From bac8ac30aa12c4c549399868a0126dfffe7f8570 Mon Sep 17 00:00:00 2001
From: jokob-sk <jokob-sk@gmail.com>
Date: Tue, 4 Jun 2024 19:58:48 +1000
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=83=20Sync=20Hub=20v0.53?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Dockerfile                             |  6 +--
 Dockerfile.debian                      |  2 +-
 front/plugins/sync/hub.php             | 50 ++++++++++++-------------
 install/install_dependencies.debian.sh |  2 +-
 server/helper.py                       | 51 +++++++++++++++++---------
 5 files changed, 63 insertions(+), 48 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 885d252e..3abc2791 100755
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,7 +13,7 @@ ENV PATH="/opt/venv/bin:$PATH"
 COPY . ${INSTALL_DIR}/
 
 
-RUN pip install requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython cryptography python3-dev \
+RUN pip install requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython cryptography  \
     && bash -c "find ${INSTALL_DIR} -type d -exec chmod 750 {} \;" \
     && bash -c "find ${INSTALL_DIR} -type f -exec chmod 640 {} \;" \
     && bash -c "find ${INSTALL_DIR} -type f \( -name '*.sh' -o -name '*.py'  -o -name 'speedtest-cli' \) -exec chmod 750 {} \;"
@@ -39,8 +39,8 @@ ENV S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0
 RUN apk update --no-cache \
     && apk add --no-cache bash zip lsblk gettext-envsubst sudo mtr tzdata s6-overlay \
     && apk add --no-cache curl arp-scan iproute2 iproute2-ss nmap nmap-scripts traceroute net-tools net-snmp-tools bind-tools awake ca-certificates  \
-    && apk add --no-cache sqlite php83 php83-fpm php83-cgi php83-curl php83-sqlite3 php83-session php83-openssl \
-    && apk add --no-cache python3 nginx \
+    && apk add --no-cache sqlite php83 php83-fpm php83-cgi php83-curl php83-sqlite3 php83-session \
+    && apk add --no-cache python3  nginx \
     && ln -s /usr/bin/awake /usr/bin/wakeonlan \
     && bash -c "install -d -m 750 -o nginx -g www-data ${INSTALL_DIR} ${INSTALL_DIR}" \
     && rm -f /etc/nginx/http.d/default.conf
diff --git a/Dockerfile.debian b/Dockerfile.debian
index e5d15ef7..ce533594 100755
--- a/Dockerfile.debian
+++ b/Dockerfile.debian
@@ -43,7 +43,7 @@ RUN phpenmod -v 8.2 sqlite3
 RUN apt-get install -y python3-venv
 RUN python3 -m venv myenv
 
-RUN /bin/bash -c "source myenv/bin/activate && update-alternatives --install /usr/bin/python python /usr/bin/python3 10 && pip3 install requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython cryptography python3-dev"
+RUN /bin/bash -c "source myenv/bin/activate && update-alternatives --install /usr/bin/python python /usr/bin/python3 10 && pip3 install requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython cryptography "
 
 # Create a buildtimestamp.txt to later check if a new version was released
 RUN date +%s > ${INSTALL_DIR}/front/buildtimestamp.txt
diff --git a/front/plugins/sync/hub.php b/front/plugins/sync/hub.php
index d5179ed1..58c2b1a0 100755
--- a/front/plugins/sync/hub.php
+++ b/front/plugins/sync/hub.php
@@ -4,25 +4,25 @@
 require '/app/front/php/server/init.php';
 
 
-function decrypt_data($encoded_data, $key) {
-    // Base64 decode the encrypted data
-    $data = base64_decode($encoded_data);
+// function decrypt_data($encoded_data, $key) {
+//     // Base64 decode the encrypted data
+//     $data = base64_decode($encoded_data);
 
-    // Extract the IV and the ciphertext
-    $iv = substr($data, 0, 16);
-    $ciphertext = substr($data, 16);
+//     // Extract the IV and the ciphertext
+//     $iv = substr($data, 0, 16);
+//     $ciphertext = substr($data, 16);
 
-    // Derive the key using SHA-256
-    $key = hash('sha256', $key, true);
+//     // Derive the key using SHA-256
+//     $key = hash('sha256', $key, true);
 
-    // Decrypt the ciphertext using AES-256-CBC
-    $decrypted_data = openssl_decrypt($ciphertext, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
+//     // Decrypt the ciphertext using AES-256-CBC
+//     $decrypted_data = openssl_decrypt($ciphertext, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
 
-    // Remove padding
-    $decrypted_data = rtrim($decrypted_data, "\0");
+//     // Remove padding
+//     $decrypted_data = rtrim($decrypted_data, "\0");
     
-    return $decrypted_data;
-}
+//     return $decrypted_data;
+// }
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     // Retrieve the authorization header
@@ -43,14 +43,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $plugin_folder = $_POST['plugin_folder'] ?? '';
     $node_name = $_POST['node_name'] ?? '';
 
-    $decoded_data = decrypt_data($data, getSettingValue('SYNC_encryption_key'));
+    // $decoded_data = decrypt_data($data, getSettingValue('SYNC_encryption_key'));
 
-    if ($decoded_data === false or $decoded_data === null) {
-        write_notification("[Plugin: Sync hub API] Bad Request: Decryption failed", "alert");
-        http_response_code(400);
-        echo 'Bad Request: Decryption failed';
-        exit;
-    }
+    // if ($decoded_data === false or $decoded_data === null) {
+    //     write_notification("[Plugin: Sync hub API] Bad Request: Decryption failed", "alert");
+    //     http_response_code(400);
+    //     echo 'Bad Request: Decryption failed';
+    //     exit;
+    // }
 
     $storage_path = "/app/front/plugins/{$plugin_folder}";
 
@@ -64,14 +64,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 
     // Generate a unique file path to avoid overwriting existing files
     $files = glob("{$storage_path}/last_result.{$node_name}.*.log");
-    $files = array_filter($files, function($file) {
-        return preg_match('/last_result\.\d+\.log$/', basename($file));
-    });
+    // $files = array_filter($files, function($file) {
+    //     return preg_match('/last_result\.\d+\.log$/', basename($file));
+    // });
     $file_count = count($files) + 1;
     $file_path = "{$storage_path}/last_result.{$node_name}.{$file_count}.log";
 
     // Save the decoded data to the file
-    file_put_contents($file_path, $decoded_data);
+    file_put_contents($file_path, $data);
     http_response_code(200);
     echo 'Data received and stored successfully';
 } else {
diff --git a/install/install_dependencies.debian.sh b/install/install_dependencies.debian.sh
index ca259ec8..7ceb11b2 100755
--- a/install/install_dependencies.debian.sh
+++ b/install/install_dependencies.debian.sh
@@ -30,5 +30,5 @@ source myenv/bin/activate
 update-alternatives --install /usr/bin/python python /usr/bin/python3 10
 
 #  install packages thru pip3
-pip3 install requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython cryptography python3-dev
+pip3 install requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython cryptography 
 
diff --git a/server/helper.py b/server/helper.py
index 613c6970..ec764fee 100755
--- a/server/helper.py
+++ b/server/helper.py
@@ -13,9 +13,7 @@ import json
 import time
 from pathlib import Path
 import requests
-from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
-from cryptography.hazmat.primitives import padding
-from cryptography.hazmat.backends import default_backend
+from cryptography.fernet import Fernet
 import base64
 import hashlib
 
@@ -803,25 +801,42 @@ def collect_lang_strings(json, pref, stringSqlParams):
 
     return stringSqlParams
 
+#-------------------------------------------------------------------------------
+#  Cryptography
+#-------------------------------------------------------------------------------
 
-def encrypt_data(data, key):
-    """
-    Encrypt the data using AES-256-CBC.
+def prepare_key(encryption_key):
+    if(len(encryption_key) < 32):
+        encryption_key = (int((32 / len(encryption_key)))+1 )*encryption_key
+
+    key_bytearray  = bytearray(encryption_key[:32], 'ASCII')
+
+    return base64.urlsafe_b64encode(key_bytearray)    
     
-    :param data: The plaintext data to encrypt.
-    :param key: The encryption key.
-    :return: The base64 encoded ciphertext.
-    """
-    key = hashlib.sha256(key.encode()).digest()
-    iv = os.urandom(16)  # Generate a random IV
-    padder = padding.PKCS7(128).padder()
-    padded_data = padder.update(data.encode()) + padder.finalize()
-    cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend())
-    encryptor = cipher.encryptor()
-    ct = encryptor.update(padded_data) + encryptor.finalize()
-    encrypted_data = base64.b64encode(iv + ct).decode('utf-8')
+
+def encrypt_data(data, encryption_key):
+    
+    fernet = Fernet(prepare_key(encryption_key))
+    
+    # then use the Fernet class instance 
+    # to encrypt the string string must
+    # be encoded to byte string before encryption
+    encrypted_data = fernet.encrypt(data.encode())
     return encrypted_data
 
+def decrypt_data(data, encryption_key):
+    
+    
+    fernet = Fernet(prepare_key(encryption_key))
+    
+    # decrypt the encrypted string with the 
+    # Fernet instance of the key,
+    # that was used for encrypting the string
+    # encoded byte string is returned by decrypt method,
+    # so decode it to string with decode methods
+    decrypted_data = fernet.decrypt(data).decode()
+    return decrypted_data
+
 #-------------------------------------------------------------------------------
 #  Misc
 #-------------------------------------------------------------------------------