From 4cc80318d51ce9de5fe2b981848558a1e1e76deb Mon Sep 17 00:00:00 2001
From: AndcoolSystems <drolll2007@gmail.com>
Date: Tue, 14 May 2024 22:41:43 +0300
Subject: [PATCH] added redirect and public file groups

---
 config.py        |   3 +-
 main.py          | 148 +++++++++++++++++++++++++----------------------
 web/index.html   |   6 +-
 web/res/copy.svg |   7 +++
 web/script.js    |  72 ++++++++++++++++-------
 web/style.css    |   8 ++-
 6 files changed, 148 insertions(+), 96 deletions(-)
 create mode 100644 web/res/copy.svg

diff --git a/config.py b/config.py
index ad01d0b..2d259df 100644
--- a/config.py
+++ b/config.py
@@ -29,4 +29,5 @@
 default = "application/x-msdownload"
 
 accessLifeTime = 432_000
-accessLifeTimeBot = 15_552_000
\ No newline at end of file
+accessLifeTimeBot = 15_552_000
+pattern = r'^https?://(?:[-\w.]|(?:%[\da-fA-F]{2}))+'
\ No newline at end of file
diff --git a/main.py b/main.py
index 60e3783..f0f8f9a 100644
--- a/main.py
+++ b/main.py
@@ -3,10 +3,10 @@
 """
 
 from fastapi import FastAPI, UploadFile, Request, Header
-from fastapi.responses import JSONResponse, FileResponse, Response
+from fastapi.responses import JSONResponse, FileResponse, Response, RedirectResponse
 from typing import Annotated, Union
 import uvicorn
-from config import filetypes, default, accessLifeTime, accessLifeTimeBot
+from config import filetypes, default, accessLifeTime, accessLifeTimeBot, pattern
 import aiohttp
 import utils
 from slowapi.errors import RateLimitExceeded
@@ -24,6 +24,7 @@
 import bcrypt
 import random
 import json
+import re
 
 
 def custom_key_func(request: Request):
@@ -193,28 +194,34 @@ async def upload_file(
     else:
         group_id = -1
 
+    file_data = file.file.read()
+    try:
+        is_url = re.match(pattern, file_data.decode("utf-8"))
+    except Exception:
+        is_url = False
+        
     key = str(uuid.uuid4())  # Generate unique delete key
     ext = ("." + file.filename.split(".")[-1].lower()) if file.filename.find(".") != -1 else ""  # Get file extension
     fid = utils.generate_token(10) + (ext if include_ext else "")  # Generate file url
     fn = str(uuid.uuid4()) + ext  # Generate file name
 
-    async with aiofiles.open(f"uploads/{fn}", "wb") as f:  # Save file locally
-        await f.write(file.file.read())
+    if not is_url:
+        async with aiofiles.open(f"uploads/{fn}", "wb") as f:  # Save file locally
+            await f.write(file_data)
 
     now = datetime.now()
+    filetype = filetypes.get(ext[1:], default) if ext and ext.lower()[1:] in filetypes else "download"
     created = await db.file.create(
         {  # Creating a file record
             "user_id": user_id,
             "group_id": int(group_id),
             "created_date": f"{now.day}.{now.month}.{now.year} {now.hour}:{now.minute}:{now.second}",
             "url": fid,
-            "filename": f"uploads/{fn}",
+            "filename": f"uploads/{fn}" if not is_url else file_data.decode("utf-8"),
             "craeted_at": time.time(),
             "last_watched": time.time(),
             "key": key,
-            "type": (
-                filetypes.get(ext[1:], default) if ext and ext.lower()[1:] in filetypes else "download"
-            ),
+            "type": filetype if not is_url else "redirect",
             "ext": ext,
             "size": file.size,
             "user_filename": file.filename,
@@ -249,11 +256,15 @@ async def upload_file(
 @limiter.limit(dynamic_limit_provider)
 async def send_file(url: str, request: Request):
     result = await db.file.find_first(where={"url": url})  # Get file by url
-    if not result or not os.path.isfile(result.filename):
+
+    if not result or (not os.path.isfile(result.filename) and result.type != "redirect"):
         async with aiofiles.open("404.html", mode="rb") as f:
             return Response(
                 await f.read(), media_type="text/html", status_code=404
             )  # if file does'n exists
+    
+    if result.type == "redirect":
+        return RedirectResponse(result.filename, status_code=301)
 
     print(request.headers.get("CF-IPCountry"))
 
@@ -276,16 +287,16 @@ async def send_file(url: str, request: Request):
         await delete_file(result.url, result.key)
         return JSONResponse(content="File not found!", status_code=404)
 
-    if result.type != "download":  # If File extension recognized
-        async with aiofiles.open(result.filename, mode="rb") as f:
-            return Response(
-                await f.read(), media_type=result.type
-            )  # Send file with "Content-type" header
-    else:  # If file extension doesn't recognized
+    if result.type == "download":  # If File extension doesn't recognized
         return FileResponse(
             path=result.filename, filename=result.user_filename, media_type=result.type
         )  # Send file as FileResponse
 
+    async with aiofiles.open(result.filename, mode="rb") as f:
+        return Response(
+            await f.read(), media_type=result.type
+        )  # Send file with "Content-type" header
+
 
 @app.get("/api/delete/{url}")  # File delete handler
 async def delete_file(url: str, key: str = ""):
@@ -294,31 +305,34 @@ async def delete_file(url: str, key: str = ""):
         return JSONResponse(
             content={"status": "error", "message": "File not found"}, status_code=404
         )  # if file does'n exists
+    try:
+        if result.key == key:  # If provided key matched with key from database record
+            await db.file.delete(
+                where={"id": result.id}
+            )  # Delete file record from database
+
+            async with aiohttp.ClientSession(
+                "https://api.cloudflare.com"
+            ) as session:  # Clear file cache from CloudFlare
+                async with session.post(
+                    f"/client/v4/zones/{os.getenv('ZONE_ID')}/purge_cache",
+                    json={"files": ["https://fu.andcool.ru/file/" + result.url]},
+                    headers={"Authorization": "Bearer " + os.getenv("KEY")}):
+                    pass
+            os.remove(result.filename)  # Delete file
 
-    if result.key == key:  # If provided key matched with key from database record
-        os.remove(result.filename)  # Delete file
-        await db.file.delete(
-            where={"id": result.id}
-        )  # Delete file record from database
-
-        async with aiohttp.ClientSession(
-            "https://api.cloudflare.com"
-        ) as session:  # Clear file cache from CloudFlare
-            async with session.post(
-                f"/client/v4/zones/{os.getenv('ZONE_ID')}/purge_cache",
-                json={"files": ["https://fu.andcool.ru/file/" + result.url]},
-                headers={"Authorization": "Bearer " + os.getenv("KEY")},
-            ):
-                pass
-
+            return JSONResponse(
+                content={"status": "success", "message": "deleted"}, status_code=200
+            )
+        else:  # If provided key doesn't matched with key from database record
+            return JSONResponse(
+                content={"status": "error", "message": "invalid unique key"},
+                status_code=400,
+            )
+    except Exception:
         return JSONResponse(
             content={"status": "success", "message": "deleted"}, status_code=200
         )
-    else:  # If provided key doesn't matched with key from database record
-        return JSONResponse(
-            content={"status": "error", "message": "invalid unique key"},
-            status_code=400,
-        )
 
 
 @app.get("/api/getFiles/{group_id}")  # get files handler
@@ -330,59 +344,55 @@ async def getFiles(
     Authorization: Annotated[Union[str, None], Header(convert_underscores=False)] = None,
     user_agent: Union[str, None] = Header(default=None)
 ):
-    token_db, auth_error = await check_token(Authorization, user_agent)  # Check token validity
-    if not token_db:  # If token is not valid
-        return JSONResponse(
-            content={
-                "status": "error",
-                "message": "Auth error",
-                "auth_error": auth_error,
-            },
-            status_code=401,
-        )
-
-    user = await db.user.find_first(
-        where={"id": token_db.user_id}
-    )  # Get user files from db
+    
+    username = None
+    if group_id != "private":
+        token_db, auth_error = await check_token(Authorization, user_agent)  # Check token validity
+        if token_db:
+            user = await db.user.find_first(where={"id": token_db.user_id})
+            username = user.username
 
-    if group_id == "private":
-        files = await db.file.find_many(
-            where={"user_id": user.id, "group_id": -1}
-        )  # Get all user files from db
-    else:
         if not group_id.isnumeric():
             return JSONResponse(
                 content={"status": "error", "message": "Invalid group id"},
                 status_code=400,
             )
 
-        group = await db.group.find_first(
-            where={"group_id": group_id}, include={"members": True}
-        )
+        group = await db.group.find_first(where={"group_id": group_id}, include={"members": True})
         if not group:
             return JSONResponse(
                 content={"status": "error", "message": "Group not found"},
                 status_code=404,
             )
-        if user not in group.members:
+
+        files = await db.file.find_many(where={"group_id": group_id})
+
+    else:
+        token_db, auth_error = await check_token(Authorization, user_agent)  # Check token validity
+        if not token_db:  # If token is not valid
             return JSONResponse(
-                {"status": "error", "message": "You are not in the group"},
-                status_code=400,
+                content={
+                    "status": "error",
+                    "message": "Auth error",
+                    "auth_error": auth_error,
+                },
+                status_code=401,
             )
 
-        files = await db.file.find_many(where={"group_id": group_id})
+        user = await db.user.find_first(where={"id": token_db.user_id})  # Get user files from db
+        files = await db.file.find_many(where={"user_id": user.id, "group_id": -1})  # Get all user files from db
+        username = user.username
+
 
     files_response = []
     for file in files:
-        user_filename = file.user_filename[:50] + (
-            "..." if len(file.user_filename) > 50 else ""
-        )
-        usr = (await db.user.find_first(where={"id": file.user_id})).username if group_id != "private" else None
+        user_filename = file.user_filename[:50] + ("..." if len(file.user_filename) > 50 else "")
+        usr = (await db.user.find_first(where={"id": file.user_id})).username if username else None
         files_response.append(
             {
                 "file_url": file.url,
                 "file_url_full": "https://fu.andcool.ru/file/" + file.url,
-                "key": file.key,
+                "key": file.key if username else None,
                 "ext": file.ext,
                 "user_filename": user_filename,
                 "creation_date": file.created_date,
@@ -396,9 +406,9 @@ async def getFiles(
         content={
             "status": "success",
             "message": "messages got successfully",
-            "username": user.username,
+            "username": username,
             "is_group_owner": (
-                None if group_id == "private" else group.admin_id == token_db.user_id
+                None if group_id == "private" or not username else group.admin_id == token_db.user_id
             ),
             "data": files_response,
         },
diff --git a/web/index.html b/web/index.html
index e7b86a6..3de974f 100644
--- a/web/index.html
+++ b/web/index.html
@@ -51,7 +51,7 @@
         <main>
             <h1>File uploader</h1>
             <nav>
-                <a class="selected">Home</a>
+                <a href="https://fu.andcool.ru/" class="selected">Home</a>
                 <a href="https://fu.andcool.ru/login/" id="login_page_a">Login</a>
                 <a href="https://fu.andcool.ru/tos/" id="login_page_a">ToS</a>
                 <a id="login_page_a" href="https://fu.andcool.ru/uploaders/">Uploaders</a>
@@ -73,14 +73,14 @@ <h1>File uploader</h1>
                 </div>
             </div>
             <form method="post" enctype="multipart/form-data">
-                <label class="input-file">
+                <label class="input-file" id="label_input">
                        <input type="file" name="file" id="input_file">		
                        <span>Choose file</span>
                  </label>
             </form>
             
             <div id="groups_selector" style="display: none;">
-                <p style="margin-bottom: 5px; margin-left: 0;">Select file group:</p>
+                <p style="margin-bottom: 5px; margin-left: 0;" id="select_group">Select file group:</p>
 
                 <div style="display: flex; align-items: center; flex-direction: row; justify-content: flex-start;">
                     <select id="groups">
diff --git a/web/res/copy.svg b/web/res/copy.svg
new file mode 100644
index 0000000..a7c8db0
--- /dev/null
+++ b/web/res/copy.svg
@@ -0,0 +1,7 @@
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+
<!-- Uploaded to: SVG Repo, www.svgrepo.com, Transformed by: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+
<g id="SVGRepo_bgCarrier" stroke-width="0"/>
+
<g id="SVGRepo_tracerCarrier" stroke-linecap="round" stroke-linejoin="round"/>
+
<g id="SVGRepo_iconCarrier"> <path fill-rule="evenodd" clip-rule="evenodd" d="M19.5 16.5L19.5 4.5L18.75 3.75H9L8.25 4.5L8.25 7.5L5.25 7.5L4.5 8.25V20.25L5.25 21H15L15.75 20.25V17.25H18.75L19.5 16.5ZM15.75 15.75L15.75 8.25L15 7.5L9.75 7.5V5.25L18 5.25V15.75H15.75ZM6 9L14.25 9L14.25 19.5L6 19.5L6 9Z" fill="#ffffff"/> </g>
+
</svg>
\ No newline at end of file
diff --git a/web/script.js b/web/script.js
index 69d1fad..42fe16d 100644
--- a/web/script.js
+++ b/web/script.js
@@ -31,10 +31,11 @@ function append_to_files_arr(data, id) {
 	let newCell = newRow.insertCell();
 	let newCell2 = newRow.insertCell();
 	// Append a text node to the cell
-	let url = document.createElement("p");
+	let url = document.createElement("a");
 	url.innerHTML = data['file_url_full'];
 	url.id = "url";
-	url.onclick = function () { navigator.clipboard.writeText(data['file_url_full']); }
+	url.href = data['file_url_full'];
+	url.target = "_blank";
 
 	let filename = document.createElement("p");
 	filename.innerHTML = data['user_filename'];
@@ -63,13 +64,12 @@ function append_to_files_arr(data, id) {
 	}
 
 	let a_btn = document.createElement("a");
-	a_btn.href = data['file_url_full'];
+	a_btn.onclick = function () { navigator.clipboard.writeText(data['file_url_full']); }
 	a_btn.className = "href_btn";
-	a_btn.target = "_blank";
 	a_btn.title = "Open in new tab";
 
 	let href_img = document.createElement("img");
-	href_img.src = "./res/external-link.svg";
+	href_img.src = "./res/copy.svg";
 	href_img.id = "external";
 	a_btn.appendChild(href_img);
 
@@ -349,17 +349,31 @@ async function fetch_groups() {
 }
 
 async function fetch_files(accessToken) {
-	if (!accessToken) return [];
-	if (!checkAccess(accessToken)) {
-		let new_access = await get_new_tokens(accessToken);
-		if (!new_access) {
-			localStorage.removeItem("accessToken");
-			return [];
+	const searchParams = new URLSearchParams(window.location.search);
+	const myParam = searchParams.get('share_group');
+
+	if (!myParam){
+		if (!accessToken) return [];
+		if (!checkAccess(accessToken)) {
+			let new_access = await get_new_tokens(accessToken);
+			if (!new_access) {
+				localStorage.removeItem("accessToken");
+				return [];
+			}
+			accessToken = new_access;
+			localStorage.setItem("accessToken", new_access);
 		}
-		accessToken = new_access;
-		localStorage.setItem("accessToken", new_access);
 	}
-	let group = document.getElementById('groups').value;
+	if (myParam){
+		var group = myParam;
+		document.getElementById("groups").style.display = "none";
+		document.getElementById("label_input").style.display = "none";
+		document.getElementById("addit_sett_btn").style.display = "none";
+	}
+	else {
+		var group = document.getElementById('groups').value;
+		document.getElementById("groups").style.display = "block";
+	}
 	try {
 		let response = await axios.get(api_url + "/api/get_files/" + group, {
 			headers: {
@@ -368,13 +382,21 @@ async function fetch_files(accessToken) {
 		})
 		if (!response) return;
 
-		let logim_page_btn = document.getElementById('login_page_a');
-		logim_page_btn.textContent = "Logout";
-		logim_page_btn.href = "/";
-		logim_page_btn.onclick = function () { if (confirm("Log out?")) { logout() } };
-		document.title = "File uploader · " + response.data.username;
-
-		document.getElementById('login_mess').textContent = "Logged as " + response.data.username;
+		if (response.data.username){
+			document.getElementById("groups").style.display = "block";
+			let logim_page_btn = document.getElementById('login_page_a');
+			logim_page_btn.textContent = "Logout";
+			logim_page_btn.href = "/";
+			logim_page_btn.onclick = function () { if (confirm("Log out?")) { logout() } };
+			document.title = "File uploader · " + response.data.username;
+			document.getElementById('login_mess').textContent = "Logged as " + response.data.username;
+			let share_link = document.getElementById("select_group");
+			if (group != "private") 
+				share_link.innerHTML = "Select file group " + `<a style='text-decoration: underline; cursor: pointer' onclick='navigator.clipboard.writeText("https://fu.andcool.ru?share_group=${group}")'>(Copy share link)</a>:`
+			else share_link.innerHTML = "Select file group:"
+		}else{
+			document.getElementById("groups").style.display = "none";
+		}
 		document.getElementById('invite_users').disabled = !response.data.is_group_owner;
 		document.getElementById('leave').title = response.data.is_group_owner ? "Delete group" : "Leave group";
 		document.getElementById('leave').disabled = (response.data.is_group_owner == null);
@@ -455,9 +477,17 @@ addEventListener("DOMContentLoaded", (event) => {
 	document.getElementById('groups').addEventListener("change", (event) => {
 		localStorage.setItem("prev_group", event.target.value);
 		document.getElementById('invite_link_link').style.display = "none";
+		const searchParams = new URLSearchParams(window.location.search);
+		const myParam = searchParams.get('share_group');
+		if (myParam) moveToPage("/");
 		fetch_files(localStorage.getItem("accessToken"),
 			event.target.value);
 	});
+	const searchParams = new URLSearchParams(window.location.search);
+	const myParam = searchParams.get('share_group');
+	if (myParam){
+		fetch_files(localStorage.getItem("accessToken"));
+	}
 	document.getElementById('input_file').addEventListener('change', function (e) {
 		let fileInput = document.getElementById('input_file');
 		let load_mess = document.getElementById('load_mess');
diff --git a/web/style.css b/web/style.css
index 10c3db2..3b221ad 100644
--- a/web/style.css
+++ b/web/style.css
@@ -96,6 +96,7 @@ p{margin-left: 2px;}
     font-weight: 400;
     margin-left: 3%;
     transition: background-color 0.2s;
+    box-sizing: border-box;
 }
 
 #files_table button:hover{
@@ -117,6 +118,7 @@ p{margin-left: 2px;}
     text-decoration: none;
     text-wrap: wrap;
     display: block;
+    margin-right: 0.5rem;
 }
 
 #files_table #url:hover{
@@ -256,6 +258,7 @@ nav a:hover{
     align-items: center;
     justify-content: center;
     margin-right: 1%;
+    cursor: pointer;
 }
 
 #transfer_row{
@@ -337,8 +340,9 @@ nav a:hover{
 }
 
 #external{
-    width: 16px;
-    height: 16px;
+    width: 24px;
+    height: 24px;
+    margin-left: -3px;
     
 }