From 24f3ab15a9c0b3a95d63390561d9e8efea05fc06 Mon Sep 17 00:00:00 2001
From: Chris Xiong <chirs241097@gmail.com>
Date: Tue, 4 Aug 2020 10:20:41 +0800
Subject: vandalism, go away!

also, pylint is going crazy.
---
 cgi/gb_newentry.cgi | 134 +++++++++++++++++++++++++++++++++-------------------
 1 file changed, 86 insertions(+), 48 deletions(-)

(limited to 'cgi')

diff --git a/cgi/gb_newentry.cgi b/cgi/gb_newentry.cgi
index 14cfb91..a4f4cc3 100755
--- a/cgi/gb_newentry.cgi
+++ b/cgi/gb_newentry.cgi
@@ -1,70 +1,108 @@
 #!/usr/bin/python3
-import os,sys,html,json,datetime
+from ipaddress import ip_address, ip_network
+import os
+import sys
+import html
+import json
+import datetime
 import urllib.parse
 import requests
 
-#if os.environ['SERVER_NAME']!='chrisoft.org':
-#	import socks,socket
-#	socks.set_default_proxy(socks.SOCKS5,"127.0.0.1",1080)
-#	socket.socket=socks.socksocket
-#	def getaddrinfo(*args):
-#		return [(socket.AF_INET,socket.SOCK_STREAM,6,'',(args[0],args[1]))]
-#	socket.getaddrinfo=getaddrinfo
+#if os.environ['SERVER_NAME'] != 'chrisoft.org':
+#   import socks, socket
+#   socks.set_default_proxy(socks.SOCKS5, "127.0.0.1", 1080)
+#   socket.socket = socks.socksocket
+#   def getaddrinfo(*args):
+#       return [(socket.AF_INET, socket.SOCK_STREAM, 6, '', (args[0],args[1]))]
+#   socket.getaddrinfo = getaddrinfo
 
 def fail(x=None):
-	print('Status: 400 Bad Request',end='\r\n')
-	print('Content-type: text/plain',end='\r\n')
-	print(end='\r\n')
-	print('400.')
-	if x is not None:print(x)
-	exit()
+    print('Status: 400 Bad Request', end='\r\n')
+    print('Content-type: text/plain', end='\r\n')
+    print(end='\r\n')
+    print('400.')
+    if x is not None:
+        print(x)
+    sys.exit()
 
-if os.environ['REQUEST_METHOD']!='POST':
-	fail()
+def logfail(x):
+    failloga = os.environ['DOCUMENT_ROOT'] + '/leave-a-message/faillog.txt'
+    with open(failloga, mode='a', encoding='utf-8') as f:
+        f.write(f'time: {mtime}\n')
+        f.write(f'IP: {os.environ["REMOTE_ADDR"]}\n')
+        f.write(f'fail reason: {x}\n')
+        f.write(f'comment: {mcontent}\n')
+        f.write(f'author: {mname}\n\n')
+
+
+if os.environ['REQUEST_METHOD'] != 'POST':
+    fail()
 try:
-	f=json.load(sys.stdin)
+    f = json.load(sys.stdin)
 except Exception:
-	fail()
+    fail()
 
 try:
-	mname=urllib.parse.unquote(f['mname'],encoding='utf-8')
-	mcontent=urllib.parse.unquote(f['mcontent'],encoding='utf-8')
-	mname=html.escape(mname)
-	mcontent=html.escape(mcontent).replace('\n','<br>')
-	mtime=datetime.datetime.now(tz=datetime.timezone(datetime.timedelta(hours=8))).strftime('%Y-%m-%d %H:%M')
+    mname = urllib.parse.unquote(f['mname'], encoding='utf-8')
+    mcontent = urllib.parse.unquote(f['mcontent'], encoding='utf-8')
+    mname = html.escape(mname)
+    mcontent = html.escape(mcontent).replace('\n', '<br>')
+    mtimed = datetime.datetime.now(tz=datetime.timezone(datetime.timedelta(hours=8)))
+    mtime = mtimed.strftime('%Y-%m-%d %H:%M')
 except Exception as e:
-	fail()
+    fail()
+
+if len(mname) + len(mcontent) > 16384:
+    fail(x=':)')
 
-if len(mname)+len(mcontent)>16384:
-	fail(x=':)')
+try:
+    apika = os.environ['DOCUMENT_ROOT'] + '/abuseipdb_key'
+    with open(apika, mode='r', encoding='utf-8') as apikey_f:
+        apikey = apikey_f.read()
+    reqp = {
+        'ipAddress': urllib.parse.quote(os.environ['REMOTE_ADDR']),
+        'maxAgeInDays': '120',
+        'verbose': '',
+        'key': apikey.strip()
+    }
+    rsp = requests.get('https://api.abuseipdb.com/api/v2/check', params=reqp)
+    rspj = rsp.json()['data']
+    if rspj['totalReports'] > 0:
+        logfail(x='total reports > 0')
+        fail(x=':)')
+except Exception as e:
+    fail(x=e)
 
 try:
-	with open(os.environ['DOCUMENT_ROOT']+'/abuseipdb_key',mode='r',encoding='utf-8') as apikey_f:
-		apikey=apikey_f.read()
-	rsp=requests.get('https://api.abuseipdb.com/api/v2/check',params={'ipAddress':urllib.parse.quote(os.environ['REMOTE_ADDR']),'maxAgeInDays':'120','verbose':'','key':apikey.strip()})
-	rspj=rsp.json()['data']
-	if rspj['totalReports']>0:
-		fail(x=':)')
+    disava = os.environ['DOCUMENT_ROOT'] + '/leave-a-message/disavowed_ip'
+    with open(disava, mode='r', encoding='utf-8') as disavowedip:
+        for ip in disavowedip:
+            try:
+                if ip_address(os.environ["REMOTE_ADDR"]) in ip_network(ip.strip()):
+                    logfail(x='ip disavowed')
+                    fail(x=':)')
+            except ValueError as e:
+                pass
 except Exception as e:
-	fail(x=e)
+    fail(x=e)
 
-print('Status: 200 OK',end='\r\n')
-print('Content-type: text/plain',end='\r\n')
+print('Status: 200 OK', end='\r\n')
+print('Content-type: text/plain', end='\r\n')
 print(end='\r\n')
 
-msgp=os.environ['DOCUMENT_ROOT']+'/leave-a-message/messages'
-with open(msgp,mode='r',encoding='utf-8') as f:
-	o=json.load(f)
-newm={'cont':mcontent,'author':mname,'time':mtime}
+msgp = os.environ['DOCUMENT_ROOT'] + '/leave-a-message/messages'
+with open(msgp, mode='r', encoding='utf-8') as f:
+    o = json.load(f)
+newm = {'cont': mcontent, 'author': mname, 'time': mtime}
 o.append(newm)
-with open(msgp,mode='w',encoding='utf-8') as f:
-	json.dump(o,f)
+with open(msgp, mode='w', encoding='utf-8') as f:
+    json.dump(o, f)
 
-archivp=os.environ['DOCUMENT_ROOT']+'/leave-a-message/archive.txt'
-with open(archivp,mode='a',encoding='utf-8') as f:
-	f.write(f'comment: {mcontent}\n')
-	f.write(f'author: {mname}\n')
-	f.write(f'time: {mtime}\n')
-	f.write(f'IP: {os.environ["REMOTE_ADDR"]}\n\n')
+archivp = os.environ['DOCUMENT_ROOT'] + '/leave-a-message/archive.txt'
+with open(archivp, mode='a', encoding='utf-8') as f:
+    f.write(f'comment: {mcontent}\n')
+    f.write(f'author: {mname}\n')
+    f.write(f'time: {mtime}\n')
+    f.write(f'IP: {os.environ["REMOTE_ADDR"]}\n\n')
 
-# vim: set noexpandtab :
+# vim: set expandtab :
-- 
cgit v1.2.3