gashapwn/lyadmin
1
1
Fork 0
Code Issues 15 Pull Requests Releases 2 Wiki Activity

reworded some comments. removed some newlines.

Browse Source
This commit is contained in:
gashapwn 2020-11-28 02:12:02 +00:00
parent 2ad636e887
commit 90e1a3a73b
1 changed files with 32 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
app.py
View File

@ -29,8 +29,10 @@ ACCOUNT_DIR = "req/";
FULL_PATH = str(WORKING_DIR) + str(ACCOUNT_DIR) FULL_PATH = str(WORKING_DIR) + str(ACCOUNT_DIR)
CONF_PATH = str(WORKING_DIR) + "lyadmin.conf.json" CONF_PATH = str(WORKING_DIR) + "lyadmin.conf.json"
# validation stuff
MAX_PUB_KEY_LEN = 5000 MAX_PUB_KEY_LEN = 5000
EMAIL_REGEX = "^[a-z0-9]+[\._]?[a-z0-9]+[@]\w+[.]\w{2,10}$"
KEY_REGEX = "^[ -~]+$"
# Account requests are given ID numbers # Account requests are given ID numbers
# the first request will have the below # the first request will have the below
@ -42,7 +44,7 @@ with open(CONF_PATH) as c: conf_json_str = c.read()
conf_obj = json.loads(conf_json_str) conf_obj = json.loads(conf_json_str)
# A list of all the shell enums # A list of all the shell enums
conf_obj.shell_tup_list = list(map( conf_obj["shell_tup_list"] = list(map(
lambda k : ( lambda k : (
k, conf_obj["shell"][k] k, conf_obj["shell"][k]
), ),
@ -63,22 +65,23 @@ def home():
return render_template("index.html", u_list=u_list, page_name="home") return render_template("index.html", u_list=u_list, page_name="home")
# Generates the page with rule. No logic needed.
# The page with rules
def rules(): def rules():
return render_template("rules.html") return render_template("rules.html")
# Generate HTML for a form widget # Generate HTML for a form widget
def widg_fun(widg): def widg_fun(widg):
if(widg.w_type == "input"): if(widg.w_type == "input"):
# Return HTML for a single line input return "input id=id_%s name=%s type=text></input"%(
return "input id=id_%s name=%s type=text></input"%(widg.w_name, widg.w_name) widg.w_name, widg.w_name
)
elif(widg.w_type == "textarea"): elif(widg.w_type == "textarea"):
# Return HTML for a big text input box return "textarea cols=40 id=id_%s name=%s rows=10 required=\"\""%(
return "textarea cols=40 id=id_%s name=%s rows=10 required=\"\""%(widg.w_name, widg.w_name) widg.w_name, widg.w_name
)
elif(widg.w_type == "check"): elif(widg.w_type == "check"):
# Return HTML for a check box return "input id=id_%s name=%s type=checkbox required=\"\""%(
return "input id=id_%s name=%s type=checkbox required=\"\""%(widg.w_name, widg.w_name) widg.w_name, widg.w_name)
return widg.w_type; return widg.w_type;
# Generate HTML for request form # Generate HTML for request form
@ -111,19 +114,24 @@ def req():
"shell of choice": Widg( "shell of choice": Widg(
"shell", "shell",
"choice", "choice",
conf_obj.shell_tup_list conf_obj["shell_tup_list"]
), ),
"have you read the rules?": Widg( "have you read the rules?": Widg(
"rule_read", "check", None "rule_read", "check", None
) )
}; };
return render_template("req.html", req_tab = rt, widg_fun = widg_fun, page_name="req") return render_template(
"req.html",
req_tab = rt,
widg_fun = widg_fun,
page_name="req"
)
def handle_invalid_data(req): def handle_invalid_data(req):
# print(str(e)) # print(str(e))
return render_template("signup.html", is_email_user = False) return render_template("signup.html", is_email_user = False)
# Process input from the /req page # Process input from user creation POST request
def signup(): def signup():
app.route('/req/signup') app.route('/req/signup')
@ -139,8 +147,6 @@ def signup():
# If a user didnt read the rules # If a user didnt read the rules
# send them back # send them back
# Browser validations should
# prevent this....
if(rule_read != "on"): if(rule_read != "on"):
return redirect(url_for('req')) return redirect(url_for('req'))
@ -156,7 +162,7 @@ def signup():
return handle_invalid_data(req) return handle_invalid_data(req)
# Validate email # Validate email
if( not re.search("^[a-z0-9]+[\._]?[a-z0-9]+[@]\w+[.]\w{2,10}$", email)): if( is_email_user and not re.search(EMAIL_REGEX, email)):
print("failed email validation") print("failed email validation")
return handle_invalid_data(req) return handle_invalid_data(req)
@ -168,12 +174,17 @@ def signup():
# Only printable ascii characters in # Only printable ascii characters in
# a valid key # a valid key
if(not re.search("^[ -~]+$", pub_key)): # if(not re.search("^[ -~]+$", pub_key)):
if(not re.search(KEY_REGEX, pub_key)):
print("key failed regex") print("key failed regex")
return handle_invalid_data(req) return handle_invalid_data(req)
# Check the key against a library # Check the key against a library
key = sshpubkeys.SSHKey(pub_key, strict_mode=False, skip_option_parsing=True) key = sshpubkeys.SSHKey(
pub_key,
strict_mode=False,
skip_option_parsing=True
)
try: try:
key.parse() key.parse()
except Exception as e: except Exception as e:
@ -181,11 +192,9 @@ def signup():
return handle_invalid_data(request) return handle_invalid_data(request)
# All users requests have a sequential ID # All users requests have a sequential ID
# this checks how many requests we have # The below picks the next ID based on
# and gives us a free ID so we can save # how many requests we already have saved
# our request # to disk
# This sets the ID of the request we're
# abou to save to dsik
if(len(glob.glob(ACCOUNT_DIR + str("[0-9]*ident*"))) == 0): if(len(glob.glob(ACCOUNT_DIR + str("[0-9]*ident*"))) == 0):
new_id = int(INIT_REQ_ID) new_id = int(INIT_REQ_ID)
new_id_str = INIT_REQ_ID new_id_str = INIT_REQ_ID