Remove a few leftover lines

This makes it easier to add new features
- Clearer variable names
- Split up large functions into smaller ones for each action
- Help make it easier to add new features

.gitignore

@@ -134,3 +134,4 @@ savelog.log
 uwsgi.log
 settings.py
 functions.py
+secret.key

configtest.py

@@ -10,6 +10,7 @@ defaults = {
     "SAVELOG": "savelog.log",
     "SAVELOG_CHMOD": "0o644",
     "SAVELOG_KEYPREFIX": 4,
+    "ENCKEY_PATH": "secret.key"
 }
 
 deftypes = {
@@ -19,6 +20,7 @@ deftypes = {
     "SAVELOG": str,
     "SAVELOG_CHMOD": int,
     "SAVELOG_KEYPREFIX": int,
+    "ENCKEY_PATH": str,
 }
 
 
@@ -92,6 +94,16 @@ if "ROOTURL" in checksettings:
         print("[" + u"\u2713" + "] ROOTURL is good!")
 
 
+# Check if ENCKEY_PATH exists
+enckey_exists = True
+if "ENCKEY_PATH" in checksettings:
+    if not os.path.isfile(settings.ENCKEY_PATH):
+        enckey_exists = False
+        print("[!] The path set in ENCKEY_PATH ('{0}') doesn't exist!".format(settings.ENCKEY_PATH))
+    else:
+        print("[" + u"\u2713" + "] ENCKEY_PATH exists!")
+
+
 # Ask the user if SAVELOG is the intended filename
 if "SAVELOG" in checksettings:
     print("[*] SAVELOG was interpreted to be {0}".format(settings.SAVELOG))
@@ -124,6 +136,10 @@ if not uploadfolder_exists:
     summarygood = False
     print("UPLOAD_FOLDER ({0}) does not exist!".format(settings.UPLOAD_FOLDER))
 
+if not enckey_exists:
+    summarygood = False
+    print("ENCKEY_PATH ({0}) does not exist!".format(settings.ENCKEY_PATH))
+
 if not rooturl_good:
     summarygood = False
     print("ROOTURL may cause issues!")

imgupload.py

@@ -34,13 +34,20 @@ def upload():
     if request.method == "POST":  # sanity check: make sure it's a POST request
         print("Request method was POST!")
 
-        with open("uploadkeys", "r") as keyfile:  # load valid keys
+        with open(settings.ENCKEY_PATH,"rb") as enckey: # load encryption key
-            validkeys = keyfile.readlines()
+            key = enckey.read()
-        validkeys = [x.strip("\n") for x in validkeys]
+        f = Fernet(key)
+
+        with open("uploadkeys", "rb") as keyfile:
+            encrypted_data = keyfile.read()
+        decrypted_data = str(f.decrypt(encrypted_data).decode('utf-8'))
+        decrypted_data = decrypted_data.splitlines()
+
+        validkeys = [x.strip("\n") for x in decrypted_data]
         while "" in validkeys:
             validkeys.remove("")
+            print("Removed blank key(s)")
         print("Loaded validkeys")
-
         if "uploadKey" in request.form:  # if an uploadKey was provided
             if request.form["uploadKey"] in validkeys:  # check if uploadKey is valid
                 print("Key is valid!")

keygen.py

@@ -0,0 +1,108 @@
+from cryptography.fernet import Fernet
+from cryptography.fernet import InvalidToken
+from pathlib import Path
+import settings
+import string
+import secrets
+import sys
+import os
+
+
+# Load secret
+def load_secret():
+    with open(settings.ENCKEY_PATH, "rb") as sf:
+        secret = sf.read()
+    return secret
+
+
+# Encrypting and storing of key
+def append_uploadkey(akey):
+    with open('uploadkeys', 'a+') as uploadkeysf:
+        print(str(akey), file=uploadkeysf)
+
+
+def decrypt_uploadkeys():
+    with open("uploadkeys", "rb") as uploadkeysf:
+        uploadkeys_data = uploadkeysf.read()
+
+    try:
+        secret = load_secret()
+        secretf = Fernet(secret)
+        decrypted_data = secretf.decrypt(uploadkeys_data)  # decrypt data
+        with open("uploadkeys", "wb") as ukf:
+            ukf.write(decrypted_data)  # write the original file
+        print("Done decrypting")  # debug
+        return True
+    except InvalidToken:
+        print("InvalidToken")  # debug
+        print("The encrypted key data is invalid and cannot be read.")
+        print("It may be necessary to clear the file entirely, which will invalidate all tokens.")
+        proceed = ask_yn("Do you wish to proceed to clearing the uploadkeys file? [y/n] ")
+
+        if proceed:
+            os.remove("uploadkeys")
+            print("Removed uploadkeys file.")
+            proceed2 = ask_yn("Would you like to continue and generate a new key? [y/n] ")
+            if not proceed2:
+                return False
+            else:
+                return True
+        else:
+            return False
+
+
+def encrypt_uploadkeys():
+    with open("uploadkeys", "rb") as uploadkeysf:
+        uploadkeys_data = uploadkeysf.read()
+
+    secret = load_secret()
+    secretf = Fernet(secret)
+    encrypted_data = secretf.encrypt(uploadkeys_data)
+
+    with open("uploadkeys", "wb") as uploadkeysf:
+        uploadkeysf.write(encrypted_data)
+
+
+def ask_yn(msg):
+    resps = {"y": True, "n": False}
+    ask = True
+    while ask:
+        proceedraw = input(msg)
+        if proceedraw.lower() in resps.keys():
+            proceed = resps[proceedraw]
+            ask = False
+        else:
+            print("Invalid response.")
+    return proceed
+
+
+# Check if encryption secret already exists
+if Path(settings.ENCKEY_PATH).is_file():
+    print("Encryption secret found.")
+else:
+    print("Encryption secret not found.")
+    print("Generating secret...")
+    newsecret = Fernet.generate_key()
+    with open(settings.ENCKEY_PATH, "wb") as secret_file:
+        secret_file.write(newsecret)
+    print("Encryption secret generated and stored in {0}".format(settings.ENCKEY_PATH))
+
+
+if __name__ == "__main__":
+    start = ask_yn("Have you run this program as the correct user (for example, nginx uses www-data)? [y/n] ")
+    if not start:
+        print("Please run this as the correct user with: sudo su [user] -s /bin/sh -c 'python3 keygen.py'")
+
+    else:
+        uploadkeysp = Path("uploadkeys")
+        if not uploadkeysp.is_file():
+            uploadkeysp.touch()
+
+        if decrypt_uploadkeys():  # Decrypt the file
+            N = 64  # Size of key
+            key = ''.join(secrets.choice(string.ascii_letters + string.digits) for i in range(N))
+            print("Your new key is: " + str(key))  # Print key
+            append_uploadkey(key)  # Save the new key to file unencrypted
+            encrypt_uploadkeys()  # Encrypt the uploadkeys file
+        else:
+            print("Exiting.")

requirements.txt

@@ -1,2 +1,3 @@
 Flask_API==2.0
+cryptography==3.1
 Flask==1.1.2

settings.py.default

@@ -4,3 +4,4 @@ ROOTURL = "https://example.com/"
 SAVELOG = "savelog.log"
 SAVELOG_CHMOD = 0o644
 SAVELOG_KEYPREFIX = 4
+ENCKEY_PATH = "secret.key"