Flaskup! is a simple Flask application to share files with your friends. You upload files through an HTML form, and you get back a link to download the file. You can do whatever you want with the link (copy it in an email or in your prefered chat app, it's up to you).
- Python 2.7 (may work with other versions but not tested, feedbacks are welcome)
- Flask
- Flask-Babel
- Flask-Mail
- simplejson
Install from PyPI:
pip install flaskup
or directly from the Git repository (to have latest features):
git clone https://github.com/lmeunier/flaskup.git cd flaskup python setup.py install
You MUST set the environment variable FLASKUP_CONFIG that point to a valid python file. In this file you will be able to customize the configuration for Flaskup!, Flask and the Flask extensions.
- FLASKUP_TITLE: personnalize the title of this webapp (default: 'Flaskup!')
- FLASKUP_UPLOAD_FOLDER: the root folder where you want to store uploaded files (default: /tmp/flaskup).
- FLASKUP_MAX_DAYS: the maximum number of days a file will be available, the file will be deleted after FLASKUP_MAX_DAYS days (default: 30).
- FLASKUP_MAX_CONTACTS: limit contacts number, if the user gives more contacts, they will be silently discarded (default: 10 ; 0 means 'no contacts' and the textarea won't be displayed)
- FLASKUP_KEY_LENGTH: the lenght of the generated key used to identify a file (default: 6 -- more than 2 billions keys)
- FLASKUP_DELETE_KEY_LENGTH: the length of the generated key used to authenticate the owner of a file before deleting it (default: 4 -- more than 1 million keys)
- FLASKUP_ADMINS: list with email address of the administrators of Flaskup!, this is currently used only to send mails when an error occurs (default: [], empty list)
- FLASKUP_NOTIFY: list all actions that should send an email notification to
the admins (default: [], no notification)
- add: a new file has been uploaded
- delete: a file has been deleted
- FLASKUP_NGINX_UPLOAD_MODULE_ENABLED: indicate whether you want to enable support for the Nginx upload-module (default: False)
- FLASKUP_NGINX_UPLOAD_MODULE_STORE: must be set to the upload_store of the Nginx upload-module (default: None)
- FLASKUP_UPLOAD_PASSWORDS: a list of tuples, each tuple contains a password and an identifier (default: [], no password required)
- FLASKUP_UPLOAD_PASSWORDS_CHECK: method to check a submitted password against passwords in FLASKUP_UPLOAD_PASSWORDS (default: use cleartext passwords)
http://flask.pocoo.org/docs/config/#builtin-configuration-values
You must at least define the SECRET_KEY. To generate a good secret key, you can use a cryptographic random generator:
>>> import os
>>> os.urandom(24)
'_\x12\xab\x90D\xc4\xfd{\xd9\xe2\xf3-\xa8\xd3\x1d\x1ej\x8b\x13x\x8ce\xc5\xe0'
https://pythonhosted.org/Flask-Babel/#configuration
https://pythonhosted.org/Flask-Mail/#configuring-flask-mail
# -*- coding: utf-8 -*-
from passlib.hash import bcrypt
DEBUG = True
SECRET_KEY = '_\x12\xab\x90D\xc4\xfd{\xd9\xe2\xf3-\xa8\xd3\x1d\x1ej\x8b\x13x\x8ce\xc5\xe0'
FLASKUP_UPLOAD_FOLDER = '/srv/flaskup/data'
FLASKUP_MAX_DAYS = 10
FLASKUP_KEY_LENGTH = 4
MAIL_DEFAULT_SENDER = 'flaskup@example.com'
FLASKUP_ADMINS = ['admin@example.com', 'admin@example.org']
FLASKUP_NOTIFY = ['add', 'delete']
FLASKUP_UPLOAD_PASSWORDS = [
('$2a$12$oIWeziyq4wjF08gntfU4w.AQZfYbbQoK7y13ParN83G7ta.qtN2.e', 'pw1'),
('$2a$12$zQ/hzog/iYr49fbo0mitS.y9f.uHP.7IyqWgk5/S1Ict50HRl4XxW', 'pw2'),
]
FLASKUP_UPLOAD_PASSWORDS_CHECK = bcrypt.verify
Use your favorite WSGI server to run Flaskup! (the WSGI application is flaskup:app). For example, to use Flaskup! with Gunicorn:
gunicorn --bind=127.0.0.1:8001 flaskup:app
Alternatively, you can start Flaskup! with the builtin Flask webserver (for testing or developpement only).
create a file run-server.py:
from flaskup import app app.run()
run it:
python run-server.py
Flaskup! comes with the command line tool flaskup. This tool is a generic
python script to call actions. Currently the only available action is clean.
. /path/to/env/bin/activate export FLASKUP_CONFIG=/path/to/my/flaskup_config.py flaskup clean
The password protection in Flaskup! is a very simple mechanism to force users to submit a valid password when they upload a file.
Valid passwords are stored in a tuple (with a password identifier), those tuples are stored as a list in FLASKUP_UPLOAD_PASSWORDS. If FLASKUP_UPLOAD_PASSWORDS is empty, then no valid password are required and anybody can upload a file.
FLASKUP_UPLOAD_PASSWORDS = [
('password1', 'identifier for password 1'),
('secretpassword2', 'identifier for password 2'),
]
The password identifier is stored in the *.data.json file next to the uploaded file. This permits to identify which password was used to upload the file.
A password is never required to download files, only to upload them.
By default, Flaskup! will treat passwords from FLASKUP_UPLOAD_PASSWORDS as cleartext (not hashed). If you want to put hashed passwords in FLASKUP_UPLOAD_PASSWORDS, you must define FLASKUP_UPLOAD_PASSWORDS_CHECK.
FLASKUP_UPLOAD_PASSWORDS_CHECK must be a reference to a method that accepts two arguments: the user submitted password and the hashed password (from FLASKUP_UPLOAD_PASSWORDS), and then returns True if passwords match, else False.
from passlib.hash import bcrypt
FLASKUP_UPLOAD_PASSWORDS = [
('$2a$12$oIWeziyq4wjF08gntfU4w.AQZfYbbQoK7y13ParN83G7ta.qtN2.e', 'pw1'),
('$2a$12$zQ/hzog/iYr49fbo0mitS.y9f.uHP.7IyqWgk5/S1Ict50HRl4XxW', 'pw2'),
]
FLASKUP_UPLOAD_PASSWORDS_CHECK = bcrypt.verify
If you are using Nginx with the upload-module, you can configure it to efficiently upload files to Flaskup!. Using this module is recommended when you need to deal with large files: the whole POST is not decoded in Python and the uploaded file is moved just one time (with the normal file upload mechanism the file is re-sent from Nginx to your WSGI server, and then it is copied to the final destination).
You must define the two following configuration values:
- FLASKUP_NGINX_UPLOAD_MODULE_ENABLED: must be set to True
- FLASKUP_NGINX_UPLOAD_MODULE_STORE: must be set to the upload_store of the upload-module
Example configuration:
FLASKUP_NGINX_UPLOAD_MODULE_ENABLED = True FLASKUP_NGINX_UPLOAD_MODULE_STORE = /tmp/nginx_upload_module
- be sure that you compiled Nginx with the upload-module
- create a folder where uploaded files will be stored, preferably on the same disk or partition as FLASKUP_UPLOAD_FOLDER to avoid unnecessary I/O operations (this folder is named upload_store in your Nginx config)
- check permissions on the upload_store folder: users running Nginx and Flaskup! must have read/write permissions
- edit your configuration file (add the /upload location)
Example configuration:
server {
listen [::]:80;
server_name "flaskup.example.com";
client_max_body_size 2g;
access_log /var/log/nginx/flaskup_access.log combined;
error_log /var/log/nginx/flaskup_error.log;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
location /static/ {
alias /path/to/env/lib/python2.7/site-packages/flaskup/static/;
}
location = /upload {
upload_pass @upstream;
upload_store /tmp/nginx_upload_module;
upload_store_access user:rw;
upload_set_form_field $upload_field_name.name "$upload_file_name";
upload_set_form_field $upload_field_name.path "$upload_tmp_path";
upload_pass_form_field "^myemail$|^mycontacts$";
upload_cleanup 400-599;
}
location / {
proxy_pass http://127.0.0.1:8000;
}
location @upstream {
proxy_pass http://127.0.0.1:8000;
}
}
Flaskup! is maintained by Laurent Meunier.
Flaskup! is Copyright (c) 2012 Laurent Meunier. It is free software, and may be redistributed under the terms specified in the LICENSE file (a 3-clause BSD License).
Flaskup! uses Bootstrap (Apache License v2.0) and jQuery (MIT or GPLv2 License).