Merge branch 'beta'

78352357 · Jonas Leder · b3e7532c · 499f2156 · 78352357 · 78352357
Commit 78352357 authored 5 years ago by Jonas Leder
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,5 @@ __pycache__/
 builddate.txt
 db/urls.db-journal
 .vscode
+
+db/secretKey.txt
--- a/main.py
+++ b/main.py
@@ -10,6 +10,10 @@ from io import BytesIO #Needed for base64 encoding of the image
 from PIL import Image #Needed for QR generation
 import json #used for github oauth
 from html import escape #This is used to escape characters, if they are send in the url
+from itsdangerous import URLSafeSerializer #used for signing the cookies
+import random #used for signing the cookies
+import string #used for signing the cookies
+
 app = Flask(__name__)

 domain_to_index = {}
@@ -83,6 +87,17 @@ try:
 except:
    cookieNotice = True

+try:
+    secretKey = open("db/secretKey.txt", "r").read()
+except:
+    secretKey = ''.join(random.choice(string.ascii_lowercase) for i in range(100)) #If we can't find the secret key(first run) we generate it in this step and write it to a file
+    print("generated secret Key. Key is: " + secretKey)
+    f = open("db/secretKey.txt", "w")
+    f.write(secretKey)
+    f.close()
+    secretKey = open("db/secretKey.txt", "r").read()
+s = URLSafeSerializer(secretKey)
+
 index = 0
 domain_prepared = ""
 for domains in domain: #Make from every domnain a entry for the select box later
@@ -144,7 +159,7 @@ def grecaptcha_verify(request): #This function is used to verify the google reca
 @app.route('/', methods=['GET'])
 def home_get():
    try:
-        loginbar = "Hello " + request.cookies.get('username') + ' (<a href="/user/links" style="color:white">your links</a>, <a href="/user/logout" style="color:white">logout</a>)'
+        loginbar = "Hello " + s.loads(request.cookies.get('username')) + ' (<a href="/user/links" style="color:white">your links</a>, <a href="/user/logout" style="color:white">logout</a>)'
    except:
        loginbar = '<a href="#" onClick="showLogin()" style="color:white">login</a>'

@@ -155,8 +170,8 @@ def home_get():
 def home_post():
    
    try:
-        userID = request.cookies.get('userID')
-        loginbar = "Hello " + request.cookies.get('username') + ' (<a href="/user/links" style="color:white">your links</a>, <a href="/user/logout" style="color:white">logout</a>)'
+        userID = s.loads(request.cookies.get('userID'))
+        loginbar = "Hello " + s.loads(request.cookies.get('username')) + ' (<a href="/user/links" style="color:white">your links</a>, <a href="/user/logout" style="color:white">logout</a>)'
    except:
        userID = "null"
        loginbar = '<a href="/user/login" style="color:white">login</a>'
@@ -238,8 +253,8 @@ def authorizeGoogle():
        userID = r.text.split('"id": "')[1].split('"')[0]
        name = r.text.split('"name": "')[1].split('"')[0]
        resp = make_response(redirect('/')) #redirect the user at the end back to the main page
-        resp.set_cookie('userID', "google_" + userID) #set the cookies with username and userid
-        resp.set_cookie('username', name)
+        resp.set_cookie('userID', s.dumps("google_" + userID)) #set the cookies with username and userid
+        resp.set_cookie('username', s.dumps(name))
        return resp
    except:
        return "Authentication failed"
@@ -259,8 +274,8 @@ def authorizeGithub():
        username = str(json.loads(githubResponse)['login'])

        resp = make_response(redirect('/')) #redirect the user at the end back to the main page
-        resp.set_cookie('userID', "github_" + userID) #set the cookies with username and userid
-        resp.set_cookie('username', username)
+        resp.set_cookie('userID', s.dumps("github_" + userID)) #set the cookies with username and userid
+        resp.set_cookie('username', s.dumps(username))
        return resp
    except:
        return "Authentication failed"
@@ -275,8 +290,8 @@ def logout():
 @app.route('/user/links')#This function gives the user the posibility to see and delete his links
 def ownLinks():
    try:
-        userID = request.cookies.get('userID') #Get the userid from the cookie
-        loginbar = "Hello " + request.cookies.get('username') + ' (<a href="/user/logout" style="color:white">logout</a>)' #This is the loginbar
+        userID = s.loads(request.cookies.get('userID')) #Get the userid from the cookie
+        loginbar = "Hello " + s.loads(request.cookies.get('username')) + ' (<a href="/user/logout" style="color:white">logout</a>)' #This is the loginbar
    except:
        return redirect("/user/login") #If user is not logged in redirect him to the login page

@@ -298,8 +313,8 @@ def ownLinks():
 @app.route('/user/delete') #This function is called if a user deletes an entrie
 def delete():
    try:
-        userID = request.cookies.get('userID') #get the userid from the cookie
-        loginbar = "Hello " + request.cookies.get('username') + ' (<a href="/user/logout" style="color:white">logout</a>)' # generate the login form
+        userID = s.loads(request.cookies.get('userID')) #get the userid from the cookie
+        loginbar = "Hello " + s.loads(request.cookies.get('username')) + ' (<a href="/user/logout" style="color:white">logout</a>)' # generate the login form
    except:
        return redirect("/user/login") # if user is not logged in redirect him to the login page
    linkToDelete = request.args.get('link') #get the link, which the user want's to delete from the parameter in the url.

--- a/requirements.txt
+++ b/requirements.txt
@@ -3,4 +3,5 @@ flask
 qrcode
 requests
 Pillow
-tqdm
\ No newline at end of file
+tqdm
+itsdangerous
\ No newline at end of file