sxbin/app.py

from flask import Flask, request, jsonify, send_from_directory, render_template, url_for, redirect, send_file, session, make_response, flash, g, Response, current_app
from werkzeug.utils import secure_filename
import shortuuid
import os
from datetime import datetime, timedelta
import zipfile
import sqlite3
import threading
import time
import shutil
from pygments import highlight
from pygments.lexers import get_lexer_by_name, guess_lexer
from pygments.formatters import HtmlFormatter
from pygments.util import ClassNotFound
import json
from flask_login import LoginManager, UserMixin, login_user, login_required, logout_user, current_user, login_remembered
import hashlib
import secrets

app = Flask(__name__)
app.secret_key = 'your_secret_key_here'  # Add this line
UPLOAD_FOLDER = './uploads'
app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
DATABASE = 'data.db'
app.config['REMEMBER_COOKIE_DURATION'] = timedelta(days=30)  # Set cookie to expire after 30 day

if not os.path.exists(UPLOAD_FOLDER):
    os.makedirs(UPLOAD_FOLDER)

# Database setup and helper functions
def get_db():
    db = getattr(g, '_database', None)
    if db is None:
        db = g._database = sqlite3.connect(DATABASE)
    return db

def init_db():
    with app.app_context():
        db = get_db()
        with app.open_resource('schema.sql', mode='r') as f:
            db.cursor().executescript(f.read())
        db.commit()
        print("Database initialized with users and content tables.")

# Call init_db() when the application starts
with app.app_context():
    init_db()

def migrate_db():
    with app.app_context():
        db = get_db()
        cursor = db.cursor()
        
        # Check if is_private column exists
        cursor.execute("PRAGMA table_info(content)")
        columns = [column[1] for column in cursor.fetchall()]
        
        if 'is_private' not in columns:
            print("Adding is_private column to content table")
            cursor.execute("ALTER TABLE content ADD COLUMN is_private INTEGER DEFAULT 0")
            db.commit()

# Call migrate_db() after init_db()
with app.app_context():
    init_db()
    migrate_db()

@app.teardown_appcontext
def close_connection(exception):
    db = getattr(g, '_database', None)
    if db is not None:
        db.close()

# Add this function near the top of your file, after the imports
def get_username(user_id):
    if user_id is None:
        return 'Anonymous'
    db = get_db()
    cursor = db.cursor()
    cursor.execute("SELECT username FROM users WHERE id = ?", (user_id,))
    user = cursor.fetchone()
    return user[0] if user else 'Unknown'

# Add this function to delete old files
def delete_old_files():
    with app.app_context():
        while True:
            db = get_db()
            cursor = db.cursor()
            
            # Delete files older than 30 days
            thirty_days_ago = datetime.now() - timedelta(days=30)
            cursor.execute("SELECT vanity, type, data FROM content WHERE created_at < ?", (thirty_days_ago,))
            old_files = cursor.fetchall()
            
            for vanity, content_type, data in old_files:
                if content_type == 'file':
                    file_path = os.path.join(app.config['UPLOAD_FOLDER'], f'{vanity}_{data}')
                    if os.path.exists(file_path):
                        os.remove(file_path)
                elif content_type == 'folder':
                    folder_path = os.path.join(app.config['UPLOAD_FOLDER'], vanity)
                    if os.path.exists(folder_path):
                        shutil.rmtree(folder_path)
            
            cursor.execute("DELETE FROM content WHERE created_at < ?", (thirty_days_ago,))
            db.commit()
            
            time.sleep(86400)  # Sleep for 24 hours

# Start the cleanup thread
cleanup_thread = threading.Thread(target=delete_old_files)
cleanup_thread.daemon = True
cleanup_thread.start()

login_manager = LoginManager()
login_manager.init_app(app)
login_manager.login_view = 'login'

class User(UserMixin):
    def __init__(self, id, username, password_hash, api_key=None):
        self.id = id
        self.username = username
        self.password_hash = password_hash
        self.api_key = api_key

    @staticmethod
    def hash_password(password):
        return password  # Store passwords in plaintext for simplicity

    @staticmethod
    def verify_password(stored_password, provided_password):
        return stored_password == provided_password

    @staticmethod
    def generate_api_key():
        return secrets.token_urlsafe(32)

@login_manager.user_loader
def load_user(user_id):
    db = get_db()
    cursor = db.cursor()
    cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,))
    user = cursor.fetchone()
    if user:
        # Print debug information
        print(f"User data: {user}")
        # Check if we have all required fields
        if len(user) >= 4:
            return User(user[0], user[1], user[2], user[3])
        else:
            print(f"Incomplete user data for user_id: {user_id}")
            return None
    print(f"No user found for user_id: {user_id}")
    return None

@app.route('/')
def index():
    try:
        if current_user.is_authenticated:
            return render_template('index.html', user=current_user)
    except Exception as e:
        print(f"Error in index route: {str(e)}")
    return render_template('index.html', user=None)

@app.route('/u/<username>')
@app.route('/u/<username>/')
@app.route('/u/<username>/<path:filename>')
def serve_user_page(username, filename=None):
    print(f"Accessing user page: {username}, filename: {filename}")  # Debug print

    # Check if the username exists in the database
    db = get_db()
    cursor = db.cursor()
    cursor.execute("SELECT * FROM users WHERE username = ?", (username,))
    user = cursor.fetchone()
    if not user:
        print(f"User {username} not found")  # Debug print
        return "User not found", 404

    user_folder = os.path.join(app.config['UPLOAD_FOLDER'], username)
    print(f"User folder path: {user_folder}")  # Debug print
    
    if not os.path.exists(user_folder):
        print(f"User folder does not exist for {username}")  # Debug print
        os.makedirs(user_folder)  # Create the folder if it doesn't exist

    current_path = os.path.join(user_folder, filename.rstrip('/') if filename else '')
    if not os.path.exists(current_path):
        return "Folder or file not found", 404

    if os.path.isfile(current_path):
        return send_file(current_path)

    # Check if we should ignore index.html
    ignore_index = session.get(f'ignore_index_{username}', False)

    # Check for index.html
    index_path = os.path.join(current_path, 'index.html')
    if os.path.exists(index_path) and not ignore_index:
        return send_file(index_path)

    # Directory listing
    files = []
    folders = []
    for item in os.listdir(current_path):
        item_path = os.path.join(current_path, item)
        relative_path = os.path.relpath(item_path, user_folder)
        if os.path.isfile(item_path):
            files.append({'name': item, 'path': relative_path})
        else:
            folders.append({'name': item, 'path': relative_path})

    parent_folder = os.path.dirname(filename.rstrip('/')) if filename else None
    current_folder = os.path.basename(current_path)

    # Generate the correct parent folder URL
    parent_url = None
    if parent_folder:
        parent_url = url_for('serve_user_page', username=username, filename=parent_folder)
    elif filename:  # If we're in a subfolder, parent is the root
        parent_url = url_for('serve_user_page', username=username)

    return render_template('user_files_public.html', 
                           username=username, 
                           files=files, 
                           folders=folders, 
                           current_path=filename.rstrip('/') if filename else '',
                           parent_url=parent_url,
                           current_folder=current_folder)

@app.route('/<vanity>', methods=['GET', 'POST'])
@app.route('/<vanity>/<password>', methods=['GET', 'POST'])
@app.route('/<vanity>/download', methods=['GET', 'POST'])
@app.route('/<vanity>/download/<password>', methods=['GET', 'POST'])
@app.route('/<vanity>/raw', methods=['GET', 'POST'])
@app.route('/<vanity>/raw/<password>', methods=['GET', 'POST'])
def redirect_vanity(vanity, password=None):
    app.logger.info(f"Accessing redirect_vanity: vanity={vanity}, password={password}")
    app.logger.info(f"Request path: {request.path}")
    app.logger.info(f"Request method: {request.method}")
    app.logger.info(f"Request URL: {request.url}")
    app.logger.info(f"Request endpoint: {request.endpoint}")
    app.logger.info(f"Request view args: {request.view_args}")
    
    db = get_db()
    cursor = db.cursor()
    
    is_download = 'download' in request.path
    is_raw = 'raw' in request.path
    
    # First, try to find the content with the full vanity (including extension)
    cursor.execute("SELECT content.*, users.username FROM content LEFT JOIN users ON content.user_id = users.id WHERE content.vanity = ?", (vanity,))
    content = cursor.fetchone()
    
    # If not found, try without the extension
    if not content:
        vanity_without_extension = os.path.splitext(vanity)[0]
        cursor.execute("SELECT content.*, users.username FROM content LEFT JOIN users ON content.user_id = users.id WHERE content.vanity LIKE ?", (f"{vanity_without_extension}%",))
        content = cursor.fetchone()
    
    if content:
        content_type, content_data, created_at, user_id, is_private, stored_password, username = content[1], content[2], content[3], content[4], content[5], content[6], content[7]
        app.logger.info(f"Content found: type={content_type}, data={content_data}, is_private={is_private}")
        
        try:
            created_at = datetime.strptime(created_at, '%Y-%m-%d %H:%M:%S.%f')
        except ValueError:
            created_at = datetime.strptime(created_at, '%Y-%m-%d %H:%M:%S')

        if is_private and stored_password:
            if password:
                if password != stored_password:
                    return "Incorrect password", 403
            elif request.method == 'POST':
                entered_password = request.form.get('password')
                if entered_password != stored_password:
                    return render_template('password_prompt.html', vanity=vanity, error="Incorrect password", content_type=content_type)
                password = entered_password  # Set the password for use in raw_url
            else:
                return render_template('password_prompt.html', vanity=vanity, error=None, content_type=content_type)
        
        if content_type == 'url':
            return render_template('og_shorturl.html', long_url=content_data, username=username, created_at=created_at, vanity=vanity, is_private=is_private)
        elif content_type == 'file':
            file_path = os.path.join(app.config['UPLOAD_FOLDER'], content_data)
            if os.path.exists(file_path):
                file_size = os.path.getsize(file_path)
                file_extension = os.path.splitext(content_data)[1].lower()
                is_embeddable = file_extension in ['.jpg', '.jpeg', '.png', '.gif', '.svg', '.pdf']
                file_url = f"{request.scheme}://{request.host}/{vanity}"
                raw_url = f"{file_url}/raw"
                
                if is_private and password:
                    raw_url += f'/{password}'
                
                if is_download:
                    return send_file(file_path, as_attachment=True)
                elif is_raw:
                    return send_file(file_path)
                else:
                    return render_template('file_info.html', 
                                           filename=content_data, 
                                           file_size=file_size, 
                                           username=username, 
                                           created_at=created_at,
                                           is_embeddable=is_embeddable,
                                           file_url=file_url,
                                           raw_url=raw_url,
                                           vanity=vanity,
                                           user_id=user_id,
                                           is_private=is_private,
                                           password=password)
        elif content_type == 'pastebin':
            try:
                lexer = guess_lexer(content_data)
            except ClassNotFound:
                lexer = get_lexer_by_name('text')
            formatter = HtmlFormatter(style='monokai', linenos=True, cssclass="source")
            highlighted_content = highlight(content_data, lexer, formatter)
            css = formatter.get_style_defs('.source')
            return render_template('pastebin.html',
                                   content={'data': content_data, 'user_id': user_id, 'username': username},
                                   highlighted_content=highlighted_content,
                                   css=css,
                                   raw_content=content_data,
                                   created_at=created_at,
                                   vanity=vanity,
                                   is_private=is_private)
    
    app.logger.error(f"Content not found for vanity: {vanity}")
    return "Not found", 404

def render_pastebin(content_data, created_at, user_id, username, vanity, is_private):
    try:
        lexer = guess_lexer(content_data)
        language = lexer.aliases[0]
    except ClassNotFound:
        language = 'text'
        lexer = get_lexer_by_name(language)
    
    formatter = HtmlFormatter(style='monokai', linenos=True, cssclass="source")
    highlighted_code = highlight(content_data, lexer, formatter)
    css = formatter.get_style_defs('.source')
    return render_template('pastebin.html', 
                           content={'data': content_data, 'user_id': user_id, 'username': username or 'Anonymous'},
                           highlighted_content=highlighted_code,
                           css=css, 
                           raw_content=content_data,
                           language=language,
                           created_at=created_at,
                           vanity=vanity,
                           is_private=is_private)

@app.route('/<vanity>/raw', methods=['GET', 'POST'])
@app.route('/<vanity>/raw/<password>', methods=['GET'])
def raw_vanity(vanity, password=None):
    db = get_db()
    cursor = db.cursor()
    cursor.execute("SELECT * FROM content WHERE vanity = ? AND type = 'pastebin'", (vanity,))
    content = cursor.fetchone()
    
    if content:
        content_type, content_data, created_at, user_id, is_private, stored_password = content[1], content[2], content[3], content[4], content[5], content[6]
        
        if is_private and stored_password:
            if password:
                if password != stored_password:
                    return "Incorrect password", 403
            elif request.method == 'POST':
                entered_password = request.form.get('password')
                if entered_password != stored_password:
                    return render_template('password_prompt.html', vanity=vanity, error="Incorrect password", raw=True)
            else:
                return render_template('password_prompt.html', vanity=vanity, error=None, raw=True)
        
        # Remove '/download' from the content_data if present
        content_data = content_data.replace('/download', '')
        
        return content_data, 200, {'Content-Type': 'text/plain; charset=utf-8'}
    return 'Not Found', 404

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']
        remember = 'remember' in request.form
        db = get_db()
        cursor = db.cursor()
        cursor.execute("SELECT * FROM users WHERE username = ?", (username,))
        user = cursor.fetchone()
        if user and User.verify_password(user[2], password):
            user_obj = User(user[0], user[1], user[2], user[3])
            login_user(user_obj, remember=remember)
            return jsonify({'success': True, 'redirect': url_for('user_files', username=username)})
        return jsonify({'success': False, 'error': 'Invalid username or password'})
    return render_template('login.html')

@app.route('/register', methods=['GET', 'POST'])
def register():
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']
        
        if len(password) < 5 or not any(c.isupper() for c in password):
            return jsonify({'success': False, 'error': 'Password does not meet requirements'})
        
        api_key = User.generate_api_key()
        db = get_db()
        cursor = db.cursor()
        cursor.execute("SELECT * FROM users WHERE username = ?", (username,))
        if cursor.fetchone():
            return jsonify({'success': False, 'error': 'Username already exists'})
        hashed_password = User.hash_password(password)
        cursor.execute("INSERT INTO users (username, password_hash, api_key) VALUES (?, ?, ?)",
                       (username, hashed_password, api_key))
        db.commit()
        
        user_folder = os.path.join(app.config['UPLOAD_FOLDER'], username)
        if not os.path.exists(user_folder):
            os.makedirs(user_folder)
        
        return jsonify({'success': True, 'redirect': url_for('login')})
    return render_template('register.html')

@app.route('/logout')
@login_required
def logout():
    logout_user()
    return redirect(url_for('index'))

@app.route('/dash/<username>')
@app.route('/dash/<username>/')
@app.route('/dash/<username>/<path:subpath>')
@login_required
def user_files(username, subpath=''):
    if current_user.username != username:
        return "Unauthorized", 401
    
    user_folder = os.path.join(app.config['UPLOAD_FOLDER'], username)
    current_path = os.path.join(user_folder, subpath.rstrip('/'))
    
    # Create user folder if it doesn't exist
    if not os.path.exists(user_folder):
        os.makedirs(user_folder)
    
    if not os.path.exists(current_path):
        return "Folder not found", 404
    
    if not os.path.isdir(current_path):
        return "Not a directory", 400
    
    items = []
    folders = []
    for item in os.listdir(current_path):
        item_path = os.path.join(current_path, item)
        relative_path = os.path.relpath(item_path, user_folder)
        if os.path.isfile(item_path):
            items.append({'name': item, 'type': 'file', 'path': relative_path})
        else:
            items.append({'name': item, 'type': 'folder', 'path': relative_path})
            folders.append(relative_path)
    
    # Fetch user's uploads (including files, pastebins, and shortened URLs)
    db = get_db()
    cursor = db.cursor()
    cursor.execute("SELECT * FROM content WHERE user_id = ?", (current_user.id,))
    user_uploads = cursor.fetchall()
    
    uploads = []
    for upload in user_uploads:
        vanity, content_type, data, created_at, _, is_private = upload[:6]
        url = f"{request.scheme}://{request.host}/{vanity}"
        uploads.append({
            'type': content_type,
            'vanity': vanity,
            'data': data,
            'created_at': created_at,
            'is_private': is_private,
            'url': url,
            'download_url': f"{url}/download" if content_type == 'file' else None
        })
    
    parent_folder = os.path.dirname(subpath.rstrip('/')) if subpath else None
    current_folder = os.path.basename(current_path)
    
    ignore_index = session.get(f'ignore_index_{username}', False)

    return render_template('user_files.html', 
                           username=username, 
                           items=items, 
                           folders=folders, 
                           uploads=uploads,
                           current_path=subpath.rstrip('/'),
                           parent_folder=parent_folder,
                           current_folder=current_folder,
                           ignore_index=ignore_index)

@app.route('/dash/<username>/toggle_index', methods=['POST'])
@login_required
def toggle_index(username):
    if current_user.username != username:
        return jsonify({"success": False, "error": "Unauthorized"}), 401
    
    current_setting = session.get(f'ignore_index_{username}', False)
    new_setting = not current_setting
    session[f'ignore_index_{username}'] = new_setting
    
    return jsonify({"success": True, "ignore_index": new_setting})

@app.route('/dash/<username>/upload', methods=['POST'])
@login_required
def upload_user_file(username):
    if current_user.username != username:
        return jsonify({"success": False, "error": "Unauthorized"}), 401
    subpath = request.form.get('subpath', '').rstrip('/')
    if 'file' not in request.files:
        return jsonify({"success": False, "error": 'No file part'}), 400
    file = request.files['file']
    if file.filename == '':
        return jsonify({"success": False, "error": 'No selected file'}), 400
    if file:
        filename = secure_filename(file.filename)
        file_path = os.path.join(app.config['UPLOAD_FOLDER'], username, subpath, filename)
        os.makedirs(os.path.dirname(file_path), exist_ok=True)
        
        # Use chunked upload
        chunk_size = 4096  # 4KB chunks
        try:
            with open(file_path, 'wb') as f:
                while True:
                    chunk = file.stream.read(chunk_size)
                    if not chunk:
                        break
                    f.write(chunk)
            
            return jsonify({"success": True, "filename": filename}), 200
        except Exception as e:
            app.logger.error(f"Error uploading file: {str(e)}")
            return jsonify({"success": False, "error": str(e)}), 500
    
    return jsonify({"success": False, "error": "File upload failed"}), 500

@app.route('/dash/<username>/delete/<path:filename>', methods=['POST'])
@login_required
def delete_user_file(username, filename):
    if current_user.username != username:
        return "Unauthorized", 401
    file_path = os.path.join(app.config['UPLOAD_FOLDER'], username, filename)
    try:
        if os.path.exists(file_path):
            if os.path.isfile(file_path):
                os.remove(file_path)
            elif os.path.isdir(file_path):
                shutil.rmtree(file_path)
        return redirect(url_for('user_files', username=username))
    except PermissionError:
        return "Permission denied: Unable to delete the file or folder", 403
    except Exception as e:
        return f"An error occurred: {str(e)}", 500


@app.route('/dash/<username>/delete_folder/<folder_name>', methods=['POST'])
@login_required
def delete_folder(username, folder_name):
    if current_user.username != username:
        return "Unauthorized", 401
    folder_path = os.path.join(app.config['UPLOAD_FOLDER'], username, folder_name)
    if os.path.exists(folder_path):
        shutil.rmtree(folder_path)
    return redirect(url_for('user_files', username=username))

@app.route('/dash/<username>/rename_folder', methods=['POST'])
@login_required
def rename_folder(username):
    if current_user.username != username:
        return "Unauthorized", 401
    old_foldername = request.form['old_foldername']
    new_foldername = secure_filename(request.form['new_foldername'])
    old_path = os.path.join(app.config['UPLOAD_FOLDER'], username, old_foldername)
    new_path = os.path.join(app.config['UPLOAD_FOLDER'], username, new_foldername)
    if os.path.exists(old_path):
        os.rename(old_path, new_path)
    return redirect(url_for('user_files', username=username))

@app.route('/dash/<username>/move_item', methods=['POST'])
@login_required
def move_item(username):
    if current_user.username != username:
        return "Unauthorized", 401
    item_name = request.form['item_name']
    item_type = request.form['item_type']
    destination_folder = request.form['destination_folder']
    source_path = os.path.join(app.config['UPLOAD_FOLDER'], username, item_name)
    dest_path = os.path.join(app.config['UPLOAD_FOLDER'], username, destination_folder, item_name)
    if os.path.exists(source_path):
        shutil.move(source_path, dest_path)
    return redirect(url_for('user_files', username=username))

@app.route('/dash/<username>/copy_item', methods=['POST'])
@login_required
def copy_item(username):
    if current_user.username != username:
        return "Unauthorized", 401
    item_name = request.form['item_name']
    item_type = request.form['item_type']
    destination_folder = request.form['destination_folder']
    source_path = os.path.join(app.config['UPLOAD_FOLDER'], username, item_name)
    dest_path = os.path.join(app.config['UPLOAD_FOLDER'], username, destination_folder, item_name)
    if os.path.exists(source_path):
        if item_type == 'file':
            shutil.copy2(source_path, dest_path)
        else:
            shutil.copytree(source_path, dest_path)
    return redirect(url_for('user_files', username=username))

@app.route('/dash/<username>/edit/<path:filename>', methods=['GET', 'POST'])
@login_required
def edit_file(username, filename):
    if current_user.username != username:
        return "Unauthorized", 401

    file_path = os.path.join(app.config['UPLOAD_FOLDER'], username, filename)
    if not os.path.exists(file_path):
        return "File not found", 404

    if request.method == 'POST':
        content = request.form['content']
        with open(file_path, 'w') as f:
            f.write(content)
        # Get the directory path to redirect back to
        dir_path = os.path.dirname(filename)
        return redirect(url_for('user_files', username=username, subpath=dir_path))

    with open(file_path, 'r') as f:
        content = f.read()

    return render_template('edit_file.html', filename=filename, content=content)

@app.route('/debug/users')
def debug_users():
    db = get_db()
    cursor = db.cursor()
    cursor.execute("SELECT * FROM users")
    users = cursor.fetchall()
    return jsonify(users)

@app.route('/upload/pastebin', methods=['POST'])
def upload_pastebin():
    try:
        print("Received request to upload pastebin")
        data = request.get_json()
        print(f"Received JSON data: {data}")

        if not data or 'content' not in data:
            print("Error: Content is missing from the request")
            return jsonify({'success': False, 'error': 'Content is required'}), 400

        content = data['content']
        password = data.get('password')
        print(f"Content: {content[:50]}...") # Print first 50 characters of content
        print(f"Password received from client: {password}")

        is_private = 1 if password else 0
        print(f"Is private: {is_private}")

        vanity = shortuuid.uuid()[:8]
        print(f"Generated vanity: {vanity}")
        
        user_id = current_user.id if current_user.is_authenticated else "Anonymous"
        print(f"User ID: {user_id}")
        
        db = get_db()
        cursor = db.cursor()
        
        if is_private:
            print(f"Inserting private pastebin into database with password: {password}")
            cursor.execute("INSERT INTO content (vanity, type, data, created_at, user_id, is_private, password) VALUES (?, ?, ?, ?, ?, ?, ?)",
                           (vanity, 'pastebin', content, datetime.now(), user_id, is_private, password))
            print(f"Executed SQL with values: {vanity}, pastebin, {content[:50]}..., {datetime.now()}, {user_id}, {is_private}, {password}")
        else:
            print("Inserting public pastebin into database")
            cursor.execute("INSERT INTO content (vanity, type, data, created_at, user_id, is_private) VALUES (?, ?, ?, ?, ?, ?)",
                           (vanity, 'pastebin', content, datetime.now(), user_id, is_private))
            print(f"Executed SQL with values: {vanity}, pastebin, {content[:50]}..., {datetime.now()}, {user_id}, {is_private}")
        
        db.commit()
        print("Database commit successful")
        
        # Verify the inserted data
        cursor.execute("SELECT * FROM content WHERE vanity = ?", (vanity,))
        inserted_data = cursor.fetchone()
        print(f"Inserted data: {inserted_data}")
        
        short_url = f"{request.scheme}://{request.host}/{vanity}"
        deletion_url = url_for('delete_content', vanity=vanity, _external=True)
        print(f"Generated short URL: {short_url}")
        print(f"Generated deletion URL: {deletion_url}")

        return jsonify({'success': True, 'vanity': vanity, 'url': short_url, 'deletion_url': deletion_url}), 200
    except Exception as e:
        print(f"Exception occurred in upload_pastebin: {str(e)}")
        return jsonify({'success': False, 'error': str(e)}), 500


@app.route('/shorten', methods=['POST'])
def shorten_url():
    try:
        data = request.get_json()
        if not data or 'url' not in data:
            return jsonify({'success': False, 'error': 'URL is required'}), 400

        long_url = data['url']
        password = data.get('password')  # Get the password if provided
        vanity = shortuuid.uuid()[:8]
        
        user_id = current_user.id if current_user.is_authenticated else None
        
        db = get_db()
        cursor = db.cursor()

        is_private = 1 if password else 0

        cursor.execute("""
            INSERT INTO content (vanity, type, data, created_at, user_id, is_private, password) 
            VALUES (?, ?, ?, ?, ?, ?, ?)
        """, (vanity, 'url', long_url, datetime.now(), user_id, is_private, password))
        
        db.commit()
        
        return jsonify({'success': True, 'vanity': vanity}), 200
    except Exception as e:
        print("Exception occurred:", str(e))
        return jsonify({'success': False, 'error': str(e)}), 400

@app.route('/edit/content/<vanity>', methods=['GET', 'POST'])
@login_required
def edit_content(vanity):
    db = get_db()
    cursor = db.cursor()
    cursor.execute("SELECT * FROM content WHERE vanity = ? OR data LIKE ?", (vanity, f"{vanity}%"))
    content = cursor.fetchone()

    if not content or content[4] != current_user.id:
        return jsonify({'success': False, 'error': 'Unauthorized'}), 401

    content_type, content_data = content[1], content[2]

    if request.method == 'POST':
        new_content = request.form.get('content')
        if new_content is not None:
            cursor.execute("UPDATE content SET data = ? WHERE vanity = ?", (new_content, content[0]))
            db.commit()
            return redirect(url_for('redirect_vanity', vanity=content[0]))

    if content_type == 'file':
        file_path = os.path.join(app.config['UPLOAD_FOLDER'], content_data)
        if os.path.exists(file_path):
            with open(file_path, 'r') as file:
                file_content = file.read()
            return render_template('edit_content.html', content=file_content, vanity=content[0], content_type=content_type)
    elif content_type == 'pastebin':
        return render_template('edit_content.html', content=content_data, vanity=content[0], content_type=content_type)

    return jsonify({'success': False, 'error': 'Unsupported content type for editing'}), 400

@app.route('/edit_password/<vanity>', methods=['POST'])
@login_required
def edit_password(vanity):
    db = get_db()
    cursor = db.cursor()
    cursor.execute("SELECT * FROM content WHERE vanity = ?", (vanity,))
    content = cursor.fetchone()

    if not content or content[4] != current_user.id:
        return jsonify({'success': False, 'error': 'Unauthorized'}), 401

    data = request.get_json()
    action = data.get('action')
    if action == 'update':
        new_password = data.get('new_password')
        if not is_valid_password(new_password):
            return jsonify({'success': False, 'error': 'Invalid password'}), 400
        cursor.execute("UPDATE content SET password = ?, is_private = 1 WHERE vanity = ?", (new_password, vanity))
    elif action == 'remove':
        cursor.execute("UPDATE content SET is_private = 0, password = NULL WHERE vanity = ?", (vanity,))
    else:
        return jsonify({'success': False, 'error': 'Invalid action'}), 400

    db.commit()
    return jsonify({'success': True})

@app.route('/delete/content/<vanity>', methods=['POST'])
@login_required
def delete_content(vanity):
    db = get_db()
    cursor = db.cursor()
    cursor.execute("SELECT * FROM content WHERE vanity = ? OR data LIKE ?", (vanity, f"{vanity}%"))
    content = cursor.fetchone()

    if not content or content[4] != current_user.id:
        return jsonify({'success': False, 'error': 'Unauthorized'}), 401

    cursor.execute("DELETE FROM content WHERE vanity = ? OR data LIKE ?", (vanity, f"{vanity}%"))
    db.commit()

    # If it's a file, delete the actual file from the filesystem
    if content[1] == 'file':
        file_path = os.path.join(app.config['UPLOAD_FOLDER'], content[2])
        if os.path.exists(file_path):
            os.remove(file_path)

    return jsonify({'success': True}), 200

@app.route('/<vanity>/info', methods=['GET', 'POST'])
def content_info(vanity):
    db = get_db()
    cursor = db.cursor()
    
    # First, try to find the content with the full vanity (including extension)
    cursor.execute("SELECT content.*, users.username FROM content LEFT JOIN users ON content.user_id = users.id WHERE content.vanity = ?", (vanity,))
    content = cursor.fetchone()
    
    # If not found, try without the extension
    if not content:
        vanity_without_extension = os.path.splitext(vanity)[0]
        cursor.execute("SELECT content.*, users.username FROM content LEFT JOIN users ON content.user_id = users.id WHERE content.vanity LIKE ?", (f"{vanity_without_extension}%",))
        content = cursor.fetchone()
    
    if content:
        content_type, content_data, created_at, user_id, is_private, password, username = content[1], content[2], content[3], content[4], content[5], content[6], content[7]
        
        if is_private and password:
            if request.method == 'POST':
                entered_password = request.form.get('password')
                if entered_password != password:
                    return render_template('password_prompt.html', vanity=vanity, error="Incorrect password")
            else:
                return render_template('password_prompt.html', vanity=vanity, error=None)
        
        file_size = None
        is_media = False
        if content_type == 'file':
            file_path = os.path.join(app.config['UPLOAD_FOLDER'], content_data)
            if os.path.exists(file_path):
                file_size = os.path.getsize(file_path)
                file_extension = os.path.splitext(content_data)[1].lower()
                is_media = file_extension in ['.jpg', '.jpeg', '.png', '.gif', '.mp3', '.wav', '.mp4', '.webm']
        
        info = {
            'type': content_type,
            'vanity': content_data if content_type == 'file' else vanity,
            'data': content_data,
            'created_at': created_at,
            'username': username,
            'file_size': file_size,
            'is_media': is_media,
            'is_private': is_private
        }
        
        return render_template('content_info.html', info=info)
    
    return render_template('404.html'), 404

@app.route('/sharex-config')
@login_required
def generate_sharex_config():
    base_url = request.url_root.replace('http://', 'https://', 1).rstrip('/')
    config = {
        "Version": "13.7.0",
        "Name": "sxbin",
        "DestinationType": "ImageUploader, TextUploader, FileUploader, URLShortener",
        "RequestMethod": "POST",
        "RequestURL": f"{base_url}/api/upload",
        "Headers": {
            "X-API-Key": current_user.api_key
        },
        "Body": "MultipartFormData",
        "FileFormName": "file",
        "TextFormName": "text",
        "URLShortenerFormName": "url",
        "URL": "$json:url$",
        "DeletionURL": "$json:deletion_url$"
    }
    
    response = make_response(json.dumps(config, indent=2))
    response.headers.set('Content-Type', 'application/json')
    response.headers.set('Content-Disposition', 'attachment', filename='sxbin_ShareX.sxcu')
    return response

@app.route('/api/upload', methods=['POST'])
def api_upload():
    api_key = request.headers.get('X-API-Key')
    if not api_key:
        return jsonify({'error': 'API key is missing'}), 401

    db = get_db()
    cursor = db.cursor()
    cursor.execute("SELECT * FROM users WHERE api_key = ?", (api_key,))
    user = cursor.fetchone()

    if not user:
        return jsonify({'error': 'Invalid API key'}), 401

    if 'file' in request.files:
        file = request.files['file']
        if file.filename == '':
            return jsonify({'error': 'No selected file'}), 400
        if file:
            filename = secure_filename(file.filename)
            extension = os.path.splitext(filename)[1].lower()
            
            if extension == '.txt':
                # Handle text files as pastebins
                content = file.read().decode('utf-8')
                vanity = shortuuid.uuid()[:8]
                
                cursor.execute("INSERT INTO content (vanity, type, data, created_at, user_id) VALUES (?, ?, ?, ?, ?)",
                               (vanity, 'pastebin', content, datetime.now(), user[0]))
                db.commit()
                
                url = url_for('redirect_vanity', vanity=vanity, _external=True, _scheme='https')
                delete_url = url_for('delete_content', vanity=vanity, _external=True, _scheme='https')
            else:
                # Handle other file types
                vanity = shortuuid.uuid()[:8]
                new_filename = f"{vanity}{extension}"
                file_path = os.path.join(app.config['UPLOAD_FOLDER'], new_filename)
                file.save(file_path)
                
                cursor.execute("INSERT INTO content (vanity, type, data, created_at, user_id) VALUES (?, ?, ?, ?, ?)",
                               (vanity, 'file', new_filename, datetime.now(), user[0]))
                db.commit()
                
                url = url_for('redirect_vanity', vanity=new_filename, _external=True, _scheme='https')
                delete_url = url_for('delete_content', vanity=new_filename, _external=True, _scheme='https')
            
            return json.dumps({
                'status': 'success',
                'url': url.replace('/download', ''),
                'deletion_url': delete_url,
            })
    elif 'text' in request.form:
        content = request.form['text']
        vanity = shortuuid.uuid()[:8]
        
        cursor.execute("INSERT INTO content (vanity, type, data, created_at, user_id) VALUES (?, ?, ?, ?, ?)",
                       (vanity, 'pastebin', content, datetime.now(), user[0]))
        db.commit()
        
        url = url_for('redirect_vanity', vanity=vanity, _external=True, _scheme='https')
        delete_url = url_for('delete_content', vanity=vanity, _external=True, _scheme='https')
        
        return json.dumps({
            'status': 'success',
            'url': url.replace('/download', ''),
            'deletion_url': delete_url,
        })
    elif 'url' in request.form:
        long_url = request.form['url']
        vanity = shortuuid.uuid()[:8]
        
        cursor.execute("INSERT INTO content (vanity, type, data, created_at, user_id) VALUES (?, ?, ?, ?, ?)",
                       (vanity, 'url', long_url, datetime.now(), user[0]))
        db.commit()
        
        short_url = url_for('redirect_vanity', vanity=vanity, _external=True, _scheme='https')
        delete_url = url_for('delete_content', vanity=vanity, _external=True, _scheme='https')
        
        return json.dumps({
            'status': 'success',
            'url': short_url.replace('/download', ''),
            'deletion_url': delete_url,
        })

    return jsonify({'error': 'No file, text, or URL content provided'}), 400

@app.route('/dash/<username>/create_new_file', methods=['POST'])
@login_required
def create_new_file(username):
    if current_user.username != username:
        return "Unauthorized", 401
    subpath = request.form.get('subpath', '').rstrip('/')
    file_name = request.form['file_name']
    file_path = os.path.join(app.config['UPLOAD_FOLDER'], username, subpath, file_name)
    if not os.path.exists(file_path):
        with open(file_path, 'w') as f:
            f.write('')
        flash(f"File '{file_name}' created successfully.", 'success')
    else:
        flash(f"File '{file_name}' already exists.", 'error')
    return redirect(url_for('user_files', username=username, subpath=subpath))

@app.route('/dash/<username>/get_folders')
@login_required
def get_folders(username):
    if current_user.username != username:
        return jsonify({'error': 'Unauthorized'}), 401
    
    subpath = request.args.get('path', '')
    folder_path = os.path.join(app.config['UPLOAD_FOLDER'], username, subpath)
    
    if not os.path.exists(folder_path):
        return jsonify({'error': 'Folder not found'}), 404
    
    folders = [f for f in os.listdir(folder_path) if os.path.isdir(os.path.join(folder_path, f))]
    return jsonify(folders)

@app.route('/dash/<username>/get_folders_and_files')
@login_required
def get_folders_and_files(username):
    if current_user.username != username:
        return jsonify({'error': 'Unauthorized'}), 401
    
    subpath = request.args.get('path', '')
    folder_path = os.path.join(app.config['UPLOAD_FOLDER'], username, subpath)
    
    if not os.path.exists(folder_path):
        return jsonify({'error': 'Folder not found'}), 404
    
    folders = []
    files = []
    for item in os.listdir(folder_path):
        item_path = os.path.join(folder_path, item)
        if os.path.isdir(item_path):
            folders.append(item)
        else:
            files.append(item)
    
    return jsonify({'folders': folders, 'files': files})

@app.route('/dash/<username>/create_folder', methods=['POST'])
@login_required
def create_folder(username):
    if current_user.username != username:
        return jsonify({'error': 'Unauthorized'}), 401
    
    if request.is_json:
        data = request.get_json()
        folder_name = data.get('folder_name')
        subpath = data.get('subpath', '').rstrip('/')
    else:
        folder_name = request.form.get('folder_name')
        subpath = request.form.get('subpath', '').rstrip('/')
    
    if not folder_name:
        return jsonify({'error': 'Folder name is required'}), 400
    
    folder_path = os.path.join(app.config['UPLOAD_FOLDER'], username, subpath, folder_name)
    
    if os.path.exists(folder_path):
        return jsonify({'error': 'Folder already exists'}), 400
    
    try:
        os.makedirs(folder_path)
        if request.is_json:
            return jsonify({'success': True, 'message': 'Folder created successfully'})
        else:
            flash(f"Folder '{folder_name}' created successfully.", 'success')
            return redirect(url_for('user_files', username=username, subpath=subpath))
    except Exception as e:
        if request.is_json:
            return jsonify({'error': str(e)}), 500
        else:
            flash(f"Error creating folder: {str(e)}", 'error')
            return redirect(url_for('user_files', username=username, subpath=subpath))

@app.route('/dash/<username>/rename', methods=['POST'])
@login_required
def rename_user_file(username):
    if current_user.username != username:
        return "Unauthorized", 401
    
    old_filename = request.form['old_filename']
    new_filename = secure_filename(request.form['new_filename'])
    item_type = request.form['item_type']
    current_path = request.form.get('current_path', '').rstrip('/')
    
    user_folder = os.path.join(app.config['UPLOAD_FOLDER'], username)
    full_current_path = os.path.join(user_folder, current_path)
    
    old_path = os.path.join(full_current_path, old_filename)
    new_path = os.path.join(full_current_path, new_filename)
    
    if not os.path.exists(old_path):
        flash(f"The {item_type} '{old_filename}' does not exist.", 'error')
        return redirect(url_for('user_files', username=username, subpath=current_path))
    
    try:
        os.rename(old_path, new_path)
        flash(f"Successfully renamed {item_type} from '{old_filename}' to '{new_filename}'.", 'success')
    except OSError as e:
        flash(f"Error renaming {item_type}: {str(e)}", 'error')
    
    return redirect(url_for('user_files', username=username, subpath=current_path))

@app.route('/upload/file', methods=['POST'])
def upload_file():
    app.logger.info("Starting upload_file function")
    app.logger.info("Code: if 'file' not in request.files:")
    if 'file' not in request.files:
        app.logger.error("No file part in the request")
        return jsonify({'success': False, 'error': 'No file part'}), 400
    
    app.logger.info("Code: file = request.files['file']")
    file = request.files['file']
    app.logger.info(f"File object: {file}")
    
    app.logger.info("Code: if file.filename == '':")
    if file.filename == '':
        app.logger.error("No selected file")
        return jsonify({'success': False, 'error': 'No selected file'}), 400
    
    app.logger.info("Code: if file:")
    if file:
        try:
            app.logger.info(f"Processing file: {file.filename}")
            
            app.logger.info("Code: filename = secure_filename(file.filename)")
            filename = secure_filename(file.filename)
            app.logger.info(f"Secure filename: {filename}")
            
            app.logger.info("Code: extension = os.path.splitext(filename)[1].lower()")
            extension = os.path.splitext(filename)[1].lower()
            app.logger.info(f"File extension: {extension}")
            
            app.logger.info("Code: vanity = shortuuid.uuid()[:8]")
            vanity = shortuuid.uuid()[:8]
            app.logger.info(f"Generated vanity: {vanity}")
            
            app.logger.info("Code: vanity_with_extension = f'{vanity}{extension}'")
            vanity_with_extension = f"{vanity}{extension}"
            app.logger.info(f"Vanity with extension: {vanity_with_extension}")
            
            app.logger.info("Code: new_filename = vanity_with_extension")
            new_filename = vanity_with_extension
            app.logger.info(f"New filename: {new_filename}")
            
            app.logger.info("Code: file_path = os.path.join(current_app.config['UPLOAD_FOLDER'], new_filename)")
            file_path = os.path.join(current_app.config['UPLOAD_FOLDER'], new_filename)
            app.logger.info(f"File path: {file_path}")
            
            app.logger.info("Code: file.save(file_path)")
            file.save(file_path)
            app.logger.info("File saved successfully")
            
            app.logger.info("Code: user_id = current_user.id if current_user.is_authenticated else None")
            user_id = current_user.id if current_user.is_authenticated else None
            app.logger.info(f"User ID: {user_id}")
            
            app.logger.info("Code: password = request.form.get('password')")
            password = request.form.get('password')
            app.logger.info(f"Password: {'Set' if password else 'Not set'}")
            
            app.logger.info("Code: is_private = 1 if password else 0")
            is_private = 1 if password else 0
            app.logger.info(f"Is private: {is_private}")
            
            app.logger.info("Code: db = get_db()")
            db = get_db()
            app.logger.info("Database connection established")
            
            app.logger.info("Code: cursor = db.cursor()")
            cursor = db.cursor()
            app.logger.info("Database cursor created")
            
            app.logger.info("Inserting file info into database")
            app.logger.info("Code: vanity_for_db = vanity_with_extension")
            vanity_for_db = vanity_with_extension
            app.logger.info(f"Vanity for DB: {vanity_for_db}")
            
            app.logger.info("Code: cursor.execute(...)")
            cursor.execute("INSERT INTO content (vanity, type, data, created_at, user_id, is_private, password) VALUES (?, ?, ?, ?, ?, ?, ?)",
                           (vanity_for_db, 'file', new_filename, datetime.now(), user_id, is_private, password))
            app.logger.info("SQL query executed")
            
            app.logger.info("Code: db.commit()")
            db.commit()
            app.logger.info("Database changes committed")
            
            app.logger.info("Code: scheme = 'https' if request.is_secure else 'http'")
            scheme = 'https' if request.is_secure else 'http'
            app.logger.info(f"Using scheme: {scheme}")
            
            app.logger.info("Generating URLs")
            app.logger.info("Code: short_url = url_for('redirect_vanity', vanity=vanity_with_extension, _external=True, _scheme=scheme)")
            short_url = f"{scheme}://{request.host}/{vanity_with_extension}"
            app.logger.info(f"Generated short URL: {short_url}")
            
            app.logger.info("Code: download_url = short_url + '/download'")
            download_url = f"{short_url}/download"
            app.logger.info(f"Generated download URL: {download_url}")
            
            app.logger.info("Code: deletion_url = url_for('delete_content', vanity=vanity_with_extension, _external=True, _scheme=scheme)")
            deletion_url = url_for('delete_content', vanity=vanity_with_extension, _external=True, _scheme=scheme)
            app.logger.info(f"Generated deletion URL: {deletion_url}")
            
            app.logger.info("Preparing JSON response")
            response_data = {
                'success': True,
                'vanity': vanity_with_extension,
                'url': short_url,
                'download_url': download_url,
                'deletion_url': deletion_url,
                'filename': new_filename
            }
            app.logger.info(f"Response data: {response_data}")
            
            return jsonify(response_data)
        
        except Exception as e:
            app.logger.error(f"Error uploading file: {str(e)}")
            app.logger.exception("Exception traceback:")
            return jsonify({'success': False, 'error': str(e)}), 500

    app.logger.error("Unknown error occurred")
    return jsonify({'success': False, 'error': 'Unknown error occurred'}), 500

# Add this function to validate passwords
def is_valid_password(password):
    banned_passwords = ['info', 'download']
    return password not in banned_passwords

@app.route('/reset_api_key', methods=['POST'])
@login_required
def reset_api_key():
    new_api_key = secrets.token_urlsafe(32)
    db = get_db()
    cursor = db.cursor()
    cursor.execute("UPDATE users SET api_key = ? WHERE id = ?", (new_api_key, current_user.id))
    db.commit()
    return jsonify({'success': True, 'new_api_key': new_api_key})

@app.route('/api/docs')
def api_docs():
    return render_template('api_docs.html')

if __name__ == '__main__':
    # Start the cleanup thread
    cleanup_thread = threading.Thread(target=delete_old_files)
    cleanup_thread.daemon = True
    cleanup_thread.start()

    app.run(host='0.0.0.0', port=7123, debug=True)