Merge commit '88384cba2223d0f4be9c521cadc683ad10466b62' as 'Scanning'

CUEH · Sep 28, 2021 · 854e3313b468bbdd270cd8e4145e373a8a70cd5a · 854e331
2 parents 3339c01 + 88384cb
commit 854e3313b468bbdd270cd8e4145e373a8a70cd5a
Show file tree

Hide file tree

Showing 36 changed files with 22,509 additions and 0 deletions.
diff --git a/Scanning/.gitignore b/Scanning/.gitignore
@@ -0,0 +1,2 @@
+*~
+__pycache__
diff --git a/Scanning/Dockerfile b/Scanning/Dockerfile
@@ -0,0 +1,15 @@
+#FROM cueh/flask
+FROM python:3-slim
+
+RUN apt-get update && apt-get install -y --no-install-recommends ncat
+
+#Install the Selenium Driver
+COPY REQUIREMENTS.txt /tmp/REQUIREMENTS.txt
+RUN pip install -r /tmp/REQUIREMENTS.txt
+
+#RUN useradd -r flask
+#USER flask
+WORKDIR /opt
+ADD ./app /opt/app
+
+CMD ["flask", "run", "--host=0.0.0.0"]
diff --git a/Scanning/README.md b/Scanning/README.md
@@ -0,0 +1,8 @@
+# REquests and HTTP TRainer
+git subtree add --prefix Tasks/Requests git@github.coventry.ac.uk:aa9863/245_RequestTraner.git main --squash 
+git subtree pull --prefix Tasks/Requests git@github.coventry.ac.uk:aa9863/245_RequestTraner.git main --squash 
+
+## Basics Requesty Stff
+
+## Challenges
+
diff --git a/Scanning/REQUIREMENTS.txt b/Scanning/REQUIREMENTS.txt
@@ -0,0 +1,5 @@
+flask
+flask-sqlalchemy
+jinja-markdown
+flask-httpauth
+
diff --git a/Scanning/app/__init__.py b/Scanning/app/__init__.py
@@ -0,0 +1,10 @@
+from .meta import *
+
+from .app import *
+
+from .mappingViews import *
+#from .requestViews import *
+#from .requestChals import *
+
+#from .sessionViews import *
+#from .sessionChals import *
diff --git a/Scanning/app/app.py b/Scanning/app/app.py
@@ -0,0 +1,240 @@
+"""
+Very simple Flask App.  For Testing
+"""
+
+
+import json
+import re
+
+import flask
+
+from .meta import app
+#from .objects import *
+from .models import *
+from .objects import *
+
+HTTP_METHODS = ['GET', 'HEAD', 'POST', 'PUT', 'DELETE', 'CONNECT', 'OPTIONS', 'TRACE', 'PATCH']
+
+import logging
+
+
+@app.route("/")
+def index():
+
+    logging.warning("Initial Population")
+
+    bookQry = Item.query.filter_by(hidden = False)
+    if bookQry.count() == 0:
+        logging.warning("Need some Books")
+        populateBookTable()
+
+    userQry = User.query.count()
+    logging.warning("User Count %d", userQry)
+    if userQry == 0:
+        logging.warning("Need some Users")
+        populateUserTable()
+
+
+    return flask.render_template("index.html",
+                                 bookList = bookQry)
+
+
+@app.route("/about")
+def about():
+    return flask.render_template("about.html")
+
+
+
+@app.route("/login", methods=["GET", "POST"])
+def login():
+
+    prev = flask.request.args.get("prev")
+    if not prev:
+        prev == "index"
+
+    if flask.request.method == "POST":
+        #Get data
+        user = flask.request.form.get("email")
+        password = flask.request.form.get("password")
+
+        userQry = User.query.filter_by(email = user).first()
+        if userQry is None:
+            flask.flash("No Such User")
+        else:
+            if userQry.password == password:
+                flask.session["user"] = userQry.id
+                flask.session["role"] = userQry.level
+                flask.flash("Login Successful")
+                return (flask.redirect(flask.url_for(prev)))
+
+            else:
+                flask.flash("Incorrect password for {0}".format(user))
+
+
+    return flask.render_template("login.html",
+                                 prev = prev)
+
+@app.route("/logout")
+def logout():
+    flask.session.clear()
+    return flask.redirect(flask.url_for("index"))
+
+
+@app.route("/user/create", methods=["GET","POST"])
+def create():
+    """ Create a new account,
+    we will redirect to a homepage here
+    """
+
+    if flask.request.method == "GET":
+        return flask.render_template("create_account.html")
+
+    #Get the form data
+    name = flask.request.form.get("name")
+    email = flask.request.form.get("email")
+    password = flask.request.form.get("password")
+    password2 = flask.request.form.get("password2")
+
+    if password != password2:
+        flask.flash("Passwords do not match")
+        return flask.render_template("create_account.html",
+                                     name = name,
+                                     email = email)
+
+    logging.warning("Name >%s< %s", name, name == None)
+    #Sanity check do we have a name, email and password
+    if not name or not email or not password: 
+        flask.flash("Not all info supplied")
+        return flask.render_template("create_account.html",
+                                     name = name,
+                                     email = email)
+    #And check we have an email
+    emailre = re.compile(r"^[\w\.\+\-]+\@[\w]+\.([a-z]{2,3})+$")
+
+    if not emailre.match(email):
+        flask.flash("Bad Email Address")
+        return flask.render_template("create_account.html",
+                                     name = name)
+
+    #Otherwise we can add the user
+    userQry = User.query.filter_by(email = email).first()
+    if userQry:
+        flask.flash("A User with that Email Exists")
+        return flask.render_template("create_account.html",
+                                     name = name,
+                                     email = email)
+
+    else:
+        #Crate the user
+        theUser = User(name=name,
+                       email=email,
+                       password=password)
+
+        db.session.add(theUser)
+        db.session.commit()
+        flask.flash("Account Created, you can now Login")
+        return flask.redirect(flask.url_for("login"))
+
+
+
+@app.route("/user/<userId>/settings")
+def settings(userId):
+
+    #Yes its silly that I forgot cookies, let pretend its an API
+    thisUser = User.query.filter_by(id=userId).first()
+    if not thisUser:
+        flask.flash("No Such User")
+        return flask.redirect(flask.url_for("index"))
+
+    return flask.render_template("usersettings.html",
+                                 user = thisUser)
+
+@app.route("/user/<userId>/update", methods=["GET","POST"])
+def updateUser(userId):
+
+    thisUser = User.query.filter_by(id = userId).first()
+    if not thisUser:
+        flask.flash("No Such User")
+        return flask.redirect(flask_url_for("index"))
+
+    #otherwise we want to do the checks
+    if flask.request.method == "POST":
+        logging.warning("------------------------")
+        current = flask.request.form.get("current")
+        password = flask.request.form.get("password")
+        if current:
+            if current == thisUser.password:
+                thisUser.password = password
+                db.session.commit()
+            else:
+                flask.flash("Current Password is incorrect")
+            return flask.redirect(flask.url_for("settings",
+                                                userId = thisUser.id))
+
+        adminSubmit = flask.request.form.get("updateadmin")
+        logging.warning("Admin Submit %s", adminSubmit)
+        if adminSubmit:
+            admin = flask.request.form.get("admin")
+            logging.warning("Admin Box is %s", admin)
+
+            if admin:
+                admin = "admin"
+            else:
+                admin = "user"
+
+            thisUser.level = admin
+            #And update the Session
+            flask.session["role"] = admin
+            db.session.commit()
+            logging.warning(" UPDATING THE ADMIN ")
+            logging.warning("Level %s ", thisUser.level)
+            return flask.redirect(flask.url_for("settings", userId=userId))
+
+    #if thisUser.id != flask.session["user"]
+    #And then update the settings
+    #if
+    flask.flash("Update Error")
+
+    return flask.redirect(flask.url_for("settings", userId=userId))
+
+
+
+@app.errorhandler(404)
+def page_not_found(e):
+    # note that we set the 404 status explicitly
+    return flask.render_template('404.html', e = e), 404
+
+
+# @app.route('/')
+# def main():
+#     #payload = flask.request.args.get("payload")
+#     return flask.render_template('index.html')
+
+
+# @app.route("/admin")
+# def admin():
+#     return flask.render_template('admin.html')
+
+
+# @app.route("/my")
+# @app.route("/my/admin/")
+
+# def enum():
+#     return flask.render_template('enum.html')
+
+
+# @app.route("/my-sql")
+# def badEnum():
+#     flask.abort(403)
+#     return "foo"
+
+# @app.route("/my-sql/admin")
+# @app.route("/my/admin/spider")
+# def enumSuccess():
+
+#     #Can i get the route
+# #    flask.request.route
+
+#     return flask.render_template('enum.html',
+#                                  success=True)
+
diff --git a/Scanning/app/mappingViews.py b/Scanning/app/mappingViews.py
@@ -0,0 +1,40 @@
+"""
+Views for the mapping task
+"""
+
+import flask
+
+from .meta import app
+
+
+from .models import *
+
+
+
+@app.route("/products")
+def products():
+    """
+    Single Page Application for Products
+    """
+    theItem = flask.request.args.get("item")
+    if theItem:
+        #We Do A Query for It
+        itemQry = Item.query.filter_by(id=theItem).first()
+        if itemQry is None:
+            flask.abort(404, "No Such Item")
+
+        return flask.render_template("showItem.html",
+                                     item = itemQry)
+    else:
+        #flask.abort(404, "No Args Specified")
+        #return "No such product"
+
+        books = Item.query.filter_by(category="book")
+        books.filter_by(hidden=False)
+
+        return flask.render_template("allItems.html",
+                                     books = books)
+
+#def listItems(itemId = None, category=None, hidden=False):
+
+
diff --git a/Scanning/app/meta.py b/Scanning/app/meta.py
@@ -0,0 +1,25 @@
+import flask
+
+from jinja_markdown import MarkdownExtension
+import flask_httpauth
+from flask_sqlalchemy import SQLAlchemy
+
+app = flask.Flask(__name__)
+app.secret_key = "Sup3r_SeKret_T0ken"
+app.config.update(
+    SESSION_COOKIE_SAMESITE='Strict',
+    SQLALCHEMY_DATABASE_URI= 'sqlite:////tmp/test.db',
+    SQLALCHEMY_TRACK_MODIFICATIONS = False,
+)
+
+
+app.jinja_env.add_extension(MarkdownExtension)
+
+
+auth = flask_httpauth.HTTPBasicAuth()
+bauth = flask_httpauth.HTTPTokenAuth()
+
+
+
+
+
diff --git a/Scanning/app/models.py b/Scanning/app/models.py
@@ -0,0 +1,24 @@
+from flask_sqlalchemy import SQLAlchemy
+
+import app.meta as meta
+
+db = SQLAlchemy(meta.app)
+
+class Item(db.Model):
+    id = db.Column(db.Integer, primary_key=True)
+    name = db.Column(db.Text, unique=True)
+    description = db.Column(db.Text)
+    price = db.Column(db.Float)
+    image = db.Column(db.Text)
+    category = db.Column(db.Text)
+    hidden = db.Column(db.Boolean, default=False)
+
+
+class User(db.Model):
+    id = db.Column(db.Integer, primary_key=True)
+    name = db.Column(db.Text, unique=True)
+    email = db.Column(db.Text)
+    password = db.Column(db.Text)
+    level = db.Column(db.Text, default="user")
+
+db.create_all()