Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

fixed file download, added md5 check, and allowed update of same file…

… name
  • Loading branch information...
commit 8354f6709ed6001a68a9b47a21258cd233307f6a 1 parent cb1be85
@bjcohen bjcohen authored
Showing with 14 additions and 7 deletions.
  1. +12 −5 mypi/db.py
  2. +2 −2 mypi/server.py
View
17 mypi/db.py
@@ -2,6 +2,7 @@
from os import getcwd
import logging
from datetime import datetime
+import hashlib
from sqlalchemy import (
create_engine,
@@ -286,9 +287,9 @@ def __eq__(self, other):
class File(Base):
__tablename__ = "file"
__table_args__ = (
- PrimaryKeyConstraint('package', 'version', 'md5_digest'),
+ PrimaryKeyConstraint('package', 'version', 'filename'),
ForeignKeyConstraint(('package', 'version'),
- ('release.package', 'release.version')),
+ ('release.package', 'release.version')),
{}
)
@@ -326,10 +327,16 @@ def upload(self, session, data, filename, fileobj):
file.filetype = data["filetype"]
file.pyversion = data["pyversion"]
file.protcol_version = data["protcol_version"]
- # TODO: verify MD5sum
- file.data = fileobj.read()
- session.add(file)
+ file_data = fileobj.read()
+ file.data = file_data
+ file_digest = hashlib.md5(file_data).hexdigest()
+
+ LOG.debug('MD5: %s' % file_digest)
+ if file.md5_digest != file_digest:
+ raise ValueError("md5 checksum error")
+
+ file = session.merge(file, load=True)
@classmethod
def find(self, session, package, md5):
View
4 mypi/server.py
@@ -55,8 +55,8 @@ def download(package, filename):
from werkzeug.wrappers import Response
resp = Response(file.data)
- resp.headers['Content-Type'] = 'application/octet-stream'
- resp.headers['Content-Disposition'] = 'attachement'
+ resp.headers['Content-Type'] = 'application/x-gzip'
+ resp.headers['Content-Disposition'] = 'attachement; filename="%s"' % filename
return resp
Please sign in to comment.
Something went wrong with that request. Please try again.