From ece785b02e447d6d67e5f47e79cf8d2a971ca258 Mon Sep 17 00:00:00 2001
From: Bastard Operator <bofh@nogafam.es>
Date: Sun, 7 Feb 2021 02:56:08 +0100
Subject: [PATCH] User creation automated + server port configurable

* Make sure user input can never contain an invalid character as it might create a shell exploit vulnerability otherwise
---
 .gitignore                  |  2 ++
 igmirror.py                 | 23 +++++++++++++++++++++--
 scripts/user_create.example |  3 +++
 server.py                   | 13 +++++++------
 4 files changed, 33 insertions(+), 8 deletions(-)
 create mode 100755 scripts/user_create.example

diff --git a/.gitignore b/.gitignore
index 42dc027..edbe545 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
 cache/*
 headers/*
+db/*
+scripts/user_create
 __pycache__/*
diff --git a/igmirror.py b/igmirror.py
index c28c2b6..160b4a5 100644
--- a/igmirror.py
+++ b/igmirror.py
@@ -1,6 +1,7 @@
 #!/usr/bin/python3
 import requests
 import hashlib
+import string
 import random
 import time
 import json
@@ -8,8 +9,26 @@ import os
 import re
 
 def add_igaccount(acc_id):
-    data = getig_user_data(acc_id)
-    print(data)
+    accfile = './db/accounts/{}'.format(acc_id)
+    if not os.path.exists(accfile):
+        data = getig_user_data(acc_id)
+        name = data['graphql']['user']['full_name']
+        name = re.sub(r'[^a-zA-Z0-9_\s]', '', name)
+        account = {
+            'name': name,
+            'username': acc_id,
+            'password': random_string()
+        }
+        if os.path.exists('./scripts/user_create'):
+            os.system('./scripts/user_create \'{}\' \'{}\' \'{}\''.format(\
+                account['name'], account['username'], account['password']))
+            w = open(accfile, 'w')
+            w.write(json.dumps(account))
+            w.close()
+        #data = getig_user_data(acc_id)
+
+def random_string(count=32):
+    return ''.join(random.choices(string.ascii_uppercase + string.ascii_lowercase + string.digits, k=count))
 
 # get all profile data from user:
 #  - display name
diff --git a/scripts/user_create.example b/scripts/user_create.example
new file mode 100755
index 0000000..1be68bd
--- /dev/null
+++ b/scripts/user_create.example
@@ -0,0 +1,3 @@
+#!/bin/bash
+cd /var/www/html
+php artisan user:create --name="$1" --username="$2" --email="pixelfed.$2@localhost" --password="$3" --confirm_email=1 -q -n
diff --git a/server.py b/server.py
index 2309dfd..5a18646 100644
--- a/server.py
+++ b/server.py
@@ -1,10 +1,8 @@
 from http.server import BaseHTTPRequestHandler, HTTPServer
 import igmirror
+import sys
 import re
 
-hostName = "localhost"
-serverPort = 8080
-
 def update_igaccount(name):
     print(name)
 
@@ -24,9 +22,12 @@ class MyServer(BaseHTTPRequestHandler):
                 update_igaccount(accname)
         self.wfile.write(bytes('OK', "utf-8"))
 
-if __name__ == "__main__":        
-    webServer = HTTPServer(('localhost', 8080), MyServer)
-    print("Server started http://%s:%s" % (hostName, serverPort))
+if __name__ == "__main__": 
+    port = 8080
+    if len(sys.argv) > 1:
+        port = int(sys.argv[1])
+    webServer = HTTPServer(('0.0.0.0', port), MyServer)
+    print("Server started http://%s:%s" % ('0.0.0.0', port))
 
     try:
         webServer.serve_forever()