app.py

from flask import Flask, render_template, request, jsonify
import os
import requests
import re
import json

app = Flask(__name__)
API_URL = "https://api-inference.huggingface.co/models/cardiffnlp/twitter-roberta-base-sentiment-latest"
headers = {"Authorization": "Bearer REDACTED"}
startdir = os.path.abspath(os.curdir)

#Render HTML
@app.route('/') 
def render():
    return render_template('index.html')

#Return Sub-Directory Listing
@app.route('/folders', methods=['POST'])
def handle():
    path=request.json
    if(False == is_directory_traversal("data/"+path["path"])):
        return(os.listdir('data'+path["path"]))  
    else:
        return "No, you will not get the directory listing. Please quit harassing my API."

#Return Contents of File
@app.route('/files', methods=['POST'])
def retFile():
    ret=""
    path=request.json
    if(False == is_directory_traversal("data/"+path["file"])):
        with open("data"+path["file"], 'r') as reader:
            ret = reader.read()
        return(ret)
    else:
        return "No, you will not get this file. Please quit harassing my API."

#Evaluate Word Through HF
@app.route('/evaluate', methods=['POST'])
def query():
	value = requests.post(API_URL, headers=headers, json=request.json["word"])
    
	return value.json()

#Send Cached Evaluations
@app.route('/load_cache', methods=['POST'])
def cacheLoad():
    with open("static/cached_quantized-records.json", 'r') as reader:
            ret = reader.read()
    return(ret)

#Directory Traversal Check
def is_directory_traversal(file_name):
    current_directory = os.path.abspath(os.curdir)
    current_directory=current_directory+"/data"
    requested_path = os.path.relpath(file_name, start=current_directory)
    requested_path = os.path.abspath("data/"+requested_path)
    common_prefix = os.path.commonprefix([requested_path, current_directory])
    return common_prefix != current_directory

#Run
if (__name__ == '__main__'):
    app.run(host='0.0.0.0', port="7860")