Skip to content
Normal view Permalink
module.py 75.3 KiB
Newer Older
Marco De Donno's avatar
Base flask application (startup and /ping route)
Marco De Donno committed
1 2 3 
#!/usr/bin/python
# -*- coding: UTF-8 -*-
Marco De Donno's avatar
TOTP page to change the secret value in the DB  
Marco De Donno committed
4 
from cStringIO import StringIO
Marco De Donno's avatar
Import refactoring  
Marco De Donno committed
5 
from datetime import datetime, timedelta
Marco De Donno's avatar
Password reset basic interface routing and email sending  
Marco De Donno committed
6 7 
from email.mime.text import MIMEText
from threading import Thread
Marco De Donno's avatar
Add the session management  
Marco De Donno committed
8 
from uuid import uuid4
Marco De Donno's avatar
Password reset basic interface routing and email sending  
Marco De Donno committed
9 
import base64
Marco De Donno's avatar
Import refactoring  
Marco De Donno committed
10 
import cPickle
Marco De Donno's avatar
Add the @login_required decorator and refactoring of the code  
Marco De Donno committed
11 
import functools
Marco De Donno's avatar
Password reset basic interface routing and email sending  
Marco De Donno committed
12 13 
import hashlib
import json
Marco De Donno's avatar
Base flask application (startup and /ping route)
Marco De Donno committed
14 
import os
Marco De Donno's avatar
Password reset basic interface routing and email sending  
Marco De Donno committed
15 
import smtplib
Marco De Donno's avatar
Base flask application (startup and /ping route)
Marco De Donno committed
16
Marco De Donno's avatar
Rotate the uploaded images if the EXIF informations are present  
Marco De Donno committed
17 
from PIL import Image
Marco De Donno's avatar
Basic home page and login form  
Marco De Donno committed
18 
from flask import Flask
Marco De Donno's avatar
Do the login with a ajax query  
Marco De Donno committed
19 
from flask import jsonify
Marco De Donno's avatar
Basic home page and login form  
Marco De Donno committed
20 
from flask import render_template, send_from_directory
Marco De Donno's avatar
Basic authentification system  
Marco De Donno committed
21 
from flask import request
Marco De Donno's avatar
TOTP page to change the secret value in the DB  
Marco De Donno committed
22 
from flask import send_file
Marco De Donno's avatar
Basic home page and login form  
Marco De Donno committed
23 24 
from flask import session
from flask import url_for
Marco De Donno's avatar
Base flask application (startup and /ping route)
Marco De Donno committed
25 
from flask_compress import Compress
Marco De Donno's avatar
Add the session management  
Marco De Donno committed
26 
from flask_session import Session
Marco De Donno's avatar
Encrypt the important uploaded data  
Marco De Donno committed
27 28 
from werkzeug import abort, redirect
import gnupg
Marco De Donno's avatar
Add TOTP support  
Marco De Donno committed
29 
import pyotp
Marco De Donno's avatar
Save to the db the creation and usage time for the security keys  
Marco De Donno committed
30 
import pytz
Marco De Donno's avatar
TOTP page to change the secret value in the DB  
Marco De Donno committed
31 
import qrcode
Marco De Donno's avatar
Add support for webauthn protocol  
Marco De Donno committed
32 
import webauthn
Marco De Donno's avatar
Add the session management  
Marco De Donno committed
33
Marco De Donno's avatar
Add the basic PFSP page for latent  
Marco De Donno committed
34 
from const import pfsp
Marco De Donno's avatar
Import ordering  
Marco De Donno committed
35 
from functions import float_or_null
Marco De Donno's avatar
Encrypt the important uploaded data  
Marco De Donno committed
36 
from functions import pbkdf2, AESCipher
Marco De Donno's avatar
Import ordering  
Marco De Donno committed
37 
from functions import pil2buffer
Marco De Donno's avatar
Password reset basic interface routing and email sending  
Marco De Donno committed
38 39 
from functions import random_data
from functions import render_jinja_html
Marco De Donno's avatar
Rotate the uploaded images if the EXIF informations are present  
Marco De Donno committed
40 
from functions import rotate_image_upon_exif
Marco De Donno's avatar
Add the session management  
Marco De Donno committed
41 
import config
Marco De Donno's avatar
Base flask application (startup and /ping route)
Marco De Donno committed
42
Marco De Donno's avatar
Set the upload parallel to 1 for tenprints, and increase the memory size for PIL images (to 1Go)  
Marco De Donno committed
43 44 45 46 
Image.MAX_IMAGE_PIXELS = 1 * 1024 * 1024 * 1024

################################################################################
Marco De Donno's avatar
Rename the main flask app  
Marco De Donno committed
47 
app = Flask( __name__ )
Marco De Donno's avatar
Add the session management  
Marco De Donno committed
48 49 
app.config.from_pyfile( 'config.py' )
Marco De Donno's avatar
Rename the main flask app  
Marco De Donno committed
50 
Compress( app )
Marco De Donno's avatar
Add the session management  
Marco De Donno committed
51 
Session( app )
Marco De Donno's avatar
Base flask application (startup and /ping route)
Marco De Donno committed
52 53 54 

debug = os.environ.get( "DEBUG", False )
baseurl = os.environ.get( "BASEURL", "" )
Marco De Donno's avatar
Add the environment type on all pages  
Marco De Donno committed
55 
envtype = os.environ.get( "ENVTYPE", "" )
Marco De Donno's avatar
Base flask application (startup and /ping route)
Marco De Donno committed
56
Marco De Donno's avatar
Add the @login_required decorator and refactoring of the code  
Marco De Donno committed
57 
################################################################################
Marco De Donno's avatar
Add the redis.cache() decorator to store the result of a function into redis as cache  
Marco De Donno committed
58 
#    Decorators
Marco De Donno's avatar
Add the @login_required decorator and refactoring of the code  
Marco De Donno committed
59
Marco De Donno's avatar
Add the @session_field_require() decorator to check the content of a value in the current session  
Marco De Donno committed
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 
def session_field_required( field, value ):
    def decorator( func ):
        @functools.wraps( func )
        def wrapper_login_required( *args, **kwargs ):
            if not field in session:
                return redirect( url_for( "login" ) )
            
            elif not session.get( field ) == value:
                return redirect( url_for( "login" ) )
            
            return func( *args, **kwargs )
    
        return wrapper_login_required
    
    return decorator
Marco De Donno's avatar
Add the @login_required decorator and refactoring of the code  
Marco De Donno committed
76 77 78 79 
def login_required( func ):
    @functools.wraps( func )
    def wrapper_login_required( *args, **kwargs ):
        if not session.get( 'logged', False ) :
Marco De Donno's avatar
Remove the redirection after the login  
Marco De Donno committed
80 
            return redirect( url_for( "login" ) )
Marco De Donno's avatar
Add the @login_required decorator and refactoring of the code  
Marco De Donno committed
81 82 83 84 85 
        
        return func( *args, **kwargs )

    return wrapper_login_required
Marco De Donno's avatar
Add the @referer_required decorator  
Marco De Donno committed
86 87 88 89 90 91 92 93 94 95 
def referer_required( func ):
    @functools.wraps( func )
    def wrapper_login_required( *args, **kwargs ):
        if not request.headers.get( "Referer", False ):
            return "referrer needed", 404
        
        return func( *args, **kwargs )

    return wrapper_login_required
Marco De Donno's avatar
Basic sign in form and validation process  
Marco De Donno committed
96 97 98 99 100 101 102 103 104 105 
def admin_required( func ):
    @functools.wraps( func )
    def wrapper_login_required( *args, **kwargs ):
        if not session.get( 'logged', False ) or not session.get( 'account_type', None ) == 1:
            return redirect( url_for( "login" ) )
        
        return func( *args, **kwargs )

    return wrapper_login_required
Marco De Donno's avatar
Add the redis.cache() decorator to store the result of a function into redis as cache  
Marco De Donno committed
106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 
def redis_cache( ttl = 3600 ):
    def decorator( func ):
        @functools.wraps( func )
        def wrapper_cache( *args, **kwargs ):
            lst = []
            lst.append( func.__name__ )
            lst.extend( args )
            index = "_".join( lst )
            index = hashlib.sha256( index ).hexdigest()
            
            d = config.redis_shared.get( index )
            
            if d != None:
                buff = StringIO()
                buff.write( base64.b64decode( d ) )
                buff.seek( 0 )
Marco De Donno's avatar
Import refactoring  
Marco De Donno committed
123 
                return cPickle.load( buff )
Marco De Donno's avatar
Add the redis.cache() decorator to store the result of a function into redis as cache  
Marco De Donno committed
124 125 126 127 128 
            
            else:
                d = func( *args, **kwargs )
                
                buff = StringIO()
Marco De Donno's avatar
Import refactoring  
Marco De Donno committed
129 
                cPickle.dump( d, buff )
Marco De Donno's avatar
Add the redis.cache() decorator to store the result of a function into redis as cache  
Marco De Donno committed
130 131 132 133 134 135 136 137 138 139 
                buff.seek( 0 )
                d_cached = base64.b64encode( buff.getvalue() )
                
                config.redis_shared.set( index, d_cached, ex = ttl )
                
                return d
    
        return wrapper_cache
    return decorator
Marco De Donno's avatar
Base flask application (startup and /ping route)
Marco De Donno committed
140 141 142 
################################################################################
#    Generic routing
Marco De Donno's avatar
Rename the main flask app  
Marco De Donno committed
143 
@app.route( baseurl + '/ping' )
Marco De Donno's avatar
Base flask application (startup and /ping route)
Marco De Donno committed
144 145 146 
def ping():
    return "pong"
Marco De Donno's avatar
Basic home page and login form  
Marco De Donno committed
147 148 149 150 151 152 153 
################################################################################
#    App serving

@app.route( baseurl + '/app/<path>' )
def send_app_files( path ):
    return send_from_directory( 'app', path )
Marco De Donno's avatar
Add the TOTP help page  
Marco De Donno committed
154 155 156 157 
@app.route( baseurl + '/static/<path>' )
def send_static_files( path ):
    return send_from_directory( 'static', path )
Marco De Donno's avatar
Add the session management  
Marco De Donno committed
158 159 160 161 162 163 164 165 
################################################################################
#    Sessions

@app.before_request
def renew_session():
    session.permanent = True
    app.permanent_session_lifetime = timedelta( seconds = config.session_timeout )
Marco De Donno's avatar
Add the is_logged() function  
Marco De Donno committed
166 167 168 169 170 171 172 173 
@app.route( baseurl + '/is_logged' )
def is_logged():
    if session.get( "logged", False ):
        return "ok"
    
    else:
        return abort( 403 )
Marco De Donno's avatar
Basic home page and login form  
Marco De Donno committed
174 175 176 177 178 179 
@app.route( baseurl + '/logout' )
def logout():
    session.clear()
    return redirect( url_for( 'home' ) )

@app.route( baseurl + '/login' )
Marco De Donno's avatar
Remove the redirection after the login  
Marco De Donno committed
180 181 
def login():
    session.clear()
Marco De Donno's avatar
Add the auto-location on login  
Marco De Donno committed
182
Marco De Donno's avatar
Workflow refactoring  
Marco De Donno committed
183 
    session[ 'process' ] = "login"
Marco De Donno's avatar
Login function refactoring  
Marco De Donno committed
184 185 
    session[ 'need_to_check' ] = [ 'password' ]
    session[ 'logged' ] = False
Marco De Donno's avatar
Encrypt the submission nickname on the client side  
Marco De Donno committed
186 
    session[ 'session_security_key' ] = str( uuid4() )
Marco De Donno's avatar
Basic authentification system  
Marco De Donno committed
187
Marco De Donno's avatar
Basic home page and login form  
Marco De Donno committed
188 189 190 191 
    return render_template( 
        "login.html",
        baseurl = baseurl,
        js = config.cdnjs,
Marco De Donno's avatar
Encrypt the submission nickname on the client side  
Marco De Donno committed
192 
        css = config.cdncss,
Marco De Donno's avatar
Auto-reload the login page to renew the client side session encryption key  
Marco De Donno committed
193 
        session_timeout = config.session_timeout,
Marco De Donno's avatar
Add the environment type on all pages  
Marco De Donno committed
194 195 
        session_security_key = session.get( "session_security_key" ),
        envtype = envtype
Marco De Donno's avatar
Basic home page and login form  
Marco De Donno committed
196 197 198 199 
    )

@app.route( baseurl + '/do_login', methods = [ 'POST' ] )
def do_login():
Marco De Donno's avatar
Login function refactoring  
Marco De Donno committed
200 
    need_to_check = session.get( "need_to_check", [ 'password' ] )
Loading full blame...