Upload-app is a project mainly written in Python, based on the GPL-3.0 license.
This file is for you to describe the upload-app application. Typically you would include information such as the information below:
Install upload-app using easy_install::
easy_install upload-appMake a config file as follows::
paster make-config upload-app config.iniTweak the config file as appropriate and then setup the application::
paster setup-app config.iniThen you are ready to go. This is a simple uploading application written in Pylons (http://pylonshq.com) which binds to a local linux filesystem with no database backend at all. It uses REMOTE_USER (Http basic authentication supplied by the server) to tell if a user is logged in or not (that is the reason there is no 'Logout' button).
Basically, it is designed to run begind a reverse proxy.
Example configuration for nginx follows:
server {
listen 80;
rewrite /(.*) https://myhost.com/$1 last;
}
server {
listen 443;
server_name toolchain.eu;
client_max_body_size 500M;
rewrite ^/$ /upload/ last;
location /static/ {
internal;
expires 1h;
alias /path/to/upload/directory/;
}
location /upload/login {
auth_pam "Upload";
auth_pam_service_name "nginx";
root /var/www/upload-app/uploadapp/public;
rewrite ^/upload/(.*)$ /$1 break;
# host/port combination where upload-app is running locally
proxy_pass http://127.0.0.1:5000;
proxy_redirect default;
proxy_set_header REMOTE_USER $remote_user;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /upload/ {
root /var/www/upload-app/uploadapp/public;
rewrite ^/upload/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:5000;
proxy_redirect default;
proxy_set_header REMOTE_USER $remote_user;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
ssl on;
ssl_certificate /etc/nginx/host.pem;
ssl_certificate_key /etc/nginx/host.pem;
}
Please note that this uses pam to authenticate users, this is my /etc/pam.d/nginx file:
@include common-auth
common-auth is a directive (or rather a set of pam directives) which comes bundled with debian.
=== Usage === In most situations, upload-app tries to mimic the way a normal filesystems works with permissions, there is a special library routine written for this called 'doas' which spawns a child process that performs user-specific tasks like creating directories, removing files (etc...) which makes sure that filesystem-level permissions will not be ignored. There is also a specific library called lib/fakeuser.py which makes it more simple to handle authenticated user permissions.
Some things are also simulated: If a user is not logged in, the user config['uploadapp.nobody'] is used automatically (see lib/base.py for the implementation). If a directory is not readable by current user (either through user, group or other permission), it will not be listed - same goes with files. If a directory is readable by others, it will be readable by nobody, same goes with writable. Execute permissions does not make much sense unless you are familiar with how a linux filesystem works, the implementation for upload-app might change in the future to reflect this, but for now just use the darn thing.
=== Warning === ONE MAJOR DOWNSIDE with this approach is that the webserver has to run as a user priviliged to setuid to all server users. The easiest way to do this is by running as root, but this is a MAJOR DO AT YOUR OWN RISK. I will not be held responsible for remote code exploits. You have been warned.