crafty-4/app/classes/web/routes/api/servers/server/files.py

import os
import logging
import json
import html
from jsonschema import validate
from jsonschema.exceptions import ValidationError
from app.classes.models.server_permissions import EnumPermissionsServer
from app.classes.shared.helpers import Helpers
from app.classes.shared.file_helpers import FileHelpers
from app.classes.web.base_api_handler import BaseApiHandler

logger = logging.getLogger(__name__)

files_get_schema = {
    "type": "object",
    "properties": {
        "page": {"type": "string", "minLength": 1},
        "path": {"type": "string"},
    },
    "additionalProperties": False,
    "minProperties": 1,
}

files_patch_schema = {
    "type": "object",
    "properties": {
        "path": {"type": "string"},
        "contents": {"type": "string"},
    },
    "additionalProperties": False,
    "minProperties": 1,
}

files_unzip_schema = {
    "type": "object",
    "properties": {
        "folder": {"type": "string"},
    },
    "additionalProperties": False,
    "minProperties": 1,
}

files_create_schema = {
    "type": "object",
    "properties": {
        "parent": {"type": "string"},
        "name": {"type": "string"},
        "directory": {"type": "boolean"},
    },
    "additionalProperties": False,
    "minProperties": 1,
}

files_rename_schema = {
    "type": "object",
    "properties": {
        "path": {"type": "string"},
        "new_name": {"type": "string"},
    },
    "additionalProperties": False,
    "minProperties": 1,
}

file_delete_schema = {
    "type": "object",
    "properties": {
        "filename": {"type": "string", "minLength": 5},
    },
    "additionalProperties": False,
    "minProperties": 1,
}


class ApiServersServerFilesIndexHandler(BaseApiHandler):
    def post(self, server_id: str):
        auth_data = self.authenticate_user()
        if not auth_data:
            return

        if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
            # if the user doesn't have access to the server, return an error
            return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

        if (
            EnumPermissionsServer.FILES
            not in self.controller.server_perms.get_user_id_permissions_list(
                auth_data[4]["user_id"], server_id
            )
            or not EnumPermissionsServer.BACKUP
            in self.controller.server_perms.get_user_id_permissions_list(
                auth_data[4]["user_id"], server_id
            )
        ):
            # if the user doesn't have Files or Backup permission, return an error
            return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

        try:
            data = json.loads(self.request.body)
        except json.decoder.JSONDecodeError as e:
            return self.finish_json(
                400, {"status": "error", "error": "INVALID_JSON", "error_data": str(e)}
            )
        try:
            validate(data, files_get_schema)
        except ValidationError as e:
            return self.finish_json(
                400,
                {
                    "status": "error",
                    "error": "INVALID_JSON_SCHEMA",
                    "error_data": str(e),
                },
            )
        if not Helpers.validate_traversal(
            self.controller.servers.get_server_data_by_id(server_id)["path"],
            data["path"],
        ):
            return self.finish_json(
                400,
                {
                    "status": "error",
                    "error": "TRAVERSAL DETECTED",
                    "error_data": str(e),
                },
            )
        if os.path.isdir(data["path"]):
            # TODO: limit some columns for specific permissions?
            folder = data["path"]
            return_json = {
                "root_path": {
                    "path": folder,
                    "top": data["path"]
                    == self.controller.servers.get_server_data_by_id(server_id)["path"],
                }
            }

            dir_list = []
            unsorted_files = []
            file_list = os.listdir(folder)
            for item in file_list:
                if os.path.isdir(os.path.join(folder, item)):
                    dir_list.append(item)
                else:
                    unsorted_files.append(item)
            file_list = sorted(dir_list, key=str.casefold) + sorted(
                unsorted_files, key=str.casefold
            )
            for raw_filename in file_list:
                filename = html.escape(raw_filename)
                rel = os.path.join(folder, raw_filename)
                dpath = os.path.join(folder, filename)
                if str(dpath) in self.controller.management.get_excluded_backup_dirs(
                    server_id
                ):
                    if os.path.isdir(rel):
                        return_json[filename] = {
                            "path": dpath,
                            "dir": True,
                            "excluded": True,
                        }
                    else:
                        return_json[filename] = {
                            "path": dpath,
                            "dir": False,
                            "excluded": True,
                        }
                else:
                    if os.path.isdir(rel):
                        return_json[filename] = {
                            "path": dpath,
                            "dir": True,
                            "excluded": False,
                        }
                    else:
                        return_json[filename] = {
                            "path": dpath,
                            "dir": False,
                            "excluded": False,
                        }
            self.finish_json(200, {"status": "ok", "data": return_json})
        else:
            try:
                with open(data["path"], encoding="utf-8") as file:
                    file_contents = file.read()
            except UnicodeDecodeError as ex:
                self.finish_json(
                    400,
                    {"status": "error", "error": "DECODE_ERROR", "error_data": str(ex)},
                )
            self.finish_json(200, {"status": "ok", "data": file_contents})

    def delete(self, server_id: str):
        auth_data = self.authenticate_user()
        if not auth_data:
            return

        if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
            # if the user doesn't have access to the server, return an error
            return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

        if (
            EnumPermissionsServer.FILES
            not in self.controller.server_perms.get_user_id_permissions_list(
                auth_data[4]["user_id"], server_id
            )
        ):
            # if the user doesn't have Files permission, return an error
            return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
        try:
            data = json.loads(self.request.body)
        except json.decoder.JSONDecodeError as e:
            return self.finish_json(
                400, {"status": "error", "error": "INVALID_JSON", "error_data": str(e)}
            )
        try:
            validate(data, file_delete_schema)
        except ValidationError as e:
            return self.finish_json(
                400,
                {
                    "status": "error",
                    "error": "INVALID_JSON_SCHEMA",
                    "error_data": str(e),
                },
            )
        if not Helpers.validate_traversal(
            self.controller.servers.get_server_data_by_id(server_id)["path"],
            data["filename"],
        ):
            return self.finish_json(
                400,
                {
                    "status": "error",
                    "error": "TRAVERSAL DETECTED",
                    "error_data": str(e),
                },
            )

        if os.path.isdir(data["filename"]):
            FileHelpers.del_dirs(data["filename"])
        else:
            FileHelpers.del_file(data["filename"])
        return self.finish_json(200, {"status": "ok"})

    def patch(self, server_id: str):
        auth_data = self.authenticate_user()
        if not auth_data:
            return

        if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
            # if the user doesn't have access to the server, return an error
            return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

        if (
            EnumPermissionsServer.FILES
            not in self.controller.server_perms.get_user_id_permissions_list(
                auth_data[4]["user_id"], server_id
            )
        ):
            # if the user doesn't have Files permission, return an error
            return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
        try:
            data = json.loads(self.request.body)
        except json.decoder.JSONDecodeError as e:
            return self.finish_json(
                400, {"status": "error", "error": "INVALID_JSON", "error_data": str(e)}
            )
        try:
            validate(data, files_patch_schema)
        except ValidationError as e:
            return self.finish_json(
                400,
                {
                    "status": "error",
                    "error": "INVALID_JSON_SCHEMA",
                    "error_data": str(e),
                },
            )
        if not Helpers.validate_traversal(
            self.controller.servers.get_server_data_by_id(server_id)["path"],
            data["path"],
        ):
            return self.finish_json(
                400,
                {
                    "status": "error",
                    "error": "TRAVERSAL DETECTED",
                    "error_data": str(e),
                },
            )
        file_path = Helpers.get_os_understandable_path(data["path"])
        file_contents = data["contents"]
        # Open the file in write mode and store the content in file_object
        with open(file_path, "w", encoding="utf-8") as file_object:
            file_object.write(file_contents)
        return self.finish_json(200, {"status": "ok"})

    def put(self, server_id: str):
        auth_data = self.authenticate_user()
        if not auth_data:
            return

        if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
            # if the user doesn't have access to the server, return an error
            return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

        if (
            EnumPermissionsServer.FILES
            not in self.controller.server_perms.get_user_id_permissions_list(
                auth_data[4]["user_id"], server_id
            )
        ):
            # if the user doesn't have Files permission, return an error
            return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
        try:
            data = json.loads(self.request.body)
        except json.decoder.JSONDecodeError as e:
            return self.finish_json(
                400, {"status": "error", "error": "INVALID_JSON", "error_data": str(e)}
            )
        try:
            validate(data, files_create_schema)
        except ValidationError as e:
            return self.finish_json(
                400,
                {
                    "status": "error",
                    "error": "INVALID_JSON_SCHEMA",
                    "error_data": str(e),
                },
            )
        path = os.path.join(data["parent"], data["name"])
        if not Helpers.validate_traversal(
            self.controller.servers.get_server_data_by_id(server_id)["path"],
            path,
        ):
            return self.finish_json(
                400,
                {
                    "status": "error",
                    "error": "TRAVERSAL DETECTED",
                    "error_data": str(e),
                },
            )
        if Helpers.check_path_exists(os.path.abspath(path)):
            return self.finish_json(
                400,
                {
                    "status": "error",
                    "error": "FILE EXISTS",
                    "error_data": str(e),
                },
            )
        if data["directory"]:
            os.mkdir(path)
        else:
            # Create the file by opening it
            with open(path, "w", encoding="utf-8") as file_object:
                file_object.close()
        return self.finish_json(200, {"status": "ok"})


class ApiServersServerFilesCreateHandler(BaseApiHandler):
    def patch(self, server_id: str):
        auth_data = self.authenticate_user()
        if not auth_data:
            return

        if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
            # if the user doesn't have access to the server, return an error
            return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

        if (
            EnumPermissionsServer.FILES
            not in self.controller.server_perms.get_user_id_permissions_list(
                auth_data[4]["user_id"], server_id
            )
        ):
            # if the user doesn't have Files permission, return an error
            return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
        try:
            data = json.loads(self.request.body)
        except json.decoder.JSONDecodeError as e:
            return self.finish_json(
                400, {"status": "error", "error": "INVALID_JSON", "error_data": str(e)}
            )
        try:
            validate(data, files_rename_schema)
        except ValidationError as e:
            return self.finish_json(
                400,
                {
                    "status": "error",
                    "error": "INVALID_JSON_SCHEMA",
                    "error_data": str(e),
                },
            )
        path = data["path"]
        new_item_name = data["new_name"]
        new_item_path = os.path.join(os.path.split(path)[0], new_item_name)
        if not Helpers.validate_traversal(
            self.controller.servers.get_server_data_by_id(server_id)["path"],
            path,
        ) and not Helpers.validate_traversal(
            self.controller.servers.get_server_data_by_id(server_id)["path"],
            new_item_path,
        ):
            return self.finish_json(
                400,
                {
                    "status": "error",
                    "error": "TRAVERSAL DETECTED",
                    "error_data": str(e),
                },
            )
        if Helpers.check_path_exists(os.path.abspath(new_item_path)):
            return self.finish_json(
                400,
                {
                    "status": "error",
                    "error": "FILE EXISTS",
                    "error_data": {},
                },
            )

        os.rename(path, new_item_path)
        return self.finish_json(200, {"status": "ok"})

    def put(self, server_id: str):
        auth_data = self.authenticate_user()
        if not auth_data:
            return

        if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
            # if the user doesn't have access to the server, return an error
            return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

        if (
            EnumPermissionsServer.FILES
            not in self.controller.server_perms.get_user_id_permissions_list(
                auth_data[4]["user_id"], server_id
            )
        ):
            # if the user doesn't have Files permission, return an error
            return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
        try:
            data = json.loads(self.request.body)
        except json.decoder.JSONDecodeError as e:
            return self.finish_json(
                400, {"status": "error", "error": "INVALID_JSON", "error_data": str(e)}
            )
        try:
            validate(data, files_create_schema)
        except ValidationError as e:
            return self.finish_json(
                400,
                {
                    "status": "error",
                    "error": "INVALID_JSON_SCHEMA",
                    "error_data": str(e),
                },
            )
        path = os.path.join(data["parent"], data["name"])
        if not Helpers.validate_traversal(
            self.controller.servers.get_server_data_by_id(server_id)["path"],
            path,
        ):
            return self.finish_json(
                400,
                {
                    "status": "error",
                    "error": "TRAVERSAL DETECTED",
                    "error_data": str(e),
                },
            )
        if Helpers.check_path_exists(os.path.abspath(path)):
            return self.finish_json(
                400,
                {
                    "status": "error",
                    "error": "FILE EXISTS",
                    "error_data": str(e),
                },
            )
        if data["directory"]:
            os.mkdir(path)
        else:
            # Create the file by opening it
            with open(path, "w", encoding="utf-8") as file_object:
                file_object.close()
        return self.finish_json(200, {"status": "ok"})


class ApiServersServerFilesZipHandler(BaseApiHandler):
    def post(self, server_id: str):
        auth_data = self.authenticate_user()
        if not auth_data:
            return

        if server_id not in [str(x["server_id"]) for x in auth_data[0]]:
            # if the user doesn't have access to the server, return an error
            return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

        if (
            EnumPermissionsServer.FILES
            not in self.controller.server_perms.get_user_id_permissions_list(
                auth_data[4]["user_id"], server_id
            )
        ):
            # if the user doesn't have Files permission, return an error
            return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
        try:
            data = json.loads(self.request.body)
        except json.decoder.JSONDecodeError as e:
            return self.finish_json(
                400, {"status": "error", "error": "INVALID_JSON", "error_data": str(e)}
            )
        try:
            validate(data, files_unzip_schema)
        except ValidationError as e:
            return self.finish_json(
                400,
                {
                    "status": "error",
                    "error": "INVALID_JSON_SCHEMA",
                    "error_data": str(e),
                },
            )
        folder = data["folder"]
        user_id = auth_data[4]["user_id"]
        if not Helpers.validate_traversal(
            self.controller.servers.get_server_data_by_id(server_id)["path"],
            folder,
        ):
            return self.finish_json(
                400,
                {
                    "status": "error",
                    "error": "TRAVERSAL DETECTED",
                    "error_data": str(e),
                },
            )
        if Helpers.check_file_exists(folder):
            folder = self.file_helper.unzip_file(folder, user_id)
        else:
            if user_id:
                return self.finish_json(
                    400,
                    {
                        "status": "error",
                        "error": "FILE_DOES_NOT_EXIST",
                        "error_data": str(e),
                    },
                )
        return self.finish_json(200, {"status": "ok"})
Setup backup file trees through API 2023-06-04 14:43:45 -04:00			`import os`
			`import logging`
			`import json`
			`import html`
			`from jsonschema import validate`
			`from jsonschema.exceptions import ValidationError`
			`from app.classes.models.server_permissions import EnumPermissionsServer`
			`from app.classes.shared.helpers import Helpers`
Add delete file 2023-06-05 18:03:06 -04:00			`from app.classes.shared.file_helpers import FileHelpers`
Setup backup file trees through API 2023-06-04 14:43:45 -04:00			`from app.classes.web.base_api_handler import BaseApiHandler`

			`logger = logging.getLogger(__name__)`

			`files_get_schema = {`
			`"type": "object",`
			`"properties": {`
			`"page": {"type": "string", "minLength": 1},`
Add files functions to API v2 2023-09-03 16:15:38 -04:00			`"path": {"type": "string"},`
			`},`
			`"additionalProperties": False,`
			`"minProperties": 1,`
			`}`

			`files_patch_schema = {`
			`"type": "object",`
			`"properties": {`
			`"path": {"type": "string"},`
			`"contents": {"type": "string"},`
			`},`
			`"additionalProperties": False,`
			`"minProperties": 1,`
			`}`

			`files_unzip_schema = {`
			`"type": "object",`
			`"properties": {`
Setup backup file trees through API 2023-06-04 14:43:45 -04:00			`"folder": {"type": "string"},`
			`},`
			`"additionalProperties": False,`
			`"minProperties": 1,`
			`}`

Add files functions to API v2 2023-09-03 16:15:38 -04:00			`files_create_schema = {`
			`"type": "object",`
			`"properties": {`
			`"parent": {"type": "string"},`
			`"name": {"type": "string"},`
			`"directory": {"type": "boolean"},`
			`},`
			`"additionalProperties": False,`
			`"minProperties": 1,`
			`}`

			`files_rename_schema = {`
			`"type": "object",`
			`"properties": {`
			`"path": {"type": "string"},`
			`"new_name": {"type": "string"},`
			`},`
			`"additionalProperties": False,`
			`"minProperties": 1,`
			`}`

Add delete file 2023-06-05 18:03:06 -04:00			`file_delete_schema = {`
			`"type": "object",`
			`"properties": {`
			`"filename": {"type": "string", "minLength": 5},`
			`},`
			`"additionalProperties": False,`
			`"minProperties": 1,`
			`}`

Setup backup file trees through API 2023-06-04 14:43:45 -04:00
Move files request to files API 2023-06-04 20:55:48 -04:00			`class ApiServersServerFilesIndexHandler(BaseApiHandler):`
Setup backup file trees through API 2023-06-04 14:43:45 -04:00			`def post(self, server_id: str):`
			`auth_data = self.authenticate_user()`
			`if not auth_data:`
			`return`

			`if server_id not in [str(x["server_id"]) for x in auth_data[0]]:`
			`# if the user doesn't have access to the server, return an error`
			`return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})`

			`if (`
Add delete file 2023-06-05 18:03:06 -04:00			`EnumPermissionsServer.FILES`
Setup backup file trees through API 2023-06-04 14:43:45 -04:00			`not in self.controller.server_perms.get_user_id_permissions_list(`
			`auth_data[4]["user_id"], server_id`
			`)`
Fix logical issue 2023-06-05 18:20:37 -04:00			`or not EnumPermissionsServer.BACKUP`
Add delete file 2023-06-05 18:03:06 -04:00			`in self.controller.server_perms.get_user_id_permissions_list(`
			`auth_data[4]["user_id"], server_id`
			`)`
Setup backup file trees through API 2023-06-04 14:43:45 -04:00			`):`
Add delete file 2023-06-05 18:03:06 -04:00			`# if the user doesn't have Files or Backup permission, return an error`
Setup backup file trees through API 2023-06-04 14:43:45 -04:00			`return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})`

			`try:`
			`data = json.loads(self.request.body)`
			`except json.decoder.JSONDecodeError as e:`
			`return self.finish_json(`
			`400, {"status": "error", "error": "INVALID_JSON", "error_data": str(e)}`
			`)`
			`try:`
			`validate(data, files_get_schema)`
			`except ValidationError as e:`
			`return self.finish_json(`
			`400,`
			`{`
			`"status": "error",`
			`"error": "INVALID_JSON_SCHEMA",`
			`"error_data": str(e),`
			`},`
			`)`
			`if not Helpers.validate_traversal(`
			`self.controller.servers.get_server_data_by_id(server_id)["path"],`
Add files functions to API v2 2023-09-03 16:15:38 -04:00			`data["path"],`
Setup backup file trees through API 2023-06-04 14:43:45 -04:00			`):`
			`return self.finish_json(`
			`400,`
			`{`
			`"status": "error",`
			`"error": "TRAVERSAL DETECTED",`
			`"error_data": str(e),`
			`},`
			`)`
Add files functions to API v2 2023-09-03 16:15:38 -04:00			`if os.path.isdir(data["path"]):`
			`# TODO: limit some columns for specific permissions?`
			`folder = data["path"]`
			`return_json = {`
			`"root_path": {`
			`"path": folder,`
			`"top": data["path"]`
			`== self.controller.servers.get_server_data_by_id(server_id)["path"],`
			`}`
Setup backup file trees through API 2023-06-04 14:43:45 -04:00			`}`
Add files functions to API v2 2023-09-03 16:15:38 -04:00
			`dir_list = []`
			`unsorted_files = []`
			`file_list = os.listdir(folder)`
			`for item in file_list:`
			`if os.path.isdir(os.path.join(folder, item)):`
			`dir_list.append(item)`
Setup backup file trees through API 2023-06-04 14:43:45 -04:00			`else:`
Add files functions to API v2 2023-09-03 16:15:38 -04:00			`unsorted_files.append(item)`
			`file_list = sorted(dir_list, key=str.casefold) + sorted(`
			`unsorted_files, key=str.casefold`
			`)`
			`for raw_filename in file_list:`
			`filename = html.escape(raw_filename)`
			`rel = os.path.join(folder, raw_filename)`
			`dpath = os.path.join(folder, filename)`
			`if str(dpath) in self.controller.management.get_excluded_backup_dirs(`
			`server_id`
			`):`
			`if os.path.isdir(rel):`
			`return_json[filename] = {`
			`"path": dpath,`
			`"dir": True,`
			`"excluded": True,`
			`}`
			`else:`
			`return_json[filename] = {`
			`"path": dpath,`
			`"dir": False,`
			`"excluded": True,`
			`}`
Setup backup file trees through API 2023-06-04 14:43:45 -04:00			`else:`
Add files functions to API v2 2023-09-03 16:15:38 -04:00			`if os.path.isdir(rel):`
			`return_json[filename] = {`
			`"path": dpath,`
			`"dir": True,`
			`"excluded": False,`
			`}`
			`else:`
			`return_json[filename] = {`
			`"path": dpath,`
			`"dir": False,`
			`"excluded": False,`
			`}`
			`self.finish_json(200, {"status": "ok", "data": return_json})`
			`else:`
			`try:`
			`with open(data["path"], encoding="utf-8") as file:`
			`file_contents = file.read()`
			`except UnicodeDecodeError as ex:`
			`self.finish_json(`
			`400,`
			`{"status": "error", "error": "DECODE_ERROR", "error_data": str(ex)},`
			`)`
			`self.finish_json(200, {"status": "ok", "data": file_contents})`
Add delete file 2023-06-05 18:03:06 -04:00
			`def delete(self, server_id: str):`
			`auth_data = self.authenticate_user()`
			`if not auth_data:`
			`return`

			`if server_id not in [str(x["server_id"]) for x in auth_data[0]]:`
			`# if the user doesn't have access to the server, return an error`
			`return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})`

			`if (`
			`EnumPermissionsServer.FILES`
			`not in self.controller.server_perms.get_user_id_permissions_list(`
			`auth_data[4]["user_id"], server_id`
			`)`
			`):`
			`# if the user doesn't have Files permission, return an error`
			`return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})`
			`try:`
			`data = json.loads(self.request.body)`
			`except json.decoder.JSONDecodeError as e:`
			`return self.finish_json(`
			`400, {"status": "error", "error": "INVALID_JSON", "error_data": str(e)}`
			`)`
			`try:`
			`validate(data, file_delete_schema)`
			`except ValidationError as e:`
			`return self.finish_json(`
			`400,`
			`{`
			`"status": "error",`
			`"error": "INVALID_JSON_SCHEMA",`
			`"error_data": str(e),`
			`},`
			`)`
			`if not Helpers.validate_traversal(`
			`self.controller.servers.get_server_data_by_id(server_id)["path"],`
			`data["filename"],`
			`):`
			`return self.finish_json(`
			`400,`
			`{`
			`"status": "error",`
			`"error": "TRAVERSAL DETECTED",`
			`"error_data": str(e),`
			`},`
			`)`

			`if os.path.isdir(data["filename"]):`
			`FileHelpers.del_dirs(data["filename"])`
			`else:`
			`FileHelpers.del_file(data["filename"])`
			`return self.finish_json(200, {"status": "ok"})`
Add files functions to API v2 2023-09-03 16:15:38 -04:00
			`def patch(self, server_id: str):`
			`auth_data = self.authenticate_user()`
			`if not auth_data:`
			`return`

			`if server_id not in [str(x["server_id"]) for x in auth_data[0]]:`
			`# if the user doesn't have access to the server, return an error`
			`return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})`

			`if (`
			`EnumPermissionsServer.FILES`
			`not in self.controller.server_perms.get_user_id_permissions_list(`
			`auth_data[4]["user_id"], server_id`
			`)`
			`):`
			`# if the user doesn't have Files permission, return an error`
			`return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})`
			`try:`
			`data = json.loads(self.request.body)`
			`except json.decoder.JSONDecodeError as e:`
			`return self.finish_json(`
			`400, {"status": "error", "error": "INVALID_JSON", "error_data": str(e)}`
			`)`
			`try:`
			`validate(data, files_patch_schema)`
			`except ValidationError as e:`
			`return self.finish_json(`
			`400,`
			`{`
			`"status": "error",`
			`"error": "INVALID_JSON_SCHEMA",`
			`"error_data": str(e),`
			`},`
			`)`
			`if not Helpers.validate_traversal(`
			`self.controller.servers.get_server_data_by_id(server_id)["path"],`
			`data["path"],`
			`):`
			`return self.finish_json(`
			`400,`
			`{`
			`"status": "error",`
			`"error": "TRAVERSAL DETECTED",`
			`"error_data": str(e),`
			`},`
			`)`
			`file_path = Helpers.get_os_understandable_path(data["path"])`
			`file_contents = data["contents"]`
			`# Open the file in write mode and store the content in file_object`
			`with open(file_path, "w", encoding="utf-8") as file_object:`
			`file_object.write(file_contents)`
			`return self.finish_json(200, {"status": "ok"})`

			`def put(self, server_id: str):`
			`auth_data = self.authenticate_user()`
			`if not auth_data:`
			`return`

			`if server_id not in [str(x["server_id"]) for x in auth_data[0]]:`
			`# if the user doesn't have access to the server, return an error`
			`return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})`

			`if (`
			`EnumPermissionsServer.FILES`
			`not in self.controller.server_perms.get_user_id_permissions_list(`
			`auth_data[4]["user_id"], server_id`
			`)`
			`):`
			`# if the user doesn't have Files permission, return an error`
			`return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})`
			`try:`
			`data = json.loads(self.request.body)`
			`except json.decoder.JSONDecodeError as e:`
			`return self.finish_json(`
			`400, {"status": "error", "error": "INVALID_JSON", "error_data": str(e)}`
			`)`
			`try:`
			`validate(data, files_create_schema)`
			`except ValidationError as e:`
			`return self.finish_json(`
			`400,`
			`{`
			`"status": "error",`
			`"error": "INVALID_JSON_SCHEMA",`
			`"error_data": str(e),`
			`},`
			`)`
			`path = os.path.join(data["parent"], data["name"])`
			`if not Helpers.validate_traversal(`
			`self.controller.servers.get_server_data_by_id(server_id)["path"],`
			`path,`
			`):`
			`return self.finish_json(`
			`400,`
			`{`
			`"status": "error",`
			`"error": "TRAVERSAL DETECTED",`
			`"error_data": str(e),`
			`},`
			`)`
			`if Helpers.check_path_exists(os.path.abspath(path)):`
			`return self.finish_json(`
			`400,`
			`{`
			`"status": "error",`
			`"error": "FILE EXISTS",`
			`"error_data": str(e),`
			`},`
			`)`
			`if data["directory"]:`
			`os.mkdir(path)`
			`else:`
			`# Create the file by opening it`
			`with open(path, "w", encoding="utf-8") as file_object:`
			`file_object.close()`
			`return self.finish_json(200, {"status": "ok"})`


			`class ApiServersServerFilesCreateHandler(BaseApiHandler):`
			`def patch(self, server_id: str):`
			`auth_data = self.authenticate_user()`
			`if not auth_data:`
			`return`

			`if server_id not in [str(x["server_id"]) for x in auth_data[0]]:`
			`# if the user doesn't have access to the server, return an error`
			`return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})`

			`if (`
			`EnumPermissionsServer.FILES`
			`not in self.controller.server_perms.get_user_id_permissions_list(`
			`auth_data[4]["user_id"], server_id`
			`)`
			`):`
			`# if the user doesn't have Files permission, return an error`
			`return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})`
			`try:`
			`data = json.loads(self.request.body)`
			`except json.decoder.JSONDecodeError as e:`
			`return self.finish_json(`
			`400, {"status": "error", "error": "INVALID_JSON", "error_data": str(e)}`
			`)`
			`try:`
			`validate(data, files_rename_schema)`
			`except ValidationError as e:`
			`return self.finish_json(`
			`400,`
			`{`
			`"status": "error",`
			`"error": "INVALID_JSON_SCHEMA",`
			`"error_data": str(e),`
			`},`
			`)`
			`path = data["path"]`
			`new_item_name = data["new_name"]`
			`new_item_path = os.path.join(os.path.split(path)[0], new_item_name)`
			`if not Helpers.validate_traversal(`
			`self.controller.servers.get_server_data_by_id(server_id)["path"],`
			`path,`
			`) and not Helpers.validate_traversal(`
			`self.controller.servers.get_server_data_by_id(server_id)["path"],`
			`new_item_path,`
			`):`
			`return self.finish_json(`
			`400,`
			`{`
			`"status": "error",`
			`"error": "TRAVERSAL DETECTED",`
			`"error_data": str(e),`
			`},`
			`)`
			`if Helpers.check_path_exists(os.path.abspath(new_item_path)):`
			`return self.finish_json(`
			`400,`
			`{`
			`"status": "error",`
			`"error": "FILE EXISTS",`
			`"error_data": {},`
			`},`
			`)`

			`os.rename(path, new_item_path)`
			`return self.finish_json(200, {"status": "ok"})`

			`def put(self, server_id: str):`
			`auth_data = self.authenticate_user()`
			`if not auth_data:`
			`return`

			`if server_id not in [str(x["server_id"]) for x in auth_data[0]]:`
			`# if the user doesn't have access to the server, return an error`
			`return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})`

			`if (`
			`EnumPermissionsServer.FILES`
			`not in self.controller.server_perms.get_user_id_permissions_list(`
			`auth_data[4]["user_id"], server_id`
			`)`
			`):`
			`# if the user doesn't have Files permission, return an error`
			`return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})`
			`try:`
			`data = json.loads(self.request.body)`
			`except json.decoder.JSONDecodeError as e:`
			`return self.finish_json(`
			`400, {"status": "error", "error": "INVALID_JSON", "error_data": str(e)}`
			`)`
			`try:`
			`validate(data, files_create_schema)`
			`except ValidationError as e:`
			`return self.finish_json(`
			`400,`
			`{`
			`"status": "error",`
			`"error": "INVALID_JSON_SCHEMA",`
			`"error_data": str(e),`
			`},`
			`)`
			`path = os.path.join(data["parent"], data["name"])`
			`if not Helpers.validate_traversal(`
			`self.controller.servers.get_server_data_by_id(server_id)["path"],`
			`path,`
			`):`
			`return self.finish_json(`
			`400,`
			`{`
			`"status": "error",`
			`"error": "TRAVERSAL DETECTED",`
			`"error_data": str(e),`
			`},`
			`)`
			`if Helpers.check_path_exists(os.path.abspath(path)):`
			`return self.finish_json(`
			`400,`
			`{`
			`"status": "error",`
			`"error": "FILE EXISTS",`
			`"error_data": str(e),`
			`},`
			`)`
			`if data["directory"]:`
			`os.mkdir(path)`
			`else:`
			`# Create the file by opening it`
			`with open(path, "w", encoding="utf-8") as file_object:`
			`file_object.close()`
			`return self.finish_json(200, {"status": "ok"})`


			`class ApiServersServerFilesZipHandler(BaseApiHandler):`
			`def post(self, server_id: str):`
			`auth_data = self.authenticate_user()`
			`if not auth_data:`
			`return`

			`if server_id not in [str(x["server_id"]) for x in auth_data[0]]:`
			`# if the user doesn't have access to the server, return an error`
			`return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})`

			`if (`
			`EnumPermissionsServer.FILES`
			`not in self.controller.server_perms.get_user_id_permissions_list(`
			`auth_data[4]["user_id"], server_id`
			`)`
			`):`
			`# if the user doesn't have Files permission, return an error`
			`return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})`
			`try:`
			`data = json.loads(self.request.body)`
			`except json.decoder.JSONDecodeError as e:`
			`return self.finish_json(`
			`400, {"status": "error", "error": "INVALID_JSON", "error_data": str(e)}`
			`)`
			`try:`
			`validate(data, files_unzip_schema)`
			`except ValidationError as e:`
			`return self.finish_json(`
			`400,`
			`{`
			`"status": "error",`
			`"error": "INVALID_JSON_SCHEMA",`
			`"error_data": str(e),`
			`},`
			`)`
			`folder = data["folder"]`
			`user_id = auth_data[4]["user_id"]`
			`if not Helpers.validate_traversal(`
			`self.controller.servers.get_server_data_by_id(server_id)["path"],`
			`folder,`
			`):`
			`return self.finish_json(`
			`400,`
			`{`
			`"status": "error",`
			`"error": "TRAVERSAL DETECTED",`
			`"error_data": str(e),`
			`},`
			`)`
			`if Helpers.check_file_exists(folder):`
			`folder = self.file_helper.unzip_file(folder, user_id)`
			`else:`
			`if user_id:`
			`return self.finish_json(`
			`400,`
			`{`
			`"status": "error",`
			`"error": "FILE_DOES_NOT_EXIST",`
			`"error_data": str(e),`
			`},`
			`)`
			`return self.finish_json(200, {"status": "ok"})`