|
|
|
@ -31,8 +31,18 @@ def verify_hmac(hexdigest, chat_id, message_ids):
|
|
|
|
|
return True |
|
|
|
|
return False |
|
|
|
|
|
|
|
|
|
# saftea |
|
|
|
|
def string_is_printable_ascii(string): |
|
|
|
|
return not any(True for i in string.encode('ascii') if i < b'!' or i > b'~') |
|
|
|
|
|
|
|
|
|
async def handler(request): |
|
|
|
|
query = request.query |
|
|
|
|
content_type = query.get('Content-Type') |
|
|
|
|
if content_type and not string_is_printable_ascii(content_type): |
|
|
|
|
return web.Response(status=400, text='Content-Type has a blacklisted character') |
|
|
|
|
content_disposition = query.get('Content-Disposition') |
|
|
|
|
if content_disposition and not string_is_printable_ascii(content_disposition): |
|
|
|
|
return web.Response(status=400, text='Content-Disposition has a blacklisted character') |
|
|
|
|
token = query.get('token') |
|
|
|
|
hexdigest = query.get('hmac') |
|
|
|
|
if not token and not hexdigest and (authorized_tokens or hmacs): |
|
|
|
@ -124,9 +134,9 @@ async def handler(request):
|
|
|
|
|
'Content-Length': str(length), |
|
|
|
|
'Accept-Ranges': 'bytes' |
|
|
|
|
} |
|
|
|
|
if content_type := query.get('Content-Type'): |
|
|
|
|
if content_type: |
|
|
|
|
headers['Content-Type'] = content_type |
|
|
|
|
if content_disposition := query.get('Content-Disposition'): |
|
|
|
|
if content_disposition: |
|
|
|
|
headers['Content-Disposition'] = content_disposition |
|
|
|
|
|
|
|
|
|
async def download(): |
|
|
|
|