python-api-server/app.py

import os
import re
import uuid
from flask import Flask, request, jsonify, send_from_directory
import datetime

app = Flask(__name__)
app.config['UPLOAD_DIRECTORY'] = os.environ.get('UPLOAD_DIRECTORY', '/uploads')
app.config['MAX_CONTENT_LENGTH'] = int(os.environ.get('MAX_CONTENT_LENGTH', '5')) * 1024 * 1024  # in MB

VALID_FILENAME_REGEX = r'^[a-zA-Z0-9\-_\.]+$'

AUTH_TOKEN = os.environ.get('AUTH_TOKEN', 'myuploadtoken')

def is_valid_filename(filename):
    return bool(re.match(VALID_FILENAME_REGEX, filename))

@app.route('/health', methods=['GET'])
def health_check():
    return 'OK'

@app.route('/upload', methods=['POST'])
def upload_file():
    if 'file' not in request.files:
        return jsonify({'error': 'No file part in the request'}), 400

    if 'token' not in request.headers:
        return jsonify({'error': 'No token supplied'}), 401

    if request.headers['token'] != AUTH_TOKEN:
        return jsonify({'error': 'Invalid token supplied'}), 401

    file = request.files['file']
    if file.filename == '':
        return jsonify({'error': 'No file selected for upload'}), 400

    if not is_valid_filename(file.filename):
        return jsonify({'error': 'Invalid filename. Only alphanumeric characters, hyphens, underscores, and periods are allowed.'}), 400

    filename = file.filename
    file.save(os.path.join(app.config['UPLOAD_DIRECTORY'], filename))
    return jsonify({'success': 'File \'{}\' successfully uploaded'.format(filename)})

@app.route('/download/<filename>', methods=['GET'])
def download_file(filename):
    try:
        return send_from_directory(app.config['UPLOAD_DIRECTORY'], filename)
    except FileNotFoundError:
        return jsonify({'error': 'File \'{}\' not found'}), 404

@app.route('/delete/<filename>', methods=['DELETE'])
def delete_file(filename):
    if 'token' not in request.headers:
        return jsonify({'error': 'No token supplied'}), 401

    if request.headers['token'] != AUTH_TOKEN:
        return jsonify({'error': 'Invalid token supplied'}), 401

    file_path = os.path.join(app.config['UPLOAD_DIRECTORY'], filename)
    if not os.path.isfile(file_path):
        return jsonify({'error': 'File not found'}), 404

    os.remove(file_path)
    return jsonify({'success': 'File \'{}\' successfully deleted'.format(filename)})

@app.route('/list', methods=['GET'])
def list_files():
    if 'token' not in request.headers:
        return jsonify({'error': 'No token supplied'}), 401

    if request.headers['token'] != AUTH_TOKEN:
        return jsonify({'error': 'Invalid token supplied'}), 401

    files = []
    for filename in os.listdir(app.config['UPLOAD_DIRECTORY']):
        file_path = os.path.join(app.config['UPLOAD_DIRECTORY'], filename)
        if os.path.isfile(file_path):
            stats = os.stat(file_path)
            size = stats.st_size
            last_modified = datetime.datetime.fromtimestamp(stats.st_mtime).strftime('%Y-%m-%d %H:%M:%S')
            files.append({
                'name': filename,
                'size': size,
                'last_modified': last_modified
            })

    return jsonify({'files': files})

if __name__ == '__main__':
    app.run(debug=True, host='0.0.0.0', port=int(os.environ.get('PORT', 5000)))