skip to navigation
skip to content

Not Logged In

flaskup 0.3.2

A simple Flask application to share files.

Overview

Flaskup! is a simple Flask application to share files with your friends. You upload files through an HTML form, and you get back a link to download the file. You can do whatever you want with the link (copy it in an email or in your prefered chat app, it’s up to you).

Requirements

  • Python 2.7 (may work with other versions but not tested, feedbacks are welcome)
  • Flask
  • Flask-Babel
  • Flask-Mail
  • simplejson

Installation

  • Install from PyPI:

    pip install flaskup
    
  • or directly from the Git repository (to have latest features):

    git clone https://github.com/lmeunier/flaskup.git
    cd flaskup
    python setup.py install
    

Configuration

You MUST set the environment variable FLASKUP_CONFIG that point to a valid python file. In this file you will be able to customize the configuration for Flaskup!, Flask and the Flask extensions.

Flaskup!

  • FLASKUP_TITLE: personnalize the title of this webapp (default: ‘Flaskup!’)
  • FLASKUP_UPLOAD_FOLDER: the root folder where you want to store uploaded files (default: /tmp/flaskup).
  • FLASKUP_MAX_DAYS: the maximum number of days a file will be available, the file will be deleted after FLASKUP_MAX_DAYS days (default: 30).
  • FLASKUP_MAX_CONTACTS: limit contacts number, if the user gives more contacts, they will be silently discarded (default: 10 ; 0 means ‘no contacts’ and the textarea won’t be displayed)
  • FLASKUP_KEY_LENGTH: the lenght of the generated key used to identify a file (default: 6 – more than 2 billions keys)
  • FLASKUP_DELETE_KEY_LENGTH: the length of the generated key used to authenticate the owner of a file before deleting it (default: 4 – more than 1 million keys)
  • FLASKUP_ADMINS: list with email address of the administrators of Flaskup!, this is currently used only to send mails when an error occurs (default: [], empty list)
  • FLASKUP_NOTIFY: list all actions that should send an email notification to the admins (default: [], no notification)
    • add: a new file has been uploaded
    • delete: a file has been deleted
  • FLASKUP_NGINX_UPLOAD_MODULE_ENABLED: indicate whether you want to enable support for the Nginx upload-module (default: False)
  • FLASKUP_NGINX_UPLOAD_MODULE_STORE: must be set to the upload_store of the Nginx upload-module (default: None)
  • FLASKUP_UPLOAD_PASSWORDS: a list of tuples, each tuple contains a password and an identifier (default: [], no password required)
  • FLASKUP_UPLOAD_PASSWORDS_CHECK: method to check a submitted password against passwords in FLASKUP_UPLOAD_PASSWORDS (default: use cleartext passwords)

Flask

http://flask.pocoo.org/docs/config/#builtin-configuration-values

You must at least define the SECRET_KEY. To generate a good secret key, you can use a cryptographic random generator:

>>> import os
>>> os.urandom(24)
'_\x12\xab\x90D\xc4\xfd{\xd9\xe2\xf3-\xa8\xd3\x1d\x1ej\x8b\x13x\x8ce\xc5\xe0'

Example configuration file

# -*- coding: utf-8 -*-

from passlib.hash import bcrypt

DEBUG = True
SECRET_KEY = '_\x12\xab\x90D\xc4\xfd{\xd9\xe2\xf3-\xa8\xd3\x1d\x1ej\x8b\x13x\x8ce\xc5\xe0'
FLASKUP_UPLOAD_FOLDER = '/srv/flaskup/data'
FLASKUP_MAX_DAYS = 10
FLASKUP_KEY_LENGTH = 4
MAIL_DEFAULT_SENDER = 'flaskup@example.com'
FLASKUP_ADMINS = ['admin@example.com', 'admin@example.org']
FLASKUP_NOTIFY = ['add', 'delete']
FLASKUP_UPLOAD_PASSWORDS = [
  ('$2a$12$oIWeziyq4wjF08gntfU4w.AQZfYbbQoK7y13ParN83G7ta.qtN2.e', 'pw1'),
  ('$2a$12$zQ/hzog/iYr49fbo0mitS.y9f.uHP.7IyqWgk5/S1Ict50HRl4XxW', 'pw2'),
]
FLASKUP_UPLOAD_PASSWORDS_CHECK = bcrypt.verify

Run Flaskup!

  • Use your favorite WSGI server to run Flaskup! (the WSGI application is flaskup:app). For example, to use Flaskup! with Gunicorn:

    gunicorn --bind=127.0.0.1:8001 flaskup:app
    
  • Alternatively, you can start Flaskup! with the builtin Flask webserver (for testing or developpement only).

    create a file run-server.py:

    from flaskup import app
    app.run()
    

    run it:

    python run-server.py
    

Delete expired files

Flaskup! comes with the command line tool flaskup. This tool is a generic python script to call actions. Currently the only available action is clean.

. /path/to/env/bin/activate
export FLASKUP_CONFIG=/path/to/my/flaskup_config.py
flaskup clean

Password protection

The password protection in Flaskup! is a very simple mechanism to force users to submit a valid password when they upload a file.

List of valid passwords

Valid passwords are stored in a tuple (with a password identifier), those tuples are stored as a list in FLASKUP_UPLOAD_PASSWORDS. If FLASKUP_UPLOAD_PASSWORDS is empty, then no valid password are required and anybody can upload a file.

FLASKUP_UPLOAD_PASSWORDS = [
  ('password1', 'identifier for password 1'),
  ('secretpassword2', 'identifier for password 2'),
]

The password identifier is stored in the *.data.json file next to the uploaded file. This permits to identify which password was used to upload the file.

A password is never required to download files, only to upload them.

Use hashed passwords

By default, Flaskup! will treat passwords from FLASKUP_UPLOAD_PASSWORDS as cleartext (not hashed). If you want to put hashed passwords in FLASKUP_UPLOAD_PASSWORDS, you must define FLASKUP_UPLOAD_PASSWORDS_CHECK.

FLASKUP_UPLOAD_PASSWORDS_CHECK must be a reference to a method that accepts two arguments: the user submitted password and the hashed password (from FLASKUP_UPLOAD_PASSWORDS), and then returns True if passwords match, else False.

from passlib.hash import bcrypt

FLASKUP_UPLOAD_PASSWORDS = [
  ('$2a$12$oIWeziyq4wjF08gntfU4w.AQZfYbbQoK7y13ParN83G7ta.qtN2.e', 'pw1'),
  ('$2a$12$zQ/hzog/iYr49fbo0mitS.y9f.uHP.7IyqWgk5/S1Ict50HRl4XxW', 'pw2'),
]
FLASKUP_UPLOAD_PASSWORDS_CHECK = bcrypt.verify

Nginx Upload Module

If you are using Nginx with the upload-module, you can configure it to efficiently upload files to Flaskup!. Using this module is recommended when you need to deal with large files: the whole POST is not decoded in Python and the uploaded file is moved just one time (with the normal file upload mechanism the file is re-sent from Nginx to your WSGI server, and then it is copied to the final destination).

Configure Flaskup!

You must define the two following configuration values:

  • FLASKUP_NGINX_UPLOAD_MODULE_ENABLED: must be set to True
  • FLASKUP_NGINX_UPLOAD_MODULE_STORE: must be set to the upload_store of the upload-module

Example configuration:

FLASKUP_NGINX_UPLOAD_MODULE_ENABLED = True
FLASKUP_NGINX_UPLOAD_MODULE_STORE = /tmp/nginx_upload_module

Configure Nginx

  • be sure that you compiled Nginx with the upload-module
  • create a folder where uploaded files will be stored, preferably on the same disk or partition as FLASKUP_UPLOAD_FOLDER to avoid unnecessary I/O operations (this folder is named upload_store in your Nginx config)
  • check permissions on the upload_store folder: users running Nginx and Flaskup! must have read/write permissions
  • edit your configuration file (add the /upload location)

Example configuration:

server {
    listen [::]:80;
    server_name "flaskup.example.com";
    client_max_body_size 2g;

    access_log /var/log/nginx/flaskup_access.log combined;
    error_log  /var/log/nginx/flaskup_error.log;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;

    location /static/ {
            alias   /path/to/env/lib/python2.7/site-packages/flaskup/static/;
    }
    location = /upload {
            upload_pass             @upstream;
            upload_store            /tmp/nginx_upload_module;
            upload_store_access     user:rw;

            upload_set_form_field   $upload_field_name.name "$upload_file_name";
            upload_set_form_field   $upload_field_name.path "$upload_tmp_path";

            upload_pass_form_field  "^myemail$|^mycontacts$";
            upload_cleanup          400-599;
    }
    location / {
        proxy_pass http://127.0.0.1:8000;
    }
    location @upstream {
        proxy_pass http://127.0.0.1:8000;
    }
}

Credits

Flaskup! is maintained by Laurent Meunier.

Licenses

Flaskup! is Copyright (c) 2012 Laurent Meunier. It is free software, and may be redistributed under the terms specified in the LICENSE file (a 3-clause BSD License).

Flaskup! uses Bootstrap (Apache License v2.0) and jQuery (MIT or GPLv2 License).

 
File Type Py Version Uploaded on Size
flaskup-0.3.2.tar.gz (md5) Source 2014-06-13 105KB
  • Downloads (All Versions):
  • 2 downloads in the last day
  • 67 downloads in the last week
  • 274 downloads in the last month