diff --git a/.gitignore b/.gitignore index b88a996..d52add7 100644 --- a/.gitignore +++ b/.gitignore @@ -134,4 +134,3 @@ savelog.log uwsgi.log settings.py functions.py -secret.key diff --git a/configtest.py b/configtest.py index 5eb5c91..a74956d 100644 --- a/configtest.py +++ b/configtest.py @@ -10,7 +10,6 @@ defaults = { "SAVELOG": "savelog.log", "SAVELOG_CHMOD": "0o644", "SAVELOG_KEYPREFIX": 4, - "ENCKEY_PATH": "secret.key" } deftypes = { @@ -20,7 +19,6 @@ deftypes = { "SAVELOG": str, "SAVELOG_CHMOD": int, "SAVELOG_KEYPREFIX": int, - "ENCKEY_PATH": str, } @@ -94,16 +92,6 @@ if "ROOTURL" in checksettings: print("[" + u"\u2713" + "] ROOTURL is good!") -# Check if ENCKEY_PATH exists -enckey_exists = True -if "ENCKEY_PATH" in checksettings: - if not os.path.isfile(settings.ENCKEY_PATH): - enckey_exists = False - print("[!] The path set in ENCKEY_PATH ('{0}') doesn't exist!".format(settings.ENCKEY_PATH)) - else: - print("[" + u"\u2713" + "] ENCKEY_PATH exists!") - - # Ask the user if SAVELOG is the intended filename if "SAVELOG" in checksettings: print("[*] SAVELOG was interpreted to be {0}".format(settings.SAVELOG)) @@ -136,10 +124,6 @@ if not uploadfolder_exists: summarygood = False print("UPLOAD_FOLDER ({0}) does not exist!".format(settings.UPLOAD_FOLDER)) -if not enckey_exists: - summarygood = False - print("ENCKEY_PATH ({0}) does not exist!".format(settings.ENCKEY_PATH)) - if not rooturl_good: summarygood = False print("ROOTURL may cause issues!") diff --git a/imgupload.py b/imgupload.py index 405550c..345fe64 100644 --- a/imgupload.py +++ b/imgupload.py @@ -34,20 +34,13 @@ def upload(): if request.method == "POST": # sanity check: make sure it's a POST request print("Request method was POST!") - with open(settings.ENCKEY_PATH,"rb") as enckey: # load encryption key - key = enckey.read() - f = Fernet(key) - - with open("uploadkeys", "rb") as keyfile: - encrypted_data = keyfile.read() - decrypted_data = str(f.decrypt(encrypted_data).decode('utf-8')) - decrypted_data = decrypted_data.splitlines() - - validkeys = [x.strip("\n") for x in decrypted_data] + with open("uploadkeys", "r") as keyfile: # load valid keys + validkeys = keyfile.readlines() + validkeys = [x.strip("\n") for x in validkeys] while "" in validkeys: validkeys.remove("") - print("Removed blank key(s)") print("Loaded validkeys") + if "uploadKey" in request.form: # if an uploadKey was provided if request.form["uploadKey"] in validkeys: # check if uploadKey is valid print("Key is valid!") diff --git a/keygen.py b/keygen.py deleted file mode 100644 index 1ec3643..0000000 --- a/keygen.py +++ /dev/null @@ -1,103 +0,0 @@ -from cryptography.fernet import Fernet -from cryptography.fernet import InvalidToken -from pathlib import Path -import settings -import string -import secrets -import sys -import os - - -# Check if encryption key already exists -enckey = Path(settings.ENCKEY_PATH) -if enckey.is_file(): - print("Encryption key found.") -else: - print("Encryption key not found.") - print("Generating key...") - key = Fernet.generate_key() - with open(settings.ENCKEY_PATH, "wb") as key_file: - key_file.write(key) - print("Encryption key generated and stored in secret.key.") - - -# Load encryption key -def load_key(): - with open(settings.ENCKEY_PATH, "rb") as kf: - kdata = kf.read() - return kdata - - -# Encrypting and storing of key -def encrypt_key(message): - key = load_key() - keyf = Fernet(key) - - with open('uploadkeys', 'a+') as uploadkeys: - print(str(token), file=uploadkeys) - - with open("uploadkeys", "rb") as keyfile: - keyfile_data = keyfile.read() - - encrypted_data = keyf.encrypt(keyfile_data) - - with open("uploadkeys", "wb") as keyfile: - keyfile.write(encrypted_data) - - -def ask_yn(msg): - resps = {"y": True, "n": False} - ask = True - while ask: - proceedraw = input(msg) - if proceedraw.lower() in resps.keys(): - proceed = resps[proceedraw] - ask = False - else: - print("Invalid response.") - return proceed - - -start = ask_yn("Have you run this program as the correct user (for example, nginx uses www-data)? [y/n] ") -if not start: - print("Please run this as the correct user with: sudo su [user] -s /bin/sh -c 'python3 keygen/py'") - -else: - - N = 64 # Size of token - - # Generate key - token = ''.join(secrets.choice(string.ascii_letters + string.digits) for i in range(N)) - - # Decrypt the existing keyfile - key = load_key() - keyf = Fernet(key) - - genkey = True - uploadkeysp = Path("uploadkeys") - if not uploadkeysp.is_file(): - uploadkeysp.touch() - else: - with open("uploadkeys", "rb") as ukf: - # read the encrypted data - encrypted_data = ukf.read() - - try: - decrypted_data = keyf.decrypt(encrypted_data) # decrypt data - with open("uploadkeys", "wb") as ukf: - ukf.write(decrypted_data) # write the original file - except InvalidToken: - print("The encrypted key data is invalid and cannot be read.") - print("It may be necessary to clear the file entirely, which will invalidate all tokens.") - proceed = ask_yn("Do you wish to proceed to clearing the uploadkeys file? [y/n] ") - - if proceed: - os.remove("uploadkeys") - print("Removed uploadkeys file.") - proceed2 = ask_yn("Would you like to continue and generate a new token? [y/n] ") - if not proceed2: - genkey = False - - if genkey: - print("Your new token is: " + str(token)) # Print token - encrypt_key(str(token)) # Encrypt the key and save diff --git a/requirements.txt b/requirements.txt index 56d1fb7..7d9b535 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,2 @@ Flask_API==2.0 -cryptography==3.1 Flask==1.1.2 diff --git a/settings.py.default b/settings.py.default index 460efcf..06bd33d 100644 --- a/settings.py.default +++ b/settings.py.default @@ -4,4 +4,3 @@ ROOTURL = "https://example.com/" SAVELOG = "savelog.log" SAVELOG_CHMOD = 0o644 SAVELOG_KEYPREFIX = 4 -ENCKEY_PATH = "secret.key"