56 lines
1.5 KiB
Python
56 lines
1.5 KiB
Python
import os
|
|
import re
|
|
|
|
from flask import Blueprint, abort, send_from_directory
|
|
|
|
from platypush.config import Config
|
|
from platypush.backend.http.app import template_folder
|
|
from platypush.backend.http.app.utils import authenticate, authentication_ok, \
|
|
send_message
|
|
|
|
|
|
resources = Blueprint('resources', __name__, template_folder=template_folder)
|
|
|
|
# Declare routes list
|
|
__routes__ = [
|
|
resources,
|
|
]
|
|
|
|
@resources.route('/resources/<path:path>', methods=['GET'])
|
|
def resources_path(path):
|
|
""" Custom static resources """
|
|
path_tokens = path.split('/')
|
|
filename = path_tokens.pop(-1)
|
|
http_conf = Config.get('backend.http')
|
|
resource_dirs = http_conf.get('resource_dirs', {})
|
|
|
|
while path_tokens:
|
|
if '/'.join(path_tokens) in resource_dirs:
|
|
break
|
|
path_tokens.pop()
|
|
|
|
if not path_tokens:
|
|
# Requested resource not found in the allowed resource_dirs
|
|
abort(404)
|
|
|
|
base_path = '/'.join(path_tokens)
|
|
real_base_path = os.path.abspath(os.path.expanduser(resource_dirs[base_path]))
|
|
real_path = real_base_path
|
|
|
|
file_path = [s for s in re.sub(r'^{}(.*)$'.format(base_path), '\\1', path)
|
|
.split('/') if s]
|
|
|
|
for p in file_path[:-1]:
|
|
real_path += os.sep + p
|
|
file_path.pop(0)
|
|
|
|
file_path = file_path.pop(0)
|
|
if not real_path.startswith(real_base_path):
|
|
# Directory climbing attempt
|
|
abort(404)
|
|
|
|
return send_from_directory(real_path, file_path)
|
|
|
|
|
|
# vim:sw=4:ts=4:et:
|