Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

fixed file download, added md5 check, and allowed update of same file…

… name
  • Loading branch information...
commit 8354f6709ed6001a68a9b47a21258cd233307f6a 1 parent cb1be85
Ben Cohen bjcohen authored
Showing with 14 additions and 7 deletions.
  1. +12 −5 mypi/db.py
  2. +2 −2 mypi/server.py
17 mypi/db.py
View
@@ -2,6 +2,7 @@
from os import getcwd
import logging
from datetime import datetime
+import hashlib
from sqlalchemy import (
create_engine,
@@ -286,9 +287,9 @@ def __eq__(self, other):
class File(Base):
__tablename__ = "file"
__table_args__ = (
- PrimaryKeyConstraint('package', 'version', 'md5_digest'),
+ PrimaryKeyConstraint('package', 'version', 'filename'),
ForeignKeyConstraint(('package', 'version'),
- ('release.package', 'release.version')),
+ ('release.package', 'release.version')),
{}
)
@@ -326,10 +327,16 @@ def upload(self, session, data, filename, fileobj):
file.filetype = data["filetype"]
file.pyversion = data["pyversion"]
file.protcol_version = data["protcol_version"]
- # TODO: verify MD5sum
- file.data = fileobj.read()
- session.add(file)
+ file_data = fileobj.read()
+ file.data = file_data
+ file_digest = hashlib.md5(file_data).hexdigest()
+
+ LOG.debug('MD5: %s' % file_digest)
+ if file.md5_digest != file_digest:
+ raise ValueError("md5 checksum error")
+
+ file = session.merge(file, load=True)
@classmethod
def find(self, session, package, md5):
4 mypi/server.py
View
@@ -55,8 +55,8 @@ def download(package, filename):
from werkzeug.wrappers import Response
resp = Response(file.data)
- resp.headers['Content-Type'] = 'application/octet-stream'
- resp.headers['Content-Disposition'] = 'attachement'
+ resp.headers['Content-Type'] = 'application/x-gzip'
+ resp.headers['Content-Disposition'] = 'attachement; filename="%s"' % filename
return resp
Please sign in to comment.
Something went wrong with that request. Please try again.