hectamail-website/app.py

89 lines
3.1 KiB
Python
Raw Normal View History

2023-11-19 01:06:08 +00:00
from flask import Flask, render_template, request, redirect, url_for, session
2023-11-04 16:46:10 +00:00
import subprocess
import re
2023-11-18 23:36:45 +00:00
import os
2023-11-19 01:06:08 +00:00
import random
from captcha.image import ImageCaptcha
2023-11-04 16:46:10 +00:00
from waitress import serve
2023-11-19 01:06:08 +00:00
import base64
2023-11-04 16:46:10 +00:00
allowed_pattern = r'^[a-zA-Z0-9.]+$'
2023-11-19 01:06:08 +00:00
def generate_captcha_text():
characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
captcha_text = ''.join(random.choice(characters) for i in range(6))
return captcha_text
2023-11-04 16:46:10 +00:00
def is_valid_input(input_string):
return re.match(allowed_pattern, input_string) is not None
app = Flask(__name__)
2023-11-19 01:06:08 +00:00
app.secret_key = "secret_key_here"
2023-11-04 16:46:10 +00:00
def create_email_account(username, password):
2023-11-16 07:47:17 +00:00
if password and is_valid_input(username):
2023-11-04 16:46:10 +00:00
try:
2023-11-16 07:47:17 +00:00
with open("tmp/password.tmp", "w") as file:
2023-11-16 07:47:17 +00:00
file.write(password)
2023-11-04 16:46:10 +00:00
# Use echo to securely pass the password to the command
cmd = ["cat", "tmp/password.tmp", "|", "doas", "-u", "maddy", "maddy", "creds", "create", f"{username}@hectabit.org"]
2023-11-04 16:46:10 +00:00
result = subprocess.run(" ".join(cmd), shell=True, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
cmd2 = ["doas", "-u", "maddy", "maddy", "imap-acct", "create", f"{username}@hectabit.org"]
result2 = subprocess.run(" ".join(cmd2), shell=True, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
os.remove("tmp/password.tmp")
2023-11-16 07:47:38 +00:00
if result.returncode == 0 and result2.returncode == 0:
2023-11-04 16:46:10 +00:00
# Command executed successfully
return True
else:
# Handle errors, log them, and return False
error_message = result.stderr.decode("utf-8")
print(f"Error creating email account: {error_message}")
return False
except Exception as e:
# Handle exceptions and return False
print(f"Error creating email account: {str(e)}")
return False
else:
print(f"Injection Bypass! Very bad!")
return False
@app.route('/')
def index():
2023-11-19 01:06:08 +00:00
captcha_text = generate_captcha_text()
image = ImageCaptcha().generate(captcha_text)
session['captcha_text'] = captcha_text
image_base64 = base64.b64encode(image.getvalue()).decode('utf-8')
print(captcha_text)
return render_template('index.html', captcha_text=captcha_text, captcha_image=image_base64)
2023-11-04 16:46:10 +00:00
@app.route('/api', methods=['POST'])
def register():
username = request.form.get('username')
password = request.form.get('password')
2023-11-19 01:06:08 +00:00
user_captcha = request.form.get('captcha')
2023-11-04 16:46:10 +00:00
2023-11-19 01:06:08 +00:00
print(user_captcha)
if not is_valid_input(username) or not is_valid_input(user_captcha):
2023-11-04 16:46:10 +00:00
return render_template('num.html'), 400
2023-11-19 01:06:08 +00:00
# Validate the captcha
captcha_text = session.get('captcha_text', '')
print(captcha_text)
if user_captcha.lower() != captcha_text.lower():
return render_template('captcha_err.html'), 400
2023-11-04 16:46:10 +00:00
if create_email_account(username, password):
return render_template('ok.html')
else:
return render_template('err.html'), 500
if __name__ == '__main__':
serve(app, host='0.0.0.0', port=8050)