0bin/zerobin/routes.py

"""
    Script including controller, rooting, and dependency management.
"""

import os

from distutils.util import strtobool

from urllib.parse import urlparse

from datetime import datetime, timedelta

import bottle
from bottle import (
    Bottle,
    static_file,
    view,
    request,
    HTTPResponse,
    redirect,
)

from beaker.middleware import SessionMiddleware

from zerobin import __version__
from zerobin.utils import (
    SettingsValidationError,
    ensure_app_context,
    check_password,
    settings,
)
from zerobin.paste import Paste


ensure_app_context()


GLOBAL_CONTEXT = {
    "settings": settings,
    "VERSION": __version__,
    "pastes_count": Paste.get_pastes_count(),
    "refresh_counter": datetime.now(),
}


app = Bottle()

ADMIN_LOGIN_URL = settings.ADMIN_URL + "login/"


@app.route("/")
@view("home")
def index():
    return GLOBAL_CONTEXT


@app.get("/faq/")
@view("faq")
def faq():
    return GLOBAL_CONTEXT

@app.route("/buy_bitcoin")
@view("buy_bitcoin")
def index():
    return GLOBAL_CONTEXT


@app.get(settings.ADMIN_URL)
@app.post(settings.ADMIN_URL)
@view("admin")
def admin():
    session = request.environ.get("beaker.session")
    if not session or not session.get("is_authenticated"):
        redirect(ADMIN_LOGIN_URL)

    paste_id = request.forms.get("paste", "")
    if paste_id:
        try:
            if "/paste/" in paste_id:
                paste_id = urlparse(paste_id).path.split("/paste/")[-1]
            paste = Paste.load(paste_id)
            paste.delete()
        except (TypeError, ValueError, FileNotFoundError):
            return {
                "status": "error",
                "message": f"Cannot find paste '{paste_id}'",
                **GLOBAL_CONTEXT,
            }

        return {"status": "ok", "message": "Paste deleted", **GLOBAL_CONTEXT}

    return {"status": "ok", "message": "", **GLOBAL_CONTEXT}


@app.get(ADMIN_LOGIN_URL)
@app.post(ADMIN_LOGIN_URL)
@view("login")
def login():

    password = request.forms.get("password")
    if password:
        if not check_password(password):
            return {"status": "error", "message": "Wrong password", **GLOBAL_CONTEXT}

        session = request.environ.get("beaker.session")
        session["is_authenticated"] = True
        session.save()

        redirect(settings.ADMIN_URL)

    return {"status": "ok", **GLOBAL_CONTEXT}


@app.post(settings.ADMIN_URL + "logout/")
@view("logout")
def logout():
    session = request.environ.get("beaker.session")
    session["is_authenticated"] = False
    session.save()
    redirect("/")


@app.post("/paste/create")
def create_paste():

    # Reject what is too small, too big, or what does not seem encrypted to
    # limit a abuses
    content = request.forms.get("content", "")
    if '{"iv":' not in content or not (0 < len(content) < settings.MAX_SIZE):
        return {"status": "error", "message": "Wrong data payload."}

    expiration = request.forms.get("expiration", "burn_after_reading")
    title = request.forms.get("title", "")
    btc_tip_address = request.forms.get("btcTipAddress", "")

    paste = Paste(
        expiration=expiration,
        content=content,
        uuid_length=settings.PASTE_ID_LENGTH,
        title=title,
        btc_tip_address=btc_tip_address,
    )
    paste.save()

    # If refresh time elapsed pick up, update the counter
    if settings.DISPLAY_COUNTER:

        paste.increment_counter()

        now = datetime.now()
        timeout = GLOBAL_CONTEXT["refresh_counter"] + timedelta(
            seconds=settings.REFRESH_COUNTER
        )
        if timeout < now:
            GLOBAL_CONTEXT["pastes_count"] = Paste.get_pastes_count()
            GLOBAL_CONTEXT["refresh_counter"] = now

    return {"status": "ok", "paste": paste.uuid, "owner_key": paste.owner_key}


@app.get("/paste/:paste_id")
@view("paste")
def display_paste(paste_id):

    now = datetime.now()
    keep_alive = False
    try:
        paste = Paste.load(paste_id)
        # Delete the paste if it expired:
        if not isinstance(paste.expiration, datetime):
            # burn_after_reading contains the paste creation date
            # if this read appends 10 seconds after the creation date
            # we don't delete the paste because it means it's the redirection
            # to the paste that happens during the paste creation
            try:
                keep_alive = paste.expiration.split("#")[1]
                keep_alive = datetime.strptime(keep_alive, "%Y-%m-%d %H:%M:%S.%f")
                keep_alive = now < keep_alive + timedelta(seconds=10)
            except IndexError:
                keep_alive = False
            if not keep_alive:
                paste.delete()

        elif paste.expiration < now:
            paste.delete()
            raise ValueError()

    except (TypeError, ValueError):
        return error404(ValueError)

    return {"paste": paste, "keep_alive": keep_alive, **GLOBAL_CONTEXT}


@app.delete("/paste/:paste_id")
def delete_paste(paste_id):

    try:
        paste = Paste.load(paste_id)
    except (TypeError, ValueError):
        return error404(ValueError)

    if paste.owner_key != request.forms.get("owner_key", None):
        return HTTPResponse(status=403, body="Wrong owner key")

    paste.delete()

    return {
        "status": "ok",
        "message": "Paste deleted",
    }


@app.error(404)
@view("404")
def error404(code):
    return GLOBAL_CONTEXT


@app.get("/static/<filename:path>")
def server_static(filename):
    return static_file(filename, root=settings.STATIC_FILES_ROOT)


def get_app(debug=None, config_dir="", data_dir=""):
    """
        Return a tuple (settings, app) configured using passed
        parameters and/or a setting file.
    """

    data_dir = data_dir or os.environ.get("ZEROBIN_DATA_DIR")
    config_dir = config_dir or os.environ.get("ZEROBIN_CONFIG_DIR")

    ensure_app_context(config_dir=config_dir, data_dir=data_dir)

    if debug is None:
        settings.DEBUG = bool(
            strtobool(os.environ.get("ZEROBIN_DEBUG", str(settings.DEBUG)))
        )
    else:
        settings.DEBUG = debug

    settings.DISPLAY_COUNTER = bool(
        os.environ.get("ZEROBIN_DISPLAY_COUNTER", settings.DISPLAY_COUNTER)
    )
    settings.REFRESH_COUNTER = int(
        os.environ.get("ZEROBIN_REFRESH_COUNTER", settings.REFRESH_COUNTER)
    )
    settings.MAX_SIZE = int(os.environ.get("ZEROBIN_MAX_SIZE", settings.MAX_SIZE))
    settings.PASTE_ID_LENGTH = int(
        os.environ.get("ZEROBIN_PASTE_ID_LENGTH", settings.PASTE_ID_LENGTH)
    )

    if settings.PASTE_ID_LENGTH < 4:
        raise SettingsValidationError("PASTE_ID_LENGTH cannot be lower than 4")

    return settings, app


app = SessionMiddleware(
    app,
    {
        "session.type": "file",
        "session.cookie_expires": 300,
        "session.data_dir": settings.SESSIONS_DIR,
        "session.auto": True,
    },
)
New clean layout to be pip installable 2012-05-14 19:17:49 +04:00			`"""`
Merge remove_paste.py and and zerobin.py in cmd.py The two commands have been merged together, using subcommands. `remove_paste` is now accessible with `zerobin delete-paste` `zerobin` is moved to `zerobin runserver` but is still accessible with `zerobin` to keep compatibility with older versions. Unfortunately, clize is not structured to allow default subcommand and the actual implementation is nothing but a hack. 2015-09-18 18:36:14 +03:00			`Script including controller, rooting, and dependency management.`
New clean layout to be pip installable 2012-05-14 19:17:49 +04:00			`"""`

Added documentation, removed some options 2012-05-18 16:29:52 +04:00			`import os`
Porting zerobin to python 3 2015-05-10 20:19:02 +03:00
Update bundling machinery 2020-08-14 19:18:17 +03:00			`from distutils.util import strtobool`
Porting zerobin to python 3 2015-05-10 20:19:02 +03:00
Update bundling machinery 2020-08-14 19:18:17 +03:00			`from urllib.parse import urlparse`
Porting zerobin to python 3 2015-05-10 20:19:02 +03:00
New clean layout to be pip installable 2012-05-14 19:17:49 +04:00			`from datetime import datetime, timedelta`

			`import bottle`
Add empty admin page with login 2020-08-12 16:21:49 +03:00			`from bottle import (`
			`Bottle,`
			`static_file,`
			`view,`
			`request,`
			`HTTPResponse,`
			`redirect,`
			`)`
New clean layout to be pip installable 2012-05-14 19:17:49 +04:00
WIP: add admin views 2020-08-12 10:19:38 +03:00			`from beaker.middleware import SessionMiddleware`

			`from zerobin import __version__`
			`from zerobin.utils import (`
			`SettingsValidationError,`
Put config app dir 2020-08-13 15:36:42 +03:00			`ensure_app_context,`
WIP: add admin views 2020-08-12 10:19:38 +03:00			`check_password,`
Put config app dir 2020-08-13 15:36:42 +03:00			`settings,`
WIP: add admin views 2020-08-12 10:19:38 +03:00			`)`
Porting zerobin to python 3 2015-05-10 20:19:02 +03:00			`from zerobin.paste import Paste`
New clean layout to be pip installable 2012-05-14 19:17:49 +04:00

Put config app dir 2020-08-13 15:36:42 +03:00			`ensure_app_context()`
WIP: add admin views 2020-08-12 10:19:38 +03:00

New clean layout to be pip installable 2012-05-14 19:17:49 +04:00			`GLOBAL_CONTEXT = {`
jQuery fully removed, clipboard fixed 2020-08-11 12:55:29 +03:00			`"settings": settings,`
Add delete paste 2020-08-11 17:37:03 +03:00			`"VERSION": __version__,`
jQuery fully removed, clipboard fixed 2020-08-11 12:55:29 +03:00			`"pastes_count": Paste.get_pastes_count(),`
			`"refresh_counter": datetime.now(),`
New clean layout to be pip installable 2012-05-14 19:17:49 +04:00			`}`
Prevent 0bin to crash if the locale formatting is not supported. Moved get_pastes_count into the Paste class. Added 0bin version as query parameter in the scrip and css tags URL 2012-05-22 16:39:34 +04:00
New clean layout to be pip installable 2012-05-14 19:17:49 +04:00
Add empty admin page with login 2020-08-12 16:21:49 +03:00			`app = Bottle()`

			`ADMIN_LOGIN_URL = settings.ADMIN_URL + "login/"`
WIP: add admin views 2020-08-12 10:19:38 +03:00

jQuery fully removed, clipboard fixed 2020-08-11 12:55:29 +03:00			`@app.route("/")`
			`@view("home")`
New clean layout to be pip installable 2012-05-14 19:17:49 +04:00			`def index():`
			`return GLOBAL_CONTEXT`


Add empty admin page with login 2020-08-12 16:21:49 +03:00			`@app.get("/faq/")`
jQuery fully removed, clipboard fixed 2020-08-11 12:55:29 +03:00			`@view("faq")`
counter first version 2012-05-21 19:14:01 +04:00			`def faq():`
Added faq 2012-05-21 14:25:24 +04:00			`return GLOBAL_CONTEXT`

buy bitcoin guide 2020-08-18 10:17:58 +03:00			`@app.route("/buy_bitcoin")`
			`@view("buy_bitcoin")`
			`def index():`
			`return GLOBAL_CONTEXT`

Added faq 2012-05-21 14:25:24 +04:00
Add empty admin page with login 2020-08-12 16:21:49 +03:00			`@app.get(settings.ADMIN_URL)`
			`@app.post(settings.ADMIN_URL)`
WIP: add admin views 2020-08-12 10:19:38 +03:00			`@view("admin")`
			`def admin():`
			`session = request.environ.get("beaker.session")`
			`if not session or not session.get("is_authenticated"):`
Add empty admin page with login 2020-08-12 16:21:49 +03:00			`redirect(ADMIN_LOGIN_URL)`

			`paste_id = request.forms.get("paste", "")`
			`if paste_id:`
			`try:`
			`if "/paste/" in paste_id:`
Delete paste in admin 2020-08-12 16:39:07 +03:00			`paste_id = urlparse(paste_id).path.split("/paste/")[-1]`
Add empty admin page with login 2020-08-12 16:21:49 +03:00			`paste = Paste.load(paste_id)`
			`paste.delete()`
			`except (TypeError, ValueError, FileNotFoundError):`
Delete paste in admin 2020-08-12 16:39:07 +03:00			`return {`
			`"status": "error",`
			`"message": f"Cannot find paste '{paste_id}'",`
			`**GLOBAL_CONTEXT,`
			`}`
WIP: add admin views 2020-08-12 10:19:38 +03:00
Delete paste in admin 2020-08-12 16:39:07 +03:00			`return {"status": "ok", "message": "Paste deleted", **GLOBAL_CONTEXT}`
WIP: add admin views 2020-08-12 10:19:38 +03:00
Add paste title 2020-08-14 16:08:55 +03:00			`return {"status": "ok", "message": "", **GLOBAL_CONTEXT}`
WIP: add admin views 2020-08-12 10:19:38 +03:00

Add empty admin page with login 2020-08-12 16:21:49 +03:00			`@app.get(ADMIN_LOGIN_URL)`
			`@app.post(ADMIN_LOGIN_URL)`
			`@view("login")`
WIP: add admin views 2020-08-12 10:19:38 +03:00			`def login():`

			`password = request.forms.get("password")`
			`if password:`
			`if not check_password(password):`
Add empty admin page with login 2020-08-12 16:21:49 +03:00			`return {"status": "error", "message": "Wrong password", **GLOBAL_CONTEXT}`
WIP: add admin views 2020-08-12 10:19:38 +03:00
			`session = request.environ.get("beaker.session")`
			`session["is_authenticated"] = True`
			`session.save()`

			`redirect(settings.ADMIN_URL)`
Add empty admin page with login 2020-08-12 16:21:49 +03:00
			`return {"status": "ok", **GLOBAL_CONTEXT}`
WIP: add admin views 2020-08-12 10:19:38 +03:00

Add empty admin page with login 2020-08-12 16:21:49 +03:00			`@app.post(settings.ADMIN_URL + "logout/")`
			`@view("logout")`
			`def logout():`
			`session = request.environ.get("beaker.session")`
			`session["is_authenticated"] = False`
			`session.save()`
			`redirect("/")`


			`@app.post("/paste/create")`
New clean layout to be pip installable 2012-05-14 19:17:49 +04:00			`def create_paste():`
jQuery fully removed, clipboard fixed 2020-08-11 12:55:29 +03:00
Add paste title 2020-08-14 16:08:55 +03:00			`# Reject what is too small, too big, or what does not seem encrypted to`
			`# limit a abuses`
			`content = request.forms.get("content", "")`
			`if '{"iv":' not in content or not (0 < len(content) < settings.MAX_SIZE):`
jQuery fully removed, clipboard fixed 2020-08-11 12:55:29 +03:00			`return {"status": "error", "message": "Wrong data payload."}`
Porting zerobin to python 3 2015-05-10 20:19:02 +03:00
Add paste title 2020-08-14 16:08:55 +03:00			`expiration = request.forms.get("expiration", "burn_after_reading")`
			`title = request.forms.get("title", "")`
Add btc tip 2020-08-14 17:41:45 +03:00			`btc_tip_address = request.forms.get("btcTipAddress", "")`
Porting zerobin to python 3 2015-05-10 20:19:02 +03:00
Add paste title 2020-08-14 16:08:55 +03:00			`paste = Paste(`
			`expiration=expiration,`
			`content=content,`
			`uuid_length=settings.PASTE_ID_LENGTH,`
			`title=title,`
Add btc tip 2020-08-14 17:41:45 +03:00			`btc_tip_address=btc_tip_address,`
Add paste title 2020-08-14 16:08:55 +03:00			`)`
			`paste.save()`
Porting zerobin to python 3 2015-05-10 20:19:02 +03:00
Add paste title 2020-08-14 16:08:55 +03:00			`# If refresh time elapsed pick up, update the counter`
			`if settings.DISPLAY_COUNTER:`
Porting zerobin to python 3 2015-05-10 20:19:02 +03:00
Add paste title 2020-08-14 16:08:55 +03:00			`paste.increment_counter()`
Porting zerobin to python 3 2015-05-10 20:19:02 +03:00
Add paste title 2020-08-14 16:08:55 +03:00			`now = datetime.now()`
			`timeout = GLOBAL_CONTEXT["refresh_counter"] + timedelta(`
			`seconds=settings.REFRESH_COUNTER`
			`)`
			`if timeout < now:`
			`GLOBAL_CONTEXT["pastes_count"] = Paste.get_pastes_count()`
			`GLOBAL_CONTEXT["refresh_counter"] = now`
New clean layout to be pip installable 2012-05-14 19:17:49 +04:00
Add paste title 2020-08-14 16:08:55 +03:00			`return {"status": "ok", "paste": paste.uuid, "owner_key": paste.owner_key}`
New clean layout to be pip installable 2012-05-14 19:17:49 +04:00

Add empty admin page with login 2020-08-12 16:21:49 +03:00			`@app.get("/paste/:paste_id")`
jQuery fully removed, clipboard fixed 2020-08-11 12:55:29 +03:00			`@view("paste")`
New clean layout to be pip installable 2012-05-14 19:17:49 +04:00			`def display_paste(paste_id):`

			`now = datetime.now()`
			`keep_alive = False`
			`try:`
			`paste = Paste.load(paste_id)`
			`# Delete the paste if it expired:`
Porting zerobin to python 3 2015-05-10 20:19:02 +03:00			`if not isinstance(paste.expiration, datetime):`
New clean layout to be pip installable 2012-05-14 19:17:49 +04:00			`# burn_after_reading contains the paste creation date`
			`# if this read appends 10 seconds after the creation date`
			`# we don't delete the paste because it means it's the redirection`
			`# to the paste that happens during the paste creation`
			`try:`
jQuery fully removed, clipboard fixed 2020-08-11 12:55:29 +03:00			`keep_alive = paste.expiration.split("#")[1]`
			`keep_alive = datetime.strptime(keep_alive, "%Y-%m-%d %H:%M:%S.%f")`
New clean layout to be pip installable 2012-05-14 19:17:49 +04:00			`keep_alive = now < keep_alive + timedelta(seconds=10)`
			`except IndexError:`
			`keep_alive = False`
			`if not keep_alive:`
			`paste.delete()`

			`elif paste.expiration < now:`
			`paste.delete()`
			`raise ValueError()`

			`except (TypeError, ValueError):`
			`return error404(ValueError)`

WIP: add admin views 2020-08-12 10:19:38 +03:00			`return {"paste": paste, "keep_alive": keep_alive, **GLOBAL_CONTEXT}`
New clean layout to be pip installable 2012-05-14 19:17:49 +04:00

Add empty admin page with login 2020-08-12 16:21:49 +03:00			`@app.delete("/paste/:paste_id")`
Add delete paste 2020-08-11 17:37:03 +03:00			`def delete_paste(paste_id):`

			`try:`
			`paste = Paste.load(paste_id)`
			`except (TypeError, ValueError):`
			`return error404(ValueError)`

			`if paste.owner_key != request.forms.get("owner_key", None):`
			`return HTTPResponse(status=403, body="Wrong owner key")`

			`paste.delete()`

			`return {`
			`"status": "ok",`
			`"message": "Paste deleted",`
			`}`


New clean layout to be pip installable 2012-05-14 19:17:49 +04:00			`@app.error(404)`
jQuery fully removed, clipboard fixed 2020-08-11 12:55:29 +03:00			`@view("404")`
New clean layout to be pip installable 2012-05-14 19:17:49 +04:00			`def error404(code):`
			`return GLOBAL_CONTEXT`


Add empty admin page with login 2020-08-12 16:21:49 +03:00			`@app.get("/static/<filename:path>")`
Added documentation, removed some options 2012-05-18 16:29:52 +04:00			`def server_static(filename):`
			`return static_file(filename, root=settings.STATIC_FILES_ROOT)`


Put config app dir 2020-08-13 15:36:42 +03:00			`def get_app(debug=None, config_dir="", data_dir=""):`
Documentation is now exhaustive and zerobin is apache friendly 2012-05-19 00:18:40 +04:00			`"""`
#17 - Add drag and drop file support. On the upload of an image, display it. 2013-01-19 20:05:37 +04:00			`Return a tuple (settings, app) configured using passed`
			`parameters and/or a setting file.`
Documentation is now exhaustive and zerobin is apache friendly 2012-05-19 00:18:40 +04:00			`"""`
Moved deployment scripts in a dedicated directory. Added an importable wsgi.py module (app.wsgi works only for Apache, and now imports wsgi.py) and a script for gunicorn. Settings file can now be specified using an environnement variable. 2013-07-03 13:12:12 +04:00
Put config app dir 2020-08-13 15:36:42 +03:00			`data_dir = data_dir or os.environ.get("ZEROBIN_DATA_DIR")`
			`config_dir = config_dir or os.environ.get("ZEROBIN_CONFIG_DIR")`
Use base64-like (dashes in place of slashes) paste-ids with (configurable) 8-char length limit 2013-04-29 22:17:37 +04:00
Put config app dir 2020-08-13 15:36:42 +03:00			`ensure_app_context(config_dir=config_dir, data_dir=data_dir)`
Static files can now be compressed 2012-05-17 13:13:40 +04:00
Update bundling machinery 2020-08-14 19:18:17 +03:00			`if debug is None:`
			`settings.DEBUG = bool(`
			`strtobool(os.environ.get("ZEROBIN_DEBUG", str(settings.DEBUG)))`
			`)`
			`else:`
			`settings.DEBUG = debug`
Static files can now be compressed 2012-05-17 13:13:40 +04:00
Put config app dir 2020-08-13 15:36:42 +03:00			`settings.DISPLAY_COUNTER = bool(`
			`os.environ.get("ZEROBIN_DISPLAY_COUNTER", settings.DISPLAY_COUNTER)`
			`)`
			`settings.REFRESH_COUNTER = int(`
			`os.environ.get("ZEROBIN_REFRESH_COUNTER", settings.REFRESH_COUNTER)`
			`)`
			`settings.MAX_SIZE = int(os.environ.get("ZEROBIN_MAX_SIZE", settings.MAX_SIZE))`
			`settings.PASTE_ID_LENGTH = int(`
			`os.environ.get("ZEROBIN_PASTE_ID_LENGTH", settings.PASTE_ID_LENGTH)`
			`)`
New clean layout to be pip installable 2012-05-14 19:17:49 +04:00
Put config app dir 2020-08-13 15:36:42 +03:00			`if settings.PASTE_ID_LENGTH < 4:`
			`raise SettingsValidationError("PASTE_ID_LENGTH cannot be lower than 4")`
Documentation is now exhaustive and zerobin is apache friendly 2012-05-19 00:18:40 +04:00
			`return settings, app`
Add empty admin page with login 2020-08-12 16:21:49 +03:00

			`app = SessionMiddleware(`
			`app,`
			`{`
			`"session.type": "file",`
			`"session.cookie_expires": 300,`
			`"session.data_dir": settings.SESSIONS_DIR,`
			`"session.auto": True,`
			`},`
			`)`