from flask import Flask, render_template, send_from_directory, Response
import os
import uuid
import time
from functools import wraps
app = Flask(__name__, static_folder='static')
# Configure session-based token security
app.config['SECRET_KEY'] = str(uuid.uuid4())
app.config['SESSION_TYPE'] = 'filesystem'
app.config['PERMANENT_SESSION_LIFETIME'] = 1800 # 30 minutes
# Store for valid tokens and their expiry times (in a real app, use a proper database)
VALID_TOKENS = {}
TOKEN_EXPIRY = 3600 # 1 hour
# Security headers for all responses
@app.after_request
def add_security_headers(response):
# Prevent content from being framed by other sites
response.headers['X-Frame-Options'] = 'DENY'
# Prevent browsers from performing MIME sniffing
response.headers['X-Content-Type-Options'] = 'nosniff'
# Enable XSS protection in browsers
response.headers['X-XSS-Protection'] = '1; mode=block'
# Content Security Policy to restrict resources
response.headers['Content-Security-Policy'] = "default-src 'self' https://cdn.tailwindcss.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data:; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://cdn.tailwindcss.com; script-src 'self' 'unsafe-inline' https://cdn.tailwindcss.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net"
# Cache control - prevent caching
response.headers['Cache-Control'] = 'no-store, no-cache, must-revalidate, max-age=0'
response.headers['Pragma'] = 'no-cache'
response.headers['Expires'] = '0'
return response
# Load the HTML content
try:
# First try to read from the static directory (for production)
static_file_path = os.path.join(app.static_folder, 'index.html')
if os.path.exists(static_file_path):
with open(static_file_path, 'r') as f:
html_content = f.read()
else:
# Fall back to the placeholder content
html_content = """
Balance Academy
Balance Academy
This is a placeholder for the actual content.
Please upload the actual index.html file to the static directory.
"""
except Exception as e:
# Use placeholder content if there's an error
print(f"Error loading HTML content: {str(e)}")
html_content = "Error loading content
Please try again later.
"
# Add anti-inspection/download JavaScript to the HTML
def add_protection_scripts(html):
# Insert scripts right before the closing body tag
protection_scripts = """
"""
return html.replace(' ', protection_scripts + '')
protected_html = add_protection_scripts(html_content)
# Create a simple token-based authentication system
def generate_token():
token = str(uuid.uuid4())
VALID_TOKENS[token] = time.time() + TOKEN_EXPIRY
return token
def is_valid_token(token):
if token in VALID_TOKENS:
if time.time() < VALID_TOKENS[token]:
return True
else:
# Token expired
del VALID_TOKENS[token]
return False
def clean_expired_tokens():
current_time = time.time()
expired = [token for token, expiry in VALID_TOKENS.items() if current_time > expiry]
for token in expired:
del VALID_TOKENS[token]
# Authentication decorator
def token_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
token = kwargs.get('token')
if not token or not is_valid_token(token):
return Response('Unauthorized access', 401)
return f(*args, **kwargs)
return decorated_function
# Routes
@app.route('/')
def index():
token = generate_token()
clean_expired_tokens()
return render_template('login.html', token=token)
@app.route('/view/