Exemplo n.º 1
0
async def user(request, urltype, steamid):
    path = urlparse(request.url).path

    currentuser = await getcurrentuser(request)
    if currentuser and currentuser['url'] == path:
        user = currentuser
    else:
        user = await getuser(steamid, urltype)

    if user:
        if user['url'] != path:
            return redirect(user['url'])

        items = await getitems(item['index'] for item in user['wishlist'])

        for i, item in enumerate(items):
            item.update({'i': i})
            item.update(user['wishlist'][i])

    else:
        abort(404)

    return await render('user.html',
                        user=user,
                        items=items)
Exemplo n.º 2
0
async def item(request, **kwargs):
    slug = kwargs.get('slug')
    index = kwargs.get('index')
    is_json = kwargs.get('is_json')

    item = await (getitembyslug(slug) if slug else getitem(index))

    if item and index is not None and not is_json:
        slug = slugify(item['name'])
        return redirect(f'/{slug}', status=301)

    if not item:
        if is_json:
            return tojson({'error': 'Item does not exist.'})
        abort(404)

    if is_json:
        return tojson(item)
    else:
        name = item['name']
        tags_text = '/'.join(item['tags']) if item['tags'] else 'item'
        classes_text = getlistastext(item['classes'], 'all classes')

        description = f'{name} is a TF2 {tags_text} for {classes_text}.'

        if item['description']:
            desc_parts = item['description'].partition('---')

            desc = desc_parts[0].replace('\n', ' ')
            bundle_items = getlistastext(desc_parts[2].split('\n'))

            description = (
                f"{description} {desc} {bundle_items}" if bundle_items else
                f"{description} {desc}"
            ).rstrip(':')

            if description[-1] not in ('.', '?', '!'):
                description += '.'

        return await render('item.html',
                            item=item,
                            description=description)
Exemplo n.º 3
0
async def update_one_payloadtype(request, user, ptype):
    if user["auth"] not in ["access_token", "apitoken"]:
        abort(
            status_code=403,
            message=
            "Cannot access via Cookies. Use CLI or access via JS in browser",
        )
    try:
        query = await db_model.payloadtype_query()
        payloadtype = await db_objects.get(query, id=ptype)
        data = request.json
        if "container_running" in data:
            payloadtype.container_running = data["container_running"]
            await db_objects.update(payloadtype)
    except Exception as e:
        return json({
            "status": "error",
            "error": "failed to find payload type"
        })
    return json({"status": "success", **payloadtype.to_json()})
Exemplo n.º 4
0
async def register_user(request: Request, ws: WebSocketCommonProtocol):
    logger.info(f"Registering new user, paramsL {request.args}")
    if 'name' not in request.args or 'room' not in request.args:
        logger.warning("No args")
        abort(400)

    name_arg = request.args['name'][0]
    room_arg = request.args['room'][0]

    if room_arg not in app.config.rooms:
        logger.info("Room not found. Creating new room.")
        app.config.rooms[room_arg] = Room(room_arg)

    room = app.config.rooms[room_arg]
    try:
        room.add_user(name_arg, ws)
    except UserAlreadyExists:
        logger.warning("User already exists, closing the socket")
        await ws.close(code=1003, reason='UserAlreadyExists')
    await chat_loop(name_arg, room, ws)
Exemplo n.º 5
0
async def exchange_token(request, payload):
    code = payload["code"]
    try:
        token = await request.app.exchange_token(code)
    except aiohttp.ClientResponseError as e:
        raise abort(e.status, f"Discord Exchange Error: '{e.message}'")

    if type(token) == bytes:
        token = token.decode()

    return response.json({"token": token})
Exemplo n.º 6
0
async def show(request, token):
    Secret.update(reads=Secret.reads - 1).where(
        Secret.token == token,
        Secret.expiration >= datetime.now(),
    ).execute() or abort(404, 'Secret not found')
    secret = Secret.get(Secret.token == token)
    secret.reads > 0 or secret.delete_instance()
    context = secret.serialize()
    if request.headers.get('Accept') == 'application/json':
        return response.json(context)
    return jinja.render('show.html', request, **context)
Exemplo n.º 7
0
async def get_all_responses(request, user):
    if user['auth'] not in ['access_token', 'apitoken']:
        abort(status_code=403, message="Cannot access via Cookies. Use CLI or access via JS in browser")
    try:
        responses = []
        query = await db_model.operation_query()
        operation = await db_objects.get(query, name=user['current_operation'])
        query = await db_model.callback_query()
        callbacks = await db_objects.execute(query.where(Callback.operation == operation))
        for c in callbacks:
            query = await db_model.task_query()
            tasks = await db_objects.prefetch(query.where(Task.callback == c), Command.select())
            for t in tasks:
                query = await db_model.response_query()
                task_responses = await db_objects.execute(query.where(Response.task == t))
                responses += [r.to_json() for r in task_responses]
    except Exception as e:
        return json({'status': 'error',
                     'error': 'Cannot get responses: ' + str(e)})
    return json(responses)
Exemplo n.º 8
0
async def create_disabled_commands_profile(request, user):
    if user['auth'] not in ['access_token', 'apitoken']:
        abort(status_code=403,
              message=
              "Cannot access via Cookies. Use CLI or access via JS in browser")
    # only the admin of an operation or an overall admin can delete an operation
    try:
        if not user['admin']:
            return json({
                "status":
                'error',
                'error':
                'Must be an Apfell admin to create disabled command profiles'
            })
        data = request.json
        added_acl = []
        # {"profile_name": {"payload type": [command name, command name 2], "Payload type 2": [] }
        for name in data:
            for ptype in data[name]:
                query = await db_model.payloadtype_query()
                payload_type = await db_objects.get(query, ptype=ptype)
                for cmd in data[name][ptype]:
                    query = await db_model.command_query()
                    command = await db_objects.get(query,
                                                   cmd=cmd,
                                                   payload_type=payload_type)
                    profile = await db_objects.create(DisabledCommandsProfile,
                                                      name=name,
                                                      command=command)
                    added_acl.append(profile.to_json())
        return json({
            'status': 'success',
            'disabled_command_profile': added_acl
        })

    except Exception as e:
        print(e)
        return json({
            'status': 'error',
            'error': 'failed to create disabled command profile'
        })
Exemplo n.º 9
0
async def export_browserscript(request, user):
    if user['auth'] not in ['access_token', 'apitoken']:
        abort(status_code=403,
              message=
              "Cannot access via Cookies. Use CLI or access via JS in browser")
    scripts = []
    query = await db_model.operator_query()
    operator = await db_objects.get(query, username=user['username'])
    query = await db_model.operation_query()
    operation = await db_objects.get(query, name=user['current_operation'])
    query = await db_model.browserscript_query()
    operator_scripts = await db_objects.execute(
        query.where((db_model.BrowserScript.operator == operator)
                    & (db_model.BrowserScript.command != None)))
    operation_scripts = await db_objects.execute(
        query.where((db_model.BrowserScript.operation == operation)
                    & (db_model.BrowserScript.command != None)
                    & (db_model.BrowserScript.operator != operator)))
    support_scripts = await db_objects.execute(
        query.where(db_model.BrowserScript.command == None))
    for s in operator_scripts:
        scripts.append({
            "operator": s.operator.username,
            "script": s.script,
            "command": s.command.cmd,
            "payload_type": s.command.payload_type.ptype
        })
    for s in operation_scripts:
        scripts.append({
            "operator": s.operator.username,
            "script": s.script,
            "command": s.command.cmd,
            "payload_type": s.command.payload_type.ptype
        })
    for s in support_scripts:
        scripts.append({
            "operator": s.operator.username,
            "script": s.script,
            "name": s.name
        })
    return json(scripts)
Exemplo n.º 10
0
async def update_operator(request, oid, user):
    if user['auth'] not in ['access_token', 'apitoken']:
        abort(status_code=403, message="Cannot access via Cookies. Use CLI or access via JS in browser")
    try:
        query = await db_model.operator_query()
        op = await db_objects.get(query, id=oid)
        if op.username != user['username'] and not user['admin']:
            # you can't change the name of somebody else unless you're admin
            return json({'status': 'error', 'error': 'not authorized to change that user\'s information'})
        data = request.json
        if 'password' in data:
            op.password = await crypto.hash_SHA512(data['password'])
        if 'admin' in data and user['admin']:  # only a current admin can make somebody an admin
            op.admin = data['admin']
        if 'active' in data:  # this way you can deactivate accounts without deleting them
            op.active = data['active']
        if 'current_operation' in data:
            if data['current_operation'] in user['operations']:
                query = await db_model.operation_query()
                current_op = await db_objects.get(query, name=data['current_operation'])
                op.current_operation = current_op
        if 'ui_config' in data:
            if data['ui_config'] == "default":
                op.ui_config = op.default_config
            elif data['ui_config'] == "dark":
                op.ui_config = op.default_specter_config
            else:
                op.ui_config = data['ui_config']
        if 'username' in data and data['username'] != "":
            op.username = data['username']
        if 'view_utc_time' in data:
            op.view_utc_time = data['view_utc_time']
        try:
            await db_objects.update(op)
            success = {'status': 'success'}
        except Exception as e:
            return json({'status': 'error', 'error': "failed to update operator: " + str(e)})
        updated_operator = op.to_json()
        return json({**success, **updated_operator})
    except Exception as e:
        return json({'status': 'error', 'error': 'failed to update operator: ' + str(e)})
Exemplo n.º 11
0
async def get_pageinate_artifact_tasks(request, user, page, size):
    if user['auth'] not in ['access_token', 'apitoken']:
        abort(status_code=403,
              message=
              "Cannot access via Cookies. Use CLI or access via JS in browser")
    # get all of the artifact tasks for the current operation
    if page <= 0 or size <= 0:
        return json({
            'status': 'error',
            'error': 'page or size must be greater than 0'
        })
    try:
        query = await db_model.operation_query()
        operation = await db_objects.get(query, name=user['current_operation'])
    except Exception as e:
        return json({
            'status': 'error',
            'error': "failed to get current operation"
        })
    query = await db_model.callback_query()
    callbacks = query.where(Callback.operation == operation).select(
        Callback.id)
    task_query = await db_model.taskartifact_query()
    count = await db_objects.count(
        task_query.where((Task.callback.in_(callbacks))
                         | (TaskArtifact.operation == operation)))
    if page * size > count:
        page = ceil(count / size)
        if page == 0:
            page = 1
    tasks = await db_objects.execute(
        task_query.where((Task.callback.in_(callbacks))
                         | (TaskArtifact.operation == operation)).order_by(
                             -TaskArtifact.timestamp).paginate(page, size))
    return json({
        'status': 'success',
        'tasks': [a.to_json() for a in tasks],
        'total_count': count,
        'page': page,
        'size': size
    })
Exemplo n.º 12
0
async def get_c2profile_parameters(request, info, user):
    if user["auth"] not in ["access_token", "apitoken"]:
        abort(
            status_code=403,
            message=
            "Cannot access via Cookies. Use CLI or access via JS in browser",
        )
    try:
        query = await db_model.operation_query()
        operation = await db_objects.get(query, name=user["current_operation"])
        query = await db_model.c2profile_query()
        profile = await db_objects.get(query, id=info)
    except Exception as e:
        print(e)
        return json({
            "status": "error",
            "error": "failed to find the c2 profile"
        })
    try:
        query = await db_model.c2profileparameters_query()
        parameters = await db_objects.execute(
            query.where(C2ProfileParameters.c2_profile == profile))
        param_list = []
        for p in parameters:
            p_json = p.to_json()
            if p_json["name"] == "AESPSK":
                p_json["default_value"] = await create_key_AES256()
            if p_json["randomize"]:
                # generate a random value based on the associated format_string variable
                p_json["default_value"] = await generate_random_format_string(
                    p_json["format_string"])
            param_list.append(p_json)
        return json({"status": "success", "c2profileparameters": param_list})
    except Exception as e:
        print(e)
        return json({
            "status":
            "error",
            "error":
            "failed to get c2 profile parameters, you might need to select a c2 profile first",
        })
Exemplo n.º 13
0
async def spotify_callback(request):
    if request.args.get("error"):
        return json(dict(error=request.args.get("error_description")))
    elif request.args.get("code"):
        grant = request.args.get("code")
        callback_state = request.args.get("state")
        if callback_state != state:
            abort(401)
        try:
            user_creds = await spt.build_user_creds(grant=grant)
            async with aiofiles.open(os.getcwd() + "SPOTIFY_CREDS.json", "w") as file:
                await file.write(stdlib_json.dumps(user_creds.__dict__))
        except AuthError as e:
            return json(dict(error_description=e.msg, error_code=e.code), e.code)
        else:
            await spt.populate_user_creds()
            print(os.getcwd())
            return await response.file(os.getcwd() + "SPOTIFY_CREDS.json")
            # return response.json(dict(user_creds=user_creds.__dict__, check_if_active=app.url_for('is_active', _scheme='http', _external=True, _server=local_full_address)), 200)
    else:
        return response.text("Something is wrong with your callback")
Exemplo n.º 14
0
async def get_all_attack_mappings_for_command(request, user, id):
    if user['auth'] not in ['access_token', 'apitoken']:
        abort(status_code=403,
              message=
              "Cannot access via Cookies. Use CLI or access via JS in browser")
    try:
        query = await db_model.command_query()
        command = await db_objects.get(query, id=id)
    except Exception as e:
        print(e)
        return json({
            'status': 'error',
            'error': 'failed to find that command'
        })
    query = await db_model.attackcommand_query()
    attacks = await db_objects.execute(
        query.where(ATTACKCommand.command == command))
    return json({
        'status': 'success',
        'attack': [a.to_json() for a in attacks]
    })
Exemplo n.º 15
0
async def get_commands_for_payloadtype(request, user, ptype):
    if user['auth'] not in ['access_token', 'apitoken']:
        abort(status_code=403, message="Cannot access via Cookies. Use CLI or access via JS in browser")
    payload_type = unquote_plus(ptype)
    try:
        query = await db_model.payloadtype_query()
        payloadtype = await db_objects.get(query, ptype=payload_type)
    except Exception as e:
        print(e)
        return json({'status': 'error', 'error': 'failed to get payload type'})
    query = await db_model.command_query()
    commands = await db_objects.execute(query.where(Command.payload_type == payloadtype).order_by(Command.cmd))
    all_commands = []
    for cmd in commands:
        query = await db_model.commandparameters_query()
        params = await db_objects.execute(query.where(CommandParameters.command == cmd))
        query = await db_model.commandtransform_query()
        transforms = await db_objects.execute(query.where(CommandTransform.command == cmd))
        all_commands.append({**cmd.to_json(), "params": [p.to_json() for p in params], "transforms": [t.to_json() for t in transforms]})
    status = {'status': 'success'}
    return json({**status, 'commands': all_commands})
Exemplo n.º 16
0
async def spotify_callback(request):
    if request.args.get("error"):
        return json(dict(error=request.args.get("error_description")))
    elif request.args.get("code"):
        grant = request.args.get("code")
        callback_state = request.args.get("state")
        if callback_state != state:
            abort(401)
        try:
            user_creds = await spt.build_user_creds(grant=grant)
        except AuthError as e:
            return json(dict(error_description=e.msg, error_code=e.code),
                        e.code)
        else:
            await spt.populate_user_creds()
            user_creds.save_as_json()
            return response.text(
                "Your user credentials where successfully saved, you can now easily access them in any script by simply calling: user_creds.load_from_json()"
            )
    else:
        return response.text("Something is wrong with your callback")
Exemplo n.º 17
0
async def get_screencapture(request, user, id):
    if user['auth'] not in ['access_token', 'apitoken']:
        abort(status_code=403,
              message=
              "Cannot access via Cookies. Use CLI or access via JS in browser")
    try:
        query = await db_model.filemeta_query()
        file_meta = await db_objects.get(query, id=id)
    except Exception as e:
        print(e)
        return json({'status': 'error', 'error': 'failed to find callback'})
    if file_meta.operation.name in user['operations']:
        return await file(file_meta.path,
                          filename=file_meta.path.split("/")[-1])
    else:
        return json({
            "status":
            'error',
            'error':
            'must be part of that callback\'s operation to see its screenshot'
        })
Exemplo n.º 18
0
async def teams_list(request, page):
    MAX_LABEL = 17
    if page < 1 or page > MAX_LABEL:
        abort(404)
    # improved from tba
    page_labels = ['1-999'] + [f"{x * 1000}'s" for x in range(1, MAX_LABEL)]
    cur_page_label = page_labels[page - 1]

    teams = await Team.team_list(k=page)
    num_teams = len(teams)
    teams_a = teams[:num_teams // 2]
    teams_b = teams[num_teams // 2:]
    return html(
        env.get_template('team_list.html').render({
            'teams_a': teams_a,
            'teams_b': teams_b,
            'num_teams': num_teams,
            'page_labels': page_labels,
            'cur_page_label': cur_page_label,
            'current_page': page
        }))
Exemplo n.º 19
0
async def remove_apitokens(request, user, tid):
    if user["auth"] not in ["access_token", "apitoken"]:
        abort(
            status_code=403,
            message=
            "Cannot access via Cookies. Use CLI or access via JS in browser",
        )
    try:
        query = await db_model.operator_query()
        operator = await db_objects.get(query, username=user["username"])
        query = await db_model.apitokens_query()
        apitoken = await db_objects.get(query, id=tid, operator=operator)
        apitoken_json = apitoken.to_json()
        await db_objects.delete(apitoken)
        return json({"status": "success", **apitoken_json})
    except Exception as e:
        print(str(e))
        return json({
            "status": "error",
            "error": "failed to find user or tokens"
        })
Exemplo n.º 20
0
async def get_one_config_item(request, name, user):
    if user['auth'] not in ['access_token', 'apitoken']:
        abort(status_code=403,
              message=
              "Cannot access via Cookies. Use CLI or access via JS in browser")
    name = unquote_plus(name)
    try:
        if name == "default":
            return json({
                'status': 'success',
                'config': Operator.default_config
            })
        elif name == "dark":
            return json({
                'status': 'success',
                'config': Operator.default_dark_config
            })
        else:
            return json({'status': 'error', 'error': 'config not found'})
    except Exception as e:
        return json({'status': 'error', 'error': 'error getting configs'})
Exemplo n.º 21
0
async def get_apitokens(request, user):
    if user['auth'] not in ['access_token', 'apitoken']:
        abort(status_code=403,
              message=
              "Cannot access via Cookies. Use CLI or access via JS in browser")
    try:
        query = await db_model.operator_query()
        operator = await db_objects.get(query, username=user['username'])
        query = await db_model.apitokens_query()
        tokens = await db_objects.execute(
            query.where(db_model.APITokens.operator == operator))
        return json({
            "status": "success",
            "apitokens": [t.to_json() for t in tokens]
        })
    except Exception as e:
        print(str(e))
        return json({
            "status": "error",
            'error': 'failed to find user or tokens'
        })
Exemplo n.º 22
0
async def _announcements(request):
    auth_token = request.headers.get('Authorization', None)
    channel_id = request.json.get("channel_id")
    msg = request.json['msg']
    webhook = request.json.get('webhook',False)
    await app.ctx.db.execute_job(f"INSERT INTO announcements(msg) VALUES ('{msg}')")
    if auth_token == app.ctx.sse_token:
        try:
            await request.app.sse_send(msg, channel_id=channel_id)
        except KeyError:
            abort(HTTPStatus.NOT_FOUND, "channel not found")
        
        await app.ctx.db.execute_job("UPDATE seen SET seen='f'")
        if webhook:
            em = Embed(color=0x2ecc71, timestamp='now')
            em.set_author('Announcement', icon_url='https://cdn.discordapp.com/attachments/782105673928146984/984431266516598844/unknown.png')
            em.description = msg
            em.set_footer(text='https://opho.physoly.tech/announcements', icon_url='https://cdn.discordapp.com/attachments/782105673928146984/984431266516598844/unknown.png')
            await app.ctx.webhook.send(embed=em)
        return json({"status":"ok"})
    return response.json({'error' : 'unauthorized'}, status=401)
Exemplo n.º 23
0
async def create_credential(request, user):
    if user["auth"] not in ["access_token", "apitoken"]:
        abort(
            status_code=403,
            message="Cannot access via Cookies. Use CLI or access via JS in browser",
        )
    if user["view_mode"] == "spectator" or user["current_operation"] == "":
        return json({"status": "error", "error": "Spectators cannot add credentials"})
    if user["current_operation"] != "":
        try:
            query = await db_model.operation_query()
            operation = await db_objects.get(query, name=user["current_operation"])
            query = await db_model.operator_query()
            operator = await db_objects.get(query, username=user["username"])
        except Exception as e:
            print(e)
            return json({"status": "error", "error": "failed to get operation"})
        data = request.json
        return json(await create_credential_func(operator, operation, data))
    else:
        return json({"status": "error", "error": "must be part of a current operation"})
Exemplo n.º 24
0
async def get_one_operator(request, oid, user):
    if user["auth"] not in ["access_token", "apitoken"]:
        abort(
            status_code=403,
            message="Cannot access via Cookies. Use CLI or access via JS in browser",
        )
    try:
        query = await db_model.operator_query()
        op = await db_objects.get(query, id=oid)
        if op.username == user["username"] or user["view_mode"] != "spectator":
            return json({"status": "success", **op.to_json()})
        else:
            return json(
                {
                    "status": "error",
                    "error": "Spectators cannot query for specific users",
                }
            )
    except:
        print("Failed to get operator")
        return json({"status": "error", "error": "failed to get operator"})
Exemplo n.º 25
0
async def stop_socks_in_callback(request, user, pid):
    if user['auth'] not in ['access_token', 'apitoken']:
        abort(status_code=403,
              message=
              "Cannot access via Cookies. Use CLI or access via JS in browser")
    try:
        if user['view_mode'] == 'spectator':
            return json({
                'status': 'error',
                'error': 'Spectators cannot stop socks'
            })
        query = await db_model.callback_query()
        proxy = await db_objects.get(query, port=pid)
        operator_query = await db_model.operator_query()
        operator = await db_objects.get(operator_query,
                                        username=user['username'])
        await stop_socks(proxy, operator)
        return json({'status': 'success', **proxy.to_json()})
    except Exception as e:
        print(str(e))
        return json({"status": "error", 'error': 'failed to find proxy'})
Exemplo n.º 26
0
    async def handler(self, request, path=None):
        if path is not None:
            assert ".." not in path, "relative paths not supported"
            assert "\\" not in path, "path must not contain backslash"
            path_parts = path.split("/")
            for p in path_parts:
                assert re.match(r'^[A-Za-z0-9_]+(?:\.[A-Za-z0-9_]+)*$',
                                p), "Invalid file path"
        else:
            path = "index.html"

        try:
            path2 = importlib_resources.files(
                self._package) / 'webui_static' / path
            ret = path2.read_bytes()
        except FileNotFoundError:
            abort(404)

        print(f"Got request! {path}")

        return res.raw(ret, content_type=mimetypes.guess_type(path))
Exemplo n.º 27
0
async def search_tasks(request, user):
    if user['auth'] not in ['access_token', 'apitoken']:
        abort(status_code=403, message="Cannot access via Cookies. Use CLI or access via JS in browser")
    try:
        data = request.json
        if 'search' not in data:
            return json({'status': 'error', 'error': 'failed to find search term in request'})
        query = await db_model.operation_query()
        operation = await db_objects.get(query, name=user['current_operation'])
    except Exception as e:
        return json({'status': 'error', 'error': 'Cannot get that response'})
    query = await db_model.task_query()
    tasks = await db_objects.prefetch(query
                                     .where((Task.params.contains(data['search'])) | (Task.original_params.contains(data['search'])))
                                     .switch(Callback).where(Callback.operation == operation).order_by(Task.id), Command.select())
    output = []
    for t in tasks:
        query = await db_model.response_query()
        responses = await db_objects.execute(query.where(Response.task == t))
        output.append({**t.to_json(), "responses": [r.to_json() for r in responses]})
    return json({'status': 'success', 'output': output})
Exemplo n.º 28
0
async def remove_uploaded_container_files_for_payloadtype(request, user, ptype):
    if user['auth'] not in ['access_token', 'apitoken']:
        abort(status_code=403, message="Cannot access via Cookies. Use CLI or access via JS in browser")
    # apitoken access for this won't help since it's rabbitmq based
    payload_type = unquote_plus(ptype)
    try:
        query = await db_model.payloadtype_query()
        payloadtype = await db_objects.get(query, ptype=payload_type)
    except Exception as e:
        print(e)
        return json({'status': 'error', 'error': 'failed to get payload type'})
    try:
        data = request.json
        status = await send_pt_rabbitmq_message(payload_type, "removefile",
                                                base64.b64encode(js.dumps({
                                                    "folder": data['folder'],
                                                    "file": data['file']
                                                }).encode()).decode('utf-8'))
        return json(status)
    except Exception as e:
        return json({'status': 'error', 'error': 'failed sending message: ' + str(e)})
Exemplo n.º 29
0
async def list_uploaded_container_files_for_payloadtype(request, user, ptype):
    if user['auth'] not in ['access_token', 'apitoken']:
        abort(status_code=403,
              message=
              "Cannot access via Cookies. Use CLI or access via JS in browser")
    # apitoken for this won't help much since it's rabbitmq based
    payload_type = unquote_plus(ptype)
    try:
        query = await db_model.payloadtype_query()
        payloadtype = await db_objects.get(query, ptype=payload_type)
    except Exception as e:
        print(e)
        return json({'status': 'error', 'error': 'failed to get payload type'})
    try:
        status = await send_pt_rabbitmq_message(payload_type, "listfiles", "")
        return json(status)
    except Exception as e:
        return json({
            'status': 'error',
            'error': 'failed getting files: ' + str(e)
        })
Exemplo n.º 30
0
async def get_all_responses_for_task(request, user, id):
    if user["auth"] not in ["access_token", "apitoken"]:
        abort(
            status_code=403,
            message=
            "Cannot access via Cookies. Use CLI or access via JS in browser",
        )
    try:
        query = await db_model.operation_query()
        operation = await db_objects.get(query, name=user["current_operation"])
        query = await db_model.task_query()
        task = await db_objects.get(query, id=id)
    except Exception as e:
        return json({
            "status": "error",
            "error": "failed to get operation or task"
        })
    query = await db_model.response_query()
    responses = await db_objects.execute(
        query.where(Response.task == task).order_by(Response.id))
    return json([r.to_json() for r in responses])
Exemplo n.º 31
0
    async def get(self, request, name, platform):
        platform = platform.strip().lower()
        if platform not in (PLAT_ANDROID, PLAT_IOS):
            abort(400, "wrong platform")

        # where 中 一定要用 == True,用 is True会报错
        current_version = await get_current_app_version(name, platform)

        # TODO downloads count
        logging.info(current_version)
        logging.info(Path().absolute())

        if current_version:
            file_path = Path(f'uploads/{current_version.file}')
            if not file_path.exists():
                abort(500, "no file found")
            return await file_stream(file_path,
                                     mime_type="application/octet-stream",
                                     filename=file_path.name)
        else:
            return abort(400, "no app found")
Exemplo n.º 32
0
async def start_c2profile(request, info, user):
    if user["auth"] not in ["access_token", "apitoken"]:
        abort(
            status_code=403,
            message=
            "Cannot access via Cookies. Use CLI or access via JS in browser",
        )
    try:
        if user["view_mode"] == "spectator" or user["current_operation"] == "":
            return json({
                "status": "error",
                "error": "Spectators cannot start c2 profiles"
            })
        query = await db_model.c2profile_query()
        profile = await db_objects.get(query, id=info)
    except Exception as e:
        print(e)
        return json({"status": "error", "error": "failed to find C2 Profile"})
    status = await send_c2_rabbitmq_message(profile.name, "start", "",
                                            user["username"])
    return json(status)
Exemplo n.º 33
0
 def handler_abort_message(request):
     abort(500, message="Abort")
Exemplo n.º 34
0
 def handler_500_error(request):
     abort(500)
     return text("OK")
Exemplo n.º 35
0
 def handler_401_error(request):
     abort(401)
Exemplo n.º 36
0
 def handler_invalid(request):
     abort(500)
     return text("OK")
Exemplo n.º 37
0
def no_no(request):
        abort(401)
        # this won't happen
        text("OK")