From 8d0c2a7b13d904229afddaa7dd5f1be3d0dc5e7d Mon Sep 17 00:00:00 2001 From: Terrtia Date: Wed, 20 Nov 2019 16:15:08 +0100 Subject: [PATCH] chg; [User role] add roles: user + user_no_api + read_only --- update/v2.5/Update.py | 37 ++++++++++++++ update/v2.5/Update.sh | 39 +++++++++++++++ var/www/blueprints/correlation.py | 6 +-- var/www/blueprints/crawler_splash.py | 4 +- var/www/create_default_user.py | 3 ++ var/www/modules/Role_Manager.py | 41 ++++++++++++++- var/www/modules/Tags/Flask_Tags.py | 20 ++++---- var/www/modules/dashboard/Flask_dashboard.py | 10 ++-- .../modules/hashDecoded/Flask_hashDecoded.py | 50 +++++++++---------- .../hiddenServices/Flask_hiddenServices.py | 28 +++++------ var/www/modules/hunter/Flask_hunter.py | 14 +++--- .../modules/rawSkeleton/Flask_rawSkeleton.py | 4 +- var/www/modules/restApi/Flask_restApi.py | 30 +++++------ var/www/modules/sentiment/Flask_sentiment.py | 10 ++-- var/www/modules/settings/Flask_settings.py | 10 ++-- var/www/modules/showpaste/Flask_showpaste.py | 14 +++--- var/www/modules/terms/Flask_terms.py | 16 +++--- .../trendingcharts/Flask_trendingcharts.py | 10 ++-- .../trendingmodules/Flask_trendingmodules.py | 8 +-- 19 files changed, 235 insertions(+), 119 deletions(-) create mode 100755 update/v2.5/Update.py create mode 100755 update/v2.5/Update.sh diff --git a/update/v2.5/Update.py b/update/v2.5/Update.py new file mode 100755 index 00000000..56b1872a --- /dev/null +++ b/update/v2.5/Update.py @@ -0,0 +1,37 @@ +#!/usr/bin/env python3 +# -*-coding:UTF-8 -* + +import os +import re +import sys +import time +import redis +import datetime + +sys.path.append(os.path.join(os.environ['AIL_BIN'], 'lib/')) +import ConfigLoader + +new_version = 'v2.5' + +if __name__ == '__main__': + + start_deb = time.time() + + config_loader = ConfigLoader.ConfigLoader() + r_serv = config_loader.get_redis_conn("ARDB_DB") + config_loader = None + + r_serv.zadd('ail:all_role', 3, 'user') + r_serv.zadd('ail:all_role', 4, 'user_no_api') + r_serv.zadd('ail:all_role', 5, 'read_only') + + for user in r_serv.hkeys(user:all): + r_serv.sadd('user_role:user', user) + r_serv.sadd('user_role:user_no_api', user) + r_serv.sadd('user_role:read_only', user) + + #Set current ail version + r_serv.set('ail:version', new_version) + + #Set current ail version + r_serv.hset('ail:update_date', new_version, datetime.datetime.now().strftime("%Y%m%d")) diff --git a/update/v2.5/Update.sh b/update/v2.5/Update.sh new file mode 100755 index 00000000..6c75f15f --- /dev/null +++ b/update/v2.5/Update.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +[ -z "$AIL_HOME" ] && echo "Needs the env var AIL_HOME. Run the script from the virtual environment." && exit 1; +[ -z "$AIL_REDIS" ] && echo "Needs the env var AIL_REDIS. Run the script from the virtual environment." && exit 1; +[ -z "$AIL_ARDB" ] && echo "Needs the env var AIL_ARDB. Run the script from the virtual environment." && exit 1; +[ -z "$AIL_BIN" ] && echo "Needs the env var AIL_ARDB. Run the script from the virtual environment." && exit 1; +[ -z "$AIL_FLASK" ] && echo "Needs the env var AIL_FLASK. Run the script from the virtual environment." && exit 1; + +export PATH=$AIL_HOME:$PATH +export PATH=$AIL_REDIS:$PATH +export PATH=$AIL_ARDB:$PATH +export PATH=$AIL_BIN:$PATH +export PATH=$AIL_FLASK:$PATH + +GREEN="\\033[1;32m" +DEFAULT="\\033[0;39m" + +echo -e $GREEN"Shutting down AIL ..."$DEFAULT +bash ${AIL_BIN}/LAUNCH.sh -ks +wait + +bash ${AIL_BIN}/LAUNCH.sh -lav & +wait +echo "" + +echo "" +echo -e $GREEN"Updating AIL VERSION ..."$DEFAULT +echo "" +python ${AIL_HOME}/update/v2.5/Update.py +wait +echo "" +echo "" + +echo "" +echo -e $GREEN"Shutting down ARDB ..."$DEFAULT +bash ${AIL_BIN}/LAUNCH.sh -ks +wait + +exit 0 diff --git a/var/www/blueprints/correlation.py b/var/www/blueprints/correlation.py index f17f3637..13fa81f6 100644 --- a/var/www/blueprints/correlation.py +++ b/var/www/blueprints/correlation.py @@ -18,7 +18,7 @@ import Flask_config # Import Role_Manager from Role_Manager import create_user_db, check_password_strength, check_user_role_integrity -from Role_Manager import login_admin, login_analyst +from Role_Manager import login_admin, login_analyst, login_read_only sys.path.append(os.path.join(os.environ['AIL_BIN'], 'lib')) import Correlate_object @@ -118,7 +118,7 @@ def get_card_metadata(object_type, correlation_id, type_id=None): # ============= ROUTES ============== @correlation.route('/correlation/show_correlation', methods=['GET', 'POST']) # GET + POST @login_required -@login_analyst +@login_read_only def show_correlation(): if request.method == 'POST': object_type = request.form.get('object_type') @@ -192,7 +192,7 @@ def show_correlation(): @correlation.route('/correlation/graph_node_json') @login_required -@login_analyst +@login_read_only def graph_node_json(): # # TODO: use post correlation_id = request.args.get('correlation_id') type_id = request.args.get('type_id') diff --git a/var/www/blueprints/crawler_splash.py b/var/www/blueprints/crawler_splash.py index 8ef41e42..989b8d51 100644 --- a/var/www/blueprints/crawler_splash.py +++ b/var/www/blueprints/crawler_splash.py @@ -18,7 +18,7 @@ import Flask_config # Import Role_Manager from Role_Manager import create_user_db, check_password_strength, check_user_role_integrity -from Role_Manager import login_admin, login_analyst +from Role_Manager import login_admin, login_analyst, login_read_only sys.path.append(os.path.join(os.environ['AIL_BIN'], 'packages')) import Tag @@ -47,7 +47,7 @@ def api_validator(api_response): # add route : /crawlers/show_domain @crawler_splash.route('/crawlers/showDomain') @login_required -@login_analyst +@login_read_only def showDomain(): domain_name = request.args.get('domain') epoch = request.args.get('epoch') diff --git a/var/www/create_default_user.py b/var/www/create_default_user.py index 34e07183..b3759ec7 100755 --- a/var/www/create_default_user.py +++ b/var/www/create_default_user.py @@ -23,6 +23,9 @@ if __name__ == "__main__": if not r_serv.exists('ail:all_role'): r_serv.zadd('ail:all_role', 1, 'admin') r_serv.zadd('ail:all_role', 2, 'analyst') + r_serv.zadd('ail:all_role', 3, 'user') + r_serv.zadd('ail:all_role', 4, 'user_no_api') + r_serv.zadd('ail:all_role', 5, 'read_only') username = 'admin@admin.test' password = gen_password() diff --git a/var/www/modules/Role_Manager.py b/var/www/modules/Role_Manager.py index 388c5576..9719dcae 100644 --- a/var/www/modules/Role_Manager.py +++ b/var/www/modules/Role_Manager.py @@ -16,7 +16,7 @@ from flask_login import LoginManager, current_user, login_user, logout_user, log from flask import request, make_response, current_app login_manager = LoginManager() -login_manager.login_view = 'role' +login_manager.login_view = 'root.role' # CONFIG # config_loader = ConfigLoader.ConfigLoader() @@ -68,7 +68,35 @@ def login_analyst(func): return func(*args, **kwargs) return decorated_view +def login_user(func): + @wraps(func) + def decorated_view(*args, **kwargs): + if not current_user.is_authenticated: + return login_manager.unauthorized() + elif (not current_user.is_in_role('user')): + return login_manager.unauthorized() + return func(*args, **kwargs) + return decorated_view +def login_user_no_api(func): + @wraps(func) + def decorated_view(*args, **kwargs): + if not current_user.is_authenticated: + return login_manager.unauthorized() + elif (not current_user.is_in_role('user_no_api')): + return login_manager.unauthorized() + return func(*args, **kwargs) + return decorated_view + +def login_read_only(func): + @wraps(func) + def decorated_view(*args, **kwargs): + if not current_user.is_authenticated: + return login_manager.unauthorized() + elif (not current_user.is_in_role('read_only')): + return login_manager.unauthorized() + return func(*args, **kwargs) + return decorated_view ############################################################### ############################################################### @@ -107,21 +135,30 @@ def create_user_db(username_id , password, default=False, role=None, update=Fals # create user token generate_new_token(username_id) + if not role: + role = 'read_only' + if update: r_serv_db.hdel('user_metadata:{}'.format(username_id), 'change_passwd') # remove default user password file if username_id=='admin@admin.test': os.remove(default_passwd_file) + r_serv_db.hset('user:all', username_id, password_hash) else: if default: r_serv_db.hset('user_metadata:{}'.format(username_id), 'change_passwd', True) if role: + print(role) + print(get_all_role()) if role in get_all_role(): + print('yep') + print(get_all_user_role(role)) for role_to_add in get_all_user_role(role): + print(role) r_serv_db.sadd('user_role:{}'.format(role_to_add), username_id) r_serv_db.hset('user_metadata:{}'.format(username_id), 'role', role) - r_serv_db.hset('user:all', username_id, password_hash) + r_serv_db.hset('user:all', username_id, password_hash) def edit_user_db(user_id, role, password=None): if password: diff --git a/var/www/modules/Tags/Flask_Tags.py b/var/www/modules/Tags/Flask_Tags.py index f2ebaab1..7132f1b2 100644 --- a/var/www/modules/Tags/Flask_Tags.py +++ b/var/www/modules/Tags/Flask_Tags.py @@ -7,7 +7,7 @@ import redis from flask import Flask, render_template, jsonify, request, Blueprint, redirect, url_for -from Role_Manager import login_admin, login_analyst +from Role_Manager import login_admin, login_analyst, login_read_only from flask_login import login_required import json @@ -125,7 +125,7 @@ def get_last_seen_from_tags_list(list_tags): @Tags.route("/tags/", methods=['GET']) @login_required -@login_analyst +@login_read_only def Tags_page(): date_from = request.args.get('date_from') date_to = request.args.get('date_to') @@ -260,7 +260,7 @@ def Tags_page(): @Tags.route("/Tags/get_all_tags") @login_required -@login_analyst +@login_read_only def get_all_tags(): all_tags = r_serv_tags.smembers('list_tags') @@ -284,7 +284,7 @@ def get_all_tags(): @Tags.route("/Tags/get_all_tags_taxonomies") @login_required -@login_analyst +@login_read_only def get_all_tags_taxonomies(): taxonomies = Taxonomies() @@ -303,7 +303,7 @@ def get_all_tags_taxonomies(): @Tags.route("/Tags/get_all_tags_galaxies") @login_required -@login_analyst +@login_read_only def get_all_tags_galaxy(): active_galaxies = r_serv_tags.smembers('active_galaxies') @@ -318,7 +318,7 @@ def get_all_tags_galaxy(): @Tags.route("/Tags/get_tags_taxonomie") @login_required -@login_analyst +@login_read_only def get_tags_taxonomie(): taxonomie = request.args.get('taxonomie') @@ -346,7 +346,7 @@ def get_tags_taxonomie(): @Tags.route("/Tags/get_tags_galaxy") @login_required -@login_analyst +@login_read_only def get_tags_galaxy(): galaxy = request.args.get('galaxy') @@ -467,7 +467,7 @@ def add_item_tags(): @Tags.route("/Tags/taxonomies") @login_required -@login_analyst +@login_read_only def taxonomies(): active_taxonomies = r_serv_tags.smembers('active_taxonomies') @@ -642,7 +642,7 @@ def edit_taxonomie_tag(): @Tags.route("/Tags/galaxies") @login_required -@login_analyst +@login_read_only def galaxies(): active_galaxies = r_serv_tags.smembers('active_galaxies') @@ -901,7 +901,7 @@ def edit_galaxy_tag(): @Tags.route("/Tags/tag_galaxy_info") @login_required -@login_analyst +@login_read_only def tag_galaxy_info(): galaxy = request.args.get('galaxy') diff --git a/var/www/modules/dashboard/Flask_dashboard.py b/var/www/modules/dashboard/Flask_dashboard.py index 29def6cf..2624ee74 100644 --- a/var/www/modules/dashboard/Flask_dashboard.py +++ b/var/www/modules/dashboard/Flask_dashboard.py @@ -14,7 +14,7 @@ from Date import Date from flask import Flask, render_template, jsonify, request, Blueprint, url_for -from Role_Manager import login_admin, login_analyst +from Role_Manager import login_admin, login_analyst, login_read_only from flask_login import login_required # ============ VARIABLES ============ @@ -113,13 +113,13 @@ def datetime_from_utc_to_local(utc_str): @dashboard.route("/_logs") @login_required -@login_analyst +@login_read_only def logs(): return flask.Response(event_stream(), mimetype="text/event-stream") @dashboard.route("/_get_last_logs_json") @login_required -@login_analyst +@login_read_only def get_last_logs_json(): date = datetime.datetime.now().strftime("%Y%m%d") @@ -162,14 +162,14 @@ def get_last_logs_json(): @dashboard.route("/_stuff", methods=['GET']) @login_required -@login_analyst +@login_read_only def stuff(): return jsonify(row1=get_queues(r_serv)) @dashboard.route("/") @login_required -@login_analyst +@login_read_only def index(): default_minute = config_loader.get_config_str("Flask", "minute_processed_paste") threshold_stucked_module = config_loader.get_config_int("Module_ModuleInformation", "threshold_stucked_module") diff --git a/var/www/modules/hashDecoded/Flask_hashDecoded.py b/var/www/modules/hashDecoded/Flask_hashDecoded.py index 76b398a9..65b955ec 100644 --- a/var/www/modules/hashDecoded/Flask_hashDecoded.py +++ b/var/www/modules/hashDecoded/Flask_hashDecoded.py @@ -17,7 +17,7 @@ from hashlib import sha256 import requests from flask import Flask, render_template, jsonify, request, Blueprint, redirect, url_for, send_file -from Role_Manager import login_admin, login_analyst +from Role_Manager import login_admin, login_analyst, login_read_only from flask_login import login_required # ============ VARIABLES ============ @@ -475,7 +475,7 @@ def correlation_graph_node_json(correlation_type, type_id, key_id): # ============= ROUTES ============== @hashDecoded.route("/hashDecoded/all_hash_search", methods=['POST']) @login_required -@login_analyst +@login_read_only def all_hash_search(): date_from = request.form.get('date_from') date_to = request.form.get('date_to') @@ -486,7 +486,7 @@ def all_hash_search(): @hashDecoded.route("/hashDecoded/", methods=['GET']) @login_required -@login_analyst +@login_read_only def hashDecoded_page(): date_from = request.args.get('date_from') date_to = request.args.get('date_to') @@ -605,7 +605,7 @@ def hashDecoded_page(): @hashDecoded.route('/hashDecoded/hash_by_type') @login_required -@login_analyst +@login_read_only def hash_by_type(): type = request.args.get('type') type = 'text/plain' @@ -614,7 +614,7 @@ def hash_by_type(): @hashDecoded.route('/hashDecoded/hash_hash') @login_required -@login_analyst +@login_read_only def hash_hash(): hash = request.args.get('hash') return render_template('hash_hash.html') @@ -677,7 +677,7 @@ def hash_hash(): @hashDecoded.route('/hashDecoded/downloadHash') @login_required -@login_analyst +@login_read_only def downloadHash(): hash = request.args.get('hash') # sanitize hash @@ -715,7 +715,7 @@ def downloadHash(): @hashDecoded.route('/hashDecoded/hash_by_type_json') @login_required -@login_analyst +@login_read_only def hash_by_type_json(): type = request.args.get('type') @@ -750,7 +750,7 @@ def hash_by_type_json(): @hashDecoded.route('/hashDecoded/decoder_type_json') @login_required -@login_analyst +@login_read_only def decoder_type_json(): date_from = request.args.get('date_from') date_to = request.args.get('date_to') @@ -807,7 +807,7 @@ def decoder_type_json(): @hashDecoded.route('/hashDecoded/top5_type_json') @login_required -@login_analyst +@login_read_only def top5_type_json(): date_from = request.args.get('date_from') date_to = request.args.get('date_to') @@ -867,7 +867,7 @@ def top5_type_json(): @hashDecoded.route('/hashDecoded/daily_type_json') @login_required -@login_analyst +@login_read_only def daily_type_json(): date = request.args.get('date') @@ -888,7 +888,7 @@ def daily_type_json(): @hashDecoded.route('/hashDecoded/range_type_json') @login_required -@login_analyst +@login_read_only def range_type_json(): date_from = request.args.get('date_from') date_to = request.args.get('date_to') @@ -946,7 +946,7 @@ def range_type_json(): @hashDecoded.route('/hashDecoded/hash_graph_line_json') @login_required -@login_analyst +@login_read_only def hash_graph_line_json(): hash = request.args.get('hash') date_from = request.args.get('date_from') @@ -977,7 +977,7 @@ def hash_graph_line_json(): @hashDecoded.route('/hashDecoded/hash_graph_node_json') @login_required -@login_analyst +@login_read_only def hash_graph_node_json(): hash = request.args.get('hash') @@ -1046,7 +1046,7 @@ def hash_graph_node_json(): @hashDecoded.route('/hashDecoded/hash_types') @login_required -@login_analyst +@login_read_only def hash_types(): date_from = 20180701 date_to = 20180706 @@ -1118,7 +1118,7 @@ def update_vt_result(): @hashDecoded.route('/decoded/pgp_by_type_json') ## TODO: REFRACTOR @login_required -@login_analyst +@login_read_only def pgp_by_type_json(): type_id = request.args.get('type_id') date_from = request.args.get('date_from') @@ -1164,7 +1164,7 @@ def pgp_by_type_json(): ############################ Correlation ############################ @hashDecoded.route("/correlation/pgpdump", methods=['GET']) @login_required -@login_analyst +@login_read_only def pgpdump_page(): date_from = request.args.get('date_from') date_to = request.args.get('date_to') @@ -1176,7 +1176,7 @@ def pgpdump_page(): @hashDecoded.route("/correlation/cryptocurrency", methods=['GET']) @login_required -@login_analyst +@login_read_only def cryptocurrency_page(): date_from = request.args.get('date_from') date_to = request.args.get('date_to') @@ -1188,7 +1188,7 @@ def cryptocurrency_page(): @hashDecoded.route("/correlation/all_pgpdump_search", methods=['POST']) @login_required -@login_analyst +@login_read_only def all_pgpdump_search(): date_from = request.form.get('date_from') date_to = request.form.get('date_to') @@ -1198,7 +1198,7 @@ def all_pgpdump_search(): @hashDecoded.route("/correlation/all_cryptocurrency_search", methods=['POST']) @login_required -@login_analyst +@login_read_only def all_cryptocurrency_search(): date_from = request.form.get('date_from') date_to = request.form.get('date_to') @@ -1225,7 +1225,7 @@ def all_cryptocurrency_search(): @hashDecoded.route('/correlation/cryptocurrency_range_type_json') @login_required -@login_analyst +@login_read_only def cryptocurrency_range_type_json(): date_from = request.args.get('date_from') date_to = request.args.get('date_to') @@ -1233,7 +1233,7 @@ def cryptocurrency_range_type_json(): @hashDecoded.route('/correlation/pgpdump_range_type_json') @login_required -@login_analyst +@login_read_only def pgpdump_range_type_json(): date_from = request.args.get('date_from') date_to = request.args.get('date_to') @@ -1241,7 +1241,7 @@ def pgpdump_range_type_json(): @hashDecoded.route('/correlation/pgpdump_graph_node_json') @login_required -@login_analyst +@login_read_only def pgpdump_graph_node_json(): type_id = request.args.get('type_id') key_id = request.args.get('key_id') @@ -1250,7 +1250,7 @@ def pgpdump_graph_node_json(): # # TODO: REFRACTOR @hashDecoded.route('/correlation/cryptocurrency_graph_node_json') @login_required -@login_analyst +@login_read_only def cryptocurrency_graph_node_json(): type_id = request.args.get('type_id') key_id = request.args.get('key_id') @@ -1259,7 +1259,7 @@ def cryptocurrency_graph_node_json(): # # TODO: REFRACTOR @hashDecoded.route('/correlation/pgpdump_graph_line_json') @login_required -@login_analyst +@login_read_only def pgpdump_graph_line_json(): type_id = request.args.get('type_id') key_id = request.args.get('key_id') @@ -1293,7 +1293,7 @@ def correlation_graph_line_json(correlation_type, type_id, key_id, date_from, da @hashDecoded.route('/correlation/cryptocurrency_graph_line_json') @login_required -@login_analyst +@login_read_only def cryptocurrency_graph_line_json(): type_id = request.args.get('type_id') key_id = request.args.get('key_id') diff --git a/var/www/modules/hiddenServices/Flask_hiddenServices.py b/var/www/modules/hiddenServices/Flask_hiddenServices.py index 3daa76b8..eab71cae 100644 --- a/var/www/modules/hiddenServices/Flask_hiddenServices.py +++ b/var/www/modules/hiddenServices/Flask_hiddenServices.py @@ -13,7 +13,7 @@ import json from pyfaup.faup import Faup from flask import Flask, render_template, jsonify, request, send_file, Blueprint, redirect, url_for -from Role_Manager import login_admin, login_analyst, no_cache +from Role_Manager import login_admin, login_analyst, login_read_only, no_cache from flask_login import login_required from Date import Date @@ -242,7 +242,7 @@ def delete_auto_crawler(url): @hiddenServices.route("/crawlers/", methods=['GET']) @login_required -@login_analyst +@login_read_only def dashboard(): crawler_metadata_onion = get_crawler_splash_status('onion') crawler_metadata_regular = get_crawler_splash_status('regular') @@ -259,13 +259,13 @@ def dashboard(): @hiddenServices.route("/crawlers/manual", methods=['GET']) @login_required -@login_analyst +@login_read_only def manual(): return render_template("Crawler_Splash_manual.html", crawler_enabled=crawler_enabled) @hiddenServices.route("/crawlers/crawler_splash_onion", methods=['GET']) @login_required -@login_analyst +@login_read_only def crawler_splash_onion(): type = 'onion' last_onions = get_last_domains_crawled(type) @@ -284,7 +284,7 @@ def crawler_splash_onion(): @hiddenServices.route("/crawlers/Crawler_Splash_last_by_type", methods=['GET']) @login_required -@login_analyst +@login_read_only def Crawler_Splash_last_by_type(): type = request.args.get('type') # verify user input @@ -309,7 +309,7 @@ def Crawler_Splash_last_by_type(): @hiddenServices.route("/crawlers/blacklisted_domains", methods=['GET']) @login_required -@login_analyst +@login_read_only def blacklisted_domains(): blacklist_domain = request.args.get('blacklist_domain') unblacklist_domain = request.args.get('unblacklist_domain') @@ -479,7 +479,7 @@ def create_spider_splash(): @hiddenServices.route("/crawlers/auto_crawler", methods=['GET']) @login_required -@login_analyst +@login_read_only def auto_crawler(): nb_element_to_display = 100 try: @@ -544,7 +544,7 @@ def remove_auto_crawler(): @hiddenServices.route("/crawlers/crawler_dashboard_json", methods=['GET']) @login_required -@login_analyst +@login_read_only def crawler_dashboard_json(): crawler_metadata_onion = get_crawler_splash_status('onion') @@ -562,7 +562,7 @@ def crawler_dashboard_json(): # # TODO: refractor @hiddenServices.route("/hiddenServices/last_crawled_domains_with_stats_json", methods=['GET']) @login_required -@login_analyst +@login_read_only def last_crawled_domains_with_stats_json(): last_onions = r_serv_onion.lrange('last_onion', 0 ,-1) list_onion = [] @@ -613,7 +613,7 @@ def last_crawled_domains_with_stats_json(): @hiddenServices.route("/hiddenServices/get_onions_by_daterange", methods=['POST']) @login_required -@login_analyst +@login_read_only def get_onions_by_daterange(): date_from = request.form.get('date_from') date_to = request.form.get('date_to') @@ -626,7 +626,7 @@ def get_onions_by_daterange(): @hiddenServices.route("/hiddenServices/show_domains_by_daterange", methods=['GET']) @login_required -@login_analyst +@login_read_only def show_domains_by_daterange(): date_from = request.args.get('date_from') date_to = request.args.get('date_to') @@ -732,7 +732,7 @@ def show_domains_by_daterange(): @hiddenServices.route("/crawlers/download_domain", methods=['GET']) @login_required -@login_analyst +@login_read_only @no_cache def download_domain(): domain = request.args.get('domain') @@ -798,7 +798,7 @@ def onion_son(): # ============= JSON ============== @hiddenServices.route("/hiddenServices/domain_crawled_7days_json", methods=['GET']) @login_required -@login_analyst +@login_read_only def domain_crawled_7days_json(): type = 'onion' ## TODO: # FIXME: 404 error @@ -818,7 +818,7 @@ def domain_crawled_7days_json(): @hiddenServices.route('/hiddenServices/domain_crawled_by_type_json') @login_required -@login_analyst +@login_read_only def domain_crawled_by_type_json(): current_date = request.args.get('date') type = request.args.get('type') diff --git a/var/www/modules/hunter/Flask_hunter.py b/var/www/modules/hunter/Flask_hunter.py index e9028b36..453f36ba 100644 --- a/var/www/modules/hunter/Flask_hunter.py +++ b/var/www/modules/hunter/Flask_hunter.py @@ -11,7 +11,7 @@ import calendar import flask from flask import Flask, render_template, jsonify, request, Blueprint, url_for, redirect, Response, escape -from Role_Manager import login_admin, login_analyst +from Role_Manager import login_admin, login_analyst, login_read_only from flask_login import login_required, current_user import re @@ -41,7 +41,7 @@ hunter = Blueprint('hunter', __name__, template_folder='templates') @hunter.route("/trackers") @login_required -@login_analyst +@login_read_only def tracked_menu(): user_id = current_user.get_id() user_term = Term.get_all_user_tracked_terms(user_id) @@ -50,7 +50,7 @@ def tracked_menu(): @hunter.route("/trackers/word") @login_required -@login_analyst +@login_read_only def tracked_menu_word(): filter_type = 'word' user_id = current_user.get_id() @@ -60,7 +60,7 @@ def tracked_menu_word(): @hunter.route("/trackers/set") @login_required -@login_analyst +@login_read_only def tracked_menu_set(): filter_type = 'set' user_id = current_user.get_id() @@ -70,7 +70,7 @@ def tracked_menu_set(): @hunter.route("/trackers/regex") @login_required -@login_analyst +@login_read_only def tracked_menu_regex(): filter_type = 'regex' user_id = current_user.get_id() @@ -113,7 +113,7 @@ def add_tracked_menu(): @hunter.route("/tracker/show_tracker") @login_required -@login_analyst +@login_read_only def show_tracker(): user_id = current_user.get_id() term_uuid = request.args.get('uuid', None) @@ -207,7 +207,7 @@ def delete_tracker(): @hunter.route("/tracker/get_json_tracker_stats", methods=['GET']) @login_required -@login_analyst +@login_read_only def get_json_tracker_stats(): date_from = request.args.get('date_from') date_to = request.args.get('date_to') diff --git a/var/www/modules/rawSkeleton/Flask_rawSkeleton.py b/var/www/modules/rawSkeleton/Flask_rawSkeleton.py index dca8f331..e0bb1e9c 100644 --- a/var/www/modules/rawSkeleton/Flask_rawSkeleton.py +++ b/var/www/modules/rawSkeleton/Flask_rawSkeleton.py @@ -7,7 +7,7 @@ import redis from flask import Flask, render_template, jsonify, request, Blueprint -from Role_Manager import login_admin, login_analyst +from Role_Manager import login_admin, login_analyst, login_read_only from flask_login import login_required # ============ VARIABLES ============ @@ -25,7 +25,7 @@ def one(): @rawSkeleton.route("/rawSkeleton/", methods=['GET']) @login_required -@login_analyst +@login_read_only def skeleton_page(): return render_template("rawSkeleton.html") diff --git a/var/www/modules/restApi/Flask_restApi.py b/var/www/modules/restApi/Flask_restApi.py index cbd93dd6..ef8abe0d 100644 --- a/var/www/modules/restApi/Flask_restApi.py +++ b/var/www/modules/restApi/Flask_restApi.py @@ -172,14 +172,14 @@ def one(): # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @restApi.route("api/v1/get/item", methods=['POST']) -@token_required('analyst') +@token_required('user') def get_item_id(): data = request.get_json() res = Item.get_item(data) return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1] @restApi.route("api/v1/get/item/default", methods=['POST']) -@token_required('analyst') +@token_required('user') def get_item_id_basic(): data = request.get_json() @@ -202,7 +202,7 @@ def get_item_id_basic(): # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @restApi.route("api/v1/get/item/tag", methods=['POST']) -@token_required('analyst') +@token_required('user') def get_item_tag(): data = request.get_json() @@ -283,7 +283,7 @@ def delete_item_tags(): # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @restApi.route("api/v1/get/item/content", methods=['POST']) -@token_required('analyst') +@token_required('user') def get_item_content(): data = request.get_json() @@ -298,7 +298,7 @@ def get_item_content(): # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @restApi.route("api/v1/get/tag/metadata", methods=['POST']) -@token_required('analyst') +@token_required('user') def get_tag_metadata(): data = request.get_json() tag = data.get('tag', None) @@ -308,7 +308,7 @@ def get_tag_metadata(): return Response(json.dumps(metadata, indent=2, sort_keys=True), mimetype='application/json'), 200 @restApi.route("api/v1/get/tag/all", methods=['GET']) -@token_required('analyst') +@token_required('user') def get_all_tags(): res = {'tags': Tag.get_all_tags()} return Response(json.dumps(res, indent=2, sort_keys=True), mimetype='application/json'), 200 @@ -335,7 +335,7 @@ def delete_tracker_term(): return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1] @restApi.route("api/v1/get/tracker/item", methods=['POST']) -@token_required('analyst') +@token_required('user') def get_tracker_term_item(): data = request.get_json() user_token = get_auth_from_header() @@ -348,7 +348,7 @@ def get_tracker_term_item(): # # # # # # # # # # # # CRYPTOCURRENCY # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @restApi.route("api/v1/get/cryptocurrency/bitcoin/metadata", methods=['POST']) -@token_required('analyst') +@token_required('user') def get_cryptocurrency_bitcoin_metadata(): data = request.get_json() crypto_address = data.get('bitcoin', None) @@ -357,7 +357,7 @@ def get_cryptocurrency_bitcoin_metadata(): return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1] @restApi.route("api/v1/get/cryptocurrency/bitcoin/item", methods=['POST']) -@token_required('analyst') +@token_required('user') def get_cryptocurrency_bitcoin_item(): data = request.get_json() bitcoin_address = data.get('bitcoin', None) @@ -369,7 +369,7 @@ def get_cryptocurrency_bitcoin_item(): # # # # # # # # # # # # # # # PGP # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @restApi.route("api/v1/get/pgp/key/metadata", methods=['POST']) -@token_required('analyst') +@token_required('user') def get_pgp_key_metadata(): data = request.get_json() pgp_field = data.get('key', None) @@ -378,7 +378,7 @@ def get_pgp_key_metadata(): return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1] @restApi.route("api/v1/get/pgp/mail/metadata", methods=['POST']) -@token_required('analyst') +@token_required('user') def get_pgp_mail_metadata(): data = request.get_json() pgp_field = data.get('mail', None) @@ -387,7 +387,7 @@ def get_pgp_mail_metadata(): return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1] @restApi.route("api/v1/get/pgp/name/metadata", methods=['POST']) -@token_required('analyst') +@token_required('user') def get_pgp_name_metadata(): data = request.get_json() pgp_field = data.get('name', None) @@ -396,7 +396,7 @@ def get_pgp_name_metadata(): return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1] @restApi.route("api/v1/get/pgp/key/item", methods=['POST']) -@token_required('analyst') +@token_required('user') def get_pgp_key_item(): data = request.get_json() pgp_field = data.get('key', None) @@ -405,7 +405,7 @@ def get_pgp_key_item(): return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1] @restApi.route("api/v1/get/pgp/mail/item", methods=['POST']) -@token_required('analyst') +@token_required('user') def get_pgp_mail_item(): data = request.get_json() pgp_mail = data.get('mail', None) @@ -414,7 +414,7 @@ def get_pgp_mail_item(): return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1] @restApi.route("api/v1/get/pgp/name/item", methods=['POST']) -@token_required('analyst') +@token_required('user') def get_pgp_name_item(): data = request.get_json() pgp_name = data.get('name', None) diff --git a/var/www/modules/sentiment/Flask_sentiment.py b/var/www/modules/sentiment/Flask_sentiment.py index 895bd0ee..c4e88841 100644 --- a/var/www/modules/sentiment/Flask_sentiment.py +++ b/var/www/modules/sentiment/Flask_sentiment.py @@ -11,7 +11,7 @@ from Date import Date import flask from flask import Flask, render_template, jsonify, request, Blueprint -from Role_Manager import login_admin, login_analyst +from Role_Manager import login_admin, login_analyst, login_read_only from flask_login import login_required import Paste @@ -42,14 +42,14 @@ def get_date_range(num_day): @sentiments.route("/sentiment_analysis_trending/") @login_required -@login_analyst +@login_read_only def sentiment_analysis_trending(): return render_template("sentiment_analysis_trending.html") @sentiments.route("/sentiment_analysis_getplotdata/", methods=['GET']) @login_required -@login_analyst +@login_read_only def sentiment_analysis_getplotdata(): # Get the top providers based on number of pastes oneHour = 60*60 @@ -101,7 +101,7 @@ def sentiment_analysis_getplotdata(): @sentiments.route("/sentiment_analysis_plot_tool/") @login_required -@login_analyst +@login_read_only def sentiment_analysis_plot_tool(): return render_template("sentiment_analysis_plot_tool.html") @@ -109,7 +109,7 @@ def sentiment_analysis_plot_tool(): @sentiments.route("/sentiment_analysis_plot_tool_getdata/", methods=['GET']) @login_required -@login_analyst +@login_read_only def sentiment_analysis_plot_tool_getdata(): getProviders = request.args.get('getProviders') diff --git a/var/www/modules/settings/Flask_settings.py b/var/www/modules/settings/Flask_settings.py index 0ad1f43c..7119a35f 100644 --- a/var/www/modules/settings/Flask_settings.py +++ b/var/www/modules/settings/Flask_settings.py @@ -7,7 +7,7 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect, url_for from flask_login import login_required, current_user -from Role_Manager import login_admin, login_analyst +from Role_Manager import login_admin, login_analyst, login_user, login_read_only from Role_Manager import create_user_db, edit_user_db, delete_user_db, check_password_strength, generate_new_token, gen_password import json @@ -103,7 +103,7 @@ def get_all_roles(): @settings.route("/settings/", methods=['GET']) @login_required -@login_analyst +@login_read_only def settings_page(): git_metadata = get_git_metadata() current_version = r_serv_db.get('ail:version') @@ -117,7 +117,7 @@ def settings_page(): @settings.route("/settings/edit_profile", methods=['GET']) @login_required -@login_analyst +@login_read_only def edit_profile(): user_metadata = get_user_metadata(current_user.get_id()) admin_level = current_user.is_in_role('admin') @@ -126,7 +126,7 @@ def edit_profile(): @settings.route("/settings/new_token", methods=['GET']) @login_required -@login_analyst +@login_user def new_token(): generate_new_token(current_user.get_id()) return redirect(url_for('settings.edit_profile')) @@ -233,7 +233,7 @@ def delete_user(): @settings.route("/settings/get_background_update_stats_json", methods=['GET']) @login_required -@login_analyst +@login_read_only def get_background_update_stats_json(): # handle :end, error update_stats = {} diff --git a/var/www/modules/showpaste/Flask_showpaste.py b/var/www/modules/showpaste/Flask_showpaste.py index a972a346..cd5ce479 100644 --- a/var/www/modules/showpaste/Flask_showpaste.py +++ b/var/www/modules/showpaste/Flask_showpaste.py @@ -10,7 +10,7 @@ import os import flask from flask import Flask, render_template, jsonify, request, Blueprint, make_response, Response, send_from_directory, redirect, url_for -from Role_Manager import login_admin, login_analyst, no_cache +from Role_Manager import login_admin, login_analyst, login_read_only, no_cache from flask_login import login_required import difflib @@ -384,21 +384,21 @@ def show_item_min(requested_path , content_range=0): @showsavedpastes.route("/showsavedpaste/") #completely shows the paste in a new tab @login_required -@login_analyst +@login_read_only def showsavedpaste(): requested_path = request.args.get('paste', '') return showpaste(0, requested_path) @showsavedpastes.route("/showsaveditem_min/") #completely shows the paste in a new tab @login_required -@login_analyst +@login_read_only def showsaveditem_min(): requested_path = request.args.get('paste', '') return show_item_min(requested_path) @showsavedpastes.route("/showsavedrawpaste/") #shows raw @login_required -@login_analyst +@login_read_only def showsavedrawpaste(): requested_path = request.args.get('paste', '') paste = Paste.Paste(requested_path) @@ -407,7 +407,7 @@ def showsavedrawpaste(): @showsavedpastes.route("/showpreviewpaste/") @login_required -@login_analyst +@login_read_only def showpreviewpaste(): num = request.args.get('num', '') requested_path = request.args.get('paste', '') @@ -416,7 +416,7 @@ def showpreviewpaste(): @showsavedpastes.route("/getmoredata/") @login_required -@login_analyst +@login_read_only def getmoredata(): requested_path = request.args.get('paste', '') paste = Paste.Paste(requested_path) @@ -444,7 +444,7 @@ def showDiff(): @showsavedpastes.route('/screenshot/') @login_required -@login_analyst +@login_read_only @no_cache def screenshot(filename): return send_from_directory(SCREENSHOT_FOLDER, filename+'.png', as_attachment=True) diff --git a/var/www/modules/terms/Flask_terms.py b/var/www/modules/terms/Flask_terms.py index 3e166063..adc235d7 100644 --- a/var/www/modules/terms/Flask_terms.py +++ b/var/www/modules/terms/Flask_terms.py @@ -13,7 +13,7 @@ import calendar import flask from flask import Flask, render_template, jsonify, request, Blueprint, url_for, redirect, Response -from Role_Manager import login_admin, login_analyst +from Role_Manager import login_admin, login_analyst, login_user_no_api, login_read_only from flask_login import login_required, current_user import re @@ -153,7 +153,7 @@ def save_tag_to_auto_push(list_tag): @terms.route("/terms_plot_tool/") @login_required -@login_analyst +@login_read_only def terms_plot_tool(): term = request.args.get('term') if term is not None: @@ -164,7 +164,7 @@ def terms_plot_tool(): @terms.route("/terms_plot_tool_data/") @login_required -@login_analyst +@login_read_only def terms_plot_tool_data(): oneDay = 60*60*24 range_start = datetime.datetime.utcfromtimestamp(int(float(request.args.get('range_start')))) if request.args.get('range_start') is not None else 0; @@ -196,7 +196,7 @@ def terms_plot_tool_data(): @terms.route("/terms_plot_top/") @login_required -@login_analyst +@login_read_only def terms_plot_top(): per_paste = request.args.get('per_paste') per_paste = per_paste if per_paste is not None else 1 @@ -205,7 +205,7 @@ def terms_plot_top(): @terms.route("/terms_plot_top_data/") @login_required -@login_analyst +@login_read_only def terms_plot_top_data(): oneDay = 60*60*24 today = datetime.datetime.now() @@ -253,13 +253,13 @@ def terms_plot_top_data(): @terms.route("/credentials_tracker/") @login_required -@login_analyst +@login_read_only def credentials_tracker(): return render_template("credentials_tracker.html") @terms.route("/credentials_management_query_paste/", methods=['GET', 'POST']) @login_required -@login_analyst +@login_user_no_api def credentials_management_query_paste(): cred = request.args.get('cred') allPath = request.json['allPath'] @@ -284,7 +284,7 @@ def credentials_management_query_paste(): @terms.route("/credentials_management_action/", methods=['GET']) @login_required -@login_analyst +@login_user_no_api def cred_management_action(): supplied = request.args.get('term') diff --git a/var/www/modules/trendingcharts/Flask_trendingcharts.py b/var/www/modules/trendingcharts/Flask_trendingcharts.py index b2dfa68a..3041347a 100644 --- a/var/www/modules/trendingcharts/Flask_trendingcharts.py +++ b/var/www/modules/trendingcharts/Flask_trendingcharts.py @@ -10,7 +10,7 @@ from Date import Date import flask from flask import Flask, render_template, jsonify, request, Blueprint -from Role_Manager import login_admin, login_analyst +from Role_Manager import login_admin, login_analyst, login_read_only from flask_login import login_required # ============ VARIABLES ============ @@ -40,7 +40,7 @@ def get_date_range(num_day): @trendings.route("/_progressionCharts", methods=['GET']) @login_required -@login_analyst +@login_read_only def progressionCharts(): attribute_name = request.args.get('attributeName') trending_name = request.args.get('trendingName') @@ -67,7 +67,7 @@ def progressionCharts(): @trendings.route("/wordstrending/") @login_required -@login_analyst +@login_read_only def wordstrending(): default_display = config_loader.get_config_str("Flask", "default_display") return render_template("Wordstrending.html", default_display = default_display) @@ -75,7 +75,7 @@ def wordstrending(): @trendings.route("/protocolstrending/") @login_required -@login_analyst +@login_read_only def protocolstrending(): default_display = config_loader.get_config_str("Flask", "default_display") return render_template("Protocolstrending.html", default_display = default_display) @@ -83,7 +83,7 @@ def protocolstrending(): @trendings.route("/trending/") @login_required -@login_analyst +@login_read_only def trending(): default_display = config_loader.get_config_str("Flask", "default_display") return render_template("Trending.html", default_display = default_display) diff --git a/var/www/modules/trendingmodules/Flask_trendingmodules.py b/var/www/modules/trendingmodules/Flask_trendingmodules.py index 816d8055..128618e6 100644 --- a/var/www/modules/trendingmodules/Flask_trendingmodules.py +++ b/var/www/modules/trendingmodules/Flask_trendingmodules.py @@ -10,7 +10,7 @@ from Date import Date import flask from flask import Flask, render_template, jsonify, request, Blueprint -from Role_Manager import login_admin, login_analyst +from Role_Manager import login_admin, login_analyst, login_read_only from flask_login import login_required # ============ VARIABLES ============ @@ -52,7 +52,7 @@ def get_date_range(num_day): @trendingmodules.route("/_moduleCharts", methods=['GET']) @login_required -@login_analyst +@login_read_only def modulesCharts(): keyword_name = request.args.get('keywordName') module_name = request.args.get('moduleName') @@ -80,7 +80,7 @@ def modulesCharts(): @trendingmodules.route("/_providersChart", methods=['GET']) @login_required -@login_analyst +@login_read_only def providersChart(): keyword_name = request.args.get('keywordName') module_name = request.args.get('moduleName') @@ -128,7 +128,7 @@ def providersChart(): @trendingmodules.route("/moduletrending/") @login_required -@login_analyst +@login_read_only def moduletrending(): return render_template("Moduletrending.html")