From 97d185d604218abeb18a9dabb229c5e8bb5a1f1c Mon Sep 17 00:00:00 2001 From: kageru <8497max@gmail.com> Date: Wed, 18 Oct 2017 13:25:34 +0200 Subject: [PATCH] curl backend now accepts files, names and stores them, and returns a link --- README.md | 4 ++-- add_user.py | 2 +- config.py | 15 ++++++++++++++- pyshare_receiver.py | 29 +++++++++++++++++++++++++++-- 4 files changed, 44 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index adf77fe..8ba9f38 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # pyshare -A very simple python script that aims to replace the most basic functionalities (TL Note: the ones I used) of ShareX. +A simple python script that aims to replace the most basic functionalities (TL Note: the ones I used) of ShareX. This wouldn't be necessary if ShareX had just been developed as a cross-platform project, but I digress. Needless to say, this is being developed for and tested on Linux. If you're on Windows, just use ShareX.\ -Only (s)ftp uploads for now, but I might add simple curl commands (like used by 0x0) later on. +~~Only (s)ftp uploads for now~~ I added simple curl commands (like used by 0x0), as well as a small server that can receive them. I should add that the focus will be on a self-hosted server. If you don't care about that, just `curl` 0x0.st or something. #### What works: - Taking area screenshots diff --git a/add_user.py b/add_user.py index 1f28e0f..971d286 100644 --- a/add_user.py +++ b/add_user.py @@ -17,6 +17,6 @@ if __name__ == '__main__': sys.exit(0) else: username, password = sys.argv[1:] - salt = choices(character_pool, k=10) + salt = ''.join(choices(character_pool, k=10)) hash = salthash(password, salt) print(f" '{username}': ['{hash}', '{salt}'],") diff --git a/config.py b/config.py index 8e55983..379d5b4 100644 --- a/config.py +++ b/config.py @@ -1,8 +1,21 @@ -# (S)FTP credentials +# Can be 'curl' or 'sftp' +uploader = 'curl' + +# (S)FTP credentials, only if you want to use SFTP for uploads sftp_address = 'your_domain.com' username = 'your_ftp_user' password = 'your_ftp_password' +# curl parameters, if you're using pyshare_receivere +curl_target = 'your_domain.com:5000' +curl_user = 'user1' +curl_password = 'password' + +# This should contain a complete curl command with a {} to insert the filename. +# Setting this to anything but None will result in the other curl parameters to be ignored +# Example: 'curl -F"file=@{}" https://0x0.st' +custom_curl_command = None + # This is where the screenshots are saved locally local_directory = '/home/kageru/pyshare/' # Directory on the ftp server where you want the screenshots to be sent to diff --git a/pyshare_receiver.py b/pyshare_receiver.py index 2adfcf4..c6a6f8c 100644 --- a/pyshare_receiver.py +++ b/pyshare_receiver.py @@ -5,7 +5,12 @@ from flask import Flask, request from werkzeug.utils import secure_filename from hashlib import sha3_256 from users import users +import os import config +from string import ascii_letters, digits +from random import choices + +character_pool = ascii_letters + digits app = Flask(__name__) @@ -27,14 +32,34 @@ def authenticate(request): return False +def find_filename(length, ext): + def generate_filename(length, ext): + return ''.join(choices(character_pool, k=length)) + ext + + filename = generate_filename(length, ext) + i = 0 + while os.path.exists(os.path.join(config.remote_directory, filename)): + i += 1 + if i > 1000: + length += 1 + i = 0 + filename = generate_filename(length, ext) + return filename + + @app.route('/', methods=['POST']) def receive_file() -> tuple: if 'file' in request.files: if authenticate(request) is True: file = request.files.get('file') filename = secure_filename(file.filename) - file.save(filename) - return config.url_template.format(filename), 201 + if '.' in filename: + extension = '.' + filename.rsplit('.', 1)[1] + else: + extension = '' + storename = find_filename(config.length, extension) + file.save(os.path.join(config.remote_directory, storename)) + return config.url_template.format(storename), 201 else: return 'Wrong or no credentials', 403 return 'you\'re doing this wrong', 418