我试图编写一个简单的烧瓶程序,该程序将创建一个网页,在该网页中接收文件(通过上传),然后使用该文件的数据并显示其中的过滤部分在我的网页上,我似乎无法理解如何做到这一点。
这是我用来上传文件的代码,工作正常。
import os
from flask import Flask, request, redirect, url_for
from werkzeug.utils import secure_filename
UPLOAD_FOLDER = 'C:/Users/ohadt/PycharmProjects/logFiles'
ALLOWED_EXTENSIONS = set(['txt', 'pdf', 'png', 'jpg', 'jpeg', 'gif', 'log'])
app = Flask(__name__)
app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
def allowed_file(filename):
return '.' in filename and \
filename.rsplit('.', 1)[1] in ALLOWED_EXTENSIONS
@app.route('/', methods=['GET', 'POST'])
def upload_file():
if request.method == 'POST':
# check if the post request has the file part
if 'file' not in request.files:
flash('No file part')
return redirect(request.url)
file = request.files['file']
# if user does not select file, browser also
# submit a empty part without filename
if file.filename == '':
flash('No selected file')
return redirect(request.url)
if file and allowed_file(file.filename):
filename = secure_filename(file.filename)
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
return redirect(url_for('read_uploaded_file',
filename=filename))
return '''
<!doctype html>
<title>Upload new File</title>
<h1>Upload new File</h1>
<form action="" method=post enctype=multipart/form-data>
<p><input type=file name=file>
<input type=submit value=Upload>
</form>
'''
然后我尝试编写打开文件并从中读取数据的方法,但我无法知道如何做到这一点,请你帮我理解如何阅读文件内容并呈现过滤版本它在我的网站上? 谢谢!
答案 0 :(得分:2)
您已将其保存在此处
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
只需打开它并在使用任何其他文件时阅读,例如:
@app.route('/read_file', methods=['GET'])
def read_uploaded_file():
filename = secure_filename(request.args.get('filename'))
try:
if filename and allowed_filename(filename):
with open(os.path.join(app.config['UPLOAD_FOLDER'], filename)) as f:
return f.read()
except IOError:
pass
return "Unable to read file"
您需要在此处仔细清理用户输入,否则可以使用方法来读取非预期的内容(例如,应用源代码)。最好的是不授予用户读取任意文件的能力 - 例如,当您保存文件时,使用某些令牌将其存储在数据库中,并为用户提供此令牌:
filename = secure_filename(file.filename)
filepath = os.path.join(app.config['UPLOAD_FOLDER'], filename)
file.save(filepath)
token = store_in_db(filepath)
return redirect(url_for('read_uploaded_file',
token=token))
然后在读取文件时接受令牌而不是文件名:
@app.route('/read_file', methods=['GET'])
def read_uploaded_file():
filepath = get_filepath(request.args.get('token'))
try:
if filepath and allowed_filepath(filepath):
with open(filepath) as f:
return f.read()
except IOError:
pass
return "Unable to read file"
令牌需要随机,长,不可猜测(例如uuid4) - 否则将有可能轻松读取其他用户文件。或者您需要在数据库中存储文件和用户之间的关系并检查它。最后,您需要控制文件上传的大小,以防止用户上传大文件(app.config['MAX_CONTENT_LENGTH']
)并在显示&#34;过滤&#34;时控制您在内存中读取的信息量。文件内容(f.read(max_allowed_size)
)。