no_hacking(): + return "lol nice try" + @app.route('/files/') def filesystem_send(fname): + fname = fname.strip('/') safe_path = os.path.abspath(os.path.join("/mnt/readonly/", fname)) if not safe_path.startswith("/mnt/readonly/"): return "Invalid path", 400 - return flask.send_from_directory("/mnt/readonly/", fname) + if os.path.isfile(safe_path): + return flask.send_from_directory("/mnt/readonly/", fname) + elif os.path.isdir(safe_path): + dirContent = "" + if not os.path.abspath("/mnt/readonly/") == os.path.abspath(os.path.join(safe_path, os.path.pardir)): + pardir = "/files/" + os.path.abspath(os.path.join(safe_path, os.path.pardir))[len("/mnt/readonly/"):] + dirContent += f"Parent Directory" + dirContent += "" + return dirContent + raise HTTPerror.NotFound("File or Directory Not Found") if __name__ == "__main__":