from http.server import BaseHTTPRequestHandler, HTTPServer, SimpleHTTPRequestHandler from socket import * from sendmail import mail from verification import otp from db import * from accounts import * from urllib.parse import urlparse, parse_qs import os.path import ssl import re class MyRequestHandler(SimpleHTTPRequestHandler): base_path = "/home/arcodeskel/Desktop/Verification Platt Discord/" def log_message(self, format, *args): return def do_GET(self): requested_path = os.path.join(self.base_path, "pages", "index.html") if not os.path.abspath(requested_path).startswith(os.path.abspath(self.base_path)): self.send_response(403) self.end_headers() self.wfile.write(b"Forbidden") return try: with open(requested_path, 'r') as file: file_to_open = file.read() self.send_response(200) except: file_to_open = "File Not Found" self.send_response(404) self.end_headers() self.wfile.write(bytes(file_to_open, 'utf-8')) def do_POST(self): # getting the content length from the header information and then rfile is the POST request, with content_length being the number of bytes it needs to grab (optional for if you want to grab less bytes for whatever reason) content_length = int(self.headers['Content-Length']) data_input = bytes.decode(self.rfile.read(content_length)) parsed_data = parse_qs(data_input) if (data_input.startswith("email=")): email = parsed_data.get('email', [None])[0] # defaults to none if email is not found requested_path = os.path.join(self.base_path, "pages", "exists.html") if (db.account_exists(email)): with open(requested_path, 'r') as file: file_to_open = file.read() self.send_response(200) self.end_headers() self.wfile.write(bytes(file_to_open, 'utf-8')) return password = parsed_data.get('passwd', [None])[0] code = mail.gen_code() emailRegex = r'^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}$' passwordRegex = r'^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$' if (email != None and password != None and str(email).endswith("@uwplatt.edu") and re.match(emailRegex, email) and re.match(passwordRegex, password)): db.add_session(email, password, code) if (mail.send(email, code) == False): requested_path = os.path.join(self.base_path, "pages", "fail.html") with open(requested_path, 'r') as file: file_to_open = file.read() self.send_response(200) self.end_headers() self.wfile.write(bytes(file_to_open, 'utf-8')) else: requested_path = os.path.join(self.base_path, "pages", "fail.html") with open(requested_path, 'r') as file: file_to_open = file.read() self.send_response(200) self.end_headers() self.wfile.write(bytes(file_to_open, 'utf-8')) return requested_path = os.path.join(self.base_path, "pages", "otp.html") if not os.path.abspath(requested_path).startswith(os.path.abspath(self.base_path)): self.send_response(403) self.end_headers() self.wfile.write(b"Forbidden") return try: with open(requested_path, 'r') as file: file_to_open = file.read() if email: file_to_open = file_to_open.replace('', email) # Replace a placeholder in the HTML self.send_response(200) except: file_to_open = "File Not Found" self.send_response(404) self.end_headers() self.wfile.write(bytes(file_to_open, 'utf-8')) if (data_input.startswith("verifEmail=")): email = parsed_data.get('verifEmail', [None])[0] # defaults to none if email is not found otp_code = parsed_data.get('verifOtp', [None])[0] if (db.get_session(email) is not None or False): if (otp.authenticate_otp(email, otp_code)): if (accounts.register(email, db.get_session_passwd(email))): db.del_session(email) requested_path = os.path.join(self.base_path, "pages", "success.html") if not os.path.abspath(requested_path).startswith(os.path.abspath(self.base_path)): self.send_response(403) self.end_headers() self.wfile.write(b"Forbidden") return try: with open(requested_path, 'r') as file: file_to_open = file.read() self.send_response(200) except: file_to_open = "File Not Found" self.send_response(404) self.end_headers() self.wfile.write(bytes(file_to_open, 'utf-8')) else: print("error handling") else: db.del_session(email) requested_path = os.path.join(self.base_path, "pages", "fail.html") if not os.path.abspath(requested_path).startswith(os.path.abspath(self.base_path)): self.send_response(403) self.end_headers() self.wfile.write(b"Forbidden") return try: with open(requested_path, 'r') as file: file_to_open = file.read() self.send_response(200) except: file_to_open = "File Not Found" self.send_response(404) self.end_headers() self.wfile.write(bytes(file_to_open, 'utf-8')) else: db.del_session(email) requested_path = os.path.join(self.base_path, "pages", "fail.html") if not os.path.abspath(requested_path).startswith(os.path.abspath(self.base_path)): self.send_response(403) self.end_headers() self.wfile.write(b"Forbidden") return try: with open(requested_path, 'r') as file: file_to_open = file.read() self.send_response(200) except: file_to_open = "File Not Found" self.send_response(404) self.end_headers() self.wfile.write(bytes(file_to_open, 'utf-8')) if (db.init()): pass else: print("Db did not return True. Something went very wrong!") Handler = MyRequestHandler context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) context.load_cert_chain(certfile='./certs/cert.pem', keyfile='./certs/key.pem') context.check_hostname = False with HTTPServer(("0.0.0.0", 4443), MyRequestHandler) as httpd: #httpd.socket = context.wrap_socket(httpd.socket, server_side=True) httpd.serve_forever()