angry.hair/AzerothCore-website
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
AzerothCore-website/README.md
Aaron Barbas 9bbeb35c08 Added support link to download game client, link for addons. 
Fixed an issue that prevented the password reset tokens from working.
Added email templates for password reset success and new account creation.
Added more dynamic email template support.
2024-10-03 22:00:40 -05:00

88 lines
3.3 KiB
Markdown
Raw Blame History

# AzerothCore Account Management
This application allows users to create and manage accounts for the World of Warcraft: Wrath of the Lich King private server. It provides features such as account creation, password reset, and email notifications.
## Features
- **Account Creation**: Create new accounts with username, email, password, and expansion details.
- **Password Reset**: Reset account passwords through email verification.
- **Secure Communication**: Utilizes Gmail App Passwords for secure email communication.
## Prerequisites
- **Python 3.8+**
- **MySQL**: Database for storing user data
- **Gmail App Passwords**: For sending emails securely
## Installation
1. **Clone the repository:**
```bash
git clone https://github.com/BeardedInfoSec/AzerothCore-website.git
cd AzerothCore-website
```
2. **Configure the application:**
Ensure the `config.json` file in the root directory has the following structure and update it with your details:
```json
{
"USERNAME": "acore",
"PASSWORD": "password",
"SERVER_IP": "127.0.0.1",
"MYSQL_PORT": 3306,
"DATABASE": "acore_auth",
"SMTP_EMAIL_ADDRESS": "your_email@gmail.com",
"SMTP_EMAIL_PASSWORD": "your_app_password"
}
```
**Note**: Ensure you create a [Gmail App Password](https://myaccount.google.com/apppasswords) and enable [2-Step Verification](https://support.google.com/accounts/answer/185833?hl=en) for your Google account.
## Running the Application
1. **Start the Flask application:**
```bash
python website.py
```
The application will be available at `http://127.0.0.1:5000/`.
**Note**: The SQLite database for password reset tokens will be auto-initialized when the website is run.
## Configuration Notes
### HTTP vs. HTTPS
- **HTTP**: Sends web traffic in plain text, making it potentially vulnerable to interception and attacks. It is **not secure**.
- **HTTPS**: Encrypts web traffic, ensuring data is securely transmitted between the client and server. It is **recommended** for all web applications to protect sensitive data.
To secure your application:
- Open ports 80 (HTTP) and 443 (HTTPS) on your server.
- Configure your firewall to allow traffic on these ports and point to your server's IP address or domain.
- Obtain and install an SSL/TLS certificate to enable HTTPS.
### Email Configuration
- **Important**: The password reset functionality will not work without having the Gmail account configured, as it sends the reset link through email.
## Security Best Practices
- **Disable Debug Mode**: Ensure `debug=False` in your app configuration.
- **Use Environment Variables**: Store sensitive data in environment variables.
- **Enable HTTPS**: Secure your application with HTTPS.
- **Set Secure Headers**: Use libraries like `Flask-Talisman` to set secure headers.
- **Rate Limiting**: Implement rate limiting to protect against brute force attacks.
- **Input Validation**: Always validate and sanitize input data.
## Contact
For any issues or questions, please contact [thesoargoat@gmail.com].
---
This README provides comprehensive instructions for setting up and running your AzerothCore account management application securely.
Reference in a new issue View git blame Copy permalink