Browse Source

update submission code

Moritz Warning 1 month ago
parent
commit
85685692fc
2 changed files with 28 additions and 18 deletions
  1. 14 9
      submit-server.py
  2. 14 9
      submit.js

+ 14 - 9
submit-server.py

@@ -22,12 +22,14 @@ cgitb.enable()
 
 # byte size of a single submission
 INBOX_SIZE_BYTES = 1_000_000_000
-# minimum seconds beween submissions 
+
+# minimum seconds between submissions
 SUBMIT_INTERVAL_SEC = 20
 
 
 last_submission = 0
-fn_regex = re.compile(r'^[0-9a-zA-Z_.-]{1,32}$')
+fn_regex = re.compile(r'^[0-9a-zA-Z_.-]{3,64}$')
+
 
 def check_file_name(filename):
     return bool(fn_regex.match(filename))
@@ -35,6 +37,9 @@ def check_file_name(filename):
 def check_text_value(text):
     return len(text) < 64
 
+def check_file_size(data):
+    return len(data) < (10*1000*1000)
+
 def get_total_size(start_path):
     total_size = 0
     for dirpath, dirnames, filenames in os.walk(start_path):
@@ -86,11 +91,11 @@ def store_submission(form):
             file_name = os.path.basename(entry.filename)
             file_data = entry.value
 
-            if not check_file_size(entry.file):
-                return (False, "File too big.")
+            if not check_file_size(file_data):
+                return (False, "File too big: {}".format(file_name))
 
             if not check_file_name(file_name):
-                return (False, "Invalid filename: {}".format(file_name))
+                return (False, "Invalid file name: {}".format(file_name))
 
             files[file_name] = file_data
 
@@ -121,10 +126,10 @@ class MyHandler(http.server.BaseHTTPRequestHandler):
 
     def do_OPTIONS(self):
         self.send_response(200, "ok")
-        self.send_header('Access-Control-Allow-Credentials', 'true')
+        self.send_header('Access-Control-Allow-Credentials', 'false')
         self.send_header('Access-Control-Allow-Origin', '*')
         self.send_header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS')
-        self.send_header("Access-Control-Allow-Headers", "X-Requested-With, Content-type")
+        self.send_header('Access-Control-Allow-Headers', '*')
 
     def do_POST(self, *args, **kwargs):
         #content_len = int(self.headers.get('content-length'))
@@ -150,8 +155,8 @@ class MyHandler(http.server.BaseHTTPRequestHandler):
             self.send_header('Access-Control-Allow-Credentials', 'true')
             self.send_header('Access-Control-Allow-Origin', '*')
             self.send_header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS')
-            self.send_header("Content-type", "text/plain")
-            self.send_header("Content-length", str(len(body)))
+            self.send_header('Content-type', 'text/plain')
+            self.send_header('Content-length', str(len(body)))
             self.end_headers()
 
             self.wfile.write(body)

+ 14 - 9
submit.js

@@ -1,6 +1,6 @@
 
 const remote_url = "//mwarning.de:4223/submit"
-let all_files = []
+let all_files = {}
 let entry_name = ""
 
 
@@ -46,8 +46,8 @@ window.onload = () => {
     const new_file = $('#file_input').files[0]
     $('#file_input').value = ""
 
-    for (let file in all_files) {
-      if (file.name == new_file.name) {
+    for (let name in all_files) {
+      if (name == new_file.name) {
         alert("File already added!")
         return
       }
@@ -57,12 +57,17 @@ window.onload = () => {
       entry_name = new_file.name.split(".")[0]
     } else {
       if (new_file.name.split(".")[0] != entry_name) {
-        alert("File prefixes need to be identical!")
+        alert("File names need to identical before the first dot in the name!")
         return
       }
     }
 
-    all_files.push(new_file)
+    if (!/^[0-9a-zA-Z_.-]{3,32}$/.test(new_file.name)) {
+      alert("File name has invalid characters or is not 3-64 characters long.");
+      return;
+    }
+
+    all_files[new_file.name] = new_file
 
     const p = document.createElement('p')
     p.innerText = new_file.name
@@ -72,7 +77,7 @@ window.onload = () => {
     button.setAttribute("name", new_file.name)
     button.onclick = function (e) {
       const name = e.target.getAttribute("name")
-      all_files.splice(all_files.indexOf(name), 1);
+      delete all_files[name]
       e.target.parentNode.remove()
     }
 
@@ -84,7 +89,7 @@ window.onload = () => {
 
   function clear() {
     entry_name = ""
-    all_files = []
+    all_files = {}
     $("#file_list").innerHTML = ""
   } 
 
@@ -120,8 +125,8 @@ window.onload = () => {
     formData.set('license', $("#license").value)
     formData.set('language', $("#language").value)
 
-    for (let file of all_files) {
-      formData.append("files[]", file)
+    for (let name in all_files) {
+      formData.append("files[]", all_files[name])
     }
 
     request.open("POST", remote_url)