读取输入文件并在烧瓶中处理它

时间:2016-08-25 07:19:40

标签: python flask

我试图编写一个简单的烧瓶程序,该程序将创建一个网页,在该网页中接收文件(通过上传),然后使用该文件的数据并显示其中的过滤部分在我的网页上,我似乎无法理解如何做到这一点。

这是我用来上传文件的代码,工作正常。

import os
from flask import Flask, request, redirect, url_for
from werkzeug.utils import secure_filename

UPLOAD_FOLDER = 'C:/Users/ohadt/PycharmProjects/logFiles'
ALLOWED_EXTENSIONS = set(['txt', 'pdf', 'png', 'jpg', 'jpeg', 'gif', 'log'])

app = Flask(__name__)
app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER

def allowed_file(filename):
    return '.' in filename and \
           filename.rsplit('.', 1)[1] in ALLOWED_EXTENSIONS

@app.route('/', methods=['GET', 'POST'])
def upload_file():
    if request.method == 'POST':
        # check if the post request has the file part
        if 'file' not in request.files:
            flash('No file part')
            return redirect(request.url)
        file = request.files['file']
        # if user does not select file, browser also
        # submit a empty part without filename
        if file.filename == '':
            flash('No selected file')
            return redirect(request.url)
        if file and allowed_file(file.filename):
            filename = secure_filename(file.filename)
            file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
            return redirect(url_for('read_uploaded_file',
                                    filename=filename))
    return '''
    <!doctype html>
    <title>Upload new File</title>
    <h1>Upload new File</h1>
    <form action="" method=post enctype=multipart/form-data>
      <p><input type=file name=file>
         <input type=submit value=Upload>
    </form>
    '''

然后我尝试编写打开文件并从中读取数据的方法,但我无法知道如何做到这一点,请你帮我理解如何阅读文件内容并呈现过滤版本它在我的网站上? 谢谢!

1 个答案:

答案 0 :(得分:2)

您已将其保存在此处

file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))

只需打开它并在使用任何其他文件时阅读,例如:

@app.route('/read_file', methods=['GET'])
def read_uploaded_file():
    filename = secure_filename(request.args.get('filename'))
    try:
        if filename and allowed_filename(filename):
            with open(os.path.join(app.config['UPLOAD_FOLDER'], filename)) as f:
                return f.read()
    except IOError:
        pass
    return "Unable to read file"

您需要在此处仔细清理用户输入,否则可以使用方法来读取非预期的内容(例如,应用源代码)。最好的是不授予用户读取任意文件的能力 - 例如,当您保存文件时,使用某些令牌将其存储在数据库中,并为用户提供此令牌:

filename = secure_filename(file.filename)
filepath = os.path.join(app.config['UPLOAD_FOLDER'], filename)
file.save(filepath)
token = store_in_db(filepath)
return redirect(url_for('read_uploaded_file',
                                   token=token))

然后在读取文件时接受令牌而不是文件名:

@app.route('/read_file', methods=['GET'])
def read_uploaded_file():
    filepath = get_filepath(request.args.get('token'))
    try:
        if filepath and allowed_filepath(filepath):
            with open(filepath) as f:
                return f.read()
    except IOError:
        pass
    return "Unable to read file"

令牌需要随机,长,不可猜测(例如uuid4) - 否则将有可能轻松读取其他用户文件。或者您需要在数据库中存储文件和用户之间的关系并检查它。最后,您需要控制文件上传的大小,以防止用户上传大文件(app.config['MAX_CONTENT_LENGTH'])并在显示&#34;过滤&#34;时控制您在内存中读取的信息量。文件内容(f.read(max_allowed_size))。

相关问题
最新问题