# HG changeset patch # User k0s # Date 1261946271 18000 # Node ID 0b5fce45208773eec5e3e1746de7261227e33cd4 # Parent a02c4fcd70010ed11d49e91f1c39f600d95910a5 include handling of subpaths diff -r a02c4fcd7001 -r 0b5fce452087 setup.py --- a/setup.py Sun Dec 27 13:29:27 2009 -0500 +++ b/setup.py Sun Dec 27 15:37:51 2009 -0500 @@ -1,7 +1,7 @@ from setuptools import setup, find_packages import sys, os -version = "0.1" +version = "0.2" setup(name='uploader', version=version, diff -r a02c4fcd7001 -r 0b5fce452087 uploader/dispatcher.py --- a/uploader/dispatcher.py Sun Dec 27 13:29:27 2009 -0500 +++ b/uploader/dispatcher.py Sun Dec 27 15:37:51 2009 -0500 @@ -3,21 +3,30 @@ """ import os -from handlers import Get, Post +from handlers import Get, Post, SubpathGet, SubpathPost from webob import Request, exc class Dispatcher(object): ### class level variables defaults = { 'directory': None, - 'auth': 'False' } + 'auth': 'False', + 'query_string': None, + 'subpath': 'False' } def __init__(self, **kw): for key in self.defaults: setattr(self, key, kw.get(key, self.defaults[key])) - self.handlers = [ Get, Post ] assert os.path.exists(self.directory) self.auth = self.auth.lower() == 'true' + self.subpath = self.subpath.lower() == 'true' + if self.subpath: + if self.query_string: + self.handlers = [ SubpathGet, SubpathPost ] + else: + self.handlers = [ SubpathPost ] + else: + self.handlers = [ Get, Post ] ### methods dealing with HTTP def __call__(self, environ, start_response): @@ -25,7 +34,7 @@ if self.auth and not request.remote_user: return exc.HTTPUnauthorized()(environ, start_response) for h in self.handlers: - if h.match(request): + if h.match(self, request): handler = h(self, request) break else: diff -r a02c4fcd7001 -r 0b5fce452087 uploader/handlers.py --- a/uploader/handlers.py Sun Dec 27 13:29:27 2009 -0500 +++ b/uploader/handlers.py Sun Dec 27 15:37:51 2009 -0500 @@ -24,27 +24,66 @@ class Get(Handler): + form = """""" + @classmethod - def match(cls, request): + def match(cls, app, request): return request.method == 'GET' def __call__(self): - retval = """""" - return Response(content_type='text/html', body=retval) + return Response(content_type='text/html', body=self.form) class Post(Handler): @classmethod - def match(cls, request): + def match(cls, app, request): return request.method == 'POST' + def write(self, fin, path): + assert os.sep not in fin.filename + assert '..' not in fin.filename + fout = file(path, 'w') + fout.write(fin.file.read()) + fout.close() + def __call__(self): fin = self.request.POST['file'] - assert os.sep not in fin.filename - assert '..' not in fin.filename - fout = file(os.path.join(self.app.directory, fin.filename), 'w') - fout.write(fin.file.read()) - fout.close() + _path = os.path.join(self.app.directory, fin.filename) + self.write(self, fin, _path) self.redirect(self.link('/')) + +def path(directory, request): + if os.sep == '/': + return os.path.join(directory, request.path_info.strip('/')) + return os.path.join(directory, *request.path_info.strip('/').split('/')) + +class SubpathGet(Get): + + @classmethod + def match(cls, app, request): + if request.method != 'GET' or not app.query_string: + return False + if app.query_string not in request.GET: + return False + _path = path(app.directory, request) + if os.path.exists(_path) and os.path.isdir(_path): + return True +class SubpathPost(Post): + + @classmethod + def match(cls, app, request): + if request.method != 'POST': + return False + _path = path(app.directory, request) + if os.path.exists(_path) and os.path.isdir(_path): + return True + + def __call__(self): + fin = self.request.POST['file'] + _path = path(self.app.directory, request) + _path = os.path.join(path, fin.filename) + self.write(self, fin, _path) + self.redirect(self.link(request.path_info)) +