#!/bin/python3 ''' Basic file server with password-protected upload. Copyright (C) 2025 Swirly "Stoner" Curly This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, see . this is a basic file server. it has an upload point protected by a key. this password must be generated by installing the pip package argon2-cffi, opening a new python shell (just `python` or `python3`), and typing the following: import argon2 with open("./key", "w") as f: f.write(argon2.PasswordHasher().hash("[YOUR KEY HERE]")) you must also create an upload.html. at the very minimum, it must have this code in if you wish to have a web gui to upload with: if upload.html is blank, you can still make a POST request with any other application. you must also create a home.html. it may contain anything, or even be blank! it's just the homepage/root. it will serve files from inside of the files directory relative to the current working directory (where it grabs upload.html and the key file) in short, the directory structure is as follows: --- [file] main.py [file] key [file] home.html [file] upload.html [dir] files \ [file] some_file.png --- if anything bad or confusing arises, contact me! (https://swirly.architectenterprises.net) ''' from http.server import ThreadingHTTPServer, BaseHTTPRequestHandler import os, socket, cgi, gzip, mimetypes, sys import argon2 ph = argon2.PasswordHasher() def get_local_ip(): # please PLEASE someone find an easier way to do this ''' s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s.connect(("1.1.1.1", 80)) ip = s.getsockname()[0] s.close() return ip ''' return "0.0.0.0" def servget(slf, ishead): slf.send_response(200) try: header = mimetypes.types_map[f".{slf.path.split('.')[1]}"] except: header = 'application/octet-binary' slf.send_header('content-type', header) with open(f"./files/{slf.path}", "rb") as f: contents = f.read() try: if "gzip" in self.headers["Accept-Encoding"] and not ishead: contents = gzip.compress(contents, compresslevel=9) slf.send_header("content-encoding", "gzip") slf.send_header("vary", "Accept-Encoding") except: pass slf.send_header('content-length', len(contents)) slf.end_headers() if ishead: slf.wfile.write(bytes("", "utf-8")) else: slf.wfile.write(contents) class FUCK(BaseHTTPRequestHandler): # i cant be assed to think of a funnier name def do_GET(self): if self.path == '/': self.send_response(200) self.send_header('content-type', 'text/html') self.end_headers() with open(f"./home.html", "rb") as f: contents = f.read() self.wfile.write(contents) elif self.path == "/source.py": self.send_response(200) self.send_header('content-type', 'text/plain') self.end_headers() with open(os.path.abspath(os.path.realpath(sys.argv[0])), "rb") as f: contents = f.read() self.wfile.write(contents) elif self.path == '/upload': self.send_response(200) self.send_header('content-type', 'text/html') self.end_headers() with open(f"./upload.html", "rb") as f: contents = f.read() self.wfile.write(contents) else: if os.path.exists(f"./files/{self.path}"): servget(self, False) else: self.send_response(404) # you are a fuck self.send_header('content-type', 'text/plain') self.end_headers() self.wfile.write(bytes("im gonnan kill yuo", "utf-8")) def do_HEAD(self): if self.path == '/': self.send_response(200) self.send_header('content-type', 'text/html') self.end_headers() self.wfile.write(bytes("", "utf-8")) else: if os.path.exists(f"./files/{self.path}"): servget(self, True) else: self.send_response(404) self.send_header('content-type', 'text/plain') self.end_headers() self.wfile.write(bytes("", "utf-8")) def do_POST(self): if self.path == '/upload': content_type, _ = cgi.parse_header(self.headers['content-type']) if content_type == 'multipart/form-data': form_data = cgi.FieldStorage( fp=self.rfile, headers=self.headers, environ={'REQUEST_METHOD': 'POST'} ) if 'file' in form_data and 'key' in form_data: file = form_data['file'] key = form_data['key'] if 'path' in form_data: if form_data['path'].value != "": path = form_data['path'].value else: path = form_data['file'].filename else: path = form_data['file'].filename # validate the key with open('./key', 'r') as f: sjghsj = f.read() print(sjghsj) print(ph.hash(key.value)) try: ph.verify(sjghsj, key.value) # throws exception if wrong, stops entire operation except: self.send_response(200) self.send_header('content-type', 'text/plain') self.end_headers() self.wfile.write(bytes('you will not.', 'utf-8')) print('some motherfucker') return # save the fuck if not os.path.exists(f'./files/{path}'): with open(f'./files/{path}', 'wb') as f: f.write(file.file.read()) else: self.send_response(200) self.send_header('content-type', 'text/plain') self.end_headers() self.wfile.write(bytes('do not overwrite what exists. (that "path" thing was halfway necessary this time around, a file with this name exists aready.)', 'utf-8')) print('devious actions') return self.send_response(200) self.send_header('content-type', 'text/plain') self.end_headers() self.wfile.write(bytes(f'File uploaded successfully.\n\nGo to https:///{path} to see it!\n\nMessed up and need to remove it? Contact me!', 'utf-8')) else: self.send_response_only(400) print('someone fucked their shit up') # yeah that someone is me httpd = ThreadingHTTPServer((get_local_ip(), 80), FUCK) httpd.serve_forever() # wishes came true