56 lines
1.5 KiB
Python
56 lines
1.5 KiB
Python
|
import os
|
||
|
import re
|
||
|
|
||
|
from flask import Blueprint, abort, send_from_directory
|
||
|
|
||
|
from platypush.config import Config
|
||
|
from platypush.backend.http.app import template_folder
|
||
|
from platypush.backend.http.app.utils import authenticate, authentication_ok, \
|
||
|
send_message
|
||
|
|
||
|
|
||
|
resources = Blueprint('resources', __name__, template_folder=template_folder)
|
||
|
|
||
|
# Declare routes list
|
||
|
__routes__ = [
|
||
|
resources,
|
||
|
]
|
||
|
|
||
|
@resources.route('/resources/<path:path>', methods=['GET'])
|
||
|
def resources_path(path):
|
||
|
""" Custom static resources """
|
||
|
path_tokens = path.split('/')
|
||
|
filename = path_tokens.pop(-1)
|
||
|
http_conf = Config.get('backend.http')
|
||
|
resource_dirs = http_conf.get('resource_dirs', {})
|
||
|
|
||
|
while path_tokens:
|
||
|
if '/'.join(path_tokens) in resource_dirs:
|
||
|
break
|
||
|
path_tokens.pop()
|
||
|
|
||
|
if not path_tokens:
|
||
|
# Requested resource not found in the allowed resource_dirs
|
||
|
abort(404)
|
||
|
|
||
|
base_path = '/'.join(path_tokens)
|
||
|
real_base_path = os.path.abspath(os.path.expanduser(resource_dirs[base_path]))
|
||
|
real_path = real_base_path
|
||
|
|
||
|
file_path = [s for s in re.sub(r'^{}(.*)$'.format(base_path), '\\1', path)
|
||
|
.split('/') if s]
|
||
|
|
||
|
for p in file_path[:-1]:
|
||
|
real_path += os.sep + p
|
||
|
file_path.pop(0)
|
||
|
|
||
|
file_path = file_path.pop(0)
|
||
|
if not real_path.startswith(real_base_path):
|
||
|
# Directory climbing attempt
|
||
|
abort(404)
|
||
|
|
||
|
return send_from_directory(real_path, file_path)
|
||
|
|
||
|
|
||
|
# vim:sw=4:ts=4:et:
|