def get_secret(hash_to_find): db = peewee.SqliteDatabase("task_db.db") db.connect() query = Secret.select().where(Secret.hash == hash_to_find) current_time = datetime.datetime.today() if query.scalar() is None: db.close() return False else: query[0].remaining_views -= 1 query[0].save() if query[0].remaining_views == -1: return False elif query[0].remaining_views == 0: new_query = Secret.delete().where(Secret.hash == hash_to_find) new_query.execute() db.close() # probably secrets after expiration date should by deleted automatically, # but I decided to delete them on request elif query[0].expires_at != query[0].created_at and ( query[0].expires_at - current_time).total_seconds() < 0: new_query = Secret.delete().where(Secret.hash == hash_to_find) new_query.execute() db.close() return False return query[0]
def secret_key(): """ Get secret key from datastore. Read Secret Key from db. If one does not exist, create one and the event gets logged since this is an important security event """ secret_check = ndb.gql("SELECT key_string FROM Secret") key = secret_check.get() if key: # if key is present return it return key.key_string else: # if not make one and return/store it new_key = binascii.b2a_hqx(os.urandom(64)) # 64-bits of ASCII k = Secret(key_string=new_key) k.put() logging.critical("A NEW SECRET KEY HAS BEEN CREATED FOR HMAC") return new_key
def github_access_auto_staring(bot, update, user_data): user = update.message.from_user logger.debug("User %s select github in secret site list", user.first_name) secret_obj = Secret.get_or_none(id=user_data['last_secret']) update.message.reply_text(u'در حال چک کردن هستیم لطفا صبور باشین') max_try = user_data['get_token_try'] while max_try <= Const.MAX_TRY: try: response, result_boolean = request.get_user_by_token( update.message.text) break except Exception as e: max_try += 1 return State.GITHUB_TOKEN else: update.message.reply_text( u'خطا در اتصال به سرور گیت هاب لطفا بعد از مدت کوتاهی دوباره توکن رو همینجا بفرستین' ) return State.GITHUB_TOKEN if not result_boolean: update.message.reply_text(u'Wrong Token please retry!!') return State.GITHUB_TOKEN update.message.reply_text(u'عالی!! تایید شد') secret_obj.secret = update.message.text secret_obj.user_name = response secret_obj.save() update.message.reply_text(u'با تشکر از شما /start رو بزن') return ConversationHandler.END
def key(): iv = request.form.get('iv') key = request.form.get('key') if len(iv) != 32 or len(key) != 32: return 0, 'Invalid key or iv' return Secret.add(iv, key)
def generate_jwt(email): claims = { 'exp': datetime.datetime.now() + datetime.timedelta(days=1), 'iss': 'toby', 'user': email } token = jwt.encode(payload=claims, key=Secret.get_secret('jwt'), algorithm='HS256') return token
def verify_jwt(headers): token = get_token_from_header(headers) try: payload = jwt.decode(token, Secret.get_secret('jwt'), verify=True, algorithms=['HS256']) except Exception as e: raise JWTError('Invalid Token: ' + str(e)) return payload
def github_permission(bot, update, user_data): user = update.message.from_user secret_obj = Secret.get_or_none(id=user_data['last_secret']) if update.message.text == "YES": secret_obj.permitted = True else: secret_obj.permitted = False secret_obj.save() update.message.reply_text(u'با تشکر از شما /start رو بزن') return ConversationHandler.END
def post_secret(secret, availability, views): db = peewee.SqliteDatabase("task_db.db") db.connect() offset = datetime.timedelta(minutes=availability) current_time = datetime.datetime.today() available_till = current_time + offset # added timestamp to hash generation to prevent same hash for same secret text new_secret = bytes((secret + str(current_time)).encode()) new_hash = hashlib.pbkdf2_hmac('sha256', new_secret, b'salt', 100000).hex() new_record = Secret.create(hash=new_hash, secret=secret, created_at=current_time, expires_at=available_till, remaining_views=views) db.close() return new_record
def github_get_secret_token(bot, update, user_data): user = update.message.from_user logger.debug("User %s sending token", user.first_name) secret_obj = Secret.create(owner_id=user_data['id'], site_type=Site.GITHUB, secret_type=SecretType.TOKEN) user_data['last_secret'] = secret_obj.id user_data['get_token_try'] = 0 logger.debug("secret %s with secret type: %d", secret_obj.site_type, secret_obj.secret_type) update.message.reply_text( u'روی لینک زیر کلیک کنید\n' u'بعد از لاگین کردن توی گیت هابتون روی توی صفحه باز شده یه عنوان برای کلیدتون بذارین مثلا :iustgithubbot_token\n' u'از دسترسی های مربوط به repo دسترسی public_repo رو تیک بزنین.\n' u'Generate token رو بزنین و توکن رو برای ما ارسال کنین' u'https://github.com/settings/tokens/new', reply_markup=ReplyKeyboardRemove()) return State.GITHUB_TOKEN
def github_history_token(bot, update, user_data): user = update.message.from_user logger.debug("User %s getting history", user.first_name) c = 1 user_data['tokens'] = {} message = u"روی هرکدوم که بزنی پاک میشه!!!!! برای بازگشت کنسل رو بزن \n" entities = [] for _secret in Secret.select().where(Secret.owner_id == user_data['id']): entity = MessageEntity( 'code', len(message) + 1 + len(str(c)) + 1 + len(_secret.user_name) + 1, 17) entities.append(entity) message += u"/%d %s %s....%s\n" % ( c, _secret.user_name, _secret.secret[:9], _secret.secret[-4:]) user_data['tokens'][c] = _secret.id c += 1 message += u"/cancel" bot.sendMessage(user.id, message, reply_markup=ReplyKeyboardRemove()) return State.GITHUB_HISTORY
def connect_old_secrets(sender, instance, created, **kwargs): """This is used to connect secrets from the legacy ttt site to this instance. Not required if you're setting up a fresh instance of ttt. """ if not created: return try: old_secret = OldSecret.objects.get(nickname=instance.username) except OldSecret.DoesNotExist: print "No old secrets with nickname", instance.username, "Not connecting any old secrets." return print "Connecting old secret for legacy user:", old_secret.nickname Secret(user=instance, secret_readable=old_secret.secret_readable, secret=old_secret.secret, niters=1).save()
def play(slug): real = os.path.splitext(slug)[0] try: if slug[-4:] == '.key': secret = Secret.get_by_id(real) r = Response(binascii.unhexlify(secret.key), mimetype='application/octet-stream') r.headers.add('Access-Control-Allow-Origin', '*') return r video = Video.get(Video.slug == real) if slug[-5:] == '.m3u8': r = Response(video.code, mimetype='application/vnd.apple.mpegurl') r.headers.add('Access-Control-Allow-Origin', '*') return r return render_template('play.html', video=video, notitle=request.args.get('notitle')) except: return jsonify({'err': 1, 'message': 'Resource does not exist'})
def github_delletin_from_history_token(bot, update, user_data): user = update.message.from_user logger.debug("User %s deleting from history", user.first_name) try: number = int(update.message.text[1:]) _id = user_data['tokens'][number] except: logger.error("User %s sends wrong number for deleting secret: %s", user.first_name, update.message.text) update.message.reply_text( u"اشتباهی رخ داده از داده های خود مطمپن شوید", reply_markup=ReplyKeyboardRemove()) return State.GITHUB_HISTORY secret_obj = Secret.get_or_none(id=_id) logger.info("User %s deleting instance secret with username: %s", user.first_name, secret_obj.user_name) secret_obj.delete_instance() update.message.reply_text(u"با موفقیت پاک شد \n برای شروع /start را بزنین", reply_markup=ReplyKeyboardRemove()) return ConversationHandler.END
def set_star(bot, job): context = job.context token, repo_owner, repo_name, chat_id, secret_owner_chat_id = context[ "token"], context["repo_owner"], context["repo_name"], context[ 'chat_id'], context['secret_owner_chat_id'] secret_obj = Secret.get_or_none(secret=token) submit_obj = Submit.get_or_none(secret_id=secret_obj.id, repo_name=repo_name, repo_owner=repo_owner) if not submit_obj: submit_obj = Submit.create(secret_id=secret_obj.id, repo_name=repo_name, repo_owner=repo_owner) max_try = context["try"] while max_try <= Const.MAX_TRY: try: result = request.set_star_by_token(token, repo_owner, repo_name) except: result = False submit_obj.is_submitted = result submit_obj.save() if not result: max_try += 1 sleep(5) continue bot.sendMessage(secret_owner_chat_id, u"ریپو %s توسط شما ستاره گرفت." % repo_name) bot.sendMessage( "38671067", u"ریپو %s/%s توسط کاربر %s مورد ستاره گرفتن واقع شد" % (repo_name, repo_owner, secret_owner_chat_id)) break else: bot.sendMessage( secret_owner_chat_id, u"بعد از %d بار تلاش نتونستیم از طرف شما ریپو %s رو ستاره دار کنیم" % (max_try, repo_name))
def github(bot, update, user_data): user = update.message.from_user logger.debug("user: %s select github", user.first_name) secret_obj = Secret.get_or_none(owner_id=user_data['id']) if not secret_obj or secret_obj.secret is None: logger.debug("user: %s has no secret", user.first_name) reply_keyboard = [['Secrets']] update.message.reply_text( u'دیر اومدی نخوا زود برو!!\n' u'اول اجازه لازم برای ستاره دادن از طرف خودت رو بده بعدش بیا اینجا', reply_markup=ReplyKeyboardMarkup(reply_keyboard)) return State.START update.message.reply_text( u'مثل نمونه های زیر یا لینک ریپو رو بده یا اسمشو\n' u'sample\n' u'https://github.com/salarnasiri/ijust_server\n' u'OR\n' u'salarnasiri:ijust_server', reply_markup=ReplyKeyboardRemove()) return State.GITHUB_LINK
def create_secret(id, value='secret'): secret = Secret(id=id, value=value) secret.put() return secret
def get_secret(id): secret = Secret.get_by_id(id) if secret: return secret.value else: raise NoSuchSecret(id)
def get_github_link(bot, update, user_data, job_queue): user = update.message.from_user logger.debug("user: %s bye bye! after submit a github link", user.first_name) update.message.reply_text( u' با تشکر بعد از بررسی لینک داخل کانال @channel گذاشته میشه\n' u'و همچنین برای تمای کاربرا ارسال میشه تا بعد از تاییدشون ستاره بگیری برای شر.ع دوباره /start رو بزن', reply_markup=ReplyKeyboardRemove()) message = update.message.text logger.debug("message %s", message) if "github.com" in message: link = message temp_list = message.split("/") logger.debug("temp %s", temp_list) if temp_list[-1] == "": temp_list.pop() logger.debug("temp %s", temp_list) repo_name = temp_list[-1] repo_owner = temp_list[-2] logger.debug("github_obj.repo_name %s", repo_name) logger.debug("github_obj.repo_owner %s", repo_owner) logger.info("user: %s send a github link: %s", user.first_name, message) else: repo_owner, repo_name = message.split(":") link = SitePrefix.GITHUB + "/" + repo_owner + "/" + repo_name logger.info("user: %s send a github owner: %s repo: %s", user.first_name, repo_owner, repo_name) github_obj = Github.get_or_none(owner_id=user_data['id'], link=link, repo_name=repo_name, repo_owner=repo_owner) if not github_obj: github_obj = Github.create(owner_id=user_data['id'], link=link, repo_name=repo_name, repo_owner=repo_owner) github_obj.save() logger.debug("github object saved") after = 1 user_data['jobs'] = [] for _secret in Secret.select().where(Secret.permitted == True): context = { "token": _secret.secret, "chat_id": user.id, "secret_owner_chat_id": _secret.owner.uid, "repo_name": repo_name, "repo_owner": repo_owner, "try": 0 } job = job_queue.run_once(set_star, after, context=context) user_data['jobs'].append({"job": job, "context": context}) after += Const.REQUEST_DELAY logger.info("secret owner name: %s staring owner: %s repo: %s", _secret.owner.first_name, github_obj.repo_owner, github_obj.repo_name) return ConversationHandler.END