From b3e876bd4c99c02ddf65f7cb658b0e4335b6d302 Mon Sep 17 00:00:00 2001
From: klein panic <kleinpanice@proton.me>
Date: Tue, 1 Oct 2024 16:09:46 -0400
Subject: [PATCH] login added

---
 server/__pycache__/security.cpython-311.pyc | Bin 0 -> 2003 bytes
 server/app.py                               |  53 ++++++++++++++++----
 server/security.py                          |  33 ++++++++++++
 3 files changed, 75 insertions(+), 11 deletions(-)
 create mode 100644 server/__pycache__/security.cpython-311.pyc
 create mode 100644 server/security.py

diff --git a/server/__pycache__/security.cpython-311.pyc b/server/__pycache__/security.cpython-311.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..56ddc2b139a997cf02188a67f359e19b672c12f1
GIT binary patch
literal 2003
zcmZ3^%ge>Uz`(FH>`&T476yjLAPx+(LK&ag7#SF*Go&!2Fy=7iGDa~ng4j$sOi@fJ
z3@J=G%u&ot45`dnEKv0fDa;FCdSOCfdKm))!)h=KL@Z-uU|7uvVuA1iHV}!9QFWl%
z!a^HcQds9OMX{%_wJ=0+q_DRzL~*8Yv@k?*r7#6EXmY*;IZ>1G7JE@@VQFe{iQg^$
z%z}*kywv!D#Ny)e{Gyaw{5gpQCHVz#0Zpb`+)y>8#i>QNxS{eOPBIh7JSYYQATt94
z!{>Djpa3s{2Mz;67MxwfxByuXR4W4mYEYpCF3424N*DuGM=etc2TX>60ejHaFrb=S
z!;}qnOE7~bqn{?*E%uDW;*6Zkq+4vo8Hq-wX1CZ<^OEyZQg3l)q*kP4rl%H{+~N%l
zb`6SmaSU;EatwC8#hjj6qRD)V0~8o}iMgq_I1u3oGA%U)9*)HzUnnRj{BqXM$j?pH
z&(2BB%+m*%A0Dh9P+5|ZpJ%KO325D%%)HVH-IAijyyCRfBK_jjqB1a*Tw0V_QmI!^
zd5gC!F()%6u_QGfWOb1+0|Nsu0|P^`0|Ns?1H)Z0*(rGoB9_N5iod98c16|fqL}#=
zG4tzUj+ew7FN!%|5p!<vzsoIgom=J-x6F))i`;5gxYbtZU*fjBz+(9s6p+av0)|2P
z0p$G8D<Dw|6K6n<TI>;<!kEIejER9^H8`k28fzI!Kok^bfy@Q7YZyv6!3;2w1+o*&
zLXBt?HSk=AswRbb4ofhDCW~JcS7>o+k*;HUYF^1L_RzfSy!`S!O_p0snFY7FKmiw@
z2$o{bEKa<|lwYjLUIcQ^E%uDm#FW&c;vzl<28LVQMX9;@C8_a=DJey_I0|wSOVaX-
za&NKcCMIWO=B3_ZE3PaqNzK({ERq040Vu626bXTJ@~5Yk#HXZ|WhSS_XXd5l7b!3>
zFo0x=Js|NUC^1F;x}eG>L6rqD8!Rsh+FlW~ZSZ=^CwhfX@rIbfU4HQ^{PGw16|e9s
z-sKbP$-l@ae}zx}11BpF+Xn^+!OB)7!oa|Q5?|~L3=ANTd~Sop7syHAutd*jwG1hY
zH4G_Cl2BO&hBAgCo)qR9h7=Zr*ldOr*162V3@L0i3@Pj=;v6*$DV!)GTv+t72Qz4L
z``u#83;>li;9#nf2rbCTPfSToQAny(fJi84cm`N06p1r1F#KZFtl~jdQ3SH&7o$Rv
z6axc86&pmUCL=gRH5qSlBZYD?$h*)O5X?+T%`3@FtBfy&SXWe}#=yWJ1B$2=NE`?$
zUKCQkBBb2leS@8Ug7u7=E5bS#*g@z9zugM$4JlW&tS|7}K@o@D1O9{=*(+49$QfMV
zPq@IJu)%sq$rWQ42<L?Ng@~9dKCuuUh~!8B$B!oWE!MQ0#Nupl3M-OjU|=W$CHEpw
z4OYYr;_`q9P%Z{%XRyz}j$O$BHUXTZesS33=BJeAq}ml}GB7ZJd|G^%fq~%zGb1D8
z0|v<psOSa*e*+laVBl*2!w(z`B1#j?r`TOkGQO^4bxFzUqLR%OC7X-FwpWC0uM4|h
z5_Z2R?0H4l^M<e@QR+UhG7B<&U|<$xYT*6A!^CLyfdNi%u`{xLV1N@Mtc;0_9~iKc
HU{3-7V9~Yk

literal 0
HcmV?d00001

diff --git a/server/app.py b/server/app.py
index 97116df..3111bb1 100644
--- a/server/app.py
+++ b/server/app.py
@@ -1,9 +1,11 @@
 # server/app.py
-from flask import Flask, request, jsonify, render_template, redirect, url_for, send_from_directory
+from flask import Flask, request, jsonify, render_template, redirect, url_for, session
 from flask_talisman import Talisman
 import os
+from security import validate_user, identify_uploader
 
 app = Flask(__name__, template_folder='../templates')
+app.secret_key = 'super_secret_key'  # Change this to a more secure key for production
 Talisman(app)
 
 RECEIVED_FILES_DIR = "../assets"
@@ -16,33 +18,58 @@ uploaded_images = []
 
 @app.route('/')
 def index():
+    if 'username' not in session:
+        return redirect(url_for('login'))
     return render_template("index.html")
 
+@app.route('/login', methods=['GET', 'POST'])
+def login():
+    if request.method == 'POST':
+        username = request.form['username']
+        password = request.form['password']
+        if validate_user(username, password):
+            session['username'] = username
+            return redirect(url_for('index'))
+        else:
+            return "Invalid credentials. Please try again.", 403
+    return render_template("login.html")
+
+@app.route('/logout')
+def logout():
+    session.pop('username', None)
+    return redirect(url_for('login'))
+
 @app.route('/upload/link', methods=['POST'])
 def upload_link():
+    if 'username' not in session:
+        return redirect(url_for('login'))
+
     data = request.form
-    if 'link' not in data or 'uploader' not in data:
-        return jsonify({"error": "Link and uploader's name are required"}), 400
+    if 'link' not in data:
+        return jsonify({"error": "No link provided"}), 400
     
-    link_info = {'link': data['link'], 'uploader': data['uploader']}
+    uploader = identify_uploader()
+    link_info = {'link': data['link'], 'uploader': uploader}
     uploaded_links.append(link_info)
     
     with open(os.path.join(RECEIVED_FILES_DIR, "links.txt"), "a") as f:
-        f.write(f"{data['uploader']}: {data['link']}\n")
+        f.write(f"{uploader}: {data['link']}\n")
 
     return redirect(url_for('index'))
 
 @app.route('/upload/image', methods=['POST'])
 def upload_image():
-    if 'file' not in request.files or 'uploader' not in request.form:
-        return jsonify({"error": "File and uploader's name are required"}), 400
+    if 'username' not in session:
+        return redirect(url_for('login'))
+
+    if 'file' not in request.files:
+        return jsonify({"error": "No file provided"}), 400
 
     file = request.files['file']
-    uploader = request.form['uploader']
-    
     if file.filename == '':
         return jsonify({"error": "No selected file"}), 400
 
+    uploader = identify_uploader()
     save_path = os.path.join(RECEIVED_FILES_DIR, file.filename)
     file.save(save_path)
     
@@ -52,6 +79,9 @@ def upload_image():
 
 @app.route('/uploads')
 def view_uploads():
+    if 'username' not in session:
+        return redirect(url_for('login'))
+
     return render_template("uploads.html", links=uploaded_links, images=uploaded_images)
 
 @app.route('/assets/<filename>')
@@ -60,11 +90,13 @@ def get_image(filename):
 
 @app.route('/rename/<filename>', methods=['POST'])
 def rename_file(filename):
+    if 'username' not in session:
+        return redirect(url_for('login'))
+
     new_name = request.form.get('new_name')
     if new_name and os.path.exists(os.path.join(RECEIVED_FILES_DIR, filename)):
         os.rename(os.path.join(RECEIVED_FILES_DIR, filename), os.path.join(RECEIVED_FILES_DIR, new_name))
         
-        # Update internal records
         for image in uploaded_images:
             if image['filename'] == filename:
                 image['filename'] = new_name
@@ -75,4 +107,3 @@ def rename_file(filename):
 
 if __name__ == '__main__':
     app.run(host='0.0.0.0', port=5000, ssl_context='adhoc')
-
diff --git a/server/security.py b/server/security.py
new file mode 100644
index 0000000..fa55ab9
--- /dev/null
+++ b/server/security.py
@@ -0,0 +1,33 @@
+# server/security.py
+from flask import request
+import platform
+import hashlib
+
+# Mock user database (username: password) - replace with a real database
+USER_DATABASE = {
+    "iphone_user": hashlib.sha256("iphone_password".encode()).hexdigest(),
+    "laptop_user": hashlib.sha256("laptop_password".encode()).hexdigest(),
+}
+
+# Function to validate user credentials
+def validate_user(username, password):
+    hashed_password = hashlib.sha256(password.encode()).hexdigest()
+    return USER_DATABASE.get(username) == hashed_password
+
+# Function to extract device information
+def get_device_info():
+    user_agent = request.headers.get('User-Agent', 'Unknown')
+    return {
+        "ip": request.remote_addr,
+        "user_agent": user_agent,
+        "isa": platform.machine(),  # Get system architecture
+        "os": platform.system(),    # Get OS
+    }
+
+# Function to identify the uploader based on device info
+def identify_uploader():
+    device_info = get_device_info()
+    if "iPhone" in device_info['user_agent']:
+        return f"Uploaded by iPhone (IP: {device_info['ip']})"
+    else:
+        return f"Uploaded by {device_info['isa']} {device_info['os']} (IP: {device_info['ip']})"