Improve encrypt command line interface, add progress bar

2019-06-26 16:36:20 +09:00 · 2019-06-26 16:36:20 +09:00 · bf86e740bd
commit bf86e740bd
parent fb2f3bcc2a
3 changed files with 58 additions and 24 deletions
--- a/encrypt.py
+++ b/encrypt.py
@ -1,20 +1,50 @@
 #!/usr/bin/env python3

-import os
-
-from filecrypt import encrypt_file
-
 if __name__ == '__main__':
+    import os
+    import configparser
    import argparse
-    parser = argparse.ArgumentParser()
+
+    from tqdm import tqdm
+
+    from filecrypt import generate_keys, payload_size
+
+    parser = argparse.ArgumentParser(description='Filecrypt secure file download encryption tool.'
+            'Encrypts a file for use with the filecrypt server, and output the generated download link.')
    parser.add_argument('infile')
+    parser.add_argument('-c', '--config', default=None, help='Config file location (default; $XDG_CONFIG_HOME/filecrypt.conf)')
+    parser.add_argument('-b', '--base-url', default=None, help='Base URL for link (also as config option)')
+    parser.add_argument('-q', '--no-progress', action='store_true', help='Hide progress bar')
+    parser.add_argument('-p', '--progress', action='store_true', help='Show progress bar (default, also as config option)')
    args = parser.parse_args()

+    progress = (not args.no_progress) or args.progress
+    config_path = args.config or os.environ.get('XDG_CONFIG_HOME', os.environ.get('HOME') + '/.config') + '/filecrypt.conf'
+    base_url = args.base_url
+    if os.path.isfile(config_path):
+        with open(config_path) as f:
+            config = configparser.ConfigParser(defaults={'url_base': ''})
+            config.read_string('[DEFAULT]\n'+f.read()) # doesn't parse simple key=value file by default m(
+
+            if base_url is None:
+                base_url = config.get('DEFAULT', 'base_url', fallback='').rstrip('/')
+            if not (args.no_progress or args.progress):
+                progress = config.getboolean('DEFAULT', 'progress', fallback=True)
+
    if not os.path.isfile(args.infile):
        print(f'{infile} is not a file or directory, exiting.')
        os.exit(2)

    download_filename = os.path.basename(args.infile)
-    file_id, token = encrypt_file(args.infile, download_filename)
-    print(f'/{file_id}/{token}/{download_filename}')
+
+    file_id, token, encrypt = generate_keys(download_filename)
+    print(f'{base_url}/{file_id}/{token}/{download_filename}')
+
+    if progress:
+        with tqdm(total=payload_size(args.infile), unit='B', unit_scale=True) as pbar:
+            for progress in encrypt(args.infile):
+                pbar.update(progress)
+    else:
+        for _progress in encrypt(args.infile):
+            pass
    
--- a/filecrypt.py
+++ b/filecrypt.py
@ -5,12 +5,13 @@ import struct
 import subprocess
 import binascii
 import os
+from contextlib import contextmanager

 FILE_ID_LENGTH = 22
 TOKEN_LENGTH = 22
 HEADER_LENGTH = 56

-def encrypt_file(filename_in, download_filename, chunk_size=1000000//16):
+def generate_keys(download_filename, chunk_size=1000000//16):
    file_id = secrets.token_urlsafe(16)
    auth_secret = secrets.token_bytes(16)
    key = secrets.token_bytes(16)
@ -19,8 +20,9 @@ def encrypt_file(filename_in, download_filename, chunk_size=1000000//16):
    token_cipher = AES.new(auth_secret, AES.MODE_GCM)
    token_cipher.update(download_filename.encode())
    ciphertext, token_tag = token_cipher.encrypt_and_digest(key)
-    token = base64.b64encode(ciphertext).rstrip(b'=').decode()
+    token = base64.b64encode(ciphertext, b'+-').rstrip(b'=').decode()

+    def encrypt(filename_in):
        with open(f'{file_id}.enc', 'wb') as fout, open(filename_in, 'rb') as fin:
            fout.write(token_cipher.nonce) # 16 bytes
            fout.write(token_tag) # 16 bytes
@ -35,9 +37,10 @@ def encrypt_file(filename_in, download_filename, chunk_size=1000000//16):
            while block:
                data = cipher.encrypt(block)
                fout.write(data)
+                yield len(data)
                block = fin.read(cipher.block_size*chunk_size)

-    return file_id, token
+    return file_id, token, encrypt

 def payload_size(path):
    return os.stat(path).st_size - HEADER_LENGTH
@ -50,7 +53,7 @@ def decrypt_generator(filename, download_filename, token, seek=0, end=None, chun
        data_nonce = fin.read(8)
        assert fin.tell() == HEADER_LENGTH

-    ciphertext = base64.b64decode(token + '='*((3-len(token)%3)%3))
+    ciphertext = base64.b64decode(token + '='*((3-len(token)%3)%3), b'+-')
    token_cipher = AES.new(auth_secret, AES.MODE_GCM, nonce=token_nonce)
    token_cipher.update(download_filename.encode())
    key = token_cipher.decrypt_and_verify(ciphertext, token_tag)
--- a/server.py
+++ b/server.py
@ -8,6 +8,7 @@ from flask import Flask, abort, request, Response
 import filecrypt

 app = Flask(__name__)
+app.config.from_envvar('SECURE_DOWNLOAD_SETTINGS')
 BASE64_RE = re.compile('^[A-Za-z0-9+-_]+=*$')

@app.route('/<file_id>/<token>/<filename>')
@ -17,7 +18,7 @@ def download(file_id, token, filename):
    if not BASE64_RE.match(token) or len(token) != filecrypt.TOKEN_LENGTH:
        abort(400, 'Invalid token format')

-    path = f'{file_id}.enc'
+    path = f'{app.config["SERVE_PATH"]}/{file_id}.enc'
    if not os.path.isfile(path):
        abort(403) # forbidden