Remove uploadkeys encryption features

It doesn't really make sense to encrypt the keys, but store the secret
literally in the same directory. uploadkeys will now be stored in
plaintext. The branch `legacy` has the old code from before this commit.

.gitignore

@@ -134,4 +134,3 @@ savelog.log
 uwsgi.log
 settings.py
 functions.py
-secret.key

configtest.py

@@ -10,7 +10,6 @@ defaults = {
     "SAVELOG": "savelog.log",
     "SAVELOG_CHMOD": "0o644",
     "SAVELOG_KEYPREFIX": 4,
-    "ENCKEY_PATH": "secret.key"
 }
 
 deftypes = {
@@ -20,7 +19,6 @@ deftypes = {
     "SAVELOG": str,
     "SAVELOG_CHMOD": int,
     "SAVELOG_KEYPREFIX": int,
-    "ENCKEY_PATH": str,
 }
 
 
@@ -94,16 +92,6 @@ if "ROOTURL" in checksettings:
         print("[" + u"\u2713" + "] ROOTURL is good!")
 
 
-# Check if ENCKEY_PATH exists
-enckey_exists = True
-if "ENCKEY_PATH" in checksettings:
-    if not os.path.isfile(settings.ENCKEY_PATH):
-        enckey_exists = False
-        print("[!] The path set in ENCKEY_PATH ('{0}') doesn't exist!".format(settings.ENCKEY_PATH))
-    else:
-        print("[" + u"\u2713" + "] ENCKEY_PATH exists!")
-
-
 # Ask the user if SAVELOG is the intended filename
 if "SAVELOG" in checksettings:
     print("[*] SAVELOG was interpreted to be {0}".format(settings.SAVELOG))
@@ -136,10 +124,6 @@ if not uploadfolder_exists:
     summarygood = False
     print("UPLOAD_FOLDER ({0}) does not exist!".format(settings.UPLOAD_FOLDER))
 
-if not enckey_exists:
-    summarygood = False
-    print("ENCKEY_PATH ({0}) does not exist!".format(settings.ENCKEY_PATH))
-
 if not rooturl_good:
     summarygood = False
     print("ROOTURL may cause issues!")

imgupload.py

@@ -34,20 +34,13 @@ def upload():
     if request.method == "POST":  # sanity check: make sure it's a POST request
         print("Request method was POST!")
 
-        with open(settings.ENCKEY_PATH,"rb") as enckey: # load encryption key
-            key = enckey.read()
-        f = Fernet(key)
-
-        with open("uploadkeys", "rb") as keyfile:
-            encrypted_data = keyfile.read()
-        decrypted_data = str(f.decrypt(encrypted_data).decode('utf-8'))
-        decrypted_data = decrypted_data.splitlines()
-
-        validkeys = [x.strip("\n") for x in decrypted_data]
+        with open("uploadkeys", "r") as keyfile:  # load valid keys
+            validkeys = keyfile.readlines()
+        validkeys = [x.strip("\n") for x in validkeys]
         while "" in validkeys:
             validkeys.remove("")
-            print("Removed blank key(s)")
         print("Loaded validkeys")
+
         if "uploadKey" in request.form:  # if an uploadKey was provided
             if request.form["uploadKey"] in validkeys:  # check if uploadKey is valid
                 print("Key is valid!")

keygen.py

@@ -1,108 +0,0 @@
-from cryptography.fernet import Fernet
-from cryptography.fernet import InvalidToken
-from pathlib import Path
-import settings
-import string
-import secrets
-import sys
-import os
-
-
-# Load secret
-def load_secret():
-    with open(settings.ENCKEY_PATH, "rb") as sf:
-        secret = sf.read()
-    return secret
-
-
-# Encrypting and storing of key
-def append_uploadkey(akey):
-    with open('uploadkeys', 'a+') as uploadkeysf:
-        print(str(akey), file=uploadkeysf)
-
-
-def decrypt_uploadkeys():
-    with open("uploadkeys", "rb") as uploadkeysf:
-        uploadkeys_data = uploadkeysf.read()
-
-    try:
-        secret = load_secret()
-        secretf = Fernet(secret)
-        decrypted_data = secretf.decrypt(uploadkeys_data)  # decrypt data
-        with open("uploadkeys", "wb") as ukf:
-            ukf.write(decrypted_data)  # write the original file
-        print("Done decrypting")  # debug
-        return True
-    except InvalidToken:
-        print("InvalidToken")  # debug
-        print("The encrypted key data is invalid and cannot be read.")
-        print("It may be necessary to clear the file entirely, which will invalidate all tokens.")
-        proceed = ask_yn("Do you wish to proceed to clearing the uploadkeys file? [y/n] ")
-
-        if proceed:
-            os.remove("uploadkeys")
-            print("Removed uploadkeys file.")
-            proceed2 = ask_yn("Would you like to continue and generate a new key? [y/n] ")
-            if not proceed2:
-                return False
-            else:
-                return True
-        else:
-            return False
-
-
-def encrypt_uploadkeys():
-    with open("uploadkeys", "rb") as uploadkeysf:
-        uploadkeys_data = uploadkeysf.read()
-
-    secret = load_secret()
-    secretf = Fernet(secret)
-    encrypted_data = secretf.encrypt(uploadkeys_data)
-
-    with open("uploadkeys", "wb") as uploadkeysf:
-        uploadkeysf.write(encrypted_data)
-
-
-def ask_yn(msg):
-    resps = {"y": True, "n": False}
-    ask = True
-    while ask:
-        proceedraw = input(msg)
-        if proceedraw.lower() in resps.keys():
-            proceed = resps[proceedraw]
-            ask = False
-        else:
-            print("Invalid response.")
-    return proceed
-
-
-# Check if encryption secret already exists
-if Path(settings.ENCKEY_PATH).is_file():
-    print("Encryption secret found.")
-else:
-    print("Encryption secret not found.")
-    print("Generating secret...")
-    newsecret = Fernet.generate_key()
-    with open(settings.ENCKEY_PATH, "wb") as secret_file:
-        secret_file.write(newsecret)
-    print("Encryption secret generated and stored in {0}".format(settings.ENCKEY_PATH))
-
-
-if __name__ == "__main__":
-    start = ask_yn("Have you run this program as the correct user (for example, nginx uses www-data)? [y/n] ")
-    if not start:
-        print("Please run this as the correct user with: sudo su [user] -s /bin/sh -c 'python3 keygen.py'")
-
-    else:
-        uploadkeysp = Path("uploadkeys")
-        if not uploadkeysp.is_file():
-            uploadkeysp.touch()
-
-        if decrypt_uploadkeys():  # Decrypt the file
-            N = 64  # Size of key
-            key = ''.join(secrets.choice(string.ascii_letters + string.digits) for i in range(N))
-            print("Your new key is: " + str(key))  # Print key
-            append_uploadkey(key)  # Save the new key to file unencrypted
-            encrypt_uploadkeys()  # Encrypt the uploadkeys file
-        else:
-            print("Exiting.")

requirements.txt

@@ -1,3 +1,2 @@
 Flask_API==2.0
-cryptography==3.1
 Flask==1.1.2

settings.py.default

@@ -4,4 +4,3 @@ ROOTURL = "https://example.com/"
 SAVELOG = "savelog.log"
 SAVELOG_CHMOD = 0o644
 SAVELOG_KEYPREFIX = 4
-ENCKEY_PATH = "secret.key"