From c2a41ca4dda43336051b041fd41741bbdfc8d12e Mon Sep 17 00:00:00 2001
From: Yannik Schmidt <yannik.schmidt@thermoscan.de>
Date: Mon, 30 Aug 2021 18:37:24 +0200
Subject: [PATCH] skeleton routes

---
 server.py | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/server.py b/server.py
index 7554fe8..3c2b261 100755
--- a/server.py
+++ b/server.py
@@ -14,11 +14,18 @@ from sqlalchemy.sql import func
 from flask_sqlalchemy import SQLAlchemy
 
 app = flask.Flask("Flask-VSFTP-User-Tool")
+app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///database.sqlite'
+app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
+db = SQLAlchemy(app)
+
 HTTP_FORBIDDEN      = 401
 HTTP_NOT_FOUND      = 404
 HTTP_UNPROCESSABLE  = 422
 HTTP_INTERNAL_ERR   = 500
 
+# unix useradd requires exactly this salt, do not change
+PAM_PASSWD_SALT = "22"
+
 @app.route('/')
 def index():
     return flask.render_template("index.html")
@@ -29,20 +36,20 @@ def createUser():
     return ("Success", 200)
 
 @app.route('/delete-user', methods=["POST"])
-def createUser():
-    deleteUser(user=flask.request.get('user')
+def deleteUser():
+    deleteUser(user=flask.request.get('user'))
     return ("Success", 200)
 
-@app.route('/list-user')
-def listUsers(''):
+@app.route('/list-users')
+def listUsers():
     users = db.session.query(FTPUser)
     return flask.render_template("list_users.html", users=users)
 
 def createUser(webform):
 
     # command line useradd requires a pre-encrypted password
-    cryptPass = crypt.crypt(password, webform.password)
-    subprocess.run(["./scripts/create_user.sh", cryptPass, webform.username])
+    cryptPass = crypt.crypt(webform['password'], PAM_PASSWD_SALT)
+    subprocess.run(["./scripts/create_user.sh", cryptPass, webform['username']])
 
     # track added users to prevent deletion of other users and listing #
     db.session.add(FTPUser(webform.username))