ticketfrei/frontend/website.py

181 lines
5.3 KiB
Python
Raw Normal View History

#!/usr/bin/env python3
2018-01-08 21:56:05 +00:00
import os
2018-01-18 08:39:06 +00:00
import base64
import bottle
import sqlite3
2018-01-08 00:16:34 +00:00
import sendmail
2018-01-08 21:56:05 +00:00
import pytoml as toml
import jwt
import pylibscrypt
import smtplib
2018-01-08 21:56:05 +00:00
class Datagetter(object):
def __init__(self):
self.db = os.path.join(os.path.dirname(os.path.dirname(os.path.abspath(__file__))), "ticketfrei.sqlite")
self.conn = self.create_connection(self.db)
self.cur = self.conn.cursor()
def create_connection(self, db_file):
""" create a database connection to the SQLite database
specified by the db_file
:param db_file: database file
:return: Connection object or None
"""
try:
conn = sqlite3.connect(db_file)
return conn
except sqlite3.Error as e:
print(e)
return None
2018-01-18 08:39:06 +00:00
app = application = bottle.Bottle()
2018-01-18 08:39:06 +00:00
@app.route('/login', method="POST")
def login():
"""
Login to the ticketfrei account with credentials from the user table.
:return: bot.py Session Cookie
"""
uname = bottle.request.forms.get('uname')
psw = bottle.request.forms.get('psw')
2018-01-18 08:39:06 +00:00
psw = psw.encode("utf-8")
db.cur.execute("SELECT pass_hashed FROM user WHERE email=?;", (uname, ))
try:
pass_hashed = db.cur.fetchone()[0]
except TypeError:
return "Wrong Credentials." # no user with this email
if pylibscrypt.scrypt_mcf_check(pass_hashed, psw):
bottle.response.set_cookie("account", uname, secret)
return bottle.redirect("/settings")
else:
return "Wrong Credentials." # passphrase is wrong
2018-01-18 08:39:06 +00:00
@app.route('/register', method="POST")
def register():
"""
Login to the ticketfrei account with credentials from the user table.
:return: bot.py Session Cookie
"""
2018-01-08 00:16:34 +00:00
email = bottle.request.forms.get('email')
psw = bottle.request.forms.get('psw')
pswrepeat = bottle.request.forms.get('psw-repeat')
if pswrepeat != psw:
return "ERROR: Passwords don't match. Try again."
# check if email is already in use
db.cur.execute("SELECT id FROM user WHERE email=?;", (email,))
if db.cur.fetchone() is not None:
return "E-Mail is already in use." # account already exists
# hash and format for being encoded in the confirmation mail
2018-01-18 08:39:06 +00:00
psw = psw.encode("utf-8")
pass_hashed = pylibscrypt.scrypt_mcf(psw) # hash password
pass_hashed = base64.encodebytes(pass_hashed)
pass_hashed = pass_hashed.decode("ascii")
payload = {"email": email, "pass_hashed": pass_hashed}
# create confirmlink
encoded_jwt = jwt.encode(payload, secret).decode('utf-8')
host = bottle.request.get_header('host')
confirmlink = "http://" + host + "/confirm/" + str(encoded_jwt) # to be changed to https
# send the mail
2018-01-08 00:16:34 +00:00
m = sendmail.Mailer(config)
try:
m.send("Complete your registration here: " + confirmlink, email, "[Ticketfrei] Confirm your account")
except smtplib.SMTPRecipientsRefused:
return "Please enter a valid E-Mail address."
2018-01-08 00:16:34 +00:00
return "We sent you an E-Mail. Please click on the confirmation link."
@app.route('/confirm/<encoded_jwt>', method="GET")
def confirmaccount(encoded_jwt):
2018-01-08 00:16:34 +00:00
"""
Confirm the account creation and create a database entry.
:return: Redirection to bot.html
"""
# get values from URL
2018-01-08 21:56:05 +00:00
dict = jwt.decode(encoded_jwt, secret)
uname = dict["email"]
pass_hashed = base64.b64decode(dict["pass_hashed"])
2018-01-08 21:56:05 +00:00
print(uname, pass_hashed)
# create db entry
db.cur.execute("INSERT INTO user(email, pass_hashed, enabled) VALUES(?, ?, ?);", (uname, pass_hashed, 1))
db.conn.commit()
bottle.response.set_cookie("account", uname, secret)
return bottle.redirect("/settings")
@app.route('/settings')
def manage_bot():
"""
Restricted area. Deliver the bot settings page.
:return:
"""
uname = bottle.request.get_cookie("account", secret=secret)
if uname is not None:
return bottle.static_file("../static/bot.html", root='../static')
else:
bottle.abort(401, "Sorry, access denied.")
2018-01-08 00:16:34 +00:00
@app.route('/enable')
def enable():
email = bottle.request.get_cookie("account", secret=secret)
db.cur.execute("MODIFY user.enabled = 1 WHERE email=?;", (email)) # :todo is this correct SQL?
db.conn.commit()
return bottle.static_file("../static/bot.html", root='../static')
@app.route('/static/<filename:path>')
def static(filename):
"""
Serve static files
"""
2018-02-17 11:31:49 +00:00
if filename == "bot.html":
bottle.abort(401, "Sorry, access denied.")
return bottle.static_file(filename, root='../static')
@app.route('/')
def show_index():
"""
The front "index" page
:return: /static/index.html
"""
return bottle.static_file("../static/index.html", root='../static')
class StripPathMiddleware(object):
"""
Get that slash out of the request
"""
def __init__(self, a):
self.a = a
def __call__(self, e, h):
e['PATH_INFO'] = e['PATH_INFO'].rstrip('/')
return self.a(e, h)
if __name__ == "__main__":
2018-01-26 16:54:11 +00:00
global config
2018-01-08 21:56:05 +00:00
with open('../config.toml') as configfile:
config = toml.load(configfile)
global db
2018-01-08 21:56:05 +00:00
global secret
secret = os.urandom(32)
db = Datagetter()
try:
bottle.run(app=StripPathMiddleware(app), host='0.0.0.0', port=8080)
finally:
db.conn.close()