bbaovanc/imgupload-legacy
Archived
1
1
Fork 0
Code Issues Pull Requests Releases 12 Wiki Activity

Compare commits

base: bbaovanc:feature-iss4
Branches Tags
bbaovanc:master bbaovanc:feature-iss4 bbaovanc:legacy
bbaovanc:v2.4 bbaovanc:v2.3 bbaovanc:v2.2.post1 bbaovanc:v2.2 bbaovanc:v2.1.3 bbaovanc:v2.1.2 bbaovanc:v2.1.1 bbaovanc:v2.1 bbaovanc:v2.0 bbaovanc:v1.1 bbaovanc:v1.0 bbaovanc:v0.1
..
compare: bbaovanc:v2.0
Branches Tags
bbaovanc:master bbaovanc:feature-iss4 bbaovanc:legacy
bbaovanc:v2.4 bbaovanc:v2.3 bbaovanc:v2.2.post1 bbaovanc:v2.2 bbaovanc:v2.1.3 bbaovanc:v2.1.2 bbaovanc:v2.1.1 bbaovanc:v2.1 bbaovanc:v2.0 bbaovanc:v1.1 bbaovanc:v1.0 bbaovanc:v0.1

1 Commits
feature-is ... v2.0

Author SHA1 Message Date
BBaoVanC
565a91e4ec Remove uploadkeys encryption features 
It doesn't really make sense to encrypt the keys, but store the secret
literally in the same directory. uploadkeys will now be stored in
plaintext. The branch `legacy` has the old code from before this commit.
 2020-09-03 21:44:58 -05:00
6 changed files with 4 additions and 138 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@ -134,4 +134,3 @@ savelog.log
uwsgi.log uwsgi.log
settings.py settings.py
functions.py functions.py
secret.key

16
configtest.py
View File

@ -10,7 +10,6 @@ defaults = {
"SAVELOG": "savelog.log", "SAVELOG": "savelog.log",
"SAVELOG_CHMOD": "0o644", "SAVELOG_CHMOD": "0o644",
"SAVELOG_KEYPREFIX": 4, "SAVELOG_KEYPREFIX": 4,
"ENCKEY_PATH": "secret.key"
} }
deftypes = { deftypes = {
@ -20,7 +19,6 @@ deftypes = {
"SAVELOG": str, "SAVELOG": str,
"SAVELOG_CHMOD": int, "SAVELOG_CHMOD": int,
"SAVELOG_KEYPREFIX": int, "SAVELOG_KEYPREFIX": int,
"ENCKEY_PATH": str,
} }
@ -94,16 +92,6 @@ if "ROOTURL" in checksettings:
print("[" + u"\u2713" + "] ROOTURL is good!") print("[" + u"\u2713" + "] ROOTURL is good!")
# Check if ENCKEY_PATH exists
enckey_exists = True
if "ENCKEY_PATH" in checksettings:
if not os.path.isfile(settings.ENCKEY_PATH):
enckey_exists = False
print("[!] The path set in ENCKEY_PATH ('{0}') doesn't exist!".format(settings.ENCKEY_PATH))
else:
print("[" + u"\u2713" + "] ENCKEY_PATH exists!")
# Ask the user if SAVELOG is the intended filename # Ask the user if SAVELOG is the intended filename
if "SAVELOG" in checksettings: if "SAVELOG" in checksettings:
print("[*] SAVELOG was interpreted to be {0}".format(settings.SAVELOG)) print("[*] SAVELOG was interpreted to be {0}".format(settings.SAVELOG))
@ -136,10 +124,6 @@ if not uploadfolder_exists:
summarygood = False summarygood = False
print("UPLOAD_FOLDER ({0}) does not exist!".format(settings.UPLOAD_FOLDER)) print("UPLOAD_FOLDER ({0}) does not exist!".format(settings.UPLOAD_FOLDER))
if not enckey_exists:
summarygood = False
print("ENCKEY_PATH ({0}) does not exist!".format(settings.ENCKEY_PATH))
if not rooturl_good: if not rooturl_good:
summarygood = False summarygood = False
print("ROOTURL may cause issues!") print("ROOTURL may cause issues!")

15
imgupload.py
View File

@ -34,20 +34,13 @@ def upload():
if request.method == "POST": # sanity check: make sure it's a POST request if request.method == "POST": # sanity check: make sure it's a POST request
print("Request method was POST!") print("Request method was POST!")
with open(settings.ENCKEY_PATH,"rb") as enckey: # load encryption key with open("uploadkeys", "r") as keyfile: # load valid keys
key = enckey.read() validkeys = keyfile.readlines()
f = Fernet(key) validkeys = [x.strip("\n") for x in validkeys]
with open("uploadkeys", "rb") as keyfile:
encrypted_data = keyfile.read()
decrypted_data = str(f.decrypt(encrypted_data).decode('utf-8'))
decrypted_data = decrypted_data.splitlines()
validkeys = [x.strip("\n") for x in decrypted_data]
while "" in validkeys: while "" in validkeys:
validkeys.remove("") validkeys.remove("")
print("Removed blank key(s)")
print("Loaded validkeys") print("Loaded validkeys")
if "uploadKey" in request.form: # if an uploadKey was provided if "uploadKey" in request.form: # if an uploadKey was provided
if request.form["uploadKey"] in validkeys: # check if uploadKey is valid if request.form["uploadKey"] in validkeys: # check if uploadKey is valid
print("Key is valid!") print("Key is valid!")

108
keygen.py
View File

@ -1,108 +0,0 @@
from cryptography.fernet import Fernet
from cryptography.fernet import InvalidToken
from pathlib import Path
import settings
import string
import secrets
import sys
import os
# Load secret
def load_secret():
with open(settings.ENCKEY_PATH, "rb") as sf:
secret = sf.read()
return secret
# Encrypting and storing of key
def append_uploadkey(akey):
with open('uploadkeys', 'a+') as uploadkeysf:
print(str(akey), file=uploadkeysf)
def decrypt_uploadkeys():
with open("uploadkeys", "rb") as uploadkeysf:
uploadkeys_data = uploadkeysf.read()
try:
secret = load_secret()
secretf = Fernet(secret)
decrypted_data = secretf.decrypt(uploadkeys_data) # decrypt data
with open("uploadkeys", "wb") as ukf:
ukf.write(decrypted_data) # write the original file
print("Done decrypting") # debug
return True
except InvalidToken:
print("InvalidToken") # debug
print("The encrypted key data is invalid and cannot be read.")
print("It may be necessary to clear the file entirely, which will invalidate all tokens.")
proceed = ask_yn("Do you wish to proceed to clearing the uploadkeys file? [y/n] ")
if proceed:
os.remove("uploadkeys")
print("Removed uploadkeys file.")
proceed2 = ask_yn("Would you like to continue and generate a new key? [y/n] ")
if not proceed2:
return False
else:
return True
else:
return False
def encrypt_uploadkeys():
with open("uploadkeys", "rb") as uploadkeysf:
uploadkeys_data = uploadkeysf.read()
secret = load_secret()
secretf = Fernet(secret)
encrypted_data = secretf.encrypt(uploadkeys_data)
with open("uploadkeys", "wb") as uploadkeysf:
uploadkeysf.write(encrypted_data)
def ask_yn(msg):
resps = {"y": True, "n": False}
ask = True
while ask:
proceedraw = input(msg)
if proceedraw.lower() in resps.keys():
proceed = resps[proceedraw]
ask = False
else:
print("Invalid response.")
return proceed
# Check if encryption secret already exists
if Path(settings.ENCKEY_PATH).is_file():
print("Encryption secret found.")
else:
print("Encryption secret not found.")
print("Generating secret...")
newsecret = Fernet.generate_key()
with open(settings.ENCKEY_PATH, "wb") as secret_file:
secret_file.write(newsecret)
print("Encryption secret generated and stored in {0}".format(settings.ENCKEY_PATH))
if __name__ == "__main__":
start = ask_yn("Have you run this program as the correct user (for example, nginx uses www-data)? [y/n] ")
if not start:
print("Please run this as the correct user with: sudo su [user] -s /bin/sh -c 'python3 keygen.py'")
else:
uploadkeysp = Path("uploadkeys")
if not uploadkeysp.is_file():
uploadkeysp.touch()
if decrypt_uploadkeys(): # Decrypt the file
N = 64 # Size of key
key = ''.join(secrets.choice(string.ascii_letters + string.digits) for i in range(N))
print("Your new key is: " + str(key)) # Print key
append_uploadkey(key) # Save the new key to file unencrypted
encrypt_uploadkeys() # Encrypt the uploadkeys file
else:
print("Exiting.")

1
requirements.txt
View File

@ -1,3 +1,2 @@
Flask_API==2.0 Flask_API==2.0
cryptography==3.1
Flask==1.1.2 Flask==1.1.2

1
settings.py.default
View File

@ -4,4 +4,3 @@ ROOTURL = "https://example.com/"
SAVELOG = "savelog.log" SAVELOG = "savelog.log"
SAVELOG_CHMOD = 0o644 SAVELOG_CHMOD = 0o644
SAVELOG_KEYPREFIX = 4 SAVELOG_KEYPREFIX = 4
ENCKEY_PATH = "secret.key"