uploadserver 5.1.0__tar.gz → 5.2.0__tar.gz

{uploadserver-5.1.0/uploadserver.egg-info → uploadserver-5.2.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: uploadserver
-Version: 5.1.0
+Version: 5.2.0
 Summary: Python's http.server extended to include a file upload page
 Home-page: https://github.com/Densaugeo/uploadserver
 Author: Densaugeo
@@ -64,9 +64,7 @@ Now you can upload with basic authentication. For example:
 curl -X POST http://127.0.0.1:8000/upload -F 'files=@basicauth-example.txt' -u hello:world
 ~~~
 
-Uploads without authentication will be rejected. Note that basic authentication credentials can be stolen if sent over plain HTTP, so this option is best used with HTTPS.
-
-The server checks credentials before it handles the body of the request, so this mode of operation is not susceptible to DoS attack mentioned in the previous section.
+All requests without authentication will be rejected. Note that basic authentication credentials can be stolen if sent over plain HTTP, so this option is best used with HTTPS.
 
 ## Basic Authentication (uploads only)
 
@@ -76,7 +74,7 @@ python3 -m uploadserver --basic-auth-upload hello:world
 
 The same as above, but authentication is only required for upload operations.
 
-If both --basic-auth and --basic-auth-upload are specified, first one will be used for downloads and the second one for uploads.
+If both `--basic-auth` and `--basic-auth-upload` are specified, all requests will require one of the two credentials, but only the `--basic-auth-upload` credentials will be able to upload files.
 
 ## Theme Option
 
@@ -132,7 +130,7 @@ Note: This uses a self-signed server certificate which clients such as web brows
 
 ## Breaking Changes in 4.0.0
 
-- By default, uploaded files which have the same name as an existing file are renamed. To restore the previous behavior of overwriting them, pass `--allowreplace`.
+- By default, uploaded files which have the same name as an existing file are renamed. To restore the previous behavior of overwriting them, pass `--allow-replace`.
 - File uploads with no files in them are rejected with 400 Bad Request instead of 500 Internal Server Error, with a more informative error message.
 - Handling of large uploads has been improved. Theoretically this should not cause any breaking changes, but filesystems are black magic and should be viewed with suspicion.
 

{uploadserver-5.1.0 → uploadserver-5.2.0}/README.md

@@ -50,9 +50,7 @@ Now you can upload with basic authentication. For example:
 curl -X POST http://127.0.0.1:8000/upload -F 'files=@basicauth-example.txt' -u hello:world
 ~~~
 
-Uploads without authentication will be rejected. Note that basic authentication credentials can be stolen if sent over plain HTTP, so this option is best used with HTTPS.
-
-The server checks credentials before it handles the body of the request, so this mode of operation is not susceptible to DoS attack mentioned in the previous section.
+All requests without authentication will be rejected. Note that basic authentication credentials can be stolen if sent over plain HTTP, so this option is best used with HTTPS.
 
 ## Basic Authentication (uploads only)
 
@@ -62,7 +60,7 @@ python3 -m uploadserver --basic-auth-upload hello:world
 
 The same as above, but authentication is only required for upload operations.
 
-If both --basic-auth and --basic-auth-upload are specified, first one will be used for downloads and the second one for uploads.
+If both `--basic-auth` and `--basic-auth-upload` are specified, all requests will require one of the two credentials, but only the `--basic-auth-upload` credentials will be able to upload files.
 
 ## Theme Option
 
@@ -118,7 +116,7 @@ Note: This uses a self-signed server certificate which clients such as web brows
 
 ## Breaking Changes in 4.0.0
 
-- By default, uploaded files which have the same name as an existing file are renamed. To restore the previous behavior of overwriting them, pass `--allowreplace`.
+- By default, uploaded files which have the same name as an existing file are renamed. To restore the previous behavior of overwriting them, pass `--allow-replace`.
 - File uploads with no files in them are rejected with 400 Bad Request instead of 500 Internal Server Error, with a more informative error message.
 - Handling of large uploads has been improved. Theoretically this should not cause any breaking changes, but filesystems are black magic and should be viewed with suspicion.
 

{uploadserver-5.1.0 → uploadserver-5.2.0}/setup.py

@@ -5,7 +5,7 @@ with open('README.md', 'r') as fh:
 
 setuptools.setup(
     name='uploadserver',
-    version='5.1.0',
+    version='5.2.0',
     author='Densaugeo',
     author_email='author@example.com',
     description='Python\'s http.server extended to include a file upload page',

{uploadserver-5.1.0 → uploadserver-5.2.0}/uploadserver/__init__.py

@@ -62,7 +62,7 @@ document.getElementsByTagName('form')[0].addEventListener('submit', async e => {
     document.getElementById('status').textContent = (e.loaded === e.total ?
       'Saving…' :
       `${Math.floor(100*e.loaded/e.total)}% ` +
-      `[${e.loaded >> 10} / ${e.total >> 10}KiB]`
+      `[${Math.floor(e.loaded/1024)} / ${Math.floor(e.total/1024)}KiB]`
     )
   }
   
@@ -191,15 +191,31 @@ def check_http_authentication(handler):
     It validates Authorization header and sends back 401 response on failure.
     It returns False if this happens.
     """
-    if handler.path == '/upload':
-        auth = args.basic_auth or args.basic_auth_upload
+    if not args.basic_auth_upload:
+        # If no auth settings apply, check always passes
+        if not args.basic_auth:
+            return True
+        
+        # If only --basic-auth is supplied, it's used for all requests
+        valid, message = check_http_authentication_header(handler, args.basic_auth)
     else:
-        auth = args.basic_auth
-    
-    # If no auth settings apply, check always passes
-    if not auth: return True
-    
-    valid, message = check_http_authentication_header(handler, auth)
+        # If --basic-auth-upload is supplied, it's always required for /upload
+        if handler.path == '/upload':
+            valid, message = check_http_authentication_header(handler,
+                args.basic_auth_upload)
+        else:
+            # For paths outside /upload, no auth is required when --basic-auth
+            # is not supplied
+            if not args.basic_auth:
+                return True
+            
+            # For paths outise /upload, if both auths are supplied both are
+            # accepted
+            else:
+                valid, message = check_http_authentication_header(handler, args.basic_auth)
+                
+                if not valid:
+                    valid, message = check_http_authentication_header(handler, args.basic_auth_upload)
     
     if not valid:
         handler.log_message(f'Request rejected ({message})')
@@ -421,8 +437,4 @@ def main():
     args = parser.parse_args()
     if not hasattr(args, 'directory'): args.directory = os.getcwd()
     
-    if args.basic_auth and args.basic_auth_upload:
-        print('Cannot set both --basic--auth and --basic-auth-upload')
-        sys.exit(6)
-    
     serve_forever()

{uploadserver-5.1.0 → uploadserver-5.2.0/uploadserver.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: uploadserver
-Version: 5.1.0
+Version: 5.2.0
 Summary: Python's http.server extended to include a file upload page
 Home-page: https://github.com/Densaugeo/uploadserver
 Author: Densaugeo
@@ -64,9 +64,7 @@ Now you can upload with basic authentication. For example:
 curl -X POST http://127.0.0.1:8000/upload -F 'files=@basicauth-example.txt' -u hello:world
 ~~~
 
-Uploads without authentication will be rejected. Note that basic authentication credentials can be stolen if sent over plain HTTP, so this option is best used with HTTPS.
-
-The server checks credentials before it handles the body of the request, so this mode of operation is not susceptible to DoS attack mentioned in the previous section.
+All requests without authentication will be rejected. Note that basic authentication credentials can be stolen if sent over plain HTTP, so this option is best used with HTTPS.
 
 ## Basic Authentication (uploads only)
 
@@ -76,7 +74,7 @@ python3 -m uploadserver --basic-auth-upload hello:world
 
 The same as above, but authentication is only required for upload operations.
 
-If both --basic-auth and --basic-auth-upload are specified, first one will be used for downloads and the second one for uploads.
+If both `--basic-auth` and `--basic-auth-upload` are specified, all requests will require one of the two credentials, but only the `--basic-auth-upload` credentials will be able to upload files.
 
 ## Theme Option
 
@@ -132,7 +130,7 @@ Note: This uses a self-signed server certificate which clients such as web brows
 
 ## Breaking Changes in 4.0.0
 
-- By default, uploaded files which have the same name as an existing file are renamed. To restore the previous behavior of overwriting them, pass `--allowreplace`.
+- By default, uploaded files which have the same name as an existing file are renamed. To restore the previous behavior of overwriting them, pass `--allow-replace`.
 - File uploads with no files in them are rejected with 400 Bad Request instead of 500 Internal Server Error, with a more informative error message.
 - Handling of large uploads has been improved. Theoretically this should not cause any breaking changes, but filesystems are black magic and should be viewed with suspicion.