From 6074076841df7037650e92f1675fb82a9d80b836 Mon Sep 17 00:00:00 2001 From: chabisik Date: Thu, 22 Dec 2022 21:39:32 +0100 Subject: [PATCH] Adding security mechanisms --- __pycache__/datasaver.cpython-38.pyc | Bin 0 -> 4735 bytes myapp.py | 160 +++++++++++++++++++++++++-- 2 files changed, 148 insertions(+), 12 deletions(-) create mode 100644 __pycache__/datasaver.cpython-38.pyc diff --git a/__pycache__/datasaver.cpython-38.pyc b/__pycache__/datasaver.cpython-38.pyc new file mode 100644 index 0000000000000000000000000000000000000000..9fbd46f10bba9b189c0c108249d701380ec8f2f1 GIT binary patch literal 4735 zcmcIoUvJyU5#Qw>NtR{VaeR)GI6bBpz-H^SgSLlW(>OR^WA_3iN_uhIKtRD`w5yml zMbgWaT@&<69iUH#et|yNKwt8e_}Zre{Q$*1b!JIRlq_Fy52d5!?(Dzc{APA$ncvUM z)CoNQ`RhMAw-yNbCpOBD0gW%<7wwjih54_EUHccTMOqy!%g>m3OyqnAbgb%Xmr>=Bgg`EQ~v}#9+#b)G%oDsLq1%aE=+VMBGgPg@|Lnz}c&+Cia2N%0KXjRGWJb*Wu9yP- z1UgQ;iE_v5I{AzbMBD)Jcb{(Tg+0FE9(4BHw_fZWY`o~l-eI3_u&@_OXfxn9c8|DN zj{u$Hc!4J!rwWtfCKQBL=o0)jNrNttWT9k^^~=FKBL*;G(!c-$8Yu;m$U!x30(DF8 zfcAZmJtmT-n$*s;cum#7XT_7e?>0F%QZNc7!9&$&!l+$UtL#@{T##x{$)6TZjna4n z#~;37K>r8YvTFi$$m*bU5KA}c@XYK2Nix&DKxP#;iog`WClH*OLBAKBw5tJgg>X-7 zQ_SJy=}0-AqpV~exqhE#(_FYQce-E<@WUfTb6(8D6tM&a@>Y=7q;z6bBh9pO z1_uB*TK^;YjQoy#P2NBR0cSN@85JM2%s`LKj9$oiM(j#Xpb-L3*_7Ze^Syw_nHfvr zMM_bz2q5jMB1_zbdV4kw`=W#Nd(a#EbG2zzP? zT))I*lQw7#{*vXZOb#cFaEhL&!%uO#29@hL9WVu6i7X*A0wOW7HARF{*fxf`X3gV0 zS2{9ua@0!Iag7>xe>0i{@ zO6l!Ov>$S`S#v9nxsYBMYzq;Bb%(&mG3xKQd;sgl$Q43MX3M~!w?na~co56LOMeCp zi6H&c3{Q8MOndMne8-wF$6gP-B%DvGIimR0h&nHdZYrQ-e) z{R$4mxRw`q;2;n}@LGjh0e_Jub7lD0eLen%FmVF@`2s(j7f2H31oYw>^a58DvsmD9 z7D&(-WYvqVcnxBVnJ{)$%!qJ1QdRErBLarnY;LJhATIzYm_T^g-O283~M` zI-GG^A39cMV4xh=_A{7)q!j141`al_f&XiDlH4d;N-cWDRH*#W^>g42Fb_>BDsx!5 za!_$YIJ6kS#V@fK^O$M1kqYYZBj_*80B~+yfs>CK0fod2&Lf8UlzdZMGKNrS?zc2Y zF$Q3!<8xOyd2)$2hY$>!+%7{H88_k*BSGN~g2~ z=8o&f+)n%=rwy_+pu+0`0>Zp+xd9ts#2ppF*jfz(UZ9P*u<$l<4a^ddWM=}>VXhy= ze0l4b06TdEc`Thy&G>aF2yzzTt8iT}c99XwxG^-!P z5$`Csv#n47lA_%iFdbaOQu1I#HwB=)_GSy*$WC6Ag7^Sm7=Wh8=@oSDk?Z;HTX0S< zm|&XZ&ecux&<`Y>ltW((n=$Tl344^)S9DIW`RZ{PtiX}&cHs+8sa!ID9}MbScr3sp z{McGSE3H`Fe$YWP+sX0>tPval?6fQx;F>`8{|DUNYr(DBHWiqL#jhr09Al6B(Kcop z%)Uh3=vn& zh?_VWuh;@Fl;S5?tYh(WEYzh=Y4tfa5xn>{7LTzQrd3r_AA^{s@xCA9nl(CCt=H;P zb+cyRU%g(_@hxx^!t1$S0FVrDE!j4EC-A)w*OrJOd8|HrjQG}7U literal 0 HcmV?d00001 diff --git a/myapp.py b/myapp.py index 15fc95f..5748321 100644 --- a/myapp.py +++ b/myapp.py @@ -4,19 +4,142 @@ import flask import evdev import requests import time +import datasaver +import argparse import threading import subprocess import urllib.parse +parser = argparse.ArgumentParser(description="To set up database location and intial values by system administrator") +parser.add_argument("--setDatabase", type=int, default=0, help="Wether system administrator want to set up database (1) or not (0)") +set_database = parser.parse_args().setDatabase + app = flask.Flask(import_name=__name__, template_folder=".") +actuator_locker = threading.Lock() +database_locker = threading.Lock() + +def database_setter(): + database_location = "" + database_location_ok = False + #---trying to retrieve a previously used path--- + if os.path.exists("database_location_path.pickle"): + dp = datasaver.DataPockets("database_location_path") + try: + previously_set_path = dp.get("database_location")[0] + decision = None + while decision!="yes" and decision!="no": + print("A previsouly used path was detected:",previously_set_path) + decision = str(input("Use it? ('yes'/'no'): ")) + except: + pass + if decision=="yes": + database_location = previously_set_path + database_location_ok = True + #---setting or creating a path--- + while database_location_ok != True: + database_location = str(input("Enter absolute path of folder containing 'database.pickle' to use: ")) + if not os.path.exists(database_location): + decision = None + while decision!="yes" and decision!="no": + print("path '",database_location,"' does not exist!") + decision = str(input("Create it? ('yes'/'no'): ")) + if decision=="yes": + try: + os.makedirs(database_location) + database_location_ok = True + except: + print("An error occurs during path creation!") + database_location_ok = False + else: + database_location_ok = False + else: + database_location_ok = True + #---add defined path into history--- + dp = datasaver.DataPockets("database_location_path") + dp.append_as_it(pocket_name="database_location", what_to_append=database_location, erase_first=True) + dp.save() + #---adding 'database_location' into paths where python will search for files--- + sys.path.insert(0,database_location) + #---open database--- + trusted_admins_ok = True + dp = datasaver.DataPockets(filename="database",directory_path=database_location) + try: + trusted_admins = dp.get(pocket_name="trusted_admins") + print("Current trusted admins:") + for admin in trusted_admins: print(admin) + except: + print("There is no trusted admins: database will be cleared") + dp.append_as_it(pocket_name="trusted_admins", what_to_append="init", erase_first=True) + dp.append_as_it(pocket_name="upgraded_to_admins", what_to_append="init", erase_first=True) + dp.append_as_it(pocket_name="road_to_admin", what_to_append="init", erase_first=True) + dp.append_as_it(pocket_name="guests", what_to_append="init", erase_first=True) + dp.append_as_it(pocket_name="removed", what_to_append="init", erase_first=True) + trusted_admins_ok = False + if trusted_admins_ok: + try: + upgraded_to_admins = dp.get(pocket_name="upgraded_to_admins") + print("Current upgraded admins:") + for admin in upgraded_to_admins: print(admin) + except: + dp.append_as_it(pocket_name="upgraded_to_admins", what_to_append="empty", erase_first=True) + dp.clear_pocket(pocket_name="upgraded_to_admins") + try: + futur_admins = dp.get(pocket_name="road_to_admin") + print("Current in road_to_admin:") + for futur_admin in futur_admins: print(futur_admin) + except: + dp.append_as_it(pocket_name="road_to_admin", what_to_append="empty", erase_first=True) + dp.clear_pocket(pocket_name="road_to_admin") + try: + guests = dp.get(pocket_name="guests") + print("Current guests:") + for guest in guests: print(guest) + except: + dp.append_as_it(pocket_name="guests", what_to_append="empty", erase_first=True) + dp.clear_pocket(pocket_name="guests") + try: + rems = dp.get(pocket_name="removed") + print("Already removed:") + for rem in rems: print(rem) + except: + dp.append_as_it(pocket_name="removed", what_to_append="empty", erase_first=True) + dp.clear_pocket(pocket_name="removed") + dp.save() + #---filling trusted admins--- + decision = None + while decision!="yes" and decision!="no": + decision = str(input("Would you like to insert trusted admins? ('yes'/'no'): ")) + if decision=="yes": + print("INFO: end insertion by typing 'end'") + admin_to_insert = None + while admin_to_insert!="end": + admin_to_insert = str(input("Enter a trusted admin phone number: ")) + if admin_to_insert!="end": dp.append_as_it(pocket_name="trusted_admins", what_to_append=admin_to_insert) + dp.save() + #---generate or change config file values--- + if not os.path.exists(database_location+"/config.py"): + subprocess.run("touch "+database_location+"/config.py", shell=True, executable="/bin/bash") + #---entering SMS keywords--- + decision = None + while decision!="yes" and decision!="no": + decision = str(input("Would you like to change SMS keywords? ('yes'/'no'): ")) + if decision=="yes": + keywords = [] + print("INFO: end insertion by typing 'end'") + keyword = None + while keyword!="end": + keyword = str(input("Enter a keyword to detected for actioning actuator: ")) + keywords.append(keyword) + subprocess.run("echo \"KEYWORDS="+str(keywords)+"\" >> "+database_location+"/config.py", shell=True, executable="/bin/bash") + #---entering internet option password--- + decision = None + while decision!="yes" and decision!="no": + decision = str(input("Would you like to change internet option password? ('yes'/'no'): ")) + if decision=="yes": + passw = str(input("Enter the password: ")) + subprocess.run("echo \"INTERNET_PWD='"+passw+"'\" >> "+database_location+"/config.py", shell=True, executable="/bin/bash") -try: - sys.path.insert(0,'/home/pi/information') - import config -except: - print("Unable to add 'information' folder into system path OR 'config.py' not found") -lock = threading.Lock() def opener(lck): with lck: for _ in range(5): @@ -69,8 +192,8 @@ def receiver_from_internet(): data = flask.request.get_data(as_text=True) data_dict = urllib.parse.parse_qs(qs=data) print(data_dict) - if "pwd_retriever" in data_dict and data_dict["pwd_retriever"][0]=='please': - op = threading.Thread(target=opener, args=(lock,)) + if "pwd_retriever" in data_dict and data_dict["pwd_retriever"][0]==config.INTERNET_PWD: + op = threading.Thread(target=opener, args=(actuator_locker,)) op.start() return flask.render_template("success.html") else: @@ -85,9 +208,11 @@ def receiver(): response_events = {"events":[]} #---action=incoming--- if "action" in data_dict and data_dict["action"]=="incoming": - if "please" in data_dict["message"].lower(): - op = threading.Thread(target=opener, args=(lock,)) - op.start() + for keyword in config.KEYWORDS: + if keyword in data_dict["message"].lower(): + op = threading.Thread(target=opener, args=(actuator_locker,)) + op.start() + break response_events["events"].append({"event":"log","message":"Server received "+data_dict["message_type"]+" from "+data_dict["from"]}) return flask.jsonify(response_events) #---action=outgoing--- @@ -114,7 +239,18 @@ def receiver(): if __name__=="__main__": - remote_handler_thread = threading.Thread(target=remote_handler, args=(lock,)) + if set_database==1: database_setter() + else: + dp = datasaver.DataPockets("database_location_path") + try: + database_location = dp.get("database_location")[0] + sys.path.insert(0,database_location) + except: + print("Unable to find database location folder") + exit(-1) + #---import config file--- + import config + remote_handler_thread = threading.Thread(target=remote_handler, args=(actuator_locker,)) remote_handler_thread.start() localtunnel_thread = threading.Thread(target=localtunnel_launcher) localtunnel_thread.start()