gashapwn
/
lyadmin
1
1
Fork 0
Code Issues 15 Pull Requests 0 Releases 2 Wiki Activity
scripts and tools to administer the lingy.in public unix / tilde
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
46 Commits
2 Branches
1.6MB
Tree: a54b0a4b53
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a54b0a4b53'
${ noResults }
lyadmin/app.py

253 lines
6.9KB
Raw Blame History 

  1. import glob

  2. import json

  3. 

  4. import re

  5. import sshpubkeys

  6. 

  7. from flask import Flask, redirect, url_for, render_template, request

  8. 

  9. # lyadmin

  10. # scripts and web form for a tilde / PAUS instance

  11. #

  12. # gashapwn

  13. # Nov 2020

  14. #

  15. # https://git.lain.church/gashapwn/lyadmin

  16. # gashapwn@protonmail.com

  17. # or

  18. # gasahwpn on irc.lainchan.org

  19. 

  20. app=Flask(__name__)

  21. 

  22. # Paths for conf file,

  23. #           user list,

  24. #           directory containing

  25. #           account request files...

  26. ACCOUNT_PATH = "./req/";

  27. CONF_FN = "lyadmin.conf.json"

  28. CONF_PATH = "./" + str(CONF_FN)

  29. 

  30. # validation stuff

  31. MAX_PUB_KEY_LEN = 5000

  32. EMAIL_REGEX = "^[a-z0-9]+[\._]?[a-z0-9]+[@]\w+[.]\w{2,10}$"

  33. KEY_REGEX = "^[ -~]+$"

  34. 

  35. # Account requests are given ID numbers

  36. # the first request will have the below

  37. # id number

  38. INIT_REQ_ID = "00000"

  39. 

  40. # The main home page

  41. @app.route("/")

  42. def home():

  43.     app.route('/')

  44. 

  45.     # Load the list of tilde users

  46.     # to generate links for

  47.     u_list = [];

  48.     with open("user_list.txt") as u_file:

  49.         for line in u_file.readlines():

  50.             u_list.append(line.strip());

  51.     

  52.     return render_template("index.html", u_list=u_list, page_name="home")

  53. 

  54. # Generates the page with rule. No logic needed.

  55. def rules():

  56.     return render_template("rules.html")

  57. 

  58. # Generate HTML for a form widget

  59. def widg_fun(widg):

  60.     if(widg.w_type == "input"):

  61.         return "input id=id_%s name=%s type=text></input"%(

  62.             widg.w_name, widg.w_name

  63.         )

  64.     elif(widg.w_type == "textarea"):

  65.         return "textarea cols=40 id=id_%s name=%s rows=10 required=\"\""%(

  66.             widg.w_name, widg.w_name

  67.         )

  68.     elif(widg.w_type == "check"):

  69.         return "input id=id_%s name=%s type=checkbox required=\"\""%(

  70.             widg.w_name, widg.w_name)

  71.     return widg.w_type;

  72. 

  73. # Generate HTML for request form

  74. # probably a strange way to do this...

  75. def req():

  76.     app.route('/req')

  77.     class Widg:

  78.         def __init__(self, w_name, w_type, w_opt):

  79.             self.w_name = w_name

  80.             self.w_type = w_type

  81.             self.w_opt = w_opt # only for choice type widg

  82. 

  83.     # Configuration for our request form

  84.     rt = {

  85.         "username": Widg(

  86.             "username",

  87.             "input",

  88.             None

  89.         ),

  90.         "email for account lockout / registration confirmation (optional)": Widg(

  91.             "email",

  92.             "input",

  93.             None

  94.         ),

  95.         "SSH public key": Widg(

  96.             "pub_key",

  97.             "textarea",

  98.             None

  99.         ),

  100.         "shell of choice": Widg(

  101.             "shell",

  102.             "choice",

  103.             conf_obj["shell_tup_list"]

  104.         ),

  105.         "have you read the rules?": Widg(

  106.             "rule_read", "check", None

  107.         )

  108.         };

  109.     return render_template(

  110.         "req.html",

  111.         req_tab = rt,

  112.         widg_fun = widg_fun,

  113.         page_name="req"

  114.     )

  115. 

  116. def handle_invalid_data(req):

  117.     # print(str(e))

  118.     return render_template("signup.html", is_email_user = False)

  119. 

  120. # Process input from user creation POST request

  121. def signup():

  122.     app.route('/req/signup')

  123. 

  124.     # Get all the params from the POST

  125.     # request

  126.     username = request.form["username"].strip()

  127.     email = request.form["email"].strip()

  128.     pub_key = request.form["pub_key"].strip()

  129.     shell = request.form["shell"].strip()

  130.     rule_read = request.form["rule_read"].strip()

  131.     xff_header = request.headers["X-Forwarded-For"]

  132. 

  133.     is_email_user = False;

  134. 

  135.     # If a user didnt read the rules

  136.     # send them back

  137.     if(rule_read != "on"):

  138.         return redirect(url_for('req'))

  139. 

  140.     # Set placeholder if user didnt send an email

  141.     if(len(email) > 1):

  142.         is_email_user = True

  143.     else:

  144.         email = "NO_EMAIL"

  145. 

  146.     # Validate shell

  147.     if(not shell in conf_obj["shell"]):

  148.         print("failed shell validation")

  149.         return handle_invalid_data(req)

  150. 

  151.     # Validate email

  152.     if( is_email_user and not re.search(EMAIL_REGEX, email)):

  153.         print("failed email validation")

  154.         return handle_invalid_data(req)

  155.         

  156.     # Validate the SSH pub key

  157.     # Most software only handles up to 4096 bit keys

  158.     if(len(pub_key) > MAX_PUB_KEY_LEN):

  159.         print("key failed len check")

  160.         return handle_invalid_data(req)

  161. 

  162.     # Only printable ascii characters in

  163.     # a valid key

  164.     # if(not re.search("^[ -~]+$", pub_key)):

  165.     if(not re.search(KEY_REGEX, pub_key)):

  166.         print("key failed regex")

  167.         return handle_invalid_data(req)

  168. 

  169.     # Check the key against a library

  170.     key = sshpubkeys.SSHKey(

  171.         pub_key,

  172.         strict_mode=False,

  173.         skip_option_parsing=True

  174.     )

  175.     try:

  176.         key.parse()

  177.     except Exception as e:

  178.         print("key failed lib validation")

  179.         return handle_invalid_data(request)

  180. 

  181.     if(len(xff_header) < 1):

  182.         xff_header = "NO_XFF"

  183.     

  184.     # All users requests have a sequential ID

  185.     # The below picks the next ID based on

  186.     # how many requests we already have saved

  187.     # to disk

  188.     if(len(glob.glob(ACCOUNT_PATH + str("[0-9]*ident*"))) == 0):

  189.         new_id = int(INIT_REQ_ID)

  190.         new_id_str = INIT_REQ_ID

  191.     else:

  192.         max_id = max(

  193.             list(map(

  194.                 lambda path : path.split("/")[-1].split(".")[0],

  195.                 glob.glob(str(ACCOUNT_PATH) + "[0-9]*ident*")))

  196.         )

  197.         zpad = len(max_id)

  198.         new_id = int(max_id)+1

  199.         new_id_str = str(new_id).zfill(zpad)

  200. 

  201.     # write the request to disk

  202.     # fn1 = str(FULL_PATH) + str(new_id_str) + ".ident"

  203.     fn1 = str(ACCOUNT_PATH) + str(new_id_str) + ".ident"

  204.     with open(fn1, "w") as ident_file:

  205.         ident_file.write(str(username) + "\n")

  206.         ident_file.write(str(email) + "\n")

  207.         ident_file.write(str(shell) + "\n")

  208.         ident_file.write(str(pub_key) + "\n")

  209.         ident_file.write(str(xff_header) + "\n")

  210.         

  211.     return render_template("signup.html", is_email_user = is_email_user)

  212. 

  213. @app.context_processor

  214. def get_site_name():

  215.       return {"site_name": conf_obj["site_name"]}

  216. 

  217. @app.context_processor

  218. def get_admin_email():

  219.       return {"admin_email": conf_obj["admin_email"]}

  220. 

  221. def check_pwd_for_conf():

  222.     pwd_file_list = list(map(

  223.         lambda path : path.split("/")[-1],

  224.         glob.glob("*")

  225.     ))

  226.     if(not CONF_FN in pwd_file_list):

  227.         print("could not find " + str(CONF_PATH))

  228.         print("please run in the installation directory")

  229.         return False

  230.     return True

  231. 

  232. # MAIN STARTS HERE

  233. if(__name__=="__main__" and check_pwd_for_conf()):

  234.     # Slurp the conf file

  235.     with open(CONF_PATH) as c: conf_json_str = c.read()

  236.     conf_obj = json.loads(conf_json_str)

  237. 

  238.     # A global list of all the shell enums

  239.     conf_obj["shell_tup_list"] = list(map(

  240.         lambda k : (

  241.             k, conf_obj["shell"][k]

  242.         ),

  243.         list(conf_obj["shell"].keys())

  244.     ))

  245. 

  246.     # Setup URL rules

  247.     app.add_url_rule('/rules', 'rules', rules)

  248.     app.add_url_rule('/req', 'req', req, methods = ['POST', 'GET'])

  249.     app.add_url_rule('/req/signup', 'signup', signup, methods = ['POST'])

  250. 

  251.     # Run that app!

  252.     app.run(host=conf_obj["listen_ip"],debug=True)