niederwerfee/OTPSystem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b69170a200
OTPSystem/codelistener.py
Evan N b69170a200 release first implementation
2025-02-22 20:09:07 -06:00

194 lines
8.1 KiB
Python
Raw Blame History

from http.server import BaseHTTPRequestHandler, HTTPServer, SimpleHTTPRequestHandler
from socket import *
from sendmail import mail
from verification import otp
from db import *
from accounts import *
from urllib.parse import urlparse, parse_qs
import os.path
import ssl
import re
class MyRequestHandler(SimpleHTTPRequestHandler):
base_path = "/home/arcodeskel/Desktop/Verification Platt Discord/"
def log_message(self, format, *args):
return
def do_GET(self):
requested_path = os.path.join(self.base_path, "pages", "index.html")
if not os.path.abspath(requested_path).startswith(os.path.abspath(self.base_path)):
self.send_response(403)
self.end_headers()
self.wfile.write(b"Forbidden")
return
try:
with open(requested_path, 'r') as file:
file_to_open = file.read()
self.send_response(200)
except:
file_to_open = "File Not Found"
self.send_response(404)
self.end_headers()
self.wfile.write(bytes(file_to_open, 'utf-8'))
def do_POST(self):
# getting the content length from the header information and then rfile is the POST request, with content_length being the number of bytes it needs to grab (optional for if you want to grab less bytes for whatever reason)
content_length = int(self.headers['Content-Length'])
data_input = bytes.decode(self.rfile.read(content_length))
parsed_data = parse_qs(data_input)
if (data_input.startswith("email=")):
email = parsed_data.get('email', [None])[0] # defaults to none if email is not found
requested_path = os.path.join(self.base_path, "pages", "exists.html")
if (db.account_exists(email)):
with open(requested_path, 'r') as file:
file_to_open = file.read()
self.send_response(200)
self.end_headers()
self.wfile.write(bytes(file_to_open, 'utf-8'))
return
password = parsed_data.get('passwd', [None])[0]
code = mail.gen_code()
emailRegex = r'^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}$'
passwordRegex = r'^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$'
if (email != None and password != None and str(email).endswith("@uwplatt.edu") and re.match(emailRegex, email) and re.match(passwordRegex, password)):
db.add_session(email, password, code)
if (mail.send(email, code) == False):
requested_path = os.path.join(self.base_path, "pages", "fail.html")
with open(requested_path, 'r') as file:
file_to_open = file.read()
self.send_response(200)
self.end_headers()
self.wfile.write(bytes(file_to_open, 'utf-8'))
else:
requested_path = os.path.join(self.base_path, "pages", "fail.html")
with open(requested_path, 'r') as file:
file_to_open = file.read()
self.send_response(200)
self.end_headers()
self.wfile.write(bytes(file_to_open, 'utf-8'))
return
requested_path = os.path.join(self.base_path, "pages", "otp.html")
if not os.path.abspath(requested_path).startswith(os.path.abspath(self.base_path)):
self.send_response(403)
self.end_headers()
self.wfile.write(b"Forbidden")
return
try:
with open(requested_path, 'r') as file:
file_to_open = file.read()
if email:
file_to_open = file_to_open.replace('<!-- PREFILL_EMAIL -->', email) # Replace a placeholder in the HTML
self.send_response(200)
except:
file_to_open = "File Not Found"
self.send_response(404)
self.end_headers()
self.wfile.write(bytes(file_to_open, 'utf-8'))
if (data_input.startswith("verifEmail=")):
email = parsed_data.get('verifEmail', [None])[0] # defaults to none if email is not found
otp_code = parsed_data.get('verifOtp', [None])[0]
if (db.get_session(email) is not None or False):
if (otp.authenticate_otp(email, otp_code)):
if (accounts.register(email, db.get_session_passwd(email))):
db.del_session(email)
requested_path = os.path.join(self.base_path, "pages", "success.html")
if not os.path.abspath(requested_path).startswith(os.path.abspath(self.base_path)):
self.send_response(403)
self.end_headers()
self.wfile.write(b"Forbidden")
return
try:
with open(requested_path, 'r') as file:
file_to_open = file.read()
self.send_response(200)
except:
file_to_open = "File Not Found"
self.send_response(404)
self.end_headers()
self.wfile.write(bytes(file_to_open, 'utf-8'))
else:
print("error handling")
else:
db.del_session(email)
requested_path = os.path.join(self.base_path, "pages", "fail.html")
if not os.path.abspath(requested_path).startswith(os.path.abspath(self.base_path)):
self.send_response(403)
self.end_headers()
self.wfile.write(b"Forbidden")
return
try:
with open(requested_path, 'r') as file:
file_to_open = file.read()
self.send_response(200)
except:
file_to_open = "File Not Found"
self.send_response(404)
self.end_headers()
self.wfile.write(bytes(file_to_open, 'utf-8'))
else:
db.del_session(email)
requested_path = os.path.join(self.base_path, "pages", "fail.html")
if not os.path.abspath(requested_path).startswith(os.path.abspath(self.base_path)):
self.send_response(403)
self.end_headers()
self.wfile.write(b"Forbidden")
return
try:
with open(requested_path, 'r') as file:
file_to_open = file.read()
self.send_response(200)
except:
file_to_open = "File Not Found"
self.send_response(404)
self.end_headers()
self.wfile.write(bytes(file_to_open, 'utf-8'))
if (db.init()):
pass
else:
print("Db did not return True. Something went very wrong!")
Handler = MyRequestHandler
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
context.load_cert_chain(certfile='./certs/cert.pem', keyfile='./certs/key.pem')
context.check_hostname = False
with HTTPServer(("0.0.0.0", 4443), MyRequestHandler) as httpd:
#httpd.socket = context.wrap_socket(httpd.socket, server_side=True)
httpd.serve_forever()
Reference in New Issue View Git Blame Copy Permalink