from account.decorators import login_required from file.models import File from django.http import FileResponse from django.utils.http import urlquote from folder.models import Folder from .judgement_function import judge_filepath from account.models import get_user from utils.debug import debug_view from utils.http import make_json_response from utils.permission import can_delete from utils.crypto import secure_transport from utils.crypto import get_file_encrypt_cipher, get_padding import base64 # Create your views here. @secure_transport @debug_view(template_name='upload_file.html') @login_required def upload_file(request): data = request.POST user = get_user(request) key = data.get('key', '') if key: file_b64 = data.get('file_b64') if not file_b64: return make_json_response(code=400, error='文件不存在') file_name = data.get('file_name') else: try: file_obj = request.FILES.get('file') except: return make_json_response(code=400, error='文件不存在') file_name = file_obj.name file_type = judge_filepath(file_name.split('.')[-1].lower()) if '.' in file_name else '' father_folder_id = data.get('father_folder_id') try: folder = Folder.objects.get(folder_id=father_folder_id) except: return make_json_response(code=402, error='文件夹不存在') if not folder.check_permission(user=user): return make_json_response(code=404, error='没有上传文件的权限') file = File.objects.create(file_name=file_name, father_folder=folder, file_type=file_type, owner=user, group=folder.group, key=key) try: file_path = file.get_path() with open(file_path, 'wb+') as f: if key: print(key) file.file_type, content_b64 = file_b64.split(',') file.save() file_bytes = base64.b64decode(content_b64) file_bytes += get_padding(file_bytes) enc_file_bytes = get_file_encrypt_cipher(key).encrypt(file_bytes) f.write(enc_file_bytes) else: for chunk in file_obj.chunks(): f.write(chunk) except Exception as e: print(e) file.delete() return make_json_response(code=500, error='文件保存失败') return make_json_response() @secure_transport # @debug_view('file_id') @login_required def download_file(request): user = get_user(request) file_id = request.POST.get('file_id') try: file = File.objects.get(file_id=file_id) except: return make_json_response(code=402, error='文件不存在') if not file.father_folder.check_permission(user=user): return make_json_response(code=404, error='没有下载文件的权限') try: file_path = file.get_path() f = open(file_path, 'rb') except: return make_json_response(code=500, error='文件读取失败') if file.key: try: enc_file_bytes = f.read() file_bytes = get_file_encrypt_cipher(file.key).decrypt(enc_file_bytes) content_b64 = base64.b64encode(file_bytes).decode() file_b64 = f'{file.file_type},{content_b64}' f.close() except Exception as e: print(e) return make_json_response(code=500, error='文件读取失败') return make_json_response(file_b64=file_b64, **file.to_json()) else: file_bytes = f.read() content_b64 = base64.b64encode(file_bytes).decode() file_b64 = f'{file.file_type},{content_b64}' f.close() return make_json_response(file_b64=file_b64, **file.to_json()) # file_name = file.file_name # response = FileResponse(f) # response['Content-Type'] = 'application/octet-stream' # response['Content-Disposition'] = 'attachment;filename={}'.format(urlquote(file_name)) # return response @secure_transport # @debug_view('file_id') @login_required def delete_file(request): data = request.POST user = get_user(request) file_id = data.get('file_id') try: file = File.objects.get(file_id=file_id) except: return make_json_response(code=402, error='文件不存在') if not can_delete(user=user, f=file): return make_json_response(code=404, error='没有删除文件的权限') file.delete() return make_json_response()