begin rewriting path to resource resolver

this code was getting too messy and scattered, and I realized that Flask
wasn't doing as much as I thought it was here, so now we need more
safety and sanity checks
This commit is contained in:
2021-02-20 17:41:57 -06:00
parent b6aa125b8d
commit 2e0e87fe95
3 changed files with 120 additions and 45 deletions

View File

@@ -19,14 +19,18 @@ bp = Blueprint('pages', __name__, url_prefix='/')
@bp.route('/<path:path>')
def display_page(path):
"""Get the file contents of the requested path and render the file."""
if is_file_path_actually_dir_path(path):
try:
resolved_path = request_path_to_instance_resource(path)
logger.debug("received request for path '%s', resolved to '%s'", path, resolved_path)
except PermissionError:
abort(400)
except IsADirectoryError:
return redirect(f'{path}/', code=301)
except FileNotFoundError:
abort(404)
resolved_path = resolve_page_file(path)
logger.debug("received request for path '%s', resolved to '%s'", path, resolved_path)
try:
with app.open_instance_resource(resolved_path, 'r') as entry_file:
logger.debug("file '%s' found", resolved_path)
parent_navs = generate_parent_navs(path)
mtime = datetime.datetime.fromtimestamp(os.path.getmtime(entry_file.name), get_localzone())
entry = entry_file.read()
@@ -67,6 +71,45 @@ def render(template_name_or_list, **context):
return resp
def request_path_to_instance_resource(path):
"""Turn a request URL path to the full page path.
flask.Flask.open_instance_resource will open a file like /etc/hosts if you tell it to,
which sucks, so we do a lot of work here to make sure we have a valid request to
something inside the pages dir.
"""
# check if the path is allowed
base_dir = os.path.realpath(f'{app.instance_path}/pages/')
resolved_path = os.path.realpath(os.path.join(base_dir, path))
logger.debug("base_dir: %s, constructed resolved_path: %s", base_dir, resolved_path)
# bail if the requested real path isn't inside the base directory
if base_dir != os.path.commonpath((base_dir, resolved_path)):
logger.warning("client tried to request a path '%s' outside of the base_dir!", path)
raise PermissionError
# if this is a file-like requset but actually a directory, redirect the user
if os.path.isdir(resolved_path) and not path.endswith('/'):
logger.info("client requested a path '%s' that is actually a directory", path)
raise IsADirectoryError
# derive the proper markdown file depending on if this is a dir or file
if os.path.isdir(resolved_path):
absolute_resource = os.path.join(resolved_path, 'index.md')
else:
absolute_resource = f'{resolved_path}.md'
logger.info("final path = '%s' for request '%s'", absolute_resource, path)
# does the final file actually exist?
if not os.path.exists(absolute_resource):
logger.warning("requested final path '%s' does not exist!", absolute_resource)
raise FileNotFoundError
# we checked that the file exists via absolute path, but now we need to give the path relative to instance dir
return absolute_resource.replace(f'{app.instance_path}{os.path.sep}', '')
def resolve_page_file(path):
"""Manipulate the request path to find appropriate page file.
@@ -81,22 +124,6 @@ def resolve_page_file(path):
return path
def is_file_path_actually_dir_path(path):
"""Check if requested path which looks like a file is actually a directory.
If, for example, /foo used to be a file (foo.md) which later became a directory,
foo/, this returns True. Useful for when I make my structure more complicated
than it originally was, or if users are just weird.
"""
if not path.endswith('/'):
logger.debug("requested path '%s' looks like a file", path)
if os.path.isdir(f'{app.instance_path}/pages/{path}'):
logger.debug("...and it's actually a dir")
return True
return False
def generate_parent_navs(path):
"""Create a series of paths/links to navigate up from the given path."""
# derive additional path/location stuff based on path