From 2d9529ba0c3bf13aae7a8fa2ab5b4a629b1f7e56 Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Sun, 29 Jan 2023 16:54:02 -0500 Subject: [PATCH] Add cookie secret to DB Allow users to reset cookie and api secret Add Crafty row to table on fresh install Change inserts to updates for crafty settings table. --- .../controllers/management_controller.py | 8 +++++ app/classes/models/management.py | 29 ++++++++++++++++++- app/classes/shared/helpers.py | 3 +- app/classes/shared/main_models.py | 5 +++- app/classes/web/tornado_handler.py | 10 +++++-- app/migrations/20230129_secrets_shh.py | 16 ++++++++++ main.py | 16 +++++++++- 7 files changed, 79 insertions(+), 8 deletions(-) create mode 100644 app/migrations/20230129_secrets_shh.py diff --git a/app/classes/controllers/management_controller.py b/app/classes/controllers/management_controller.py index dc0f5422..2811dce4 100644 --- a/app/classes/controllers/management_controller.py +++ b/app/classes/controllers/management_controller.py @@ -46,6 +46,14 @@ class ManagementController: def get_crafty_api_key(): return HelpersManagement.get_secret_api_key() + @staticmethod + def set_cookie_secret(key): + HelpersManagement.set_cookie_secret(key) + + @staticmethod + def add_crafty_row(): + HelpersManagement.create_crafty_row() + # ********************************************************************************** # Commands Methods # ********************************************************************************** diff --git a/app/classes/models/management.py b/app/classes/models/management.py index bb183eef..c2b5afde 100644 --- a/app/classes/models/management.py +++ b/app/classes/models/management.py @@ -43,6 +43,7 @@ class AuditLog(BaseModel): # ********************************************************************************** class CraftySettings(BaseModel): secret_api_key = CharField(default="") + cookie_secret = CharField(default="") login_photo = CharField(default="login_1.jpg") login_opacity = IntegerField(default=100) @@ -204,9 +205,22 @@ class HelpersManagement: else: return + @staticmethod + def create_crafty_row(): + CraftySettings.insert( + { + CraftySettings.secret_api_key: "", + CraftySettings.cookie_secret: "", + CraftySettings.login_photo: "login_1.jpg", + CraftySettings.login_opacity: 100, + } + ).execute() + @staticmethod def set_secret_api_key(key): - CraftySettings.insert(secret_api_key=key).execute() + CraftySettings.update({CraftySettings.secret_api_key: key}).where( + CraftySettings.id == 1 + ).execute() @staticmethod def get_secret_api_key(): @@ -215,6 +229,19 @@ class HelpersManagement: ) return settings[0].secret_api_key + @staticmethod + def get_cookie_secret(): + settings = CraftySettings.select(CraftySettings.cookie_secret).where( + CraftySettings.id == 1 + ) + return settings[0].cookie_secret + + @staticmethod + def set_cookie_secret(key): + CraftySettings.update({CraftySettings.cookie_secret: key}).where( + CraftySettings.id == 1 + ).execute() + # ********************************************************************************** # Config Methods # ********************************************************************************** diff --git a/app/classes/shared/helpers.py b/app/classes/shared/helpers.py index 4efe355a..f3643362 100644 --- a/app/classes/shared/helpers.py +++ b/app/classes/shared/helpers.py @@ -403,8 +403,6 @@ class Helpers: "https_port": 8443, "language": "en_EN", "cookie_expire": 30, - "cookie_secret": "random", - "apikey_secret": "random", "show_errors": True, "history_max_age": 7, "stats_update_frequency": 30, @@ -418,6 +416,7 @@ class Helpers: "keywords": ["help", "chunk"], "allow_nsfw_profile_pictures": False, "enable_user_self_delete": False, + "reset_secrets_on_boot": False, } def get_all_settings(self): diff --git a/app/classes/shared/main_models.py b/app/classes/shared/main_models.py index 7c43a131..4bfca52c 100644 --- a/app/classes/shared/main_models.py +++ b/app/classes/shared/main_models.py @@ -8,9 +8,10 @@ logger = logging.getLogger(__name__) class DatabaseBuilder: - def __init__(self, database, helper, users_helper): + def __init__(self, database, helper, users_helper, management_helper): self.database = database self.helper = helper + self.management_helper = management_helper self.users_helper = users_helper def default_settings(self): @@ -29,6 +30,8 @@ class DatabaseBuilder: manager=None, ) + self.management_helper.create_crafty_row() + def is_fresh_install(self): try: num_user = self.users_helper.get_user_total() diff --git a/app/classes/web/tornado_handler.py b/app/classes/web/tornado_handler.py index 4feae695..d0413beb 100644 --- a/app/classes/web/tornado_handler.py +++ b/app/classes/web/tornado_handler.py @@ -11,6 +11,7 @@ import tornado.escape import tornado.locale import tornado.httpserver +from app.classes.models.management import HelpersManagement from app.classes.shared.console import Console from app.classes.shared.helpers import Helpers from app.classes.shared.main_controller import Controller @@ -110,10 +111,13 @@ class Webserver: https_port = self.helper.get_setting("https_port") debug_errors = self.helper.get_setting("show_errors") - cookie_secret = self.helper.get_setting("cookie_secret") - - if cookie_secret is False: + try: + cookie_secret = HelpersManagement.get_cookie_secret() + except: + cookie_secret = False + if cookie_secret is False or cookie_secret == "": cookie_secret = self.helper.random_string_generator(32) + HelpersManagement.set_cookie_secret(cookie_secret) if not http_port: http_port = 8000 diff --git a/app/migrations/20230129_secrets_shh.py b/app/migrations/20230129_secrets_shh.py new file mode 100644 index 00000000..5610f6e0 --- /dev/null +++ b/app/migrations/20230129_secrets_shh.py @@ -0,0 +1,16 @@ +# Generated by database migrator +import peewee + + +def migrate(migrator, database, **kwargs): + migrator.add_columns("crafty_settings", cookie_secret=peewee.CharField(default="")) + """ + Write your migrations here. + """ + + +def rollback(migrator, database, **kwargs): + migrator.drop_columns("crafty_settings", ["cookie_secret"]) + """ + Write your rollback migrations here. + """ diff --git a/main.py b/main.py index accc8bfa..3db1ea07 100644 --- a/main.py +++ b/main.py @@ -14,6 +14,7 @@ from app.classes.shared.import3 import Import3 from app.classes.shared.console import Console from app.classes.shared.helpers import Helpers from app.classes.models.users import HelperUsers +from app.classes.models.management import HelpersManagement from app.classes.shared.import_helper import ImportHelpers console = Console() @@ -124,7 +125,8 @@ if __name__ == "__main__": # do our installer stuff user_helper = HelperUsers(database, helper) - installer = DatabaseBuilder(database, helper, user_helper) + management_helper = HelpersManagement(database, helper) + installer = DatabaseBuilder(database, helper, user_helper, management_helper) FRESH_INSTALL = installer.is_fresh_install() if FRESH_INSTALL: @@ -145,6 +147,18 @@ if __name__ == "__main__": Console.info("Checking for remote changes to config.json") controller.get_config_diff() Console.info("Remote change complete.") + + Console.info("Checking for reset secret flag") + if helper.get_setting("reset_secrets_on_boot"): + Console.info("Found Reset") + controller.management.set_crafty_api_key( + str(helper.random_string_generator(64)) + ) + controller.management.set_cookie_secret(str(helper.random_string_generator(32))) + helper.set_setting("reset_secrets_on_boot", False) + else: + Console.info("No flag found. Secrets are staying") + import3 = Import3(helper, controller) tasks_manager = TasksManager(helper, controller) tasks_manager.start_webserver()