mirror of
https://github.com/mattintech/simplefileupload-server.git
synced 2026-07-11 10:51:53 +00:00
Migrate storage from JSON to SQLite with enhanced MVC architecture
- Replace JSON file storage with SQLite database for improved concurrency and data integrity - Implement repository pattern with dedicated model layer (admin_model, file_model, chunk_model) - Add database.py with automatic migration from existing JSON files - Enable WAL mode for thread-safe concurrent access across Gunicorn workers - Store database files in dedicated db/ folder - Update controllers to use model layer instead of direct JSON access - Add admin authentication system with TOTP 2FA support
This commit is contained in:
3
.gitignore
vendored
3
.gitignore
vendored
@@ -3,6 +3,9 @@ tmp/
|
||||
uploads/
|
||||
file_metadata.json
|
||||
chunk_metadata.json
|
||||
admin_data.json
|
||||
*.backup
|
||||
db/
|
||||
.env
|
||||
|
||||
# Python
|
||||
|
||||
19
src/app.py
19
src/app.py
@@ -1,5 +1,6 @@
|
||||
import os
|
||||
from functools import wraps
|
||||
from datetime import timedelta
|
||||
from flask import Flask, request, jsonify, send_from_directory
|
||||
from werkzeug.utils import secure_filename
|
||||
import utils.mLogger as log
|
||||
@@ -8,15 +9,26 @@ from controllers.file_controller import (
|
||||
start_chunked_upload, upload_chunk, verify_chunks, complete_chunked_upload,
|
||||
cleanup_expired_files, cleanup_abandoned_uploads
|
||||
)
|
||||
from controllers.admin_controller import (
|
||||
setup_admin, setup_admin_totp, admin_login, admin_dashboard, admin_logout
|
||||
)
|
||||
from views import views
|
||||
from models import init_db, migrate_from_json
|
||||
|
||||
app = Flask(__name__)
|
||||
app.config['UPLOAD_FOLDER'] = 'tmp/uploads'
|
||||
app.config['CLIENT_KEY'] = os.environ.get('CLIENT_KEY', 'default-secret-key')
|
||||
app.config['SECRET_KEY'] = os.environ.get('SECRET_KEY', os.urandom(24).hex())
|
||||
app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(hours=24)
|
||||
|
||||
if not os.path.exists(app.config['UPLOAD_FOLDER']):
|
||||
os.makedirs(app.config['UPLOAD_FOLDER'])
|
||||
|
||||
# Initialize database
|
||||
log.i("Initializing database...")
|
||||
init_db()
|
||||
migrate_from_json()
|
||||
|
||||
# Run cleanup on startup
|
||||
cleanup_expired_files()
|
||||
cleanup_abandoned_uploads()
|
||||
@@ -53,6 +65,13 @@ app.route('/download/<code>', methods=['GET'])(download_file)
|
||||
# Route for deleting the file
|
||||
app.route('/delete/<code>', methods=['DELETE'])(delete_file)
|
||||
|
||||
# Admin routes
|
||||
app.route('/admin/setup', methods=['GET', 'POST'], endpoint='setup_admin')(setup_admin)
|
||||
app.route('/admin/setup/totp', methods=['GET', 'POST'], endpoint='setup_admin_totp')(setup_admin_totp)
|
||||
app.route('/admin/login', methods=['GET', 'POST'], endpoint='admin_login')(admin_login)
|
||||
app.route('/admin', methods=['GET'], endpoint='admin_dashboard')(admin_dashboard)
|
||||
app.route('/admin/logout', methods=['GET'], endpoint='admin_logout')(admin_logout)
|
||||
|
||||
# Register frontend views
|
||||
app.register_blueprint(views)
|
||||
|
||||
|
||||
227
src/controllers/admin_controller.py
Normal file
227
src/controllers/admin_controller.py
Normal file
@@ -0,0 +1,227 @@
|
||||
import os
|
||||
import pyotp
|
||||
import qrcode
|
||||
import io
|
||||
import base64
|
||||
from functools import wraps
|
||||
from datetime import datetime, timedelta
|
||||
from flask import request, jsonify, render_template, session, redirect, url_for, current_app
|
||||
from werkzeug.security import generate_password_hash, check_password_hash
|
||||
import utils.mLogger as log
|
||||
from models import get_admin, create_admin, model_admin_exists, update_last_login
|
||||
|
||||
def require_admin_auth(f):
|
||||
"""Decorator to require admin authentication"""
|
||||
@wraps(f)
|
||||
def decorated_function(*args, **kwargs):
|
||||
if not session.get('admin_authenticated'):
|
||||
log.w("Unauthorized admin access attempt")
|
||||
return redirect(url_for('admin_login'))
|
||||
return f(*args, **kwargs)
|
||||
return decorated_function
|
||||
|
||||
def admin_exists():
|
||||
"""Check if an admin user has been created"""
|
||||
return model_admin_exists()
|
||||
|
||||
def setup_admin():
|
||||
"""Handle initial admin setup - Step 1: Username and Password"""
|
||||
if admin_exists():
|
||||
log.w("Attempted to access setup page when admin already exists")
|
||||
return redirect(url_for('admin_login'))
|
||||
|
||||
if request.method == 'GET':
|
||||
return render_template('admin_setup.html')
|
||||
|
||||
# POST request - validate and store credentials in session
|
||||
username = request.form.get('username')
|
||||
password = request.form.get('password')
|
||||
confirm_password = request.form.get('confirm_password')
|
||||
|
||||
if not username or not password or not confirm_password:
|
||||
return render_template('admin_setup.html', error='All fields are required')
|
||||
|
||||
if password != confirm_password:
|
||||
return render_template('admin_setup.html', error='Passwords do not match')
|
||||
|
||||
if len(password) < 8:
|
||||
return render_template('admin_setup.html', error='Password must be at least 8 characters')
|
||||
|
||||
# Store credentials in session temporarily
|
||||
session['temp_username'] = username
|
||||
session['temp_password_hash'] = generate_password_hash(password, method='pbkdf2:sha256')
|
||||
|
||||
log.i(f"Admin credentials created for: {username}, proceeding to TOTP setup")
|
||||
return redirect(url_for('setup_admin_totp'))
|
||||
|
||||
def setup_admin_totp():
|
||||
"""Handle TOTP setup - Step 2: Configure Two-Factor Authentication"""
|
||||
if admin_exists():
|
||||
log.w("Attempted to access TOTP setup when admin already exists")
|
||||
return redirect(url_for('admin_login'))
|
||||
|
||||
# Check if step 1 was completed
|
||||
if 'temp_username' not in session:
|
||||
log.w("Attempted to access TOTP setup without completing step 1")
|
||||
return redirect(url_for('setup_admin'))
|
||||
|
||||
username = session.get('temp_username')
|
||||
|
||||
if request.method == 'GET':
|
||||
# Generate TOTP secret
|
||||
totp_secret = pyotp.random_base32()
|
||||
session['temp_totp_secret'] = totp_secret
|
||||
|
||||
# Generate QR code for TOTP setup
|
||||
totp_uri = pyotp.totp.TOTP(totp_secret).provisioning_uri(
|
||||
name=username,
|
||||
issuer_name='Simple File Server'
|
||||
)
|
||||
|
||||
qr = qrcode.QRCode(version=1, box_size=10, border=5)
|
||||
qr.add_data(totp_uri)
|
||||
qr.make(fit=True)
|
||||
img = qr.make_image(fill_color="black", back_color="white")
|
||||
|
||||
# Convert QR code to base64
|
||||
buffer = io.BytesIO()
|
||||
img.save(buffer, format='PNG')
|
||||
qr_base64 = base64.b64encode(buffer.getvalue()).decode()
|
||||
|
||||
return render_template('admin_setup_totp.html',
|
||||
qr_code=qr_base64,
|
||||
totp_secret=totp_secret,
|
||||
username=username)
|
||||
|
||||
# POST request - verify TOTP and complete setup
|
||||
totp_code = request.form.get('totp_code')
|
||||
totp_secret = session.get('temp_totp_secret')
|
||||
password_hash = session.get('temp_password_hash')
|
||||
|
||||
if not totp_code:
|
||||
# Regenerate QR code for error response
|
||||
totp_uri = pyotp.totp.TOTP(totp_secret).provisioning_uri(
|
||||
name=username,
|
||||
issuer_name='Simple File Server'
|
||||
)
|
||||
qr = qrcode.QRCode(version=1, box_size=10, border=5)
|
||||
qr.add_data(totp_uri)
|
||||
qr.make(fit=True)
|
||||
img = qr.make_image(fill_color="black", back_color="white")
|
||||
buffer = io.BytesIO()
|
||||
img.save(buffer, format='PNG')
|
||||
qr_base64 = base64.b64encode(buffer.getvalue()).decode()
|
||||
|
||||
return render_template('admin_setup_totp.html',
|
||||
error='TOTP code is required',
|
||||
qr_code=qr_base64,
|
||||
totp_secret=totp_secret,
|
||||
username=username)
|
||||
|
||||
# Verify TOTP code
|
||||
totp = pyotp.TOTP(totp_secret)
|
||||
if not totp.verify(totp_code, valid_window=1):
|
||||
log.w(f"Failed admin setup: invalid TOTP code for user '{username}'")
|
||||
|
||||
# Regenerate QR code for error response
|
||||
totp_uri = pyotp.totp.TOTP(totp_secret).provisioning_uri(
|
||||
name=username,
|
||||
issuer_name='Simple File Server'
|
||||
)
|
||||
qr = qrcode.QRCode(version=1, box_size=10, border=5)
|
||||
qr.add_data(totp_uri)
|
||||
qr.make(fit=True)
|
||||
img = qr.make_image(fill_color="black", back_color="white")
|
||||
buffer = io.BytesIO()
|
||||
img.save(buffer, format='PNG')
|
||||
qr_base64 = base64.b64encode(buffer.getvalue()).decode()
|
||||
|
||||
return render_template('admin_setup_totp.html',
|
||||
error='Invalid TOTP code. Please check your authenticator app and try again.',
|
||||
qr_code=qr_base64,
|
||||
totp_secret=totp_secret,
|
||||
username=username)
|
||||
|
||||
# TOTP verified - create admin account
|
||||
create_admin(username, password_hash, totp_secret)
|
||||
|
||||
# Clean up session
|
||||
session.pop('temp_username', None)
|
||||
session.pop('temp_password_hash', None)
|
||||
session.pop('temp_totp_secret', None)
|
||||
|
||||
log.i(f"Admin user created: {username}")
|
||||
|
||||
return render_template('admin_setup_complete.html', username=username)
|
||||
|
||||
def admin_login():
|
||||
"""Handle admin login"""
|
||||
if not admin_exists():
|
||||
return redirect(url_for('setup_admin'))
|
||||
|
||||
if session.get('admin_authenticated'):
|
||||
return redirect(url_for('admin_dashboard'))
|
||||
|
||||
if request.method == 'GET':
|
||||
return render_template('admin_login.html')
|
||||
|
||||
# POST request - authenticate
|
||||
username = request.form.get('username')
|
||||
password = request.form.get('password')
|
||||
totp_code = request.form.get('totp_code')
|
||||
|
||||
if not username or not password or not totp_code:
|
||||
return render_template('admin_login.html', error='All fields are required')
|
||||
|
||||
admin_data = get_admin()
|
||||
|
||||
if not admin_data:
|
||||
log.e("Admin data not found during login attempt")
|
||||
return render_template('admin_login.html', error='Invalid credentials')
|
||||
|
||||
# Verify username and password
|
||||
if username != admin_data['username']:
|
||||
log.w(f"Failed login attempt: invalid username '{username}'")
|
||||
return render_template('admin_login.html', error='Invalid credentials')
|
||||
|
||||
if not check_password_hash(admin_data['password_hash'], password):
|
||||
log.w(f"Failed login attempt: invalid password for user '{username}'")
|
||||
return render_template('admin_login.html', error='Invalid credentials')
|
||||
|
||||
# Verify TOTP
|
||||
totp = pyotp.TOTP(admin_data['totp_secret'])
|
||||
if not totp.verify(totp_code, valid_window=1):
|
||||
log.w(f"Failed login attempt: invalid TOTP code for user '{username}'")
|
||||
return render_template('admin_login.html', error='Invalid TOTP code')
|
||||
|
||||
# Authentication successful
|
||||
session['admin_authenticated'] = True
|
||||
session['admin_username'] = username
|
||||
session.permanent = True
|
||||
|
||||
# Update last login time
|
||||
update_last_login(username)
|
||||
|
||||
log.i(f"Admin user logged in: {username}")
|
||||
|
||||
return redirect(url_for('admin_dashboard'))
|
||||
|
||||
def admin_dashboard():
|
||||
"""Display admin dashboard with client key"""
|
||||
if not session.get('admin_authenticated'):
|
||||
return redirect(url_for('admin_login'))
|
||||
|
||||
client_key = current_app.config.get('CLIENT_KEY', 'Not configured')
|
||||
username = session.get('admin_username', 'Admin')
|
||||
|
||||
return render_template('admin_dashboard.html',
|
||||
client_key=client_key,
|
||||
username=username)
|
||||
|
||||
def admin_logout():
|
||||
"""Handle admin logout"""
|
||||
username = session.get('admin_username', 'Unknown')
|
||||
session.pop('admin_authenticated', None)
|
||||
session.pop('admin_username', None)
|
||||
log.i(f"Admin user logged out: {username}")
|
||||
return redirect(url_for('admin_login'))
|
||||
@@ -1,21 +1,24 @@
|
||||
import os
|
||||
import random
|
||||
import string
|
||||
import json
|
||||
import shutil
|
||||
from datetime import datetime, timedelta
|
||||
from flask import request, jsonify, send_from_directory, render_template
|
||||
from werkzeug.utils import secure_filename
|
||||
import utils.mLogger as log
|
||||
from models.file_metadata import FileMetadata
|
||||
from models import (
|
||||
create_file, get_file, increment_download, model_delete_file,
|
||||
cleanup_expired as model_cleanup_expired,
|
||||
create_session, get_session, add_chunk, get_received_chunks,
|
||||
delete_session, cleanup_abandoned as model_cleanup_abandoned,
|
||||
update_received_chunks
|
||||
)
|
||||
|
||||
# Make UPLOAD_FOLDER absolute
|
||||
UPLOAD_FOLDER = os.path.abspath('tmp/uploads')
|
||||
METADATA_FILE = 'file_metadata.json'
|
||||
|
||||
# Constants for chunked uploads
|
||||
CHUNKS_FOLDER = os.path.join(UPLOAD_FOLDER, 'chunks')
|
||||
CHUNK_METADATA_FILE = 'chunk_metadata.json'
|
||||
|
||||
if not os.path.exists(UPLOAD_FOLDER):
|
||||
os.makedirs(UPLOAD_FOLDER)
|
||||
@@ -24,26 +27,6 @@ if not os.path.exists(UPLOAD_FOLDER):
|
||||
if not os.path.exists(CHUNKS_FOLDER):
|
||||
os.makedirs(CHUNKS_FOLDER)
|
||||
|
||||
def load_metadata():
|
||||
if os.path.exists(METADATA_FILE):
|
||||
with open(METADATA_FILE, 'r') as f:
|
||||
return json.load(f)
|
||||
return {}
|
||||
|
||||
def save_metadata(metadata):
|
||||
with open(METADATA_FILE, 'w') as f:
|
||||
json.dump(metadata, f)
|
||||
|
||||
def load_chunk_metadata():
|
||||
if os.path.exists(CHUNK_METADATA_FILE):
|
||||
with open(CHUNK_METADATA_FILE, 'r') as f:
|
||||
return json.load(f)
|
||||
return {}
|
||||
|
||||
def save_chunk_metadata(metadata):
|
||||
with open(CHUNK_METADATA_FILE, 'w') as f:
|
||||
json.dump(metadata, f)
|
||||
|
||||
def generate_unique_code():
|
||||
return ''.join(random.choices(string.ascii_uppercase + string.digits, k=6))
|
||||
|
||||
@@ -71,38 +54,27 @@ def upload_file():
|
||||
# Get metadata from request
|
||||
max_downloads = int(request.form.get('max_downloads', 1))
|
||||
expiry_hours = int(request.form.get('expiry_hours', 24))
|
||||
expiry_time = datetime.now() + timedelta(hours=expiry_hours)
|
||||
|
||||
# Save metadata
|
||||
metadata = load_metadata()
|
||||
metadata[code] = {
|
||||
'filename': filename,
|
||||
'path': file_path,
|
||||
'max_downloads': max_downloads,
|
||||
'downloads': 0,
|
||||
'expiry_time': expiry_time.isoformat()
|
||||
}
|
||||
save_metadata(metadata)
|
||||
# Save metadata to database
|
||||
create_file(code, filename, file_path, max_downloads, expiry_hours)
|
||||
|
||||
return jsonify({'code': code}), 200
|
||||
|
||||
def download_file(code):
|
||||
metadata = load_metadata()
|
||||
file_info = get_file(code)
|
||||
|
||||
if code not in metadata:
|
||||
if not file_info:
|
||||
return render_template('error.html',
|
||||
error_title='Invalid Code',
|
||||
error_message='The code you entered is invalid or incorrect. Please check your code and try again.'
|
||||
), 404
|
||||
|
||||
file_info = metadata[code]
|
||||
file_path = file_info['path']
|
||||
expiry_time = datetime.fromisoformat(file_info['expiry_time'])
|
||||
|
||||
# Check expiry
|
||||
if datetime.now() > expiry_time:
|
||||
del metadata[code]
|
||||
save_metadata(metadata)
|
||||
model_delete_file(code)
|
||||
return render_template('error.html',
|
||||
error_title='File Expired',
|
||||
error_message='This file has expired and is no longer available for download.'
|
||||
@@ -110,31 +82,26 @@ def download_file(code):
|
||||
|
||||
# Check if file exists
|
||||
if not os.path.exists(file_path):
|
||||
del metadata[code]
|
||||
save_metadata(metadata)
|
||||
model_delete_file(code)
|
||||
return render_template('error.html',
|
||||
error_title='File Not Found',
|
||||
error_message='The requested file could not be found on the server.'
|
||||
), 404
|
||||
|
||||
# Increment download counter before checking limit
|
||||
file_info['downloads'] += 1
|
||||
# Increment download counter and get new count
|
||||
new_downloads = increment_download(code)
|
||||
|
||||
# Check if this download puts us over the limit
|
||||
if file_info['downloads'] > file_info['max_downloads']:
|
||||
if new_downloads > file_info['max_downloads']:
|
||||
# Clean up the file and metadata
|
||||
if os.path.exists(file_path):
|
||||
os.remove(file_path)
|
||||
del metadata[code]
|
||||
save_metadata(metadata)
|
||||
model_delete_file(code)
|
||||
return render_template('error.html',
|
||||
error_title='Download Limit Reached',
|
||||
error_message='This file has reached its maximum number of downloads and is no longer available.'
|
||||
), 404
|
||||
|
||||
# Save the updated download count
|
||||
save_metadata(metadata)
|
||||
|
||||
# Serve the file
|
||||
directory = os.path.dirname(file_path)
|
||||
filename = os.path.basename(file_path)
|
||||
@@ -146,52 +113,36 @@ def download_file(code):
|
||||
)
|
||||
|
||||
def delete_file(code):
|
||||
metadata = load_metadata()
|
||||
file_info = get_file(code)
|
||||
|
||||
if code not in metadata:
|
||||
if not file_info:
|
||||
return jsonify({'error': 'Invalid code'}), 404
|
||||
|
||||
file_info = metadata[code]
|
||||
file_path = file_info['path']
|
||||
expiry_time = datetime.fromisoformat(file_info['expiry_time'])
|
||||
|
||||
# Check expiry
|
||||
if datetime.now() > expiry_time:
|
||||
del metadata[code]
|
||||
save_metadata(metadata)
|
||||
model_delete_file(code)
|
||||
return jsonify({'error': 'File already expired'}), 404
|
||||
|
||||
# Check if still downloadable
|
||||
if file_info['downloads'] > file_info['max_downloads']:
|
||||
del metadata[code]
|
||||
save_metadata(metadata)
|
||||
model_delete_file(code)
|
||||
return jsonify({'error': 'File no longer available'}), 404
|
||||
|
||||
# Delete the file
|
||||
if os.path.exists(file_path):
|
||||
os.remove(file_path)
|
||||
|
||||
# Remove from metadata
|
||||
del metadata[code]
|
||||
save_metadata(metadata)
|
||||
# Remove from database
|
||||
model_delete_file(code)
|
||||
log.i(f"File deleted: {code}")
|
||||
|
||||
return jsonify({'message': 'File deleted successfully'}), 200
|
||||
|
||||
def cleanup_expired_files():
|
||||
metadata = load_metadata()
|
||||
updated_metadata = {}
|
||||
|
||||
for code, file_info in metadata.items():
|
||||
expiry_time = datetime.fromisoformat(file_info['expiry_time'])
|
||||
if datetime.now() > expiry_time or file_info['downloads'] >= file_info['max_downloads']:
|
||||
# Remove the file if it exists
|
||||
if os.path.exists(file_info['path']):
|
||||
os.remove(file_info['path'])
|
||||
else:
|
||||
updated_metadata[code] = file_info
|
||||
|
||||
save_metadata(updated_metadata)
|
||||
model_cleanup_expired()
|
||||
log.i("Cleanup completed: Expired and overused files removed.")
|
||||
|
||||
def start_chunked_upload():
|
||||
@@ -209,18 +160,18 @@ def start_chunked_upload():
|
||||
chunk_dir = os.path.join(CHUNKS_FOLDER, upload_id)
|
||||
os.makedirs(chunk_dir)
|
||||
|
||||
# Store upload session metadata
|
||||
metadata = load_chunk_metadata()
|
||||
metadata[upload_id] = {
|
||||
'filename': secure_filename(filename),
|
||||
'total_chunks': int(total_chunks),
|
||||
'received_chunks': [],
|
||||
'created_at': datetime.now().isoformat(),
|
||||
'chunk_dir': chunk_dir,
|
||||
'max_downloads': int(request.form.get('max_downloads', 1)),
|
||||
'expiry_hours': int(request.form.get('expiry_hours', 24))
|
||||
}
|
||||
save_chunk_metadata(metadata)
|
||||
# Store upload session metadata in database
|
||||
max_downloads = int(request.form.get('max_downloads', 1))
|
||||
expiry_hours = int(request.form.get('expiry_hours', 24))
|
||||
|
||||
create_session(
|
||||
upload_id,
|
||||
secure_filename(filename),
|
||||
int(total_chunks),
|
||||
chunk_dir,
|
||||
max_downloads,
|
||||
expiry_hours
|
||||
)
|
||||
|
||||
log.i(f"Started chunked upload session: {upload_id}")
|
||||
return jsonify({'upload_id': upload_id}), 200
|
||||
@@ -238,13 +189,11 @@ def upload_chunk():
|
||||
chunk_index = int(chunk_index)
|
||||
|
||||
# Get upload session metadata
|
||||
metadata = load_chunk_metadata()
|
||||
if upload_id not in metadata:
|
||||
session = get_session(upload_id)
|
||||
if not session:
|
||||
log.e(f"Invalid upload session ID: {upload_id}")
|
||||
return jsonify({'error': 'Invalid upload session'}), 404
|
||||
|
||||
session = metadata[upload_id]
|
||||
|
||||
# Validate chunk index
|
||||
if chunk_index >= session['total_chunks']:
|
||||
log.e(f"Invalid chunk index: {chunk_index}, total_chunks: {session['total_chunks']}")
|
||||
@@ -269,15 +218,11 @@ def upload_chunk():
|
||||
log.e(f"Failed to save chunk {chunk_index} for upload {upload_id}")
|
||||
return jsonify({'error': 'Failed to save chunk'}), 500
|
||||
|
||||
# Update metadata
|
||||
if chunk_index not in session['received_chunks']:
|
||||
session['received_chunks'].append(chunk_index)
|
||||
log.i(f"Added chunk {chunk_index} to received_chunks list for upload {upload_id}")
|
||||
else:
|
||||
log.w(f"Chunk {chunk_index} already in received_chunks list for upload {upload_id}, possible duplicate")
|
||||
# Update metadata - add chunk to received list
|
||||
add_chunk(upload_id, chunk_index)
|
||||
|
||||
metadata[upload_id] = session
|
||||
save_chunk_metadata(metadata)
|
||||
# Get updated session
|
||||
session = get_session(upload_id)
|
||||
|
||||
# If client sent total_chunks, validate it matches what we have
|
||||
if total_chunks and total_chunks.isdigit() and int(total_chunks) != session['total_chunks']:
|
||||
@@ -297,12 +242,10 @@ def complete_chunked_upload():
|
||||
return jsonify({'error': 'Upload ID is required'}), 400
|
||||
|
||||
# Get upload session metadata
|
||||
metadata = load_chunk_metadata()
|
||||
if upload_id not in metadata:
|
||||
session = get_session(upload_id)
|
||||
if not session:
|
||||
return jsonify({'error': 'Invalid upload session'}), 404
|
||||
|
||||
session = metadata[upload_id]
|
||||
|
||||
# Verify all chunks are received by checking if every expected chunk index is in received_chunks
|
||||
expected_chunks = set(range(session['total_chunks']))
|
||||
received_chunks = set(session['received_chunks'])
|
||||
@@ -341,47 +284,19 @@ def complete_chunked_upload():
|
||||
outfile.write(infile.read())
|
||||
|
||||
# Clean up chunks
|
||||
import shutil
|
||||
shutil.rmtree(session['chunk_dir'])
|
||||
del metadata[upload_id]
|
||||
save_chunk_metadata(metadata)
|
||||
delete_session(upload_id)
|
||||
|
||||
# Create regular file metadata
|
||||
code = generate_unique_code()
|
||||
expiry_time = datetime.now() + timedelta(hours=session['expiry_hours'])
|
||||
|
||||
file_metadata = load_metadata()
|
||||
file_metadata[code] = {
|
||||
'filename': final_filename,
|
||||
'path': final_path,
|
||||
'max_downloads': session['max_downloads'],
|
||||
'downloads': 0,
|
||||
'expiry_time': expiry_time.isoformat()
|
||||
}
|
||||
save_metadata(file_metadata)
|
||||
create_file(code, final_filename, final_path, session['max_downloads'], session['expiry_hours'])
|
||||
|
||||
log.i(f"Completed chunked upload {upload_id}, assigned code {code}")
|
||||
return jsonify({'code': code}), 200
|
||||
|
||||
def cleanup_abandoned_uploads():
|
||||
metadata = load_chunk_metadata()
|
||||
current_time = datetime.now()
|
||||
expired_uploads = []
|
||||
|
||||
for upload_id, session in metadata.items():
|
||||
created_at = datetime.fromisoformat(session['created_at'])
|
||||
# Remove uploads older than 24 hours
|
||||
if (current_time - created_at).total_seconds() > 86400:
|
||||
if os.path.exists(session['chunk_dir']):
|
||||
shutil.rmtree(session['chunk_dir'])
|
||||
expired_uploads.append(upload_id)
|
||||
|
||||
for upload_id in expired_uploads:
|
||||
del metadata[upload_id]
|
||||
|
||||
if expired_uploads:
|
||||
save_chunk_metadata(metadata)
|
||||
log.i(f"Cleaned up {len(expired_uploads)} abandoned uploads")
|
||||
model_cleanup_abandoned()
|
||||
|
||||
def verify_chunks():
|
||||
"""Verify which chunks have been received for an upload session"""
|
||||
@@ -392,12 +307,10 @@ def verify_chunks():
|
||||
return jsonify({'error': 'Upload ID is required'}), 400
|
||||
|
||||
# Get upload session metadata
|
||||
metadata = load_chunk_metadata()
|
||||
if upload_id not in metadata:
|
||||
session = get_session(upload_id)
|
||||
if not session:
|
||||
return jsonify({'error': 'Invalid upload session'}), 404
|
||||
|
||||
session = metadata[upload_id]
|
||||
|
||||
# Calculate missing chunks
|
||||
received_chunks = set(session['received_chunks'])
|
||||
all_chunks = set(range(session['total_chunks']))
|
||||
@@ -418,8 +331,7 @@ def verify_chunks():
|
||||
|
||||
# Update metadata if any changes were made
|
||||
if len(received_chunks) != len(session['received_chunks']):
|
||||
metadata[upload_id] = session
|
||||
save_chunk_metadata(metadata)
|
||||
update_received_chunks(upload_id, session['received_chunks'])
|
||||
|
||||
# Return missing chunks information
|
||||
log.i(f"Verified chunks for upload {upload_id}: {len(session['received_chunks'])}/{session['total_chunks']} received")
|
||||
|
||||
@@ -0,0 +1,35 @@
|
||||
from .file_metadata import FileMetadata
|
||||
|
||||
# Database initialization
|
||||
from .database import init_db, get_db_connection, migrate_from_json
|
||||
|
||||
# Admin model functions
|
||||
from .admin_model import (
|
||||
get_admin,
|
||||
create_admin,
|
||||
admin_exists as model_admin_exists,
|
||||
update_last_login
|
||||
)
|
||||
|
||||
# File model functions
|
||||
from .file_model import (
|
||||
create_file,
|
||||
get_file,
|
||||
increment_download,
|
||||
delete_file as model_delete_file,
|
||||
get_expired_files,
|
||||
cleanup_expired,
|
||||
get_all_files
|
||||
)
|
||||
|
||||
# Chunk model functions
|
||||
from .chunk_model import (
|
||||
create_session,
|
||||
get_session,
|
||||
add_chunk,
|
||||
get_received_chunks,
|
||||
delete_session,
|
||||
get_abandoned_sessions,
|
||||
cleanup_abandoned,
|
||||
update_received_chunks
|
||||
)
|
||||
|
||||
91
src/models/admin_model.py
Normal file
91
src/models/admin_model.py
Normal file
@@ -0,0 +1,91 @@
|
||||
import sqlite3
|
||||
from models.database import get_db
|
||||
import utils.mLogger as log
|
||||
|
||||
def get_admin():
|
||||
"""Get admin user data
|
||||
|
||||
Returns:
|
||||
dict: Admin data with keys: username, password_hash, totp_secret, created_at, last_login
|
||||
None: If no admin exists
|
||||
"""
|
||||
try:
|
||||
with get_db() as conn:
|
||||
cursor = conn.cursor()
|
||||
row = cursor.execute("""
|
||||
SELECT username, password_hash, totp_secret, created_at, last_login
|
||||
FROM admin
|
||||
LIMIT 1
|
||||
""").fetchone()
|
||||
|
||||
if row:
|
||||
return dict(row)
|
||||
return None
|
||||
except sqlite3.Error as e:
|
||||
log.e(f"Error getting admin data: {e}")
|
||||
return None
|
||||
|
||||
def create_admin(username, password_hash, totp_secret):
|
||||
"""Create admin user
|
||||
|
||||
Args:
|
||||
username: Admin username
|
||||
password_hash: Hashed password
|
||||
totp_secret: TOTP secret for 2FA
|
||||
|
||||
Returns:
|
||||
bool: True if successful, False otherwise
|
||||
"""
|
||||
try:
|
||||
with get_db() as conn:
|
||||
from datetime import datetime
|
||||
|
||||
conn.execute("""
|
||||
INSERT INTO admin (username, password_hash, totp_secret, created_at)
|
||||
VALUES (?, ?, ?, ?)
|
||||
""", (username, password_hash, totp_secret, datetime.now().isoformat()))
|
||||
|
||||
log.i(f"Admin user created: {username}")
|
||||
return True
|
||||
except sqlite3.Error as e:
|
||||
log.e(f"Error creating admin: {e}")
|
||||
return False
|
||||
|
||||
def admin_exists():
|
||||
"""Check if an admin user has been created
|
||||
|
||||
Returns:
|
||||
bool: True if admin exists, False otherwise
|
||||
"""
|
||||
try:
|
||||
with get_db() as conn:
|
||||
cursor = conn.cursor()
|
||||
count = cursor.execute("SELECT COUNT(*) FROM admin").fetchone()[0]
|
||||
return count > 0
|
||||
except sqlite3.Error as e:
|
||||
log.e(f"Error checking if admin exists: {e}")
|
||||
return False
|
||||
|
||||
def update_last_login(username):
|
||||
"""Update admin's last login time
|
||||
|
||||
Args:
|
||||
username: Admin username
|
||||
|
||||
Returns:
|
||||
bool: True if successful, False otherwise
|
||||
"""
|
||||
try:
|
||||
with get_db() as conn:
|
||||
from datetime import datetime
|
||||
|
||||
conn.execute("""
|
||||
UPDATE admin
|
||||
SET last_login = ?
|
||||
WHERE username = ?
|
||||
""", (datetime.now().isoformat(), username))
|
||||
|
||||
return True
|
||||
except sqlite3.Error as e:
|
||||
log.e(f"Error updating last login: {e}")
|
||||
return False
|
||||
262
src/models/chunk_model.py
Normal file
262
src/models/chunk_model.py
Normal file
@@ -0,0 +1,262 @@
|
||||
import sqlite3
|
||||
import json
|
||||
import os
|
||||
import shutil
|
||||
from datetime import datetime, timedelta
|
||||
from models.database import get_db
|
||||
import utils.mLogger as log
|
||||
|
||||
def create_session(upload_id, filename, total_chunks, chunk_dir, max_downloads, expiry_hours):
|
||||
"""Create a new chunked upload session
|
||||
|
||||
Args:
|
||||
upload_id: 16-character unique upload ID
|
||||
filename: Original filename
|
||||
total_chunks: Total number of chunks expected
|
||||
chunk_dir: Directory where chunks are stored
|
||||
max_downloads: Maximum downloads for final file
|
||||
expiry_hours: Expiry hours for final file
|
||||
|
||||
Returns:
|
||||
bool: True if successful, False otherwise
|
||||
"""
|
||||
try:
|
||||
with get_db() as conn:
|
||||
conn.execute("""
|
||||
INSERT INTO chunk_sessions
|
||||
(upload_id, filename, total_chunks, received_chunks, created_at,
|
||||
chunk_dir, max_downloads, expiry_hours)
|
||||
VALUES (?, ?, ?, '[]', ?, ?, ?, ?)
|
||||
""", (upload_id, filename, total_chunks, datetime.now().isoformat(),
|
||||
chunk_dir, max_downloads, expiry_hours))
|
||||
|
||||
log.i(f"Created chunk session: {upload_id}")
|
||||
return True
|
||||
except sqlite3.Error as e:
|
||||
log.e(f"Error creating chunk session: {e}")
|
||||
return False
|
||||
|
||||
def get_session(upload_id):
|
||||
"""Get chunk upload session data
|
||||
|
||||
Args:
|
||||
upload_id: 16-character upload ID
|
||||
|
||||
Returns:
|
||||
dict: Session data with keys: upload_id, filename, total_chunks, received_chunks (list),
|
||||
created_at, chunk_dir, max_downloads, expiry_hours
|
||||
None: If session not found
|
||||
"""
|
||||
try:
|
||||
with get_db() as conn:
|
||||
cursor = conn.cursor()
|
||||
row = cursor.execute("""
|
||||
SELECT upload_id, filename, total_chunks, received_chunks, created_at,
|
||||
chunk_dir, max_downloads, expiry_hours
|
||||
FROM chunk_sessions
|
||||
WHERE upload_id = ?
|
||||
""", (upload_id,)).fetchone()
|
||||
|
||||
if row:
|
||||
data = dict(row)
|
||||
# Parse received_chunks from JSON string to list
|
||||
data['received_chunks'] = json.loads(data['received_chunks'])
|
||||
return data
|
||||
return None
|
||||
except sqlite3.Error as e:
|
||||
log.e(f"Error getting chunk session {upload_id}: {e}")
|
||||
return None
|
||||
|
||||
def add_chunk(upload_id, chunk_index):
|
||||
"""Add a chunk index to the received chunks list
|
||||
|
||||
Args:
|
||||
upload_id: 16-character upload ID
|
||||
chunk_index: Index of the chunk received
|
||||
|
||||
Returns:
|
||||
bool: True if successful, False otherwise
|
||||
"""
|
||||
try:
|
||||
with get_db() as conn:
|
||||
cursor = conn.cursor()
|
||||
|
||||
# Get current received_chunks
|
||||
row = cursor.execute("""
|
||||
SELECT received_chunks FROM chunk_sessions WHERE upload_id = ?
|
||||
""", (upload_id,)).fetchone()
|
||||
|
||||
if not row:
|
||||
log.e(f"Chunk session not found: {upload_id}")
|
||||
return False
|
||||
|
||||
received = json.loads(row['received_chunks'])
|
||||
|
||||
# Add chunk index if not already present
|
||||
if chunk_index not in received:
|
||||
received.append(chunk_index)
|
||||
|
||||
# Update database
|
||||
cursor.execute("""
|
||||
UPDATE chunk_sessions
|
||||
SET received_chunks = ?
|
||||
WHERE upload_id = ?
|
||||
""", (json.dumps(received), upload_id))
|
||||
|
||||
log.i(f"Added chunk {chunk_index} to session {upload_id}")
|
||||
return True
|
||||
else:
|
||||
log.w(f"Chunk {chunk_index} already in session {upload_id}")
|
||||
return True
|
||||
except sqlite3.Error as e:
|
||||
log.e(f"Error adding chunk to session {upload_id}: {e}")
|
||||
return False
|
||||
|
||||
def get_received_chunks(upload_id):
|
||||
"""Get list of received chunk indices
|
||||
|
||||
Args:
|
||||
upload_id: 16-character upload ID
|
||||
|
||||
Returns:
|
||||
list: List of chunk indices, or None if session not found
|
||||
"""
|
||||
try:
|
||||
with get_db() as conn:
|
||||
cursor = conn.cursor()
|
||||
row = cursor.execute("""
|
||||
SELECT received_chunks FROM chunk_sessions WHERE upload_id = ?
|
||||
""", (upload_id,)).fetchone()
|
||||
|
||||
if row:
|
||||
return json.loads(row['received_chunks'])
|
||||
return None
|
||||
except sqlite3.Error as e:
|
||||
log.e(f"Error getting received chunks for {upload_id}: {e}")
|
||||
return None
|
||||
|
||||
def delete_session(upload_id):
|
||||
"""Delete chunk upload session
|
||||
|
||||
Args:
|
||||
upload_id: 16-character upload ID
|
||||
|
||||
Returns:
|
||||
bool: True if deleted, False if not found or error
|
||||
"""
|
||||
try:
|
||||
with get_db() as conn:
|
||||
cursor = conn.cursor()
|
||||
cursor.execute("DELETE FROM chunk_sessions WHERE upload_id = ?", (upload_id,))
|
||||
|
||||
if cursor.rowcount > 0:
|
||||
log.i(f"Deleted chunk session: {upload_id}")
|
||||
return True
|
||||
return False
|
||||
except sqlite3.Error as e:
|
||||
log.e(f"Error deleting chunk session {upload_id}: {e}")
|
||||
return False
|
||||
|
||||
def get_abandoned_sessions(hours=24):
|
||||
"""Get list of abandoned upload sessions older than specified hours
|
||||
|
||||
Args:
|
||||
hours: Age threshold in hours (default: 24)
|
||||
|
||||
Returns:
|
||||
list: List of dicts with session metadata
|
||||
"""
|
||||
try:
|
||||
with get_db() as conn:
|
||||
cursor = conn.cursor()
|
||||
cutoff_time = (datetime.now() - timedelta(hours=hours)).isoformat()
|
||||
|
||||
rows = cursor.execute("""
|
||||
SELECT upload_id, filename, total_chunks, received_chunks, created_at,
|
||||
chunk_dir, max_downloads, expiry_hours
|
||||
FROM chunk_sessions
|
||||
WHERE created_at < ?
|
||||
""", (cutoff_time,)).fetchall()
|
||||
|
||||
sessions = []
|
||||
for row in rows:
|
||||
data = dict(row)
|
||||
data['received_chunks'] = json.loads(data['received_chunks'])
|
||||
sessions.append(data)
|
||||
|
||||
return sessions
|
||||
except sqlite3.Error as e:
|
||||
log.e(f"Error getting abandoned sessions: {e}")
|
||||
return []
|
||||
|
||||
def cleanup_abandoned(hours=24):
|
||||
"""Delete abandoned upload sessions and their chunk directories
|
||||
|
||||
Args:
|
||||
hours: Age threshold in hours (default: 24)
|
||||
|
||||
Returns:
|
||||
int: Number of sessions cleaned up
|
||||
"""
|
||||
try:
|
||||
# Get abandoned sessions first so we can clean up directories
|
||||
abandoned = get_abandoned_sessions(hours)
|
||||
|
||||
if not abandoned:
|
||||
return 0
|
||||
|
||||
with get_db() as conn:
|
||||
cursor = conn.cursor()
|
||||
cutoff_time = (datetime.now() - timedelta(hours=hours)).isoformat()
|
||||
|
||||
# Delete from database
|
||||
cursor.execute("""
|
||||
DELETE FROM chunk_sessions
|
||||
WHERE created_at < ?
|
||||
""", (cutoff_time,))
|
||||
|
||||
count = cursor.rowcount
|
||||
|
||||
# Delete chunk directories
|
||||
for session in abandoned:
|
||||
if os.path.exists(session['chunk_dir']):
|
||||
try:
|
||||
shutil.rmtree(session['chunk_dir'])
|
||||
log.i(f"Deleted chunk directory: {session['chunk_dir']}")
|
||||
except Exception as e:
|
||||
log.w(f"Could not delete chunk directory {session['chunk_dir']}: {e}")
|
||||
|
||||
if count > 0:
|
||||
log.i(f"Cleaned up {count} abandoned upload session(s)")
|
||||
|
||||
return count
|
||||
except sqlite3.Error as e:
|
||||
log.e(f"Error cleaning up abandoned sessions: {e}")
|
||||
return 0
|
||||
|
||||
def update_received_chunks(upload_id, received_chunks):
|
||||
"""Update the entire received_chunks list (used for verification corrections)
|
||||
|
||||
Args:
|
||||
upload_id: 16-character upload ID
|
||||
received_chunks: List of chunk indices
|
||||
|
||||
Returns:
|
||||
bool: True if successful, False otherwise
|
||||
"""
|
||||
try:
|
||||
with get_db() as conn:
|
||||
cursor = conn.cursor()
|
||||
cursor.execute("""
|
||||
UPDATE chunk_sessions
|
||||
SET received_chunks = ?
|
||||
WHERE upload_id = ?
|
||||
""", (json.dumps(received_chunks), upload_id))
|
||||
|
||||
if cursor.rowcount > 0:
|
||||
log.i(f"Updated received_chunks for session {upload_id}")
|
||||
return True
|
||||
return False
|
||||
except sqlite3.Error as e:
|
||||
log.e(f"Error updating received_chunks for {upload_id}: {e}")
|
||||
return False
|
||||
226
src/models/database.py
Normal file
226
src/models/database.py
Normal file
@@ -0,0 +1,226 @@
|
||||
import sqlite3
|
||||
import json
|
||||
import os
|
||||
from contextlib import contextmanager
|
||||
import utils.mLogger as log
|
||||
|
||||
# Database file location (relative to server directory)
|
||||
DB_DIR = 'db'
|
||||
DB_PATH = os.path.join(DB_DIR, 'file_server.db')
|
||||
|
||||
# Ensure database directory exists
|
||||
if not os.path.exists(DB_DIR):
|
||||
os.makedirs(DB_DIR)
|
||||
|
||||
def get_db_connection():
|
||||
"""Get a thread-safe database connection with row factory"""
|
||||
conn = sqlite3.connect(DB_PATH, check_same_thread=False)
|
||||
conn.row_factory = sqlite3.Row # Access columns by name
|
||||
|
||||
# Enable WAL mode for better concurrency
|
||||
conn.execute("PRAGMA journal_mode=WAL")
|
||||
|
||||
# Set busy timeout to 5 seconds to handle concurrent access
|
||||
conn.execute("PRAGMA busy_timeout=5000")
|
||||
|
||||
return conn
|
||||
|
||||
@contextmanager
|
||||
def get_db():
|
||||
"""Context manager for database connections"""
|
||||
conn = get_db_connection()
|
||||
try:
|
||||
yield conn
|
||||
conn.commit()
|
||||
except Exception as e:
|
||||
conn.rollback()
|
||||
log.e(f"Database error: {e}")
|
||||
raise
|
||||
finally:
|
||||
conn.close()
|
||||
|
||||
def init_db():
|
||||
"""Initialize database with schema"""
|
||||
log.i("Initializing database...")
|
||||
|
||||
with get_db() as conn:
|
||||
# Admin table
|
||||
conn.execute("""
|
||||
CREATE TABLE IF NOT EXISTS admin (
|
||||
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
username TEXT NOT NULL UNIQUE,
|
||||
password_hash TEXT NOT NULL,
|
||||
totp_secret TEXT NOT NULL,
|
||||
created_at TEXT NOT NULL,
|
||||
last_login TEXT
|
||||
)
|
||||
""")
|
||||
|
||||
conn.execute("""
|
||||
CREATE INDEX IF NOT EXISTS idx_admin_username ON admin(username)
|
||||
""")
|
||||
|
||||
# Files table
|
||||
conn.execute("""
|
||||
CREATE TABLE IF NOT EXISTS files (
|
||||
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
code TEXT NOT NULL UNIQUE,
|
||||
filename TEXT NOT NULL,
|
||||
path TEXT NOT NULL,
|
||||
max_downloads INTEGER NOT NULL DEFAULT 1,
|
||||
downloads INTEGER NOT NULL DEFAULT 0,
|
||||
expiry_time TEXT NOT NULL,
|
||||
created_at TEXT NOT NULL DEFAULT (datetime('now')),
|
||||
CONSTRAINT code_length CHECK(length(code) = 6),
|
||||
CONSTRAINT max_downloads_positive CHECK(max_downloads > 0),
|
||||
CONSTRAINT downloads_non_negative CHECK(downloads >= 0)
|
||||
)
|
||||
""")
|
||||
|
||||
conn.execute("""
|
||||
CREATE INDEX IF NOT EXISTS idx_files_code ON files(code)
|
||||
""")
|
||||
|
||||
conn.execute("""
|
||||
CREATE INDEX IF NOT EXISTS idx_files_expiry ON files(expiry_time)
|
||||
""")
|
||||
|
||||
# Chunk sessions table
|
||||
conn.execute("""
|
||||
CREATE TABLE IF NOT EXISTS chunk_sessions (
|
||||
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
upload_id TEXT NOT NULL UNIQUE,
|
||||
filename TEXT NOT NULL,
|
||||
total_chunks INTEGER NOT NULL,
|
||||
received_chunks TEXT NOT NULL DEFAULT '[]',
|
||||
created_at TEXT NOT NULL,
|
||||
chunk_dir TEXT NOT NULL,
|
||||
max_downloads INTEGER NOT NULL DEFAULT 1,
|
||||
expiry_hours INTEGER NOT NULL DEFAULT 24,
|
||||
CONSTRAINT upload_id_length CHECK(length(upload_id) = 16),
|
||||
CONSTRAINT total_chunks_positive CHECK(total_chunks > 0)
|
||||
)
|
||||
""")
|
||||
|
||||
conn.execute("""
|
||||
CREATE INDEX IF NOT EXISTS idx_chunk_sessions_upload_id ON chunk_sessions(upload_id)
|
||||
""")
|
||||
|
||||
conn.execute("""
|
||||
CREATE INDEX IF NOT EXISTS idx_chunk_sessions_created_at ON chunk_sessions(created_at)
|
||||
""")
|
||||
|
||||
log.i("Database initialized successfully")
|
||||
|
||||
def migrate_from_json():
|
||||
"""One-time migration from JSON files to SQLite"""
|
||||
|
||||
# Check if we need to migrate
|
||||
admin_json = 'admin_data.json'
|
||||
file_json = 'file_metadata.json'
|
||||
chunk_json = 'chunk_metadata.json'
|
||||
|
||||
# Only migrate if at least one JSON file exists
|
||||
if not any(os.path.exists(f) for f in [admin_json, file_json, chunk_json]):
|
||||
log.i("No JSON files found, skipping migration")
|
||||
return
|
||||
|
||||
log.i("Starting migration from JSON to SQLite...")
|
||||
migrated = False
|
||||
|
||||
with get_db() as conn:
|
||||
# Migrate admin_data.json
|
||||
if os.path.exists(admin_json):
|
||||
try:
|
||||
with open(admin_json, 'r') as f:
|
||||
admin = json.load(f)
|
||||
|
||||
# Check if admin already exists in database
|
||||
existing = conn.execute("SELECT COUNT(*) FROM admin").fetchone()[0]
|
||||
|
||||
if existing == 0:
|
||||
conn.execute("""
|
||||
INSERT INTO admin (username, password_hash, totp_secret, created_at)
|
||||
VALUES (?, ?, ?, ?)
|
||||
""", (admin['username'], admin['password_hash'],
|
||||
admin['totp_secret'], admin['created_at']))
|
||||
log.i(f"Migrated admin user: {admin['username']}")
|
||||
migrated = True
|
||||
else:
|
||||
log.i("Admin already exists in database, skipping admin migration")
|
||||
except Exception as e:
|
||||
log.e(f"Error migrating admin_data.json: {e}")
|
||||
|
||||
# Migrate file_metadata.json
|
||||
if os.path.exists(file_json):
|
||||
try:
|
||||
with open(file_json, 'r') as f:
|
||||
files = json.load(f)
|
||||
|
||||
file_count = 0
|
||||
for code, file_info in files.items():
|
||||
# Check if file already exists
|
||||
existing = conn.execute("SELECT COUNT(*) FROM files WHERE code = ?", (code,)).fetchone()[0]
|
||||
|
||||
if existing == 0:
|
||||
conn.execute("""
|
||||
INSERT INTO files (code, filename, path, max_downloads, downloads, expiry_time)
|
||||
VALUES (?, ?, ?, ?, ?, ?)
|
||||
""", (code, file_info['filename'], file_info['path'],
|
||||
file_info['max_downloads'], file_info['downloads'],
|
||||
file_info['expiry_time']))
|
||||
file_count += 1
|
||||
|
||||
if file_count > 0:
|
||||
log.i(f"Migrated {file_count} file(s)")
|
||||
migrated = True
|
||||
else:
|
||||
log.i("No new files to migrate")
|
||||
except Exception as e:
|
||||
log.e(f"Error migrating file_metadata.json: {e}")
|
||||
|
||||
# Migrate chunk_metadata.json
|
||||
if os.path.exists(chunk_json):
|
||||
try:
|
||||
with open(chunk_json, 'r') as f:
|
||||
chunks = json.load(f)
|
||||
|
||||
chunk_count = 0
|
||||
for upload_id, session in chunks.items():
|
||||
# Check if session already exists
|
||||
existing = conn.execute("SELECT COUNT(*) FROM chunk_sessions WHERE upload_id = ?", (upload_id,)).fetchone()[0]
|
||||
|
||||
if existing == 0:
|
||||
conn.execute("""
|
||||
INSERT INTO chunk_sessions
|
||||
(upload_id, filename, total_chunks, received_chunks, created_at,
|
||||
chunk_dir, max_downloads, expiry_hours)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?, ?)
|
||||
""", (upload_id, session['filename'], session['total_chunks'],
|
||||
json.dumps(session['received_chunks']), session['created_at'],
|
||||
session['chunk_dir'], session['max_downloads'],
|
||||
session['expiry_hours']))
|
||||
chunk_count += 1
|
||||
|
||||
if chunk_count > 0:
|
||||
log.i(f"Migrated {chunk_count} chunk session(s)")
|
||||
migrated = True
|
||||
else:
|
||||
log.i("No new chunk sessions to migrate")
|
||||
except Exception as e:
|
||||
log.e(f"Error migrating chunk_metadata.json: {e}")
|
||||
|
||||
# Backup JSON files after successful migration
|
||||
if migrated:
|
||||
for filename in [admin_json, file_json, chunk_json]:
|
||||
if os.path.exists(filename):
|
||||
backup_name = f'{filename}.backup'
|
||||
try:
|
||||
os.rename(filename, backup_name)
|
||||
log.i(f"Backed up {filename} to {backup_name}")
|
||||
except Exception as e:
|
||||
log.w(f"Could not backup {filename}: {e}")
|
||||
|
||||
log.i("Migration completed successfully")
|
||||
else:
|
||||
log.i("No migration performed")
|
||||
199
src/models/file_model.py
Normal file
199
src/models/file_model.py
Normal file
@@ -0,0 +1,199 @@
|
||||
import sqlite3
|
||||
import os
|
||||
from datetime import datetime, timedelta
|
||||
from models.database import get_db
|
||||
import utils.mLogger as log
|
||||
|
||||
def create_file(code, filename, path, max_downloads, expiry_hours):
|
||||
"""Create a new file metadata record
|
||||
|
||||
Args:
|
||||
code: 6-character unique code
|
||||
filename: Original filename
|
||||
path: Absolute path to file
|
||||
max_downloads: Maximum number of downloads allowed
|
||||
expiry_hours: Hours until file expires
|
||||
|
||||
Returns:
|
||||
bool: True if successful, False otherwise
|
||||
"""
|
||||
try:
|
||||
with get_db() as conn:
|
||||
expiry_time = datetime.now() + timedelta(hours=expiry_hours)
|
||||
|
||||
conn.execute("""
|
||||
INSERT INTO files (code, filename, path, max_downloads, downloads, expiry_time)
|
||||
VALUES (?, ?, ?, ?, 0, ?)
|
||||
""", (code, filename, path, max_downloads, expiry_time.isoformat()))
|
||||
|
||||
log.i(f"Created file record: {code} - {filename}")
|
||||
return True
|
||||
except sqlite3.Error as e:
|
||||
log.e(f"Error creating file record: {e}")
|
||||
return False
|
||||
|
||||
def get_file(code):
|
||||
"""Get file metadata by code
|
||||
|
||||
Args:
|
||||
code: 6-character file code
|
||||
|
||||
Returns:
|
||||
dict: File metadata with keys: code, filename, path, max_downloads, downloads, expiry_time
|
||||
None: If file not found
|
||||
"""
|
||||
try:
|
||||
with get_db() as conn:
|
||||
cursor = conn.cursor()
|
||||
row = cursor.execute("""
|
||||
SELECT code, filename, path, max_downloads, downloads, expiry_time
|
||||
FROM files
|
||||
WHERE code = ?
|
||||
""", (code,)).fetchone()
|
||||
|
||||
if row:
|
||||
return dict(row)
|
||||
return None
|
||||
except sqlite3.Error as e:
|
||||
log.e(f"Error getting file {code}: {e}")
|
||||
return None
|
||||
|
||||
def increment_download(code):
|
||||
"""Atomically increment download counter for a file
|
||||
|
||||
Args:
|
||||
code: 6-character file code
|
||||
|
||||
Returns:
|
||||
int: New download count, or None if file not found
|
||||
"""
|
||||
try:
|
||||
with get_db() as conn:
|
||||
cursor = conn.cursor()
|
||||
cursor.execute("""
|
||||
UPDATE files
|
||||
SET downloads = downloads + 1
|
||||
WHERE code = ?
|
||||
""", (code,))
|
||||
|
||||
if cursor.rowcount > 0:
|
||||
# Get the new download count
|
||||
row = cursor.execute("""
|
||||
SELECT downloads FROM files WHERE code = ?
|
||||
""", (code,)).fetchone()
|
||||
|
||||
if row:
|
||||
new_count = row['downloads']
|
||||
log.i(f"Incremented download counter for {code}: {new_count}")
|
||||
return new_count
|
||||
|
||||
return None
|
||||
except sqlite3.Error as e:
|
||||
log.e(f"Error incrementing download for {code}: {e}")
|
||||
return None
|
||||
|
||||
def delete_file(code):
|
||||
"""Delete file metadata record
|
||||
|
||||
Args:
|
||||
code: 6-character file code
|
||||
|
||||
Returns:
|
||||
bool: True if deleted, False if not found or error
|
||||
"""
|
||||
try:
|
||||
with get_db() as conn:
|
||||
cursor = conn.cursor()
|
||||
cursor.execute("DELETE FROM files WHERE code = ?", (code,))
|
||||
|
||||
if cursor.rowcount > 0:
|
||||
log.i(f"Deleted file record: {code}")
|
||||
return True
|
||||
return False
|
||||
except sqlite3.Error as e:
|
||||
log.e(f"Error deleting file {code}: {e}")
|
||||
return False
|
||||
|
||||
def get_expired_files():
|
||||
"""Get list of expired files or files that exceeded download limit
|
||||
|
||||
Returns:
|
||||
list: List of dicts with file metadata
|
||||
"""
|
||||
try:
|
||||
with get_db() as conn:
|
||||
cursor = conn.cursor()
|
||||
now = datetime.now().isoformat()
|
||||
|
||||
rows = cursor.execute("""
|
||||
SELECT code, filename, path, max_downloads, downloads, expiry_time
|
||||
FROM files
|
||||
WHERE expiry_time < ? OR downloads >= max_downloads
|
||||
""", (now,)).fetchall()
|
||||
|
||||
return [dict(row) for row in rows]
|
||||
except sqlite3.Error as e:
|
||||
log.e(f"Error getting expired files: {e}")
|
||||
return []
|
||||
|
||||
def cleanup_expired():
|
||||
"""Delete expired file records and files that reached download limit
|
||||
|
||||
Returns:
|
||||
int: Number of files cleaned up
|
||||
"""
|
||||
try:
|
||||
# Get expired files first so we can delete physical files
|
||||
expired_files = get_expired_files()
|
||||
|
||||
if not expired_files:
|
||||
return 0
|
||||
|
||||
with get_db() as conn:
|
||||
cursor = conn.cursor()
|
||||
now = datetime.now().isoformat()
|
||||
|
||||
# Delete from database
|
||||
cursor.execute("""
|
||||
DELETE FROM files
|
||||
WHERE expiry_time < ? OR downloads >= max_downloads
|
||||
""", (now,))
|
||||
|
||||
count = cursor.rowcount
|
||||
|
||||
# Delete physical files
|
||||
for file_info in expired_files:
|
||||
if os.path.exists(file_info['path']):
|
||||
try:
|
||||
os.remove(file_info['path'])
|
||||
log.i(f"Deleted expired file: {file_info['path']}")
|
||||
except Exception as e:
|
||||
log.w(f"Could not delete file {file_info['path']}: {e}")
|
||||
|
||||
if count > 0:
|
||||
log.i(f"Cleaned up {count} expired file(s)")
|
||||
|
||||
return count
|
||||
except sqlite3.Error as e:
|
||||
log.e(f"Error cleaning up expired files: {e}")
|
||||
return 0
|
||||
|
||||
def get_all_files():
|
||||
"""Get all file metadata records
|
||||
|
||||
Returns:
|
||||
list: List of dicts with file metadata
|
||||
"""
|
||||
try:
|
||||
with get_db() as conn:
|
||||
cursor = conn.cursor()
|
||||
rows = cursor.execute("""
|
||||
SELECT code, filename, path, max_downloads, downloads, expiry_time, created_at
|
||||
FROM files
|
||||
ORDER BY created_at DESC
|
||||
""").fetchall()
|
||||
|
||||
return [dict(row) for row in rows]
|
||||
except sqlite3.Error as e:
|
||||
log.e(f"Error getting all files: {e}")
|
||||
return []
|
||||
312
src/templates/admin_dashboard.html
Normal file
312
src/templates/admin_dashboard.html
Normal file
@@ -0,0 +1,312 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Admin Dashboard - Simple File Server</title>
|
||||
<link rel="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons">
|
||||
<style>
|
||||
* {
|
||||
box-sizing: border-box;
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
}
|
||||
|
||||
body {
|
||||
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
|
||||
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
display: flex;
|
||||
justify-content: center;
|
||||
align-items: center;
|
||||
min-height: 100vh;
|
||||
color: #2d3748;
|
||||
padding: 2rem 1rem;
|
||||
}
|
||||
|
||||
.container {
|
||||
background: rgba(255, 255, 255, 0.95);
|
||||
padding: 2.5rem;
|
||||
border-radius: 1rem;
|
||||
box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);
|
||||
width: 90%;
|
||||
max-width: 600px;
|
||||
backdrop-filter: blur(10px);
|
||||
}
|
||||
|
||||
.header {
|
||||
display: flex;
|
||||
justify-content: space-between;
|
||||
align-items: center;
|
||||
margin-bottom: 2rem;
|
||||
padding-bottom: 1.5rem;
|
||||
border-bottom: 2px solid #e2e8f0;
|
||||
}
|
||||
|
||||
.header-left {
|
||||
display: flex;
|
||||
align-items: center;
|
||||
gap: 1rem;
|
||||
}
|
||||
|
||||
.icon {
|
||||
color: #667eea;
|
||||
font-size: 2.5rem;
|
||||
}
|
||||
|
||||
.header-text h1 {
|
||||
color: #2d3748;
|
||||
font-size: 1.75rem;
|
||||
font-weight: 600;
|
||||
margin-bottom: 0.25rem;
|
||||
}
|
||||
|
||||
.header-text .username {
|
||||
color: #718096;
|
||||
font-size: 0.9rem;
|
||||
}
|
||||
|
||||
.logout-btn {
|
||||
background: transparent;
|
||||
color: #718096;
|
||||
padding: 0.5rem 1rem;
|
||||
border: 2px solid #e2e8f0;
|
||||
border-radius: 0.5rem;
|
||||
font-size: 0.9rem;
|
||||
font-weight: 500;
|
||||
cursor: pointer;
|
||||
transition: all 0.2s;
|
||||
display: flex;
|
||||
align-items: center;
|
||||
gap: 0.5rem;
|
||||
}
|
||||
|
||||
.logout-btn:hover {
|
||||
border-color: #e53e3e;
|
||||
color: #e53e3e;
|
||||
background: #fff5f5;
|
||||
}
|
||||
|
||||
.card {
|
||||
background: #f7fafc;
|
||||
padding: 1.5rem;
|
||||
border-radius: 0.75rem;
|
||||
margin-bottom: 1.5rem;
|
||||
border-left: 4px solid #667eea;
|
||||
}
|
||||
|
||||
.card-title {
|
||||
display: flex;
|
||||
align-items: center;
|
||||
gap: 0.5rem;
|
||||
font-weight: 600;
|
||||
color: #2d3748;
|
||||
margin-bottom: 1rem;
|
||||
font-size: 1.1rem;
|
||||
}
|
||||
|
||||
.card-title .material-icons {
|
||||
color: #667eea;
|
||||
font-size: 1.5rem;
|
||||
}
|
||||
|
||||
.key-container {
|
||||
background: white;
|
||||
padding: 1rem;
|
||||
border-radius: 0.5rem;
|
||||
border: 2px solid #e2e8f0;
|
||||
position: relative;
|
||||
}
|
||||
|
||||
.key-display {
|
||||
font-family: 'Courier New', monospace;
|
||||
font-size: 0.95rem;
|
||||
word-break: break-all;
|
||||
color: #2d3748;
|
||||
padding-right: 3rem;
|
||||
line-height: 1.6;
|
||||
}
|
||||
|
||||
.copy-btn {
|
||||
position: absolute;
|
||||
top: 0.75rem;
|
||||
right: 0.75rem;
|
||||
background: #667eea;
|
||||
color: white;
|
||||
border: none;
|
||||
border-radius: 0.375rem;
|
||||
padding: 0.5rem;
|
||||
cursor: pointer;
|
||||
transition: all 0.2s;
|
||||
display: flex;
|
||||
align-items: center;
|
||||
justify-content: center;
|
||||
}
|
||||
|
||||
.copy-btn:hover {
|
||||
background: #5a67d8;
|
||||
transform: scale(1.05);
|
||||
}
|
||||
|
||||
.copy-btn:active {
|
||||
transform: scale(0.95);
|
||||
}
|
||||
|
||||
.copy-btn .material-icons {
|
||||
font-size: 1.25rem;
|
||||
}
|
||||
|
||||
.info-box {
|
||||
background: #ebf8ff;
|
||||
color: #2c5282;
|
||||
padding: 1rem;
|
||||
border-radius: 0.5rem;
|
||||
border-left: 4px solid #4299e1;
|
||||
font-size: 0.85rem;
|
||||
line-height: 1.6;
|
||||
display: flex;
|
||||
gap: 0.75rem;
|
||||
}
|
||||
|
||||
.info-box .material-icons {
|
||||
color: #4299e1;
|
||||
font-size: 1.5rem;
|
||||
flex-shrink: 0;
|
||||
}
|
||||
|
||||
.success-message {
|
||||
background: #f0fff4;
|
||||
color: #2f855a;
|
||||
padding: 0.75rem 1rem;
|
||||
border-radius: 0.5rem;
|
||||
margin-bottom: 1rem;
|
||||
display: none;
|
||||
align-items: center;
|
||||
gap: 0.5rem;
|
||||
animation: slideIn 0.3s ease;
|
||||
}
|
||||
|
||||
.success-message .material-icons {
|
||||
color: #48bb78;
|
||||
}
|
||||
|
||||
@keyframes slideIn {
|
||||
from {
|
||||
opacity: 0;
|
||||
transform: translateY(-10px);
|
||||
}
|
||||
to {
|
||||
opacity: 1;
|
||||
transform: translateY(0);
|
||||
}
|
||||
}
|
||||
|
||||
.actions {
|
||||
display: flex;
|
||||
gap: 1rem;
|
||||
margin-top: 1.5rem;
|
||||
}
|
||||
|
||||
.btn {
|
||||
flex: 1;
|
||||
padding: 0.75rem;
|
||||
border: none;
|
||||
border-radius: 0.5rem;
|
||||
font-size: 0.9rem;
|
||||
font-weight: 500;
|
||||
cursor: pointer;
|
||||
transition: all 0.2s;
|
||||
display: flex;
|
||||
align-items: center;
|
||||
justify-content: center;
|
||||
gap: 0.5rem;
|
||||
text-decoration: none;
|
||||
}
|
||||
|
||||
.btn-primary {
|
||||
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
|
||||
color: white;
|
||||
}
|
||||
|
||||
.btn-primary:hover {
|
||||
transform: translateY(-2px);
|
||||
box-shadow: 0 10px 20px rgba(102, 126, 234, 0.3);
|
||||
}
|
||||
|
||||
.btn-secondary {
|
||||
background: white;
|
||||
color: #667eea;
|
||||
border: 2px solid #667eea;
|
||||
}
|
||||
|
||||
.btn-secondary:hover {
|
||||
background: #f7fafc;
|
||||
}
|
||||
</style>
|
||||
<script>
|
||||
function copyToClipboard() {
|
||||
const keyText = document.querySelector('.key-display').textContent;
|
||||
navigator.clipboard.writeText(keyText).then(() => {
|
||||
const successMsg = document.querySelector('.success-message');
|
||||
successMsg.style.display = 'flex';
|
||||
setTimeout(() => {
|
||||
successMsg.style.display = 'none';
|
||||
}, 3000);
|
||||
});
|
||||
}
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
<div class="container">
|
||||
<div class="header">
|
||||
<div class="header-left">
|
||||
<span class="material-icons icon">dashboard</span>
|
||||
<div class="header-text">
|
||||
<h1>Admin Dashboard</h1>
|
||||
<div class="username">Logged in as {{ username }}</div>
|
||||
</div>
|
||||
</div>
|
||||
<a href="/admin/logout" class="logout-btn">
|
||||
<span class="material-icons" style="font-size: 1.25rem;">logout</span>
|
||||
Logout
|
||||
</a>
|
||||
</div>
|
||||
|
||||
<div class="success-message">
|
||||
<span class="material-icons">check_circle</span>
|
||||
Client key copied to clipboard!
|
||||
</div>
|
||||
|
||||
<div class="card">
|
||||
<div class="card-title">
|
||||
<span class="material-icons">vpn_key</span>
|
||||
Client Key
|
||||
</div>
|
||||
<div class="key-container">
|
||||
<div class="key-display">{{ client_key }}</div>
|
||||
<button class="copy-btn" onclick="copyToClipboard()" title="Copy to clipboard">
|
||||
<span class="material-icons">content_copy</span>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="info-box">
|
||||
<span class="material-icons">info</span>
|
||||
<div>
|
||||
<strong>What is the Client Key?</strong><br>
|
||||
This key is used by clients to authenticate API requests to the file server.
|
||||
It should be included in the <code>X-Client-Key</code> header for all upload operations.
|
||||
Keep this key secure and don't share it publicly.
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="actions">
|
||||
<a href="/" class="btn btn-secondary">
|
||||
<span class="material-icons">home</span>
|
||||
Home
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
242
src/templates/admin_login.html
Normal file
242
src/templates/admin_login.html
Normal file
@@ -0,0 +1,242 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Admin Login - Simple File Server</title>
|
||||
<link rel="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons">
|
||||
<style>
|
||||
* {
|
||||
box-sizing: border-box;
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
}
|
||||
|
||||
body {
|
||||
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
|
||||
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
display: flex;
|
||||
justify-content: center;
|
||||
align-items: center;
|
||||
min-height: 100vh;
|
||||
color: #2d3748;
|
||||
}
|
||||
|
||||
.container {
|
||||
background: rgba(255, 255, 255, 0.95);
|
||||
padding: 2.5rem;
|
||||
border-radius: 1rem;
|
||||
box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);
|
||||
width: 90%;
|
||||
max-width: 450px;
|
||||
backdrop-filter: blur(10px);
|
||||
}
|
||||
|
||||
.header {
|
||||
text-align: center;
|
||||
margin-bottom: 2rem;
|
||||
}
|
||||
|
||||
.icon {
|
||||
color: #667eea;
|
||||
font-size: 3rem;
|
||||
margin-bottom: 1rem;
|
||||
}
|
||||
|
||||
h1 {
|
||||
color: #2d3748;
|
||||
font-size: 1.75rem;
|
||||
margin-bottom: 0.5rem;
|
||||
font-weight: 600;
|
||||
}
|
||||
|
||||
.subtitle {
|
||||
color: #718096;
|
||||
font-size: 0.9rem;
|
||||
}
|
||||
|
||||
.form-group {
|
||||
margin-bottom: 1.5rem;
|
||||
}
|
||||
|
||||
label {
|
||||
display: flex;
|
||||
align-items: center;
|
||||
gap: 0.5rem;
|
||||
font-size: 0.9rem;
|
||||
font-weight: 500;
|
||||
color: #4a5568;
|
||||
margin-bottom: 0.5rem;
|
||||
}
|
||||
|
||||
label .material-icons {
|
||||
font-size: 1.2rem;
|
||||
color: #667eea;
|
||||
}
|
||||
|
||||
input {
|
||||
width: 100%;
|
||||
padding: 0.75rem;
|
||||
border: 2px solid #e2e8f0;
|
||||
border-radius: 0.5rem;
|
||||
font-size: 1rem;
|
||||
transition: all 0.2s;
|
||||
background: white;
|
||||
}
|
||||
|
||||
input:focus {
|
||||
outline: none;
|
||||
border-color: #667eea;
|
||||
box-shadow: 0 0 0 3px rgba(102, 126, 234, 0.1);
|
||||
}
|
||||
|
||||
.totp-input {
|
||||
text-align: center;
|
||||
font-size: 1.5rem;
|
||||
letter-spacing: 0.5rem;
|
||||
font-family: 'Courier New', monospace;
|
||||
}
|
||||
|
||||
button {
|
||||
width: 100%;
|
||||
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
|
||||
color: white;
|
||||
padding: 0.875rem;
|
||||
border: none;
|
||||
border-radius: 0.5rem;
|
||||
font-size: 1rem;
|
||||
font-weight: 600;
|
||||
cursor: pointer;
|
||||
transition: all 0.2s;
|
||||
display: flex;
|
||||
align-items: center;
|
||||
justify-content: center;
|
||||
gap: 0.5rem;
|
||||
}
|
||||
|
||||
button:hover {
|
||||
transform: translateY(-2px);
|
||||
box-shadow: 0 10px 20px rgba(102, 126, 234, 0.3);
|
||||
}
|
||||
|
||||
button:active {
|
||||
transform: translateY(0);
|
||||
}
|
||||
|
||||
.error {
|
||||
background-color: #fff5f5;
|
||||
color: #c53030;
|
||||
padding: 0.75rem;
|
||||
border-radius: 0.5rem;
|
||||
margin-bottom: 1rem;
|
||||
border: 1px solid #feb2b2;
|
||||
font-size: 0.9rem;
|
||||
display: flex;
|
||||
align-items: center;
|
||||
gap: 0.5rem;
|
||||
}
|
||||
|
||||
.error .material-icons {
|
||||
color: #c53030;
|
||||
}
|
||||
|
||||
.totp-hint {
|
||||
font-size: 0.8rem;
|
||||
color: #718096;
|
||||
margin-top: 0.25rem;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
.back-link {
|
||||
text-align: center;
|
||||
margin-top: 1rem;
|
||||
}
|
||||
|
||||
.back-link a {
|
||||
color: #667eea;
|
||||
text-decoration: none;
|
||||
font-size: 0.9rem;
|
||||
display: inline-flex;
|
||||
align-items: center;
|
||||
gap: 0.25rem;
|
||||
}
|
||||
|
||||
.back-link a:hover {
|
||||
text-decoration: underline;
|
||||
}
|
||||
</style>
|
||||
<script>
|
||||
document.addEventListener('DOMContentLoaded', () => {
|
||||
const totpInput = document.querySelector('.totp-input');
|
||||
|
||||
// Auto-submit on 6 digits
|
||||
totpInput.addEventListener('input', (e) => {
|
||||
e.target.value = e.target.value.replace(/\D/g, '');
|
||||
if (e.target.value.length === 6) {
|
||||
// Optional: auto-submit
|
||||
// document.querySelector('form').submit();
|
||||
}
|
||||
});
|
||||
});
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
<div class="container">
|
||||
<div class="header">
|
||||
<span class="material-icons icon">security</span>
|
||||
<h1>Admin Login</h1>
|
||||
<p class="subtitle">Enter your credentials</p>
|
||||
</div>
|
||||
|
||||
{% if error %}
|
||||
<div class="error">
|
||||
<span class="material-icons">error</span>
|
||||
<span>{{ error }}</span>
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
<form method="POST">
|
||||
<div class="form-group">
|
||||
<label>
|
||||
<span class="material-icons">person</span>
|
||||
Username
|
||||
</label>
|
||||
<input type="text" name="username" required autocomplete="username" autofocus>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<label>
|
||||
<span class="material-icons">lock</span>
|
||||
Password
|
||||
</label>
|
||||
<input type="password" name="password" required autocomplete="current-password">
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<label>
|
||||
<span class="material-icons">pin</span>
|
||||
Two-Factor Code
|
||||
</label>
|
||||
<input type="text" name="totp_code" class="totp-input" required
|
||||
maxlength="6" pattern="[0-9]{6}" inputmode="numeric"
|
||||
autocomplete="one-time-code" placeholder="000000">
|
||||
<div class="totp-hint">Enter the 6-digit code from your authenticator app</div>
|
||||
</div>
|
||||
|
||||
<button type="submit">
|
||||
<span class="material-icons">login</span>
|
||||
Login
|
||||
</button>
|
||||
</form>
|
||||
|
||||
<div class="back-link">
|
||||
<a href="/">
|
||||
<span class="material-icons" style="font-size: 1rem;">home</span>
|
||||
Back to Home
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
198
src/templates/admin_setup.html
Normal file
198
src/templates/admin_setup.html
Normal file
@@ -0,0 +1,198 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Admin Setup - Simple File Server</title>
|
||||
<link rel="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons">
|
||||
<style>
|
||||
* {
|
||||
box-sizing: border-box;
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
}
|
||||
|
||||
body {
|
||||
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
|
||||
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
display: flex;
|
||||
justify-content: center;
|
||||
align-items: center;
|
||||
min-height: 100vh;
|
||||
color: #2d3748;
|
||||
}
|
||||
|
||||
.container {
|
||||
background: rgba(255, 255, 255, 0.95);
|
||||
padding: 2.5rem;
|
||||
border-radius: 1rem;
|
||||
box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);
|
||||
width: 90%;
|
||||
max-width: 450px;
|
||||
backdrop-filter: blur(10px);
|
||||
}
|
||||
|
||||
.header {
|
||||
text-align: center;
|
||||
margin-bottom: 2rem;
|
||||
}
|
||||
|
||||
.icon {
|
||||
color: #667eea;
|
||||
font-size: 3rem;
|
||||
margin-bottom: 1rem;
|
||||
}
|
||||
|
||||
h1 {
|
||||
color: #2d3748;
|
||||
font-size: 1.75rem;
|
||||
margin-bottom: 0.5rem;
|
||||
font-weight: 600;
|
||||
}
|
||||
|
||||
.subtitle {
|
||||
color: #718096;
|
||||
font-size: 0.9rem;
|
||||
}
|
||||
|
||||
.form-group {
|
||||
margin-bottom: 1.5rem;
|
||||
}
|
||||
|
||||
label {
|
||||
display: flex;
|
||||
align-items: center;
|
||||
gap: 0.5rem;
|
||||
font-size: 0.9rem;
|
||||
font-weight: 500;
|
||||
color: #4a5568;
|
||||
margin-bottom: 0.5rem;
|
||||
}
|
||||
|
||||
label .material-icons {
|
||||
font-size: 1.2rem;
|
||||
color: #667eea;
|
||||
}
|
||||
|
||||
input {
|
||||
width: 100%;
|
||||
padding: 0.75rem;
|
||||
border: 2px solid #e2e8f0;
|
||||
border-radius: 0.5rem;
|
||||
font-size: 1rem;
|
||||
transition: all 0.2s;
|
||||
background: white;
|
||||
}
|
||||
|
||||
input:focus {
|
||||
outline: none;
|
||||
border-color: #667eea;
|
||||
box-shadow: 0 0 0 3px rgba(102, 126, 234, 0.1);
|
||||
}
|
||||
|
||||
button {
|
||||
width: 100%;
|
||||
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
|
||||
color: white;
|
||||
padding: 0.875rem;
|
||||
border: none;
|
||||
border-radius: 0.5rem;
|
||||
font-size: 1rem;
|
||||
font-weight: 600;
|
||||
cursor: pointer;
|
||||
transition: all 0.2s;
|
||||
display: flex;
|
||||
align-items: center;
|
||||
justify-content: center;
|
||||
gap: 0.5rem;
|
||||
}
|
||||
|
||||
button:hover {
|
||||
transform: translateY(-2px);
|
||||
box-shadow: 0 10px 20px rgba(102, 126, 234, 0.3);
|
||||
}
|
||||
|
||||
button:active {
|
||||
transform: translateY(0);
|
||||
}
|
||||
|
||||
.error {
|
||||
background-color: #fff5f5;
|
||||
color: #c53030;
|
||||
padding: 0.75rem;
|
||||
border-radius: 0.5rem;
|
||||
margin-bottom: 1rem;
|
||||
border: 1px solid #feb2b2;
|
||||
font-size: 0.9rem;
|
||||
}
|
||||
|
||||
.info-box {
|
||||
background-color: #ebf4ff;
|
||||
color: #2c5282;
|
||||
padding: 1rem;
|
||||
border-radius: 0.5rem;
|
||||
margin-bottom: 1.5rem;
|
||||
border-left: 4px solid #4299e1;
|
||||
font-size: 0.85rem;
|
||||
line-height: 1.5;
|
||||
}
|
||||
|
||||
.password-hint {
|
||||
font-size: 0.8rem;
|
||||
color: #718096;
|
||||
margin-top: 0.25rem;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<div class="container">
|
||||
<div class="header">
|
||||
<span class="material-icons icon">admin_panel_settings</span>
|
||||
<h1>Admin Setup</h1>
|
||||
<p class="subtitle">Create your administrator account</p>
|
||||
</div>
|
||||
|
||||
<div class="info-box">
|
||||
Step 1 of 2: Create your admin credentials. You'll configure two-factor authentication on the next step.
|
||||
</div>
|
||||
|
||||
{% if error %}
|
||||
<div class="error">{{ error }}</div>
|
||||
{% endif %}
|
||||
|
||||
<form method="POST">
|
||||
<div class="form-group">
|
||||
<label>
|
||||
<span class="material-icons">person</span>
|
||||
Username
|
||||
</label>
|
||||
<input type="text" name="username" required autocomplete="username" autofocus>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<label>
|
||||
<span class="material-icons">lock</span>
|
||||
Password
|
||||
</label>
|
||||
<input type="password" name="password" required autocomplete="new-password" minlength="8">
|
||||
<div class="password-hint">Minimum 8 characters</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<label>
|
||||
<span class="material-icons">lock</span>
|
||||
Confirm Password
|
||||
</label>
|
||||
<input type="password" name="confirm_password" required autocomplete="new-password" minlength="8">
|
||||
</div>
|
||||
|
||||
<button type="submit">
|
||||
<span class="material-icons">arrow_forward</span>
|
||||
Continue to Two-Factor Setup
|
||||
</button>
|
||||
</form>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
199
src/templates/admin_setup_complete.html
Normal file
199
src/templates/admin_setup_complete.html
Normal file
@@ -0,0 +1,199 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Setup Complete - Simple File Server</title>
|
||||
<link rel="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons">
|
||||
<style>
|
||||
* {
|
||||
box-sizing: border-box;
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
}
|
||||
|
||||
body {
|
||||
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
|
||||
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
display: flex;
|
||||
justify-content: center;
|
||||
align-items: center;
|
||||
min-height: 100vh;
|
||||
color: #2d3748;
|
||||
}
|
||||
|
||||
.container {
|
||||
background: rgba(255, 255, 255, 0.95);
|
||||
padding: 2.5rem;
|
||||
border-radius: 1rem;
|
||||
box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);
|
||||
width: 90%;
|
||||
max-width: 500px;
|
||||
backdrop-filter: blur(10px);
|
||||
}
|
||||
|
||||
.header {
|
||||
text-align: center;
|
||||
margin-bottom: 2rem;
|
||||
}
|
||||
|
||||
.icon {
|
||||
color: #48bb78;
|
||||
font-size: 3.5rem;
|
||||
margin-bottom: 1rem;
|
||||
}
|
||||
|
||||
h1 {
|
||||
color: #2d3748;
|
||||
font-size: 1.75rem;
|
||||
margin-bottom: 0.5rem;
|
||||
font-weight: 600;
|
||||
}
|
||||
|
||||
.subtitle {
|
||||
color: #718096;
|
||||
font-size: 0.9rem;
|
||||
}
|
||||
|
||||
.step {
|
||||
background: #f7fafc;
|
||||
padding: 1.5rem;
|
||||
border-radius: 0.75rem;
|
||||
margin-bottom: 1.5rem;
|
||||
border-left: 4px solid #667eea;
|
||||
}
|
||||
|
||||
.step-title {
|
||||
display: flex;
|
||||
align-items: center;
|
||||
gap: 0.5rem;
|
||||
font-weight: 600;
|
||||
color: #2d3748;
|
||||
margin-bottom: 1rem;
|
||||
font-size: 1.1rem;
|
||||
}
|
||||
|
||||
.step-title .material-icons {
|
||||
color: #667eea;
|
||||
font-size: 1.5rem;
|
||||
}
|
||||
|
||||
.qr-container {
|
||||
text-align: center;
|
||||
margin: 1rem 0;
|
||||
background: white;
|
||||
padding: 1rem;
|
||||
border-radius: 0.5rem;
|
||||
}
|
||||
|
||||
.qr-code {
|
||||
max-width: 200px;
|
||||
height: auto;
|
||||
}
|
||||
|
||||
.secret-code {
|
||||
background: white;
|
||||
padding: 1rem;
|
||||
border-radius: 0.5rem;
|
||||
font-family: 'Courier New', monospace;
|
||||
font-size: 0.9rem;
|
||||
word-break: break-all;
|
||||
border: 2px dashed #cbd5e0;
|
||||
margin: 0.5rem 0;
|
||||
text-align: center;
|
||||
font-weight: bold;
|
||||
color: #2d3748;
|
||||
}
|
||||
|
||||
.warning {
|
||||
background-color: #fffaf0;
|
||||
color: #744210;
|
||||
padding: 1rem;
|
||||
border-radius: 0.5rem;
|
||||
margin-bottom: 1.5rem;
|
||||
border-left: 4px solid #ed8936;
|
||||
font-size: 0.85rem;
|
||||
display: flex;
|
||||
align-items: start;
|
||||
gap: 0.75rem;
|
||||
}
|
||||
|
||||
.warning .material-icons {
|
||||
color: #ed8936;
|
||||
font-size: 1.5rem;
|
||||
}
|
||||
|
||||
button {
|
||||
width: 100%;
|
||||
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
|
||||
color: white;
|
||||
padding: 0.875rem;
|
||||
border: none;
|
||||
border-radius: 0.5rem;
|
||||
font-size: 1rem;
|
||||
font-weight: 600;
|
||||
cursor: pointer;
|
||||
transition: all 0.2s;
|
||||
display: flex;
|
||||
align-items: center;
|
||||
justify-content: center;
|
||||
gap: 0.5rem;
|
||||
}
|
||||
|
||||
button:hover {
|
||||
transform: translateY(-2px);
|
||||
box-shadow: 0 10px 20px rgba(102, 126, 234, 0.3);
|
||||
}
|
||||
|
||||
.step-content {
|
||||
color: #4a5568;
|
||||
line-height: 1.6;
|
||||
}
|
||||
|
||||
ol {
|
||||
margin-left: 1.25rem;
|
||||
margin-top: 0.5rem;
|
||||
}
|
||||
|
||||
li {
|
||||
margin-bottom: 0.5rem;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<div class="container">
|
||||
<div class="header">
|
||||
<span class="material-icons icon">check_circle</span>
|
||||
<h1>Setup Complete!</h1>
|
||||
<p class="subtitle">Your admin account has been created</p>
|
||||
</div>
|
||||
|
||||
<div class="step">
|
||||
<div class="step-content" style="text-align: center;">
|
||||
<p style="font-size: 1.1rem; color: #2d3748; margin-bottom: 1rem;">
|
||||
Welcome, <strong>{{ username }}</strong>!
|
||||
</p>
|
||||
<p style="color: #4a5568; line-height: 1.6;">
|
||||
Your administrator account has been successfully created and your authenticator app is configured.
|
||||
You can now login to access the admin dashboard.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="warning">
|
||||
<span class="material-icons">info</span>
|
||||
<div>
|
||||
<strong>Important:</strong> Make sure you've saved your authenticator app configuration.
|
||||
You'll need it every time you log in to the admin panel.
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<button onclick="window.location.href='/admin/login'">
|
||||
<span class="material-icons">login</span>
|
||||
Continue to Login
|
||||
</button>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
342
src/templates/admin_setup_totp.html
Normal file
342
src/templates/admin_setup_totp.html
Normal file
@@ -0,0 +1,342 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Setup Two-Factor Authentication - Simple File Server</title>
|
||||
<link rel="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons">
|
||||
<style>
|
||||
* {
|
||||
box-sizing: border-box;
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
}
|
||||
|
||||
body {
|
||||
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
|
||||
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
display: flex;
|
||||
justify-content: center;
|
||||
align-items: center;
|
||||
min-height: 100vh;
|
||||
color: #2d3748;
|
||||
padding: 2rem 1rem;
|
||||
}
|
||||
|
||||
.container {
|
||||
background: rgba(255, 255, 255, 0.95);
|
||||
padding: 2.5rem;
|
||||
border-radius: 1rem;
|
||||
box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);
|
||||
width: 90%;
|
||||
max-width: 550px;
|
||||
backdrop-filter: blur(10px);
|
||||
}
|
||||
|
||||
.header {
|
||||
text-align: center;
|
||||
margin-bottom: 2rem;
|
||||
}
|
||||
|
||||
.icon {
|
||||
color: #667eea;
|
||||
font-size: 3rem;
|
||||
margin-bottom: 1rem;
|
||||
}
|
||||
|
||||
h1 {
|
||||
color: #2d3748;
|
||||
font-size: 1.75rem;
|
||||
margin-bottom: 0.5rem;
|
||||
font-weight: 600;
|
||||
}
|
||||
|
||||
.subtitle {
|
||||
color: #718096;
|
||||
font-size: 0.9rem;
|
||||
}
|
||||
|
||||
.step-indicator {
|
||||
background: #ebf4ff;
|
||||
color: #2c5282;
|
||||
padding: 0.75rem 1rem;
|
||||
border-radius: 0.5rem;
|
||||
margin-bottom: 1.5rem;
|
||||
border-left: 4px solid #4299e1;
|
||||
font-size: 0.85rem;
|
||||
font-weight: 500;
|
||||
}
|
||||
|
||||
.info-box {
|
||||
background-color: #fffaf0;
|
||||
color: #744210;
|
||||
padding: 1rem;
|
||||
border-radius: 0.5rem;
|
||||
margin-bottom: 1.5rem;
|
||||
border-left: 4px solid #ed8936;
|
||||
font-size: 0.85rem;
|
||||
line-height: 1.6;
|
||||
display: flex;
|
||||
align-items: start;
|
||||
gap: 0.75rem;
|
||||
}
|
||||
|
||||
.info-box .material-icons {
|
||||
color: #ed8936;
|
||||
font-size: 1.5rem;
|
||||
flex-shrink: 0;
|
||||
}
|
||||
|
||||
.error {
|
||||
background-color: #fff5f5;
|
||||
color: #c53030;
|
||||
padding: 0.75rem;
|
||||
border-radius: 0.5rem;
|
||||
margin-bottom: 1rem;
|
||||
border: 1px solid #feb2b2;
|
||||
font-size: 0.9rem;
|
||||
display: flex;
|
||||
align-items: center;
|
||||
gap: 0.5rem;
|
||||
}
|
||||
|
||||
.error .material-icons {
|
||||
color: #c53030;
|
||||
}
|
||||
|
||||
.totp-setup-section {
|
||||
background: #f7fafc;
|
||||
padding: 1.5rem;
|
||||
border-radius: 0.75rem;
|
||||
margin-bottom: 1.5rem;
|
||||
border: 2px solid #e2e8f0;
|
||||
}
|
||||
|
||||
.section-title {
|
||||
font-size: 1.1rem;
|
||||
margin-bottom: 1rem;
|
||||
color: #2d3748;
|
||||
display: flex;
|
||||
align-items: center;
|
||||
gap: 0.5rem;
|
||||
font-weight: 600;
|
||||
}
|
||||
|
||||
.section-title .material-icons {
|
||||
color: #667eea;
|
||||
}
|
||||
|
||||
.qr-container {
|
||||
text-align: center;
|
||||
margin: 1rem 0;
|
||||
background: white;
|
||||
padding: 1.5rem;
|
||||
border-radius: 0.5rem;
|
||||
}
|
||||
|
||||
.qr-code {
|
||||
max-width: 220px;
|
||||
height: auto;
|
||||
border: 2px solid #e2e8f0;
|
||||
border-radius: 0.5rem;
|
||||
padding: 0.5rem;
|
||||
}
|
||||
|
||||
.secret-display {
|
||||
margin-top: 1.5rem;
|
||||
padding-top: 1.5rem;
|
||||
border-top: 2px dashed #e2e8f0;
|
||||
}
|
||||
|
||||
.secret-label {
|
||||
font-size: 0.85rem;
|
||||
color: #4a5568;
|
||||
margin-bottom: 0.5rem;
|
||||
font-weight: 500;
|
||||
}
|
||||
|
||||
.secret-code {
|
||||
background: white;
|
||||
padding: 0.875rem;
|
||||
border-radius: 0.5rem;
|
||||
font-family: 'Courier New', monospace;
|
||||
font-size: 0.9rem;
|
||||
word-break: break-all;
|
||||
border: 2px dashed #cbd5e0;
|
||||
text-align: center;
|
||||
font-weight: bold;
|
||||
color: #2d3748;
|
||||
margin-bottom: 0.5rem;
|
||||
}
|
||||
|
||||
.account-info {
|
||||
font-size: 0.8rem;
|
||||
color: #718096;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
.form-group {
|
||||
margin-bottom: 1.5rem;
|
||||
}
|
||||
|
||||
label {
|
||||
display: flex;
|
||||
align-items: center;
|
||||
gap: 0.5rem;
|
||||
font-size: 0.9rem;
|
||||
font-weight: 500;
|
||||
color: #4a5568;
|
||||
margin-bottom: 0.5rem;
|
||||
}
|
||||
|
||||
label .material-icons {
|
||||
font-size: 1.2rem;
|
||||
color: #667eea;
|
||||
}
|
||||
|
||||
.totp-input {
|
||||
width: 100%;
|
||||
padding: 0.75rem;
|
||||
border: 2px solid #e2e8f0;
|
||||
border-radius: 0.5rem;
|
||||
font-size: 1.5rem;
|
||||
transition: all 0.2s;
|
||||
background: white;
|
||||
text-align: center;
|
||||
letter-spacing: 0.5rem;
|
||||
font-family: 'Courier New', monospace;
|
||||
}
|
||||
|
||||
.totp-input:focus {
|
||||
outline: none;
|
||||
border-color: #667eea;
|
||||
box-shadow: 0 0 0 3px rgba(102, 126, 234, 0.1);
|
||||
}
|
||||
|
||||
.totp-hint {
|
||||
font-size: 0.8rem;
|
||||
color: #718096;
|
||||
margin-top: 0.25rem;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
button {
|
||||
width: 100%;
|
||||
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
|
||||
color: white;
|
||||
padding: 0.875rem;
|
||||
border: none;
|
||||
border-radius: 0.5rem;
|
||||
font-size: 1rem;
|
||||
font-weight: 600;
|
||||
cursor: pointer;
|
||||
transition: all 0.2s;
|
||||
display: flex;
|
||||
align-items: center;
|
||||
justify-content: center;
|
||||
gap: 0.5rem;
|
||||
}
|
||||
|
||||
button:hover {
|
||||
transform: translateY(-2px);
|
||||
box-shadow: 0 10px 20px rgba(102, 126, 234, 0.3);
|
||||
}
|
||||
|
||||
button:active {
|
||||
transform: translateY(0);
|
||||
}
|
||||
|
||||
.steps-list {
|
||||
list-style: none;
|
||||
padding: 0;
|
||||
margin: 0;
|
||||
}
|
||||
|
||||
.steps-list li {
|
||||
padding: 0.5rem 0;
|
||||
color: #4a5568;
|
||||
font-size: 0.9rem;
|
||||
line-height: 1.5;
|
||||
}
|
||||
|
||||
.steps-list li:before {
|
||||
content: "→";
|
||||
color: #667eea;
|
||||
font-weight: bold;
|
||||
margin-right: 0.5rem;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<div class="container">
|
||||
<div class="header">
|
||||
<span class="material-icons icon">security</span>
|
||||
<h1>Two-Factor Authentication</h1>
|
||||
<p class="subtitle">Secure your admin account</p>
|
||||
</div>
|
||||
|
||||
<div class="step-indicator">
|
||||
Step 2 of 2: Configure your authenticator app
|
||||
</div>
|
||||
|
||||
<div class="info-box">
|
||||
<span class="material-icons">info</span>
|
||||
<div>
|
||||
<strong>Required:</strong> You need an authenticator app to continue.
|
||||
Download Google Authenticator, Authy, or any TOTP-compatible app before proceeding.
|
||||
</div>
|
||||
</div>
|
||||
|
||||
{% if error %}
|
||||
<div class="error">
|
||||
<span class="material-icons">error</span>
|
||||
<span>{{ error }}</span>
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
<div class="totp-setup-section">
|
||||
<div class="section-title">
|
||||
<span class="material-icons">qr_code_scanner</span>
|
||||
Scan QR Code
|
||||
</div>
|
||||
|
||||
<div class="qr-container">
|
||||
<img class="qr-code" src="data:image/png;base64,{{ qr_code }}" alt="TOTP QR Code">
|
||||
</div>
|
||||
|
||||
<div class="secret-display">
|
||||
<div class="section-title" style="font-size: 1rem; margin-bottom: 0.75rem;">
|
||||
<span class="material-icons" style="font-size: 1.25rem;">vpn_key</span>
|
||||
Or Enter Manually
|
||||
</div>
|
||||
<div class="secret-label">Secret Key:</div>
|
||||
<div class="secret-code">{{ totp_secret }}</div>
|
||||
<div class="account-info">
|
||||
Account: {{ username }}<br>
|
||||
Issuer: Simple File Server
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<form method="POST">
|
||||
<div class="form-group">
|
||||
<label>
|
||||
<span class="material-icons">verified_user</span>
|
||||
Verify Authentication Code
|
||||
</label>
|
||||
<input type="text" name="totp_code" class="totp-input" required
|
||||
maxlength="6" pattern="[0-9]{6}" inputmode="numeric"
|
||||
autocomplete="off" placeholder="000000" autofocus>
|
||||
<div class="totp-hint">Enter the 6-digit code from your authenticator app</div>
|
||||
</div>
|
||||
|
||||
<button type="submit">
|
||||
<span class="material-icons">check_circle</span>
|
||||
Complete Setup
|
||||
</button>
|
||||
</form>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
Reference in New Issue
Block a user