From 1ab1a55a4f809cc531b719133c7c0bb1c5cbc0d2 Mon Sep 17 00:00:00 2001
From: Terrtia <or1994@hotmail.fr>
Date: Thu, 2 May 2019 17:31:14 +0200
Subject: [PATCH] chg: [UI] add basic user management

---
 bin/packages/User.py                          | 36 +++++++++
 pip3_packages_requirement.txt                 |  4 +-
 var/www/Flask_server.py                       | 54 ++++++++++++-
 .../modules/PasteSubmit/Flask_PasteSubmit.py  | 14 ++++
 var/www/modules/Tags/Flask_Tags.py            | 22 +++++
 .../modules/hashDecoded/Flask_hashDecoded.py  | 17 ++++
 .../hiddenServices/Flask_hiddenServices.py    | 20 +++++
 .../modules/rawSkeleton/Flask_rawSkeleton.py  |  2 +
 var/www/modules/search/Flask_search.py        |  3 +
 var/www/modules/sentiment/Flask_sentiment.py  |  5 ++
 var/www/modules/settings/Flask_settings.py    |  3 +
 var/www/modules/showpaste/Flask_showpaste.py  | 10 +++
 var/www/modules/terms/Flask_terms.py          | 15 ++++
 .../trendingcharts/Flask_trendingcharts.py    |  5 ++
 .../trendingmodules/Flask_trendingmodules.py  |  4 +
 var/www/templates/login.html                  | 81 +++++++++++++++++++
 16 files changed, 293 insertions(+), 2 deletions(-)
 create mode 100755 bin/packages/User.py
 create mode 100644 var/www/templates/login.html

diff --git a/bin/packages/User.py b/bin/packages/User.py
new file mode 100755
index 00000000..b46069f1
--- /dev/null
+++ b/bin/packages/User.py
@@ -0,0 +1,36 @@
+#!/usr/bin/env python3
+# -*-coding:UTF-8 -*
+
+import redis
+
+from flask_login import UserMixin
+
+class User(UserMixin):
+
+    def __init__(self, id):
+        self.id = 'abcdef'
+
+    # return True or False
+    #def is_authenticated():
+
+    # return True or False
+    #def is_active():
+
+    # return True or False
+    #def is_anonymous():
+
+    @classmethod
+    def get(self_class, id):
+        print(id)
+        return self_class(id)
+
+    def check_password(self, password):
+        print(self.id)
+        if password=='admin':
+            print('password ok')
+            return True
+        else:
+            return False
+
+    def set_password(self):
+        return True
diff --git a/pip3_packages_requirement.txt b/pip3_packages_requirement.txt
index 3991e158..4f9d1f87 100644
--- a/pip3_packages_requirement.txt
+++ b/pip3_packages_requirement.txt
@@ -43,9 +43,11 @@ psutil
 phonenumbers
 
 ipython
-flask
 texttable
 
+flask
+flask-login
+
 #DomainClassifier
 DomainClassifier
 #Indexer requirements
diff --git a/var/www/Flask_server.py b/var/www/Flask_server.py
index 95433757..907f1fd4 100755
--- a/var/www/Flask_server.py
+++ b/var/www/Flask_server.py
@@ -3,11 +3,14 @@
 
 import redis
 import configparser
+import random
 import json
 import datetime
 import time
 import calendar
-from flask import Flask, render_template, jsonify, request, Request
+from flask import Flask, render_template, jsonify, request, Request, session, redirect, url_for
+from flask_login import LoginManager, current_user, login_user, logout_user, login_required
+
 import flask
 import importlib
 import os
@@ -18,6 +21,8 @@ sys.path.append('./modules/')
 import Paste
 from Date import Date
 
+from User import User
+
 from pytaxonomies import Taxonomies
 
 # Import config
@@ -34,6 +39,18 @@ Flask_config.app = Flask(__name__, static_url_path=baseUrl+'/static/')
 app = Flask_config.app
 app.config['MAX_CONTENT_LENGTH'] = 900 * 1024 * 1024
 
+# ========= session ========
+app.secret_key = str(random.getrandbits(256))
+login_manager = LoginManager()
+login_manager.login_view = 'login'
+login_manager.init_app(app)
+
+# ========= LOGIN MANAGER ========
+
+@login_manager.user_loader
+def load_user(user_id):
+    return User.get(user_id)
+
 # ========= HEADER GENERATION ========
 
 # Get headers items that should be ignored (not displayed)
@@ -118,6 +135,41 @@ def add_header(response):
     return response
 
 # ========== ROUTES ============
+@app.route('/login', methods=['POST', 'GET'])
+def login():
+    if request.method == 'POST':
+        username = request.form.get('username')
+        password = request.form.get('password')
+        next_page = request.form.get('next_page')
+
+        print(username)
+        print(password)
+
+        if username is not None:
+            user = User.get(username)
+            #print(user.is_anonymous)
+            #print('auth') # TODO: overwrite
+            #print(user.is_authenticated)
+            if user and user.check_password(password):
+                login_user(user) ## TODO: use remember me ?
+                return redirect(url_for('dashboard.index'))
+            else:
+                return 'incorrect password'
+
+        return 'none'
+
+    else:
+        next_page = request.args.get('next')
+        print(next_page)
+        return render_template("login.html", next_page=next_page)
+
+@app.route('/logout')
+@login_required
+def logout():
+    logout_user()
+    return redirect(url_for('dashboard.index'))
+
+
 @app.route('/searchbox/')
 def searchbox():
     return render_template("searchbox.html")
diff --git a/var/www/modules/PasteSubmit/Flask_PasteSubmit.py b/var/www/modules/PasteSubmit/Flask_PasteSubmit.py
index cc38de77..eba8541a 100644
--- a/var/www/modules/PasteSubmit/Flask_PasteSubmit.py
+++ b/var/www/modules/PasteSubmit/Flask_PasteSubmit.py
@@ -6,6 +6,7 @@
 '''
 import redis
 from flask import Flask, render_template, jsonify, request, Blueprint, url_for, redirect
+from flask_login import login_required
 
 import unicodedata
 import string
@@ -273,6 +274,7 @@ def hive_create_case(hive_tlp, threat_level, hive_description, hive_case_title,
 # ============= ROUTES ==============
 
 @PasteSubmit.route("/PasteSubmit/", methods=['GET'])
+@login_required
 def PasteSubmit_page():
     #active taxonomies
     active_taxonomies = r_serv_tags.smembers('active_taxonomies')
@@ -285,6 +287,7 @@ def PasteSubmit_page():
                             active_galaxies = active_galaxies)
 
 @PasteSubmit.route("/PasteSubmit/submit", methods=['POST'])
+@login_required
 def submit():
 
     #paste_name = request.form['paste_name']
@@ -385,6 +388,7 @@ def submit():
     return PasteSubmit_page()
 
 @PasteSubmit.route("/PasteSubmit/submit_status", methods=['GET'])
+@login_required
 def submit_status():
     UUID = request.args.get('UUID')
 
@@ -451,6 +455,7 @@ def submit_status():
 
 
 @PasteSubmit.route("/PasteSubmit/create_misp_event", methods=['POST'])
+@login_required
 def create_misp_event():
 
     distribution = int(request.form['misp_data[Event][distribution]'])
@@ -473,6 +478,7 @@ def create_misp_event():
     return 'error0'
 
 @PasteSubmit.route("/PasteSubmit/create_hive_case", methods=['POST'])
+@login_required
 def create_hive_case():
 
     hive_tlp = int(request.form['hive_tlp'])
@@ -495,6 +501,7 @@ def create_hive_case():
     return 'error'
 
 @PasteSubmit.route("/PasteSubmit/edit_tag_export")
+@login_required
 def edit_tag_export():
     misp_auto_events = r_serv_db.get('misp:auto-events')
     hive_auto_alerts = r_serv_db.get('hive:auto-alerts')
@@ -559,6 +566,7 @@ def edit_tag_export():
                             flag_hive=flag_hive)
 
 @PasteSubmit.route("/PasteSubmit/tag_export_edited", methods=['POST'])
+@login_required
 def tag_export_edited():
     tag_enabled_misp = request.form.getlist('tag_enabled_misp')
     tag_enabled_hive = request.form.getlist('tag_enabled_hive')
@@ -583,26 +591,31 @@ def tag_export_edited():
     return redirect(url_for('PasteSubmit.edit_tag_export'))
 
 @PasteSubmit.route("/PasteSubmit/enable_misp_auto_event")
+@login_required
 def enable_misp_auto_event():
     r_serv_db.set('misp:auto-events', 1)
     return edit_tag_export()
 
 @PasteSubmit.route("/PasteSubmit/disable_misp_auto_event")
+@login_required
 def disable_misp_auto_event():
     r_serv_db.set('misp:auto-events', 0)
     return edit_tag_export()
 
 @PasteSubmit.route("/PasteSubmit/enable_hive_auto_alert")
+@login_required
 def enable_hive_auto_alert():
     r_serv_db.set('hive:auto-alerts', 1)
     return edit_tag_export()
 
 @PasteSubmit.route("/PasteSubmit/disable_hive_auto_alert")
+@login_required
 def disable_hive_auto_alert():
     r_serv_db.set('hive:auto-alerts', 0)
     return edit_tag_export()
 
 @PasteSubmit.route("/PasteSubmit/add_push_tag")
+@login_required
 def add_push_tag():
     tag = request.args.get('tag')
     if tag is not None:
@@ -620,6 +633,7 @@ def add_push_tag():
         return 'None args', 400
 
 @PasteSubmit.route("/PasteSubmit/delete_push_tag")
+@login_required
 def delete_push_tag():
     tag = request.args.get('tag')
 
diff --git a/var/www/modules/Tags/Flask_Tags.py b/var/www/modules/Tags/Flask_Tags.py
index 3cc08159..ec329b30 100644
--- a/var/www/modules/Tags/Flask_Tags.py
+++ b/var/www/modules/Tags/Flask_Tags.py
@@ -6,6 +6,7 @@
 '''
 import redis
 from flask import Flask, render_template, jsonify, request, Blueprint, redirect, url_for
+from flask_login import login_required
 
 import json
 import datetime
@@ -218,6 +219,7 @@ def update_tag_last_seen(tag, tag_first_seen, tag_last_seen):
 # ============= ROUTES ==============
 
 @Tags.route("/tags/", methods=['GET'])
+@login_required
 def Tags_page():
     date_from = request.args.get('date_from')
     date_to = request.args.get('date_to')
@@ -351,6 +353,7 @@ def Tags_page():
 
 
 @Tags.route("/Tags/get_all_tags")
+@login_required
 def get_all_tags():
 
     all_tags = r_serv_tags.smembers('list_tags')
@@ -373,6 +376,7 @@ def get_all_tags():
     return jsonify(list_tags)
 
 @Tags.route("/Tags/get_all_tags_taxonomies")
+@login_required
 def get_all_tags_taxonomies():
 
     taxonomies = Taxonomies()
@@ -390,6 +394,7 @@ def get_all_tags_taxonomies():
     return jsonify(list_tags)
 
 @Tags.route("/Tags/get_all_tags_galaxies")
+@login_required
 def get_all_tags_galaxy():
 
     active_galaxies = r_serv_tags.smembers('active_galaxies')
@@ -403,6 +408,7 @@ def get_all_tags_galaxy():
     return jsonify(list_tags)
 
 @Tags.route("/Tags/get_tags_taxonomie")
+@login_required
 def get_tags_taxonomie():
 
     taxonomie = request.args.get('taxonomie')
@@ -429,6 +435,7 @@ def get_tags_taxonomie():
         return 'INCORRECT INPUT'
 
 @Tags.route("/Tags/get_tags_galaxy")
+@login_required
 def get_tags_galaxy():
 
     galaxy = request.args.get('galaxy')
@@ -449,6 +456,7 @@ def get_tags_galaxy():
         return 'this galaxy is disable'
 
 @Tags.route("/Tags/remove_tag")
+@login_required
 def remove_tag():
 
     #TODO verify input
@@ -460,6 +468,7 @@ def remove_tag():
     return redirect(url_for('showsavedpastes.showsavedpaste', paste=path))
 
 @Tags.route("/Tags/confirm_tag")
+@login_required
 def confirm_tag():
 
     #TODO verify input
@@ -478,6 +487,7 @@ def confirm_tag():
     return 'incompatible tag'
 
 @Tags.route("/Tags/tag_validation")
+@login_required
 def tag_validation():
 
     path = request.args.get('paste')
@@ -498,6 +508,7 @@ def tag_validation():
         return 'input error'
 
 @Tags.route("/Tags/addTags")
+@login_required
 def addTags():
 
     tags = request.args.get('tags')
@@ -547,6 +558,7 @@ def addTags():
 
 
 @Tags.route("/Tags/taxonomies")
+@login_required
 def taxonomies():
 
     active_taxonomies = r_serv_tags.smembers('active_taxonomies')
@@ -583,6 +595,7 @@ def taxonomies():
                             n_tags=n_tags)
 
 @Tags.route("/Tags/edit_taxonomie")
+@login_required
 def edit_taxonomie():
 
     taxonomies = Taxonomies()
@@ -631,6 +644,7 @@ def edit_taxonomie():
         return 'INVALID TAXONOMIE'
 
 @Tags.route("/Tags/disable_taxonomie")
+@login_required
 def disable_taxonomie():
 
     taxonomies = Taxonomies()
@@ -651,6 +665,7 @@ def disable_taxonomie():
 
 
 @Tags.route("/Tags/active_taxonomie")
+@login_required
 def active_taxonomie():
 
     taxonomies = Taxonomies()
@@ -670,6 +685,7 @@ def active_taxonomie():
         return "INCORRECT INPUT"
 
 @Tags.route("/Tags/edit_taxonomie_tag")
+@login_required
 def edit_taxonomie_tag():
 
     taxonomies = Taxonomies()
@@ -712,6 +728,7 @@ def edit_taxonomie_tag():
         return "INCORRECT INPUT"
 
 @Tags.route("/Tags/galaxies")
+@login_required
 def galaxies():
 
     active_galaxies = r_serv_tags.smembers('active_galaxies')
@@ -758,6 +775,7 @@ def galaxies():
 
 
 @Tags.route("/Tags/edit_galaxy")
+@login_required
 def edit_galaxy():
 
     id = request.args.get('galaxy')
@@ -825,6 +843,7 @@ def edit_galaxy():
 
 
 @Tags.route("/Tags/active_galaxy")
+@login_required
 def active_galaxy():
 
     id = request.args.get('galaxy')
@@ -869,6 +888,7 @@ def active_galaxy():
 
 
 @Tags.route("/Tags/disable_galaxy")
+@login_required
 def disable_galaxy():
 
     id = request.args.get('galaxy')
@@ -889,6 +909,7 @@ def disable_galaxy():
 
 
 @Tags.route("/Tags/edit_galaxy_tag")
+@login_required
 def edit_galaxy_tag():
 
     arg1 = request.args.getlist('tag_enabled')
@@ -961,6 +982,7 @@ def edit_galaxy_tag():
         return "INCORRECT INPUT"
 
 @Tags.route("/Tags/tag_galaxy_info")
+@login_required
 def tag_galaxy_info():
 
     galaxy = request.args.get('galaxy')
diff --git a/var/www/modules/hashDecoded/Flask_hashDecoded.py b/var/www/modules/hashDecoded/Flask_hashDecoded.py
index 8a7945d2..db60e0c8 100644
--- a/var/www/modules/hashDecoded/Flask_hashDecoded.py
+++ b/var/www/modules/hashDecoded/Flask_hashDecoded.py
@@ -15,6 +15,7 @@ import zipfile
 
 import requests
 from flask import Flask, render_template, jsonify, request, Blueprint, redirect, url_for, send_file
+from flask_login import login_required
 
 # ============ VARIABLES ============
 import Flask_config
@@ -97,6 +98,7 @@ def one():
 
 # ============= ROUTES ==============
 @hashDecoded.route("/hashDecoded/all_hash_search", methods=['POST'])
+@login_required
 def all_hash_search():
     date_from = request.form.get('date_from')
     date_to = request.form.get('date_to')
@@ -107,6 +109,7 @@ def all_hash_search():
 
 
 @hashDecoded.route("/hashDecoded/", methods=['GET'])
+@login_required
 def hashDecoded_page():
     date_from = request.args.get('date_from')
     date_to = request.args.get('date_to')
@@ -224,6 +227,7 @@ def hashDecoded_page():
 
 
 @hashDecoded.route('/hashDecoded/hash_by_type')
+@login_required
 def hash_by_type():
     type = request.args.get('type')
     type = 'text/plain'
@@ -231,12 +235,14 @@ def hash_by_type():
 
 
 @hashDecoded.route('/hashDecoded/hash_hash')
+@login_required
 def hash_hash():
     hash = request.args.get('hash')
     return render_template('hash_hash.html')
 
 
 @hashDecoded.route('/hashDecoded/showHash')
+@login_required
 def showHash():
     hash = request.args.get('hash')
     #hash = 'e02055d3efaad5d656345f6a8b1b6be4fe8cb5ea'
@@ -290,6 +296,7 @@ def showHash():
 
 
 @hashDecoded.route('/hashDecoded/downloadHash')
+@login_required
 def downloadHash():
     hash = request.args.get('hash')
     # sanitize hash
@@ -326,6 +333,7 @@ def downloadHash():
 
 
 @hashDecoded.route('/hashDecoded/hash_by_type_json')
+@login_required
 def hash_by_type_json():
     type = request.args.get('type')
 
@@ -359,6 +367,7 @@ def hash_by_type_json():
 
 
 @hashDecoded.route('/hashDecoded/decoder_type_json')
+@login_required
 def decoder_type_json():
     date_from = request.args.get('date_from')
     date_to = request.args.get('date_to')
@@ -414,6 +423,7 @@ def decoder_type_json():
 
 
 @hashDecoded.route('/hashDecoded/top5_type_json')
+@login_required
 def top5_type_json():
     date_from = request.args.get('date_from')
     date_to = request.args.get('date_to')
@@ -472,6 +482,7 @@ def top5_type_json():
 
 
 @hashDecoded.route('/hashDecoded/daily_type_json')
+@login_required
 def daily_type_json():
     date = request.args.get('date')
 
@@ -491,6 +502,7 @@ def daily_type_json():
 
 
 @hashDecoded.route('/hashDecoded/range_type_json')
+@login_required
 def range_type_json():
     date_from = request.args.get('date_from')
     date_to = request.args.get('date_to')
@@ -547,6 +559,7 @@ def range_type_json():
 
 
 @hashDecoded.route('/hashDecoded/hash_graph_line_json')
+@login_required
 def hash_graph_line_json():
     hash = request.args.get('hash')
     date_from = request.args.get('date_from')
@@ -576,6 +589,7 @@ def hash_graph_line_json():
 
 
 @hashDecoded.route('/hashDecoded/hash_graph_node_json')
+@login_required
 def hash_graph_node_json():
     hash = request.args.get('hash')
 
@@ -643,6 +657,7 @@ def hash_graph_node_json():
 
 
 @hashDecoded.route('/hashDecoded/hash_types')
+@login_required
 def hash_types():
     date_from = 20180701
     date_to = 20180706
@@ -650,6 +665,7 @@ def hash_types():
 
 
 @hashDecoded.route('/hashDecoded/send_file_to_vt_js')
+@login_required
 def send_file_to_vt_js():
     hash = request.args.get('hash')
 
@@ -673,6 +689,7 @@ def send_file_to_vt_js():
 
 
 @hashDecoded.route('/hashDecoded/update_vt_result')
+@login_required
 def update_vt_result():
     hash = request.args.get('hash')
 
diff --git a/var/www/modules/hiddenServices/Flask_hiddenServices.py b/var/www/modules/hiddenServices/Flask_hiddenServices.py
index fd68dc93..76c61667 100644
--- a/var/www/modules/hiddenServices/Flask_hiddenServices.py
+++ b/var/www/modules/hiddenServices/Flask_hiddenServices.py
@@ -12,6 +12,7 @@ import time
 import json
 from pyfaup.faup import Faup
 from flask import Flask, render_template, jsonify, request, Blueprint, redirect, url_for
+from flask_login import login_required
 
 from Date import Date
 from HiddenServices import HiddenServices
@@ -232,6 +233,7 @@ def delete_auto_crawler(url):
 # ============= ROUTES ==============
 
 @hiddenServices.route("/crawlers/", methods=['GET'])
+@login_required
 def dashboard():
     crawler_metadata_onion = get_crawler_splash_status('onion')
     crawler_metadata_regular = get_crawler_splash_status('regular')
@@ -246,14 +248,17 @@ def dashboard():
                                 statDomains_onion=statDomains_onion, statDomains_regular=statDomains_regular)
 
 @hiddenServices.route("/hiddenServices/2", methods=['GET'])
+@login_required
 def hiddenServices_page_test():
     return render_template("Crawler_index.html")
 
 @hiddenServices.route("/crawlers/manual", methods=['GET'])
+@login_required
 def manual():
     return render_template("Crawler_Splash_manual.html")
 
 @hiddenServices.route("/crawlers/crawler_splash_onion", methods=['GET'])
+@login_required
 def crawler_splash_onion():
     type = 'onion'
     last_onions = get_last_domains_crawled(type)
@@ -271,6 +276,7 @@ def crawler_splash_onion():
                             crawler_metadata=crawler_metadata, date_from=date_string, date_to=date_string)
 
 @hiddenServices.route("/crawlers/Crawler_Splash_last_by_type", methods=['GET'])
+@login_required
 def Crawler_Splash_last_by_type():
     type = request.args.get('type')
     # verify user input
@@ -293,6 +299,7 @@ def Crawler_Splash_last_by_type():
                             crawler_metadata=crawler_metadata, date_from=date_string, date_to=date_string)
 
 @hiddenServices.route("/crawlers/blacklisted_domains", methods=['GET'])
+@login_required
 def blacklisted_domains():
     blacklist_domain = request.args.get('blacklist_domain')
     unblacklist_domain = request.args.get('unblacklist_domain')
@@ -327,6 +334,7 @@ def blacklisted_domains():
         return 'Incorrect Type'
 
 @hiddenServices.route("/crawler/blacklist_domain", methods=['GET'])
+@login_required
 def blacklist_domain():
     domain = request.args.get('domain')
     type = request.args.get('type')
@@ -348,6 +356,7 @@ def blacklist_domain():
         return 'Incorrect type'
 
 @hiddenServices.route("/crawler/unblacklist_domain", methods=['GET'])
+@login_required
 def unblacklist_domain():
     domain = request.args.get('domain')
     type = request.args.get('type')
@@ -369,6 +378,7 @@ def unblacklist_domain():
         return 'Incorrect type'
 
 @hiddenServices.route("/crawlers/create_spider_splash", methods=['POST'])
+@login_required
 def create_spider_splash():
     url = request.form.get('url_to_crawl')
     automatic = request.form.get('crawler_type')
@@ -444,6 +454,7 @@ def create_spider_splash():
     return redirect(url_for('hiddenServices.manual'))
 
 @hiddenServices.route("/crawlers/auto_crawler", methods=['GET'])
+@login_required
 def auto_crawler():
     nb_element_to_display = 100
     try:
@@ -495,6 +506,7 @@ def auto_crawler():
                                 auto_crawler_domain_regular_metadata=auto_crawler_domain_regular_metadata)
 
 @hiddenServices.route("/crawlers/remove_auto_crawler", methods=['GET'])
+@login_required
 def remove_auto_crawler():
     url = request.args.get('url')
     page = request.args.get('page')
@@ -504,6 +516,7 @@ def remove_auto_crawler():
     return redirect(url_for('hiddenServices.auto_crawler', page=page))
 
 @hiddenServices.route("/crawlers/crawler_dashboard_json", methods=['GET'])
+@login_required
 def crawler_dashboard_json():
 
     crawler_metadata_onion = get_crawler_splash_status('onion')
@@ -520,6 +533,7 @@ def crawler_dashboard_json():
 
 # # TODO: refractor
 @hiddenServices.route("/hiddenServices/last_crawled_domains_with_stats_json", methods=['GET'])
+@login_required
 def last_crawled_domains_with_stats_json():
     last_onions = r_serv_onion.lrange('last_onion', 0 ,-1)
     list_onion = []
@@ -569,6 +583,7 @@ def last_crawled_domains_with_stats_json():
     return jsonify({'last_onions': list_onion, 'statDomains': statDomains, 'crawler_metadata':crawler_metadata})
 
 @hiddenServices.route("/hiddenServices/get_onions_by_daterange", methods=['POST'])
+@login_required
 def get_onions_by_daterange():
     date_from = request.form.get('date_from')
     date_to = request.form.get('date_to')
@@ -580,6 +595,7 @@ def get_onions_by_daterange():
     return redirect(url_for('hiddenServices.show_domains_by_daterange', date_from=date_from, date_to=date_to, service_type=service_type, domains_up=domains_up, domains_down=domains_down, domains_tags=domains_tags))
 
 @hiddenServices.route("/hiddenServices/show_domains_by_daterange", methods=['GET'])
+@login_required
 def show_domains_by_daterange():
     date_from = request.args.get('date_from')
     date_to = request.args.get('date_to')
@@ -684,6 +700,7 @@ def show_domains_by_daterange():
                                 domains_tags=domains_tags, type=service_type, bootstrap_label=bootstrap_label)
 
 @hiddenServices.route("/crawlers/show_domain", methods=['GET'])
+@login_required
 def show_domain():
     domain = request.args.get('domain')
     epoch = request.args.get('epoch')
@@ -754,6 +771,7 @@ def show_domain():
                             domain_tags=domain_tags, screenshot=screenshot)
 
 @hiddenServices.route("/hiddenServices/onion_son", methods=['GET'])
+@login_required
 def onion_son():
     onion_domain = request.args.get('onion_domain')
 
@@ -764,6 +782,7 @@ def onion_son():
 
 # ============= JSON ==============
 @hiddenServices.route("/hiddenServices/domain_crawled_7days_json", methods=['GET'])
+@login_required
 def domain_crawled_7days_json():
     type = 'onion'
         ## TODO: # FIXME: 404 error
@@ -782,6 +801,7 @@ def domain_crawled_7days_json():
     return jsonify(json_domain_stats)
 
 @hiddenServices.route('/hiddenServices/domain_crawled_by_type_json')
+@login_required
 def domain_crawled_by_type_json():
     current_date = request.args.get('date')
     type = request.args.get('type')
diff --git a/var/www/modules/rawSkeleton/Flask_rawSkeleton.py b/var/www/modules/rawSkeleton/Flask_rawSkeleton.py
index d17e2b33..fe6e1f66 100644
--- a/var/www/modules/rawSkeleton/Flask_rawSkeleton.py
+++ b/var/www/modules/rawSkeleton/Flask_rawSkeleton.py
@@ -6,6 +6,7 @@
 '''
 import redis
 from flask import Flask, render_template, jsonify, request, Blueprint
+from flask_login import login_required
 
 # ============ VARIABLES ============
 import Flask_config
@@ -22,6 +23,7 @@ def one():
 # ============= ROUTES ==============
 
 @rawSkeleton.route("/rawSkeleton/", methods=['GET'])
+@login_required
 def skeleton_page():
     return render_template("rawSkeleton.html")
 
diff --git a/var/www/modules/search/Flask_search.py b/var/www/modules/search/Flask_search.py
index 7405b1e9..866c0bfc 100644
--- a/var/www/modules/search/Flask_search.py
+++ b/var/www/modules/search/Flask_search.py
@@ -10,6 +10,7 @@ import os
 import datetime
 import flask
 from flask import Flask, render_template, jsonify, request, Blueprint
+from flask_login import login_required
 
 import Paste
 from whoosh import index
@@ -93,6 +94,7 @@ def to_iso_date(timestamp):
 # ============ ROUTES ============
 
 @searches.route("/search", methods=['POST'])
+@login_required
 def search():
     query = request.form['query']
     q = []
@@ -180,6 +182,7 @@ def search():
 
 
 @searches.route("/get_more_search_result", methods=['POST'])
+@login_required
 def get_more_search_result():
     query = request.form['query']
     q = []
diff --git a/var/www/modules/sentiment/Flask_sentiment.py b/var/www/modules/sentiment/Flask_sentiment.py
index 9a86eaa4..14904558 100644
--- a/var/www/modules/sentiment/Flask_sentiment.py
+++ b/var/www/modules/sentiment/Flask_sentiment.py
@@ -10,6 +10,7 @@ import calendar
 from Date import Date
 import flask
 from flask import Flask, render_template, jsonify, request, Blueprint
+from flask_login import login_required
 
 import Paste
 
@@ -39,11 +40,13 @@ def get_date_range(num_day):
 # ============ ROUTES ============
 
 @sentiments.route("/sentiment_analysis_trending/")
+@login_required
 def sentiment_analysis_trending():
     return render_template("sentiment_analysis_trending.html")
 
 
 @sentiments.route("/sentiment_analysis_getplotdata/", methods=['GET'])
+@login_required
 def sentiment_analysis_getplotdata():
     # Get the top providers based on number of pastes
     oneHour = 60*60
@@ -94,12 +97,14 @@ def sentiment_analysis_getplotdata():
 
 
 @sentiments.route("/sentiment_analysis_plot_tool/")
+@login_required
 def sentiment_analysis_plot_tool():
     return render_template("sentiment_analysis_plot_tool.html")
 
 
 
 @sentiments.route("/sentiment_analysis_plot_tool_getdata/", methods=['GET'])
+@login_required
 def sentiment_analysis_plot_tool_getdata():
     getProviders = request.args.get('getProviders')
 
diff --git a/var/www/modules/settings/Flask_settings.py b/var/www/modules/settings/Flask_settings.py
index f8600f58..0563056a 100644
--- a/var/www/modules/settings/Flask_settings.py
+++ b/var/www/modules/settings/Flask_settings.py
@@ -5,6 +5,7 @@
     Flask functions and routes for the settings modules page
 '''
 from flask import Flask, render_template, jsonify, request, Blueprint, redirect, url_for
+from flask_login import login_required
 
 import json
 import datetime
@@ -74,6 +75,7 @@ def get_update_metadata():
 # ============= ROUTES ==============
 
 @settings.route("/settings/", methods=['GET'])
+@login_required
 def settings_page():
     git_metadata = get_git_metadata()
     current_version = r_serv_db.get('ail:version')
@@ -85,6 +87,7 @@ def settings_page():
 
 
 @settings.route("/settings/get_background_update_stats_json", methods=['GET'])
+@login_required
 def get_background_update_stats_json():
     # handle :end, error
     update_stats = {}
diff --git a/var/www/modules/showpaste/Flask_showpaste.py b/var/www/modules/showpaste/Flask_showpaste.py
index 474280b5..c73d93c8 100644
--- a/var/www/modules/showpaste/Flask_showpaste.py
+++ b/var/www/modules/showpaste/Flask_showpaste.py
@@ -9,6 +9,8 @@ import json
 import os
 import flask
 from flask import Flask, render_template, jsonify, request, Blueprint, make_response, Response, send_from_directory, redirect, url_for
+from flask_login import login_required
+
 import difflib
 import ssdeep
 
@@ -378,16 +380,19 @@ def show_item_min(requested_path , content_range=0):
 # ============ ROUTES ============
 
 @showsavedpastes.route("/showsavedpaste/") #completely shows the paste in a new tab
+@login_required
 def showsavedpaste():
     requested_path = request.args.get('paste', '')
     return showpaste(0, requested_path)
 
 @showsavedpastes.route("/showsaveditem_min/") #completely shows the paste in a new tab
+@login_required
 def showsaveditem_min():
     requested_path = request.args.get('paste', '')
     return show_item_min(requested_path)
 
 @showsavedpastes.route("/showsavedrawpaste/") #shows raw
+@login_required
 def showsavedrawpaste():
     requested_path = request.args.get('paste', '')
     paste = Paste.Paste(requested_path)
@@ -395,6 +400,7 @@ def showsavedrawpaste():
     return Response(content, mimetype='text/plain')
 
 @showsavedpastes.route("/showpreviewpaste/")
+@login_required
 def showpreviewpaste():
     num = request.args.get('num', '')
     requested_path = request.args.get('paste', '')
@@ -402,6 +408,7 @@ def showpreviewpaste():
 
 
 @showsavedpastes.route("/getmoredata/")
+@login_required
 def getmoredata():
     requested_path = request.args.get('paste', '')
     paste = Paste.Paste(requested_path)
@@ -410,6 +417,7 @@ def getmoredata():
     return to_return
 
 @showsavedpastes.route("/showDiff/")
+@login_required
 def showDiff():
     s1 = request.args.get('s1', '')
     s2 = request.args.get('s2', '')
@@ -426,10 +434,12 @@ def showDiff():
     return the_html
 
 @showsavedpastes.route('/screenshot/<path:filename>')
+@login_required
 def screenshot(filename):
     return send_from_directory(SCREENSHOT_FOLDER, filename+'.png', as_attachment=True)
 
 @showsavedpastes.route('/send_file_to_vt/', methods=['POST'])
+@login_required
 def send_file_to_vt():
     b64_path = request.form['b64_path']
     paste = request.form['paste']
diff --git a/var/www/modules/terms/Flask_terms.py b/var/www/modules/terms/Flask_terms.py
index 1fb83bcb..fd42ec4d 100644
--- a/var/www/modules/terms/Flask_terms.py
+++ b/var/www/modules/terms/Flask_terms.py
@@ -11,6 +11,8 @@ import datetime
 import calendar
 import flask
 from flask import Flask, render_template, jsonify, request, Blueprint, url_for, redirect
+from flask_login import login_required
+
 import re
 import Paste
 from pprint import pprint
@@ -143,6 +145,7 @@ def save_tag_to_auto_push(list_tag):
 # ============ ROUTES ============
 
 @terms.route("/terms_management/")
+@login_required
 def terms_management():
     per_paste = request.args.get('per_paste')
     if per_paste == "1" or per_paste is None:
@@ -261,6 +264,7 @@ def terms_management():
 
 
 @terms.route("/terms_management_query_paste/")
+@login_required
 def terms_management_query_paste():
     term =  request.args.get('term')
     paste_info = []
@@ -293,6 +297,7 @@ def terms_management_query_paste():
 
 
 @terms.route("/terms_management_query/")
+@login_required
 def terms_management_query():
     TrackedTermsDate_Name = "TrackedTermDate"
     BlackListTermsDate_Name = "BlackListTermDate"
@@ -315,6 +320,7 @@ def terms_management_query():
 
 
 @terms.route("/terms_management_action/", methods=['GET'])
+@login_required
 def terms_management_action():
     today = datetime.datetime.now()
     today = today.replace(microsecond=0)
@@ -440,6 +446,7 @@ def terms_management_action():
         return jsonify(to_return)
 
 @terms.route("/terms_management/delete_terms_tags", methods=['POST'])
+@login_required
 def delete_terms_tags():
     term = request.form.get('term')
     tags_to_delete = request.form.getlist('tags_to_delete')
@@ -452,6 +459,7 @@ def delete_terms_tags():
         return 'None args', 400
 
 @terms.route("/terms_management/delete_terms_email", methods=['GET'])
+@login_required
 def delete_terms_email():
     term =  request.args.get('term')
     email =  request.args.get('email')
@@ -464,6 +472,7 @@ def delete_terms_email():
 
 
 @terms.route("/terms_plot_tool/")
+@login_required
 def terms_plot_tool():
     term =  request.args.get('term')
     if term is not None:
@@ -473,6 +482,7 @@ def terms_plot_tool():
 
 
 @terms.route("/terms_plot_tool_data/")
+@login_required
 def terms_plot_tool_data():
     oneDay = 60*60*24
     range_start =  datetime.datetime.utcfromtimestamp(int(float(request.args.get('range_start')))) if request.args.get('range_start') is not None else 0;
@@ -503,6 +513,7 @@ def terms_plot_tool_data():
 
 
 @terms.route("/terms_plot_top/")
+@login_required
 def terms_plot_top():
     per_paste = request.args.get('per_paste')
     per_paste = per_paste if per_paste is not None else 1
@@ -510,6 +521,7 @@ def terms_plot_top():
 
 
 @terms.route("/terms_plot_top_data/")
+@login_required
 def terms_plot_top_data():
     oneDay = 60*60*24
     today = datetime.datetime.now()
@@ -556,10 +568,12 @@ def terms_plot_top_data():
 
 
 @terms.route("/credentials_tracker/")
+@login_required
 def credentials_tracker():
     return render_template("credentials_tracker.html")
 
 @terms.route("/credentials_management_query_paste/", methods=['GET', 'POST'])
+@login_required
 def credentials_management_query_paste():
     cred =  request.args.get('cred')
     allPath = request.json['allPath']
@@ -583,6 +597,7 @@ def credentials_management_query_paste():
     return jsonify(paste_info)
 
 @terms.route("/credentials_management_action/", methods=['GET'])
+@login_required
 def cred_management_action():
 
     supplied =  request.args.get('term')
diff --git a/var/www/modules/trendingcharts/Flask_trendingcharts.py b/var/www/modules/trendingcharts/Flask_trendingcharts.py
index ad2e5b76..bad6a353 100644
--- a/var/www/modules/trendingcharts/Flask_trendingcharts.py
+++ b/var/www/modules/trendingcharts/Flask_trendingcharts.py
@@ -9,6 +9,7 @@ import datetime
 from Date import Date
 import flask
 from flask import Flask, render_template, jsonify, request, Blueprint
+from flask_login import login_required
 
 # ============ VARIABLES ============
 import Flask_config
@@ -36,6 +37,7 @@ def get_date_range(num_day):
 # ============ ROUTES ============
 
 @trendings.route("/_progressionCharts", methods=['GET'])
+@login_required
 def progressionCharts():
     attribute_name = request.args.get('attributeName')
     trending_name = request.args.get('trendingName')
@@ -61,18 +63,21 @@ def progressionCharts():
         return jsonify(keyw_value)
 
 @trendings.route("/wordstrending/")
+@login_required
 def wordstrending():
     default_display = cfg.get("Flask", "default_display")
     return render_template("Wordstrending.html", default_display = default_display)
 
 
 @trendings.route("/protocolstrending/")
+@login_required
 def protocolstrending():
     default_display = cfg.get("Flask", "default_display")
     return render_template("Protocolstrending.html", default_display = default_display)
 
 
 @trendings.route("/trending/")
+@login_required
 def trending():
     default_display = cfg.get("Flask", "default_display")
     return render_template("Trending.html", default_display = default_display)
diff --git a/var/www/modules/trendingmodules/Flask_trendingmodules.py b/var/www/modules/trendingmodules/Flask_trendingmodules.py
index aeec0eb9..a53066b9 100644
--- a/var/www/modules/trendingmodules/Flask_trendingmodules.py
+++ b/var/www/modules/trendingmodules/Flask_trendingmodules.py
@@ -9,6 +9,7 @@ import datetime
 from Date import Date
 import flask
 from flask import Flask, render_template, jsonify, request, Blueprint
+from flask_login import login_required
 
 # ============ VARIABLES ============
 import Flask_config
@@ -49,6 +50,7 @@ def get_date_range(num_day):
 # ============ ROUTES ============
 
 @trendingmodules.route("/_moduleCharts", methods=['GET'])
+@login_required
 def modulesCharts():
     keyword_name = request.args.get('keywordName')
     module_name = request.args.get('moduleName')
@@ -75,6 +77,7 @@ def modulesCharts():
 
 
 @trendingmodules.route("/_providersChart", methods=['GET'])
+@login_required
 def providersChart():
     keyword_name = request.args.get('keywordName')
     module_name = request.args.get('moduleName')
@@ -121,6 +124,7 @@ def providersChart():
 
 
 @trendingmodules.route("/moduletrending/")
+@login_required
 def moduletrending():
     return render_template("Moduletrending.html")
 
diff --git a/var/www/templates/login.html b/var/www/templates/login.html
new file mode 100644
index 00000000..2e413435
--- /dev/null
+++ b/var/www/templates/login.html
@@ -0,0 +1,81 @@
+<!DOCTYPE html>
+
+<html>
+<head>
+	 <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+	<title>AIL-Framework</title>
+	<link rel="icon" href="{{ url_for('static', filename='image/ail-icon.png')}}">
+	<!-- Core CSS -->
+	<link href="{{ url_for('static', filename='css/bootstrap4.min.css') }}" rel="stylesheet">
+	<link href="{{ url_for('static', filename='css/font-awesome.min.css') }}" rel="stylesheet">
+
+	<!-- JS -->
+	<script src="{{ url_for('static', filename='js/jquery.js')}}"></script>
+	<script src="{{ url_for('static', filename='js/bootstrap4.min.js')}}"></script>
+
+
+	<style>
+	html,
+	body {
+	height: 100%;
+	}
+
+	body {
+	display: -ms-flexbox;
+	display: flex;
+	-ms-flex-align: center;
+	align-items: center;
+	padding-top: 40px;
+	padding-bottom: 40px;
+	background-color: #f5f5f5;
+	}
+
+	.form-signin {
+	width: 100%;
+	max-width: 330px;
+	padding: 15px;
+	margin: auto;
+	}
+	.form-signin .checkbox {
+	font-weight: 400;
+	}
+	.form-signin .form-control {
+	position: relative;
+	box-sizing: border-box;
+	height: auto;
+	padding: 10px;
+	font-size: 16px;
+	}
+	.form-signin .form-control:focus {
+	z-index: 2;
+	}
+	.form-signin input[type="email"] {
+	margin-bottom: -1px;
+	border-bottom-right-radius: 0;
+	border-bottom-left-radius: 0;
+	}
+	.form-signin input[type="password"] {
+	margin-bottom: 10px;
+	border-top-left-radius: 0;
+	border-top-right-radius: 0;
+	}
+	</style>
+
+</head>
+
+<body class="text-center">
+
+
+				<form class="form-signin" action="{{ url_for('login')}}"  method="post">
+		      <img class="mb-4" src="{{ url_for('static', filename='image/AIL.png')}}" width="300">
+		      <h1 class="h3 mb-3 text-secondary">Please sign in</h1>
+		      <label for="inputEmail" class="sr-only">Email address</label>
+		      <input type="email" id="inputEmail" name="username" class="form-control" placeholder="Email address" required autofocus>
+		      <label for="inputPassword" class="sr-only">Password</label>
+		      <input type="password" id="inputPassword" name="password" class="form-control" placeholder="Password" required>
+		      <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
+					<input type="text" name="next_page" hidden>{{next_page}}</input>
+		    </form>
+
+
+</body>