def retype(): if request.method == 'POST': x = request.form['message'].split('\n') username = x[0] aes_key = base64.b64decode(x[1]) hex_aes_key = ''.join(x.encode('hex') for x in aes_key) print username user = User.query.filter(User.username == username).first() print '1', hex_aes_key == user.password[:32] print '2', hex_aes_key print '3', user.password[:32] print upload_cache entry = upload_cache.get(username) if not entry: return 'RETYPE 5' tries = entry[0] case = entry[1] folder = entry[2] if hex_aes_key == user.password[:32]: db.session.add(case) db.session.commit() # store images in database for img_file in glob.glob(os.path.join(folder, "*.jpg")): img = Image() img.create_image(img_file, case) db.session.add(img) db.session.commit() return 'OK' else: if tries != 4: upload_cache[username] = (tries + 1, case, folder) else: upload_cache.pop(username) return "RETYPE %s" % tries
def upload_file(): if request.method == 'POST': # get file from form f = request.files['file'] # if form is not empty if f: # temporarily save uploaded archive in folder with same name as archive filename filename = secure_filename(f.filename) folder = (app.config['UPLOAD_FOLDER'] + filename).replace('.zip', '') os.makedirs(folder) f.save(os.path.join(folder, filename)) # extract uploaded archive to folder and delete original archive with open(os.path.join(folder, filename), 'r') as f: z = zipfile.ZipFile(f) z.extractall(folder) if REMOVE_TEMP: os.remove(f.name) # get encrypted AES key (128-bit SHA-1 of plaintext password) from XML file and decrypt using RSA private key with open(os.path.join(folder, 'accountData.xml'), 'r') as f: g = f.read() root = ET.fromstring(g) username = root.find('user').text enc_aes_key = root.find('pass').text.replace('\n','') enc_aes_key = base64.b64decode(enc_aes_key) private_key = RSA.importKey(Key.query.first().private_key) aes_key = private_key.decrypt(enc_aes_key) # decrypt image archive using decrypted AES key with open(os.path.join(folder, 'cipherZipFile.zip'), 'r') as f: enc_img_zip = f.read() cipher = AES.new(aes_key, AES.MODE_ECB, 'dummy_parameter') msg = cipher.decrypt(enc_img_zip) # store decrypted image archive on disk with open(os.path.join(folder, 'decrypted.zip'), 'w') as f: f.write(msg) if REMOVE_TEMP: os.remove(os.path.join(folder, 'cipherZipFile.zip')) # extract decrypted image archive and store in database with open(os.path.join(folder, 'decrypted.zip'), 'r') as f: z = zipfile.ZipFile(f) z.extractall(folder) if REMOVE_TEMP: os.remove(f.name) # make case using XML data tree = ET.parse(os.path.join(folder, 'textData.xml')) root = tree.getroot() mapping = {} for child in root: mapping[child.tag] = child.text month, day, year = map(int, mapping['date-created'].split('/')) hours, minutes, seconds = map(int, mapping['time-created'].split(':')) latitude = float(mapping['latitude']) longitude = float(mapping['longitude']) species = mapping['species'].replace('Plasmodium ', '').capitalize() age = mapping['age'] address = mapping['address'] region = Region.query.filter(Region.name == mapping['region']).first() dt = datetime.datetime(year, month, day, hours, minutes, seconds) case = Case(date=dt,age=age,address=address,human_diagnosis=species,lat=latitude,lng=longitude) case.region = region user = User.query.filter(User.username == username).first() hex_aes_key = ''.join(x.encode('hex') for x in aes_key) if hex_aes_key == user.password[:32]: db.session.add(case) db.session.commit() # store images in database for img_file in glob.glob(os.path.join(folder, "*.jpg")): img = Image() img.create_image(img_file, case) db.session.add(img) db.session.commit() # make new training image trainingImg = TrainingImage(img.id, 0, 'Unlabeled', 'Unlabeled', None) db.session.add(trainingImg) db.session.commit() return 'OK' else: # {'username': (tries, case, folder) upload_cache[username] = (0, case, folder) return 'RETYPE 0' return '''