From 1ab1a55a4f809cc531b719133c7c0bb1c5cbc0d2 Mon Sep 17 00:00:00 2001 From: Terrtia Date: Thu, 2 May 2019 17:31:14 +0200 Subject: [PATCH] chg: [UI] add basic user management --- bin/packages/User.py | 36 +++++++++ pip3_packages_requirement.txt | 4 +- var/www/Flask_server.py | 54 ++++++++++++- .../modules/PasteSubmit/Flask_PasteSubmit.py | 14 ++++ var/www/modules/Tags/Flask_Tags.py | 22 +++++ .../modules/hashDecoded/Flask_hashDecoded.py | 17 ++++ .../hiddenServices/Flask_hiddenServices.py | 20 +++++ .../modules/rawSkeleton/Flask_rawSkeleton.py | 2 + var/www/modules/search/Flask_search.py | 3 + var/www/modules/sentiment/Flask_sentiment.py | 5 ++ var/www/modules/settings/Flask_settings.py | 3 + var/www/modules/showpaste/Flask_showpaste.py | 10 +++ var/www/modules/terms/Flask_terms.py | 15 ++++ .../trendingcharts/Flask_trendingcharts.py | 5 ++ .../trendingmodules/Flask_trendingmodules.py | 4 + var/www/templates/login.html | 81 +++++++++++++++++++ 16 files changed, 293 insertions(+), 2 deletions(-) create mode 100755 bin/packages/User.py create mode 100644 var/www/templates/login.html diff --git a/bin/packages/User.py b/bin/packages/User.py new file mode 100755 index 00000000..b46069f1 --- /dev/null +++ b/bin/packages/User.py @@ -0,0 +1,36 @@ +#!/usr/bin/env python3 +# -*-coding:UTF-8 -* + +import redis + +from flask_login import UserMixin + +class User(UserMixin): + + def __init__(self, id): + self.id = 'abcdef' + + # return True or False + #def is_authenticated(): + + # return True or False + #def is_active(): + + # return True or False + #def is_anonymous(): + + @classmethod + def get(self_class, id): + print(id) + return self_class(id) + + def check_password(self, password): + print(self.id) + if password=='admin': + print('password ok') + return True + else: + return False + + def set_password(self): + return True diff --git a/pip3_packages_requirement.txt b/pip3_packages_requirement.txt index 3991e158..4f9d1f87 100644 --- a/pip3_packages_requirement.txt +++ b/pip3_packages_requirement.txt @@ -43,9 +43,11 @@ psutil phonenumbers ipython -flask texttable +flask +flask-login + #DomainClassifier DomainClassifier #Indexer requirements diff --git a/var/www/Flask_server.py b/var/www/Flask_server.py index 95433757..907f1fd4 100755 --- a/var/www/Flask_server.py +++ b/var/www/Flask_server.py @@ -3,11 +3,14 @@ import redis import configparser +import random import json import datetime import time import calendar -from flask import Flask, render_template, jsonify, request, Request +from flask import Flask, render_template, jsonify, request, Request, session, redirect, url_for +from flask_login import LoginManager, current_user, login_user, logout_user, login_required + import flask import importlib import os @@ -18,6 +21,8 @@ sys.path.append('./modules/') import Paste from Date import Date +from User import User + from pytaxonomies import Taxonomies # Import config @@ -34,6 +39,18 @@ Flask_config.app = Flask(__name__, static_url_path=baseUrl+'/static/') app = Flask_config.app app.config['MAX_CONTENT_LENGTH'] = 900 * 1024 * 1024 +# ========= session ======== +app.secret_key = str(random.getrandbits(256)) +login_manager = LoginManager() +login_manager.login_view = 'login' +login_manager.init_app(app) + +# ========= LOGIN MANAGER ======== + +@login_manager.user_loader +def load_user(user_id): + return User.get(user_id) + # ========= HEADER GENERATION ======== # Get headers items that should be ignored (not displayed) @@ -118,6 +135,41 @@ def add_header(response): return response # ========== ROUTES ============ +@app.route('/login', methods=['POST', 'GET']) +def login(): + if request.method == 'POST': + username = request.form.get('username') + password = request.form.get('password') + next_page = request.form.get('next_page') + + print(username) + print(password) + + if username is not None: + user = User.get(username) + #print(user.is_anonymous) + #print('auth') # TODO: overwrite + #print(user.is_authenticated) + if user and user.check_password(password): + login_user(user) ## TODO: use remember me ? + return redirect(url_for('dashboard.index')) + else: + return 'incorrect password' + + return 'none' + + else: + next_page = request.args.get('next') + print(next_page) + return render_template("login.html", next_page=next_page) + +@app.route('/logout') +@login_required +def logout(): + logout_user() + return redirect(url_for('dashboard.index')) + + @app.route('/searchbox/') def searchbox(): return render_template("searchbox.html") diff --git a/var/www/modules/PasteSubmit/Flask_PasteSubmit.py b/var/www/modules/PasteSubmit/Flask_PasteSubmit.py index cc38de77..eba8541a 100644 --- a/var/www/modules/PasteSubmit/Flask_PasteSubmit.py +++ b/var/www/modules/PasteSubmit/Flask_PasteSubmit.py @@ -6,6 +6,7 @@ ''' import redis from flask import Flask, render_template, jsonify, request, Blueprint, url_for, redirect +from flask_login import login_required import unicodedata import string @@ -273,6 +274,7 @@ def hive_create_case(hive_tlp, threat_level, hive_description, hive_case_title, # ============= ROUTES ============== @PasteSubmit.route("/PasteSubmit/", methods=['GET']) +@login_required def PasteSubmit_page(): #active taxonomies active_taxonomies = r_serv_tags.smembers('active_taxonomies') @@ -285,6 +287,7 @@ def PasteSubmit_page(): active_galaxies = active_galaxies) @PasteSubmit.route("/PasteSubmit/submit", methods=['POST']) +@login_required def submit(): #paste_name = request.form['paste_name'] @@ -385,6 +388,7 @@ def submit(): return PasteSubmit_page() @PasteSubmit.route("/PasteSubmit/submit_status", methods=['GET']) +@login_required def submit_status(): UUID = request.args.get('UUID') @@ -451,6 +455,7 @@ def submit_status(): @PasteSubmit.route("/PasteSubmit/create_misp_event", methods=['POST']) +@login_required def create_misp_event(): distribution = int(request.form['misp_data[Event][distribution]']) @@ -473,6 +478,7 @@ def create_misp_event(): return 'error0' @PasteSubmit.route("/PasteSubmit/create_hive_case", methods=['POST']) +@login_required def create_hive_case(): hive_tlp = int(request.form['hive_tlp']) @@ -495,6 +501,7 @@ def create_hive_case(): return 'error' @PasteSubmit.route("/PasteSubmit/edit_tag_export") +@login_required def edit_tag_export(): misp_auto_events = r_serv_db.get('misp:auto-events') hive_auto_alerts = r_serv_db.get('hive:auto-alerts') @@ -559,6 +566,7 @@ def edit_tag_export(): flag_hive=flag_hive) @PasteSubmit.route("/PasteSubmit/tag_export_edited", methods=['POST']) +@login_required def tag_export_edited(): tag_enabled_misp = request.form.getlist('tag_enabled_misp') tag_enabled_hive = request.form.getlist('tag_enabled_hive') @@ -583,26 +591,31 @@ def tag_export_edited(): return redirect(url_for('PasteSubmit.edit_tag_export')) @PasteSubmit.route("/PasteSubmit/enable_misp_auto_event") +@login_required def enable_misp_auto_event(): r_serv_db.set('misp:auto-events', 1) return edit_tag_export() @PasteSubmit.route("/PasteSubmit/disable_misp_auto_event") +@login_required def disable_misp_auto_event(): r_serv_db.set('misp:auto-events', 0) return edit_tag_export() @PasteSubmit.route("/PasteSubmit/enable_hive_auto_alert") +@login_required def enable_hive_auto_alert(): r_serv_db.set('hive:auto-alerts', 1) return edit_tag_export() @PasteSubmit.route("/PasteSubmit/disable_hive_auto_alert") +@login_required def disable_hive_auto_alert(): r_serv_db.set('hive:auto-alerts', 0) return edit_tag_export() @PasteSubmit.route("/PasteSubmit/add_push_tag") +@login_required def add_push_tag(): tag = request.args.get('tag') if tag is not None: @@ -620,6 +633,7 @@ def add_push_tag(): return 'None args', 400 @PasteSubmit.route("/PasteSubmit/delete_push_tag") +@login_required def delete_push_tag(): tag = request.args.get('tag') diff --git a/var/www/modules/Tags/Flask_Tags.py b/var/www/modules/Tags/Flask_Tags.py index 3cc08159..ec329b30 100644 --- a/var/www/modules/Tags/Flask_Tags.py +++ b/var/www/modules/Tags/Flask_Tags.py @@ -6,6 +6,7 @@ ''' import redis from flask import Flask, render_template, jsonify, request, Blueprint, redirect, url_for +from flask_login import login_required import json import datetime @@ -218,6 +219,7 @@ def update_tag_last_seen(tag, tag_first_seen, tag_last_seen): # ============= ROUTES ============== @Tags.route("/tags/", methods=['GET']) +@login_required def Tags_page(): date_from = request.args.get('date_from') date_to = request.args.get('date_to') @@ -351,6 +353,7 @@ def Tags_page(): @Tags.route("/Tags/get_all_tags") +@login_required def get_all_tags(): all_tags = r_serv_tags.smembers('list_tags') @@ -373,6 +376,7 @@ def get_all_tags(): return jsonify(list_tags) @Tags.route("/Tags/get_all_tags_taxonomies") +@login_required def get_all_tags_taxonomies(): taxonomies = Taxonomies() @@ -390,6 +394,7 @@ def get_all_tags_taxonomies(): return jsonify(list_tags) @Tags.route("/Tags/get_all_tags_galaxies") +@login_required def get_all_tags_galaxy(): active_galaxies = r_serv_tags.smembers('active_galaxies') @@ -403,6 +408,7 @@ def get_all_tags_galaxy(): return jsonify(list_tags) @Tags.route("/Tags/get_tags_taxonomie") +@login_required def get_tags_taxonomie(): taxonomie = request.args.get('taxonomie') @@ -429,6 +435,7 @@ def get_tags_taxonomie(): return 'INCORRECT INPUT' @Tags.route("/Tags/get_tags_galaxy") +@login_required def get_tags_galaxy(): galaxy = request.args.get('galaxy') @@ -449,6 +456,7 @@ def get_tags_galaxy(): return 'this galaxy is disable' @Tags.route("/Tags/remove_tag") +@login_required def remove_tag(): #TODO verify input @@ -460,6 +468,7 @@ def remove_tag(): return redirect(url_for('showsavedpastes.showsavedpaste', paste=path)) @Tags.route("/Tags/confirm_tag") +@login_required def confirm_tag(): #TODO verify input @@ -478,6 +487,7 @@ def confirm_tag(): return 'incompatible tag' @Tags.route("/Tags/tag_validation") +@login_required def tag_validation(): path = request.args.get('paste') @@ -498,6 +508,7 @@ def tag_validation(): return 'input error' @Tags.route("/Tags/addTags") +@login_required def addTags(): tags = request.args.get('tags') @@ -547,6 +558,7 @@ def addTags(): @Tags.route("/Tags/taxonomies") +@login_required def taxonomies(): active_taxonomies = r_serv_tags.smembers('active_taxonomies') @@ -583,6 +595,7 @@ def taxonomies(): n_tags=n_tags) @Tags.route("/Tags/edit_taxonomie") +@login_required def edit_taxonomie(): taxonomies = Taxonomies() @@ -631,6 +644,7 @@ def edit_taxonomie(): return 'INVALID TAXONOMIE' @Tags.route("/Tags/disable_taxonomie") +@login_required def disable_taxonomie(): taxonomies = Taxonomies() @@ -651,6 +665,7 @@ def disable_taxonomie(): @Tags.route("/Tags/active_taxonomie") +@login_required def active_taxonomie(): taxonomies = Taxonomies() @@ -670,6 +685,7 @@ def active_taxonomie(): return "INCORRECT INPUT" @Tags.route("/Tags/edit_taxonomie_tag") +@login_required def edit_taxonomie_tag(): taxonomies = Taxonomies() @@ -712,6 +728,7 @@ def edit_taxonomie_tag(): return "INCORRECT INPUT" @Tags.route("/Tags/galaxies") +@login_required def galaxies(): active_galaxies = r_serv_tags.smembers('active_galaxies') @@ -758,6 +775,7 @@ def galaxies(): @Tags.route("/Tags/edit_galaxy") +@login_required def edit_galaxy(): id = request.args.get('galaxy') @@ -825,6 +843,7 @@ def edit_galaxy(): @Tags.route("/Tags/active_galaxy") +@login_required def active_galaxy(): id = request.args.get('galaxy') @@ -869,6 +888,7 @@ def active_galaxy(): @Tags.route("/Tags/disable_galaxy") +@login_required def disable_galaxy(): id = request.args.get('galaxy') @@ -889,6 +909,7 @@ def disable_galaxy(): @Tags.route("/Tags/edit_galaxy_tag") +@login_required def edit_galaxy_tag(): arg1 = request.args.getlist('tag_enabled') @@ -961,6 +982,7 @@ def edit_galaxy_tag(): return "INCORRECT INPUT" @Tags.route("/Tags/tag_galaxy_info") +@login_required def tag_galaxy_info(): galaxy = request.args.get('galaxy') diff --git a/var/www/modules/hashDecoded/Flask_hashDecoded.py b/var/www/modules/hashDecoded/Flask_hashDecoded.py index 8a7945d2..db60e0c8 100644 --- a/var/www/modules/hashDecoded/Flask_hashDecoded.py +++ b/var/www/modules/hashDecoded/Flask_hashDecoded.py @@ -15,6 +15,7 @@ import zipfile import requests from flask import Flask, render_template, jsonify, request, Blueprint, redirect, url_for, send_file +from flask_login import login_required # ============ VARIABLES ============ import Flask_config @@ -97,6 +98,7 @@ def one(): # ============= ROUTES ============== @hashDecoded.route("/hashDecoded/all_hash_search", methods=['POST']) +@login_required def all_hash_search(): date_from = request.form.get('date_from') date_to = request.form.get('date_to') @@ -107,6 +109,7 @@ def all_hash_search(): @hashDecoded.route("/hashDecoded/", methods=['GET']) +@login_required def hashDecoded_page(): date_from = request.args.get('date_from') date_to = request.args.get('date_to') @@ -224,6 +227,7 @@ def hashDecoded_page(): @hashDecoded.route('/hashDecoded/hash_by_type') +@login_required def hash_by_type(): type = request.args.get('type') type = 'text/plain' @@ -231,12 +235,14 @@ def hash_by_type(): @hashDecoded.route('/hashDecoded/hash_hash') +@login_required def hash_hash(): hash = request.args.get('hash') return render_template('hash_hash.html') @hashDecoded.route('/hashDecoded/showHash') +@login_required def showHash(): hash = request.args.get('hash') #hash = 'e02055d3efaad5d656345f6a8b1b6be4fe8cb5ea' @@ -290,6 +296,7 @@ def showHash(): @hashDecoded.route('/hashDecoded/downloadHash') +@login_required def downloadHash(): hash = request.args.get('hash') # sanitize hash @@ -326,6 +333,7 @@ def downloadHash(): @hashDecoded.route('/hashDecoded/hash_by_type_json') +@login_required def hash_by_type_json(): type = request.args.get('type') @@ -359,6 +367,7 @@ def hash_by_type_json(): @hashDecoded.route('/hashDecoded/decoder_type_json') +@login_required def decoder_type_json(): date_from = request.args.get('date_from') date_to = request.args.get('date_to') @@ -414,6 +423,7 @@ def decoder_type_json(): @hashDecoded.route('/hashDecoded/top5_type_json') +@login_required def top5_type_json(): date_from = request.args.get('date_from') date_to = request.args.get('date_to') @@ -472,6 +482,7 @@ def top5_type_json(): @hashDecoded.route('/hashDecoded/daily_type_json') +@login_required def daily_type_json(): date = request.args.get('date') @@ -491,6 +502,7 @@ def daily_type_json(): @hashDecoded.route('/hashDecoded/range_type_json') +@login_required def range_type_json(): date_from = request.args.get('date_from') date_to = request.args.get('date_to') @@ -547,6 +559,7 @@ def range_type_json(): @hashDecoded.route('/hashDecoded/hash_graph_line_json') +@login_required def hash_graph_line_json(): hash = request.args.get('hash') date_from = request.args.get('date_from') @@ -576,6 +589,7 @@ def hash_graph_line_json(): @hashDecoded.route('/hashDecoded/hash_graph_node_json') +@login_required def hash_graph_node_json(): hash = request.args.get('hash') @@ -643,6 +657,7 @@ def hash_graph_node_json(): @hashDecoded.route('/hashDecoded/hash_types') +@login_required def hash_types(): date_from = 20180701 date_to = 20180706 @@ -650,6 +665,7 @@ def hash_types(): @hashDecoded.route('/hashDecoded/send_file_to_vt_js') +@login_required def send_file_to_vt_js(): hash = request.args.get('hash') @@ -673,6 +689,7 @@ def send_file_to_vt_js(): @hashDecoded.route('/hashDecoded/update_vt_result') +@login_required def update_vt_result(): hash = request.args.get('hash') diff --git a/var/www/modules/hiddenServices/Flask_hiddenServices.py b/var/www/modules/hiddenServices/Flask_hiddenServices.py index fd68dc93..76c61667 100644 --- a/var/www/modules/hiddenServices/Flask_hiddenServices.py +++ b/var/www/modules/hiddenServices/Flask_hiddenServices.py @@ -12,6 +12,7 @@ import time import json from pyfaup.faup import Faup from flask import Flask, render_template, jsonify, request, Blueprint, redirect, url_for +from flask_login import login_required from Date import Date from HiddenServices import HiddenServices @@ -232,6 +233,7 @@ def delete_auto_crawler(url): # ============= ROUTES ============== @hiddenServices.route("/crawlers/", methods=['GET']) +@login_required def dashboard(): crawler_metadata_onion = get_crawler_splash_status('onion') crawler_metadata_regular = get_crawler_splash_status('regular') @@ -246,14 +248,17 @@ def dashboard(): statDomains_onion=statDomains_onion, statDomains_regular=statDomains_regular) @hiddenServices.route("/hiddenServices/2", methods=['GET']) +@login_required def hiddenServices_page_test(): return render_template("Crawler_index.html") @hiddenServices.route("/crawlers/manual", methods=['GET']) +@login_required def manual(): return render_template("Crawler_Splash_manual.html") @hiddenServices.route("/crawlers/crawler_splash_onion", methods=['GET']) +@login_required def crawler_splash_onion(): type = 'onion' last_onions = get_last_domains_crawled(type) @@ -271,6 +276,7 @@ def crawler_splash_onion(): crawler_metadata=crawler_metadata, date_from=date_string, date_to=date_string) @hiddenServices.route("/crawlers/Crawler_Splash_last_by_type", methods=['GET']) +@login_required def Crawler_Splash_last_by_type(): type = request.args.get('type') # verify user input @@ -293,6 +299,7 @@ def Crawler_Splash_last_by_type(): crawler_metadata=crawler_metadata, date_from=date_string, date_to=date_string) @hiddenServices.route("/crawlers/blacklisted_domains", methods=['GET']) +@login_required def blacklisted_domains(): blacklist_domain = request.args.get('blacklist_domain') unblacklist_domain = request.args.get('unblacklist_domain') @@ -327,6 +334,7 @@ def blacklisted_domains(): return 'Incorrect Type' @hiddenServices.route("/crawler/blacklist_domain", methods=['GET']) +@login_required def blacklist_domain(): domain = request.args.get('domain') type = request.args.get('type') @@ -348,6 +356,7 @@ def blacklist_domain(): return 'Incorrect type' @hiddenServices.route("/crawler/unblacklist_domain", methods=['GET']) +@login_required def unblacklist_domain(): domain = request.args.get('domain') type = request.args.get('type') @@ -369,6 +378,7 @@ def unblacklist_domain(): return 'Incorrect type' @hiddenServices.route("/crawlers/create_spider_splash", methods=['POST']) +@login_required def create_spider_splash(): url = request.form.get('url_to_crawl') automatic = request.form.get('crawler_type') @@ -444,6 +454,7 @@ def create_spider_splash(): return redirect(url_for('hiddenServices.manual')) @hiddenServices.route("/crawlers/auto_crawler", methods=['GET']) +@login_required def auto_crawler(): nb_element_to_display = 100 try: @@ -495,6 +506,7 @@ def auto_crawler(): auto_crawler_domain_regular_metadata=auto_crawler_domain_regular_metadata) @hiddenServices.route("/crawlers/remove_auto_crawler", methods=['GET']) +@login_required def remove_auto_crawler(): url = request.args.get('url') page = request.args.get('page') @@ -504,6 +516,7 @@ def remove_auto_crawler(): return redirect(url_for('hiddenServices.auto_crawler', page=page)) @hiddenServices.route("/crawlers/crawler_dashboard_json", methods=['GET']) +@login_required def crawler_dashboard_json(): crawler_metadata_onion = get_crawler_splash_status('onion') @@ -520,6 +533,7 @@ def crawler_dashboard_json(): # # TODO: refractor @hiddenServices.route("/hiddenServices/last_crawled_domains_with_stats_json", methods=['GET']) +@login_required def last_crawled_domains_with_stats_json(): last_onions = r_serv_onion.lrange('last_onion', 0 ,-1) list_onion = [] @@ -569,6 +583,7 @@ def last_crawled_domains_with_stats_json(): return jsonify({'last_onions': list_onion, 'statDomains': statDomains, 'crawler_metadata':crawler_metadata}) @hiddenServices.route("/hiddenServices/get_onions_by_daterange", methods=['POST']) +@login_required def get_onions_by_daterange(): date_from = request.form.get('date_from') date_to = request.form.get('date_to') @@ -580,6 +595,7 @@ def get_onions_by_daterange(): return redirect(url_for('hiddenServices.show_domains_by_daterange', date_from=date_from, date_to=date_to, service_type=service_type, domains_up=domains_up, domains_down=domains_down, domains_tags=domains_tags)) @hiddenServices.route("/hiddenServices/show_domains_by_daterange", methods=['GET']) +@login_required def show_domains_by_daterange(): date_from = request.args.get('date_from') date_to = request.args.get('date_to') @@ -684,6 +700,7 @@ def show_domains_by_daterange(): domains_tags=domains_tags, type=service_type, bootstrap_label=bootstrap_label) @hiddenServices.route("/crawlers/show_domain", methods=['GET']) +@login_required def show_domain(): domain = request.args.get('domain') epoch = request.args.get('epoch') @@ -754,6 +771,7 @@ def show_domain(): domain_tags=domain_tags, screenshot=screenshot) @hiddenServices.route("/hiddenServices/onion_son", methods=['GET']) +@login_required def onion_son(): onion_domain = request.args.get('onion_domain') @@ -764,6 +782,7 @@ def onion_son(): # ============= JSON ============== @hiddenServices.route("/hiddenServices/domain_crawled_7days_json", methods=['GET']) +@login_required def domain_crawled_7days_json(): type = 'onion' ## TODO: # FIXME: 404 error @@ -782,6 +801,7 @@ def domain_crawled_7days_json(): return jsonify(json_domain_stats) @hiddenServices.route('/hiddenServices/domain_crawled_by_type_json') +@login_required def domain_crawled_by_type_json(): current_date = request.args.get('date') type = request.args.get('type') diff --git a/var/www/modules/rawSkeleton/Flask_rawSkeleton.py b/var/www/modules/rawSkeleton/Flask_rawSkeleton.py index d17e2b33..fe6e1f66 100644 --- a/var/www/modules/rawSkeleton/Flask_rawSkeleton.py +++ b/var/www/modules/rawSkeleton/Flask_rawSkeleton.py @@ -6,6 +6,7 @@ ''' import redis from flask import Flask, render_template, jsonify, request, Blueprint +from flask_login import login_required # ============ VARIABLES ============ import Flask_config @@ -22,6 +23,7 @@ def one(): # ============= ROUTES ============== @rawSkeleton.route("/rawSkeleton/", methods=['GET']) +@login_required def skeleton_page(): return render_template("rawSkeleton.html") diff --git a/var/www/modules/search/Flask_search.py b/var/www/modules/search/Flask_search.py index 7405b1e9..866c0bfc 100644 --- a/var/www/modules/search/Flask_search.py +++ b/var/www/modules/search/Flask_search.py @@ -10,6 +10,7 @@ import os import datetime import flask from flask import Flask, render_template, jsonify, request, Blueprint +from flask_login import login_required import Paste from whoosh import index @@ -93,6 +94,7 @@ def to_iso_date(timestamp): # ============ ROUTES ============ @searches.route("/search", methods=['POST']) +@login_required def search(): query = request.form['query'] q = [] @@ -180,6 +182,7 @@ def search(): @searches.route("/get_more_search_result", methods=['POST']) +@login_required def get_more_search_result(): query = request.form['query'] q = [] diff --git a/var/www/modules/sentiment/Flask_sentiment.py b/var/www/modules/sentiment/Flask_sentiment.py index 9a86eaa4..14904558 100644 --- a/var/www/modules/sentiment/Flask_sentiment.py +++ b/var/www/modules/sentiment/Flask_sentiment.py @@ -10,6 +10,7 @@ import calendar from Date import Date import flask from flask import Flask, render_template, jsonify, request, Blueprint +from flask_login import login_required import Paste @@ -39,11 +40,13 @@ def get_date_range(num_day): # ============ ROUTES ============ @sentiments.route("/sentiment_analysis_trending/") +@login_required def sentiment_analysis_trending(): return render_template("sentiment_analysis_trending.html") @sentiments.route("/sentiment_analysis_getplotdata/", methods=['GET']) +@login_required def sentiment_analysis_getplotdata(): # Get the top providers based on number of pastes oneHour = 60*60 @@ -94,12 +97,14 @@ def sentiment_analysis_getplotdata(): @sentiments.route("/sentiment_analysis_plot_tool/") +@login_required def sentiment_analysis_plot_tool(): return render_template("sentiment_analysis_plot_tool.html") @sentiments.route("/sentiment_analysis_plot_tool_getdata/", methods=['GET']) +@login_required def sentiment_analysis_plot_tool_getdata(): getProviders = request.args.get('getProviders') diff --git a/var/www/modules/settings/Flask_settings.py b/var/www/modules/settings/Flask_settings.py index f8600f58..0563056a 100644 --- a/var/www/modules/settings/Flask_settings.py +++ b/var/www/modules/settings/Flask_settings.py @@ -5,6 +5,7 @@ Flask functions and routes for the settings modules page ''' from flask import Flask, render_template, jsonify, request, Blueprint, redirect, url_for +from flask_login import login_required import json import datetime @@ -74,6 +75,7 @@ def get_update_metadata(): # ============= ROUTES ============== @settings.route("/settings/", methods=['GET']) +@login_required def settings_page(): git_metadata = get_git_metadata() current_version = r_serv_db.get('ail:version') @@ -85,6 +87,7 @@ def settings_page(): @settings.route("/settings/get_background_update_stats_json", methods=['GET']) +@login_required def get_background_update_stats_json(): # handle :end, error update_stats = {} diff --git a/var/www/modules/showpaste/Flask_showpaste.py b/var/www/modules/showpaste/Flask_showpaste.py index 474280b5..c73d93c8 100644 --- a/var/www/modules/showpaste/Flask_showpaste.py +++ b/var/www/modules/showpaste/Flask_showpaste.py @@ -9,6 +9,8 @@ import json import os import flask from flask import Flask, render_template, jsonify, request, Blueprint, make_response, Response, send_from_directory, redirect, url_for +from flask_login import login_required + import difflib import ssdeep @@ -378,16 +380,19 @@ def show_item_min(requested_path , content_range=0): # ============ ROUTES ============ @showsavedpastes.route("/showsavedpaste/") #completely shows the paste in a new tab +@login_required def showsavedpaste(): requested_path = request.args.get('paste', '') return showpaste(0, requested_path) @showsavedpastes.route("/showsaveditem_min/") #completely shows the paste in a new tab +@login_required def showsaveditem_min(): requested_path = request.args.get('paste', '') return show_item_min(requested_path) @showsavedpastes.route("/showsavedrawpaste/") #shows raw +@login_required def showsavedrawpaste(): requested_path = request.args.get('paste', '') paste = Paste.Paste(requested_path) @@ -395,6 +400,7 @@ def showsavedrawpaste(): return Response(content, mimetype='text/plain') @showsavedpastes.route("/showpreviewpaste/") +@login_required def showpreviewpaste(): num = request.args.get('num', '') requested_path = request.args.get('paste', '') @@ -402,6 +408,7 @@ def showpreviewpaste(): @showsavedpastes.route("/getmoredata/") +@login_required def getmoredata(): requested_path = request.args.get('paste', '') paste = Paste.Paste(requested_path) @@ -410,6 +417,7 @@ def getmoredata(): return to_return @showsavedpastes.route("/showDiff/") +@login_required def showDiff(): s1 = request.args.get('s1', '') s2 = request.args.get('s2', '') @@ -426,10 +434,12 @@ def showDiff(): return the_html @showsavedpastes.route('/screenshot/') +@login_required def screenshot(filename): return send_from_directory(SCREENSHOT_FOLDER, filename+'.png', as_attachment=True) @showsavedpastes.route('/send_file_to_vt/', methods=['POST']) +@login_required def send_file_to_vt(): b64_path = request.form['b64_path'] paste = request.form['paste'] diff --git a/var/www/modules/terms/Flask_terms.py b/var/www/modules/terms/Flask_terms.py index 1fb83bcb..fd42ec4d 100644 --- a/var/www/modules/terms/Flask_terms.py +++ b/var/www/modules/terms/Flask_terms.py @@ -11,6 +11,8 @@ import datetime import calendar import flask from flask import Flask, render_template, jsonify, request, Blueprint, url_for, redirect +from flask_login import login_required + import re import Paste from pprint import pprint @@ -143,6 +145,7 @@ def save_tag_to_auto_push(list_tag): # ============ ROUTES ============ @terms.route("/terms_management/") +@login_required def terms_management(): per_paste = request.args.get('per_paste') if per_paste == "1" or per_paste is None: @@ -261,6 +264,7 @@ def terms_management(): @terms.route("/terms_management_query_paste/") +@login_required def terms_management_query_paste(): term = request.args.get('term') paste_info = [] @@ -293,6 +297,7 @@ def terms_management_query_paste(): @terms.route("/terms_management_query/") +@login_required def terms_management_query(): TrackedTermsDate_Name = "TrackedTermDate" BlackListTermsDate_Name = "BlackListTermDate" @@ -315,6 +320,7 @@ def terms_management_query(): @terms.route("/terms_management_action/", methods=['GET']) +@login_required def terms_management_action(): today = datetime.datetime.now() today = today.replace(microsecond=0) @@ -440,6 +446,7 @@ def terms_management_action(): return jsonify(to_return) @terms.route("/terms_management/delete_terms_tags", methods=['POST']) +@login_required def delete_terms_tags(): term = request.form.get('term') tags_to_delete = request.form.getlist('tags_to_delete') @@ -452,6 +459,7 @@ def delete_terms_tags(): return 'None args', 400 @terms.route("/terms_management/delete_terms_email", methods=['GET']) +@login_required def delete_terms_email(): term = request.args.get('term') email = request.args.get('email') @@ -464,6 +472,7 @@ def delete_terms_email(): @terms.route("/terms_plot_tool/") +@login_required def terms_plot_tool(): term = request.args.get('term') if term is not None: @@ -473,6 +482,7 @@ def terms_plot_tool(): @terms.route("/terms_plot_tool_data/") +@login_required def terms_plot_tool_data(): oneDay = 60*60*24 range_start = datetime.datetime.utcfromtimestamp(int(float(request.args.get('range_start')))) if request.args.get('range_start') is not None else 0; @@ -503,6 +513,7 @@ def terms_plot_tool_data(): @terms.route("/terms_plot_top/") +@login_required def terms_plot_top(): per_paste = request.args.get('per_paste') per_paste = per_paste if per_paste is not None else 1 @@ -510,6 +521,7 @@ def terms_plot_top(): @terms.route("/terms_plot_top_data/") +@login_required def terms_plot_top_data(): oneDay = 60*60*24 today = datetime.datetime.now() @@ -556,10 +568,12 @@ def terms_plot_top_data(): @terms.route("/credentials_tracker/") +@login_required def credentials_tracker(): return render_template("credentials_tracker.html") @terms.route("/credentials_management_query_paste/", methods=['GET', 'POST']) +@login_required def credentials_management_query_paste(): cred = request.args.get('cred') allPath = request.json['allPath'] @@ -583,6 +597,7 @@ def credentials_management_query_paste(): return jsonify(paste_info) @terms.route("/credentials_management_action/", methods=['GET']) +@login_required def cred_management_action(): supplied = request.args.get('term') diff --git a/var/www/modules/trendingcharts/Flask_trendingcharts.py b/var/www/modules/trendingcharts/Flask_trendingcharts.py index ad2e5b76..bad6a353 100644 --- a/var/www/modules/trendingcharts/Flask_trendingcharts.py +++ b/var/www/modules/trendingcharts/Flask_trendingcharts.py @@ -9,6 +9,7 @@ import datetime from Date import Date import flask from flask import Flask, render_template, jsonify, request, Blueprint +from flask_login import login_required # ============ VARIABLES ============ import Flask_config @@ -36,6 +37,7 @@ def get_date_range(num_day): # ============ ROUTES ============ @trendings.route("/_progressionCharts", methods=['GET']) +@login_required def progressionCharts(): attribute_name = request.args.get('attributeName') trending_name = request.args.get('trendingName') @@ -61,18 +63,21 @@ def progressionCharts(): return jsonify(keyw_value) @trendings.route("/wordstrending/") +@login_required def wordstrending(): default_display = cfg.get("Flask", "default_display") return render_template("Wordstrending.html", default_display = default_display) @trendings.route("/protocolstrending/") +@login_required def protocolstrending(): default_display = cfg.get("Flask", "default_display") return render_template("Protocolstrending.html", default_display = default_display) @trendings.route("/trending/") +@login_required def trending(): default_display = cfg.get("Flask", "default_display") return render_template("Trending.html", default_display = default_display) diff --git a/var/www/modules/trendingmodules/Flask_trendingmodules.py b/var/www/modules/trendingmodules/Flask_trendingmodules.py index aeec0eb9..a53066b9 100644 --- a/var/www/modules/trendingmodules/Flask_trendingmodules.py +++ b/var/www/modules/trendingmodules/Flask_trendingmodules.py @@ -9,6 +9,7 @@ import datetime from Date import Date import flask from flask import Flask, render_template, jsonify, request, Blueprint +from flask_login import login_required # ============ VARIABLES ============ import Flask_config @@ -49,6 +50,7 @@ def get_date_range(num_day): # ============ ROUTES ============ @trendingmodules.route("/_moduleCharts", methods=['GET']) +@login_required def modulesCharts(): keyword_name = request.args.get('keywordName') module_name = request.args.get('moduleName') @@ -75,6 +77,7 @@ def modulesCharts(): @trendingmodules.route("/_providersChart", methods=['GET']) +@login_required def providersChart(): keyword_name = request.args.get('keywordName') module_name = request.args.get('moduleName') @@ -121,6 +124,7 @@ def providersChart(): @trendingmodules.route("/moduletrending/") +@login_required def moduletrending(): return render_template("Moduletrending.html") diff --git a/var/www/templates/login.html b/var/www/templates/login.html new file mode 100644 index 00000000..2e413435 --- /dev/null +++ b/var/www/templates/login.html @@ -0,0 +1,81 @@ + + + + + + AIL-Framework + + + + + + + + + + + + + + + + + + + + +