skip to navigation
skip to content

flaskup 0.3.2

A simple Flask application to share files.


Flaskup! is a simple Flask application to share files with your friends. You upload files through an HTML form, and you get back a link to download the file. You can do whatever you want with the link (copy it in an email or in your prefered chat app, it’s up to you).


  • Python 2.7 (may work with other versions but not tested, feedbacks are welcome)
  • Flask
  • Flask-Babel
  • Flask-Mail
  • simplejson


  • Install from PyPI:

    pip install flaskup
  • or directly from the Git repository (to have latest features):

    git clone
    cd flaskup
    python install


You MUST set the environment variable FLASKUP_CONFIG that point to a valid python file. In this file you will be able to customize the configuration for Flaskup!, Flask and the Flask extensions.


  • FLASKUP_TITLE: personnalize the title of this webapp (default: ‘Flaskup!’)
  • FLASKUP_UPLOAD_FOLDER: the root folder where you want to store uploaded files (default: /tmp/flaskup).
  • FLASKUP_MAX_DAYS: the maximum number of days a file will be available, the file will be deleted after FLASKUP_MAX_DAYS days (default: 30).
  • FLASKUP_MAX_CONTACTS: limit contacts number, if the user gives more contacts, they will be silently discarded (default: 10 ; 0 means ‘no contacts’ and the textarea won’t be displayed)
  • FLASKUP_KEY_LENGTH: the lenght of the generated key used to identify a file (default: 6 – more than 2 billions keys)
  • FLASKUP_DELETE_KEY_LENGTH: the length of the generated key used to authenticate the owner of a file before deleting it (default: 4 – more than 1 million keys)
  • FLASKUP_ADMINS: list with email address of the administrators of Flaskup!, this is currently used only to send mails when an error occurs (default: [], empty list)
  • FLASKUP_NOTIFY: list all actions that should send an email notification to the admins (default: [], no notification)
    • add: a new file has been uploaded
    • delete: a file has been deleted
  • FLASKUP_NGINX_UPLOAD_MODULE_ENABLED: indicate whether you want to enable support for the Nginx upload-module (default: False)
  • FLASKUP_NGINX_UPLOAD_MODULE_STORE: must be set to the upload_store of the Nginx upload-module (default: None)
  • FLASKUP_UPLOAD_PASSWORDS: a list of tuples, each tuple contains a password and an identifier (default: [], no password required)
  • FLASKUP_UPLOAD_PASSWORDS_CHECK: method to check a submitted password against passwords in FLASKUP_UPLOAD_PASSWORDS (default: use cleartext passwords)


You must at least define the SECRET_KEY. To generate a good secret key, you can use a cryptographic random generator:

>>> import os
>>> os.urandom(24)

Example configuration file

# -*- coding: utf-8 -*-

from passlib.hash import bcrypt

DEBUG = True
SECRET_KEY = '_\x12\xab\x90D\xc4\xfd{\xd9\xe2\xf3-\xa8\xd3\x1d\x1ej\x8b\x13x\x8ce\xc5\xe0'
FLASKUP_UPLOAD_FOLDER = '/srv/flaskup/data'
FLASKUP_NOTIFY = ['add', 'delete']
  ('$2a$12$oIWeziyq4wjF08gntfU4w.AQZfYbbQoK7y13ParN83G7ta.qtN2.e', 'pw1'),
  ('$2a$12$zQ/hzog/iYr49fbo0mitS.y9f.uHP.7IyqWgk5/S1Ict50HRl4XxW', 'pw2'),

Run Flaskup!

  • Use your favorite WSGI server to run Flaskup! (the WSGI application is flaskup:app). For example, to use Flaskup! with Gunicorn:

    gunicorn --bind= flaskup:app
  • Alternatively, you can start Flaskup! with the builtin Flask webserver (for testing or developpement only).

    create a file

    from flaskup import app

    run it:


Delete expired files

Flaskup! comes with the command line tool flaskup. This tool is a generic python script to call actions. Currently the only available action is clean.

. /path/to/env/bin/activate
export FLASKUP_CONFIG=/path/to/my/
flaskup clean

Password protection

The password protection in Flaskup! is a very simple mechanism to force users to submit a valid password when they upload a file.

List of valid passwords

Valid passwords are stored in a tuple (with a password identifier), those tuples are stored as a list in FLASKUP_UPLOAD_PASSWORDS. If FLASKUP_UPLOAD_PASSWORDS is empty, then no valid password are required and anybody can upload a file.

  ('password1', 'identifier for password 1'),
  ('secretpassword2', 'identifier for password 2'),

The password identifier is stored in the *.data.json file next to the uploaded file. This permits to identify which password was used to upload the file.

A password is never required to download files, only to upload them.

Use hashed passwords

By default, Flaskup! will treat passwords from FLASKUP_UPLOAD_PASSWORDS as cleartext (not hashed). If you want to put hashed passwords in FLASKUP_UPLOAD_PASSWORDS, you must define FLASKUP_UPLOAD_PASSWORDS_CHECK.

FLASKUP_UPLOAD_PASSWORDS_CHECK must be a reference to a method that accepts two arguments: the user submitted password and the hashed password (from FLASKUP_UPLOAD_PASSWORDS), and then returns True if passwords match, else False.

from passlib.hash import bcrypt

  ('$2a$12$oIWeziyq4wjF08gntfU4w.AQZfYbbQoK7y13ParN83G7ta.qtN2.e', 'pw1'),
  ('$2a$12$zQ/hzog/iYr49fbo0mitS.y9f.uHP.7IyqWgk5/S1Ict50HRl4XxW', 'pw2'),

Nginx Upload Module

If you are using Nginx with the upload-module, you can configure it to efficiently upload files to Flaskup!. Using this module is recommended when you need to deal with large files: the whole POST is not decoded in Python and the uploaded file is moved just one time (with the normal file upload mechanism the file is re-sent from Nginx to your WSGI server, and then it is copied to the final destination).

Configure Flaskup!

You must define the two following configuration values:

  • FLASKUP_NGINX_UPLOAD_MODULE_STORE: must be set to the upload_store of the upload-module

Example configuration:

FLASKUP_NGINX_UPLOAD_MODULE_STORE = /tmp/nginx_upload_module

Configure Nginx

  • be sure that you compiled Nginx with the upload-module
  • create a folder where uploaded files will be stored, preferably on the same disk or partition as FLASKUP_UPLOAD_FOLDER to avoid unnecessary I/O operations (this folder is named upload_store in your Nginx config)
  • check permissions on the upload_store folder: users running Nginx and Flaskup! must have read/write permissions
  • edit your configuration file (add the /upload location)

Example configuration:

server {
    listen [::]:80;
    server_name "";
    client_max_body_size 2g;

    access_log /var/log/nginx/flaskup_access.log combined;
    error_log  /var/log/nginx/flaskup_error.log;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;

    location /static/ {
            alias   /path/to/env/lib/python2.7/site-packages/flaskup/static/;
    location = /upload {
            upload_pass             @upstream;
            upload_store            /tmp/nginx_upload_module;
            upload_store_access     user:rw;

            upload_set_form_field   $ "$upload_file_name";
            upload_set_form_field   $upload_field_name.path "$upload_tmp_path";

            upload_pass_form_field  "^myemail$|^mycontacts$";
            upload_cleanup          400-599;
    location / {
    location @upstream {


Flaskup! is maintained by Laurent Meunier.


Flaskup! is Copyright (c) 2012 Laurent Meunier. It is free software, and may be redistributed under the terms specified in the LICENSE file (a 3-clause BSD License).

Flaskup! uses Bootstrap (Apache License v2.0) and jQuery (MIT or GPLv2 License).

File Type Py Version Uploaded on Size
flaskup-0.3.2.tar.gz (md5) Source 2014-06-13 105KB