hipstercat
/
lis67-support-app
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
lis67-support-app/webapp/web.py

128 lines
4.1 KiB
Python
Raw Blame History

from flask import Flask, request, abort, jsonify
from flask_sqlalchemy import SQLAlchemy
import subprocess
import random
import os
SUPPORT_KEY = "x2Dmw3hLRDPQa1sg59fAx2Dmw3hLRDPQa1sg59fA"
PUBKEYS = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDh5X1s237dOa7lKXMy7cgVDsSL8fR3yuhIAM+Az0p8qQ/lSAGdzH1EXEupmX69g6NAwblsFoVByoO9X7boVZZXlaimPitosOcQNHABxILk4qel38+TxbAZ7i13448cwD3dSH5J13llQUvmfjHx7AfTH8y+/3q8Pf4+w/o1wXhqIm26XfNvUefeymUukdXmDA/+MhvE5zdU3sda8K4iCjLQexVv4n3CI+Y6FPLi2yKBht5RnWYAvjAY4frup1lPEeVk6uq4EZdbjUvaPfDVZx50r9tSDHLXr6epYKh8JDEATcVRuhQv56Ya0AOCptdxgctf+2bls9XX3dZgwEhWT+rOJuQywDx8POpErCfzoAkn4nt/skgd+49R/DA087EDwb9DHgCp0OyRdB9EGndp/3/MNetKBwUcJccr2NgBQABQUzfxQvkgYu7dmHJHq0hwDtI4/Yw/1a4IIDVXdBYbfWkoJpiOy2jS9Nfb38EoWo2n0g1qx3qofA9UuJFdPg8JS9U+AcWNzoqkZGGrEqwhpwBq5SVypZFrZTtnJGJSc581tsyDQKnKdzacpzdhnyUil3CqTmekqwuKgV0tWGNfLpolm+EayGeoPGJ3apRlyxHTSgjVSnjeIFJ1cfrHxbhdbrPQpIAqu8L+IkcPtdkG25QsDXizKt8zERFVcyrvKn1yxw== jean@toulza.fr"
]
app = Flask(__name__)
app.config['SECRET_KEY'] = '9OLWxND4o83j4K4iuopO'
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///db.sqlite'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
db = SQLAlchemy(app)
@app.route('/request', methods=["POST"])
def request_post():
j = request.json
if not j or j["key"] != SUPPORT_KEY:
abort(403)
if "pubKey" in j and "nom" in j and "prenom" in j and len(j["nom"]) > 3 and len(j["prenom"]) > 3:
nom = j["nom"]
prenom = j["prenom"]
pubkey = j["pubKey"]
ip = request.remote_addr
localuser, randomport = create_user(nom, prenom, pubkey)
print("IP: %s, localuser=%s randomport=%s" % (ip, localuser, randomport))
return jsonify({"status": "ok", "pubkeys": "\n".join(PUBKEYS), "remoteport": randomport, "remoteuser": localuser})
else:
abort(403)
@app.route('/end', methods=["DELETE"])
def end_delete():
j = request.json
if not j or j["key"] != SUPPORT_KEY:
print("no json or support key")
print(request.data)
print(request.form)
abort(403)
if "pubKey" in j:
localuser = find_localuser_by_pubkey(j["pubKey"])
if localuser:
delete_localuser(localuser)
print("deleted %s" % localuser)
return jsonify({"status": "ok"})
else:
print("no pubkey")
abort(403)
def find_localuser_by_pubkey(pubkey):
for user in get_localusers():
if os.path.exists("/home/%s/.ssh/authorized_keys" % user):
with open("/home/%s/.ssh/authorized_keys" % user) as fp:
content = fp.read()
if pubkey in content:
return user
return None
def exec_cmd(cmd):
p = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
retcode = p.wait()
stdout, stderr = p.communicate()
stdout = stdout.decode("utf8").strip()
return retcode, stdout
def get_localusers():
retcode, out = exec_cmd("awk -F: '{ print $1 }' /etc/passwd")
users = out.split("\n")
return users
def localuser_exists(username):
return username in get_localusers()
def create_user(nom, prenom, pubkey):
username = (nom[0:3] + prenom[0:3]).lower()
while localuser_exists(username):
username = username + str(random.randint(1, 99))
print("Creating user %s..." % username)
retcode, out = exec_cmd("adduser \
--system \
--shell /bin/false \
--gecos 'LIS67 user account for %s %s' \
--group \
--disabled-password \
--home /home/%s \
%s" % (nom, prenom, username, username))
if retcode != 0:
abort(500)
try:
os.mkdir("/home/%s/.ssh" % username)
except:
pass
with open("/home/%s/.ssh/authorized_keys" % username, "w") as fp:
fp.write(pubkey)
random_port = find_localport()
return username, random_port
def find_localport():
retcode, out = exec_cmd("python -c 'import socket; s=socket.socket(); s.bind((\"\", 0)); print(s.getsockname()[1]); s.close()'")
return int(out)
def delete_localuser(username):
exec_cmd("userdel -r -f %s" % username)
if __name__ == "__main__":
db.create_all()
app.run(host="0.0.0.0")
Reference in New Issue View Git Blame Copy Permalink