module.py

#!/usr/bin/python
# -*- coding: UTF-8 -*-

from cStringIO import StringIO
from datetime import datetime
from datetime import timedelta
from email.mime.text import MIMEText
from threading import Thread
from uuid import uuid4
import base64
import functools
import hashlib
import json
import os
import smtplib

from PIL import Image
from flask import Flask
from flask import jsonify
from flask import render_template, send_from_directory 
from flask import request
from flask import send_file
from flask import session
from flask import url_for
from flask_compress import Compress
from flask_session import Session
from pyotp import random_base32
from werkzeug import abort, redirect
import gnupg
import psycopg2
import pyotp
import pytz
import qrcode
import webauthn

from functions import pbkdf2, AESCipher
from functions import random_data
from functions import render_jinja_html
from functions import rotate_image_upon_exif
import config

################################################################################

Image.MAX_IMAGE_PIXELS = 1 * 1024 * 1024 * 1024

################################################################################

app = Flask( __name__ )
app.config.from_pyfile( 'config.py' )

Compress( app )
Session( app )

debug = os.environ.get( "DEBUG", False )
baseurl = os.environ.get( "BASEURL", "" )

################################################################################
#    Loggin decorator

def session_field_required( field, value ):
    def decorator( func ):
        @functools.wraps( func )
        def wrapper_login_required( *args, **kwargs ):
            if not field in session:
                return redirect( url_for( "login" ) )
            
            elif not session.get( field ) == value:
                return redirect( url_for( "login" ) )
            
            return func( *args, **kwargs )
    
        return wrapper_login_required
    
    return decorator

def login_required( func ):
    @functools.wraps( func )
    def wrapper_login_required( *args, **kwargs ):
        if not session.get( 'logged', False ) :
            return redirect( url_for( "login" ) )
        
        return func( *args, **kwargs )

    return wrapper_login_required

def referer_required( func ):
    @functools.wraps( func )
    def wrapper_login_required( *args, **kwargs ):
        if not request.headers.get( "Referer", False ):
            return "referrer needed", 404
        
        return func( *args, **kwargs )

    return wrapper_login_required

def admin_required( func ):
    @functools.wraps( func )
    def wrapper_login_required( *args, **kwargs ):
        if not session.get( 'logged', False ) or not session.get( 'account_type', None ) == 1:
            return redirect( url_for( "login" ) )
        
        return func( *args, **kwargs )

    return wrapper_login_required

################################################################################
#    Generic routing

@app.route( baseurl + '/ping' )
def ping():
    return "pong"

################################################################################
#    App serving

@app.route( baseurl + '/app/<path>' )
def send_app_files( path ):
    return send_from_directory( 'app', path )

@app.route( baseurl + '/static/<path>' )
def send_static_files( path ):
    return send_from_directory( 'static', path )

################################################################################
#    Sessions

@app.before_request
def renew_session():
    session.permanent = True
    app.permanent_session_lifetime = timedelta( seconds = config.session_timeout )

@app.route( baseurl + '/logout' )
def logout():
    session.clear()
    return redirect( url_for( 'home' ) )

@app.route( baseurl + '/login' )
def login():
    session.clear()
    session[ 'process' ] = "login"
    session[ 'need_to_check' ] = [ 'password' ]
    session[ 'logged' ] = False
    
    return render_template( 
        "login.html",
        baseurl = baseurl,
        js = config.cdnjs,
        css = config.cdncss
    )

@app.route( baseurl + '/do_login', methods = [ 'POST' ] )
def do_login():
    need_to_check = session.get( "need_to_check", [ 'password' ] )
    try:
        current_check = need_to_check[ 0 ]
    except:
        current_check = None
    
    session[ 'need_to_check' ] = need_to_check
    
    ############################################################################
    
    if current_check == "password":
        q = config.db.query( 'SELECT * FROM users WHERE username = %s', ( request.form.get( "username" ), ) )
        user = q.fetchone()
        
        if user == None:
            session[ 'logged' ] = False
            return jsonify( {
                'error': False,
                'logged': False
            } )
        
        form_password = request.form.get( "password", None )
        
        if form_password == None or not pbkdf2( form_password, user[ 'password' ] ):
            session[ 'logged' ] = False
            return jsonify( {
                'error': False,
                'logged': False,
            } )
        
        elif not user[ 'active' ]:
            session[ 'logged' ] = False
            return jsonify( {
                'error': False,
                'logged': False,
                'message': 'Your account is not activated. Please contact an administrator.'
            } )
        
        else:
            session[ 'session_id' ] = str( uuid4() )
            session[ 'username' ] = user[ 'username' ]
            session[ 'user_id' ] = user[ 'id' ]
            session[ 'password_check' ] = True
            
            session[ 'need_to_check' ].remove( current_check )
            session[ 'password' ] = pbkdf2( form_password, "AES256", 50000 )
            
            if user[ 'must_use_totp' ]: