diff --git a/routes/upload.py b/routes/upload.py index 9a38c44..b5de8a8 100644 --- a/routes/upload.py +++ b/routes/upload.py @@ -1,23 +1,36 @@ -from flask import Blueprint, request, jsonify, session +"""Module to handle the upload process.""" + import os import logging +import re +from flask import Blueprint, request, jsonify, session upload_bp = Blueprint("upload_bp", __name__) +def sanitize_username(username): + """Sanitize the username.""" + return re.sub(r"[^a-zA-Z0-9_\-]", "_", username).lower() + + @upload_bp.route("/upload/", methods=["POST"]) def upload(cdmtype): + """Handle the upload process.""" try: username = session.get("username") if not username: return jsonify({"message": "False", "error": "No username in session"}), 400 + safe_username = sanitize_username(username) + # Validate CDM type if cdmtype not in ["PR", "WV"]: return jsonify({"message": "False", "error": "Invalid CDM type"}), 400 # Set up user directory paths - base_path = os.path.join(os.getcwd(), "configs", "CDMs", username) + base_path = os.path.join( + os.getcwd(), "configs", "CDMs", "users_uploaded", safe_username + ) pr_path = os.path.join(base_path, "PR") wv_path = os.path.join(base_path, "WV") @@ -32,11 +45,13 @@ def upload(cdmtype): # Determine correct save path based on cdmtype filename = uploaded_file.filename - save_path = os.path.join(pr_path if cdmtype == "PR" else wv_path, filename) + assert filename is not None + target_path = pr_path if cdmtype == "PR" else wv_path + save_path = os.path.join(target_path, filename) uploaded_file.save(save_path) return jsonify({"message": "Success", "file_saved_to": save_path}) - except Exception as e: - logging.exception("Upload failed") + except (OSError, IOError, ValueError, AttributeError) as e: + logging.exception("Upload failed: %s", {e}) return jsonify({"message": "False", "error": "Server error"}), 500