module.py

#!/usr/bin/python
# -*- coding: UTF-8 -*-

from cStringIO import StringIO
from datetime import datetime
from email.mime.application import MIMEApplication
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from logging.config import dictConfig
from uuid import uuid4
import base64
import hashlib
import logging
import json
import os

from PIL import Image
from flask import Flask
from flask import jsonify
from flask import request, has_request_context
from flask import send_file
from flask import session
from flask import url_for
from flask_compress import Compress
from flask_session import Session
from pyzbar import pyzbar
from werkzeug import abort, redirect
from werkzeug.http import http_date
from werkzeug.middleware.proxy_fix import ProxyFix
import gnupg
import pdf2image
import re

from NIST.fingerprint import NISTf_auto
from PiAnoS import caseExistsInDB

from const import pfsp

import utils
from utils.decorator import admin_required, login_required, submission_has_access
from utils.template import my_render_template

from functions import dek_generate, do_encrypt_dek, do_decrypt_dek, dek_check
from functions import do_encrypt_user_session, do_decrypt_user_session
from functions import no_preview_image
from functions import mySMTP

import config

################################################################################

logrequestre = re.compile( "(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).*\[[^\]]+\]\s(.*)" )

class RequestFormatter( logging.Formatter ):
    def format( self, record ):
        if has_request_context():
            try:
                username = session[ "username" ] 
            except:
                username = "-"
            
            record.msg = "{REMOTE_ADDR} (" + username + ") - " + record.msg
            record.msg = record.msg.format( **request.headers.environ )
        
        m = logrequestre.match( record.msg )
        if m:
            record.msg = m.group( 2 )
        
        return super( RequestFormatter, self ).format( record )

class myFilter( object ):
    def filter( self, record ):
        if "{}/ping".format( config.baseurl ) in record.msg and " 200 " in record.msg:
            return 0
        else:
            return 1

class myStreamHandler( logging.StreamHandler ):
    def __init__( self ):
        logging.StreamHandler.__init__( self )
        self.addFilter( myFilter() )

dictConfig( {
    "version": 1,
    "formatters": {
        "default": {
            "()": "module.RequestFormatter",
            "format": "[%(asctime)s] %(levelname)s: \t%(message)s",
        }
    },
    "handlers": {
        "console": {
            "class": "module.myStreamHandler",
            "formatter": "default"
        }
    },
    "root": {
        "level": "INFO",
        "handlers": [ "console" ]
    }
} )

################################################################################

app = Flask( __name__ )
app.config.from_pyfile( "config.py" )

Compress( app )
Session( app )

if config.PROXY:
    app.wsgi_app = ProxyFix( app.wsgi_app )

################################################################################
#    Import the views

from views.base import base
app.register_blueprint( base, url_prefix = "/" )
app.register_blueprint( base, url_prefix = config.baseurl )

from views.files import files
app.register_blueprint( files, url_prefix = config.baseurl )

from views.login import login_view
app.register_blueprint( login_view, url_prefix = config.baseurl )

from views.newuser import newuser_view
app.register_blueprint( newuser_view, url_prefix = config.baseurl )

################################################################################
#    Headers

@app.after_request
def add_header( r ):
    for c in [ "/cdn", "/static" ]:
        if request.path.startswith( config.baseurl + c ):
            break
        
    else:
        r.headers[ "Last-Modified" ] = http_date( datetime.now() )
        r.headers[ "Cache-Control" ] = "no-cache, no-store, must-revalidate, max-age=0, s-maxage=0"
        r.headers[ "Pragma" ] = "no-cache"
        r.headers[ "Expires" ] = "0"
    
    return r

################################################################################


################################################################################
#    DEK encryption/decryption

@app.route( config.baseurl + "/dek/reconstruct", methods = [ "POST" ] )
@login_required
def dek_regenerate():
    app.logger.info( "DEK reconstruction" )
    try:
        email_hash = request.form.get( "email_hash" )
        username = session.get( "username" )
        
        app.logger.debug( "User: {}".format( username ) )
        
        sql = "SELECT * FROM donor_dek WHERE donor_name = %s"
        user = config.db.query_fetchone( sql, ( username, ) )
        
        if user[ "salt" ] == None:
            app.logger.error( "No DEK salt for user '{}'".format( session[ "username" ] ) )
            raise
        
        _, dek, _ = dek_generate( username = username, email_hash = email_hash, salt = user[ "salt" ] )
        
        app.logger.debug( "DEK reconstructed: {}...".format( dek[ 0:10 ] ) )
        
        check = utils.aes.do_decrypt( user[ "dek_check" ], dek )
        check = json.loads( check )
        
        if check[ "value" ] != "ok":
            app.logger.error( "DEK check error for user '{}'".format( session[ "username" ] ) )
            raise
        
        app.logger.debug( "DEK check OK" )
        
        sql = "UPDATE donor_dek SET dek = %s WHERE id = %s AND donor_name = %s"
        config.db.query( sql, ( dek, user[ "id" ], username, ) )
        config.db.commit()
        
        app.logger.info( "Reconstructed DEK saved to the database" )
        
        return jsonify( {
            "error": False
        } )
    
    except:
        return jsonify( {
            "error": True
        } )

@app.route( config.baseurl + "/dek/delete" )
@login_required
def dek_delete():