lyadmin/app.py

import glob
import json

import re
import sshpubkeys

from flask import Flask, redirect, url_for, render_template, request

# lyadmin
# scripts and web form for a tilde / PAUS instance
#
# gashapwn
# Nov 2020
#
# https://git.lain.church/gashapwn/lyadmin
# gashapwn@protonmail.com
# or
# gasahwpn on irc.lainchan.org


app=Flask(__name__)

# Paths for conf file,
#           user list,
#           directory containing
#           account request files...
WORKING_DIR = "/home/gashapwn/lyadmin/";
ACCOUNT_DIR = "req/";
FULL_PATH = str(WORKING_DIR) + str(ACCOUNT_DIR)
CONF_PATH = str(WORKING_DIR) + "lyadmin.conf.json"

# validation stuff
MAX_PUB_KEY_LEN = 5000
EMAIL_REGEX = "^[a-z0-9]+[\._]?[a-z0-9]+[@]\w+[.]\w{2,10}$"
KEY_REGEX = "^[ -~]+$"

# Account requests are given ID numbers
# the first request will have the below
# id number
INIT_REQ_ID = "00000"

# Slurp the conf file
with open(CONF_PATH) as c: conf_json_str = c.read()
conf_obj = json.loads(conf_json_str)

# A list of all the shell enums
conf_obj["shell_tup_list"] = list(map(
                lambda k : (
                    k, conf_obj["shell"][k]
                ),
                list(conf_obj["shell"].keys())
))

# The main home page
@app.route("/")
def home():
    app.route('/')

    # Load the list of tilde users
    # to generate links for
    u_list = [];
    with open("user_list.txt") as u_file:
        for line in u_file.readlines():
            u_list.append(line.strip());
    
    return render_template("index.html", u_list=u_list, page_name="home")

# Generates the page with rule. No logic needed.
def rules():
    return render_template("rules.html")

# Generate HTML for a form widget
def widg_fun(widg):
    if(widg.w_type == "input"):
        return "input id=id_%s name=%s type=text></input"%(
            widg.w_name, widg.w_name
        )
    elif(widg.w_type == "textarea"):
        return "textarea cols=40 id=id_%s name=%s rows=10 required=\"\""%(
            widg.w_name, widg.w_name
        )
    elif(widg.w_type == "check"):
        return "input id=id_%s name=%s type=checkbox required=\"\""%(
            widg.w_name, widg.w_name)
    return widg.w_type;

# Generate HTML for request form
# probably a strange way to do this...
def req():
    app.route('/req')
    class Widg:
        def __init__(self, w_name, w_type, w_opt):
            self.w_name = w_name
            self.w_type = w_type
            self.w_opt = w_opt # only for choice type widg

    # Configuration for our request form
    rt = {
        "username": Widg(
            "username",
            "input",
            None
        ),
        "email for account lockout / registration confirmation (optional)": Widg(
            "email",
            "input",
            None
        ),
        "SSH public key": Widg(
            "pub_key",
            "textarea",
            None
        ),
        "shell of choice": Widg(
            "shell",
            "choice",
            conf_obj["shell_tup_list"]
        ),
        "have you read the rules?": Widg(
            "rule_read", "check", None
        )
        };
    return render_template(
        "req.html",
        req_tab = rt,
        widg_fun = widg_fun,
        page_name="req"
    )

def handle_invalid_data(req):
    # print(str(e))
    return render_template("signup.html", is_email_user = False)

# Process input from user creation POST request
def signup():
    app.route('/req/signup')

    # Get all the params from the POST
    # request
    username = request.form["username"].strip()
    email = request.form["email"].strip()
    pub_key = request.form["pub_key"].strip()
    shell = request.form["shell"].strip()
    rule_read = request.form["rule_read"].strip()

    is_email_user = False;

    # If a user didnt read the rules
    # send them back
    if(rule_read != "on"):
        return redirect(url_for('req'))

    # Set placeholder if user didnt send an email
    if(len(email) > 1):
        is_email_user = True
    else:
        email = "NO_EMAIL"

    # Validate shell
    if(not shell in conf_obj["shell"]):
        print("failed shell validation")
        return handle_invalid_data(req)

    # Validate email
    if( is_email_user and not re.search(EMAIL_REGEX, email)):
        print("failed email validation")
        return handle_invalid_data(req)
        
    # Validate the SSH pub key
    # Most software only handles up to 4096 bit keys
    if(len(pub_key) > MAX_PUB_KEY_LEN):
        print("key failed len check")
        return handle_invalid_data(req)

    # Only printable ascii characters in
    # a valid key
    # if(not re.search("^[ -~]+$", pub_key)):
    if(not re.search(KEY_REGEX, pub_key)):
        print("key failed regex")
        return handle_invalid_data(req)

    # Check the key against a library
    key = sshpubkeys.SSHKey(
        pub_key,
        strict_mode=False,
        skip_option_parsing=True
    )
    try:
        key.parse()
    except Exception as e:
        print("key failed lib validation")
        return handle_invalid_data(request)

    # All users requests have a sequential ID
    # The below picks the next ID based on
    # how many requests we already have saved
    # to disk
    if(len(glob.glob(ACCOUNT_DIR + str("[0-9]*ident*"))) == 0):
        new_id = int(INIT_REQ_ID)
        new_id_str = INIT_REQ_ID
    else:
        max_id = max(
            list(map(
                lambda path : path.split("/")[-1].split(".")[0],
                glob.glob(str(ACCOUNT_DIR) + "[0-9]*ident*")))
        )
        zpad = len(max_id)
        new_id = int(max_id)+1
        new_id_str = str(new_id).zfill(zpad)

    # write the request to disk
    fn1 = str(FULL_PATH) + str(new_id_str) + ".ident"
    with open(fn1, "w") as ident_file:
        ident_file.write(str(username) + "\n")
        ident_file.write(str(email) + "\n")
        ident_file.write(str(shell) + "\n")
        ident_file.write(str(pub_key) + "\n")
        
    return render_template("signup.html", is_email_user = is_email_user)

@app.context_processor
def get_site_name():
      return {"site_name": conf_obj["site_name"]}
  
if __name__=="__main__":
    app.add_url_rule('/rules', 'rules', rules)
    app.add_url_rule('/req', 'req', req, methods = ['POST', 'GET'])
    app.add_url_rule('/req/signup', 'signup', signup, methods = ['POST'])
    app.run(host=conf_obj["listen_ip"],debug=True)
signup creates an ident file now 2020-11-26 18:30:35 -05:00			`import glob`
added a conf file 2020-11-26 18:56:41 -05:00			`import json`
added validations for sshkey pub_key email 2020-11-27 20:41:17 -05:00
			`import re`
			`import sshpubkeys`

added app.py to test site 2020-11-21 19:41:37 -05:00			`from flask import Flask, redirect, url_for, render_template, request`

added comments 2020-11-26 19:13:45 -05:00			`# lyadmin`
			`# scripts and web form for a tilde / PAUS instance`
			`#`
			`# gashapwn`
			`# Nov 2020`
			`#`
			`# https://git.lain.church/gashapwn/lyadmin`
			`# gashapwn@protonmail.com`
			`# or`
			`# gasahwpn on irc.lainchan.org`


added a conf file 2020-11-26 18:56:41 -05:00			`app=Flask(__name__)`

added comments 2020-11-26 19:13:45 -05:00			`# Paths for conf file,`
			`# user list,`
			`# directory containing`
			`# account request files...`
signup creates an ident file now 2020-11-26 18:30:35 -05:00			`WORKING_DIR = "/home/gashapwn/lyadmin/";`
added the req directory 2020-11-27 01:07:33 -05:00			`ACCOUNT_DIR = "req/";`
signup creates an ident file now 2020-11-26 18:30:35 -05:00			`FULL_PATH = str(WORKING_DIR) + str(ACCOUNT_DIR)`
added a conf file 2020-11-26 18:56:41 -05:00			`CONF_PATH = str(WORKING_DIR) + "lyadmin.conf.json"`

reworded some comments. removed some newlines. 2020-11-27 21:12:02 -05:00			`# validation stuff`
added validations for sshkey pub_key email 2020-11-27 20:41:17 -05:00			`MAX_PUB_KEY_LEN = 5000`
reworded some comments. removed some newlines. 2020-11-27 21:12:02 -05:00			`EMAIL_REGEX = "^[a-z0-9]+[\._]?[a-z0-9]+[@]\w+[.]\w{2,10}$"`
			`KEY_REGEX = "^[ -~]+$"`
reformatted req method 2020-11-27 20:46:10 -05:00
signup creates an ident file now 2020-11-26 18:30:35 -05:00			`# Account requests are given ID numbers`
			`# the first request will have the below`
			`# id number`
			`INIT_REQ_ID = "00000"`

added comments 2020-11-26 19:13:45 -05:00			`# Slurp the conf file`
added a conf file 2020-11-26 18:56:41 -05:00			`with open(CONF_PATH) as c: conf_json_str = c.read()`
			`conf_obj = json.loads(conf_json_str)`
added app.py to test site 2020-11-21 19:41:37 -05:00
added validations for shell enum 2020-11-27 20:58:23 -05:00			`# A list of all the shell enums`
reworded some comments. removed some newlines. 2020-11-27 21:12:02 -05:00			`conf_obj["shell_tup_list"] = list(map(`
added validations for shell enum 2020-11-27 20:58:23 -05:00			`lambda k : (`
			`k, conf_obj["shell"][k]`
			`),`
			`list(conf_obj["shell"].keys())`
			`))`

added comments 2020-11-26 19:13:45 -05:00			`# The main home page`
added app.py to test site 2020-11-21 19:41:37 -05:00			`@app.route("/")`
			`def home():`
			`app.route('/')`
added user_list.txt code 2020-11-26 01:53:20 -05:00
added comments 2020-11-26 19:13:45 -05:00			`# Load the list of tilde users`
			`# to generate links for`
added user_list.txt code 2020-11-26 01:53:20 -05:00			`u_list = [];`
			`with open("user_list.txt") as u_file:`
footer only on homepage now 2020-11-26 17:15:40 -05:00			`for line in u_file.readlines():`
			`u_list.append(line.strip());`
added user_list.txt code 2020-11-26 01:53:20 -05:00
added rule. added new bkg pic. CSS can change bkg pic. 2020-11-26 16:41:00 -05:00			`return render_template("index.html", u_list=u_list, page_name="home")`

reworded some comments. removed some newlines. 2020-11-27 21:12:02 -05:00			`# Generates the page with rule. No logic needed.`
added rule. added new bkg pic. CSS can change bkg pic. 2020-11-26 16:41:00 -05:00			`def rules():`
			`return render_template("rules.html")`
added app.py to test site 2020-11-21 19:41:37 -05:00
added comments 2020-11-26 19:13:45 -05:00			`# Generate HTML for a form widget`
dummy version of request form 2020-11-22 02:42:56 -05:00			`def widg_fun(widg):`
			`if(widg.w_type == "input"):`
reworded some comments. removed some newlines. 2020-11-27 21:12:02 -05:00			`return "input id=id_%s name=%s type=text></input"%(`
			`widg.w_name, widg.w_name`
			`)`
dummy version of request form 2020-11-22 02:42:56 -05:00			`elif(widg.w_type == "textarea"):`
reworded some comments. removed some newlines. 2020-11-27 21:12:02 -05:00			`return "textarea cols=40 id=id_%s name=%s rows=10 required=\"\""%(`
			`widg.w_name, widg.w_name`
			`)`
dummy version of request form 2020-11-22 02:42:56 -05:00			`elif(widg.w_type == "check"):`
reworded some comments. removed some newlines. 2020-11-27 21:12:02 -05:00			`return "input id=id_%s name=%s type=checkbox required=\"\""%(`
			`widg.w_name, widg.w_name)`
dummy version of request form 2020-11-22 02:42:56 -05:00			`return widg.w_type;`

added comments 2020-11-26 19:13:45 -05:00			`# Generate HTML for request form`
			`# probably a strange way to do this...`
added logic for req template 2020-11-22 01:24:41 -05:00			`def req():`
signup handling added 2020-11-26 17:06:39 -05:00			`app.route('/req')`
dummy version of request form 2020-11-22 02:42:56 -05:00			`class Widg:`
			`def __init__(self, w_name, w_type, w_opt):`
			`self.w_name = w_name`
			`self.w_type = w_type`
added some comments 2020-11-26 19:47:31 -05:00			`self.w_opt = w_opt # only for choice type widg`
added comments 2020-11-26 19:13:45 -05:00
			`# Configuration for our request form`
added logic for req template 2020-11-22 01:24:41 -05:00			`rt = {`
reformatted req method 2020-11-27 20:46:10 -05:00			`"username": Widg(`
			`"username",`
			`"input",`
			`None`
			`),`
			`"email for account lockout / registration confirmation (optional)": Widg(`
			`"email",`
			`"input",`
			`None`
			`),`
			`"SSH public key": Widg(`
			`"pub_key",`
			`"textarea",`
			`None`
			`),`
			`"shell of choice": Widg(`
			`"shell",`
			`"choice",`
reworded some comments. removed some newlines. 2020-11-27 21:12:02 -05:00			`conf_obj["shell_tup_list"]`
reformatted req method 2020-11-27 20:46:10 -05:00			`),`
			`"have you read the rules?": Widg(`
			`"rule_read", "check", None`
			`)`
added logic for req template 2020-11-22 01:24:41 -05:00			`};`
reworded some comments. removed some newlines. 2020-11-27 21:12:02 -05:00			`return render_template(`
			`"req.html",`
			`req_tab = rt,`
			`widg_fun = widg_fun,`
			`page_name="req"`
			`)`
added rule. added new bkg pic. CSS can change bkg pic. 2020-11-26 16:41:00 -05:00
added validations for sshkey pub_key email 2020-11-27 20:41:17 -05:00			`def handle_invalid_data(req):`
			`# print(str(e))`
			`return render_template("signup.html", is_email_user = False)`

reworded some comments. removed some newlines. 2020-11-27 21:12:02 -05:00			`# Process input from user creation POST request`
added rule. added new bkg pic. CSS can change bkg pic. 2020-11-26 16:41:00 -05:00			`def signup():`
signup handling added 2020-11-26 17:06:39 -05:00			`app.route('/req/signup')`
signup creates an ident file now 2020-11-26 18:30:35 -05:00
added comments 2020-11-26 19:13:45 -05:00			`# Get all the params from the POST`
			`# request`
added validations for sshkey pub_key email 2020-11-27 20:41:17 -05:00			`username = request.form["username"].strip()`
			`email = request.form["email"].strip()`
			`pub_key = request.form["pub_key"].strip()`
			`shell = request.form["shell"].strip()`
			`rule_read = request.form["rule_read"].strip()`
added rule. added new bkg pic. CSS can change bkg pic. 2020-11-26 16:41:00 -05:00
signup handling added 2020-11-26 17:06:39 -05:00			`is_email_user = False;`

added comments 2020-11-26 19:13:45 -05:00			`# If a user didnt read the rules`
			`# send them back`
added rule. added new bkg pic. CSS can change bkg pic. 2020-11-26 16:41:00 -05:00			`if(rule_read != "on"):`
signup handling added 2020-11-26 17:06:39 -05:00			`return redirect(url_for('req'))`

added comments 2020-11-26 19:13:45 -05:00			`# Set placeholder if user didnt send an email`
signup handling added 2020-11-26 17:06:39 -05:00			`if(len(email) > 1):`
			`is_email_user = True`
signup creates an ident file now 2020-11-26 18:30:35 -05:00			`else:`
			`email = "NO_EMAIL"`

added validations for shell enum 2020-11-27 20:58:23 -05:00			`# Validate shell`
			`if(not shell in conf_obj["shell"]):`
			`print("failed shell validation")`
			`return handle_invalid_data(req)`

added validations for sshkey pub_key email 2020-11-27 20:41:17 -05:00			`# Validate email`
reworded some comments. removed some newlines. 2020-11-27 21:12:02 -05:00			`if( is_email_user and not re.search(EMAIL_REGEX, email)):`
added validations for sshkey pub_key email 2020-11-27 20:41:17 -05:00			`print("failed email validation")`
			`return handle_invalid_data(req)`

			`# Validate the SSH pub key`
			`# Most software only handles up to 4096 bit keys`
			`if(len(pub_key) > MAX_PUB_KEY_LEN):`
			`print("key failed len check")`
			`return handle_invalid_data(req)`

			`# Only printable ascii characters in`
			`# a valid key`
reworded some comments. removed some newlines. 2020-11-27 21:12:02 -05:00			`# if(not re.search("^[ -~]+$", pub_key)):`
			`if(not re.search(KEY_REGEX, pub_key)):`
added validations for sshkey pub_key email 2020-11-27 20:41:17 -05:00			`print("key failed regex")`
			`return handle_invalid_data(req)`

			`# Check the key against a library`
reworded some comments. removed some newlines. 2020-11-27 21:12:02 -05:00			`key = sshpubkeys.SSHKey(`
			`pub_key,`
			`strict_mode=False,`
			`skip_option_parsing=True`
			`)`
added validations for sshkey pub_key email 2020-11-27 20:41:17 -05:00			`try:`
			`key.parse()`
			`except Exception as e:`
			`print("key failed lib validation")`
			`return handle_invalid_data(request)`

added comments 2020-11-26 19:13:45 -05:00			`# All users requests have a sequential ID`
reworded some comments. removed some newlines. 2020-11-27 21:12:02 -05:00			`# The below picks the next ID based on`
			`# how many requests we already have saved`
			`# to disk`
added the req directory 2020-11-27 01:07:33 -05:00			`if(len(glob.glob(ACCOUNT_DIR + str("[0-9]ident"))) == 0):`
signup creates an ident file now 2020-11-26 18:30:35 -05:00			`new_id = int(INIT_REQ_ID)`
			`new_id_str = INIT_REQ_ID`
			`else:`
reformatted some more lambdas 2020-11-27 21:01:20 -05:00			`max_id = max(`
			`list(map(`
			`lambda path : path.split("/")[-1].split(".")[0],`
			`glob.glob(str(ACCOUNT_DIR) + "[0-9]ident")))`
			`)`
signup creates an ident file now 2020-11-26 18:30:35 -05:00			`zpad = len(max_id)`
			`new_id = int(max_id)+1`
			`new_id_str = str(new_id).zfill(zpad)`
signup handling added 2020-11-26 17:06:39 -05:00
added comments 2020-11-26 19:13:45 -05:00			`# write the request to disk`
signup creates an ident file now 2020-11-26 18:30:35 -05:00			`fn1 = str(FULL_PATH) + str(new_id_str) + ".ident"`
			`with open(fn1, "w") as ident_file:`
			`ident_file.write(str(username) + "\n")`
			`ident_file.write(str(email) + "\n")`
			`ident_file.write(str(shell) + "\n")`
on app.py.... dont need to save rules_read to file. added pub_key to file write 2020-11-26 19:35:36 -05:00			`ident_file.write(str(pub_key) + "\n")`
signup creates an ident file now 2020-11-26 18:30:35 -05:00
signup handling added 2020-11-26 17:06:39 -05:00			`return render_template("signup.html", is_email_user = is_email_user)`
added app.py to test site 2020-11-21 19:41:37 -05:00
site_name is now part of conf 2020-11-26 20:01:11 -05:00			`@app.context_processor`
			`def get_site_name():`
			`return {"site_name": conf_obj["site_name"]}`

added app.py to test site 2020-11-21 19:41:37 -05:00			`if __name__=="__main__":`
added rule. added new bkg pic. CSS can change bkg pic. 2020-11-26 16:41:00 -05:00			`app.add_url_rule('/rules', 'rules', rules)`
added logic for req template 2020-11-22 01:24:41 -05:00			`app.add_url_rule('/req', 'req', req, methods = ['POST', 'GET'])`
signup handling added 2020-11-26 17:06:39 -05:00			`app.add_url_rule('/req/signup', 'signup', signup, methods = ['POST'])`
added listen_ip to the conf file 2020-11-26 19:05:48 -05:00			`app.run(host=conf_obj["listen_ip"],debug=True)`