[backend] allow to set multiple backends encrypted or not

Author: EvanBldy

flask_fs/__init__.py

@@ -36,8 +36,6 @@ def init_app(app, *storages):
     app.config.setdefault("FS_PREFIX", None)
     app.config.setdefault("FS_URL", None)
     app.config.setdefault("FS_BACKEND", DEFAULT_BACKEND)
-    app.config.setdefault("FS_AES256_ENCRYPTED", False)
-    app.config.setdefault("FS_AES256_KEY", None)
     app.config.setdefault("FS_IMAGES_OPTIMIZE", False)
     app.config.setdefault("FS_CREATE_STORAGE", False)
 

flask_fs/backends/__init__.py

@@ -1,4 +1,5 @@
 from flask_fs import files
+from flask_fs.crypto import AES256FileEncryptor
 
 __all__ = ["BaseBackend", "DEFAULT_BACKEND"]
 
@@ -18,6 +19,11 @@ def __init__(self, name, config):
         self.name = name
         self.config = config
 
+        if getattr(config, "aes256_encrypted", False):
+            self.encryptor = AES256FileEncryptor(config.aes256_key)
+        else:
+            self.encryptor = None
+
     def exists(self, filename):
         """Test wether a file exists or not given its filename in the storage"""
         raise NotImplementedError("Existance checking is not implemented")

flask_fs/storage.py

@@ -6,7 +6,6 @@
 from werkzeug.utils import secure_filename, cached_property
 from werkzeug.datastructures import FileStorage
 
-from .crypto import AES256FileEncryptor
 from .errors import (
     UnauthorizedFileType,
     FileExists,
@@ -116,10 +115,6 @@ def configure(self, app):
             backend_key, app.config["FS_BACKEND"]
         )
         self.backend_prefix = BACKEND_PREFIX.format(self.backend_name.upper())
-        if app.config.get("FS_AES256_ENCRYPTED", False):
-            self.encryptor = AES256FileEncryptor(app.config["FS_AES256_KEY"])
-        else:
-            self.encryptor = None
         backend_excluded_keys = [
             "".join((self.backend_prefix, k)) for k in BACKEND_EXCLUDED_CONFIG
         ]
@@ -267,8 +262,8 @@ def read(self, filename):
 
         readed_content = self.backend.read(filename)
 
-        if self.encryptor is not None:
-            return self.encryptor.decrypt_entire_file(readed_content)
+        if self.backend.encryptor is not None:
+            return self.backend.encryptor.decrypt_entire_file(readed_content)
         else:
             return readed_content
 
@@ -283,8 +278,10 @@ def read_chunks(self, filename, chunk_size=1024 * 1024):
             raise FileNotFound(filename)
 
         generator = self.backend.read_chunks(filename, chunk_size)
-        if self.encryptor is not None:
-            return self.encryptor.decrypt_file_from_generator(generator)
+        if self.backend.encryptor is not None:
+            return self.backend.encryptor.decrypt_file_from_generator(
+                generator
+            )
         else:
             return generator
 
@@ -316,20 +313,20 @@ def write(self, filename, content, overwrite=False):
         ):
             raise FileExists()
 
-        if self.encryptor is not None:
+        if self.backend.encryptor is not None:
             if hasattr(content, "read") or os.path.isfile(content):
-                encrypted_content_path = self.encryptor.encrypt_file(content)
+                encrypted_content_path = self.backend.encryptor.encrypt_file(
+                    content
+                )
                 try:
                     read_stream = open(encrypted_content_path, "rb")
-                    return self.backend.write(
-                        filename, read_stream
-                    )
+                    return self.backend.write(filename, read_stream)
                 finally:
                     read_stream.close()
                     os.remove(encrypted_content_path)
             else:
                 return self.backend.write(
-                    filename, self.encryptor.encrypt_content(content)
+                    filename, self.backend.encryptor.encrypt_content(content)
                 )
         else:
             return self.backend.write(filename, content)

tests/conftest.py

@@ -3,6 +3,8 @@
 
 from flask import Flask
 from werkzeug.datastructures import FileStorage
+from flask_fs.crypto import AES256FileEncryptor
+
 
 import pytest
 
@@ -23,8 +25,6 @@ class TestConfigEncrypted:
     MONGODB_DB = "flask-fs-test"
     MONGODB_HOST = "localhost"
     MONGODB_PORT = 27017
-    FS_AES256_ENCRYPTED = True
-    FS_AES256_KEY = "jHEyo0GjTZDCUEnCkMcaF-LIxmnOix8b3JH633I7dls="
 
 
 class TestFlask(Flask):
@@ -43,13 +43,6 @@ def app():
     yield app
 
 
-@pytest.fixture
-def app_encrypted():
-    app_encrypted = TestFlask("flaskfs-tests")
-    app_encrypted.config.from_object(TestConfigEncrypted)
-    yield app_encrypted
-
-
 @pytest.fixture
 def binfile():
     return PNG_FILE
@@ -89,11 +82,15 @@ def utils(faker):
 def mock_backend(app, mocker):
     app.config["FS_BACKEND"] = "mock"
     mock = mocker.patch("flask_fs.backends.mock.MockBackend")
+    mock.return_value.encryptor = None
     yield mock
 
 
 @pytest.fixture
-def mock_encrypted_backend(app_encrypted, mocker):
-    app_encrypted.config["FS_BACKEND"] = "mock"
+def mock_encrypted_backend(app, mocker):
+    app.config["FS_BACKEND"] = "mock"
     mock = mocker.patch("flask_fs.backends.mock.MockBackend")
+    mock.return_value.encryptor = AES256FileEncryptor(
+        "jHEyo0GjTZDCUEnCkMcaF-LIxmnOix8b3JH633I7dls="
+    )
     yield mock

tests/test_storage.py

@@ -96,9 +96,9 @@ def test_read(app, mock_backend):
     assert storage.read("file.test") == "content"
 
 
-def test_read_encrypted(app_encrypted, mock_encrypted_backend):
+def test_read_encrypted(app, mock_encrypted_backend):
     storage = fs.Storage("test")
-    app_encrypted.configure(storage)
+    app.configure(storage)
 
     backend = mock_encrypted_backend.return_value
     backend.read.return_value = (
@@ -124,9 +124,9 @@ def test_read_chunks(app, mock_backend):
     assert data == "content"
 
 
-def test_read_chunks_encrypted(app_encrypted, mock_encrypted_backend):
+def test_read_chunks_encrypted(app, mock_encrypted_backend):
     storage = fs.Storage("test")
-    app_encrypted.configure(storage)
+    app.configure(storage)
 
     backend = mock_encrypted_backend.return_value
     backend.read_chunks.return_value = iter(
@@ -171,9 +171,9 @@ def test_write(app, mock_backend):
     backend.write.assert_called_with("file.test", "content")
 
 
-def test_write_encrypted(app_encrypted, mock_encrypted_backend):
+def test_write_encrypted(app, mock_encrypted_backend):
     storage = fs.Storage("test")
-    app_encrypted.configure(storage)
+    app.configure(storage)
 
     backend = mock_encrypted_backend.return_value
     backend.exists.return_value = False
@@ -183,7 +183,7 @@ def test_write_encrypted(app_encrypted, mock_encrypted_backend):
     args = backend.write.call_args.args
     assert args[0] == "file.test"
     assert (
-        storage.encryptor.decrypt_entire_file(args[1])
+        storage.backend.encryptor.decrypt_entire_file(args[1])
         == b"It's an encrypted file."
     )