From f44cdfa456d99eea32eb1b0f96c8293d00f87ee9 Mon Sep 17 00:00:00 2001 From: Tracker-Friendly Date: Sun, 19 Nov 2023 11:30:01 +0000 Subject: [PATCH] Updated with comments and config file --- app.py | 70 ++++++++++++++++++++++++++++++++++++++++-------- config.ini | 5 ++++ tmp/password.tmp | 1 - 3 files changed, 64 insertions(+), 12 deletions(-) create mode 100644 config.ini delete mode 100644 tmp/password.tmp diff --git a/app.py b/app.py index 51cacd4..be99b89 100644 --- a/app.py +++ b/app.py @@ -6,37 +6,66 @@ import random from captcha.image import ImageCaptcha from waitress import serve import base64 +import configparser +import configparser + +# Load from config.ini + +config = configparser.ConfigParser() +config.read("config.ini") +secretkey = config.get("HectaMail", "secretkey") +captchachars = config.get("HectaMail", "captchachars") + +# Status report + +print("HectaMail is starting up...") +print("Your secret key is:", secretkey) +print("Your CAPTCHA allowed characters are:", captchachars) + +# Define the allowed pattern for the username allowed_pattern = r'^[a-zA-Z0-9.]+$' +# Function to generate the CAPTCHA Code + def generate_captcha_text(): - characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' - captcha_text = ''.join(random.choice(characters) for i in range(6)) +# characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' + captcha_text = ''.join(random.choice(captchachars) for i in range(6)) return captcha_text +# Function to determine if the username is compilent with the regex filter + def is_valid_input(input_string): return re.match(allowed_pattern, input_string) is not None +# Initalise Flask + app = Flask(__name__) -app.secret_key = "secret_key_here" +app.secret_key = secretkey + +# Function to create the email account, in this case using doas for security def create_email_account(username, password): if password and is_valid_input(username): try: + # Create a temporary file to escape the password + with open("tmp/password.tmp", "w") as file: file.write(password) - # Use echo to securely pass the password to the command + # Pass the file through a shell command cmd = ["cat", "tmp/password.tmp", "|", "doas", "-u", "maddy", "maddy", "creds", "create", f"{username}@hectabit.org"] + + # Run and determine the result of the shell command result = subprocess.run(" ".join(cmd), shell=True, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) - cmd2 = ["doas", "-u", "maddy", "maddy", "imap-acct", "create", f"{username}@hectabit.org"] - result2 = subprocess.run(" ".join(cmd2), shell=True, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) - + # Delete the temporary file os.remove("tmp/password.tmp") - if result.returncode == 0 and result2.returncode == 0: + + # Check if command executed correctly + if result.returncode == 0: # Command executed successfully return True else: @@ -49,40 +78,59 @@ def create_email_account(username, password): print(f"Error creating email account: {str(e)}") return False else: + # Something went very wrong if this function triggers print(f"Injection Bypass! Very bad!") return False @app.route('/') def index(): + # Generate the CAPTCHA for the user captcha_text = generate_captcha_text() image = ImageCaptcha().generate(captcha_text) + + # Store the CAPTCHA in the session session['captcha_text'] = captcha_text + + # Encode the image in base64 image_base64 = base64.b64encode(image.getvalue()).decode('utf-8') + + # Report the CAPTCHA print(captcha_text) + + # Pass the CAPTCHA through to index.html return render_template('index.html', captcha_text=captcha_text, captcha_image=image_base64) @app.route('/api', methods=['POST']) def register(): + # Get the form data username = request.form.get('username') password = request.form.get('password') + + # Get the CAPTCHA user_captcha = request.form.get('captcha') + # Report the user captcha result print(user_captcha) - - if not is_valid_input(username) or not is_valid_input(user_captcha): + + # Check the regex filter + if not is_valid_input(username): return render_template('num.html'), 400 # Validate the captcha captcha_text = session.get('captcha_text', '') print(captcha_text) if user_captcha.lower() != captcha_text.lower(): + # CAPTCHA incorrect return render_template('captcha_err.html'), 400 + # Attempt to create the email if create_email_account(username, password): + # Email created return render_template('ok.html') else: + # Backend error, potentially maddy return render_template('err.html'), 500 - +# Start the web server if __name__ == '__main__': serve(app, host='0.0.0.0', port=8050) diff --git a/config.ini b/config.ini new file mode 100644 index 0000000..53b56e3 --- /dev/null +++ b/config.ini @@ -0,0 +1,5 @@ +[HectaMail] +# Secret Key, please change to something custom +secretkey: 'your_key_here' +# The characters you allow in your CAPTCHA +captchachars: 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' diff --git a/tmp/password.tmp b/tmp/password.tmp deleted file mode 100644 index 30d74d2..0000000 --- a/tmp/password.tmp +++ /dev/null @@ -1 +0,0 @@ -test \ No newline at end of file