1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
|
#
# The internetarchive module is a Python/CLI interface to Archive.org.
#
# Copyright (C) 2012-2021 Internet Archive
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
internetarchive.files
~~~~~~~~~~~~~~~~~~~~~
:copyright: (C) 2012-2019 by Internet Archive.
:license: AGPL 3, see LICENSE for more details.
"""
import logging
import os
import socket
import sys
from contextlib import nullcontext, suppress
from pathlib import Path
from urllib.parse import quote
from requests.exceptions import (
ConnectionError,
ConnectTimeout,
HTTPError,
ReadTimeout,
RetryError,
)
from tqdm import tqdm
from internetarchive import auth, iarequest, utils
log = logging.getLogger(__name__)
class BaseFile:
def __init__(self, item_metadata, name, file_metadata=None):
if file_metadata is None:
file_metadata = {}
name = name.strip('/')
if not file_metadata:
for f in item_metadata.get('files', []):
if f.get('name') == name:
file_metadata = f
break
self.identifier = item_metadata.get('metadata', {}).get('identifier')
self.name = name
self.size = None
self.source = None
self.format = None
self.md5 = None
self.sha1 = None
self.mtime = None
self.crc32 = None
self.exists = bool(file_metadata)
for key in file_metadata:
setattr(self, key, file_metadata[key])
# An additional, more orderly way to access file metadata,
# which avoids filtering the attributes.
self.metadata = file_metadata
self.mtime = float(self.mtime) if self.mtime else 0
self.size = int(self.size) if self.size else 0
class File(BaseFile):
"""This class represents a file in an archive.org item. You
can use this class to access the file metadata::
>>> import internetarchive
>>> item = internetarchive.Item('stairs')
>>> file = internetarchive.File(item, 'stairs.avi')
>>> print(f.format, f.size)
('Cinepack', '3786730')
Or to download a file::
>>> file.download()
>>> file.download('fabulous_movie_of_stairs.avi')
This class also uses IA's S3-like interface to delete a file
from an item. You need to supply your IAS3 credentials in
environment variables in order to delete::
>>> file.delete(access_key='Y6oUrAcCEs4sK8ey',
... secret_key='youRSECRETKEYzZzZ')
You can retrieve S3 keys here: `https://archive.org/account/s3.php
<https://archive.org/account/s3.php>`__
"""
def __init__(self, item, name, file_metadata=None):
"""
:type item: Item
:param item: The item that the file is part of.
:type name: str
:param name: The filename of the file.
:type file_metadata: dict
:param file_metadata: (optional) a dict of metadata for the
given file.
"""
super().__init__(item.item_metadata, name, file_metadata)
self.item = item
url_parts = {
'protocol': item.session.protocol,
'id': self.identifier,
'name': quote(name.encode('utf-8')),
'host': item.session.host,
}
self.url = '{protocol}//{host}/download/{id}/{name}'.format(**url_parts)
if self.item.session.access_key and self.item.session.secret_key:
self.auth = auth.S3Auth(self.item.session.access_key,
self.item.session.secret_key)
else:
self.auth = None
def __repr__(self):
return (f'File(identifier={self.identifier!r}, '
f'filename={self.name!r}, '
f'size={self.size!r}, '
f'format={self.format!r})')
def download(self, file_path=None, verbose=None, ignore_existing=None,
checksum=None, destdir=None, retries=None, ignore_errors=None,
fileobj=None, return_responses=None, no_change_timestamp=None,
params=None, chunk_size=None):
"""Download the file into the current working directory.
:type file_path: str
:param file_path: Download file to the given file_path.
:type verbose: bool
:param verbose: (optional) Turn on verbose output.
:type ignore_existing: bool
:param ignore_existing: Overwrite local files if they already
exist.
:type checksum: bool
:param checksum: (optional) Skip downloading file based on checksum.
:type destdir: str
:param destdir: (optional) The directory to download files to.
:type retries: int
:param retries: (optional) The number of times to retry on failed
requests.
:type ignore_errors: bool
:param ignore_errors: (optional) Don't fail if a single file fails to
download, continue to download other files.
:type fileobj: file-like object
:param fileobj: (optional) Write data to the given file-like object
(e.g. sys.stdout).
:type return_responses: bool
:param return_responses: (optional) Rather than downloading files to disk, return
a list of response objects.
:type no_change_timestamp: bool
:param no_change_timestamp: (optional) If True, leave the time stamp as the
current time instead of changing it to that given in
the original archive.
:type params: dict
:param params: (optional) URL parameters to send with
download request (e.g. `cnt=0`).
:rtype: bool
:returns: True if file was successfully downloaded.
"""
verbose = False if verbose is None else verbose
ignore_existing = False if ignore_existing is None else ignore_existing
checksum = False if checksum is None else checksum
retries = retries or 2
ignore_errors = ignore_errors or False
return_responses = return_responses or False
no_change_timestamp = no_change_timestamp or False
params = params or None
self.item.session.mount_http_adapter(max_retries=retries)
file_path = file_path or self.name
# Critical security check: Sanitize only the filename portion of file_path to
# prevent invalid characters and potential directory traversal issues.
# We use `utils.sanitize_filepath` instead of `utils.sanitize_filename` because:
# - `sanitize_filepath` preserves the directory path intact (does not encode path separators),
# - allowing `os.makedirs` to create intermediate directories correctly,
# - while still sanitizing just the filename to ensure it is safe for filesystem use.
file_path = utils.sanitize_filepath(file_path)
if destdir:
if return_responses is not True:
try:
os.mkdir(destdir)
except FileExistsError:
pass
if os.path.isfile(destdir):
raise OSError(f'{destdir} is not a directory!')
file_path = os.path.join(destdir, file_path)
if not return_responses and os.path.exists(file_path.encode('utf-8')):
if ignore_existing:
msg = f'skipping {file_path}, file already exists.'
log.info(msg)
if verbose:
print(f' {msg}', file=sys.stderr)
return
elif checksum:
with open(file_path, 'rb') as fp:
md5_sum = utils.get_md5(fp)
if md5_sum == self.md5:
msg = f'skipping {file_path}, file already exists based on checksum.'
log.info(msg)
if verbose:
print(f' {msg}', file=sys.stderr)
return
elif not fileobj:
st = os.stat(file_path.encode('utf-8'))
if (st.st_mtime == self.mtime) and (st.st_size == self.size) \
or self.name.endswith('_files.xml') and st.st_size != 0:
msg = f'skipping {file_path}, file already exists based on length and date.'
log.info(msg)
if verbose:
print(f' {msg}', file=sys.stderr)
return
# Critical security check: Prevent directory traversal attacks by ensuring
# the download path doesn't escape the target directory using path resolution
# and relative path validation. This protects against malicious filenames
# containing ../ sequences or other path manipulation attempts.
try:
# Resolve both paths to handle symlinks and absolute paths
target_path = Path(file_path).resolve()
base_dir = Path(destdir).resolve() if destdir else Path.cwd().resolve()
# Ensure the target path is relative to base directory
target_path.relative_to(base_dir)
except ValueError:
raise ValueError(f"Download path {file_path} is outside target directory {base_dir}")
parent_dir = os.path.dirname(file_path)
try:
if parent_dir != '' and return_responses is not True:
os.makedirs(parent_dir, exist_ok=True)
response = self.item.session.get(self.url,
stream=True,
timeout=12,
auth=self.auth,
params=params)
response.raise_for_status()
if return_responses:
return response
if verbose:
total = int(response.headers.get('content-length', 0)) or None
progress_bar = tqdm(desc=f' downloading {self.name}',
total=total,
unit='iB',
unit_scale=True,
unit_divisor=1024)
else:
progress_bar = nullcontext()
if not chunk_size:
chunk_size = 1048576
if not fileobj:
fileobj = open(file_path.encode('utf-8'), 'wb')
with fileobj, progress_bar as bar:
for chunk in response.iter_content(chunk_size=chunk_size):
if chunk:
size = fileobj.write(chunk)
if bar is not None:
bar.update(size)
except (RetryError, HTTPError, ConnectTimeout, OSError, ReadTimeout) as exc:
msg = f'error downloading file {file_path}, exception raised: {exc}'
log.error(msg)
try:
os.remove(file_path)
except OSError:
pass
if verbose:
print(f' {msg}', file=sys.stderr)
if ignore_errors:
return False
else:
raise exc
# Set mtime with mtime from files.xml.
if not no_change_timestamp:
# If we want to set the timestamp to that of the original archive...
with suppress(OSError): # Probably file-like object, e.g. sys.stdout.
os.utime(file_path.encode('utf-8'), (0, self.mtime))
msg = f'downloaded {self.identifier}/{self.name} to {file_path}'
log.info(msg)
return True
def delete(self, cascade_delete=None, access_key=None, secret_key=None, verbose=None,
debug=None, retries=None, headers=None):
"""Delete a file from the Archive. Note: Some files -- such as
<itemname>_meta.xml -- cannot be deleted.
:type cascade_delete: bool
:param cascade_delete: (optional) Delete all files associated with the specified
file, including upstream derivatives and the original.
:type access_key: str
:param access_key: (optional) IA-S3 access_key to use when making the given
request.
:type secret_key: str
:param secret_key: (optional) IA-S3 secret_key to use when making the given
request.
:type verbose: bool
:param verbose: (optional) Print actions to stdout.
:type debug: bool
:param debug: (optional) Set to True to print headers to stdout and exit exit
without sending the delete request.
"""
cascade_delete = '0' if not cascade_delete else '1'
access_key = self.item.session.access_key if not access_key else access_key
secret_key = self.item.session.secret_key if not secret_key else secret_key
debug = debug or False
verbose = verbose or False
max_retries = retries or 2
headers = headers or {}
if 'x-archive-cascade-delete' not in headers:
headers['x-archive-cascade-delete'] = cascade_delete
url = f'{self.item.session.protocol}//s3.us.archive.org/{self.identifier}/{quote(self.name)}'
self.item.session.mount_http_adapter(max_retries=max_retries,
status_forcelist=[503],
host='s3.us.archive.org')
request = iarequest.S3Request(
method='DELETE',
url=url,
headers=headers,
access_key=access_key,
secret_key=secret_key
)
if debug:
return request
else:
if verbose:
msg = f' deleting: {self.name}'
if cascade_delete:
msg += ' and all derivative files.'
print(msg, file=sys.stderr)
prepared_request = self.item.session.prepare_request(request)
try:
resp = self.item.session.send(prepared_request)
resp.raise_for_status()
except (RetryError, HTTPError, ConnectTimeout,
OSError, ReadTimeout) as exc:
error_msg = f'Error deleting {url}, {exc}'
log.error(error_msg)
raise
else:
return resp
finally:
# The retry adapter is mounted to the session object.
# Make sure to remove it after delete, so it isn't
# mounted if and when the session object is used for an
# upload. This is important because we use custom retry
# handling for IA-S3 uploads.
url_prefix = f'{self.item.session.protocol}//s3.us.archive.org'
del self.item.session.adapters[url_prefix]
class OnTheFlyFile(File):
def __init__(self, item, name):
"""
:type item: Item
:param item: The item that the file is part of.
:type name: str
:param name: The filename of the file.
"""
super().__init__(item.item_metadata, name)
|
