require 'digest/sha1'
require 'gettext'
require 'coquelicot'
+require 'coquelicot/configure'
require 'haml_gettext'
module Coquelicot
class Application < Sinatra::Base
set :app_file, __FILE__
- set :upload_password, '0e5f7d398e6f9cd1f6bac5cc823e363aec636495'
- set :default_expire, 60
- set :maximum_expire, 60 * 24 * 30 # 1 month
- set :gone_period, 10080
- set :filename_length, 20
- set :random_pass_length, 16
- set :depot_path, Proc.new { File.join(root, 'files') }
-
- def password_match?(password)
- return TRUE if settings.upload_password.nil?
- (not password.nil?) && Digest::SHA1.hexdigest(password) == settings.upload_password
- end
+ include Coquelicot::Configure
GetText::bindtextdomain('coquelicot')
before do
post '/authenticate' do
pass unless request.xhr?
- unless password_match? params[:upload_password] then
+ unless authenticate(params) then
error 403, "Forbidden"
end
'OK'
end
post '/upload' do
- unless password_match? params[:upload_password] then
+ # if JS is disabled upload_token might be nil
+ params['upload_token'] = JSON.parse(params['upload_token']) unless params['upload_token'].nil?
+ unless authenticate(params) then
error 403
end
if params[:file] then
@error = "No file selected"
return haml(:index)
end
+ if tmpfile.lstat.size == 0 then
+ @error = "#{name} is empty"
+ return haml(:index)
+ end
if params[:expire].nil? or params[:expire].to_i == 0 then
params[:expire] = settings.default_expire
elsif params[:expire].to_i > settings.maximum_expire then
url << request.script_name
"#{url}/"
end
+
+ def auth_method
+ Coquelicot.settings.auth_method
+ end
end
end
end
projects / coquelicot.git / blobdiff