bbaovanc/imgupload-legacy
Archived
1
1
Fork 0
Code Issues Pull Requests Releases 12 Wiki Activity

Compare commits

base: bbaovanc:v1.0
Branches Tags
bbaovanc:master bbaovanc:feature-iss4 bbaovanc:legacy
bbaovanc:v2.4 bbaovanc:v2.3 bbaovanc:v2.2.post1 bbaovanc:v2.2 bbaovanc:v2.1.3 bbaovanc:v2.1.2 bbaovanc:v2.1.1 bbaovanc:v2.1 bbaovanc:v2.0 bbaovanc:v1.1 bbaovanc:v1.0 bbaovanc:v0.1
...
compare: bbaovanc:v2.0
Branches Tags
bbaovanc:master bbaovanc:feature-iss4 bbaovanc:legacy
bbaovanc:v2.4 bbaovanc:v2.3 bbaovanc:v2.2.post1 bbaovanc:v2.2 bbaovanc:v2.1.3 bbaovanc:v2.1.2 bbaovanc:v2.1.1 bbaovanc:v2.1 bbaovanc:v2.0 bbaovanc:v1.1 bbaovanc:v1.0 bbaovanc:v0.1

6 Commits
v1.0 ... v2.0

Author SHA1 Message Date
BBaoVanC
565a91e4ec Remove uploadkeys encryption features 
It doesn't really make sense to encrypt the keys, but store the secret
literally in the same directory. uploadkeys will now be stored in
plaintext. The branch `legacy` has the old code from before this commit.
 2020-09-03 21:44:58 -05:00
BBaoVanC
3fcdaa2b10 Fix formatting of README.md 2020-09-02 21:52:13 -05:00
BBaoVanC
4309225185 Add Installation section to README.md 
- Added Installation section to README.md
- Removed old Usage section
 2020-09-02 21:43:31 -05:00
BBaoVanC
065296f84a Rename functions.py to functions.py.default 
Since this is default settings and the user might want to customize
them, functions.py has been renamed. This also will prevent conflicts if
the user has updated their functions.py and then tries to pull.
 2020-09-02 18:04:41 -05:00
BBaoVanC
841bb513d3 Allow easy customization of filename generation 
Added a new file called functions.py which contains user-customizable
functions, instead of requiring the user to edit imgupload.py.
 2020-09-02 17:14:28 -05:00
BBaoVanC
f0bb30a747 Change keygen.py to not require root 
keygen.py now recommends that you run it as the user you want to have
ownership of secret.key and uploadkeys (such as www-data for nginx).
Then, if uploadkeys or secret.key don't exist, they will be created with
the correct ownership.
 2020-09-02 14:26:57 -05:00
8 changed files with 35 additions and 149 deletions
Expand all files Collapse all files

2
.gitignore vendored
View File

@ -133,4 +133,4 @@ uploadkeys
savelog.log
uwsgi.log
settings.py
secret.key
functions.py

23
README.md
View File

@ -4,6 +4,23 @@
### What is imgupload?
imgupload is a Flask + uWSGI application to serve as an all-purpose image/file uploader over POST requests.
### Usage
Make sure you install the dependencies first. To do this, run `sudo python3 -m pip install -r requirements.txt`.
To deploy imgupload, run `flask run`.
### Installation
1. Clone the repository: `git clone https://github.com/BBaoVanC/imgupload.git`
2. Enter the imgupload directory: `cd imgupload`
3. Create a virtualenv: `python3 -m venv env`
4. Enter the virtualenv: `source env/bin/activate`
5. Install dependencies: `python3 -m pip install -r requirements.txt`
6. Run the Flask app
## Running the Flask app
### Using uWSGI
[https://uwsgi-docs.readthedocs.io/en/latest/Configuration.html](https://uwsgi-docs.readthedocs.io/en/latest/Configuration.html)
Instructions specific to imgupload are coming soon
### Using Flask development server
```shell
$ source env/bin/activate # if you haven't already entered the virtualenv
$ export FLASK_APP=imgupload.py
$ flask run
```

16
configtest.py
View File

@ -10,7 +10,6 @@ defaults = {
"SAVELOG": "savelog.log",
"SAVELOG_CHMOD": "0o644",
"SAVELOG_KEYPREFIX": 4,
"ENCKEY_PATH": "secret.key"
}
deftypes = {
@ -20,7 +19,6 @@ deftypes = {
"SAVELOG": str,
"SAVELOG_CHMOD": int,
"SAVELOG_KEYPREFIX": int,
"ENCKEY_PATH": str,
}
@ -94,16 +92,6 @@ if "ROOTURL" in checksettings:
print("[" + u"\u2713" + "] ROOTURL is good!")
# Check if ENCKEY_PATH exists
enckey_exists = True
if "ENCKEY_PATH" in checksettings:
if not os.path.isfile(settings.ENCKEY_PATH):
enckey_exists = False
print("[!] The path set in ENCKEY_PATH ('{0}') doesn't exist!".format(settings.ENCKEY_PATH))
else:
print("[" + u"\u2713" + "] ENCKEY_PATH exists!")
# Ask the user if SAVELOG is the intended filename
if "SAVELOG" in checksettings:
print("[*] SAVELOG was interpreted to be {0}".format(settings.SAVELOG))
@ -136,10 +124,6 @@ if not uploadfolder_exists:
summarygood = False
print("UPLOAD_FOLDER ({0}) does not exist!".format(settings.UPLOAD_FOLDER))
if not enckey_exists:
summarygood = False
print("ENCKEY_PATH ({0}) does not exist!".format(settings.ENCKEY_PATH))
if not rooturl_good:
summarygood = False
print("ROOTURL may cause issues!")

8
functions.py.default Normal file
View File

@ -0,0 +1,8 @@
import string
import random
def generate_name():
chars = string.ascii_letters + string.digits # uppercase, lowercase, and numbers
name = ''.join((random.choice(chars) for i in range(8))) # generate name
return name

31
imgupload.py
View File

@ -2,15 +2,12 @@ from flask import Flask, request, jsonify, abort, Response
from cryptography.fernet import Fernet
from flask_api import status
from pathlib import Path
import string
import random
import os
import datetime
import settings # app settings (such as allowed extensions)
ALPHANUMERIC = string.ascii_letters + string.digits # uppercase, lowercase, and numbers
import functions # custom functions
app = Flask(__name__) # app is the app
@ -22,15 +19,6 @@ def allowed_extension(testext):
return False
def generate_name(extension):
namefound = False
while not namefound:
fname = ''.join((random.choice(ALPHANUMERIC) for i in range(8))) + str(extension)
if not Path(fname).is_file():
namefound = True
return fname
def log_savelog(key, ip, savedname):
if settings.SAVELOG_KEYPREFIX > 0:
with open(settings.SAVELOG, "a+") as slogf:
@ -46,20 +34,13 @@ def upload():
if request.method == "POST": # sanity check: make sure it's a POST request
print("Request method was POST!")
with open(settings.ENCKEY_PATH,"rb") as enckey: # load encryption key
key = enckey.read()
f = Fernet(key)
with open("uploadkeys", "rb") as keyfile:
encrypted_data = keyfile.read()
decrypted_data = str(f.decrypt(encrypted_data).decode('utf-8'))
decrypted_data = decrypted_data.splitlines()
validkeys = [x.strip("\n") for x in decrypted_data]
with open("uploadkeys", "r") as keyfile: # load valid keys
validkeys = keyfile.readlines()
validkeys = [x.strip("\n") for x in validkeys]
while "" in validkeys:
validkeys.remove("")
print("Removed blank key(s)")
print("Loaded validkeys")
if "uploadKey" in request.form: # if an uploadKey was provided
if request.form["uploadKey"] in validkeys: # check if uploadKey is valid
print("Key is valid!")
@ -77,7 +58,7 @@ def upload():
fext = Path(f.filename).suffix # get the uploaded extension
if allowed_extension(fext): # if the extension is allowed
print("Generating file with extension {0}".format(fext))
fname = generate_name(fext) # generate file name
fname = functions.generate_name() + fext # generate file name
print("Generated name: {0}".format(fname))
if f: # if the uploaded image exists

102
keygen.py
View File

@ -1,102 +0,0 @@
from cryptography.fernet import Fernet
from cryptography.fernet import InvalidToken
from pathlib import Path
import settings
import string
import secrets
import sys
import os
# Check if the script was run as root
if os.geteuid() != 0:
exit("Root privileges are necessary to run this script.\nPlease try again as root or using `sudo`.")
# Check if encryption key already exists
enckey = Path(settings.ENCKEY_PATH)
if enckey.is_file():
print("Encryption key found.")
else:
print("Encryption key not found.")
print("Generating key...")
key = Fernet.generate_key()
with open(settings.ENCKEY_PATH, "wb") as key_file:
key_file.write(key)
print("Encryption key generated and stored in secret.key.")
# Load encryption key
def load_key():
with open(settings.ENCKEY_PATH, "rb") as kf:
kdata = kf.read()
return kdata
# Encrypting and storing of key
def encrypt_key(message):
key = load_key()
keyf = Fernet(key)
with open('uploadkeys', 'a+') as uploadkeys:
print(str(token), file=uploadkeys)
with open("uploadkeys", "rb") as keyfile:
keyfile_data = keyfile.read()
encrypted_data = keyf.encrypt(keyfile_data)
with open("uploadkeys", "wb") as keyfile:
keyfile.write(encrypted_data)
def ask_yn(msg):
resps = {"y": True, "n": False}
ask = True
while ask:
proceedraw = input(msg)
if proceedraw.lower() in resps.keys():
proceed = resps[proceedraw]
ask = False
else:
print("Invalid response.")
return proceed
N = 64 # Size of token
# Generate key
token = ''.join(secrets.choice(string.ascii_letters + string.digits) for i in range(N))
# Decrypt the existing keyfile
key = load_key()
keyf = Fernet(key)
genkey = True
uploadkeysp = Path("uploadkeys")
if not uploadkeysp.is_file():
uploadkeysp.touch()
else:
with open("uploadkeys", "rb") as ukf:
# read the encrypted data
encrypted_data = ukf.read()
try:
decrypted_data = keyf.decrypt(encrypted_data) # decrypt data
with open("uploadkeys", "wb") as ukf:
ukf.write(decrypted_data) # write the original file
except InvalidToken:
print("The encrypted key data is invalid and cannot be read.")
print("It may be necessary to clear the file entirely, which will invalidate all tokens.")
proceed = ask_yn("Do you wish to proceed to clearing the uploadkeys file? [y/n] ")
if proceed:
os.remove("uploadkeys")
print("Removed uploadkeys file.")
proceed2 = ask_yn("Would you like to continue and generate a new token? [y/n] ")
if not proceed2:
genkey = False
if genkey:
print("Your new token is: " + str(token)) # Print token
encrypt_key(str(token)) # Encrypt the key and save

1
requirements.txt
View File

@ -1,3 +1,2 @@
Flask_API==2.0
cryptography==3.1
Flask==1.1.2

1
settings.py.default
View File

@ -4,4 +4,3 @@ ROOTURL = "https://example.com/"
SAVELOG = "savelog.log"
SAVELOG_CHMOD = 0o644
SAVELOG_KEYPREFIX = 4
ENCKEY_PATH = "secret.key"