This project provides a Flask-based web interface for securely running scripts with two-factor authentication (2FA) and displaying script execution status. It's designed to manage secure, authenticated access to any backend script, enforcing a cooldown period between executions and showing the latest status update.
While this system is designed to serve as the deploy admin for simplified deployment in COOK482, it can be adapted for various other applications requiring secure script execution with 2FA and execution tracking.
app.py: Main Flask application file with an optional debug modehistory.json: Logs script execution historyenv/: Virtual environment folderpriv_sets.example.py: Example configuration file for private settingspriv_sets.py: ContainsSECRET_KEY,SCRIPT_PATH, and other private settingsqrcode_gen.py: Generates a QR code for 2FA setupqrcode.png: Generated QR code image for 2FA setupREADME.md: Project documentationrequirements.txt: List of required dependenciestemplates/: Directory for HTML templatestest_script_output.txt: Sample output from the test scripttest_script.sh: Example script for testing execution
Install necessary dependencies with:
pip install -r requirements.txt
- 2FA Setup: copy
priv_sets.example.pytopriv_sets.py- Generate a
SECRET_KEYusingpyotp.random_base32(). - Set
SCRIPT_PATHto the path of the script you want to execute. - Optionally set
QR_CODE_DESCRIPTIONandQR_CODE_ISSUERif you want to generate QR Code with description and issuer.
- Generate a
- Generate QR Code: Run
qrcode_gen.pyto create aqrcode.pngimage, which can be scanned with an authenticator app for 2FA setup.
To use alternative settings for testing, you can run the application in debug mode. This mode uses shorter lockout durations and different script paths:
python app.py --debug
In debug mode, the following settings will apply:
DEBUG_SCRIPT_PATH: Path for testing scripts (e.g.,test_script.sh).DEBUG_LOCKOUT_DURATION: Cooldown duration for debug mode.DEBUG_DEPLOY_HISTORY_FILE: History file for debugging purposes (e.g.,history_debug.json).
-
Run the Application:
python app.py -
Access the Interface: Open
http://127.0.0.1:5000in your browser. -
Execute Script with 2FA: Enter the 2FA code to authorize script execution. Once authorized, the script will execute, and the system will display the status updates.
-
Check Execution Status: Use the
/get_deploy_statusendpoint to view the latest execution status.
A lockout period is enforced after each execution to prevent multiple runs in quick succession. The duration is 3 minutes in normal mode and 1 second in debug mode.
- Verify 2FA and Trigger Script Execution:
POST /verifywith form data includingcode. - Get Execution Status:
GET /get_deploy_status
- Keep
priv_sets.pysecure to protect sensitive information. - Customize
index.htmlwithin thetemplatesdirectory to modify the web interface. - Use
--debugfor testing purposes without affecting production data.
This system can securely run various scripts, not limited to deployments, with 2FA authorization and status monitoring.