import flask import os import discord import dotenv import hashlib import secrets import hmac import json import base64 import random app = flask.Flask(__name__) dotenv.load_dotenv() webhook_url = os.getenv("WEBHOOK_URL") hmac_key = random.randbytes(500) @app.route('/', methods=['GET']) def index(): return flask.render_template('index.html') @app.route('/about', methods=['GET']) def about(): return flask.render_template('about.html') @app.route('/contact', methods=['GET', 'POST']) def contact(): if flask.request.method == 'GET': return flask.render_template('contact.html') if flask.request.method == 'POST': try: # Decode payload data = json.loads(base64.b64decode(flask.request.form['altcha']).decode()) # Validate algorithm if data['algorithm'] != 'SHA-256': return flask.render_template('contact.html', error=True) # Validate challenge expected_challenge = hashlib.sha256( (data['salt'] + str(data['number'])).encode() ).hexdigest() if data['challenge'] != expected_challenge: return flask.render_template('contact.html', error=True) # Validate signature signature = hmac.new(hmac_key, data['challenge'].encode(), hashlib.sha256).hexdigest() if data['signature'] != signature: return flask.render_template('contact.html', error=True) # All checks passed, send off form data name = flask.request.form['name'] email = flask.request.form['email'] message = flask.request.form['message'] # Send the contact form to Discord via a webhook webhook = discord.SyncWebhook.from_url(webhook_url) embed = discord.Embed( title='New Message', description=f"**Name:** ` {name} `\n**Email:** ` {email} `\n**Message:** ` {message} `", color=0x85C0F7 ) webhook.send(embed=embed) return flask.render_template('contact.html', success=True) # If any error happens for any reason, return the contact page with error except: return flask.render_template('contact.html', error=True) @app.route('/altcha-challenge', methods=['GET']) def altcha_challenge(): salt = secrets.token_urlsafe(25) secret_number = random.randint(10000, 50000) challenge_data = f"{salt}{secret_number}".encode() challenge = hashlib.sha256(challenge_data).hexdigest() signature = hmac.new(hmac_key, challenge.encode(), hashlib.sha256).hexdigest() response = { 'algorithm': 'SHA-256', 'challenge': challenge, 'salt': salt, 'signature': signature } return flask.jsonify(response) @app.route('/pgp', methods=['GET']) def pgp(): return flask.render_template('pgp.html') @app.route('/parker.asc', methods=['GET']) def parker(): # Send the file to download return flask.send_file('static/parker.asc', as_attachment=True)