uploadserver 5.1.1__tar.gz → 5.2.1__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {uploadserver-5.1.1/uploadserver.egg-info → uploadserver-5.2.1}/PKG-INFO +3 -5
- {uploadserver-5.1.1 → uploadserver-5.2.1}/README.md +2 -4
- {uploadserver-5.1.1 → uploadserver-5.2.1}/setup.py +1 -1
- {uploadserver-5.1.1 → uploadserver-5.2.1}/uploadserver/__init__.py +26 -13
- {uploadserver-5.1.1 → uploadserver-5.2.1/uploadserver.egg-info}/PKG-INFO +3 -5
- {uploadserver-5.1.1 → uploadserver-5.2.1}/LICENSE +0 -0
- {uploadserver-5.1.1 → uploadserver-5.2.1}/setup.cfg +0 -0
- {uploadserver-5.1.1 → uploadserver-5.2.1}/uploadserver/__main__.py +0 -0
- {uploadserver-5.1.1 → uploadserver-5.2.1}/uploadserver/cgi.py +0 -0
- {uploadserver-5.1.1 → uploadserver-5.2.1}/uploadserver.egg-info/SOURCES.txt +0 -0
- {uploadserver-5.1.1 → uploadserver-5.2.1}/uploadserver.egg-info/dependency_links.txt +0 -0
- {uploadserver-5.1.1 → uploadserver-5.2.1}/uploadserver.egg-info/entry_points.txt +0 -0
- {uploadserver-5.1.1 → uploadserver-5.2.1}/uploadserver.egg-info/top_level.txt +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: uploadserver
|
|
3
|
-
Version: 5.
|
|
3
|
+
Version: 5.2.1
|
|
4
4
|
Summary: Python's http.server extended to include a file upload page
|
|
5
5
|
Home-page: https://github.com/Densaugeo/uploadserver
|
|
6
6
|
Author: Densaugeo
|
|
@@ -64,9 +64,7 @@ Now you can upload with basic authentication. For example:
|
|
|
64
64
|
curl -X POST http://127.0.0.1:8000/upload -F 'files=@basicauth-example.txt' -u hello:world
|
|
65
65
|
~~~
|
|
66
66
|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
The server checks credentials before it handles the body of the request, so this mode of operation is not susceptible to DoS attack mentioned in the previous section.
|
|
67
|
+
All requests without authentication will be rejected. Note that basic authentication credentials can be stolen if sent over plain HTTP, so this option is best used with HTTPS.
|
|
70
68
|
|
|
71
69
|
## Basic Authentication (uploads only)
|
|
72
70
|
|
|
@@ -76,7 +74,7 @@ python3 -m uploadserver --basic-auth-upload hello:world
|
|
|
76
74
|
|
|
77
75
|
The same as above, but authentication is only required for upload operations.
|
|
78
76
|
|
|
79
|
-
If both
|
|
77
|
+
If both `--basic-auth` and `--basic-auth-upload` are specified, all requests will require one of the two credentials, but only the `--basic-auth-upload` credentials will be able to upload files.
|
|
80
78
|
|
|
81
79
|
## Theme Option
|
|
82
80
|
|
|
@@ -50,9 +50,7 @@ Now you can upload with basic authentication. For example:
|
|
|
50
50
|
curl -X POST http://127.0.0.1:8000/upload -F 'files=@basicauth-example.txt' -u hello:world
|
|
51
51
|
~~~
|
|
52
52
|
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
The server checks credentials before it handles the body of the request, so this mode of operation is not susceptible to DoS attack mentioned in the previous section.
|
|
53
|
+
All requests without authentication will be rejected. Note that basic authentication credentials can be stolen if sent over plain HTTP, so this option is best used with HTTPS.
|
|
56
54
|
|
|
57
55
|
## Basic Authentication (uploads only)
|
|
58
56
|
|
|
@@ -62,7 +60,7 @@ python3 -m uploadserver --basic-auth-upload hello:world
|
|
|
62
60
|
|
|
63
61
|
The same as above, but authentication is only required for upload operations.
|
|
64
62
|
|
|
65
|
-
If both
|
|
63
|
+
If both `--basic-auth` and `--basic-auth-upload` are specified, all requests will require one of the two credentials, but only the `--basic-auth-upload` credentials will be able to upload files.
|
|
66
64
|
|
|
67
65
|
## Theme Option
|
|
68
66
|
|
|
@@ -82,7 +82,8 @@ def get_directory_head_injection(theme):
|
|
|
82
82
|
''', 'utf-8')
|
|
83
83
|
|
|
84
84
|
DIRECTORY_BODY_INJECTION = b'''<!-- Injected by uploadserver -->
|
|
85
|
-
<a href="upload">File upload</a>
|
|
85
|
+
<a href="/upload">File upload</a>
|
|
86
|
+
(provided by uploadserver, all files go to server root)
|
|
86
87
|
<hr>
|
|
87
88
|
<!-- End injection by uploadserver -->
|
|
88
89
|
'''
|
|
@@ -191,15 +192,31 @@ def check_http_authentication(handler):
|
|
|
191
192
|
It validates Authorization header and sends back 401 response on failure.
|
|
192
193
|
It returns False if this happens.
|
|
193
194
|
"""
|
|
194
|
-
if
|
|
195
|
-
auth
|
|
195
|
+
if not args.basic_auth_upload:
|
|
196
|
+
# If no auth settings apply, check always passes
|
|
197
|
+
if not args.basic_auth:
|
|
198
|
+
return True
|
|
199
|
+
|
|
200
|
+
# If only --basic-auth is supplied, it's used for all requests
|
|
201
|
+
valid, message = check_http_authentication_header(handler, args.basic_auth)
|
|
196
202
|
else:
|
|
197
|
-
auth
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
+
# If --basic-auth-upload is supplied, it's always required for /upload
|
|
204
|
+
if handler.path == '/upload':
|
|
205
|
+
valid, message = check_http_authentication_header(handler,
|
|
206
|
+
args.basic_auth_upload)
|
|
207
|
+
else:
|
|
208
|
+
# For paths outside /upload, no auth is required when --basic-auth
|
|
209
|
+
# is not supplied
|
|
210
|
+
if not args.basic_auth:
|
|
211
|
+
return True
|
|
212
|
+
|
|
213
|
+
# For paths outise /upload, if both auths are supplied both are
|
|
214
|
+
# accepted
|
|
215
|
+
else:
|
|
216
|
+
valid, message = check_http_authentication_header(handler, args.basic_auth)
|
|
217
|
+
|
|
218
|
+
if not valid:
|
|
219
|
+
valid, message = check_http_authentication_header(handler, args.basic_auth_upload)
|
|
203
220
|
|
|
204
221
|
if not valid:
|
|
205
222
|
handler.log_message(f'Request rejected ({message})')
|
|
@@ -421,8 +438,4 @@ def main():
|
|
|
421
438
|
args = parser.parse_args()
|
|
422
439
|
if not hasattr(args, 'directory'): args.directory = os.getcwd()
|
|
423
440
|
|
|
424
|
-
if args.basic_auth and args.basic_auth_upload:
|
|
425
|
-
print('Cannot set both --basic--auth and --basic-auth-upload')
|
|
426
|
-
sys.exit(6)
|
|
427
|
-
|
|
428
441
|
serve_forever()
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: uploadserver
|
|
3
|
-
Version: 5.
|
|
3
|
+
Version: 5.2.1
|
|
4
4
|
Summary: Python's http.server extended to include a file upload page
|
|
5
5
|
Home-page: https://github.com/Densaugeo/uploadserver
|
|
6
6
|
Author: Densaugeo
|
|
@@ -64,9 +64,7 @@ Now you can upload with basic authentication. For example:
|
|
|
64
64
|
curl -X POST http://127.0.0.1:8000/upload -F 'files=@basicauth-example.txt' -u hello:world
|
|
65
65
|
~~~
|
|
66
66
|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
The server checks credentials before it handles the body of the request, so this mode of operation is not susceptible to DoS attack mentioned in the previous section.
|
|
67
|
+
All requests without authentication will be rejected. Note that basic authentication credentials can be stolen if sent over plain HTTP, so this option is best used with HTTPS.
|
|
70
68
|
|
|
71
69
|
## Basic Authentication (uploads only)
|
|
72
70
|
|
|
@@ -76,7 +74,7 @@ python3 -m uploadserver --basic-auth-upload hello:world
|
|
|
76
74
|
|
|
77
75
|
The same as above, but authentication is only required for upload operations.
|
|
78
76
|
|
|
79
|
-
If both
|
|
77
|
+
If both `--basic-auth` and `--basic-auth-upload` are specified, all requests will require one of the two credentials, but only the `--basic-auth-upload` credentials will be able to upload files.
|
|
80
78
|
|
|
81
79
|
## Theme Option
|
|
82
80
|
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|