from flask import Flask, render_template, request, redirect, url_for, make_response import bcrypt import sqlite3 import configparser import subprocess from waitress import serve # Load from config.ini config = configparser.ConfigParser() config.read("../config.ini") database = config.get("Account", "database") runport = config.get("Account", "port") # Status report print("HectaMail Account Service is starting up...") print("Your database is located at:", database) app = Flask(__name__) def fetch_hash_from_database(key): conn = sqlite3.connect(database) cursor = conn.cursor() cursor.execute("SELECT value FROM passwords WHERE key = ?", (key,)) result = cursor.fetchone() conn.close() if result: return result[0][7:] # Remove the first 7 characters else: return None def verify_bcrypt(passphrase, hashed_password): return bcrypt.checkpw(passphrase.encode('utf-8'), hashed_password.encode('utf-8')) @app.route('/') def index(): if 'passwordhash' in request.cookies and request.cookies.get('passwordhash'): return redirect("/account/dashboard") else: return render_template('index.html') @app.route('/loginapi', methods=['POST']) def login(): key_to_fetch = request.form['email'] password_to_check = request.form['password'] passwordhash = fetch_hash_from_database(key_to_fetch) if passwordhash: is_password_valid = verify_bcrypt(password_to_check, passwordhash) if is_password_valid: response = make_response("Logged in!") response.set_cookie('passwordhash', passwordhash) response.set_cookie('email', request.form['email']) return response else: return "Incorrect email or password" else: return "Email not found in the database" @app.route('/deleteapi', methods=['POST']) def delete(): key_to_fetch = request.form['email'] verify_hash = request.form['hash'] passwordhash = fetch_hash_from_database(key_to_fetch) if passwordhash: if verify_hash == passwordhash: cmd = ["echo", "y", "|", "maddy", "creds", "remove", key_to_fetch] result = subprocess.run(" ".join(cmd), shell=True, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) if result.returncode == 0: # Command executed successfully response = make_response("Email deleted!") response.set_cookie('passwordhash', '', expires=0) response.set_cookie('email', '', expires=0) return response else: # Handle errors, log them, and return False error_message = result.stderr.decode("utf-8") print(f"Error deleting email account: {error_message}") return "Error deleting email account!" else: return "Incorrect email or password" else: return "Email not found in the database" @app.route('/dashboard') def dashboard(): if 'passwordhash' in request.cookies and request.cookies.get('passwordhash'): return render_template('dashboard.html') else: return redirect("/account") @app.route('/deleteacct') def deleteacct(): email = request.cookies.get('email') passwordhash = request.cookies.get('passwordhash') if 'passwordhash' in request.cookies and request.cookies.get('passwordhash'): return render_template('confirm.html', user_email=email, password_hash=passwordhash) else: return redirect(url_for('index')) if __name__ == '__main__': serve(app, host='0.0.0.0', port=runport)