alee/stegasoo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add EXIF Editor, consolidate channel key resolution

Browse Source 
EXIF Editor (Library → CLI → API → WebUI):
- src/stegasoo/utils.py: read_image_exif(), write_image_exif()
- CLI: stegasoo tools exif [--clear|--set Field=Value]
- API: /api/tools/exif, /api/tools/exif/update, /api/tools/exif/clear
- WebUI: EXIF Editor tab with inline editing, clear all, save/download

Architectural consolidation:
- Moved resolve_channel_key() to src/stegasoo/channel.py (was duplicated in 3 frontends)
- Added get_channel_response_info() for consistent API/WebUI responses
- Frontends now use thin wrappers that translate exceptions

DCT improvements:
- Added will_fit_by_mode() pre-check to WebUI encode (fail fast)
- Suggests LSB mode when DCT capacity exceeded

Dependencies:
- Added piexif>=1.1.0 for EXIF editing

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Aaron D. Lee
2026-01-04 01:16:33 -05:00
parent 5df9b9dac8
commit 01f0173dd4
9 changed files with 807 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
frontends/api/main.py
View File

@@ -49,7 +49,6 @@ from stegasoo import (
generate_credentials,
get_channel_status,
has_argon2,
has_channel_key,
has_dct_support,
set_channel_key,
validate_channel_key,
@@ -406,11 +405,7 @@ def _resolve_channel_key(channel_key: str | None) -> str | None:
"""
Resolve channel key from API parameter.
Args:
channel_key: API parameter value
- None: Use server-configured key (auto mode)
- "": Public mode (no channel key)
- "XXXX-...": Explicit key
Wrapper around library's resolve_channel_key with HTTP exception handling.
Returns:
Resolved channel key to pass to encode/decode
@@ -418,44 +413,27 @@ def _resolve_channel_key(channel_key: str | None) -> str | None:
Raises:
HTTPException: If key format is invalid
"""
if channel_key is None:
# Auto mode - use server config
return None
from stegasoo.channel import resolve_channel_key
if channel_key == "":
# Public mode
return ""
# Explicit key - validate format
if not validate_channel_key(channel_key):
raise HTTPException(
400, "Invalid channel key format. Expected: XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX"
)
return channel_key
try:
return resolve_channel_key(channel_key)
except (ValueError, FileNotFoundError) as e:
raise HTTPException(400, str(e))
def _get_channel_info(channel_key: str | None) -> tuple[str, str | None]:
"""
Get channel mode and fingerprint for response.
Uses library's get_channel_response_info for consistent formatting.
Returns:
(mode, fingerprint) tuple
"""
if channel_key == "":
return "public", None
from stegasoo.channel import get_channel_response_info
if channel_key is not None:
# Explicit key
fingerprint = f"{channel_key[:4]}-••••-••••-••••-••••-••••-••••-{channel_key[-4:]}"
return "private", fingerprint
# Auto mode - check server config
if has_channel_key():
status = get_channel_status()
return "private", status.get("fingerprint")
return "public", None
info = get_channel_response_info(channel_key)
return info["mode"], info.get("fingerprint")
# ============================================================================

38
frontends/cli/main.py
View File

@@ -168,37 +168,25 @@ def resolve_channel_key_option(
"""
Resolve channel key from CLI options.
Wrapper around library's resolve_channel_key with Click exception handling.
Returns:
None: Use server-configured key (auto mode)
"": Public mode (no channel key)
str: Explicit channel key
"""
if no_channel:
return "" # Public mode
from stegasoo.channel import resolve_channel_key
if channel_file:
# Load from file
path = Path(channel_file)
if not path.exists():
raise click.ClickException(f"Channel key file not found: {channel_file}")
key = path.read_text().strip()
if not validate_channel_key(key):
raise click.ClickException(f"Invalid channel key format in file: {channel_file}")
return key
if channel:
if channel.lower() == "auto":
return None # Use server config
# Explicit key provided
if not validate_channel_key(channel):
raise click.ClickException(
"Invalid channel key format. Expected: XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX\n"
"Generate a new key with: stegasoo channel generate"
)
return channel
# Default: use server-configured key (auto mode)
return None
try:
return resolve_channel_key(
value=channel,
file_path=channel_file,
no_channel=no_channel,
)
except FileNotFoundError as e:
raise click.ClickException(str(e))
except ValueError as e:
raise click.ClickException(str(e))
def format_channel_status_line(quiet: bool = False) -> str | None:

151
frontends/web/app.py
View File

@@ -277,23 +277,22 @@ def resolve_channel_key_form(channel_key_value: str) -> str:
"""
Resolve channel key from form input.
Args:
channel_key_value: Form value ('auto', 'none', or explicit key)
Returns:
Value to pass to subprocess_stego ('auto', 'none', or explicit key)
Wrapper around library's resolve_channel_key for subprocess compatibility.
Returns string values for subprocess_stego ('auto', 'none', or explicit key).
"""
if not channel_key_value or channel_key_value == "auto":
return "auto"
elif channel_key_value == "none":
return "none"
else:
# Explicit key - validate format
if validate_channel_key(channel_key_value):
return channel_key_value
else:
# Invalid format, fall back to auto
from stegasoo.channel import resolve_channel_key
try:
result = resolve_channel_key(channel_key_value)
if result is None:
return "auto"
elif result == "":
return "none"
else:
return result
except (ValueError, FileNotFoundError):
# Invalid format, fall back to auto
return "auto"
def generate_thumbnail(image_data: bytes, size: tuple = THUMBNAIL_SIZE) -> bytes:
@@ -928,6 +927,25 @@ def encode_page():
flash(result.error_message, "error")
return render_template("encode.html", has_qrcode_read=HAS_QRCODE_READ)
# Pre-check payload capacity BEFORE encode (fail fast)
from stegasoo.steganography import will_fit_by_mode
payload_size = len(payload.data) if hasattr(payload, "data") else len(payload.encode("utf-8"))
fit_check = will_fit_by_mode(payload_size, carrier_data, embed_mode=embed_mode)
if not fit_check.get("fits", True):
error_msg = (
f"Payload too large for {embed_mode.upper()} mode. "
f"Payload: {payload_size:,} bytes, "
f"Capacity: {fit_check.get('capacity', 0):,} bytes"
)
# Suggest alternative mode
if embed_mode == "dct":
alt_check = will_fit_by_mode(payload_size, carrier_data, embed_mode="lsb")
if alt_check.get("fits"):
error_msg += " - Try LSB mode instead."
flash(error_msg, "error")
return render_template("encode.html", has_qrcode_read=HAS_QRCODE_READ)
# v4.0.0: Include channel_key parameter
# Use subprocess-isolated encode to prevent crashes
if payload_type == "file" and payload_file and payload_file.filename:
@@ -1370,6 +1388,109 @@ def api_tools_peek():
return jsonify({"success": False, "error": str(e)}), 400
@app.route("/api/tools/exif", methods=["POST"])
@login_required
def api_tools_exif():
"""Read EXIF metadata from image."""
from stegasoo.utils import read_image_exif
image_file = request.files.get("image")
if not image_file:
return jsonify({"success": False, "error": "No image provided"}), 400
try:
image_data = image_file.read()
exif = read_image_exif(image_data)
# Check if it's a JPEG (editable) or not
is_jpeg = image_data[:2] == b"\xff\xd8"
return jsonify({
"success": True,
"filename": image_file.filename,
"exif": exif,
"editable": is_jpeg,
"field_count": len(exif),
})
except Exception as e:
return jsonify({"success": False, "error": str(e)}), 400
@app.route("/api/tools/exif/update", methods=["POST"])
@login_required
def api_tools_exif_update():
"""Update EXIF fields in image."""
from stegasoo.utils import write_image_exif
image_file = request.files.get("image")
if not image_file:
return jsonify({"success": False, "error": "No image provided"}), 400
# Get updates from form data
updates_json = request.form.get("updates", "{}")
try:
import json
updates = json.loads(updates_json)
except json.JSONDecodeError:
return jsonify({"success": False, "error": "Invalid updates JSON"}), 400
if not updates:
return jsonify({"success": False, "error": "No updates provided"}), 400
try:
image_data = image_file.read()
updated_data = write_image_exif(image_data, updates)
# Return as downloadable file
buffer = io.BytesIO(updated_data)
return send_file(
buffer,
mimetype="image/jpeg",
as_attachment=True,
download_name=f"exif_{image_file.filename}",
)
except ValueError as e:
return jsonify({"success": False, "error": str(e)}), 400
except Exception as e:
return jsonify({"success": False, "error": str(e)}), 500
@app.route("/api/tools/exif/clear", methods=["POST"])
@login_required
def api_tools_exif_clear():
"""Remove all EXIF metadata from image."""
from stegasoo.utils import strip_image_metadata
image_file = request.files.get("image")
if not image_file:
return jsonify({"success": False, "error": "No image provided"}), 400
# Get desired output format (default to PNG for lossless)
output_format = request.form.get("format", "PNG").upper()
if output_format not in ("PNG", "JPEG", "BMP"):
output_format = "PNG"
try:
image_data = image_file.read()
clean_data = strip_image_metadata(image_data, output_format=output_format)
# Determine extension and mimetype
ext_map = {"PNG": ("png", "image/png"), "JPEG": ("jpg", "image/jpeg"), "BMP": ("bmp", "image/bmp")}
ext, mimetype = ext_map.get(output_format, ("png", "image/png"))
# Return as downloadable file
stem = image_file.filename.rsplit(".", 1)[0] if "." in image_file.filename else image_file.filename
buffer = io.BytesIO(clean_data)
return send_file(
buffer,
mimetype=mimetype,
as_attachment=True,
download_name=f"{stem}_clean.{ext}",
)
except Exception as e:
return jsonify({"success": False, "error": str(e)}), 500
# Add these two test routes anywhere in app.py after the app = Flask(...) line:

264
frontends/web/templates/tools.html
View File

@@ -4,7 +4,7 @@
{% block content %}
<div class="row justify-content-center">
<div class="col-lg-8">
<div class="col-lg-10">
<h4 class="mb-4"><i class="bi bi-tools me-2"></i>Image Security Toolkit</h4>
<!-- Tool Tabs -->
@@ -15,8 +15,8 @@
</button>
</li>
<li class="nav-item" role="presentation">
<button class="nav-link" data-bs-toggle="pill" data-bs-target="#strip" type="button">
<i class="bi bi-eraser me-1"></i>Strip EXIF
<button class="nav-link" data-bs-toggle="pill" data-bs-target="#exif" type="button">
<i class="bi bi-card-text me-1"></i>EXIF Editor
</button>
</li>
<li class="nav-item" role="presentation">
@@ -65,20 +65,65 @@
</div>
</div>
<!-- Strip EXIF -->
<div class="tab-pane fade" id="strip" role="tabpanel">
<!-- EXIF Editor -->
<div class="tab-pane fade" id="exif" role="tabpanel">
<div class="card">
<div class="card-body">
<p class="text-muted mb-3">Remove metadata (camera info, GPS, timestamps) from images.</p>
<p class="text-muted mb-3">View, edit, or remove image metadata (EXIF, GPS, camera info).</p>
<form id="stripForm" action="{{ url_for('api_tools_strip_metadata') }}" method="POST" enctype="multipart/form-data">
<div class="mb-3">
<input type="file" class="form-control" name="image" id="stripFile" accept="image/*" required>
<div class="mb-3">
<input type="file" class="form-control" id="exifFile" accept="image/*">
</div>
<div id="exifEditor" class="d-none">
<div class="row mb-3">
<!-- Thumbnail -->
<div class="col-auto">
<img id="exifThumb" class="rounded" style="max-height: 120px; max-width: 120px; object-fit: cover;">
</div>
<!-- File info -->
<div class="col">
<h6 id="exifFilename" class="mb-1"></h6>
<small class="text-muted"><span id="exifFieldCount">0</span> metadata fields</small>
<div id="exifNotEditable" class="text-warning small d-none">
<i class="bi bi-exclamation-triangle me-1"></i>Non-JPEG: read-only
</div>
</div>
</div>
<button type="submit" class="btn btn-primary">
<i class="bi bi-eraser me-1"></i>Strip & Download
</button>
</form>
<!-- EXIF Fields Table -->
<div class="table-responsive" style="max-height: 300px; overflow-y: auto;">
<table class="table table-sm table-dark table-hover mb-0">
<thead class="sticky-top bg-dark">
<tr>
<th style="width: 35%">Field</th>
<th>Value</th>
<th style="width: 40px"></th>
</tr>
</thead>
<tbody id="exifTable"></tbody>
</table>
</div>
<div id="exifEmpty" class="text-muted text-center py-4 d-none">
<i class="bi bi-inbox"></i> No metadata found
</div>
<!-- Action Buttons -->
<div class="d-flex gap-2 mt-3 pt-3 border-top border-secondary">
<button type="button" class="btn btn-outline-danger" id="exifClearAll">
<i class="bi bi-trash me-1"></i>Clear All
</button>
<div class="ms-auto d-flex gap-2">
<button type="button" class="btn btn-outline-secondary" id="exifDiscard">
Discard
</button>
<button type="button" class="btn btn-primary" id="exifSave" disabled>
<i class="bi bi-download me-1"></i>Save Changes
</button>
</div>
</div>
</div>
</div>
</div>
</div>
@@ -142,6 +187,199 @@ document.getElementById('capacityFile')?.addEventListener('change', async functi
}
});
// EXIF Editor
let exifOriginalData = {};
let exifCurrentData = {};
let exifEditable = false;
let exifCurrentFile = null;
document.getElementById('exifFile')?.addEventListener('change', async function() {
const file = this.files[0];
if (!file) return;
exifCurrentFile = file;
const formData = new FormData();
formData.append('image', file);
try {
const res = await fetch('/api/tools/exif', { method: 'POST', body: formData });
const data = await res.json();
if (data.success) {
// Show thumbnail
const reader = new FileReader();
reader.onload = e => document.getElementById('exifThumb').src = e.target.result;
reader.readAsDataURL(file);
// Store data
exifOriginalData = JSON.parse(JSON.stringify(data.exif));
exifCurrentData = JSON.parse(JSON.stringify(data.exif));
exifEditable = data.editable;
// Update UI
document.getElementById('exifFilename').textContent = data.filename;
document.getElementById('exifFieldCount').textContent = data.field_count;
document.getElementById('exifNotEditable').classList.toggle('d-none', data.editable);
document.getElementById('exifEditor').classList.remove('d-none');
renderExifTable();
updateSaveButton();
}
} catch (err) {
console.error(err);
}
});
function renderExifTable() {
const tbody = document.getElementById('exifTable');
const empty = document.getElementById('exifEmpty');
const entries = Object.entries(exifCurrentData).sort((a, b) => a[0].localeCompare(b[0]));
if (entries.length === 0) {
tbody.innerHTML = '';
empty.classList.remove('d-none');
return;
}
empty.classList.add('d-none');
tbody.innerHTML = entries.map(([key, value]) => {
// Format value for display
let displayVal = value;
if (typeof value === 'object') {
displayVal = JSON.stringify(value);
}
if (typeof displayVal === 'string' && displayVal.length > 60) {
displayVal = displayVal.substring(0, 57) + '...';
}
// Check if field is editable (common string fields)
const editableFields = ['Make', 'Model', 'Software', 'Artist', 'Copyright', 'ImageDescription', 'DateTime', 'DateTimeOriginal', 'DateTimeDigitized', 'UserComment', 'LensMake', 'LensModel'];
const canEdit = exifEditable && editableFields.includes(key) && typeof value === 'string';
return `
<tr data-field="${key}">
<td class="text-muted small">${key}</td>
<td class="font-monospace small">
${canEdit
? `<input type="text" class="form-control form-control-sm bg-dark text-light border-secondary exif-input"
value="${String(value).replace(/"/g, '&quot;')}" data-field="${key}">`
: `<span title="${String(displayVal)}">${displayVal}</span>`
}
</td>
<td>
${canEdit
? `<button class="btn btn-sm btn-outline-danger border-0 exif-delete" data-field="${key}" title="Remove">
<i class="bi bi-x"></i>
</button>`
: ''
}
</td>
</tr>
`;
}).join('');
// Add event listeners for edits
tbody.querySelectorAll('.exif-input').forEach(input => {
input.addEventListener('input', function() {
exifCurrentData[this.dataset.field] = this.value;
updateSaveButton();
});
});
tbody.querySelectorAll('.exif-delete').forEach(btn => {
btn.addEventListener('click', function() {
delete exifCurrentData[this.dataset.field];
renderExifTable();
updateSaveButton();
});
});
}
function updateSaveButton() {
const changed = JSON.stringify(exifCurrentData) !== JSON.stringify(exifOriginalData);
document.getElementById('exifSave').disabled = !changed;
}
// Clear All button
document.getElementById('exifClearAll')?.addEventListener('click', async function() {
if (!exifCurrentFile) return;
if (!confirm('Remove all metadata from this image?')) return;
const formData = new FormData();
formData.append('image', exifCurrentFile);
formData.append('format', 'PNG');
try {
const res = await fetch('/api/tools/exif/clear', { method: 'POST', body: formData });
if (res.ok) {
const blob = await res.blob();
const url = URL.createObjectURL(blob);
const a = document.createElement('a');
a.href = url;
a.download = res.headers.get('Content-Disposition')?.split('filename=')[1]?.replace(/"/g, '') || 'clean.png';
a.click();
URL.revokeObjectURL(url);
}
} catch (err) {
console.error(err);
}
});
// Discard button
document.getElementById('exifDiscard')?.addEventListener('click', function() {
exifCurrentData = JSON.parse(JSON.stringify(exifOriginalData));
renderExifTable();
updateSaveButton();
});
// Save button
document.getElementById('exifSave')?.addEventListener('click', async function() {
if (!exifCurrentFile || !exifEditable) return;
// Find what changed
const updates = {};
for (const [key, val] of Object.entries(exifCurrentData)) {
if (exifOriginalData[key] !== val) {
updates[key] = val;
}
}
// Mark deleted fields
for (const key of Object.keys(exifOriginalData)) {
if (!(key in exifCurrentData)) {
updates[key] = null;
}
}
if (Object.keys(updates).length === 0) return;
const formData = new FormData();
formData.append('image', exifCurrentFile);
formData.append('updates', JSON.stringify(updates));
try {
const res = await fetch('/api/tools/exif/update', { method: 'POST', body: formData });
if (res.ok) {
const blob = await res.blob();
const url = URL.createObjectURL(blob);
const a = document.createElement('a');
a.href = url;
a.download = res.headers.get('Content-Disposition')?.split('filename=')[1]?.replace(/"/g, '') || 'updated.jpg';
a.click();
URL.revokeObjectURL(url);
// Update original to match current
exifOriginalData = JSON.parse(JSON.stringify(exifCurrentData));
updateSaveButton();
} else {
const err = await res.json();
alert(err.error || 'Failed to save');
}
} catch (err) {
console.error(err);
alert('Failed to save changes');
}
});
// Peek (Header Detection)
document.getElementById('peekFile')?.addEventListener('change', async function() {
const file = this.files[0];