def register_attemp(self):
if self.chances == 0:
data = mwx.rwjson('info.json')
data['ips'].append(self.address)
mwx.rwjson('info.json', data)
return True
self.chances -= 1
return False
def security_check():
if request.environ.get('HTTP_X_FORWARDED_FOR') in [None, '']:
g.ip = request.remote_addr
else:
g.ip = request.environ['HTTP_X_FORWARDED_FOR']
ips = mwx.rwjson('info.json')['ips']
if g.ip in ips:
abort(403)
host = mwx.rwjson('info.json')['host']
if not host:
if session.get('id', False) != h.hexdigest():
abort(403)
def settings():
inf = mwx.rwjson('info.json')
if request.method == 'POST':
form = forms.SettingsForm(request.form)
if not form.validate_on_submit():
abort(400)
inf['host'] = True if form.host.data == '1' else False
inf['show_hidden_files'] = True if form.show_hidden_files.data == '1' else False
inf['theme'] = form.theme.data
mwx.rwjson('info.json', inf)
return redirect(f'http://{request.host}')
form = forms.SettingsForm()
data = {
'host': '1' if inf['host'] else '0',
'show_hidden_files': '1' if inf['show_hidden_files'] else '0',
'theme': inf['theme']
}
return render_template('settings.html', form=form, data=data)
def editor():
if not isinstance(request.args.get('path', False), str):
abort(400)
form = forms.FileForm()
if request.args.get('file', False):
form = forms.FileForm()
form.name.data = request.args['file']
form.content.data = mwx.rwfile(
os.path.join(home, 'Pylocalhost', request.args['path'],
request.args['file']))
if request.method == 'POST':
form = forms.FileForm(request.form)
if not form.validate_on_submit():
abort(400)
try:
mwx.rwfile(
os.path.join(home, 'Pylocalhost', request.args['path'],
form.name.data), form.content.data)
return redirect(f'http://{request.host}/' + request.args['path'])
except:
return '<span style="font-weight:bold;color:red;">An Error occurred while saving file!</span>'
inf = mwx.rwjson('info.json')
return render_template('editor.html', form=form, theme=inf['theme'])
# In the name of Allah
from mwx import rwjson
print(rwjson('/etc/pylocalhost/info.json')['password'])
# In the name of Allah
from functools import wraps
from flask import session, abort
import mwx
import hashlib
h = hashlib.sha256()
h.update(str(mwx.rwjson('info.json')['password']).encode('utf-8'))
def secure_api(func):
@wraps(func)
def decorator(*args, **kwargs):
if str(session.get('id', False)) != h.hexdigest():
abort(403)
return func(*args, **kwargs)
return decorator
class DangerousIP:
def __init__(self, address):
self.address = address
self.chances = 4
def register_attemp(self):
if self.chances == 0:
data = mwx.rwjson('info.json')
data['ips'].append(self.address)
mwx.rwjson('info.json', data)
def explorer(p):
root = os.path.join(home, 'Pylocalhost')
path = os.path.join(root, p)
show_hidden_files = mwx.rwjson('info.json')['show_hidden_files']
jupyter_installed = '1' if mwx.rwjson(
'info.json')['jupyter_installed'] else '0'
if request.args.get('dl') == 'true':
return redirect(f'http://{request.host}/d/' + p)
if request.args.get('run') == 'true':
if session.get('id', False) != h.hexdigest():
abort(403)
if p.lower().endswith('.py'):
try:
return '<span style="font-weight:bold;color:green;">Python script ran successsfully here is the output:</span><br><br>' + os.popen(
f'{python} {home}/Pylocalhost/{p}').read(), 200
except:
return '<span style="font-weight:bold;color:red;">Could not run script successfully!</span>', 500
elif p.lower().endswith('.js'):
if not os.popen('which node').read().startswith('/'):
return '<span style="font-weight:bold;color:red;">You don\'t have NodeJS installed on your system!</span>'
try:
return '<span style="font-weight:bold;color:green;">Javascript ran successfully here is the output:</span><br><br>' + os.popen(
f'node {home}/Pylocalhost/{p}').read(), 200
except:
return '<span style="font-weight:bold;color:red;">Could not run script successfully!</span>', 500
else:
return '<span style="font-weight:bold;color: red;">PyLocalHost is only able to run Javascript or Python scripts</span>', 400
if request.args.get('sysopen') == 'true':
if session.get('id', False) != h.hexdigest():
abort(403)
try:
env = dict(os.environ)
env['DISPLAY'] = ":0"
subprocess.Popen(f'xdg-open {path}', env=env, shell=True)
return 'Requesting from system was successful', 200
except:
return 'Requesting from system was not successful', 500
if request.args.get('rm') == 'true':
if session.get('id', False) != h.hexdigest():
abort(403)
try:
os.popen(f'rm -rf {path}')
return redirect(f'http://{request.host}/' + p + '/../')
except:
return 'Requesting from system was not successful', 500
if os.path.isdir(path) or os.path.ismount(path):
if request.args.get('notebook') == 'true':
if session.get('id', False) != h.hexdigest():
abort(403)
try:
env = dict(os.environ)
env['DISPLAY'] = ":0"
x = subprocess.Popen(
f'cd {path} && /etc/pylocalhost/.venv/bin/jupyter notebook',
env=env,
shell=True)
notebooks.append(x)
return 'Requesting from system was successfull', 200
except:
return 'Requesting from system was not successfull!', 500
if request.args.get('srvdir') == 'true':
return redirect(f'http://{request.host}/s/' + p)
ls = mwx.browse(path, show_hidden_files)
return jsonify(ls) if request.args.get(
'api') == 'true' else render_template('explorer.html',
ls=ls,
p=p,
rp=f'http://{request.host}',
jupyter=jupyter_installed)
elif os.path.isfile(path) or os.path.islink(path):
return redirect(f'http://{request.host}/s/' + p)
else:
return render_template('404.html', p=p), 404
# In the name of Allah
from flask import Flask, abort, render_template, request, jsonify, redirect, session, g
from datetime import timedelta
import os
import forms
import mwx
import subprocess
import hashlib
import utils
home = mwx.rwjson('info.json')['home']
python = mwx.rwjson('info.json')['python']
password = mwx.rwjson('info.json')['password']
h = hashlib.sha256()
h.update(password.encode('utf-8'))
notebooks = []
dangerous_ips = []
app = Flask(__name__)
app.config['SECRET_KEY'] = mwx.rwjson('info.json')['secret']
@app.before_request
def security_check():
if request.environ.get('HTTP_X_FORWARDED_FOR') in [None, '']:
g.ip = request.remote_addr
else:
g.ip = request.environ['HTTP_X_FORWARDED_FOR']
ips = mwx.rwjson('info.json')['ips']