hectamail-website/account/account.py

111 lines
3.6 KiB
Python
Raw Normal View History

2023-11-19 21:54:36 +00:00
from flask import Flask, render_template, request, redirect, url_for, make_response
2023-11-19 13:48:33 +00:00
import bcrypt
import sqlite3
import configparser
2023-11-20 00:56:42 +00:00
import subprocess
2023-11-19 13:48:33 +00:00
from waitress import serve
# Load from config.ini
config = configparser.ConfigParser()
2023-11-19 13:51:30 +00:00
config.read("../config.ini")
2023-11-19 23:47:22 +00:00
database = config.get("Account", "database")
runport = config.get("Account", "port")
2023-11-19 13:48:33 +00:00
# Status report
2023-11-19 23:47:22 +00:00
print("HectaMail Account Service is starting up...")
2023-11-19 13:48:33 +00:00
print("Your database is located at:", database)
app = Flask(__name__)
def fetch_hash_from_database(key):
conn = sqlite3.connect(database)
cursor = conn.cursor()
cursor.execute("SELECT value FROM passwords WHERE key = ?", (key,))
result = cursor.fetchone()
conn.close()
if result:
return result[0][7:] # Remove the first 7 characters
else:
return None
def verify_bcrypt(passphrase, hashed_password):
return bcrypt.checkpw(passphrase.encode('utf-8'), hashed_password.encode('utf-8'))
@app.route('/')
def index():
2023-11-20 01:05:00 +00:00
if 'passwordhash' in request.cookies and request.cookies.get('passwordhash'):
2023-11-20 01:06:38 +00:00
return redirect("/account/dashboard")
2023-11-20 01:05:00 +00:00
else:
return render_template('index.html')
2023-11-19 13:48:33 +00:00
2023-11-20 00:19:47 +00:00
@app.route('/loginapi', methods=['POST'])
2023-11-19 13:48:33 +00:00
def login():
key_to_fetch = request.form['email']
password_to_check = request.form['password']
2023-11-19 21:54:36 +00:00
passwordhash = fetch_hash_from_database(key_to_fetch)
2023-11-19 13:48:33 +00:00
2023-11-19 21:54:36 +00:00
if passwordhash:
is_password_valid = verify_bcrypt(password_to_check, passwordhash)
2023-11-19 13:48:33 +00:00
if is_password_valid:
2023-11-19 21:54:36 +00:00
response = make_response("Logged in!")
response.set_cookie('passwordhash', passwordhash)
2023-11-20 00:05:07 +00:00
response.set_cookie('email', request.form['email'])
2023-11-19 21:54:36 +00:00
return response
2023-11-19 13:48:33 +00:00
else:
return "Incorrect email or password"
else:
return "Email not found in the database"
2023-11-20 00:19:47 +00:00
@app.route('/deleteapi', methods=['POST'])
def delete():
key_to_fetch = request.form['email']
verify_hash = request.form['hash']
passwordhash = fetch_hash_from_database(key_to_fetch)
if passwordhash:
if verify_hash == passwordhash:
2023-11-20 01:04:01 +00:00
cmd = ["echo", "y", "|", "maddy", "creds", "remove", key_to_fetch]
2023-11-20 00:51:01 +00:00
result = subprocess.run(" ".join(cmd), shell=True, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
if result.returncode == 0:
# Command executed successfully
2023-11-20 01:04:01 +00:00
response = make_response("Email deleted!")
response.set_cookie('passwordhash', '', expires=0)
response.set_cookie('email', '', expires=0)
return response
2023-11-20 00:51:01 +00:00
else:
# Handle errors, log them, and return False
error_message = result.stderr.decode("utf-8")
print(f"Error deleting email account: {error_message}")
return "Error deleting email account!"
2023-11-20 00:19:47 +00:00
else:
return "Incorrect email or password"
else:
return "Email not found in the database"
2023-11-19 21:54:36 +00:00
@app.route('/dashboard')
def dashboard():
if 'passwordhash' in request.cookies and request.cookies.get('passwordhash'):
return render_template('dashboard.html')
else:
2023-11-20 01:06:38 +00:00
return redirect("/account")
2023-11-19 21:54:36 +00:00
2023-11-20 00:05:07 +00:00
@app.route('/deleteacct')
def deleteacct():
2023-11-20 01:04:01 +00:00
email = request.cookies.get('email')
passwordhash = request.cookies.get('passwordhash')
2023-11-20 00:05:07 +00:00
if 'passwordhash' in request.cookies and request.cookies.get('passwordhash'):
2023-11-20 01:04:01 +00:00
return render_template('confirm.html', user_email=email, password_hash=passwordhash)
2023-11-20 00:05:07 +00:00
else:
return redirect(url_for('index'))
2023-11-19 13:48:33 +00:00
if __name__ == '__main__':
serve(app, host='0.0.0.0', port=runport)