Deduplicate code in keyctl.py and add comments

Quiet mode is now a little more useful!

.gitignore

@@ -133,4 +133,4 @@ uploadkeys
 savelog.log
 uwsgi.log
 settings.py
-secret.key
+functions.py

README.md

@@ -4,6 +4,23 @@
 ### What is imgupload?
 imgupload is a Flask + uWSGI application to serve as an all-purpose image/file uploader over POST requests.
 
-### Usage
+### Installation
-Make sure you install the dependencies first. To do this, run `sudo python3 -m pip install -r requirements.txt`.
+1. Clone the repository: `git clone https://github.com/BBaoVanC/imgupload.git`
-To deploy imgupload, run `flask run`.
+2. Enter the imgupload directory: `cd imgupload`
+3. Create a virtualenv: `python3 -m venv env`
+4. Enter the virtualenv: `source env/bin/activate`
+5. Install dependencies: `python3 -m pip install -r requirements.txt`
+6. Run the Flask app
+
+## Running the Flask app
+### Using uWSGI
+[https://uwsgi-docs.readthedocs.io/en/latest/Configuration.html](https://uwsgi-docs.readthedocs.io/en/latest/Configuration.html)
+
+Instructions specific to imgupload are coming soon
+
+### Using Flask development server
+```shell
+$ source env/bin/activate  # if you haven't already entered the virtualenv
+$ export FLASK_APP=imgupload.py
+$ flask run
+```

configtest.py

@@ -1,3 +1,9 @@
+#!/usr/bin/env python3
+"""
+configtest.py
+
+Tests the validity of your configuration in settings.py.
+"""
 import os
 import settings as settings
 
@@ -10,7 +16,6 @@ defaults = {
     "SAVELOG": "savelog.log",
     "SAVELOG_CHMOD": "0o644",
     "SAVELOG_KEYPREFIX": 4,
-    "ENCKEY_PATH": "secret.key"
 }
 
 deftypes = {
@@ -20,7 +25,6 @@ deftypes = {
     "SAVELOG": str,
     "SAVELOG_CHMOD": int,
     "SAVELOG_KEYPREFIX": int,
-    "ENCKEY_PATH": str,
 }
 
 
@@ -94,16 +98,6 @@ if "ROOTURL" in checksettings:
         print("[" + u"\u2713" + "] ROOTURL is good!")
 
 
-# Check if ENCKEY_PATH exists
-enckey_exists = True
-if "ENCKEY_PATH" in checksettings:
-    if not os.path.isfile(settings.ENCKEY_PATH):
-        enckey_exists = False
-        print("[!] The path set in ENCKEY_PATH ('{0}') doesn't exist!".format(settings.ENCKEY_PATH))
-    else:
-        print("[" + u"\u2713" + "] ENCKEY_PATH exists!")
-
-
 # Ask the user if SAVELOG is the intended filename
 if "SAVELOG" in checksettings:
     print("[*] SAVELOG was interpreted to be {0}".format(settings.SAVELOG))
@@ -136,10 +130,6 @@ if not uploadfolder_exists:
     summarygood = False
     print("UPLOAD_FOLDER ({0}) does not exist!".format(settings.UPLOAD_FOLDER))
 
-if not enckey_exists:
-    summarygood = False
-    print("ENCKEY_PATH ({0}) does not exist!".format(settings.ENCKEY_PATH))
-
 if not rooturl_good:
     summarygood = False
     print("ROOTURL may cause issues!")

functions.py.default

@@ -0,0 +1,14 @@
+#!/usr/bin/env python3
+"""
+functions.py
+
+Functions used by imgupload which can be easily customized.
+"""
+import string
+import random
+
+
+def generate_name():
+    chars = string.ascii_letters + string.digits  # uppercase, lowercase, and numbers
+    name = ''.join((random.choice(chars) for i in range(8)))  # generate name
+    return name

imgupload.py

@@ -1,16 +1,17 @@
+#!/usr/bin/env python3
+"""
+imgupload.py
+
+Flask application for processing images uploaded through POST requests.
+"""
 from flask import Flask, request, jsonify, abort, Response
-from cryptography.fernet import Fernet
 from flask_api import status
 from pathlib import Path
-import string
-import random
 import os
 import datetime
 
 import settings  # app settings (such as allowed extensions)
-
+import functions  # custom functions
-
-ALPHANUMERIC = string.ascii_letters + string.digits  # uppercase, lowercase, and numbers
 
 app = Flask(__name__)  # app is the app
 
@@ -22,15 +23,6 @@ def allowed_extension(testext):
         return False
 
 
-def generate_name(extension):
-    namefound = False
-    while not namefound:
-        fname = ''.join((random.choice(ALPHANUMERIC) for i in range(8))) + str(extension)
-        if not Path(fname).is_file():
-            namefound = True
-    return fname
-
-
 def log_savelog(key, ip, savedname):
     if settings.SAVELOG_KEYPREFIX > 0:
         with open(settings.SAVELOG, "a+") as slogf:
@@ -46,20 +38,13 @@ def upload():
     if request.method == "POST":  # sanity check: make sure it's a POST request
         print("Request method was POST!")
 
-        with open(settings.ENCKEY_PATH,"rb") as enckey: # load encryption key
+        with open("uploadkeys", "r") as keyfile:  # load valid keys
-            key = enckey.read()
+            validkeys = keyfile.readlines()
-        f = Fernet(key)
+        validkeys = [x.strip("\n") for x in validkeys]
-
-        with open("uploadkeys", "rb") as keyfile:
-            encrypted_data = keyfile.read()
-        decrypted_data = str(f.decrypt(encrypted_data).decode('utf-8'))
-        decrypted_data = decrypted_data.splitlines()
-
-        validkeys = [x.strip("\n") for x in decrypted_data]
         while "" in validkeys:
             validkeys.remove("")
-            print("Removed blank key(s)")
         print("Loaded validkeys")
+
         if "uploadKey" in request.form:  # if an uploadKey was provided
             if request.form["uploadKey"] in validkeys:  # check if uploadKey is valid
                 print("Key is valid!")
@@ -77,7 +62,7 @@ def upload():
                 fext = Path(f.filename).suffix  # get the uploaded extension
                 if allowed_extension(fext):  # if the extension is allowed
                     print("Generating file with extension {0}".format(fext))
-                    fname = generate_name(fext)  # generate file name
+                    fname = functions.generate_name() + fext  # generate file name
                     print("Generated name: {0}".format(fname))
 
                     if f:  # if the uploaded image exists

keyctl.py

@@ -0,0 +1,181 @@
+#!/usr/bin/env python3
+"""
+keyctl.py
+
+Command-line utility for easy management of the uploadkeys file.
+"""
+
+from pathlib import Path
+import argparse
+import logging
+import secrets
+import string
+
+
+def read_keyfile():
+    with open("uploadkeys", "r") as keyfile:  # open uploadkeys
+        keys = keyfile.readlines()  # read all the keys
+        logging.debug("Read uploadkeys")
+    keys = [x.strip("\n") for x in keys]  # strip newlines from keys
+    logging.debug("Stripped newlines from keys")
+    return keys
+
+
+def genkey(length):
+    key = ''.join(secrets.choice(string.ascii_letters + string.digits) for x in range(length))
+    return key
+
+
+def savekey(key):
+    if not Path("uploadkeys").is_file():  # if uploadkeys doesn't exist, log an info message
+        logging.info("uploadkeys file doesn't exist, it will be created.")
+    with open("uploadkeys", "a+") as keyfile:
+        keyfile.write(str(key) + "\n")  # add the key
+    logging.debug("Saved a key to uploadkeys: {0}".format(key))
+
+
+def rmkey(delkey):
+    removedkey = False
+    allkeys = read_keyfile()
+    if delkey in allkeys:  # if the key to remove exists
+        allkeys.remove(delkey)  # remove the first instance of the key
+        removedkey = True
+        logging.debug("Removed one instance of the key")
+
+    with open("uploadkeys", "w") as keyfile:
+        for k in allkeys:
+            keyfile.write(k + "\n")  # write the remaining keys
+
+    if removedkey:
+        return True
+    else:
+        return False
+
+
+def find_duplicates():
+    allkeys = read_keyfile()
+
+    seen = set()
+    ukeys = []
+    dupkeys = []
+    for x in allkeys:
+        if x not in seen:
+            ukeys.append(x)
+            seen.add(x)
+        else:
+            dupkeys.append(x)
+    return dupkeys
+
+
+def get_keys():
+    validkeys = read_keyfile()
+    while "" in validkeys:
+        validkeys.remove("")
+    logging.debug("Removed blank keys")
+    return validkeys
+
+
+
+def cmd_list(args):
+    validkeys = get_keys()
+
+    print("List of upload keys:")
+    for i in range(len(validkeys)):
+        showkey = validkeys[i][:6]
+        if len(validkeys[i]) > 6:
+            showkey += "..."  # add ellipses since the key was shortened in list
+
+        print("    [{0}] {1}".format(i+1, showkey))
+
+
+def cmd_generate(args):
+    k = genkey(args.length)
+    logging.debug("Generated a new key: {0}".format(k))
+    savekey(k)
+    print("Your new key is: {0}".format(k))
+
+
+def cmd_add(args):
+    print("Please type/paste the key you would like to add.")
+    akr = input("> ")
+    ak = akr.strip()
+    print()
+    logging.debug("Ran strip() on key")
+    print(ak)
+    if input("Is the above key correct? [y/N] ").lower() == "y":
+        logging.debug("Interpreted as yes")
+        ask_for_key = False
+        savekey(ak)
+        logging.info("Added.")
+    else:
+        logging.debug("Interpreted as no")
+        print("No key has been saved.")
+
+
+def cmd_remove(args):
+    if rmkey(args.key):
+        logging.debug("Successfully removed the requested key")
+    else:
+        logging.info("No key was removed.")
+
+def cmd_dedupe(args):
+    dupes = find_duplicates()
+    if len(dupes) > 0:
+        for d in dupes:
+            r = rmkey(d)
+            logging.debug(r)
+            logging.info("Removed duplicate key: {0}".format(d))
+    else:
+        logging.info("[" + u"\u2713" + "] No duplicate keys found!")
+
+def cmd_show(args):
+    for k in get_keys():
+        if k[:6] == args.prefix:
+            print("Key: {0}".format(k))
+            break
+
+
+parser = argparse.ArgumentParser()  # create instance of argument parser class
+
+parlog = parser.add_mutually_exclusive_group()
+parlog.add_argument("-v", "--verbose", help="show debugging messages", action="store_true")
+parlog.add_argument("-q", "--quiet", help="show only warning messages and up", action="store_true")
+
+subparsers = parser.add_subparsers(help="sub-commands")
+parser_list = subparsers.add_parser("list", help="list the beginning of each key")
+parser_list.set_defaults(func=cmd_list)
+
+parser_gen = subparsers.add_parser("generate", help="generate a key and save it to uploadkeys")
+parser_gen.add_argument("length", help="length of key to generate", default=64, type=int, nargs="?")
+parser_gen.set_defaults(func=cmd_generate)
+
+parser_add = subparsers.add_parser("add", help="prompts for a key to add to uploadkeys")
+parser_add.set_defaults(func=cmd_add)
+
+parser_remove = subparsers.add_parser("remove", help="remove (one instance of) a key from uploadkeys")
+parser_remove.add_argument("key", help="key to remove")
+parser_remove.set_defaults(func=cmd_remove)
+
+parser_dedupe = subparsers.add_parser("dedupe", help="remove duplicate keys")
+parser_dedupe.set_defaults(func=cmd_dedupe)
+
+parser_show = subparsers.add_parser("show", help="show the full key based on the first 6 characters")
+parser_show.add_argument("prefix", help="first 6 characters of key (shown by `python3 keyctl.py list`)")
+parser_show.set_defaults(func=cmd_show)
+
+
+args = parser.parse_args()  # parse the arguments
+
+if args.verbose:
+    loglevel = logging.DEBUG
+elif args.quiet:
+    loglevel = logging.WARNING
+else:
+    loglevel = logging.INFO
+logging.basicConfig(level=loglevel, format="%(levelname)s: %(message)s")
+
+try:
+    args.func(args)
+except AttributeError:
+    logging.error("AttributeError")
+    parser.print_help()

keygen.py

@@ -1,102 +0,0 @@
-from cryptography.fernet import Fernet
-from cryptography.fernet import InvalidToken
-from pathlib import Path
-import settings
-import string
-import secrets
-import sys
-import os
-
-
-# Check if the script was run as root
-if os.geteuid() != 0:
-    exit("Root privileges are necessary to run this script.\nPlease try again as root or using `sudo`.")
-
-
-# Check if encryption key already exists
-enckey = Path(settings.ENCKEY_PATH)
-if enckey.is_file():
-    print("Encryption key found.")
-else:
-    print("Encryption key not found.")
-    print("Generating key...")
-    key = Fernet.generate_key()
-    with open(settings.ENCKEY_PATH, "wb") as key_file:
-        key_file.write(key)
-    print("Encryption key generated and stored in secret.key.")
-
-
-# Load encryption key
-def load_key():
-    with open(settings.ENCKEY_PATH, "rb") as kf:
-        kdata = kf.read()
-    return kdata
-
-
-# Encrypting and storing of key
-def encrypt_key(message):
-    key = load_key()
-    keyf = Fernet(key)
-
-    with open('uploadkeys', 'a+') as uploadkeys:
-        print(str(token), file=uploadkeys)
-
-    with open("uploadkeys", "rb") as keyfile:
-        keyfile_data = keyfile.read()
-
-    encrypted_data = keyf.encrypt(keyfile_data)
-
-    with open("uploadkeys", "wb") as keyfile:
-        keyfile.write(encrypted_data)
-
-
-def ask_yn(msg):
-    resps = {"y": True, "n": False}
-    ask = True
-    while ask:
-        proceedraw = input(msg)
-        if proceedraw.lower() in resps.keys():
-            proceed = resps[proceedraw]
-            ask = False
-        else:
-            print("Invalid response.")
-    return proceed
-
-
-N = 64  # Size of token
-
-# Generate key
-token = ''.join(secrets.choice(string.ascii_letters + string.digits) for i in range(N))
-
-# Decrypt the existing keyfile
-key = load_key()
-keyf = Fernet(key)
-
-genkey = True
-uploadkeysp = Path("uploadkeys")
-if not uploadkeysp.is_file():
-    uploadkeysp.touch()
-else:
-    with open("uploadkeys", "rb") as ukf:
-        # read the encrypted data
-        encrypted_data = ukf.read()
-
-    try:
-        decrypted_data = keyf.decrypt(encrypted_data)  # decrypt data
-        with open("uploadkeys", "wb") as ukf:
-            ukf.write(decrypted_data)  # write the original file
-    except InvalidToken:
-        print("The encrypted key data is invalid and cannot be read.")
-        print("It may be necessary to clear the file entirely, which will invalidate all tokens.")
-        proceed = ask_yn("Do you wish to proceed to clearing the uploadkeys file? [y/n] ")
-
-        if proceed:
-            os.remove("uploadkeys")
-            print("Removed uploadkeys file.")
-            proceed2 = ask_yn("Would you like to continue and generate a new token? [y/n] ")
-            if not proceed2:
-                genkey = False
-
-if genkey:
-    print("Your new token is: " + str(token))  # Print token
-    encrypt_key(str(token))  # Encrypt the key and save

requirements.txt

@@ -1,3 +1,2 @@
 Flask_API==2.0
-cryptography==3.1
 Flask==1.1.2

settings.py.default

@@ -1,7 +1,13 @@
+#!/usr/bin/env python3
+"""
+settings.py
+
+User-defined settings used by imgupload.py.
+"""
+
 UPLOAD_FOLDER = "/path/to/images"
 ALLOWED_EXTENSIONS = [".png", ".jpg", ".jpeg", ".svg", ".bmp", ".gif", ".ico",  ".webp"]
 ROOTURL = "https://example.com/"
 SAVELOG = "savelog.log"
 SAVELOG_CHMOD = 0o644
 SAVELOG_KEYPREFIX = 4
-ENCKEY_PATH = "secret.key"