2012-02-28 21:40:55 +00:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
|
|
|
|
|
import string
|
|
|
|
|
import random
|
|
|
|
|
import web
|
|
|
|
|
from web import form
|
2012-03-13 02:16:02 +00:00
|
|
|
from urllib import urlopen
|
|
|
|
|
from urlparse import urlparse
|
|
|
|
|
from contextlib import closing
|
|
|
|
|
|
2012-02-28 21:40:55 +00:00
|
|
|
|
|
|
|
|
db = web.database(dbn='mysql', user='mysecrets', pw='horsebatteries',
|
2012-03-12 16:57:09 +00:00
|
|
|
db='mysecrets')
|
|
|
|
|
|
2012-02-28 21:40:55 +00:00
|
|
|
urls = (
|
2012-03-12 16:57:09 +00:00
|
|
|
'/secret/api/(.*)', 'api',
|
|
|
|
|
'/secret/(.*)', 'index'
|
2012-02-28 21:40:55 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
app = web.application(urls, globals())
|
|
|
|
|
|
|
|
|
|
render = web.template.render('templates/')
|
|
|
|
|
|
|
|
|
|
create = form.Form(
|
2012-03-12 16:57:09 +00:00
|
|
|
form.Textbox('base_url', description="domain"),
|
|
|
|
|
form.Textbox('username'),
|
|
|
|
|
form.Password('password'),
|
2012-02-28 21:40:55 +00:00
|
|
|
)
|
|
|
|
|
|
2012-03-13 02:16:02 +00:00
|
|
|
def get_domain(base_url):
|
|
|
|
|
with closing(urlopen('https://mxr.mozilla.org/mozilla/source/netwerk/dns/src/effective_tld_names.dat?raw=1')) as tldFile:
|
|
|
|
|
tlds = [line.strip() for line in tldFile if line[0] not in "/\n"]
|
|
|
|
|
|
|
|
|
|
urlElements = base_url.split('.')
|
|
|
|
|
|
|
|
|
|
for i in range(-len(urlElements),0):
|
|
|
|
|
lastIElements = urlElements[i:]
|
|
|
|
|
# i=-3: ["abcde","co","uk"]
|
|
|
|
|
# i=-2: ["co","uk"]
|
|
|
|
|
# i=-1: ["uk"] etc
|
|
|
|
|
|
|
|
|
|
candidate = ".".join(lastIElements) # abcde.co.uk, co.uk, uk
|
|
|
|
|
wildcardCandidate = ".".join(["*"]+lastIElements[1:]) # *.co.uk, *.uk, *
|
|
|
|
|
exceptionCandidate = "!"+candidate
|
|
|
|
|
|
|
|
|
|
if (exceptionCandidate in tlds):
|
|
|
|
|
return ".".join(urlElements[i:])
|
|
|
|
|
if (candidate in tlds or wildcardCandidate in tlds):
|
|
|
|
|
return ".".join(urlElements[i-1:])
|
|
|
|
|
|
|
|
|
|
return base_url
|
|
|
|
|
|
|
|
|
|
|
2012-02-28 21:40:55 +00:00
|
|
|
def mkpass(size=10):
|
2012-03-12 16:57:09 +00:00
|
|
|
validChars = string.ascii_letters + string.digits
|
|
|
|
|
validChars = validChars.strip("oO01l")
|
2012-02-28 21:40:55 +00:00
|
|
|
|
2012-03-12 16:57:09 +00:00
|
|
|
return string.join([random.choice(validChars) for x in range(size)],"")
|
2012-02-28 21:40:55 +00:00
|
|
|
|
2012-03-13 02:16:02 +00:00
|
|
|
def get_pair_from_url(domain):
|
|
|
|
|
return db.select('passwords', where='base_url LIKE "%'+domain+'%"', order='id DESC')
|
2012-02-28 21:40:55 +00:00
|
|
|
|
2012-03-13 02:16:02 +00:00
|
|
|
def get_generated_from_url(domain):
|
|
|
|
|
gen = db.select('generated', where='base_url LIKE "%'+domain+'%"', order='id DESC')
|
2012-02-28 21:40:55 +00:00
|
|
|
|
2012-03-12 16:57:09 +00:00
|
|
|
while not len(gen) > 0:
|
2012-03-13 02:16:02 +00:00
|
|
|
db.insert('generated', base_url = domain, password = mkpass())
|
|
|
|
|
gen = db.select('generated', where='base_url LIKE "%'+domain+'%"')
|
2012-02-28 21:40:55 +00:00
|
|
|
|
2012-03-12 16:57:09 +00:00
|
|
|
return gen
|
2012-02-28 21:40:55 +00:00
|
|
|
|
|
|
|
|
|
2012-03-12 16:57:09 +00:00
|
|
|
class index:
|
|
|
|
|
def GET(self, method):
|
2012-02-28 21:40:55 +00:00
|
|
|
|
2012-03-12 16:57:09 +00:00
|
|
|
if method == 'new':
|
2012-02-28 21:40:55 +00:00
|
|
|
|
2012-03-12 16:57:09 +00:00
|
|
|
i = web.input()
|
2012-02-28 21:40:55 +00:00
|
|
|
|
2012-03-12 16:57:09 +00:00
|
|
|
f = create()
|
2012-02-28 21:40:55 +00:00
|
|
|
|
2012-03-12 16:57:09 +00:00
|
|
|
body = []
|
2012-02-28 21:40:55 +00:00
|
|
|
|
2012-03-13 02:16:02 +00:00
|
|
|
domain = get_domain(i.base_url)
|
2012-02-28 21:40:55 +00:00
|
|
|
|
2012-03-13 02:16:02 +00:00
|
|
|
body.append('<h1>'+domain+'</h1>\n')
|
|
|
|
|
|
|
|
|
|
selected = get_pair_from_url(domain)
|
|
|
|
|
generated = get_generated_from_url(domain)
|
2012-02-28 21:40:55 +00:00
|
|
|
|
2012-03-12 16:57:09 +00:00
|
|
|
if selected:
|
|
|
|
|
body.append('<h2>Existing:</h2>\n<ul>')
|
|
|
|
|
for pair in selected:
|
2012-03-13 02:16:02 +00:00
|
|
|
body.append('<li class="pair">'+pair.username+' '+pair.password+'</li>\n')
|
2012-03-12 16:57:09 +00:00
|
|
|
body.append('</ul>')
|
2012-02-28 21:40:55 +00:00
|
|
|
|
2012-03-13 02:16:02 +00:00
|
|
|
body.append('<h2>Suggested:</h2>\n<p>' + generated[0].password + '</p>\n')
|
2012-03-12 16:57:09 +00:00
|
|
|
body.append('<h2>Create:</h2>\n')
|
2012-02-28 21:40:55 +00:00
|
|
|
|
2012-03-12 16:57:09 +00:00
|
|
|
body.append('<form class="form" method="get" action="/secret/create">\n'+ \
|
|
|
|
|
f.render()+ '\n<input type="submit" name="submit" id="submit"/></form>')
|
|
|
|
|
|
|
|
|
|
return render.page('create',''.join(body))
|
|
|
|
|
|
2012-03-13 02:23:58 +00:00
|
|
|
|
|
|
|
|
if method == 'create':
|
|
|
|
|
i = web.input()
|
|
|
|
|
|
|
|
|
|
exists = db.select('passwords', where='username="'+i.username+'" and password="' +\
|
|
|
|
|
i.password+'" and base_url="'+i.base_url+'"')
|
|
|
|
|
|
|
|
|
|
if not exists:
|
|
|
|
|
n = db.insert('passwords', username=i.username, password=i.password, \
|
|
|
|
|
base_url=i.base_url)
|
|
|
|
|
|
|
|
|
|
selected = get_pair_from_url(i.base_url)
|
|
|
|
|
|
|
|
|
|
body = ['<h1>'+i.base_url+'</h1>','']
|
|
|
|
|
|
|
|
|
|
for pair in selected:
|
|
|
|
|
body.append('('+pair.username+', '+pair.password+')')
|
|
|
|
|
|
|
|
|
|
return render.page('Created', ''.join(body))
|
|
|
|
|
|
2012-03-13 02:16:02 +00:00
|
|
|
if method == 'js-overlay':
|
|
|
|
|
return '''\
|
|
|
|
|
(function() {
|
|
|
|
|
function cleanHouse() {
|
|
|
|
|
elements = document.querySelectorAll('.myS');
|
|
|
|
|
for (i=0; i<elements.length; i++) {
|
|
|
|
|
elements[i].parentNode.removeChild(elements[i]);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cleanHouse();
|
|
|
|
|
|
|
|
|
|
s=document.createElement('style');
|
|
|
|
|
s.id='myS-style';
|
|
|
|
|
s.type='text/css';
|
|
|
|
|
s.className+='myS';
|
|
|
|
|
s.innerHTML='\
|
|
|
|
|
.myS{\
|
|
|
|
|
font-family:Georgia;\
|
|
|
|
|
color:#000;\
|
|
|
|
|
text-align:center;\
|
|
|
|
|
text-size:14px;\
|
|
|
|
|
}\
|
|
|
|
|
.myS p {\
|
|
|
|
|
padding:10px;\
|
|
|
|
|
}\
|
|
|
|
|
.myS a {\
|
|
|
|
|
text-decoration:none;\
|
|
|
|
|
color:#00F;\
|
|
|
|
|
}\
|
|
|
|
|
.myS a:hover{\
|
|
|
|
|
text-decoration:underline;\
|
|
|
|
|
}\
|
|
|
|
|
.myS a.close:hover {\
|
|
|
|
|
border:1px solid #F00;\
|
|
|
|
|
text-decoration:none;\
|
|
|
|
|
color:#F00;\
|
|
|
|
|
}\
|
|
|
|
|
';
|
|
|
|
|
document.body.appendChild(s);
|
|
|
|
|
|
|
|
|
|
o=document.createElement('div');
|
|
|
|
|
o.id='myS-overlay';
|
|
|
|
|
o.className+='myS';
|
|
|
|
|
o.style.position='fixed';
|
|
|
|
|
o.style.left=o.style.right=o.style.top=o.style.bottom='0%';
|
|
|
|
|
o.style.zIndex='1337';
|
|
|
|
|
o.style.backgroundColor='rgba(0,0,0,0.7)';
|
|
|
|
|
document.body.appendChild(o);
|
|
|
|
|
|
|
|
|
|
i=document.createElement('div');
|
|
|
|
|
i.id='myS-inner';
|
|
|
|
|
i.className+='myS';
|
|
|
|
|
i.style.position='relative';
|
|
|
|
|
i.style.margin='0em auto';
|
|
|
|
|
i.style.width='360px';
|
|
|
|
|
i.style.height='530px';
|
|
|
|
|
i.style.marginTop='20px';
|
|
|
|
|
i.style.backgroundColor='rgba(255,255,255,1)';
|
|
|
|
|
o.appendChild(i);
|
|
|
|
|
|
|
|
|
|
f=document.createElement('iframe');
|
|
|
|
|
f.id='myS-iframe';
|
|
|
|
|
f.className+='myS';
|
|
|
|
|
f.width=320;
|
|
|
|
|
f.height=480;
|
|
|
|
|
f.style.overflow='auto';
|
|
|
|
|
f.src='https://amdavidson.net/secret/new?base_url='+document.domain;
|
|
|
|
|
i.appendChild(f);
|
|
|
|
|
|
|
|
|
|
e=document.createElement('p');
|
|
|
|
|
e.className+='myS';
|
|
|
|
|
e.onclick=function(){cleanHouse();};
|
|
|
|
|
e.innerHTML='<a class="close">Close</a>';
|
|
|
|
|
i.appendChild(e);
|
|
|
|
|
|
|
|
|
|
})();'''
|
|
|
|
|
|
|
|
|
|
if method == 'js':
|
|
|
|
|
return '''\
|
|
|
|
|
(function() {
|
|
|
|
|
window.open('https://amdavidson.net/secret/new?base_url='+document.domain,'mySecret','status=no,directories=no,location=no,resizable=no,menubar=no,width=320,height=480,toolbar=no');
|
|
|
|
|
})();
|
|
|
|
|
'''
|
|
|
|
|
|
2012-03-12 16:57:09 +00:00
|
|
|
else:
|
|
|
|
|
return render.page('mySecrets', '<p>These are mySecrets. There is nothing for you here.</p>')
|
2012-02-28 21:40:55 +00:00
|
|
|
|
|
|
|
|
class api:
|
2012-03-12 16:57:09 +00:00
|
|
|
def GET(self, method):
|
|
|
|
|
if method == "list":
|
|
|
|
|
tmp = ''
|
|
|
|
|
for pair in db.select('passwords'):
|
|
|
|
|
tmp += pair['base_url']+','+pair['username']+','+pair['password']+'\n'
|
|
|
|
|
|
|
|
|
|
return tmp
|
|
|
|
|
|
|
|
|
|
if method == "get":
|
|
|
|
|
i = web.input()
|
|
|
|
|
base_url = i.base_url
|
|
|
|
|
pairs = db.select('passwords', where='`base_url`="'+base_url+'"')
|
|
|
|
|
|
|
|
|
|
tmp = ''
|
|
|
|
|
for pair in pairs:
|
|
|
|
|
tmp += pair.username+','+pair.password+'\n'
|
|
|
|
|
|
|
|
|
|
return tmp
|
|
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
return 'mySecrets API ' + method
|
|
|
|
|
|
|
|
|
|
def POST(self, method):
|
|
|
|
|
i = web.input()
|
|
|
|
|
n = db.insert('passwords', username=i.username, password=i.password, \
|
|
|
|
|
base_url=i.base_url)
|
|
|
|
|
|
|
|
|
|
body = '<h1>'+i.base_url+'</h1><p>'+i.username+', '+i.password+'</p>'
|
|
|
|
|
|
|
|
|
|
return render.page('Created', body)
|
2012-02-28 21:40:55 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
2012-03-12 16:57:09 +00:00
|
|
|
web.wsgi.runwsgi = lambda func, addr=None: web.wsgi.runfcgi(func, addr)
|
|
|
|
|
app.run()
|
