0%
False
Go Back
Project Imarelge

Flask-based ShareX Server

Serve image files from ShareX using Flask

VIEW PROJECT



The inspiration

I wanted a website for my sharex files, that displayed the images embedded within a normal webpage using a uniform template, but prevented them from being embedded in an unauthorised site.

The tech stack

I am already very familiar with Flask & python, so I used this for the backend. I used templating with Jinja to embed the images into the wrapper webpage. This will all be running behind an NGINX reverse proxy that will handle the SSL/TLS certs and stuff.

Discord Embeds

An issue I ran into was that images would no longer embed into discord. One major thing I wanted from this site was the function of embedding images as if it was a raw file link. To do this, I needed to check if the request was from discord or not. The quickest method to determine if a request is from the discord cache layer was to check the User-Agent request header. While looking through the request headers in my server’s logs, I determined they cycle between two specific User-Agent headers. Using these headers I modified the server response, so that if any User-Agent other than the discord ones requested the file, it would respond with the wrapper page with the image embedded.

Link Obfuscation

The next hurdle I ran into was with embedding the file into the site. Originally I considered embedding the images inline using base64 image conversion, but came to the conclusion that it was too difficult to implement and it wouldn’t be good for larger files.

I then chose instead to create an sqllite database using Flask-SQLAlchemy and create a loader URL that would be destroyed after a request was made to it. Basically obfuscation The site would use the jinja template to embed the proper temporary file link associated with the file requested. The temp link was designed so that when the browser requests for the file, it receives the file, embeds it, and then the web server instantly deletes the reference to the file from the database, rendering the temp link unsuable. This forces users to use the normal link, and thus everyone will see the wrapper site.

Deployment

Fixing up the HTML and adding a bit of CSS styling, I was able to deploy the site behind a reverse proxy.

Future feature additions

Now I am currently working on allowing myself to embed links from this site, but not others. I was considering using serverside links, the server for the site that the image is being embedded into will send a request to a new endpoint made for this purpose, and this endpoint will return a temp link. This temp link would then be embedded for the user and then deleted by the sharex server as soon as a client request is made. The serverside renderer wouldn’t make a request to the URL, therefore we can safely destroy the link as soon as the client themselves views it.