88 lines
3.3 KiB
Markdown
88 lines
3.3 KiB
Markdown
# AzerothCore Account Management
|
|
|
|
This application allows users to create and manage accounts for the World of Warcraft: Wrath of the Lich King private server. It provides features such as account creation, password reset, and email notifications.
|
|
|
|
## Features
|
|
|
|
- **Account Creation**: Create new accounts with username, email, password, and expansion details.
|
|
- **Password Reset**: Reset account passwords through email verification.
|
|
- **Secure Communication**: Utilizes Gmail App Passwords for secure email communication.
|
|
|
|
## Prerequisites
|
|
|
|
- **Python 3.8+**
|
|
- **MySQL**: Database for storing user data
|
|
- **Gmail App Passwords**: For sending emails securely
|
|
|
|
## Installation
|
|
|
|
1. **Clone the repository:**
|
|
|
|
```bash
|
|
git clone https://github.com/BeardedInfoSec/AzerothCore-website.git
|
|
cd AzerothCore-website
|
|
```
|
|
|
|
2. **Configure the application:**
|
|
|
|
Ensure the `config.json` file in the root directory has the following structure and update it with your details:
|
|
|
|
```json
|
|
{
|
|
"USERNAME": "acore",
|
|
"PASSWORD": "password",
|
|
"SERVER_IP": "127.0.0.1",
|
|
"MYSQL_PORT": 3306,
|
|
"DATABASE": "acore_auth",
|
|
"SMTP_EMAIL_ADDRESS": "your_email@gmail.com",
|
|
"SMTP_EMAIL_PASSWORD": "your_app_password"
|
|
}
|
|
```
|
|
|
|
**Note**: Ensure you create a [Gmail App Password](https://myaccount.google.com/apppasswords) and enable [2-Step Verification](https://support.google.com/accounts/answer/185833?hl=en) for your Google account.
|
|
|
|
## Running the Application
|
|
|
|
1. **Start the Flask application:**
|
|
|
|
```bash
|
|
python website.py
|
|
```
|
|
|
|
The application will be available at `http://127.0.0.1:5000/`.
|
|
|
|
**Note**: The SQLite database for password reset tokens will be auto-initialized when the website is run.
|
|
|
|
## Configuration Notes
|
|
|
|
### HTTP vs. HTTPS
|
|
|
|
- **HTTP**: Sends web traffic in plain text, making it potentially vulnerable to interception and attacks. It is **not secure**.
|
|
- **HTTPS**: Encrypts web traffic, ensuring data is securely transmitted between the client and server. It is **recommended** for all web applications to protect sensitive data.
|
|
|
|
To secure your application:
|
|
|
|
- Open ports 80 (HTTP) and 443 (HTTPS) on your server.
|
|
- Configure your firewall to allow traffic on these ports and point to your server's IP address or domain.
|
|
- Obtain and install an SSL/TLS certificate to enable HTTPS.
|
|
|
|
### Email Configuration
|
|
|
|
- **Important**: The password reset functionality will not work without having the Gmail account configured, as it sends the reset link through email.
|
|
|
|
## Security Best Practices
|
|
|
|
- **Disable Debug Mode**: Ensure `debug=False` in your app configuration.
|
|
- **Use Environment Variables**: Store sensitive data in environment variables.
|
|
- **Enable HTTPS**: Secure your application with HTTPS.
|
|
- **Set Secure Headers**: Use libraries like `Flask-Talisman` to set secure headers.
|
|
- **Rate Limiting**: Implement rate limiting to protect against brute force attacks.
|
|
- **Input Validation**: Always validate and sanitize input data.
|
|
|
|
## Contact
|
|
|
|
For any issues or questions, please contact [abarbas19@gmail.com].
|
|
|
|
---
|
|
|
|
This README provides comprehensive instructions for setting up and running your AzerothCore account management application securely.
|