Skip to content

Instantly share code, notes, and snippets.

@hfuller
Created February 24, 2021 18:52
Show Gist options
  • Save hfuller/a95abb61e9004c0c94368172cdb7c17a to your computer and use it in GitHub Desktop.
Save hfuller/a95abb61e9004c0c94368172cdb7c17a to your computer and use it in GitHub Desktop.
whitelist.py - Extremely insecure tool to allow users to add themselves to the minecraft whitelist
#!/usr/bin/env python3
from flask import Flask, request
import requests
import json
app = Flask(__name__)
@app.route('/')
def hello_world():
return 'get out'
@app.route('/add', methods=['POST'])
def add():
with open('add_secret.txt', 'r') as f:
add_secret = f.read().strip()
if request.form['secret'] != add_secret:
return('you are not cool enough to do this', 400)
user = request.form['user']
print("Adding", user)
with open('whitelist.json', 'r') as f:
whitelist = json.loads(f.read())
print("Whitelist entries loaded:", len(whitelist))
whitelist_filter = [x for x in whitelist if x['name'] == user]
if len(whitelist_filter) > 0:
return("It was already in there", 400)
user_blob = requests.get("https://api.mojang.com/users/profiles/minecraft/" + user).json()
print("User blob:", user_blob)
whitelist.append(user_blob)
with open('whitelist.json', 'w') as f:
f.write(json.dumps(whitelist))
print("Whitelist entries written to file:", len(whitelist))
return("ok")
app.run(host='0.0.0.0', port=42069, debug=False)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment