-
Notifications
You must be signed in to change notification settings - Fork 2
Default Database
mauricelambert edited this page Oct 5, 2021
·
9 revisions
-
data/users.csv: Users database for authentication -
data/groups.csv: Groups database for permissions and access -
data/passwords.csv: temp passswords share -
data/id: the last ID for temp passwords share -
data/uploads.csv: versions and actions of uploaded files -
data/requests.csv: user requests or reports
Delimiter is , and quote is ".
The users database columns:
- ID: the unique ID of the user
- name: the unique name of the user
- password: base64 password hash (SHA512 using
hashlib.pbkdf2_hmac) - salt: Salt for password hash. Generation of 32 random bytes using
secrets.token_bytes(32). - enumerations: Enumerations for password hash. Generation of number between: 90000 and 110000 using
90000 + secrets.randbelow(20000). - IPs: List of authorized IPs using glob syntax.
- groups: List of group IDs for user permissions and access.
- apikey: The API key for authenticating users using a API client. It is the base64 of 125 random bytes (
base64.b64encode(secrets.token_bytes(125))).
The groups database columns:
- ID: the unique ID of the group and the permission level
- name: the unique name of the group
The passwords database columns:
- timestamp: The timestamp (a float) of the max time to view the password.
- password: Encrypted password (using XOR, the key and the salt is 60 random bytes using
secrets.token_bytes(60)) - views: The number of views remaining
- hash: Hexadecimal of the password hash (SHA512 using
hashlib.pbkdf2_hmac) - iteration: Random integer between 9999 and 15000 using
9999 + secrets.randbelow(5001) - ID: The unique ID of the password
Passwords are automatically deleted when they expire.
The uploads database columns:
- ID: the action ID (an auto-incremented integer)
- name: the name of the file
- read_permission: permission required to read this file
- write_permission: permission required to write this file
- delete_permission: permission required to delete this file
- hidden: hide file (only admin can see the file), you can read, write and delete the file if you know the name
- is_deleted: status ("deleted" or "exist") (administrators can see deleted files)
- is_binary: state ("binary" or "text")
- timestamp: time of this action (a float)
- user: the "owner" of the file (the user of this action)
- version: the version of the file
The requests database columns:
- ID: the request ID (an auto-incremented integer)
- Time: timestamp of request creation
- UserName: user name used to create the request
- ErrorCode: the HTTP error code page used to create the request
- Page: URL used to create the request
- UserAgent: the UserAgent used to create the request
- Subject: subject of the request
- Reason: reason of the request
- Name: the name of the person creating the request
from WebScripts.scripts.uploads.modules.uploads_management import (
Upload,
get_file,
read_file,
write_file,
delete_file,
get_file_content,
get_visible_files,
)
from base64 import b64decode, b64encode
write_file(
"\x00string content\xff", # if is binary you can use base64 ou decode it with latin-1
"my_filename.txt", # File name
0, # Read access (0 == everyone can read it)
0, # Write access (0 == everyone can write it)
0, # Delete access (0 == everyone can delete it)
False, # Hidden (if False, this file will be visible to other authenticated users)
False, # Is binary
True, # Compress the file
False, # Is encoded as Base64
with_access = True, # Check access to write this file (some scripts should write a file with an unauthenticated user)
) # Write a new file named "my_filename.txt"
content2 = b64encode(b'\x00version 2\xff').decode()
filenames: List[str] = []
for file in get_visible_files():
assert isinstance(file, Upload)
filenames.append(file.name)
assert "my_filename.txt" in filenames
# file is not hidden and not deleted
write_file(
content2, # if is binary you can use base64 ou decode it with latin-1
"my_filename.txt", # File name
0, # Read access (0 == everyone can read it)
1000, # Write access (1000 == Admin can write it)
1000, # Delete access (1000 == Admin can delete it)
True, # Hidden
True, # Is binary
True, # Compress the file
True, # Is encoded as Base64
with_access = False, # Check access to write this file (some scripts should write a file with an unauthenticated user)
) # Write a new version of this file
filenames: List[str] = []
for file in get_visible_files():
filenames.append(file.name)
assert "my_filename.txt" not in filenames
# file is hidden
versions, counter = get_file("my_filename.txt")
assert len(versions) == 2
assert b64decode(read_file("my_filename.txt").encode()) == b"\x00version 2\xff"
# read_file check access
data, filename = get_file_content(name="my_filename.txt")
assert b64decode(data.encode()) == b"\x00version 2\xff"
# get_file_content don't check access
delete_file("my_filename.txt")
try:
get_file_content(name="my_filename.txt")
read_file("my_filename.txt")
except FileNotFoundError:
pass
# a deleted file can't be read using the filename
data, filename = get_file_content(id_="1")
assert b64decode(data.encode()) == b"\x00string content\xff"
# get_file_content can read an old version (and deleted file)users.csv
ID,name,password,salt,enumerations,IPs,groups,apikey
0,Not Authenticated,,,,*,0,
1,Unknow,,,,*,"0,1",
2,Admin,pZo8c8+cKLTHFaUBxGwcYaFDgNRw9HHph4brixOo6OMusFKbfkBEObZiNwda/f9W3+IpiMY8kqiFmQcbkUCbGw==,c2FsdA==,1000,"192.168.*,172.16.*,10.*,127.0.*","50,1000",AdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdminAdmin
groups.csv
ID,name
0,Not Authenticated
1,Unknow
50,User
500,Developers
750,Maintainers
1000,Administrators
To reset it:
python3 scripts/account/modules/manage_defaults_databases.py