tempspace-cli 1.2.8__tar.gz → 1.3.0__tar.gz

{tempspace_cli-1.2.8 → tempspace_cli-1.3.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: tempspace-cli
-Version: 1.2.8
+Version: 1.3.0
 Summary: A command-line tool for uploading files to Tempspace.
 Author-email: Tempspace <mcbplay1@gmail.com>
 License: MIT License

{tempspace_cli-1.2.8 → tempspace_cli-1.3.0}/cli/tempspace.py

@@ -4,8 +4,15 @@ import os
 import sys
 import hashlib
 import multiprocessing
-
 import math
+import re
+import shutil
+import tempfile
+import json
+import uuid
+from pathlib import Path
+from urllib.parse import unquote
+
 from rich.console import Console
 from rich.panel import Panel
 from rich.table import Table
@@ -13,16 +20,62 @@ from rich import box
 import qrcode
 from rich.prompt import Prompt, Confirm
 from rich.progress import Progress, BarColumn, TextColumn, TransferSpeedColumn, TimeRemainingColumn
-
 from rich.live import Live
-import shutil
-import tempfile
 from requests.adapters import HTTPAdapter
 from urllib3.util.retry import Retry
 
-# Default configuration
 DEFAULT_SERVER_URL = "https://tempspace.needrp.net"
-CHUNK_SIZE = 1024 * 1024  # 1MB
+CHUNK_SIZE = 1024 * 1024
+REQUEST_TIMEOUT = 30
+VALID_HOURS = [1, 3, 6, 12, 24, 48, 168, 336, 720]
+CONFIG_DIR = Path.home() / ".tempspace"
+CONFIG_FILE = CONFIG_DIR / "config.json"
+HISTORY_FILE = CONFIG_DIR / "history.json"
+MAX_HISTORY = 50
+
+
+def load_config() -> dict:
+    """Loads configuration from ~/.tempspace/config.json."""
+    if CONFIG_FILE.exists():
+        try:
+            with open(CONFIG_FILE, 'r') as f:
+                return json.load(f)
+        except Exception:
+            pass
+    return {}
+
+
+def save_config(config: dict):
+    """Saves configuration to ~/.tempspace/config.json."""
+    CONFIG_DIR.mkdir(parents=True, exist_ok=True)
+    with open(CONFIG_FILE, 'w') as f:
+        json.dump(config, f, indent=2)
+
+
+def load_history() -> list:
+    """Loads upload history from ~/.tempspace/history.json."""
+    if HISTORY_FILE.exists():
+        try:
+            with open(HISTORY_FILE, 'r') as f:
+                return json.load(f)
+        except Exception:
+            pass
+    return []
+
+
+def save_history(history: list):
+    """Saves upload history to ~/.tempspace/history.json."""
+    CONFIG_DIR.mkdir(parents=True, exist_ok=True)
+    history = history[:MAX_HISTORY]
+    with open(HISTORY_FILE, 'w') as f:
+        json.dump(history, f, indent=2)
+
+
+def add_to_history(entry: dict):
+    """Adds an upload entry to history."""
+    history = load_history()
+    history.insert(0, entry)
+    save_history(history)
 
 def parse_time(time_str: str) -> int:
     """Parses a user-provided time string into a total number of hours.
@@ -54,6 +107,11 @@ def parse_time(time_str: str) -> int:
         except ValueError:
             return None
 
+
+def validate_hours(hours: int) -> bool:
+    """Validates that hours is an accepted value by the server."""
+    return hours in VALID_HOURS
+
 def format_size(size_bytes: int) -> str:
     """Converts a file size in bytes into a human-readable string.
 
@@ -92,7 +150,7 @@ def calculate_file_hash(filepath: str) -> str:
 
 
 def get_retry_session(retries=5, backoff_factor=1, status_forcelist=[500, 502, 503, 504]):
-    """Creates a requests Session with automatic retries."""
+    """Creates a requests Session with automatic retries and default timeout."""
     session = requests.Session()
     retry = Retry(
         total=retries,
@@ -104,74 +162,51 @@ def get_retry_session(retries=5, backoff_factor=1, status_forcelist=[500, 502, 5
     adapter = HTTPAdapter(max_retries=retry)
     session.mount('http://', adapter)
     session.mount('https://', adapter)
+    session.request_timeout = REQUEST_TIMEOUT
     return session
 
 
-def zip_directory(path: str) -> str:
-    """Zips a directory and returns the path to the temporary zip file."""
-    # Create a temporary directory to store the zip
+def zip_directory(path: str) -> tuple[str, str]:
+    """Zips a directory and returns the path to the zip file and temp directory."""
     temp_dir = tempfile.mkdtemp()
-    # Use the original folder name for the zip file
     base_name = os.path.basename(os.path.normpath(path))
     archive_base = os.path.join(temp_dir, base_name)
-    
     shutil.make_archive(archive_base, 'zip', path)
-    return archive_base + ".zip"
+    return archive_base + ".zip", temp_dir
 
 
 def download_file(console, url, password=None):
     """Downloads a file from Tempspace."""
     session = get_retry_session()
-    
+
     try:
-        # Check if it's a valid Tempspace URL and extract ID logic if needed, 
-        # but for now we'll assume the URL is the full download link or similar.
-        # Actually, the user provides the "Download Link" which usually leads to a landing page.
-        # The CLI needs to handle the actual file download.
-        # If the URL is http://site/DOWLOAD_ID, the direct download might be different.
-        # Let's assume the user passes the direct download link or we try to download from it.
-        # However, Tempspace likely has a landing page.
-        # If the user gives the landing page URL, we might need to scrape or use an API.
-        # Given I don't see the server code, I'll assume the user might provide a direct file URL 
-        # or the tool should try to GET the URL.
-        # If the server has an API like /api/download/<id>?password=..., that would be best.
-        # Looking at upload_file response: `download_link = data.get('url')`.
-        # Code audit earlier showed `DEFAULT_SERVER_URL`.
-        # Use regex to extract ID from URL if possible, or just try GET.
-        
-        # Simple approach: GET the URL. If it initiates a download (headers), good.
-        
-        session.head(url, allow_redirects=True)
-        # Check headers for content-disposition or just proceed
-        
-        if password:
-             # If password is needed, headers or query param might be required.
-             # Since I don't know the exact server auth mechanism for downloads,
-             # I will try passing it as a query param 'password' or header 'X-Password'.
-             # Better: ask the user to enter it if the server responds 401/403.
-             pass
-
-        # For a streaming download
-        response = session.get(url, stream=True, params={'password': password} if password else None)
+        response = session.get(url, stream=True, params={'password': password} if password else None, timeout=REQUEST_TIMEOUT)
+
+        if response.status_code in (401, 403):
+            if password:
+                console.print(Panel("[bold red]Error:[/] Incorrect password.", border_style="red"))
+                return
+            password = Prompt.ask("This file is password protected. Enter password", password=True)
+            response = session.get(url, stream=True, params={'password': password}, timeout=REQUEST_TIMEOUT)
+
         response.raise_for_status()
-        
+
         total_size = int(response.headers.get('content-length', 0))
         disposition = response.headers.get('content-disposition')
-        # Try to get filename from Content-Disposition
+
         filename = None
         if disposition:
-            import re
-            # specific regex for filename="example.txt" or filename=example.txt
-            fname = re.findall(r'filename=["\']?([^"\';]+)["\']?', disposition)
-            if fname:
-                filename = fname[0]
-        
-        # Fallback to URL if no filename found from headers
+            fname = re.findall(r"filename\*=UTF-8''([^;]+)|filename=\"?([^\";]+)\"?", disposition)
+            for match in fname:
+                filename = match[0] or match[1]
+                if filename:
+                    filename = unquote(filename)
+                    break
+
         if not filename:
-             from urllib.parse import unquote
-             parsed_path = unquote(url.split("?")[0])
-             filename = parsed_path.split("/")[-1]
-             
+            parsed_path = unquote(url.split("?")[0])
+            filename = parsed_path.split("/")[-1]
+
         if not filename:
             filename = "downloaded_file"
 
@@ -182,21 +217,25 @@ def download_file(console, url, password=None):
             TransferSpeedColumn(), "•",
             TimeRemainingColumn(),
         )
-        
+
         with Live(Panel(progress, title="[cyan]Downloading[/cyan]", border_style="cyan", title_align="left")):
             task_id = progress.add_task(filename, total=total_size)
             with open(filename, 'wb') as f:
                 for chunk in response.iter_content(CHUNK_SIZE):
                     f.write(chunk)
                     progress.update(task_id, advance=len(chunk))
-                    
+
         console.print(Panel(f"[bold green]Download successful![/] Saved to '{filename}'", border_style="green"))
 
+    except requests.exceptions.Timeout:
+        console.print(Panel("[bold red]Error:[/] Download timed out.", border_style="red"))
+    except requests.exceptions.ConnectionError:
+        console.print(Panel("[bold red]Error:[/] Connection failed. Check your internet connection.", border_style="red"))
     except Exception as e:
         console.print(Panel(f"[bold red]Download failed:[/] {e}", border_style="red"))
 
 
-def upload_file(console, filepath, hours, password, one_time, qr, url):
+def upload_file(console, filepath, hours, password, one_time, qr, url, client_id=None):
     """Handles the upload of a single file.
 
     Args:
@@ -207,13 +246,20 @@ def upload_file(console, filepath, hours, password, one_time, qr, url):
         one_time (bool): Whether the file should be a one-time download.
         qr (bool): Whether to display a QR code for the download link.
         url (str): The base URL of the Tempspace server.
+        client_id (str): Optional client ID for file ownership tracking.
     """
-    # --- Validate Inputs ---
     if not os.path.isfile(filepath):
         console.print(Panel(f"[bold red]Error:[/] File not found at '{filepath}'", title="[bold red]Error[/bold red]", border_style="red"))
-        return  # Return instead of exiting to allow other files to be processed
+        return False
+
+    if password and len(password) < 4:
+        console.print(Panel("[bold red]Error:[/] Password must be at least 4 characters.", border_style="red"))
+        return False
+
+    if not validate_hours(hours):
+        console.print(Panel(f"[bold red]Error:[/] Invalid expiry time '{hours}'. Valid values: {VALID_HOURS}", border_style="red"))
+        return False
 
-    # --- Display File Details ---
     table = Table(title="File Details", show_header=False, box=box.ROUNDED, border_style="cyan")
     table.add_column("Field", style="bold")
     table.add_column("Value")
@@ -223,27 +269,21 @@ def upload_file(console, filepath, hours, password, one_time, qr, url):
     table.add_row("Password", "[green]Yes[/green]" if password else "[red]No[/red]")
     table.add_row("One-Time Download", "[green]Yes[/green]" if one_time else "[red]No[/red]")
 
-    # --- Prepare Upload ---
     upload_url = f"{url.rstrip('/')}"
     filename = os.path.basename(filepath)
     file_size = os.path.getsize(filepath)
 
-    # --- Calculate Hash ---
     client_hash = calculate_file_hash(filepath)
     table.add_row("File Hash", f"[cyan]{client_hash}[/cyan]")
     console.print(table)
 
-
-    # --- Chunked Upload ---
     response = None
     session = get_retry_session()
     try:
-        # 1. Initiate Upload
-        initiate_response = session.post(f"{upload_url}/upload/initiate")
+        initiate_response = session.post(f"{upload_url}/upload/initiate", timeout=REQUEST_TIMEOUT)
         initiate_response.raise_for_status()
         upload_id = initiate_response.json()['upload_id']
 
-        # 2. Upload Chunks
         progress = Progress(
             TextColumn("[bold blue]{task.description}", justify="right"),
             BarColumn(bar_width=None),
@@ -267,29 +307,37 @@ def upload_file(console, filepath, hours, password, one_time, qr, url):
                     chunk_response = session.post(
                         f"{upload_url}/upload/chunk",
                         data=chunk_data,
-                        files=files
+                        files=files,
+                        timeout=REQUEST_TIMEOUT
                     )
                     chunk_response.raise_for_status()
                     progress.update(task_id, advance=len(chunk))
 
-        # 3. Finalize Upload
         console.print(Panel("[bold green]Finalizing upload...[/bold green]", border_style="green"))
         finalize_data = {
             'upload_id': upload_id,
             'filename': filename,
             'hours': str(hours),
             'one_time': str(one_time).lower(),
-            'client_hash': client_hash,  # Send the client-side hash for verification
+            'client_hash': client_hash,
         }
+        if client_id:
+            finalize_data['client_id'] = client_id
         if password:
             finalize_data['password'] = password
 
-        response = session.post(f"{upload_url}/upload/finalize", data=finalize_data)
+        response = session.post(f"{upload_url}/upload/finalize", data=finalize_data, timeout=REQUEST_TIMEOUT)
         response.raise_for_status()
 
+    except requests.exceptions.Timeout:
+        console.print(Panel("[bold red]Error:[/] Upload timed out.", border_style="red"))
+        return False
+    except requests.exceptions.ConnectionError:
+        console.print(Panel("[bold red]Error:[/] Connection failed. Check your internet connection.", border_style="red"))
+        return False
     except FileNotFoundError:
-        console.print(Panel(f"[bold red]Error:[/] The file '{filepath}' was not found.", title="[bold red]Error[/bold red]", border_style="red"))
-        return
+        console.print(Panel(f"[bold red]Error:[/] The file '{filepath}' was not found.", border_style="red"))
+        return False
     except requests.exceptions.RequestException as e:
         error_message = str(e)
         if e.response:
@@ -297,13 +345,12 @@ def upload_file(console, filepath, hours, password, one_time, qr, url):
                 error_message = e.response.json().get('detail', e.response.text)
             except Exception:
                 error_message = e.response.text
-        console.print(Panel(f"[bold red]An error occurred:[/] {error_message}", title="[bold red]Error[/bold red]", border_style="red"))
-        return
+        console.print(Panel(f"[bold red]An error occurred:[/] {error_message}", border_style="red"))
+        return False
     except Exception as e:
-        console.print(Panel(f"[bold red]An unexpected error occurred:[/] {e}", title="[bold red]Error[/bold red]", border_style="red"))
-        return
+        console.print(Panel(f"[bold red]An unexpected error occurred:[/] {e}", border_style="red"))
+        return False
 
-    # --- Handle Response ---
     if response is not None:
         if response.status_code == 200:
             try:
@@ -327,8 +374,17 @@ def upload_file(console, filepath, hours, password, one_time, qr, url):
                     qr_code.make(fit=True)
                     qr_code.print_ascii()
 
+                from datetime import datetime
+                add_to_history({
+                    'filename': filename,
+                    'url': download_link,
+                    'hash': file_hash,
+                    'timestamp': datetime.now().isoformat()
+                })
+
+                return True
+
             except requests.exceptions.JSONDecodeError:
-                # Fallback for older servers or unexpected plain text responses
                 download_link = response.text.strip()
                 success_panel = Panel(f"[bold green]Upload successful![/bold green]\n\nDownload Link: {download_link}",
                                       title="[bold cyan]Success[/bold cyan]", border_style="green")
@@ -339,13 +395,43 @@ def upload_file(console, filepath, hours, password, one_time, qr, url):
                     qr_code.add_data(download_link)
                     qr_code.make(fit=True)
                     qr_code.print_ascii()
+
+                from datetime import datetime
+                add_to_history({
+                    'filename': filename,
+                    'url': download_link,
+                    'hash': None,
+                    'timestamp': datetime.now().isoformat()
+                })
+
+                return True
         else:
             try:
                 error_details = response.json()
                 error_message = error_details.get('detail', 'No details provided.')
             except requests.exceptions.JSONDecodeError:
                 error_message = response.text
-            console.print(Panel(f"[bold red]Error:[/] Upload failed with status code {response.status_code}\n[red]Server message:[/] {error_message}", title="[bold red]Error[/bold red]", border_style="red"))
+            console.print(Panel(f"[bold red]Error:[/] Upload failed with status code {response.status_code}\n[red]Server message:[/] {error_message}", border_style="red"))
+            return False
+
+    return False
+
+
+def get_client_id() -> str:
+    """Returns a persistent client ID from config, environment, or generates one."""
+    client_id = os.environ.get('TEMPSPACE_CLIENT_ID')
+    if client_id:
+        return client_id
+
+    config = load_config()
+    client_id = config.get('client_id')
+    if client_id:
+        return client_id
+
+    client_id = f"cli_{uuid.uuid4().hex[:12]}"
+    config['client_id'] = client_id
+    save_config(config)
+    return client_id
 
 
 def main():
@@ -356,22 +442,52 @@ def main():
     """
     console = Console()
 
-    # --- Handle Download Command ---
     if len(sys.argv) > 1 and sys.argv[1] == 'download':
         parser = argparse.ArgumentParser(description="Download a file from Tempspace.")
         parser.add_argument("url", help="The URL of the file to download.")
         parser.add_argument("-p", "--password", help="The password for the file.")
-        
-        # We process only the download arguments
+
         if len(sys.argv) == 2 and (sys.argv[1] == '-h' or sys.argv[1] == '--help'):
              parser.print_help()
              sys.exit(0)
-             
+
         args = parser.parse_args(sys.argv[2:])
         download_file(console, args.url, args.password)
         return
 
-    # --- Header ---
+    if len(sys.argv) > 1 and sys.argv[1] == 'history':
+        history = load_history()
+        if not history:
+            console.print(Panel("[yellow]No upload history found.[/yellow]", border_style="yellow"))
+            return
+
+        table = Table(title="Upload History", show_header=True, box=box.ROUNDED, border_style="cyan")
+        table.add_column("#", style="dim", width=4)
+        table.add_column("Filename", style="bold")
+        table.add_column("URL", style="green")
+        table.add_column("Date", style="cyan")
+
+        for i, entry in enumerate(history[:20], 1):
+            from datetime import datetime
+            date_str = datetime.fromisoformat(entry['timestamp']).strftime("%Y-%m-%d %H:%M")
+            table.add_row(str(i), entry['filename'], entry['url'], date_str)
+
+        console.print(table)
+        return
+
+    if len(sys.argv) > 1 and sys.argv[1] == 'config':
+        config = load_config()
+        if len(sys.argv) > 2 and sys.argv[2] == 'show':
+            console.print(Panel(json.dumps(config, indent=2), title="Config", border_style="cyan"))
+        elif len(sys.argv) > 3 and sys.argv[2] == 'set':
+            key, value = sys.argv[3].split('=', 1) if '=' in sys.argv[3] else (sys.argv[3], sys.argv[4] if len(sys.argv) > 4 else '')
+            config[key] = value
+            save_config(config)
+            console.print(Panel(f"[green]Set {key}={value}[/green]", border_style="green"))
+        else:
+            console.print("Usage: tempspace config [show|set KEY=VALUE]")
+        return
+
     console.print(Panel("[bold cyan]Tempspace File Uploader[/bold cyan]", expand=False, border_style="blue"))
 
     parser = argparse.ArgumentParser(
@@ -391,9 +507,7 @@ def main():
 
     filepaths = args.filepaths
 
-    # --- Interactive Mode ---
     if args.it:
-        # Interactive mode only supports a single file, so we overwrite the filepaths list
         filepath = Prompt.ask("Enter the path to the file you want to upload")
         filepaths = [filepath]
         args.time = Prompt.ask("Set the file's expiration time (e.g., '24h', '7d')", default='24')
@@ -401,7 +515,6 @@ def main():
         args.one_time = Confirm.ask("Delete the file after the first download?", default=False)
         args.qr = Confirm.ask("Display a QR code of the download link?", default=False)
 
-    # --- Validate Inputs ---
     if not filepaths:
         console.print(Panel("[bold red]Error:[/] No file path(s) provided.", title="[bold red]Error[/bold red]", border_style="red"))
         parser.print_help()
@@ -412,24 +525,41 @@ def main():
         console.print(Panel(f"[bold red]Error:[/] Invalid time format '{args.time}'. Use formats like '24h', '7d', or '360'.", title="[bold red]Error[/bold red]", border_style="red"))
         sys.exit(1)
 
-    # --- Process each file ---
-    # --- Process each file ---
+    if not validate_hours(hours):
+        console.print(Panel(f"[bold red]Error:[/] Invalid expiry time '{hours}'. Valid values: {VALID_HOURS}", title="[bold red]Error[/bold red]", border_style="red"))
+        sys.exit(1)
+
+    if args.password and len(args.password) < 4:
+        console.print(Panel("[bold red]Error:[/] Password must be at least 4 characters.", title="[bold red]Error[/bold red]", border_style="red"))
+        sys.exit(1)
+
+    client_id = get_client_id()
+    all_success = True
+
     for i, filepath in enumerate(filepaths):
         actual_path = filepath
         is_temp = False
-        
+        temp_dir = None
+
         if os.path.isdir(filepath):
             console.print(f"[bold yellow]Zipping directory '{os.path.basename(filepath)}'...[/]")
-            actual_path = zip_directory(filepath)
+            actual_path, temp_dir = zip_directory(filepath)
             is_temp = True
 
         if len(filepaths) > 1:
             console.print(f"\n[bold yellow]Uploading file {i+1} of {len(filepaths)}: {os.path.basename(actual_path)}[/bold yellow]\n")
-        
-        upload_file(console, actual_path, hours, args.password, args.one_time, args.qr, args.url)
-        
+
+        success = upload_file(console, actual_path, hours, args.password, args.one_time, args.qr, args.url, client_id)
+        if not success:
+            all_success = False
+
         if is_temp:
             os.remove(actual_path)
+            if temp_dir:
+                shutil.rmtree(temp_dir, ignore_errors=True)
+
+    if not all_success:
+        sys.exit(1)
 
 
 if __name__ == "__main__":

{tempspace_cli-1.2.8 → tempspace_cli-1.3.0}/pyproject.toml

@@ -7,7 +7,7 @@ packages = ["cli"]
 
 [project]
 name = "tempspace-cli"
-version = "1.2.8"
+version = "1.3.0"
 authors = [
     { name="Tempspace", email="mcbplay1@gmail.com" },
 ]

{tempspace_cli-1.2.8 → tempspace_cli-1.3.0}/tempspace_cli.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: tempspace-cli
-Version: 1.2.8
+Version: 1.3.0
 Summary: A command-line tool for uploading files to Tempspace.
 Author-email: Tempspace <mcbplay1@gmail.com>
 License: MIT License

tempspace_cli-1.3.0/tests/test_cli.py

@@ -0,0 +1,270 @@
+
+import os
+import shutil
+import tempfile
+import hashlib
+from pathlib import Path
+
+from unittest.mock import MagicMock, patch
+from cli.tempspace import parse_time, format_size, calculate_file_hash, zip_directory, upload_file, download_file, main, validate_hours
+
+
+# --- Unit Tests ---
+
+def test_parse_time():
+    assert parse_time("7d") == 168
+    assert parse_time("24h") == 24
+    assert parse_time("360") == 360
+    assert parse_time("1D") == 24
+    assert parse_time("2H") == 2
+    assert parse_time(" 7d ") == 168
+    assert parse_time("invalid") is None
+    assert parse_time("1w") is None
+
+def test_format_size():
+    assert format_size(0) == "0B"
+    assert format_size(1023) == "1023.0 B"
+    assert format_size(100) == "100.0 B"
+    assert format_size(1024) == "1.0 KB"
+    assert format_size(1024 * 1024) == "1.0 MB"
+    assert format_size(1024 * 1024 * 1024 * 2.5) == "2.5 GB"
+
+def test_validate_hours():
+    assert validate_hours(24) is True
+    assert validate_hours(1) is True
+    assert validate_hours(720) is True
+    assert validate_hours(999) is False
+    assert validate_hours(0) is False
+    assert validate_hours(5) is False
+
+def test_calculate_file_hash():
+    with tempfile.NamedTemporaryFile(delete=False) as f:
+        f.write(b"hello world")
+        filepath = f.name
+    try:
+        expected_hash = hashlib.sha256(b"hello world").hexdigest()
+        assert calculate_file_hash(filepath) == expected_hash
+    finally:
+        os.remove(filepath)
+
+def test_zip_directory():
+    temp_dir = tempfile.mkdtemp()
+    try:
+        os.makedirs(os.path.join(temp_dir, "subdir"))
+        with open(os.path.join(temp_dir, "file1.txt"), "w") as f:
+            f.write("content1")
+
+        zip_path, zip_temp_dir = zip_directory(temp_dir)
+
+        assert os.path.exists(zip_path)
+        assert zip_path.endswith(".zip")
+        assert os.path.basename(temp_dir) in os.path.basename(zip_path)
+        assert os.path.exists(zip_temp_dir)
+
+        os.remove(zip_path)
+        shutil.rmtree(zip_temp_dir)
+    finally:
+        shutil.rmtree(temp_dir)
+
+# --- Mock Tests ---
+
+@patch('cli.tempspace.requests.Session')
+def test_upload_file_success(mock_session_cls, capsys):
+    mock_session = mock_session_cls.return_value
+
+    mock_session.post.side_effect = [
+        MagicMock(status_code=200, json=lambda: {'upload_id': '123'}),
+        MagicMock(status_code=200),
+        MagicMock(status_code=200, json=lambda: {'url': 'http://test.com/file', 'hash': 'abc', 'hash_verified': True})
+    ]
+
+    with tempfile.NamedTemporaryFile(delete=False) as f:
+        f.write(b"test content")
+        filepath = f.name
+
+    mock_console = MagicMock()
+
+    try:
+        result = upload_file(mock_console, filepath, 24, None, False, False, "http://test-server", "test-client-id")
+
+        assert result is True
+        assert mock_session.post.call_count == 3
+        mock_session.post.call_args_list[0][0][0].endswith("/upload/initiate")
+        mock_session.post.call_args_list[2][0][0].endswith("/upload/finalize")
+
+    finally:
+        os.remove(filepath)
+
+@patch('cli.tempspace.requests.Session')
+def test_upload_file_invalid_hours(mock_session_cls):
+    mock_session = mock_session_cls.return_value
+
+    with tempfile.NamedTemporaryFile(delete=False) as f:
+        f.write(b"test content")
+        filepath = f.name
+
+    mock_console = MagicMock()
+
+    try:
+        result = upload_file(mock_console, filepath, 999, None, False, False, "http://test-server")
+        assert result is False
+        assert mock_session.post.call_count == 0
+    finally:
+        os.remove(filepath)
+
+@patch('cli.tempspace.requests.Session')
+def test_upload_file_short_password(mock_session_cls):
+    mock_session = mock_session_cls.return_value
+
+    with tempfile.NamedTemporaryFile(delete=False) as f:
+        f.write(b"test content")
+        filepath = f.name
+
+    mock_console = MagicMock()
+
+    try:
+        result = upload_file(mock_console, filepath, 24, "ab", False, False, "http://test-server")
+        assert result is False
+        assert mock_session.post.call_count == 0
+    finally:
+        os.remove(filepath)
+
+@patch('cli.tempspace.requests.Session')
+def test_download_file_success(mock_session_cls):
+    mock_session = mock_session_cls.return_value
+
+    content = b"downloaded content"
+    mock_response = MagicMock(status_code=200)
+    mock_response.headers = {'content-length': str(len(content)), 'content-disposition': 'attachment; filename="server_file.txt"'}
+    mock_response.iter_content.return_value = [content]
+    mock_session.get.return_value = mock_response
+
+    mock_console = MagicMock()
+
+    try:
+        download_file(mock_console, "http://test-server/file")
+
+        assert os.path.exists("server_file.txt")
+        with open("server_file.txt", "rb") as f:
+            assert f.read() == content
+    finally:
+        if os.path.exists("server_file.txt"):
+            os.remove("server_file.txt")
+
+
+@patch('sys.argv', ['tempspace', 'file.txt'])
+@patch('cli.tempspace.upload_file')
+def test_main_upload_defaults(mock_upload):
+    mock_upload.return_value = True
+    with patch('cli.tempspace.os.path.isfile', return_value=True):
+        main()
+
+    mock_upload.assert_called_once()
+    args = mock_upload.call_args[0]
+    assert args[1] == 'file.txt'
+    assert args[2] == 24
+    assert args[7] is not None
+
+@patch('sys.argv', ['tempspace', 'file.txt', '-t', '1h', '-p', 'secret', '--qr'])
+@patch('cli.tempspace.upload_file')
+def test_main_upload_custom(mock_upload):
+    mock_upload.return_value = True
+    with patch('cli.tempspace.os.path.isfile', return_value=True):
+        main()
+
+    args = mock_upload.call_args[0]
+    assert args[1] == 'file.txt'
+    assert args[2] == 1
+    assert args[3] == 'secret'
+    assert args[5] is True
+
+@patch('sys.argv', ['tempspace', 'download', 'http://example.com/file', '-p', 'pass'])
+@patch('cli.tempspace.download_file')
+def test_main_download_command(mock_download):
+    main()
+    mock_download.assert_called_once()
+    args = mock_download.call_args[0]
+    assert args[1] == 'http://example.com/file'
+    assert args[2] == 'pass'
+
+
+@patch('cli.tempspace.requests.Session')
+@patch('cli.tempspace.Prompt.ask', return_value='correct_password')
+def test_download_file_prompts_for_password(mock_prompt, mock_session_cls):
+    mock_session = mock_session_cls.return_value
+
+    content = b"secret content"
+    mock_response_401 = MagicMock(status_code=401)
+    mock_response_200 = MagicMock(status_code=200)
+    mock_response_200.headers = {'content-length': str(len(content)), 'content-disposition': 'attachment; filename="secret.txt"'}
+    mock_response_200.iter_content.return_value = [content]
+    mock_session.get.side_effect = [mock_response_401, mock_response_200]
+
+    mock_console = MagicMock()
+
+    try:
+        download_file(mock_console, "http://test-server/secret")
+
+        assert mock_prompt.called
+        assert os.path.exists("secret.txt")
+        with open("secret.txt", "rb") as f:
+            assert f.read() == content
+    finally:
+        if os.path.exists("secret.txt"):
+            os.remove("secret.txt")
+
+
+def test_load_save_config():
+    """Test config file loading and saving."""
+    from cli.tempspace import load_config, save_config, CONFIG_DIR, CONFIG_FILE
+    import tempfile
+
+    with tempfile.TemporaryDirectory() as tmpdir:
+        import cli.tempspace as cli_module
+        original_config_dir = cli_module.CONFIG_DIR
+        original_config_file = cli_module.CONFIG_FILE
+
+        try:
+            cli_module.CONFIG_DIR = Path(tmpdir)
+            cli_module.CONFIG_FILE = Path(tmpdir) / "config.json"
+
+            save_config({"client_id": "test-id", "server_url": "http://test.com"})
+            config = load_config()
+
+            assert config["client_id"] == "test-id"
+            assert config["server_url"] == "http://test.com"
+        finally:
+            cli_module.CONFIG_DIR = original_config_dir
+            cli_module.CONFIG_FILE = original_config_file
+
+
+def test_load_save_history():
+    """Test history file loading and saving."""
+    from cli.tempspace import load_history, save_history, add_to_history
+    import tempfile
+
+    with tempfile.TemporaryDirectory() as tmpdir:
+        import cli.tempspace as cli_module
+        original_config_dir = cli_module.CONFIG_DIR
+        original_history_file = cli_module.HISTORY_FILE
+
+        try:
+            cli_module.CONFIG_DIR = Path(tmpdir)
+            cli_module.HISTORY_FILE = Path(tmpdir) / "history.json"
+
+            save_history([
+                {"filename": "test1.txt", "url": "http://test.com/1", "timestamp": "2024-01-01T00:00:00"},
+                {"filename": "test2.txt", "url": "http://test.com/2", "timestamp": "2024-01-02T00:00:00"}
+            ])
+
+            history = load_history()
+            assert len(history) == 2
+            assert history[0]["filename"] == "test1.txt"
+
+            add_to_history({"filename": "test3.txt", "url": "http://test.com/3", "timestamp": "2024-01-03T00:00:00"})
+            history = load_history()
+            assert len(history) == 3
+            assert history[0]["filename"] == "test3.txt"
+        finally:
+            cli_module.CONFIG_DIR = original_config_dir
+            cli_module.HISTORY_FILE = original_history_file

{tempspace_cli-1.2.8 → tempspace_cli-1.3.0}/tests/test_main.py

@@ -3,7 +3,7 @@ from fastapi.testclient import TestClient
 from main import (
     app, UPLOAD_DIR, RateLimiter, RATE_LIMIT_UPLOADS, RATE_LIMIT_DOWNLOADS, 
     RATE_LIMIT_WINDOW, cleanup_expired_files, shutdown_event, 
-    is_video, is_text, format_bytes
+    is_video, is_text, format_bytes, sanitize_filename, hash_password, verify_password
 )
 import os
 import shutil
@@ -757,3 +757,220 @@ def test_download_content_disposition():
     # Starlette/FastAPI FileResponse might use filename*=UTF-8''... for safety
     cd = response.headers["content-disposition"]
     assert filename in cd
+
+
+def test_sanitize_filename_path_traversal():
+    """Test that sanitize_filename prevents path traversal attacks."""
+    assert sanitize_filename("../../../etc/passwd") == "passwd"
+    assert sanitize_filename("..\\..\\windows\\system32\\config\\sam") == "sam"
+    assert sanitize_filename("normal_file.txt") == "normal_file.txt"
+    assert sanitize_filename("   spaces   .txt") == "spaces   .txt"
+    assert sanitize_filename("....") == "unnamed_file"
+    assert sanitize_filename("") == "unnamed_file"
+    assert sanitize_filename("file\x00.txt") == "file.txt"
+
+
+def test_hash_password_with_salt():
+    """Test that hash_password produces salted hashes."""
+    password = "test_password"
+    hash1 = hash_password(password)
+    hash2 = hash_password(password)
+    # Hashes should be different due to random salt
+    assert hash1 != hash2
+    # Both should contain a colon separator
+    assert ":" in hash1
+    assert ":" in hash2
+
+
+def test_verify_password():
+    """Test that verify_password correctly validates passwords."""
+    password = "my_secret"
+    stored_hash = hash_password(password)
+    assert verify_password(password, stored_hash) is True
+    assert verify_password("wrong_password", stored_hash) is False
+    # Test backward compatibility with old unsalted hashes
+    old_hash = hashlib.sha256(password.encode()).hexdigest()
+    assert verify_password(password, old_hash) is True
+
+
+def test_upload_path_traversal_attempt():
+    """Test that uploading with a path traversal filename is sanitized."""
+    response = client.post(
+        "/upload",
+        files={"file": ("../../etc/passwd", b"malicious content", "text/plain")},
+        data={"hours": "1"},
+    )
+    assert response.status_code == 200
+    data = response.json()
+    assert data["filename"] == "passwd"
+
+
+def test_finalize_invalid_hours():
+    """Test that /upload/finalize rejects invalid expiry hours."""
+    initiate_response = client.post("/upload/initiate")
+    upload_id = initiate_response.json()["upload_id"]
+
+    client.post(
+        "/upload/chunk",
+        data={"upload_id": upload_id, "chunk_number": "1"},
+        files={"file": ("chunk", b"some content")},
+    )
+
+    finalize_response = client.post(
+        "/upload/finalize",
+        data={
+            "upload_id": upload_id,
+            "filename": "test.txt",
+            "hours": "999",
+        },
+    )
+    assert finalize_response.status_code == 400
+    assert "Invalid expiry time" in finalize_response.json()["detail"]
+
+
+def test_finalize_exceeds_max_size(monkeypatch):
+    """Test that /upload/finalize rejects files exceeding MAX_FILE_SIZE."""
+    monkeypatch.setattr("main.MAX_FILE_SIZE", 10)
+
+    initiate_response = client.post("/upload/initiate")
+    upload_id = initiate_response.json()["upload_id"]
+
+    client.post(
+        "/upload/chunk",
+        data={"upload_id": upload_id, "chunk_number": "1"},
+        files={"file": ("chunk", b"this is way more than ten bytes of content")},
+    )
+
+    finalize_response = client.post(
+        "/upload/finalize",
+        data={
+            "upload_id": upload_id,
+            "filename": "too_big.txt",
+            "hours": "1",
+        },
+    )
+    assert finalize_response.status_code == 413
+    assert "File too large" in finalize_response.json()["detail"]
+
+
+def test_health_endpoint_timezone_aware():
+    """Test that /health returns a timezone-aware timestamp."""
+    response = client.get("/health")
+    assert response.status_code == 200
+    data = response.json()
+    timestamp = data["timestamp"]
+    # Timezone-aware ISO format contains '+' or 'Z'
+    assert "+" in timestamp or "Z" in timestamp or timestamp.endswith("+00:00")
+
+
+def test_duplicate_preserves_one_time_flag():
+    """Test that uploading a duplicate file preserves the original one_time flag."""
+    content = b"unique content for one_time preservation test " + os.urandom(8)
+    response1 = client.post(
+        "/upload",
+        files={"file": ("one_time_original.txt", content, "text/plain")},
+        data={"hours": "1", "one_time": "true"},
+    )
+    assert response1.status_code == 200
+    data1 = response1.json()
+    assert data1["one_time"] is True
+
+    response2 = client.post(
+        "/upload",
+        files={"file": ("duplicate.txt", content, "text/plain")},
+        data={"hours": "1", "one_time": "false"},
+    )
+    assert response2.status_code == 200
+    data2 = response2.json()
+    assert data2["one_time"] is True
+    assert data1["file_id"] == data2["file_id"]
+
+
+def test_extend_file_expiry():
+    """Test extending file expiry time via /extend/{file_id}."""
+    client_id = "extend-test-client"
+    upload_response = client.post(
+        "/upload",
+        files={"file": ("extend_test.txt", b"extend me", "text/plain")},
+        data={"hours": "1", "client_id": client_id},
+    )
+    assert upload_response.status_code == 200
+    file_id = upload_response.json()["file_id"]
+    original_expiry = upload_response.json()["expires_at"]
+
+    extend_response = client.post(
+        f"/extend/{file_id}",
+        json={"client_id": client_id, "hours": 24}
+    )
+    assert extend_response.status_code == 200
+    data = extend_response.json()
+    assert data["success"] is True
+    assert data["new_expires_at"] != original_expiry
+
+
+def test_extend_file_unauthorized():
+    """Test that extending file expiry with wrong client_id fails."""
+    owner_client_id = "owner-client-extend"
+    upload_response = client.post(
+        "/upload",
+        files={"file": ("extend_unauth.txt", b"extend unauthorized", "text/plain")},
+        data={"hours": "1", "client_id": owner_client_id},
+    )
+    file_id = upload_response.json()["file_id"]
+
+    extend_response = client.post(
+        f"/extend/{file_id}",
+        json={"client_id": "wrong-client", "hours": 24}
+    )
+    assert extend_response.status_code == 403
+
+
+def test_extend_file_invalid_hours():
+    """Test that extending with invalid hours fails."""
+    client_id = "extend-invalid-client"
+    upload_response = client.post(
+        "/upload",
+        files={"file": ("extend_invalid.txt", b"extend invalid", "text/plain")},
+        data={"hours": "1", "client_id": client_id},
+    )
+    file_id = upload_response.json()["file_id"]
+
+    extend_response = client.post(
+        f"/extend/{file_id}",
+        json={"client_id": client_id, "hours": 999}
+    )
+    assert extend_response.status_code == 400
+
+
+def test_debug_bulk_delete_authorized():
+    """Test bulk delete with admin authentication."""
+    client_id = "bulk-delete-client"
+    file_ids = []
+
+    for i in range(3):
+        upload_response = client.post(
+            "/upload",
+            files={"file": (f"bulk_{i}.txt", f"bulk content {i}".encode(), "text/plain")},
+            data={"hours": "1", "client_id": client_id},
+        )
+        file_ids.append(upload_response.json()["file_id"])
+
+    bulk_response = client.post(
+        "/debug/bulk-delete",
+        auth=("admin", "changeme123"),
+        json={"file_ids": file_ids}
+    )
+    assert bulk_response.status_code == 200
+    data = bulk_response.json()
+    assert data["success"] is True
+    assert data["deleted_count"] == 3
+
+    for file_id in file_ids:
+        get_response = client.get(f"/{file_id}/bulk_0.txt")
+        assert get_response.status_code == 404
+
+
+def test_debug_bulk_delete_unauthorized():
+    """Test that bulk delete requires admin authentication."""
+    response = client.post("/debug/bulk-delete", json={"file_ids": ["fake-id"]})
+    assert response.status_code == 401

tempspace_cli-1.2.8/tests/test_cli.py

@@ -1,159 +0,0 @@
-
-import os
-import shutil
-import tempfile
-import hashlib
-
-from unittest.mock import MagicMock, patch
-from cli.tempspace import parse_time, format_size, calculate_file_hash, zip_directory, upload_file, download_file, main
-
-
-# --- Unit Tests ---
-
-def test_parse_time():
-    assert parse_time("7d") == 168
-    assert parse_time("24h") == 24
-    assert parse_time("360") == 360
-    assert parse_time("1D") == 24
-    assert parse_time("2H") == 2
-    assert parse_time(" 7d ") == 168
-    assert parse_time("invalid") is None
-    assert parse_time("1w") is None
-
-def test_format_size():
-    assert format_size(0) == "0B"
-    assert format_size(1023) == "1023.0 B"
-    assert format_size(100) == "100.0 B"
-    assert format_size(1024) == "1.0 KB"
-    assert format_size(1024 * 1024) == "1.0 MB"
-    assert format_size(1024 * 1024 * 1024 * 2.5) == "2.5 GB"
-
-def test_calculate_file_hash():
-    with tempfile.NamedTemporaryFile(delete=False) as f:
-        f.write(b"hello world")
-        filepath = f.name
-    try:
-        expected_hash = hashlib.sha256(b"hello world").hexdigest()
-        assert calculate_file_hash(filepath) == expected_hash
-    finally:
-        os.remove(filepath)
-
-def test_zip_directory():
-    # Create a dummy directory structure
-    temp_dir = tempfile.mkdtemp()
-    try:
-        os.makedirs(os.path.join(temp_dir, "subdir"))
-        with open(os.path.join(temp_dir, "file1.txt"), "w") as f:
-            f.write("content1")
-        
-        # Call zip_directory
-        zip_path = zip_directory(temp_dir)
-        
-        assert os.path.exists(zip_path)
-        assert zip_path.endswith(".zip")
-        assert os.path.basename(temp_dir) in os.path.basename(zip_path)
-        
-        # Cleanup zip
-        os.remove(zip_path)
-    finally:
-        shutil.rmtree(temp_dir)
-
-# --- Mock Tests ---
-
-@patch('cli.tempspace.requests.Session')
-def test_upload_file_success(mock_session_cls, capsys):
-    mock_session = mock_session_cls.return_value
-    
-    # Mock Initiate
-    mock_session.post.side_effect = [
-        MagicMock(status_code=200, json=lambda: {'upload_id': '123'}), # Initiate
-        MagicMock(status_code=200), # Chunk 1
-        MagicMock(status_code=200, json=lambda: {'url': 'http://test.com/file', 'hash': 'abc', 'hash_verified': True}) # Finalize
-    ]
-    
-    with tempfile.NamedTemporaryFile(delete=False) as f:
-        f.write(b"test content")
-        filepath = f.name
-        
-    mock_console = MagicMock()
-    
-    try:
-        upload_file(mock_console, filepath, 24, None, False, False, "http://test-server")
-        
-        # Assert calls
-        assert mock_session.post.call_count == 3
-        # Verify initiate call
-        mock_session.post.call_args_list[0][0][0].endswith("/upload/initiate")
-        # Verify finalize call
-        mock_session.post.call_args_list[2][0][0].endswith("/upload/finalize")
-        
-        # Verify success message printed
-        # mock_console.print.assert_called() # Hard to check partial strings on rich objects without more complex matching
-        
-    finally:
-        os.remove(filepath)
-
-@patch('cli.tempspace.requests.Session')
-def test_download_file_success(mock_session_cls):
-    mock_session = mock_session_cls.return_value
-    
-    # Mock HEAD request (optional/handled in code?) Code does checks but uses same session
-    mock_session.head.return_value = MagicMock(status_code=200)
-    
-    # Mock GET request
-    content = b"downloaded content"
-    mock_response = MagicMock(status_code=200)
-    mock_response.headers = {'content-length': str(len(content)), 'content-disposition': 'attachment; filename="server_file.txt"'}
-    mock_response.iter_content.return_value = [content]
-    mock_session.get.return_value = mock_response
-    
-    mock_console = MagicMock()
-    
-    # Run download
-    try:
-        download_file(mock_console, "http://test-server/file")
-        
-        # Verify file saved
-        assert os.path.exists("server_file.txt")
-        with open("server_file.txt", "rb") as f:
-            assert f.read() == content
-    finally:
-        if os.path.exists("server_file.txt"):
-            os.remove("server_file.txt")
-
-
-@patch('sys.argv', ['tempspace', 'file.txt'])
-@patch('cli.tempspace.upload_file')
-def test_main_upload_defaults(mock_upload):
-    # Mock os.path.isfile via patch is tricky if imported in module. 
-    # cli.tempspace uses os.path.isfile directly from os module import?
-    # It does `import os`. So `os.path.isfile`.
-    with patch('cli.tempspace.os.path.isfile', return_value=True):
-        main()
-        
-    mock_upload.assert_called_once()
-    # args: (console, filepath, hours, password, one_time, qr, url)
-    args = mock_upload.call_args[0]
-    assert args[1] == 'file.txt'
-    assert args[2] == 24  # Default 24h
-
-@patch('sys.argv', ['tempspace', 'file.txt', '-t', '1h', '-p', 'secret', '--qr'])
-@patch('cli.tempspace.upload_file')
-def test_main_upload_custom(mock_upload):
-    with patch('cli.tempspace.os.path.isfile', return_value=True):
-        main()
-        
-    args = mock_upload.call_args[0]
-    assert args[1] == 'file.txt'
-    assert args[2] == 1
-    assert args[3] == 'secret'
-    assert args[5] is True
-
-@patch('sys.argv', ['tempspace', 'download', 'http://example.com/file', '-p', 'pass'])
-@patch('cli.tempspace.download_file')
-def test_main_download_command(mock_download):
-    main()
-    mock_download.assert_called_once()
-    args = mock_download.call_args[0]
-    assert args[1] == 'http://example.com/file'
-    assert args[2] == 'pass'