def public_download(self, shareId, **kwargs): user = None message, publicShare, config = None, None, cherrypy.request.app.config['filelocker'] orgConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('org_%')).all()) cherrypy.response.timeout = 36000 shareId = strip_tags(shareId) try: publicShare = session.query(PublicShare).filter(PublicShare.id==shareId).one() if cherrypy.session.has_key("public_share_id") == False or cherrypy.session.get("public_share_id") != publicShare.id: password = kwargs['password'] if kwargs.has_key("password") else None if publicShare.password == None or (password is not None and Encryption.compare_password_hash(password, publicShare.password)): cherrypy.session['public_share_id'] = publicShare.id elif password == None: message = "This file share is password protected." publicShare = None elif password is not None and Encryption.compare_password_hash(password, publicShare.password) == False: message = "Invalid password" publicShare = None else: publicShare = None except sqlalchemy.orm.exc.NoResultFound: message = "Invalid Share ID" shareId = None except Exception, e: message = "Unable to access download page: %s " % str(e)
def encrypt_message(message): config = cherrypy.request.app.config["filelocker"] try: message.encryption_key = Encryption.generatePassword() f = open(os.path.join(config["vault"], "m%s" % str(message.id)), "wb") encrypter, salt = Encryption.new_encrypter(message.encryption_key) padding, endOfFile = (0, False) newFile = StringIO.StringIO(message.body) f.write(salt) data = newFile.read(1024 * 8) # If File is only one block long, handle it here if len(data) < (1024 * 8): padding = 16 - (len(data) % 16) if padding == 16: paddingByte = "%X" % 0 else: paddingByte = "%X" % padding for i in range(padding): data += paddingByte f.write(encrypter.encrypt(data)) else: while 1: if endOfFile: break else: next_data = newFile.read(1024 * 8) # this only happens if we are at the end, meaning the next block is the last # so we have to handle the padding by aggregating the two blocks and determining pad if len(next_data) < (1024 * 8): data += next_data padding = 16 - (len(data) % 16) if padding == 16: paddingByte = "%X" % 0 else: paddingByte = "%X" % padding for i in range(padding): data += paddingByte endOfFile = True f.write(encrypter.encrypt(data)) data = next_data newFile.close() f.close() except IOError, ioe: cherrypy.log.error( "[%s] [encrypt_message] [There was an IOError while checking in new file: %s]" % (message.owner_id, str(ioe)) ) raise Exception( "There was an IO error while uploading: %s. The administrator has been notified of this error." % str(ioe) )
def encrypt_message(message): config = cherrypy.request.app.config['filelocker'] try: message.encryption_key = Encryption.generatePassword() f = open(os.path.join(config['vault'], "m%s" % str(message.id)), "wb") encrypter, salt = Encryption.new_encrypter(message.encryption_key) padding, endOfFile = (0, False) newFile = StringIO.StringIO(message.body) f.write(salt) data = newFile.read(1024 * 8) #If File is only one block long, handle it here if len(data) < (1024 * 8): padding = 16 - (len(data) % 16) if padding == 16: paddingByte = "%X" % 0 else: paddingByte = "%X" % padding for i in range(padding): data += paddingByte f.write(encrypter.encrypt(data)) else: while 1: if endOfFile: break else: next_data = newFile.read(1024 * 8) #this only happens if we are at the end, meaning the next block is the last #so we have to handle the padding by aggregating the two blocks and determining pad if len(next_data) < (1024 * 8): data += next_data padding = 16 - (len(data) % 16) if padding == 16: paddingByte = "%X" % 0 else: paddingByte = "%X" % padding for i in range(padding): data += paddingByte endOfFile = True f.write(encrypter.encrypt(data)) data = next_data newFile.close() f.close() except IOError, ioe: cherrypy.log.error( "[%s] [encrypt_message] [There was an IOError while checking in new file: %s]" % (message.owner_id, str(ioe))) raise Exception( "There was an IO error while uploading: %s. The administrator has been notified of this error." % str(ioe))
def public_download(self, shareId, **kwargs): user = None message, publicShare, config = None, None, cherrypy.request.app.config[ 'filelocker'] orgConfig = get_config_dict_from_objects( session.query(ConfigParameter).filter( ConfigParameter.name.like('org_%')).all()) cherrypy.response.timeout = 36000 shareId = strip_tags(shareId) try: publicShare = session.query(PublicShare).filter( PublicShare.id == shareId).one() if cherrypy.session.has_key( "public_share_id") == False or cherrypy.session.get( "public_share_id") != publicShare.id: password = kwargs['password'] if kwargs.has_key( "password") else None if publicShare.password == None or ( password is not None and Encryption.compare_password_hash( password, publicShare.password)): cherrypy.session['public_share_id'] = publicShare.id elif password == None: message = "This file share is password protected." publicShare = None elif password is not None and Encryption.compare_password_hash( password, publicShare.password) == False: message = "Invalid password" publicShare = None else: publicShare = None except sqlalchemy.orm.exc.NoResultFound: message = "Invalid Share ID" shareId = None except Exception, e: message = "Unable to access download page: %s " % str(e)
def getfileinfo(self, filename): if not os.path.exists(filename): return False file_name = os.path.basename(filename) file_md5 = Encryption.fileEncry(filename) file_size = os.path.getsize(filename) file_dict = { 'filename': file_name, 'filemd5': file_md5, 'filesize': file_size } return file_dict
def decrypt_message(message): config = cherrypy.request.app.config['filelocker'] messageBody = "" try: path = os.path.join(config['vault'], "m" + str(message.id)) bodyfile = open(path, 'rb') salt = bodyfile.read(16) decrypter = Encryption.new_decrypter(message.encryption_key, salt) endOfFile = False readData = bodyfile.read(1024 * 8) data = decrypter.decrypt(readData) #If the data is less than one block long, just process it and send it out if len(data) < (1024 * 8): padding = int(str(data[-1:]), 16) #A 0 represents that the file had a multiple of 16 bytes, and 16 bytes of padding were added if padding == 0: padding = 16 endOfFile = True messageBody += data[:len(data) - padding] else: #For multiblock files while True: if endOfFile: break next_data = decrypter.decrypt(bodyfile.read(1024 * 8)) if (next_data is not None and next_data != "") and not len(next_data) < (1024 * 8): yData = data data = next_data messageBody += yData #This prevents padding going across block boundaries by aggregating the last two blocks and processing #as a whole if the next block is less than a full block (signifying end of file) else: data = data + next_data padding = int(str(data[-1:]), 16) #A 0 represents that the file had a multiple of 16 bytes, and 16 bytes of padding were added if padding == 0: padding = 16 endOfFile = True messageBody += data[:len(data) - padding] return messageBody except Exception, e: raise Exception("Couldn't decrypt message body: %s" % str(e))
def decrypt_message(message): config = cherrypy.request.app.config["filelocker"] messageBody = "" try: path = os.path.join(config["vault"], "m" + str(message.id)) bodyfile = open(path, "rb") salt = bodyfile.read(16) decrypter = Encryption.new_decrypter(message.encryption_key, salt) endOfFile = False readData = bodyfile.read(1024 * 8) data = decrypter.decrypt(readData) # If the data is less than one block long, just process it and send it out if len(data) < (1024 * 8): padding = int(str(data[-1:]), 16) # A 0 represents that the file had a multiple of 16 bytes, and 16 bytes of padding were added if padding == 0: padding = 16 endOfFile = True messageBody += data[: len(data) - padding] else: # For multiblock files while True: if endOfFile: break next_data = decrypter.decrypt(bodyfile.read(1024 * 8)) if (next_data is not None and next_data != "") and not len(next_data) < (1024 * 8): yData = data data = next_data messageBody += yData # This prevents padding going across block boundaries by aggregating the last two blocks and processing # as a whole if the next block is less than a full block (signifying end of file) else: data = data + next_data padding = int(str(data[-1:]), 16) # A 0 represents that the file had a multiple of 16 bytes, and 16 bytes of padding were added if padding == 0: padding = 16 endOfFile = True messageBody += data[: len(data) - padding] return messageBody except Exception, e: raise Exception("Couldn't decrypt message body: %s" % str(e))
500, "Invalid password" ) if format == "content_only" else cherrypy.HTTPRedirect( config['root_url'] + '/upload_request?requestId=%s&msg=3' % requestId) requestOwner = session.query(User).filter( User.id == uploadRequest.owner_id).one() except cherrypy.HTTPError, httpe: raise httpe except cherrypy.HTTPRedirect, httpr: raise httpr except Exception, e: messages.append(str(e)) elif password is not None and password != "": # if they do have a password and requestId, try to load the whole upload ticket uploadRequest = session.query(UploadRequest).filter( UploadRequest.id == requestId).one() if Encryption.compare_password_hash(password, uploadRequest.password): cherrypy.session['uploadRequest'] = uploadRequest.get_copy( ) requestOwner = session.query(User).filter( User.id == uploadRequest.owner_id).one() else: uploadRequest = None raise cherrypy.HTTPError( 500, "Invalid password" ) if format == "content_only" else cherrypy.HTTPRedirect( config['root_url'] + '/upload_request?requestId=%s&msg=3' % requestId) elif cherrypy.session.has_key("uploadRequest"): uploadRequest = cherrypy.session.get("uploadRequest") requestOwner = session.query(User).filter( User.id == uploadRequest.owner_id).one()
ext = "" i = flFile.name.rfind('.') if i != -1: ext = flFile.name[i:].lower() content_type = mimetypes.types_map.get(ext, "text/plain") response.headers['Content-Type'] = content_type if disposition is not None: cd = '%s; filename="%s"' % (disposition, flFile.name) response.headers["Content-Disposition"] = cd # Set Content-Length and use an iterable (file object) # this way CP won't load the whole file in memory c_len = st.st_size bodyfile = open(path, 'rb') salt = bodyfile.read(16) decrypter = Encryption.new_decrypter(flFile.encryption_key, salt) try: response.body = self.enc_file_generator(user, decrypter, bodyfile, flFile.id, publicShareId) return response.body except cherrypy.HTTPError, he: raise he def enc_file_generator(self, user, decrypter, dFile, fileId=None, publicShareId=None): endOfFile = False readData = dFile.read(1024 * 8)
# [ Abdu_Almisrati ] # [ fb/r00tly ] # [ Coded By Almisrati ] # [ 4/27/2020 - Time 6:02 PM ] # [ Encryption ] # [ It's Working on Python 3.7 ] #________________________ from lib.Encryption import * En = Encryption() while True: choices = input("\033[1;36m > Enter The Encryption Number Here : \033[0m") try: choices = int(choices) if choices == 1: En.MD5() elif choices == 2: En.SHA1() elif choices == 3: En.SHA224() elif choices == 4: En.SHA256() elif choices == 5:
fileCommand = session.query(ConfigParameter).filter(ConfigParameter.name=="file_command").one().value fileres = os.popen("%s %s" % (fileCommand, filePath), "r") data = fileres.read().strip() fileres.close() if data.find(";") >= 0: (ftype, lo) = data.split(";") del(lo) flFile.type = ftype.strip() else: flFile.type = data.strip() except Exception, e: cherrypy.log.error("[%s] [checkInFile] [Unable to determine file type: %s]" % (user.id, str(e))) #Logic is a little strange here - if the user supplied an encryptionKey, then don't save it with the file encryptionKey = None flFile.encryption_key = Encryption.generatePassword() encryptionKey = flFile.encryption_key os.umask(077) newFile = open(filePath, "rb") f = open(os.path.join(config['vault'], str(flFile.id)), "wb") encrypter, salt = Encryption.new_encrypter(encryptionKey) padding, endOfFile = (0, False) f.write(salt) data = newFile.read(1024*8) #If File is only one block long, handle it here if len(data) < (1024*8): padding = 16-(len(data)%16) if padding == 16: paddingByte = "%X" % 0 else: paddingByte = "%X" % padding
if uploadRequest.password == None and uploadRequest.type == "single": cherrypy.session['uploadRequest'] = uploadRequest.get_copy() else: messages.append("This upload request requires a password before you can upload files") uploadRequest = None raise cherrypy.HTTPError(500, "Invalid password") if format == "content_only" else cherrypy.HTTPRedirect(config['root_url']+'/upload_request?requestId=%s&msg=3' % requestId) requestOwner = session.query(User).filter(User.id == uploadRequest.owner_id).one() except cherrypy.HTTPError, httpe: raise httpe except cherrypy.HTTPRedirect, httpr: raise httpr except Exception, e: messages.append(str(e)) elif password is not None and password!="": # if they do have a password and requestId, try to load the whole upload ticket uploadRequest = session.query(UploadRequest).filter(UploadRequest.id == requestId).one() if Encryption.compare_password_hash(password, uploadRequest.password): cherrypy.session['uploadRequest'] = uploadRequest.get_copy() requestOwner = session.query(User).filter(User.id == uploadRequest.owner_id).one() else: uploadRequest = None raise cherrypy.HTTPError(500, "Invalid password") if format == "content_only" else cherrypy.HTTPRedirect(config['root_url']+'/upload_request?requestId=%s&msg=3' % requestId) elif cherrypy.session.has_key("uploadRequest"): uploadRequest = cherrypy.session.get("uploadRequest") requestOwner = session.query(User).filter(User.id == uploadRequest.owner_id).one() else: raise cherrypy.HTTPError(500, "Unable to load upload request") if format == "content_only" else cherrypy.HTTPRedirect("%s/upload_request?msg=1" % (config['root_url'])) if uploadRequest is not None: fileList = session.query(File).filter(File.upload_request_id==uploadRequest.id).all() for flFile in fileList: flFile.documentType = "document"
def create_message(self, subject, body, recipientIds, expiration, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = cherrypy.session.get("user"), [], [] if requestOrigin != cherrypy.session["request-origin"]: fMessages.append("Missing request key!!") else: try: maxDays = int( session.query(ConfigParameter).filter(ConfigParameter.name == "max_file_life_days").one().value ) maxExpiration = datetime.datetime.today() + datetime.timedelta(days=maxDays) expiration = ( datetime.datetime(*time.strptime(strip_tags(expiration), "%m/%d/%Y")[0:5]) if ( kwargs.has_key("expiration") and strip_tags(expiration) is not None and expiration.lower() != "never" ) else maxExpiration ) recipientIdList = split_list_sanitized(recipientIds) subject = strip_tags(subject) if subject is None or subject.strip() == "": raise Exception("Subject cannot be blank") # Process the expiration data for the file if expiration is None and ( AccountService.user_has_permission(user, "expiration_exempt") == False and AccountService.user_has_permission(user, "admin") == False ): # Check permission before allowing a non-expiring upload expiration = maxExpiration else: if ( maxExpiration < expiration and AccountService.user_has_permission(user, "expiration_exempt") == False ): raise Exception( "Expiration date must be between now and %s." % maxExpiration.strftime("%m/%d/%Y") ) if body is None or body.strip() == "": raise Exception("Message body cannot be blank") newMessage = Message( subject=subject, body=body, date_sent=datetime.datetime.now(), owner_id=user.id, date_expires=expiration, encryption_key=Encryption.generatePassword(), ) session.add(newMessage) session.commit() encrypt_message(newMessage) for recipientId in recipientIdList: rUser = AccountService.get_user(recipientId) if rUser is not None: newMessage.message_shares.append(MessageShare(message_id=newMessage.id, recipient_id=rUser.id)) session.add( AuditLog( user.id, "Send Message", '%s sent a message with subject: "%s" to %s(%s)' % (user.id, newMessage.subject, rUser.display_name, rUser.id), rUser.id, None, ) ) else: fMessages.append("Could not send to user with ID:%s - Invalid user ID" % str(recipientId)) session.commit() sMessages.append('Message "%s" sent.' % subject) except ValueError: fMessages.append("Invalid expiration date format. Date must be in mm/dd/yyyy format.") except Exception, e: cherrypy.log.error("[%s] [create_message] [Could not create message: %s]" % (user.id, str(e))) fMessages.append("Could not send message: %s" % str(e))
ext = "" i = flFile.name.rfind('.') if i != -1: ext = flFile.name[i:].lower() content_type = mimetypes.types_map.get(ext, "text/plain") response.headers['Content-Type'] = content_type if disposition is not None: cd = '%s; filename="%s"' % (disposition, flFile.name) response.headers["Content-Disposition"] = cd # Set Content-Length and use an iterable (file object) # this way CP won't load the whole file in memory c_len = st.st_size bodyfile = open(path, 'rb') salt = bodyfile.read(16) decrypter = Encryption.new_decrypter(flFile.encryption_key, salt) try: response.body = self.enc_file_generator(user, decrypter, bodyfile, flFile.id, publicShareId) return response.body except cherrypy.HTTPError, he: raise he def enc_file_generator(self, user, decrypter, dFile, fileId=None, publicShareId=None): endOfFile = False readData = dFile.read(1024*8) data = decrypter.decrypt(readData) #If the data is less than one block long, just process it and send it out #try: if len(data) < (1024*8): padding = int(str(data[-1:]),16) #A 0 represents that the file had a multiple of 16 bytes, and 16 bytes of padding were added
def create_message(self, subject, body, recipientIds, expiration, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = cherrypy.session.get("user"), [], [] if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: maxDays = int( session.query(ConfigParameter).filter( ConfigParameter.name == 'max_file_life_days').one().value) maxExpiration = datetime.datetime.today() + datetime.timedelta( days=maxDays) expiration = datetime.datetime( *time.strptime(strip_tags(expiration), "%m/%d/%Y")[0:5] ) if (kwargs.has_key('expiration') and strip_tags(expiration) is not None and expiration.lower() != "never") else maxExpiration recipientIdList = split_list_sanitized(recipientIds) subject = strip_tags(subject) if subject is None or subject.strip() == "": raise Exception("Subject cannot be blank") #Process the expiration data for the file if expiration is None and ( AccountService.user_has_permission( user, "expiration_exempt") == False and AccountService.user_has_permission( user, "admin") == False ): #Check permission before allowing a non-expiring upload expiration = maxExpiration else: if maxExpiration < expiration and AccountService.user_has_permission( user, "expiration_exempt") == False: raise Exception( "Expiration date must be between now and %s." % maxExpiration.strftime("%m/%d/%Y")) if body is None or body.strip() == "": raise Exception("Message body cannot be blank") newMessage = Message( subject=subject, body=body, date_sent=datetime.datetime.now(), owner_id=user.id, date_expires=expiration, encryption_key=Encryption.generatePassword()) session.add(newMessage) session.commit() encrypt_message(newMessage) for recipientId in recipientIdList: rUser = AccountService.get_user(recipientId) if rUser is not None: newMessage.message_shares.append( MessageShare(message_id=newMessage.id, recipient_id=rUser.id)) session.add( AuditLog( user.id, "Send Message", "%s sent a message with subject: \"%s\" to %s(%s)" % (user.id, newMessage.subject, rUser.display_name, rUser.id), rUser.id, None)) else: fMessages.append( "Could not send to user with ID:%s - Invalid user ID" % str(recipientId)) session.commit() sMessages.append("Message \"%s\" sent." % subject) except ValueError: fMessages.append( "Invalid expiration date format. Date must be in mm/dd/yyyy format." ) except Exception, e: cherrypy.log.error( "[%s] [create_message] [Could not create message: %s]" % (user.id, str(e))) fMessages.append("Could not send message: %s" % str(e))
import sys from os.path import abspath, dirname sys.path.insert(0, abspath(dirname(dirname(__file__)))) import getpass from lib import FTPServerClass from lib import UserCheck from lib import Encryption if __name__ == '__main__': print('-------> Run FTP Server <---------') while True: username = input('Username:'******'Password:'******'Password:'******'FTPserver'), config_dic.get('FTPport')) print('启动FTP Server服务,开始等待链接') ftp.run() else: user_input = input('账号或者密码错误,是否请重试 (y/n): ') if user_input == 'y' or user_input == 'Y': continue else: print('Bye Bye') break