2023-11-19 11:40:23 +00:00
|
|
|
from flask import Flask, render_template, request, redirect, url_for, session
|
|
|
|
import uuid
|
2023-11-04 16:46:10 +00:00
|
|
|
import subprocess
|
|
|
|
import re
|
2023-11-18 23:36:45 +00:00
|
|
|
import os
|
2023-11-19 01:06:08 +00:00
|
|
|
import random
|
|
|
|
from captcha.image import ImageCaptcha
|
2023-11-04 16:46:10 +00:00
|
|
|
from waitress import serve
|
2023-11-19 01:06:08 +00:00
|
|
|
import base64
|
2023-11-19 11:30:01 +00:00
|
|
|
import configparser
|
|
|
|
import configparser
|
|
|
|
|
|
|
|
# Load from config.ini
|
|
|
|
|
|
|
|
config = configparser.ConfigParser()
|
|
|
|
config.read("config.ini")
|
|
|
|
secretkey = config.get("HectaMail", "secretkey")
|
|
|
|
captchachars = config.get("HectaMail", "captchachars")
|
|
|
|
|
|
|
|
# Status report
|
|
|
|
|
|
|
|
print("HectaMail is starting up...")
|
|
|
|
print("Your secret key is:", secretkey)
|
|
|
|
print("Your CAPTCHA allowed characters are:", captchachars)
|
|
|
|
|
|
|
|
# Define the allowed pattern for the username
|
2023-11-04 16:46:10 +00:00
|
|
|
|
|
|
|
allowed_pattern = r'^[a-zA-Z0-9.]+$'
|
|
|
|
|
2023-11-19 11:30:01 +00:00
|
|
|
# Function to generate the CAPTCHA Code
|
|
|
|
|
2023-11-19 01:06:08 +00:00
|
|
|
def generate_captcha_text():
|
2023-11-19 11:30:01 +00:00
|
|
|
# characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
|
|
|
|
captcha_text = ''.join(random.choice(captchachars) for i in range(6))
|
2023-11-19 01:06:08 +00:00
|
|
|
return captcha_text
|
|
|
|
|
2023-11-19 11:30:01 +00:00
|
|
|
# Function to determine if the username is compilent with the regex filter
|
|
|
|
|
2023-11-04 16:46:10 +00:00
|
|
|
def is_valid_input(input_string):
|
|
|
|
return re.match(allowed_pattern, input_string) is not None
|
|
|
|
|
2023-11-19 11:30:01 +00:00
|
|
|
# Initalise Flask
|
|
|
|
|
2023-11-04 16:46:10 +00:00
|
|
|
app = Flask(__name__)
|
2023-11-19 11:30:01 +00:00
|
|
|
app.secret_key = secretkey
|
|
|
|
|
|
|
|
# Function to create the email account, in this case using doas for security
|
2023-11-04 16:46:10 +00:00
|
|
|
|
|
|
|
def create_email_account(username, password):
|
2023-11-16 07:47:17 +00:00
|
|
|
if password and is_valid_input(username):
|
2023-11-04 16:46:10 +00:00
|
|
|
try:
|
2023-11-16 07:47:17 +00:00
|
|
|
|
2023-11-19 11:30:01 +00:00
|
|
|
# Create a temporary file to escape the password
|
|
|
|
|
2023-11-16 07:50:35 +00:00
|
|
|
with open("tmp/password.tmp", "w") as file:
|
2023-11-16 07:47:17 +00:00
|
|
|
file.write(password)
|
|
|
|
|
2023-11-19 11:30:01 +00:00
|
|
|
# Pass the file through a shell command
|
2023-11-16 07:50:35 +00:00
|
|
|
cmd = ["cat", "tmp/password.tmp", "|", "doas", "-u", "maddy", "maddy", "creds", "create", f"{username}@hectabit.org"]
|
2023-11-04 16:46:10 +00:00
|
|
|
|
2023-11-19 11:30:01 +00:00
|
|
|
# Run and determine the result of the shell command
|
|
|
|
result = subprocess.run(" ".join(cmd), shell=True, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
2023-11-04 17:27:55 +00:00
|
|
|
|
2023-11-19 11:30:01 +00:00
|
|
|
# Delete the temporary file
|
2023-11-16 07:50:35 +00:00
|
|
|
os.remove("tmp/password.tmp")
|
2023-11-16 07:47:38 +00:00
|
|
|
|
2023-11-19 11:30:01 +00:00
|
|
|
|
|
|
|
# Check if command executed correctly
|
|
|
|
if result.returncode == 0:
|
2023-11-04 16:46:10 +00:00
|
|
|
# Command executed successfully
|
|
|
|
return True
|
|
|
|
else:
|
|
|
|
# Handle errors, log them, and return False
|
|
|
|
error_message = result.stderr.decode("utf-8")
|
|
|
|
print(f"Error creating email account: {error_message}")
|
|
|
|
return False
|
|
|
|
except Exception as e:
|
|
|
|
# Handle exceptions and return False
|
|
|
|
print(f"Error creating email account: {str(e)}")
|
|
|
|
return False
|
|
|
|
else:
|
2023-11-19 11:30:01 +00:00
|
|
|
# Something went very wrong if this function triggers
|
2023-11-04 16:46:10 +00:00
|
|
|
print(f"Injection Bypass! Very bad!")
|
|
|
|
return False
|
|
|
|
|
|
|
|
@app.route('/')
|
|
|
|
def index():
|
2023-11-19 11:41:25 +00:00
|
|
|
# Generate a unique token
|
|
|
|
unique_token = str(uuid.uuid4())
|
|
|
|
|
2023-11-19 11:30:01 +00:00
|
|
|
# Generate the CAPTCHA for the user
|
2023-11-19 01:06:08 +00:00
|
|
|
captcha_text = generate_captcha_text()
|
|
|
|
image = ImageCaptcha().generate(captcha_text)
|
2023-11-19 11:30:01 +00:00
|
|
|
|
2023-11-19 11:38:22 +00:00
|
|
|
# Store the CAPTCHA and token in the session
|
2023-11-19 01:06:08 +00:00
|
|
|
session['captcha_text'] = captcha_text
|
2023-11-19 11:38:22 +00:00
|
|
|
session['unique_token'] = unique_token
|
2023-11-19 11:30:01 +00:00
|
|
|
|
|
|
|
# Encode the image in base64
|
2023-11-19 01:06:08 +00:00
|
|
|
image_base64 = base64.b64encode(image.getvalue()).decode('utf-8')
|
2023-11-19 11:30:01 +00:00
|
|
|
|
|
|
|
# Report the CAPTCHA
|
2023-11-19 01:06:08 +00:00
|
|
|
print(captcha_text)
|
2023-11-19 11:30:01 +00:00
|
|
|
|
|
|
|
# Pass the CAPTCHA through to index.html
|
2023-11-19 11:38:22 +00:00
|
|
|
return render_template('index.html', captcha_image=image_base64, unique_token=unique_token)
|
2023-11-04 16:46:10 +00:00
|
|
|
|
|
|
|
@app.route('/api', methods=['POST'])
|
|
|
|
def register():
|
2023-11-19 11:30:01 +00:00
|
|
|
# Get the form data
|
2023-11-04 16:46:10 +00:00
|
|
|
username = request.form.get('username')
|
|
|
|
password = request.form.get('password')
|
2023-11-19 11:30:01 +00:00
|
|
|
|
|
|
|
# Get the CAPTCHA
|
2023-11-19 01:06:08 +00:00
|
|
|
user_captcha = request.form.get('captcha')
|
2023-11-04 16:46:10 +00:00
|
|
|
|
2023-11-19 11:38:22 +00:00
|
|
|
# Get the unique token
|
|
|
|
submitted_token = request.form.get('unique_token')
|
|
|
|
|
|
|
|
# Check if the submitted token matches the one in the session
|
|
|
|
if submitted_token != session.get('unique_token'):
|
|
|
|
# Token mismatch, handle accordingly
|
|
|
|
return "Token Expired", 400
|
|
|
|
|
2023-11-19 11:43:23 +00:00
|
|
|
# Generate a new unique token for the next request
|
|
|
|
session['unique_token'] = str(uuid.uuid4())
|
|
|
|
|
2023-11-19 11:30:01 +00:00
|
|
|
# Report the user captcha result
|
2023-11-19 01:06:08 +00:00
|
|
|
print(user_captcha)
|
2023-11-19 11:30:01 +00:00
|
|
|
|
|
|
|
# Check the regex filter
|
|
|
|
if not is_valid_input(username):
|
2023-11-04 16:46:10 +00:00
|
|
|
return render_template('num.html'), 400
|
|
|
|
|
2023-11-19 01:06:08 +00:00
|
|
|
# Validate the captcha
|
|
|
|
captcha_text = session.get('captcha_text', '')
|
|
|
|
print(captcha_text)
|
|
|
|
if user_captcha.lower() != captcha_text.lower():
|
2023-11-19 11:30:01 +00:00
|
|
|
# CAPTCHA incorrect
|
2023-11-19 01:06:08 +00:00
|
|
|
return render_template('captcha_err.html'), 400
|
|
|
|
|
2023-11-19 11:30:01 +00:00
|
|
|
# Attempt to create the email
|
2023-11-04 16:46:10 +00:00
|
|
|
if create_email_account(username, password):
|
2023-11-19 11:30:01 +00:00
|
|
|
# Email created
|
2023-11-04 16:46:10 +00:00
|
|
|
return render_template('ok.html')
|
|
|
|
else:
|
2023-11-19 11:30:01 +00:00
|
|
|
# Backend error, potentially maddy
|
2023-11-04 16:46:10 +00:00
|
|
|
return render_template('err.html'), 500
|
|
|
|
|
2023-11-19 11:30:01 +00:00
|
|
|
# Start the web server
|
2023-11-04 16:46:10 +00:00
|
|
|
if __name__ == '__main__':
|
|
|
|
serve(app, host='0.0.0.0', port=8050)
|