This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (
Help us improve Python packaging - Donate today!

A simple Flask application to share files.

Project Description


Flaskup! is a simple Flask application to share files with your friends. You upload files through an HTML form, and you get back a link to download the file. You can do whatever you want with the link (copy it in an email or in your prefered chat app, it’s up to you).


  • Python 2.7 (may work with other versions but not tested, feedbacks are welcome)
  • Flask
  • Flask-Babel
  • Flask-Mail
  • simplejson


  • Install from PyPI:

    pip install flaskup
  • or directly from the Git repository (to have latest features):

    git clone
    cd flaskup
    python install


You MUST set the environment variable FLASKUP_CONFIG that point to a valid python file. In this file you will be able to customize the configuration for Flaskup!, Flask and the Flask extensions.


  • FLASKUP_TITLE: personnalize the title of this webapp (default: ‘Flaskup!’)
  • FLASKUP_UPLOAD_FOLDER: the root folder where you want to store uploaded files (default: /tmp/flaskup).
  • FLASKUP_MAX_DAYS: the maximum number of days a file will be available, the file will be deleted after FLASKUP_MAX_DAYS days (default: 30).
  • FLASKUP_MAX_CONTACTS: limit contacts number, if the user gives more contacts, they will be silently discarded (default: 10 ; 0 means ‘no contacts’ and the textarea won’t be displayed)
  • FLASKUP_KEY_LENGTH: the lenght of the generated key used to identify a file (default: 6 – more than 2 billions keys)
  • FLASKUP_DELETE_KEY_LENGTH: the length of the generated key used to authenticate the owner of a file before deleting it (default: 4 – more than 1 million keys)
  • FLASKUP_ADMINS: list with email address of the administrators of Flaskup!, this is currently used only to send mails when an error occurs (default: [], empty list)
  • FLASKUP_NOTIFY: list all actions that should send an email notification to the admins (default: [], no notification)
    • add: a new file has been uploaded
    • delete: a file has been deleted
  • FLASKUP_NGINX_UPLOAD_MODULE_ENABLED: indicate whether you want to enable support for the Nginx upload-module (default: False)
  • FLASKUP_NGINX_UPLOAD_MODULE_STORE: must be set to the upload_store of the Nginx upload-module (default: None)
  • FLASKUP_UPLOAD_PASSWORDS: a list of tuples, each tuple contains a password and an identifier (default: [], no password required)
  • FLASKUP_UPLOAD_PASSWORDS_CHECK: method to check a submitted password against passwords in FLASKUP_UPLOAD_PASSWORDS (default: use cleartext passwords)


You must at least define the SECRET_KEY. To generate a good secret key, you can use a cryptographic random generator:

>>> import os
>>> os.urandom(24)

Example configuration file

# -*- coding: utf-8 -*-

from passlib.hash import bcrypt

DEBUG = True
SECRET_KEY = '_\x12\xab\x90D\xc4\xfd{\xd9\xe2\xf3-\xa8\xd3\x1d\x1ej\x8b\x13x\x8ce\xc5\xe0'
FLASKUP_UPLOAD_FOLDER = '/srv/flaskup/data'
FLASKUP_NOTIFY = ['add', 'delete']
  ('$2a$12$oIWeziyq4wjF08gntfU4w.AQZfYbbQoK7y13ParN83G7ta.qtN2.e', 'pw1'),
  ('$2a$12$zQ/hzog/iYr49fbo0mitS.y9f.uHP.7IyqWgk5/S1Ict50HRl4XxW', 'pw2'),

Run Flaskup!

  • Use your favorite WSGI server to run Flaskup! (the WSGI application is flaskup:app). For example, to use Flaskup! with Gunicorn:

    gunicorn --bind= flaskup:app
  • Alternatively, you can start Flaskup! with the builtin Flask webserver (for testing or developpement only).

    create a file

    from flaskup import app

    run it:


Delete expired files

Flaskup! comes with the command line tool flaskup. This tool is a generic python script to call actions. Currently the only available action is clean.

. /path/to/env/bin/activate
export FLASKUP_CONFIG=/path/to/my/
flaskup clean

Password protection

The password protection in Flaskup! is a very simple mechanism to force users to submit a valid password when they upload a file.

List of valid passwords

Valid passwords are stored in a tuple (with a password identifier), those tuples are stored as a list in FLASKUP_UPLOAD_PASSWORDS. If FLASKUP_UPLOAD_PASSWORDS is empty, then no valid password are required and anybody can upload a file.

  ('password1', 'identifier for password 1'),
  ('secretpassword2', 'identifier for password 2'),

The password identifier is stored in the *.data.json file next to the uploaded file. This permits to identify which password was used to upload the file.

A password is never required to download files, only to upload them.

Use hashed passwords

By default, Flaskup! will treat passwords from FLASKUP_UPLOAD_PASSWORDS as cleartext (not hashed). If you want to put hashed passwords in FLASKUP_UPLOAD_PASSWORDS, you must define FLASKUP_UPLOAD_PASSWORDS_CHECK.

FLASKUP_UPLOAD_PASSWORDS_CHECK must be a reference to a method that accepts two arguments: the user submitted password and the hashed password (from FLASKUP_UPLOAD_PASSWORDS), and then returns True if passwords match, else False.

from passlib.hash import bcrypt

  ('$2a$12$oIWeziyq4wjF08gntfU4w.AQZfYbbQoK7y13ParN83G7ta.qtN2.e', 'pw1'),
  ('$2a$12$zQ/hzog/iYr49fbo0mitS.y9f.uHP.7IyqWgk5/S1Ict50HRl4XxW', 'pw2'),

Nginx Upload Module

If you are using Nginx with the upload-module, you can configure it to efficiently upload files to Flaskup!. Using this module is recommended when you need to deal with large files: the whole POST is not decoded in Python and the uploaded file is moved just one time (with the normal file upload mechanism the file is re-sent from Nginx to your WSGI server, and then it is copied to the final destination).

Configure Flaskup!

You must define the two following configuration values:

  • FLASKUP_NGINX_UPLOAD_MODULE_STORE: must be set to the upload_store of the upload-module

Example configuration:

FLASKUP_NGINX_UPLOAD_MODULE_STORE = /tmp/nginx_upload_module

Configure Nginx

  • be sure that you compiled Nginx with the upload-module
  • create a folder where uploaded files will be stored, preferably on the same disk or partition as FLASKUP_UPLOAD_FOLDER to avoid unnecessary I/O operations (this folder is named upload_store in your Nginx config)
  • check permissions on the upload_store folder: users running Nginx and Flaskup! must have read/write permissions
  • edit your configuration file (add the /upload location)

Example configuration:

server {
    listen [::]:80;
    server_name "";
    client_max_body_size 2g;

    access_log /var/log/nginx/flaskup_access.log combined;
    error_log  /var/log/nginx/flaskup_error.log;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;

    location /static/ {
            alias   /path/to/env/lib/python2.7/site-packages/flaskup/static/;
    location = /upload {
            upload_pass             @upstream;
            upload_store            /tmp/nginx_upload_module;
            upload_store_access     user:rw;

            upload_set_form_field   $ "$upload_file_name";
            upload_set_form_field   $upload_field_name.path "$upload_tmp_path";

            upload_pass_form_field  "^myemail$|^mycontacts$";
            upload_cleanup          400-599;
    location / {
    location @upstream {


Flaskup! is maintained by Laurent Meunier.


Flaskup! is Copyright (c) 2012 Laurent Meunier. It is free software, and may be redistributed under the terms specified in the LICENSE file (a 3-clause BSD License).

Flaskup! uses Bootstrap (Apache License v2.0) and jQuery (MIT or GPLv2 License).

Release History

Release History

This version
History Node


History Node


History Node


History Node


History Node


History Node


Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
flaskup-0.3.2.tar.gz (108.4 kB) Copy SHA256 Checksum SHA256 Source Jun 13, 2014

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting