selfprivacy-rest-api/main.py

#!/usr/bin/env python3
from flask import Flask, jsonify, request, json
from flask_restful import Resource, Api, reqparse
import base64
import pandas as pd
import ast
import subprocess
import os
import fileinput


app = Flask(__name__)
api = Api(app)


@app.route("/systemVersion", methods=["GET"])
def uname():
    uname = subprocess.check_output(["uname", "-arm"])
    return jsonify(uname)


@app.route("/getDKIM", methods=["GET"])
def getDkimKey():
    with open("/var/domain") as domainFile:
        domain = domainFile.readline()
        domain = domain.rstrip("\n")
    catProcess = subprocess.Popen(["cat", "/var/dkim/" + domain + ".selector.txt"], stdout=subprocess.PIPE)
    dkim = catProcess.communicate()[0]
    dkim = base64.b64encode(dkim)
    dkim = str(dkim, 'utf-8')
    print(dkim)
    response = app.response_class(
        response=json.dumps(dkim),
        status=200,
        mimetype='application/json'
    )
    return response


@app.route("/pythonVersion", methods=["GET"])
def getPythonVersion():
    pythonVersion = subprocess.check_output(["python","--version"])
    return jsonify(pythonVersion)


@app.route("/apply", methods=["GET"])
def rebuildSystem():
     rebuildResult = subprocess.Popen(["nixos-rebuild","switch"])
     rebuildResult.communicate()[0]
     return jsonify(rebuildResult.returncode)


@app.route("/rollback", methods=["GET"])
def rollbackSystem():
     rollbackResult = subprocess.Popen(["nixos-rebuild","switch","--rollback"])
     rollbackResult.communicate()[0]
     return jsonify(rollbackResult.returncode)


@app.route("/upgrade", methods=["GET"])
def upgradeSystem():
     upgradeResult = subprocess.Popen(["nixos-rebuild","switch","--upgrade"])
     upgradeResult.communicate()[0]
     return jsonify(upgradeResult.returncode)


@app.route("/createUser", methods=["POST"])
def createUser():
    readOnlyFileDescriptor = open("/etc/nixos/users.nix", "r")
    fileContent = list()
    index = int(0)
    

    while True:
        line = readOnlyFileDescriptor.readline()

        if not line:
            break
        else:
            fileContent.append(line)


    userTemplate = """
      #begin
      \"{0}\" = {{
        isNormalUser = true;
        hashedPassword = \"{1}\";
      }};
      #end""".format(request.headers.get("X-User"), request.headers.get("X-Password"))


    for line in fileContent:
        index += 1
        if line.startswith("      #begin"):
            fileContent.insert(index, userTemplate)

    readWriteFileDescriptor = open("users.nix", "w")
    operationResult = readWriteFileDescriptor.writelines(fileContent)


    return jsonify(
        result=0,
        descriptor = operationResult
    )


@app.route("/deleteUser", methods=["DELETE"])
def deleteUser():
    user = subprocess.Popen(["userdel",request.headers.get("X-User")])
    user.communicate()[0]
    return jsonify(user.returncode)


@app.route("/serviceStatus", methods=["GET"])

def getServiceStatus():
    imapService = subprocess.Popen(["systemctl", "status", "dovecot2.service"])
    imapService.communicate()[0]
    smtpService = subprocess.Popen(["systemctl", "status", "postfix.service"])
    smtpService.communicate()[0]
    httpService = subprocess.Popen(["systemctl", "status", "nginx.service"])
    httpService.communicate()[0]
    return jsonify(
        imap=imapService.returncode,
        smtp=smtpService.returncode,
        http=httpService.returncode
    )


@app.route("/decryptDisk", methods=["POST"])
def requestDiskDecryption():

    decryptionCommand = '''
echo -n {0} | cryptsetup luksOpen /dev/sdb decryptedVar'''.format(request.headers.get("X-Decryption-Key"))

    decryptionService = subprocess.Popen(decryptionCommand, shell=True, stdout=subprocess.PIPE)
    decryptionService.communicate()
    return jsonify(
        status=decryptionService.returncode
    )


@app.route("/enableSSH", methods=["POST"])

def enableSSH():
    readOnlyFileDescriptor = open("/etc/nixos/configuration.nix", "rt")
    readWriteFileDescriptor = open("/etc/nixos/configuration.nix", "wt")

    for line in readOnlyFileDescriptor:
        readWriteFileDescriptor.write(line.replace("services.openssh.enable = false;", "services.openssh.enable = true;"))

    readWriteFileDescriptor.close()
    readOnlyFileDescriptor.close()

    return jsonify(
        status=0
    )


if __name__ == '__main__':
    app.run(port=5050, debug=False)
Added build script 2021-01-01 17:28:34 +00:00			`#!/usr/bin/env python3`
Added alternative JSON response serialization 2021-01-05 11:43:24 +00:00			`from flask import Flask, jsonify, request, json`
Added python binary 2020-12-28 11:55:33 +00:00			`from flask_restful import Resource, Api, reqparse`
Added response encoding 2021-01-04 14:49:01 +00:00			`import base64`
Added python binary 2020-12-28 11:55:33 +00:00			`import pandas as pd`
			`import ast`
			`import subprocess`
			`import os`
Fixed user addition 2021-05-29 19:35:40 +00:00			`import fileinput`
Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00

Added python binary 2020-12-28 11:55:33 +00:00			`app = Flask(__name__)`
			`api = Api(app)`
Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00

Added python binary 2020-12-28 11:55:33 +00:00			`@app.route("/systemVersion", methods=["GET"])`
			`def uname():`
			`uname = subprocess.check_output(["uname", "-arm"])`
			`return jsonify(uname)`
Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00

Added python binary 2020-12-28 11:55:33 +00:00			`@app.route("/getDKIM", methods=["GET"])`
			`def getDkimKey():`
Removed path independent checks as a proof-of-concept failed 2021-01-04 14:00:44 +00:00			`with open("/var/domain") as domainFile:`
Updated domain read mechanism 2021-01-01 18:38:10 +00:00			`domain = domainFile.readline()`
Updated domain read mechanism 2021-01-01 18:42:03 +00:00			`domain = domain.rstrip("\n")`
Added debug entries 2021-01-04 14:40:32 +00:00			`catProcess = subprocess.Popen(["cat", "/var/dkim/" + domain + ".selector.txt"], stdout=subprocess.PIPE)`
			`dkim = catProcess.communicate()[0]`
Added response encoding 2021-01-05 11:27:00 +00:00			`dkim = base64.b64encode(dkim)`
Added UTF-8 encoding of strings 2021-01-05 11:35:33 +00:00			`dkim = str(dkim, 'utf-8')`
Added debug entry 2021-01-05 11:31:22 +00:00			`print(dkim)`
Added alternative JSON response serialization 2021-01-05 11:43:24 +00:00			`response = app.response_class(`
			`response=json.dumps(dkim),`
			`status=200,`
			`mimetype='application/json'`
			`)`
			`return response`
Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00

Added python binary 2020-12-28 11:55:33 +00:00			`@app.route("/pythonVersion", methods=["GET"])`
			`def getPythonVersion():`
			`pythonVersion = subprocess.check_output(["python","--version"])`
			`return jsonify(pythonVersion)`
Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00

Added python binary 2020-12-28 11:55:33 +00:00			`@app.route("/apply", methods=["GET"])`
			`def rebuildSystem():`
			`rebuildResult = subprocess.Popen(["nixos-rebuild","switch"])`
			`rebuildResult.communicate()[0]`
			`return jsonify(rebuildResult.returncode)`
Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00

Added python binary 2020-12-28 11:55:33 +00:00			`@app.route("/rollback", methods=["GET"])`
			`def rollbackSystem():`
			`rollbackResult = subprocess.Popen(["nixos-rebuild","switch","--rollback"])`
			`rollbackResult.communicate()[0]`
			`return jsonify(rollbackResult.returncode)`
Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00

Added python binary 2020-12-28 11:55:33 +00:00			`@app.route("/upgrade", methods=["GET"])`
			`def upgradeSystem():`
			`upgradeResult = subprocess.Popen(["nixos-rebuild","switch","--upgrade"])`
			`upgradeResult.communicate()[0]`
			`return jsonify(upgradeResult.returncode)`
Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00

Fixed user addition 2021-05-29 19:35:40 +00:00			`@app.route("/createUser", methods=["POST"])`
Added python binary 2020-12-28 11:55:33 +00:00			`def createUser():`
Replaced relative users file path with absolute 2021-06-23 17:45:25 +00:00			`readOnlyFileDescriptor = open("/etc/nixos/users.nix", "r")`
Fixed user addition 2021-05-29 19:35:40 +00:00			`fileContent = list()`
			`index = int(0)`

Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00
Fixed user addition 2021-05-29 19:35:40 +00:00			`while True:`
			`line = readOnlyFileDescriptor.readline()`

			`if not line:`
			`break`
			`else:`
			`fileContent.append(line)`

Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00
Fixed user addition 2021-05-29 19:35:40 +00:00			`userTemplate = """`
Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00			`#begin`
Fixed user addition 2021-05-29 19:35:40 +00:00			`\"{0}\" = {{`
			`isNormalUser = true;`
			`hashedPassword = \"{1}\";`
Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00			`}};`
			`#end""".format(request.headers.get("X-User"), request.headers.get("X-Password"))`

Fixed user addition 2021-05-29 19:35:40 +00:00
			`for line in fileContent:`
			`index += 1`
Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00			`if line.startswith(" #begin"):`
Fixed user addition 2021-05-29 19:35:40 +00:00			`fileContent.insert(index, userTemplate)`

			`readWriteFileDescriptor = open("users.nix", "w")`
			`operationResult = readWriteFileDescriptor.writelines(fileContent)`

Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00
Fixed user addition 2021-05-29 19:35:40 +00:00			`return jsonify(`
Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00			`result=0,`
			`descriptor = operationResult`
Fixed user addition 2021-05-29 19:35:40 +00:00			`)`
Added user management. Added SSH service management 2021-05-26 16:35:20 +00:00
Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00
Added python binary 2020-12-28 11:55:33 +00:00			`@app.route("/deleteUser", methods=["DELETE"])`
			`def deleteUser():`
			`user = subprocess.Popen(["userdel",request.headers.get("X-User")])`
			`user.communicate()[0]`
			`return jsonify(user.returncode)`
Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00

Added python binary 2020-12-28 11:55:33 +00:00			`@app.route("/serviceStatus", methods=["GET"])`
Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00
Added python binary 2020-12-28 11:55:33 +00:00			`def getServiceStatus():`
			`imapService = subprocess.Popen(["systemctl", "status", "dovecot2.service"])`
			`imapService.communicate()[0]`
			`smtpService = subprocess.Popen(["systemctl", "status", "postfix.service"])`
			`smtpService.communicate()[0]`
			`httpService = subprocess.Popen(["systemctl", "status", "nginx.service"])`
			`httpService.communicate()[0]`
			`return jsonify(`
			`imap=imapService.returncode,`
			`smtp=smtpService.returncode,`
			`http=httpService.returncode`
			`)`
Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00

Added disk decryption endpoint 2021-04-13 13:54:30 +00:00			`@app.route("/decryptDisk", methods=["POST"])`
			`def requestDiskDecryption():`
Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00
			`decryptionCommand = '''`
			`echo -n {0} \| cryptsetup luksOpen /dev/sdb decryptedVar'''.format(request.headers.get("X-Decryption-Key"))`

			`decryptionService = subprocess.Popen(decryptionCommand, shell=True, stdout=subprocess.PIPE)`
			`decryptionService.communicate()`
Added disk decryption endpoint 2021-04-13 13:54:30 +00:00			`return jsonify(`
			`status=decryptionService.returncode`
			`)`
Added user management. Added SSH service management 2021-05-26 16:35:20 +00:00
Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00
Added user management. Added SSH service management 2021-05-26 16:35:20 +00:00			`@app.route("/enableSSH", methods=["POST"])`
Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00
Added user management. Added SSH service management 2021-05-26 16:35:20 +00:00			`def enableSSH():`
			`readOnlyFileDescriptor = open("/etc/nixos/configuration.nix", "rt")`
			`readWriteFileDescriptor = open("/etc/nixos/configuration.nix", "wt")`

			`for line in readOnlyFileDescriptor:`
			`readWriteFileDescriptor.write(line.replace("services.openssh.enable = false;", "services.openssh.enable = true;"))`

			`readWriteFileDescriptor.close()`
			`readOnlyFileDescriptor.close()`

			`return jsonify(`
			`status=0`
			`)`


Added SSH disable option. Added user addition feature. Rewritten user deletion logic 2021-06-21 07:17:02 +00:00			`if __name__ == '__main__':`
			`app.run(port=5050, debug=False)`