# 检查用户权限 defcheck_permission(username, file_path): withopen(USER_DATA_FILE, 'r') as f: user_data = json.load(f) if username in user_data: permissions = user_data[username].get('permissions', []) for path, access in permissions.items(): if file_path.startswith(path) and access == 'read': returnTrue returnFalse
# 读取文件内容 defread_file(file_path, username): if check_permission(username, file_path): try: withopen(file_path, 'r') as f: return f.read() except FileNotFoundError: return'File not found.' else: return'Permission denied.'
# 登录路由 @app.route('/login', methods=['GET', 'POST']) deflogin(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] withopen('user_data.json', 'r') as f: user_data = json.load(f) if username in user_data and user_data[username]['password'] == password: session['logged_in'] = True session['username'] = username session['is_admin'] = user_data[username].get('is_admin', False) # 从user_data.json中读取用户是否为管理员信息 return redirect(url_for('file_reader')) else: return'Invalid username/password' return render_template('login.html')
# 验证用户身份 defauthenticate_user(username, password): withopen(USER_DATA_FILE, 'r') as f: user_data = json.load(f) if username in user_data: return user_data[username]['password'] == password returnFalse
if request.method == 'POST': file_path = request.form['file_path']
# 检查目录路径是否合法 if file_path != '/'and (notall(char.isalnum() or char in ['/', '_', '-', '.'] for char in file_path) or'..'in file_path): abort(400, 'Invalid directory path')
# 检查目录路径是否包含 'flag' if'flag'in file_path: abort(400, 'Nah, flag not allowed')
# 检查用户是否有权限访问特定文件或目录 ifnot check_permissions(file_path, session['username']): abort(403, 'You are not authorized to read this file')
if request.method == 'GET': # 如果用户不是管理员,只允许修改自己的权限 ifnot session.get('is_admin'): users = [session['username']] else: users = [user for user, data in user_data.items()] # 提取所有非管理员用户的用户名 # users = [user for user, data in user_data.items() if not data['is_admin']] return render_template('update_permissions.html', users=users)
# 检查新添加的目录路径是否只包含 '/'、'_'、'-'数字和字母,且以'/'结尾 if path != '/'andnot (path.endswith('/') andall(char.isalnum() or char in ['/', '_', '-'] for char in path[:-1])): abort(400, 'Invalid directory path')
# 检查新添加的目录路径是否包含 'flag' if'flag'in path: abort(400, 'Nah, flag not allowed')
# 如果用户不是管理员,只允许修改自己的权限 ifnot session.get('is_admin') and user != session['username']: abort(403, "You are not authorized to modify other users' permissions")
# 检查添加的目录是否与已存在的目录相同 if path in user_data[user]['permissions']: abort(400, "Directory already exists")
# 检查文件路径是否与用户权限配置中的某个路径匹配 for permission_path in user_permissions.keys(): if file_path.startswith(permission_path): returnTrue
returnFalse
@app.route('/error') deferror(): withopen('/flag', 'r') as flag: flag = flag.read() assert flag == "dutctf{Fak3_fl@g_2333}" return render_template('error.html')
if __name__ == '__main__': # 初始化用户数据文件 ifnot os.path.exists(USER_DATA_FILE): withopen(USER_DATA_FILE, 'w') as f: json.dump({}, f) app.run(host='0.0.0.0', port='5000', debug=True)
h = hashlib.sha1() for bit in chain(probably_public_bits, private_bits): ifnot bit: continue ifisinstance(bit, str): bit = bit.encode('utf-8') h.update(bit) h.update(b'cookiesalt')
cookie_name = '__wzd' + h.hexdigest()[:20]
num = None if num isNone: h.update(b'pinsalt') num = ('%09d' % int(h.hexdigest(), 16))[:9]
rv =None if rv isNone: for group_size in5, 4, 3: iflen(num) % group_size == 0: rv = '-'.join(num[x:x + group_size].rjust(group_size, '0') for x inrange(0, len(num), group_size)) break else: rv = num