haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-09-17 15:53:28 +00:00
Code Issues Releases Wiki Activity

[share link] Enlarge token length

Browse Source
This commit is contained in:
zhengxie
2017-02-17 16:49:58 +08:00
parent 096e2e06bb
commit ca399d38f8
8 changed files with 34 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
seahub/api2/urls.py
View File

@@ -43,9 +43,9 @@ urlpatterns = patterns('',
url(r'^repos/(?P<repo_id>[-0-9a-f]{36})/download-info/$', DownloadRepo.as_view()),
url(r'^repos/(?P<repo_id>[-0-9a-f]{36})/owner/$', RepoOwner.as_view(), name="api2-repo-owner"),
url(r'^repos/(?P<repo_id>[-0-9a-f]{36})/download-shared-links/$', RepoDownloadSharedLinks.as_view(), name="api2-repo-download-shared-links"),
url(r'^repos/(?P<repo_id>[-0-9a-f]{36})/download-shared-links/(?P<token>[a-f0-9]{10})/$', RepoDownloadSharedLink.as_view(), name="api2-repo-download-shared-link"),
url(r'^repos/(?P<repo_id>[-0-9a-f]{36})/download-shared-links/(?P<token>[a-f0-9]+)/$', RepoDownloadSharedLink.as_view(), name="api2-repo-download-shared-link"),
url(r'^repos/(?P<repo_id>[-0-9a-f]{36})/upload-shared-links/$', RepoUploadSharedLinks.as_view(), name="api2-repo-upload-shared-links"),
url(r'^repos/(?P<repo_id>[-0-9a-f]{36})/upload-shared-links/(?P<token>[a-f0-9]{10})/$', RepoUploadSharedLink.as_view(), name="api2-repo-upload-shared-link"),
url(r'^repos/(?P<repo_id>[-0-9a-f]{36})/upload-shared-links/(?P<token>[a-f0-9]+)/$', RepoUploadSharedLink.as_view(), name="api2-repo-upload-shared-link"),
url(r'^repos/(?P<repo_id>[-0-9a-f]{36})/upload-link/$', UploadLinkView.as_view()),
url(r'^repos/(?P<repo_id>[-0-9a-f]{36})/update-link/$', UpdateLinkView.as_view()),
url(r'^repos/(?P<repo_id>[-0-9a-f]{36})/upload-blks-link/$', UploadBlksLinkView.as_view()),
@@ -82,9 +82,9 @@ urlpatterns = patterns('',
url(r'^organization/$', OrganizationView.as_view()),
url(r'^f/(?P<token>[a-f0-9]{10})/$', SharedFileView.as_view()),
url(r'^f/(?P<token>[a-f0-9]{10})/detail/$', SharedFileDetailView.as_view()),
url(r'^d/(?P<token>[a-f0-9]{10})/dir/$', SharedDirView.as_view()),
url(r'^f/(?P<token>[a-f0-9]+)/$', SharedFileView.as_view()),
url(r'^f/(?P<token>[a-f0-9]+)/detail/$', SharedFileDetailView.as_view()),
url(r'^d/(?P<token>[a-f0-9]+)/dir/$', SharedDirView.as_view()),
url(r'^events/$', EventsView.as_view()),
url(r'^repo_history_changes/(?P<repo_id>[-0-9a-f]{36})/$', RepoHistoryChange.as_view()),

2
seahub/base/middleware.py
View File

@@ -83,7 +83,7 @@ class ForcePasswdChangeMiddleware(object):
def _request_in_black_list(self, request):
path = request.path
black_list = (r'^%s$' % SITE_ROOT, r'home/.+', r'repo/.+',
r'[f|d]/[a-f][0-9]{10}', r'group/\d+', r'groups/',
r'[f|d]/[a-f][0-9]+', r'group/\d+', r'groups/',
r'share/', r'profile/', r'notification/list/')
for patt in black_list:

4
seahub/settings.py
View File

@@ -259,6 +259,9 @@ ENABLE_ENCRYPTED_LIBRARY = True
# mininum length for password of encrypted library
REPO_PASSWORD_MIN_LENGTH = 8
# token length for the share link
SHARE_LINK_TOKEN_LENGTH = 20
# mininum length for the password of a share link
SHARE_LINK_PASSWORD_MIN_LENGTH = 8
@@ -656,6 +659,7 @@ CONSTANCE_CONFIG = {
'USER_PASSWORD_MIN_LENGTH': (USER_PASSWORD_MIN_LENGTH,''),
'USER_PASSWORD_STRENGTH_LEVEL': (USER_PASSWORD_STRENGTH_LEVEL,''),
'SHARE_LINK_TOKEN_LENGTH': (SHARE_LINK_TOKEN_LENGTH, ''),
'SHARE_LINK_PASSWORD_MIN_LENGTH': (SHARE_LINK_PASSWORD_MIN_LENGTH,''),
'ENABLE_TWO_FACTOR_AUTH': (ENABLE_TWO_FACTOR_AUTH,''),
}

1
seahub/share/decorators.py
View File

@@ -15,7 +15,6 @@ def share_link_audit(func):
fileshare = FileShare.objects.get_valid_file_link_by_token(token) or \
FileShare.objects.get_valid_dir_link_by_token(token) or \
UploadLinkShare.objects.get_valid_upload_link_by_token(token)
if fileshare is None:
raise Http404

7
seahub/share/models.py
View File

@@ -6,6 +6,7 @@ from django.db import models
from django.utils import timezone
from django.utils.translation import ugettext_lazy as _
from django.contrib.auth.hashers import make_password, check_password
from constance import config
from seahub.base.fields import LowerCaseCharField
from seahub.utils import normalize_file_path, normalize_dir_path, gen_token,\
@@ -86,7 +87,7 @@ class FileShareManager(models.Manager):
else:
password_enc = None
token = gen_token(max_length=10)
token = gen_token(max_length=config.SHARE_LINK_TOKEN_LENGTH)
fs = super(FileShareManager, self).create(
username=username, repo_id=repo_id, path=path, token=token,
s_type=s_type, password=password_enc, expire_date=expire_date)
@@ -155,7 +156,7 @@ class FileShare(models.Model):
username = LowerCaseCharField(max_length=255, db_index=True)
repo_id = models.CharField(max_length=36, db_index=True)
path = models.TextField()
token = models.CharField(max_length=10, unique=True)
token = models.CharField(max_length=100, unique=True)
ctime = models.DateTimeField(default=datetime.datetime.now)
view_cnt = models.IntegerField(default=0)
s_type = models.CharField(max_length=2, db_index=True, default='f') # `f` or `d`
@@ -226,7 +227,7 @@ class UploadLinkShareManager(models.Manager):
def create_upload_link_share(self, username, repo_id, path,
password=None, expire_date=None):
path = normalize_dir_path(path)
token = gen_token(max_length=10)
token = gen_token(max_length=config.SHARE_LINK_TOKEN_LENGTH)
if password is not None:
password_enc = make_password(password)
else:

4
seahub/thumbnail/urls.py
View File

@@ -7,6 +7,6 @@ from views import thumbnail_create, thumbnail_get, share_link_thumbnail_get, \
urlpatterns = patterns('',
url(r'^(?P<repo_id>[-0-9a-f]{36})/create/$', thumbnail_create, name='thumbnail_create'),
url(r'^(?P<repo_id>[-0-9a-f]{36})/(?P<size>[0-9]+)/(?P<path>.*)$', thumbnail_get, name='thumbnail_get'),
url(r'^(?P<token>[a-f0-9]{10})/create/$', share_link_thumbnail_create, name='share_link_thumbnail_create'),
url(r'^(?P<token>[a-f0-9]{10})/(?P<size>[0-9]+)/(?P<path>.*)$', share_link_thumbnail_get, name='share_link_thumbnail_get'),
url(r'^(?P<token>[a-f0-9]+)/create/$', share_link_thumbnail_create, name='share_link_thumbnail_create'),
url(r'^(?P<token>[a-f0-9]+)/(?P<size>[0-9]+)/(?P<path>.*)$', share_link_thumbnail_get, name='share_link_thumbnail_get'),
)

16
seahub/urls.py
View File

@@ -118,11 +118,11 @@ urlpatterns = patterns(
url(r'^#group/(?P<group_id>\d+)/settings/$', fake_view, name='group_manage'),
### share/upload link ###
url(r'^f/(?P<token>[a-f0-9]{10})/$', view_shared_file, name='view_shared_file'),
url(r'^f/(?P<token>[a-f0-9]{10})/raw/(?P<obj_id>[0-9a-f]{40})/(?P<file_name>.*)', view_raw_shared_file, name='view_raw_shared_file'),
url(r'^d/(?P<token>[a-f0-9]{10})/$', view_shared_dir, name='view_shared_dir'),
url(r'^d/(?P<token>[a-f0-9]{10})/files/$', view_file_via_shared_dir, name='view_file_via_shared_dir'),
url(r'^u/d/(?P<token>[a-f0-9]{10})/$', view_shared_upload_link, name='view_shared_upload_link'),
url(r'^f/(?P<token>[a-f0-9]+)/$', view_shared_file, name='view_shared_file'),
url(r'^f/(?P<token>[a-f0-9]+)/raw/(?P<obj_id>[0-9a-f]{40})/(?P<file_name>.*)', view_raw_shared_file, name='view_raw_shared_file'),
url(r'^d/(?P<token>[a-f0-9]+)/$', view_shared_dir, name='view_shared_dir'),
url(r'^d/(?P<token>[a-f0-9]+)/files/$', view_file_via_shared_dir, name='view_file_via_shared_dir'),
url(r'^u/d/(?P<token>[a-f0-9]+)/$', view_shared_upload_link, name='view_shared_upload_link'),
### Misc ###
url(r'^image-view/(?P<filename>.*)$', image_view, name='image_view'),
@@ -145,7 +145,7 @@ urlpatterns = patterns(
url(r'^ajax/repo/(?P<repo_id>[-0-9a-f]{36})/current_commit/$', get_current_commit, name='get_current_commit'),
url(r'^ajax/repo/(?P<repo_id>[-0-9a-f]{36})/history/changes/$', repo_history_changes, name='repo_history_changes'),
url(r'^ajax/repo/(?P<repo_id>[-0-9a-f]{36})/encrypted_file/(?P<file_id>[0-9a-f]{40})/download/$', download_enc_file, name='download_enc_file'),
url(r'^ajax/u/d/(?P<token>[-0-9a-f]{10})/upload/$', get_file_upload_url_ul, name='get_file_upload_url_ul'),
url(r'^ajax/u/d/(?P<token>[-0-9a-f]+)/upload/$', get_file_upload_url_ul, name='get_file_upload_url_ul'),
url(r'^ajax/group/(?P<group_id>\d+)/repos/$', get_unenc_group_repos, name='get_group_repos'),
url(r'^ajax/group/(?P<group_id>\d+)/members/import/$', ajax_group_members_import, name='ajax_group_members_import'),
url(r'^ajax/unenc-rw-repos/$', unenc_rw_repos, name='unenc_rw_repos'),
@@ -173,9 +173,9 @@ urlpatterns = patterns(
url(r'^api/v2.1/shared-repos/$', SharedRepos.as_view(), name='api-v2.1-shared-repos'),
url(r'^api/v2.1/shared-repos/(?P<repo_id>[-0-9a-f]{36})/$', SharedRepo.as_view(), name='api-v2.1-shared-repo'),
url(r'^api/v2.1/share-links/$', ShareLinks.as_view(), name='api-v2.1-share-links'),
url(r'^api/v2.1/share-links/(?P<token>[a-f0-9]{10})/$', ShareLink.as_view(), name='api-v2.1-share-link'),
url(r'^api/v2.1/share-links/(?P<token>[a-f0-9]+)/$', ShareLink.as_view(), name='api-v2.1-share-link'),
url(r'^api/v2.1/upload-links/$', UploadLinks.as_view(), name='api-v2.1-upload-links'),
url(r'^api/v2.1/upload-links/(?P<token>[a-f0-9]{10})/$', UploadLink.as_view(), name='api-v2.1-upload-link'),
url(r'^api/v2.1/upload-links/(?P<token>[a-f0-9]+)/$', UploadLink.as_view(), name='api-v2.1-upload-link'),
url(r'^api/v2.1/repos/(?P<repo_id>[-0-9a-f]{36})/file/$', FileView.as_view(), name='api-v2.1-file-view'),
url(r'^api/v2.1/repos/(?P<repo_id>[-0-9a-f]{36})/dirents/download-link/$', DirentsDownloadLinkView.as_view(), name='api-v2.1-dirents-download-link-view'),
url(r'^api/v2.1/repos/(?P<repo_id>[-0-9a-f]{36})/zip-task/$', ZipTaskView.as_view(), name='api-v2.1-zip-task'),

20
tests/api/test_shares.py
View File

@@ -53,7 +53,7 @@ class FileSharedLinkApiTest(BaseTestCase):
)
self.assertEqual(201, resp.status_code)
self.assertRegexpMatches(resp._headers['location'][1],
r'http(.*)/f/(\w{10,10})/')
r'http(.*)/f/(\w{10,100})/')
token = resp._headers['location'][1].split('/')[-2]
self.assertIsNotNone(FileShare.objects.get(token=token))
@@ -69,7 +69,7 @@ class FileSharedLinkApiTest(BaseTestCase):
)
self.assertEqual(201, resp.status_code)
self.assertRegexpMatches(resp._headers['location'][1],
r'http(.*)/f/(\w{10,10})/')
r'http(.*)/f/(\w{10,100})/')
token = resp._headers['location'][1].split('/')[-2]
fileshare = FileShare.objects.get(token=token)
@@ -86,7 +86,7 @@ class FileSharedLinkApiTest(BaseTestCase):
)
self.assertEqual(201, resp.status_code)
self.assertRegexpMatches(resp._headers['location'][1],
r'http(.*)/f/(\w{10,10})/')
r'http(.*)/f/(\w{10,100})/')
token = resp._headers['location'][1].split('/')[-2]
fileshare = FileShare.objects.get(token=token)
@@ -103,7 +103,7 @@ class FileSharedLinkApiTest(BaseTestCase):
)
self.assertEqual(201, resp.status_code)
self.assertRegexpMatches(resp._headers['location'][1],
r'http(.*)/f/(\w{10,10})/')
r'http(.*)/f/(\w{10,100})/')
token = resp._headers['location'][1].split('/')[-2]
fileshare = FileShare.objects.get(token=token)
@@ -122,7 +122,7 @@ class FileSharedLinkApiTest(BaseTestCase):
self.assertEqual(201, resp.status_code)
self.dir_link_location = resp._headers['location'][1]
self.assertRegexpMatches(self.dir_link_location,
r'http(.*)/d/(\w{10,10})/')
r'http(.*)/d/(\w{10,100})/')
token = resp._headers['location'][1].split('/')[-2]
self.assertIsNotNone(FileShare.objects.get(token=token))
@@ -139,7 +139,7 @@ class FileSharedLinkApiTest(BaseTestCase):
self.assertEqual(201, resp.status_code)
self.dir_link_location = resp._headers['location'][1]
self.assertRegexpMatches(self.dir_link_location,
r'http(.*)/d/(\w{10,10})/')
r'http(.*)/d/(\w{10,100})/')
token = resp._headers['location'][1].split('/')[-2]
fileshare = FileShare.objects.get(token=token)
@@ -157,7 +157,7 @@ class FileSharedLinkApiTest(BaseTestCase):
self.assertEqual(201, resp.status_code)
self.dir_link_location = resp._headers['location'][1]
self.assertRegexpMatches(self.dir_link_location,
r'http(.*)/d/(\w{10,10})/')
r'http(.*)/d/(\w{10,100})/')
token = resp._headers['location'][1].split('/')[-2]
fileshare = FileShare.objects.get(token=token)
@@ -175,7 +175,7 @@ class FileSharedLinkApiTest(BaseTestCase):
self.assertEqual(201, resp.status_code)
self.dir_link_location = resp._headers['location'][1]
self.assertRegexpMatches(self.dir_link_location,
r'http(.*)/d/(\w{10,10})/')
r'http(.*)/d/(\w{10,100})/')
token = resp._headers['location'][1].split('/')[-2]
fileshare = FileShare.objects.get(token=token)
@@ -194,7 +194,7 @@ class FileSharedLinkApiTest(BaseTestCase):
self.assertEqual(201, resp.status_code)
self.dir_link_location = resp._headers['location'][1]
self.assertRegexpMatches(self.dir_link_location,
r'http(.*)/u/d/(\w{10,10})/')
r'http(.*)/u/d/(\w{10,100})/')
token = resp._headers['location'][1].split('/')[-2]
self.assertIsNotNone(UploadLinkShare.objects.get(token=token))
@@ -211,7 +211,7 @@ class FileSharedLinkApiTest(BaseTestCase):
self.assertEqual(201, resp.status_code)
self.dir_link_location = resp._headers['location'][1]
self.assertRegexpMatches(self.dir_link_location,
r'http(.*)/u/d/(\w{10,10})/')
r'http(.*)/u/d/(\w{10,100})/')
token = resp._headers['location'][1].split('/')[-2]
uls = UploadLinkShare.objects.get(token=token)