alex/ase_mqtt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

gestione errori wallet + fix

Browse Source
This commit is contained in:
alex
2024-12-22 20:19:25 +01:00
parent 368bf9fa82
commit 8d41bf32e3
3 changed files with 71 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
control_mqtt.py
View File

@@ -35,7 +35,7 @@ class CurrentClients:
def start_client(self, client, args): def start_client(self, client, args):
process = subprocess.Popen( process = subprocess.Popen(
[f'{self.venv_path}/bin/python3 {args.ase_receiver} {client}'], [f'{self.venv_path}/bin/python3', args.ase_receiver, client],
stdout=subprocess.PIPE, stdout=subprocess.PIPE,
stderr=subprocess.PIPE, stderr=subprocess.PIPE,
text=True text=True
@@ -87,7 +87,7 @@ def get_credentials(args):
} }
response = requests.post(url, json=data) response = requests.post(url, json=data)
if response.status_code != 200: if response.status_code != 200:
logging.error("Error to get pwd from wallet") logging.error(f"Error to get pwd from wallet.")
exit(1) exit(1)
return response.json().get('password') return response.json().get('password')

53
password_wallet_api.py
View File

@@ -4,6 +4,7 @@ import sqlite3
import bcrypt import bcrypt
import base64 import base64
import hashlib import hashlib
import logging
from cryptography.fernet import Fernet from cryptography.fernet import Fernet
# Configurazione # Configurazione
@@ -11,6 +12,12 @@ db_file = "data/passwords.db"
hash_file = "data/master_hash.txt" hash_file = "data/master_hash.txt"
app = Flask(__name__) app = Flask(__name__)
# Configura il logging
logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s', handlers=[
logging.FileHandler("/var/log/mosquitto/password_wallet.log"),
logging.StreamHandler()
])
# Inizializza il database # Inizializza il database
def init_db(): def init_db():
conn = sqlite3.connect(db_file) conn = sqlite3.connect(db_file)
@@ -25,17 +32,21 @@ def init_db():
""") """)
conn.commit() conn.commit()
conn.close() conn.close()
logging.info("Database inizializzato.")
# Salva l'hash della master password # Salva l'hash della master password
def save_master_hash(hash): def save_master_hash(hash):
with open(hash_file, "wb") as f: with open(hash_file, "wb") as f:
f.write(hash) f.write(hash)
logging.info("Hash della master password salvato.")
# Carica l'hash della master password # Carica l'hash della master password
def load_master_hash(): def load_master_hash():
if not os.path.exists(hash_file): if not os.path.exists(hash_file):
logging.warning("Hash della master password non trovato.")
return None return None
with open(hash_file, "rb") as f: with open(hash_file, "rb") as f:
logging.info("Hash della master password caricato.")
return f.read() return f.read()
# Deriva una chiave di crittografia dalla master password # Deriva una chiave di crittografia dalla master password
@@ -49,48 +60,80 @@ def authenticate(master_password):
if master_hash is None: if master_hash is None:
hashed_password = bcrypt.hashpw(master_password.encode(), bcrypt.gensalt()) hashed_password = bcrypt.hashpw(master_password.encode(), bcrypt.gensalt())
save_master_hash(hashed_password) save_master_hash(hashed_password)
logging.info("Master password impostata per la prima volta.")
return True return True
return bcrypt.checkpw(master_password.encode(), master_hash) auth_success = bcrypt.checkpw(master_password.encode(), master_hash)
if auth_success:
logging.info("Autenticazione riuscita.")
else:
logging.warning("Autenticazione fallita.")
return auth_success
# Aggiungi una password al database # Aggiungi una password al database
def add_password(site, username, password, cipher): def add_password(site, username, password, cipher):
conn = sqlite3.connect(db_file) conn = sqlite3.connect(db_file)
cursor = conn.cursor() cursor = conn.cursor()
encrypted_password = cipher.encrypt(password.encode()).decode() encrypted_password = cipher.encrypt(password.encode()).decode()
try:
cursor.execute("INSERT INTO passwords (site, username, password) VALUES (?, ?, ?)", cursor.execute("INSERT INTO passwords (site, username, password) VALUES (?, ?, ?)",
(site, username, encrypted_password)) (site, username, encrypted_password))
conn.commit() conn.commit()
logging.info(f"Password aggiunta per il sito: {site}.")
except sqlite3.Error as e:
logging.error(f"Errore durante l'aggiunta della password: {e}")
finally:
conn.close() conn.close()
# Recupera una password dal database # Recupera una password dal database
def get_password(site, cipher): def get_password(site, cipher):
conn = sqlite3.connect(db_file) conn = sqlite3.connect(db_file)
cursor = conn.cursor() cursor = conn.cursor()
try:
cursor.execute("SELECT username, password FROM passwords WHERE site = ?", (site,)) cursor.execute("SELECT username, password FROM passwords WHERE site = ?", (site,))
row = cursor.fetchone() row = cursor.fetchone()
conn.close()
if row: if row:
username, encrypted_password = row username, encrypted_password = row
decrypted_password = cipher.decrypt(encrypted_password.encode()).decode() decrypted_password = cipher.decrypt(encrypted_password.encode()).decode()
logging.info(f"Password recuperata per il sito: {site}.")
return username, decrypted_password return username, decrypted_password
logging.warning(f"Sito non trovato: {site}.")
return None, None return None, None
except sqlite3.Error as e:
logging.error(f"Errore durante il recupero della password: {e}")
return None, None
finally:
conn.close()
# Cancella una password dal database # Cancella una password dal database
def delete_password(site): def delete_password(site):
conn = sqlite3.connect(db_file) conn = sqlite3.connect(db_file)
cursor = conn.cursor() cursor = conn.cursor()
try:
cursor.execute("DELETE FROM passwords WHERE site = ?", (site,)) cursor.execute("DELETE FROM passwords WHERE site = ?", (site,))
if cursor.rowcount > 0:
logging.info(f"Password cancellata per il sito: {site}.")
else:
logging.warning(f"Nessuna password trovata per il sito: {site}.")
conn.commit() conn.commit()
except sqlite3.Error as e:
logging.error(f"Errore durante la cancellazione della password: {e}")
finally:
conn.close() conn.close()
# Ottieni la lista di tutti i siti # Ottieni la lista di tutti i siti
def list_sites(): def list_sites():
conn = sqlite3.connect(db_file) conn = sqlite3.connect(db_file)
cursor = conn.cursor() cursor = conn.cursor()
try:
cursor.execute("SELECT site FROM passwords") cursor.execute("SELECT site FROM passwords")
sites = [row[0] for row in cursor.fetchall()] sites = [row[0] for row in cursor.fetchall()]
conn.close() logging.info("Elenco dei siti recuperato.")
return sites return sites
except sqlite3.Error as e:
logging.error(f"Errore durante il recupero dell'elenco dei siti: {e}")
return []
finally:
conn.close()
# Endpoint per aggiungere una password # Endpoint per aggiungere una password
@app.route('/add', methods=['POST']) @app.route('/add', methods=['POST'])
@@ -101,6 +144,7 @@ def add_password_api():
password = request.json.get('password') password = request.json.get('password')
if not authenticate(master_password): if not authenticate(master_password):
logging.warning("Tentativo di aggiungere una password con master password errata.")
return jsonify({"error": "Master password errata"}), 403 return jsonify({"error": "Master password errata"}), 403
key = derive_key(master_password) key = derive_key(master_password)
@@ -115,6 +159,7 @@ def get_password_api():
site = request.json.get('site') site = request.json.get('site')
if not authenticate(master_password): if not authenticate(master_password):
logging.warning("Tentativo di recuperare una password con master password errata.")
return jsonify({"error": "Master password errata"}), 403 return jsonify({"error": "Master password errata"}), 403
key = derive_key(master_password) key = derive_key(master_password)
@@ -133,6 +178,7 @@ def delete_password_api():
site = request.json.get('site') site = request.json.get('site')
if not authenticate(master_password): if not authenticate(master_password):
logging.warning("Tentativo di cancellare una password con master password errata.")
return jsonify({"error": "Master password errata"}), 403 return jsonify({"error": "Master password errata"}), 403
delete_password(site) delete_password(site)
@@ -144,6 +190,7 @@ def list_sites_api():
master_password = request.json.get('master_password') master_password = request.json.get('master_password')
if not authenticate(master_password): if not authenticate(master_password):
logging.warning("Tentativo di recuperare l'elenco dei siti con master password errata.")
return jsonify({"error": "Master password errata"}), 403 return jsonify({"error": "Master password errata"}), 403
sites = list_sites() sites = list_sites()

3
services/mqtt_ase_receiver.service
View File

@@ -4,11 +4,10 @@ After=network.target
[Service] [Service]
WorkingDirectory=/var/lib/mosquitto WorkingDirectory=/var/lib/mosquitto
ExecStart=/var/lib/mosquitto/.venv/bin/python3 ./control_mqtt.py ExecStart=/var/lib/mosquitto/.venv/bin/python3 /var/lib/mosquitto/control_mqtt.py
EnvironmentFile=/var/lib/mosquitto/data/.env EnvironmentFile=/var/lib/mosquitto/data/.env
Restart=always Restart=always
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
Alias=DynSecBackup.service