first

Dockerfile

@@ -0,0 +1,13 @@
+FROM python:3.11
+
+RUN useradd -m -u 1000 user
+USER user
+ENV PATH="/home/user/.local/bin:$PATH"
+
+WORKDIR /app
+
+COPY --chown=user ./requirements.txt requirements.txt
+RUN pip install --no-cache-dir --upgrade -r requirements.txt
+
+COPY --chown=user . /app
+CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]

Readme.md

@@ -0,0 +1,9 @@
+---
+title: Dropbox
+emoji: 💻
+colorFrom: green
+colorTo: gray
+sdk: docker
+pinned: false
+license: apache-2.0
+---

app.py

@@ -0,0 +1,84 @@
+from fastapi import FastAPI, HTTPException, Request
+from fastapi.responses import FileResponse
+from fastapi.staticfiles import StaticFiles
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.middleware.trustedhost import TrustedHostMiddleware
+from pydantic import BaseModel
+import os
+from huggingface_hub import HfApi
+import time
+
+from dotenv import load_dotenv
+
+load_dotenv()
+
+api = HfApi(token=os.getenv("HF_TOKEN"))
+
+PASSWORD = os.getenv("PASSWORD")
+
+app = FastAPI()
+
+repo_url = os.environ["HF_SPACE_ID"].replace("/", "-")
+
+app.add_middleware(
+    TrustedHostMiddleware,
+    allowed_hosts=["localhost", f"{repo_url}.hf.space"]  # Replace with your actual HF space URL
+)
+
+
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=["http://localhost:7860", f"https://{repo_url}.hf.space"],  # Replace with your actual HF space URL
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+# Rate limiting
+class RateLimiter:
+    def __init__(self, max_attempts: int = 5, window_seconds: int = 300):
+        self.max_attempts = max_attempts
+        self.window_seconds = window_seconds
+        self.attempts = {}
+
+    async def check_rate_limit(self, ip: str) -> bool:
+        now = time.time()
+        if ip in self.attempts:
+            attempts = [t for t in self.attempts[ip] if now - t < self.window_seconds]
+            self.attempts[ip] = attempts
+            if len(attempts) >= self.max_attempts:
+                raise HTTPException(
+                    status_code=429,
+                    detail=f"Too many attempts. Try again in {self.window_seconds} seconds"
+                )
+        else:
+            self.attempts[ip] = []
+        self.attempts[ip].append(now)
+        return True
+
+rate_limiter = RateLimiter()
+
+class PasswordCheck(BaseModel):
+    password: str
+
+@app.post("/api/verify-password")
+async def verify_password(password_check: PasswordCheck, request: Request):
+    await rate_limiter.check_rate_limit(request.client.host)
+
+    if password_check.password == PASSWORD:
+        # Return list of available items
+        items = api.list_repo_files(repo_id=os.environ["HF_DATASET_ID"], repo_type="dataset")
+        return sorted(items)
+    raise HTTPException(status_code=401, detail="Invalid password")
+
+@app.get("/api/download/{item_name}")
+async def download_item(item_name: str, request: Request):
+    await rate_limiter.check_rate_limit(request.client.host)
+
+    filepath = api.hf_hub_download(repo_id=os.environ["HF_DATASET_ID"], filename=item_name, repo_type="dataset")
+    return FileResponse(filepath, filename=item_name)
+
+app.mount("/", StaticFiles(directory="static", html=True), name="static")
+
+if __name__ == "__main__":
+    import uvicorn
+    uvicorn.run(app, host="0.0.0.0", port=7860)

requirements.txt

@@ -0,0 +1,5 @@
+uvicorn
+fastapi
+pydantic
+huggingface_hub
+python-dotenv

static/index.html

@@ -0,0 +1,124 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Protected File Download</title>
+    <style>
+        .hidden {
+            display: none;
+        }
+        .container {
+            max-width: 600px;
+            margin: 50px auto;
+            padding: 20px;
+            font-family: Arial, sans-serif;
+        }
+        .error {
+            color: red;
+            margin-top: 10px;
+        }
+        .success {
+            color: green;
+            margin-top: 10px;
+        }
+        button, input, select {
+            margin: 10px 0;
+            padding: 8px;
+            width: 100%;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div id="passwordSection">
+            <h2>Enter Password</h2>
+            <input type="password" id="password" placeholder="Enter password">
+            <button onclick="checkPassword()">Submit</button>
+            <div id="passwordError" class="error hidden"></div>
+        </div>
+
+        <div id="itemSection" class="hidden">
+            <h2>Select Item</h2>
+            <select id="itemSelect">
+                <option value="">Choose an item...</option>
+            </select>
+            <button id="downloadButton" class="hidden" onclick="downloadItem()">Download</button>
+        </div>
+    </div>
+
+    <script>
+        // Add event listener for Enter key
+        document.getElementById('password').addEventListener('keypress', function(event) {
+            if (event.key === 'Enter') {
+                event.preventDefault();
+                checkPassword();
+            }
+        });
+
+        async function checkPassword() {
+            const password = document.getElementById('password').value;
+            // sleep for 2 seconds
+            await new Promise(resolve => setTimeout(resolve, 2000)); 
+            try {
+                const response = await fetch('/api/verify-password', {
+                    method: 'POST',
+                    headers: {
+                        'Content-Type': 'application/json',
+                    },
+                    body: JSON.stringify({ password: password })
+                });
+                
+                if (response.ok) {
+                    const items = await response.json();
+                    showItemSection(items);
+                } else {
+                    document.getElementById('passwordError').textContent = 'Invalid password';
+                    document.getElementById('passwordError').classList.remove('hidden');
+                }
+            } catch (error) {
+                console.error('Error:', error);
+                document.getElementById('passwordError').textContent = 'Error connecting to server';
+                document.getElementById('passwordError').classList.remove('hidden');
+            }
+        }
+
+        function showItemSection(items) {
+            document.getElementById('passwordSection').classList.add('hidden');
+            document.getElementById('itemSection').classList.remove('hidden');
+            
+            const select = document.getElementById('itemSelect');
+            items.forEach(item => {
+                const option = document.createElement('option');
+                option.value = item;
+                option.textContent = item;
+                select.appendChild(option);
+            });
+
+            select.addEventListener('change', function() {
+                const downloadButton = document.getElementById('downloadButton');
+                downloadButton.classList.toggle('hidden', !this.value);
+            });
+        }
+
+        async function downloadItem() {
+            const item = document.getElementById('itemSelect').value;
+            try {
+                const response = await fetch(`/api/download/${item}`);
+                if (!response.ok) throw new Error('Download failed');
+                
+                const blob = await response.blob();
+                const url = window.URL.createObjectURL(blob);
+                const a = document.createElement('a');
+                a.href = url;
+                a.download = item;
+                document.body.appendChild(a);
+                a.click();
+                document.body.removeChild(a);
+                window.URL.revokeObjectURL(url);
+            } catch (error) {
+                console.error('Error:', error);
+                alert('Error downloading file');
+            }
+        }
+    </script>
+</body>
+</html>