hectamail-website/account/account.py

from flask import Flask, render_template, request, redirect, url_for, make_response
import bcrypt
import sqlite3
import configparser
import subprocess
from waitress import serve

# Load from config.ini

config = configparser.ConfigParser()
config.read("../config.ini")
database = config.get("Account", "database")
runport = config.get("Account", "port")

# Status report

print("HectaMail Account Service is starting up...")
print("Your database is located at:", database)

app = Flask(__name__)

def fetch_hash_from_database(key):
    conn = sqlite3.connect(database)
    cursor = conn.cursor()
    cursor.execute("SELECT value FROM passwords WHERE key = ?", (key,))
    result = cursor.fetchone()
    conn.close()

    if result:
        return result[0][7:]  # Remove the first 7 characters
    else:
        return None

def verify_bcrypt(passphrase, hashed_password):
    return bcrypt.checkpw(passphrase.encode('utf-8'), hashed_password.encode('utf-8'))

@app.route('/')
def index():
    email = request.cookies.get('email')
    if 'passwordhash' in request.cookies and request.cookies.get('passwordhash'):
        return render_template('dashboard.html', user_email=email)
    else:
        return render_template('index.html')

@app.route('/loginapi', methods=['POST'])
def login():
    key_to_fetch = request.form['email']
    password_to_check = request.form['password']

    passwordhash = fetch_hash_from_database(key_to_fetch)

    if passwordhash:
        is_password_valid = verify_bcrypt(password_to_check, passwordhash)
        if is_password_valid:
            response = make_response(redirect('/account'))
            response.set_cookie('passwordhash', passwordhash)
            response.set_cookie('email', request.form['email'])
            return response
        else:
            return render_template('wrong.html')
    else:
        return render_template('wrong.html')

@app.route('/deleteapi', methods=['POST'])
def delete():
    key_to_fetch = request.form['email']
    verify_hash = request.form['hash']

    passwordhash = fetch_hash_from_database(key_to_fetch)

    if passwordhash:
        if verify_hash == passwordhash:
            cmd = ["echo", "y", "|", "maddy", "creds", "remove", key_to_fetch]
            result = subprocess.run(" ".join(cmd), shell=True, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)

            if result.returncode == 0:
                # Command executed successfully
                response = make_response(redirect('/'))
                response.set_cookie('passwordhash', '', expires=0)
                response.set_cookie('email', '', expires=0)
                return response
            else:
                # Handle errors, log them, and return False
                error_message = result.stderr.decode("utf-8")
                print(f"Error deleting email account: {error_message}")
                return render_template('err.html')

        else:
            return render_template('wrong.html')
    else:
        return render_template('wrong.html')

@app.route('/deleteacct')
def deleteacct():
    email = request.cookies.get('email')
    passwordhash = request.cookies.get('passwordhash')
    if 'passwordhash' in request.cookies and request.cookies.get('passwordhash'):
        return render_template('confirm.html', user_email=email, password_hash=passwordhash)
    else:
        return redirect(url_for('index'))

@app.route('/logout')
def logout():
    response = make_response(redirect('/'))
    response.set_cookie('passwordhash', '', expires=0)
    response.set_cookie('email', '', expires=0)
    return response

if __name__ == '__main__':
    serve(app, host='0.0.0.0', port=runport)