1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
from pygments.lexers import guess_lexer, guess_lexer_for_filename
from pygments.formatters import HtmlFormatter
from pygments import highlight
from flask import Flask, Response, request, abort, redirect
from random import SystemRandom
from functools import wraps
import string
import os.path
app = Flask(__name__)
app.config.from_pyfile(os.path.join(os.path.dirname(os.path.abspath(__file__)), 'app.cfg'))
rng = SystemRandom()
def check_auth(username, password):
# Side channel attack on string comparison!
return username == app.config['USERNAME'] and password == app.config['PASSWORD']
def requires_auth(f):
@wraps(f)
def decorated(*args, **kwargs):
auth = request.authorization
if not auth or not check_auth(auth.username, auth.password):
return Response('Wrong username/password', 401, {'WWW-Authenticate': 'Basic realm="Aleph Paste"'})
return f(*args, **kwargs)
return decorated
@app.route('/')
def landing():
return redirect('https://git.zx2c4.com/alephpaste/about/', code=302)
@app.route('/', methods=['POST'])
@requires_auth
def new_paste():
if 'paste' not in request.files:
abort(400)
while True:
paste = ''.join(rng.choice(string.ascii_letters + string.digits) for _ in range(8))
file_name = os.path.join(app.config['FILES_PATH'], paste + '.txt')
if not os.path.exists(file_name):
break
f = request.files['paste']
f.save(file_name)
f.close()
return app.config['URI_BASE'] + '/' + paste + '\n'
@app.route('/<paste>', methods=['DELETE'])
@requires_auth
def delete_paste(paste):
try:
os.unlink(os.path.join(app.config['FILES_PATH'], paste + '.txt'))
except:
abort(404)
return ''
@app.route('/<paste>')
def send_paste(paste):
return Response(mimetype='text/plain', headers={'X-Accel-Redirect': os.path.join(app.config['FILES_ACCEL'], paste + '.txt')})
@app.route('/<paste>/')
def send_highlighted_paste_guess(paste):
return send_highlighted_paste(paste, None)
@app.route('/<paste>/<ftype>')
def send_highlighted_paste(paste, ftype):
try:
f = open(os.path.join(app.config['FILES_PATH'], paste + '.txt'), 'r')
text = f.read()
f.close()
if ftype is None or len(ftype) == 0:
lexer = guess_lexer(text)
else:
lexer = guess_lexer_for_filename(paste + '.' + ftype, text)
formatter = HtmlFormatter(style='pastie', full=True, title='{0} - Aleph Paste'.format(paste), linenos='table', anchorlinenos=True, lineanchors="line")
return highlight(text, lexer, formatter)
except:
return send_paste(paste)
|