Created
September 19, 2021 16:23
-
-
Save WJDigby/95666165bd3ac112224804d6dbdf26f8 to your computer and use it in GitHub Desktop.
Simple insecure webserver for transferring text and files between hosts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64 | |
| from datetime import datetime | |
| from hashlib import md5 | |
| from math import ceil | |
| import os | |
| import web | |
| from jinja2 import Environment, BaseLoader | |
| # Tool is not designed for security, but might as disable this unless needed | |
| web.config.debug = False | |
| urls = ('/b64/.*$', 'B64', | |
| '.*$', 'index') | |
| TEMPLATE = """ | |
| <html> | |
| <head> | |
| <title>CopyPasta</title> | |
| </head> | |
| <body> | |
| <style> | |
| body{ font-family: 'Arial'} | |
| a:link { color: black; } | |
| a:visited { color: gray; } | |
| </style> | |
| <h2 id="header">Paste</h2> | |
| <form action="./index" method="post"> | |
| <textarea id="text" name="text" rows="5" cols="30">{{ text }}</textarea> | |
| <br><br> | |
| <button name="paste" type="submit">Paste</button> | |
| <button name="save_text" type="submit">Save text</button> | |
| <button name="save_b64" type="submit">Save B64 file</button> | |
| </form> | |
| <pre>curl -F text="your text here" {{ host }}</pre> | |
| <br> | |
| <h2 id="header">Upload</h2> | |
| <form action="./index" method="post" enctype="multipart/form-data"> | |
| <input type="file" id="file" name="upload"> | |
| <button type="submit">Upload</button> | |
| </form> | |
| <pre>curl -F upload=@/path/to/file {{ host }}</pre> | |
| <br> | |
| <h2 id="header">Download</h2> | |
| {% if downloads %} | |
| <table style="border-collapse: collapse;"> | |
| <tr> | |
| <th>File</th> | |
| <th>Download</th> | |
| <th>Preview</th> | |
| <th>To Base64</th> | |
| <th>Size</th> | |
| <th>Date</th> | |
| <th>MD5</th> | |
| </tr> | |
| {% for filename, attrs in downloads.items() %} | |
| <tr style="background-color: {{ loop.cycle('white', 'lightgray') }}"> | |
| <td style="padding: 10px;">{{ filename }}</td> | |
| <td><a href="{{ attrs[0] }}" download>{{ download_icon }}</a></td> | |
| <td><a href="{{ attrs[0] }}">{{ preview_icon }}</a></td> | |
| <td><a href="./b64/{{ filename }}">{{ to_b64_icon }}</a></td> | |
| <td>{{ attrs[1] }}</td> | |
| <td>{{ attrs[2] }}</td> | |
| <td>{{ attrs[3] }}</td> | |
| </tr> | |
| {% endfor %} | |
| </table> | |
| {% endif %} | |
| </body> | |
| </html> | |
| """ | |
| class B64: | |
| """ Generate base64-encoded versions of files stored in the ./static/ directory. | |
| Return to the user as a text blob in the browser.""" | |
| def GET(self): | |
| file = web.ctx.env['PATH_INFO'].split('/')[-1] | |
| if file in os.listdir('./static'): | |
| with open('./static/' + file, 'rb') as f: | |
| data = f.read() | |
| b64_data = base64.b64encode(data) | |
| web.header('Content-Type', 'text/plain') | |
| return b64_data | |
| raise web.seeother('/') | |
| class index: | |
| """Handle all GET and POST requests other than those directed at /b64. | |
| Displays current text held in "clipboard" and list of available downloads.""" | |
| def GET(self): | |
| if not web.ctx.env['PATH_INFO'] == '/': | |
| raise web.seeother('/') | |
| host = web.ctx.env['HTTP_HOST'] | |
| download_icon = """ | |
| <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-download" viewBox="0 0 16 16" title="Download"> | |
| <path d="M.5 9.9a.5.5 0 0 1 .5.5v2.5a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1v-2.5a.5.5 0 0 1 1 0v2.5a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2v-2.5a.5.5 0 0 1 .5-.5z"/> | |
| <path d="M7.646 11.854a.5.5 0 0 0 .708 0l3-3a.5.5 0 0 0-.708-.708L8.5 10.293V1.5a.5.5 0 0 0-1 0v8.793L5.354 8.146a.5.5 0 1 0-.708.708l3 3z"/> | |
| <title>Download</title> | |
| </svg> | |
| """ | |
| preview_icon = """ | |
| <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-eyeglasses" viewBox="0 0 16 16"> | |
| <path d="M4 6a2 2 0 1 1 0 4 2 2 0 0 1 0-4zm2.625.547a3 3 0 0 0-5.584.953H.5a.5.5 0 0 0 0 1h.541A3 3 0 0 0 7 8a1 1 0 0 1 2 0 3 3 0 0 0 5.959.5h.541a.5.5 0 0 0 0-1h-.541a3 3 0 0 0-5.584-.953A1.993 1.993 0 0 0 8 6c-.532 0-1.016.208-1.375.547zM14 8a2 2 0 1 1-4 0 2 2 0 0 1 4 0z"/> | |
| <title>Preview</title> | |
| </svg> | |
| """ | |
| to_b64_icon = """ | |
| <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-file-code" viewBox="0 0 16 16"> | |
| <path d="M6.646 5.646a.5.5 0 1 1 .708.708L5.707 8l1.647 1.646a.5.5 0 0 1-.708.708l-2-2a.5.5 0 0 1 0-.708l2-2zm2.708 0a.5.5 0 1 0-.708.708L10.293 8 8.646 9.646a.5.5 0 0 0 .708.708l2-2a.5.5 0 0 0 0-.708l-2-2z"/> | |
| <path d="M2 2a2 2 0 0 1 2-2h8a2 2 0 0 1 2 2v12a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V2zm10-1H4a1 1 0 0 0-1 1v12a1 1 0 0 0 1 1h8a1 1 0 0 0 1-1V2a1 1 0 0 0-1-1z"/> | |
| <title>Convert to Base64</title> | |
| </svg> | |
| """ | |
| # Use a file in case app crashes, last pasted input remains | |
| with open('clipboard', 'r') as f: | |
| text = f.read() | |
| downloads = {} | |
| for download in os.listdir('./static'): # web.py automatically treats files in static directory as such | |
| path = './static/' + download | |
| size = os.stat(path).st_size | |
| if size > 1024: | |
| size = str(ceil(size / 1024)) + 'K' | |
| else: | |
| size = str(size) + 'B' | |
| md5sum = md5(open(path, 'rb').read()).hexdigest() | |
| ctime = datetime.fromtimestamp(os.stat(path).st_ctime).strftime('%d %b %Y %H:%M:%S') | |
| downloads[download] = [path, size, ctime, md5sum] | |
| # Sort the download list by date, descending | |
| downloads = dict(sorted(downloads.items(), key=lambda item: item[1][2], reverse=True)) | |
| template = Environment(loader=BaseLoader).from_string(TEMPLATE) | |
| return template.render(text=text, | |
| host=host, | |
| downloads=downloads, | |
| download_icon=download_icon, | |
| preview_icon=preview_icon, | |
| to_b64_icon=to_b64_icon) | |
| def POST(self): | |
| # If user wants to simply paste text to the "clipboard" | |
| # Use a file in case app crashes, last pasted input remains | |
| if all([k in ['paste', 'text'] for k in web.input().keys()]): | |
| text = web.input().get('text') # Don't care if it's empty | |
| with open('clipboard', 'w') as f: | |
| f.write(text) | |
| raise web.seeother('/') | |
| # If user wants to save pasted text to a text file | |
| if all([k in ['save_text', 'text'] for k in web.input().keys()]): | |
| text = web.input().get('text') | |
| if text: | |
| filename = datetime.now().strftime('%d%b%Y_%H%M%S.txt') | |
| with open('./static/' + filename, 'w') as f: | |
| f.write(text) | |
| raise web.seeother('/') | |
| else: | |
| raise web.seeother('/') | |
| # If user wants to save a Base64-encoded blob as a (decoded) file | |
| if all([k in ['save_b64', 'text'] for k in web.input().keys()]): | |
| text = web.input().get('text').encode() | |
| if text: | |
| filename = datetime.now().strftime('%d%b%Y_%H%M%S') | |
| data = base64.b64decode(text) | |
| with open('./static/' + filename, 'wb') as f: | |
| f.write(data) | |
| raise web.seeother('/') | |
| else: | |
| raise web.seeother('/') | |
| file = web.input().get('upload') | |
| if file: | |
| ul = web.input(upload={}) | |
| storage_dir = './static' | |
| if 'upload' in ul: | |
| filepath = ul.upload.filename.replace('\\', '/') | |
| filename = filepath.split('/')[-1] | |
| file_out = open(storage_dir + '/' + filename, 'wb') | |
| file_out.write(ul.upload.file.read()) | |
| raise web.seeother('/') | |
| return | |
| if __name__ == '__main__': | |
| if not os.path.exists('./clipboard'): | |
| with open('./clipboard', 'wb') as f: | |
| f.write(b'') | |
| if not os.path.exists('./static/'): | |
| os.mkdir('./static') | |
| app = web.application(urls, globals()) | |
| app.run() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment