from flask import ( Flask, render_template, request, redirect, url_for, send_from_directory, send_file, session, flash ) import os, json from werkzeug.utils import secure_filename from datetime import timedelta # ---------- basic config ---------- UPLOAD_ROOT = "uploaded_files" # root folder for *all* users USERS_FILE = "users.json" # simple JSON registry ALLOWED_EXTS = {"pdf", "txt", "mp3", "wav", "ogg"} SECRET = os.getenv("SECRET_KEY", "change‑me") os.makedirs(UPLOAD_ROOT, exist_ok=True) app = Flask(__name__, static_url_path="/static") app.config.update( UPLOAD_ROOT=UPLOAD_ROOT, SECRET_KEY=SECRET, PERMANENT_SESSION_LIFETIME=timedelta(days=30), ) # ---------- helpers ---------- def allowed(filename): return "." in filename and filename.rsplit(".", 1)[1].lower() in ALLOWED_EXTS def user_folder(): folder = os.path.join(UPLOAD_ROOT, session["username"]) os.makedirs(folder, exist_ok=True) return folder def load_users(): if not os.path.exists(USERS_FILE): return [] with open(USERS_FILE) as f: return json.load(f) def save_user(name): users = load_users() if name not in users: users.append(name) with open(USERS_FILE, "w") as f: json.dump(users, f) # ---------- auth ---------- @app.route("/", methods=["GET", "POST"]) def login(): if request.method == "POST": name = request.form.get("username", "").strip() if not name: flash("Pick a name first.") return redirect(url_for("login")) session.permanent = True session["username"] = name save_user(name) return redirect(url_for("dashboard")) return render_template("login.html") @app.get("/logout") def logout(): session.clear() return redirect(url_for("login")) # ---------- main UI ---------- @app.get("/dashboard") def dashboard(): if "username" not in session: return redirect(url_for("login")) files = os.listdir(user_folder()) return render_template("index.html", files=files, user=session["username"]) # ---------- file handlers ---------- @app.post("/upload") def upload_file(): if "username" not in session: return redirect(url_for("login")) for file in request.files.getlist("file"): if file and allowed(file.filename): file.save(os.path.join(user_folder(), secure_filename(file.filename))) return redirect(url_for("dashboard")) @app.get("/view/") def view_file(filename): path = os.path.join(user_folder(), filename) if not os.path.exists(path): return "File not found", 404 mime = { "pdf": "application/pdf", "txt": "text/plain", "mp3": "audio/mpeg", "wav": "audio/wav", "ogg": "audio/ogg", }.get(filename.rsplit(".", 1)[-1].lower(), "application/octet-stream") return send_file(path, mimetype=mime, as_attachment=False) @app.get("/download/") def download_file(filename): return send_from_directory(user_folder(), filename, as_attachment=True) @app.post("/delete/") def delete_file(filename): try: os.remove(os.path.join(user_folder(), filename)) except FileNotFoundError: pass return redirect(url_for("dashboard")) @app.post("/clear") def clear_all(): for f in os.listdir(user_folder()): os.remove(os.path.join(user_folder(), f)) return redirect(url_for("dashboard")) @app.route("/api/ping") def ping(): return "pong", 200 # ---------- hf entry ---------- if __name__ == "__main__": app.run(host="0.0.0.0", port=7860)