Skip to content
GitLab
Commit f6f722b5 authored by Aflitos, Saulo Alves's avatar Aflitos, Saulo Alves
Browse files

possibility of disabling encryption; database in rw mode

parent 53b7908a
Hide whitespace changes
Inline Side-by-side
behaviour.py
View file @ f6f722b5
......@@ -108,16 +108,11 @@ class encryption(object):
print "ssl key % exists. deleting" % self.rsa_public_key_file_name2
os.remove(self.rsa_public_key_file_name2)
if ( os.path.exists( self.rsa_public_key_file_name3 ) ):
print "ssl key % exists. deleting" % self.rsa_public_key_file_name3
os.remove(self.rsa_public_key_file_name3)
print "PUBLIC KEY %s OR PRIVATE KEY %s DOES NOT EXISTS. CREATING" % (self.rsa_private_key_file_name, self.rsa_public_key_file_name2)
#(pubkey, privkey) = rsa.newkeys(RSA_KEY_SIZE, accurate=True, poolsize=1)
#open(rsa_public_key_file_name , 'w').write( pubkey.save_pkcs1() )
#open(rsa_private_key_file_name, 'w').write( privkey.save_pkcs1() )
self.privkey = RSA.generate(self.RSA_KEY_SIZE)
self.pubkey = self.privkey.publickey()
......@@ -127,8 +122,8 @@ class encryption(object):
print "saved public and private keys"
if os.path.exists(self.rsa_public_key_file_name3):
print "temporary rsa pub key %s exists. deleting" % ( self.rsa_public_key_file_name3 )
if ( os.path.exists( self.rsa_public_key_file_name3 ) ):
print "ssl key % exists. deleting" % self.rsa_public_key_file_name3
os.remove(self.rsa_public_key_file_name3)
......@@ -230,6 +225,7 @@ def load_config( args ):
variables = {
'HAS_LOGIN' : False,
'USE_SSL' : False,
'USE_ENCRYPTION' : False,
'SSL_KEY_LENGTH' : DEFAULT_SSL_KEY_SIZE,
'SERVER_PORT' : DEFAULT_SERVER_PORT,
'SERVER_IP' : DEFAULT_SERVER_IP,
......@@ -296,7 +292,8 @@ def load_config( args ):
variables['getManager'] = getManager
variables['INTERFACE' ] = interface
app.before_first_request(init_db)
#app.before_first_request(init_db)
#init_db()
app.secret_key = variables['SECRET_KEY']
app.debug = variables['DEBUG' ]
......@@ -309,11 +306,27 @@ def load_config( args ):
interface.DEBUG = IDEBUG
#http://stackoverflow.com/questions/9767585/insert-static-files-literally-into-jinja-templates-without-parsing-them
def include_file(name):
return Markup(app.jinja_loader.get_source(app.jinja_env, name)[0])
def include_file_multiline(name):
lines = app.jinja_loader.get_source(app.jinja_env, name)[0]
#lines.replace("RSA PUBLIC KEY", "PUBLIC KEY")
lines = lines.split("\n")
lines = [ "'" + l + "\\n' +" for l in lines ]
lines[-1] = lines[-1].strip(" +")
return Markup("\n".join( lines ))
app.jinja_env.globals['include_file' ] = include_file
app.jinja_env.globals['include_file_multiline'] = include_file_multiline
if app.config['HAS_LOGIN']:
print "LOGIN ENABLED"
print "INITIALIZING DB"
USER_DATABASE_FILE = os.path.join( INFOLDER, 'users.sqlite' )
USER_DATABASE_FILE = os.path.join( INFOLDER, 'users.sql' )
app.config['USER_DATABASE_FILE' ] = USER_DATABASE_FILE
app.config['DATABASE_FILE' ] = USER_DATABASE_FILE
......@@ -321,37 +334,24 @@ def load_config( args ):
app.config['SQLALCHEMY_ECHO' ] = False
if not os.path.exists(USER_DATABASE_FILE):
print "DATABASE %s DOES NOT EXISTS. CREATING" % USER_DATABASE_FILE
user_db.drop_all()
user_db.create_all()
os.chmod(USER_DATABASE_FILE, 0666)
print "INITIALIZING ENCRYPTION"
app.config["ENCRYPTION_INST"] = encryption( INFOLDER, app.config )
print "ENCRYPTION KEY SIZE", app.config["ENCRYPTION_INST"].RSA_KEY_SIZE
#jsonpickle.set_preferred_backend('simplejson')
#jsonpickle.set_encoder_options('simplejson', ensure_ascii=True, sort_keys=True, indent=1)
if app.config['USE_ENCRYPTION']:
print "INITIALIZING ENCRYPTION"
app.jinja_env.globals['encbitsize' ] = str( app.config["ENCRYPTION_INST"].RSA_KEY_SIZE )
app.jinja_env.globals['rsa_public_key_file_name'] = str( app.config["ENCRYPTION_INST"].rsa_public_key_file_name )
app.config["ENCRYPTION_INST"] = encryption( INFOLDER, app.config )
#http://stackoverflow.com/questions/9767585/insert-static-files-literally-into-jinja-templates-without-parsing-them
def include_file(name):
return Markup(app.jinja_loader.get_source(app.jinja_env, name)[0])
def include_file_multiline(name):
lines = app.jinja_loader.get_source(app.jinja_env, name)[0]
#lines.replace("RSA PUBLIC KEY", "PUBLIC KEY")
lines = lines.split("\n")
lines = [ "'" + l + "\\n' +" for l in lines ]
lines[-1] = lines[-1].strip(" +")
return Markup("\n".join( lines ))
app.jinja_env.globals['include_file' ] = include_file
app.jinja_env.globals['include_file_multiline'] = include_file_multiline
print "ENCRYPTION KEY SIZE", app.config["ENCRYPTION_INST"].RSA_KEY_SIZE
#jsonpickle.set_preferred_backend('simplejson')
#jsonpickle.set_encoder_options('simplejson', ensure_ascii=True, sort_keys=True, indent=1)
app.jinja_env.globals['encbitsize' ] = str( app.config["ENCRYPTION_INST"].RSA_KEY_SIZE )
app.jinja_env.globals['rsa_public_key_file_name'] = str( app.config["ENCRYPTION_INST"].rsa_public_key_file_name )
if app.config['USE_SSL']:
......@@ -411,9 +411,9 @@ def run_action(args):
if app.config['HAS_LOGIN']:
if app.config["ENCRYPTION_INST"] is not None:
files_to_del.extend(
[
app.config["ENCRYPTION_INST"].rsa_private_key_file_name,
files_to_del.extend(
[
app.config["ENCRYPTION_INST"].rsa_private_key_file_name,
app.config["ENCRYPTION_INST"].rsa_public_key_file_name ,
app.config["ENCRYPTION_INST"].rsa_public_key_file_name2,
app.config["ENCRYPTION_INST"].rsa_public_key_file_name3
......@@ -421,11 +421,11 @@ def run_action(args):
)
if app.config['USE_SSL']:
files_to_del.extend(
[
files_to_del.extend(
[
app.config["SSL_CERT" ] ,
app.config["SSL_KEY" ]
]
]
)
for filename in files_to_del:
......
config.template
View file @ f6f722b5
#decide whether to have user control or not
HAS_LOGIN = False
HAS_LOGIN = False
#decide whether to use encryption on forms
USE_ENCRYPTION = False
#decide whether to have ssl or not
USE_SSL = False
......
docker/introgressionbrowser/Dockerfile
View file @ f6f722b5
#docker run -it --rm -v $PWD/data:/var/www/ibrowser/data -v $PWD/access.log:/var/log/apache2/access.log -v $PWD/error.log:/var/log/apache2/error.log sauloal/introgressionbrowser
#BUILD: docker build --rm -t sauloal/introgressionbrowser .
#RUN : docker stop ibrowser; docker rm ibrowser; docker run --detach=true --name ibrowser --publish=10000:10000 --volume $PWD/data:/var/www/ibrowser/data sauloal/introgressionbrowser
#START: docker start ibrowser
#LOGS : docker logs ibrowser
#
#--security-context apparmor:unconfine
# --security-context
#
#docker build --rm -t sauloal/introgressionbrowser .
FROM sauloal/introgressionbrowser_runtime
......
reloader.py
View file @ f6f722b5
......@@ -256,7 +256,8 @@ def kill_others():
if os.path.exists(self_pid):
pid = open(self_pid).read().strip()
sys.stdout.write("killing self. PID: %d\n" % int(pid))
subprocess.Popen(['kill', '-9', pid])
proc = subprocess.Popen(['kill', '-9', pid])
proc.wait()
sys.stdout.write("killed self\n")
os.remove(self_pid)
sys.stdout.write("removed pid file\n")
......
routes.py
View file @ f6f722b5
......@@ -81,18 +81,19 @@ def login():
"""
Perform login
"""
#print "login"
print "login"
message = ""
if app.config['HAS_LOGIN']:
#print "login: has config"
print "login: has config"
if request.method == 'POST':
#print "login: has config - POST"
username = request.form.get('username', None)
password = request.form.get('password', None)
noonce = request.form.get('noonce' , None)
if password is not None:
password = app.config["ENCRYPTION_INST"].decrypter( password )
if app.config['USE_ENCRYPTION']:
if password is not None:
password = app.config["ENCRYPTION_INST"].decrypter( password )
print "login: has config - POST - username %s password %s noonce %s" % ( username, password, noonce )
......@@ -117,10 +118,11 @@ def login():
session["noonce"] = gen_noonce()
print "new noonce", session["noonce"]
return render_template('login.html', noonce=session["noonce"], message=message)
return render_template('login.html', noonce=session["noonce"], message=message, app=app)
#return app.send_static_file('login.html')
else:
print "login: no config"
return redirect(url_for('get_main', _external=True))
......@@ -131,7 +133,7 @@ def admin():
"""
message = None
#print "login"
print "admin"
if app.config['HAS_LOGIN']:
if request.method == 'POST':
print "admin: has config - POST"
......@@ -141,8 +143,9 @@ def admin():
noonce = request.form.get('noonce' , None)
security = request.form.get('security', None)
if password is not None:
password = app.config["ENCRYPTION_INST"].decrypter( password )
if app.config['USE_ENCRYPTION']:
if password is not None:
password = app.config["ENCRYPTION_INST"].decrypter( password )
print "admin: has config - POST - action %s username %s password %s noonce %s security %s" % tuple([ str(x) for x in ( action, username, password, noonce, security ) ])
......@@ -189,10 +192,11 @@ def admin():
session["noonce"] = gen_noonce()
print "new noonce", session["noonce"]
return render_template('admin.html', users=[x for x in sorted(get_users()) if x != "admin"], message=message, noonce=session["noonce"])
return render_template('admin.html', users=[x for x in sorted(get_users()) if x != "admin"], message=message, noonce=session["noonce"], app=app)
#return app.send_static_file('login.html')
else:
print "admin: no config"
return redirect(url_for('get_main', _external=True))
......@@ -1329,7 +1333,9 @@ def load_database():
files.extend( glob.glob( os.path.join( app.config["INFOLDER"], '*.sqlite' ) ) )
#print "GLOBBED", files
files.sort()
app.config["DATABASES" ] = []
if "DATABASES" not in app.config:
app.config["DATABASES" ] = []
for db_name in files:
db_nfo = db_name + ".nfo"
......@@ -1362,6 +1368,7 @@ def load_database():
print app.config["DATABASES" ]
init_db()
def read_nfo( db_title, db_nfo, path='.' ):
......
templates/admin.html
View file @ f6f722b5
......@@ -115,32 +115,35 @@
function add_user() {
console.log( "adding user" );
var username = document.getElementById('username' ).value;
var password = document.getElementById('password1').value;
var password1 = document.getElementById('password1').value;
var password2 = document.getElementById('password2').value;
var noonce = document.getElementById('noonce' ).value;
console.log( "adding user :: login : ", username );
console.log( "adding user :: password1: ", password );
console.log( "adding user :: password1: ", password1 );
console.log( "adding user :: password2: ", password2 );
console.log( "adding user :: noonce : ", noonce );
if ( password != password2 ) {
if ( password1 != password2 ) {
document.getElementById("message").innerHTML = "Passwords do not match";
return;
}
var up = username + password + noonce;
var form = document.createElement("form");
form.setAttribute("method", "POST" );
form.setAttribute("action", "/admin");
var up = username + password1 + noonce;
//console.log("up : ", up);
var cryptPass = hasher(up );
var security = hasher(cryptPass+noonce);
{% if app.config['USE_ENCRYPTION'] %}
cryptPass = encrypter.encrypt( cryptPass );
{% endif %}
//console.log("cryptPass : ", cryptPass);
var form = document.createElement("form");
form.setAttribute("method", "POST" );
form.setAttribute("action", "/admin");
var action_field = document.createElement("input");
action_field.setAttribute("type" , "hidden" );
action_field.setAttribute("name" , "action" );
......@@ -156,7 +159,7 @@
var pass_field = document.createElement("input");
pass_field.setAttribute("type" , "hidden" );
pass_field.setAttribute("name" , "password");
pass_field.setAttribute("value", encrypter.encrypt( cryptPass ));
pass_field.setAttribute("value", cryptPass );
form.appendChild(pass_field);
var noonce_field = document.createElement("input");
......@@ -173,6 +176,7 @@
document.body.appendChild(form);
form.submit();
//document.removeChild(form);
}
......@@ -214,7 +218,9 @@
// }
//}
</script>
{% include 'hasher.html' without context %}
{% if app.config['USE_ENCRYPTION'] %}
{% include 'crypto.html' without context %}
{% endif %}
</footer>
</html>
templates/crypto.html
View file @ f6f722b5
<script type="text/javascript">
{{ include_file('sha3.js') }}
</script>
<script type="text/javascript">
var hasher = function (seq) {
return CryptoJS.SHA3(seq, { outputLength: 512 }).toString(CryptoJS.enc.Hex);
}
//CryptoJS.SHA384(up).toString(CryptoJS.enc.Hex)
//CryptoJS.SHA512(up).toString(CryptoJS.enc.Hex)
</script>
<script type="text/javascript">
{{ include_file('jsencrypt.min.js' ) }}
</script>
......@@ -23,5 +11,3 @@
var encrypted = encrypter.encrypt( "test" );
console.log( "encrypted ", encrypted );
</script>
<!--{- include 'decrypto.html' -}-->
templates/decrypto.html
View file @ f6f722b5
<script type="text/javascript">
var decrypter = new JSEncrypt();
var privkey = {{ include_file_multiline('rsa_'+encbitsize+'_priv.pem') }};
decrypter.setPrivateKey( privkey );
var decrypted = decrypter.decrypt( encrypted );
console.log( "decrypted ", decrypted );
var decrypter = new JSEncrypt();
var privkey = {{ include_file_multiline('rsa_'+encbitsize+'_priv.pem') }};
decrypter.setPrivateKey( privkey );
var decrypted = decrypter.decrypt( encrypted );
console.log( "decrypted ", decrypted );
</script>
templates/hasher.html 0 → 100644
View file @ f6f722b5
<script type="text/javascript">
{{ include_file('sha3.js') }}
</script>
<script type="text/javascript">
var hasher = function (seq) {
return CryptoJS.SHA3(seq, { outputLength: 512 }).toString(CryptoJS.enc.Hex);
}
//CryptoJS.SHA384(up).toString(CryptoJS.enc.Hex)
//CryptoJS.SHA512(up).toString(CryptoJS.enc.Hex)
</script>
<!--{- include 'decrypto.html' -}-->
templates/login.html
View file @ f6f722b5
......@@ -92,7 +92,6 @@ window.onload = function () {
console.log("noonce : ", noonce);
var up = username + password + salt;
console.log("up : ", up);
......@@ -105,7 +104,11 @@ window.onload = function () {
//document.getElementById('password').value = res;
document.getElementById('password').value = encrypter.encrypt( res );
{% if app.config['USE_ENCRYPTION'] %}
res = encrypter.encrypt( res );
{% endif %}
document.getElementById('password').value = res;
document.getElementById('form').submit();
return false;
......@@ -115,7 +118,9 @@ window.onload = function () {
};
};
</script>
{% include 'hasher.html' without context %}
{% if app.config['USE_ENCRYPTION'] %}
{% include 'crypto.html' without context %}
{% endif %}
</footer>
</html>
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment