Onionr/src/apiservers/private/__init__.py

'''
    Onionr - Private P2P Communication

    This file handles all incoming http requests to the client, using Flask
'''
'''
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <https://www.gnu.org/licenses/>.
'''
import base64, os, time
import flask
from gevent.pywsgi import WSGIServer
from onionrutils import epoch
import httpapi, filepaths, logger
from . import register_private_blueprints
from etc import waitforsetvar
import serializeddata, config
from .. import public
class PrivateAPI:
    '''
        Client HTTP api
    '''

    callbacks = {'public' : {}, 'private' : {}}

    def __init__(self):
        '''
            Initialize the api server, preping variables for later use

            This initialization defines all of the API entry points and handlers for the endpoints and errors
            This also saves the used host (random localhost IP address) to the data folder in host.txt
        '''
        self.config = config
        self.startTime = epoch.get_epoch()
        app = flask.Flask(__name__)
        bindPort = int(config.get('client.client.port', 59496))
        self.bindPort = bindPort

        self.clientToken = config.get('client.webpassword')
        self.timeBypassToken = base64.b16encode(os.urandom(32)).decode()

        self.host = httpapi.apiutils.setbindip.set_bind_IP(filepaths.private_API_host_file)
        logger.info('Running api on %s:%s' % (self.host, self.bindPort))
        self.httpServer = ''

        self.queueResponse = {}
        self.get_block_data = httpapi.apiutils.GetBlockData(self)
        register_private_blueprints.register_private_blueprints(self, app)
        httpapi.load_plugin_blueprints(app)
        self.app = app
    
    def start(self):
        waitforsetvar.wait_for_set_var(self, "_too_many")
        self.publicAPI = self._too_many.get(public.PublicAPI)
        self.httpServer = WSGIServer((self.host, self.bindPort), self.app, log=None, handler_class=httpapi.fdsafehandler.FDSafeHandler)
        self.httpServer.serve_forever()

    def setPublicAPIInstance(self, inst):
        self.publicAPI = inst

    def validateToken(self, token):
        '''
            Validate that the client token matches the given token. Used to prevent CSRF and data exfiltration
        '''
        if not self.clientToken:
            logger.error("client password needs to be set")
            return False
        try:
            if not hmac.compare_digest(self.clientToken, token):
                return False
            else:
                return True
        except TypeError:
            return False

    def getUptime(self)->int:
        while True:
            try:
                return epoch.get_epoch() - self.startTime
            except (AttributeError, NameError):
                # Don't error on race condition with startup
                pass

    def getBlockData(self, bHash, decrypt=False, raw=False, headerOnly=False):
        return self.get_block_data.get_block_data(bHash, decrypt=decrypt, raw=raw, headerOnly=headerOnly)
initial commit 2017-12-26 07:25:29 +00:00			`'''`
* Progress in adjust tagline in files, license boilerplate fixes * Import adjustments 2019-06-12 00:05:15 +00:00			`Onionr - Private P2P Communication`
work on adding peers, improved documentation, improved the way the daemon is run, daemon can now be killed from background 2018-01-14 08:48:23 +00:00
			`This file handles all incoming http requests to the client, using Flask`
			`'''`
			`'''`
initial commit 2017-12-26 07:25:29 +00:00			`This program is free software: you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation, either version 3 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program. If not, see <https://www.gnu.org/licenses/>.`
			`'''`
progress removing onionr.py 2019-08-05 04:08:56 +00:00			`import base64, os, time`
Started reducing unnecessary disk i/o: * Spawn core.Core() much less 2019-06-15 18:56:57 +00:00			`import flask`
refactored api servers into module 2019-07-12 07:07:30 +00:00			`from gevent.pywsgi import WSGIServer`
			`from onionrutils import epoch`
progress in removing core 2019-07-18 17:40:48 +00:00			`import httpapi, filepaths, logger`
refactored api servers into module 2019-07-12 07:07:30 +00:00			`from . import register_private_blueprints`
progress removing onionr.py 2019-08-04 04:52:57 +00:00			`from etc import waitforsetvar`
progress removing onionr.py 2019-08-02 23:00:04 +00:00			`import serializeddata, config`
progress removing onionr.py 2019-08-04 04:52:57 +00:00			`from .. import public`
refactored api servers into module 2019-07-12 07:07:30 +00:00			`class PrivateAPI:`
API reformat 2019-01-08 05:51:39 +00:00			`'''`
			`Client HTTP api`
			`'''`
Code consistency updates - Improved formatting - Added comments - URL encoded values in netcontroller.performGET - Kept SQL statement case consistency 2018-02-04 03:44:29 +00:00
API reformat 2019-01-08 05:51:39 +00:00			`callbacks = {'public' : {}, 'private' : {}}`
Merge wot 2018-12-09 17:29:39 +00:00
progress removing onionr.py 2019-08-02 23:00:04 +00:00			`def __init__(self):`
API reformat 2019-01-08 05:51:39 +00:00			`'''`
			`Initialize the api server, preping variables for later use`
work on api, client, and added protection against HTTP metadata leaks (timebleed) 2017-12-27 01:13:19 +00:00
fixed dumb print leftover spamming hashes 2019-04-23 02:02:09 +00:00			`This initialization defines all of the API entry points and handlers for the endpoints and errors`
API reformat 2019-01-08 05:51:39 +00:00			`This also saves the used host (random localhost IP address) to the data folder in host.txt`
Code consistency updates - Improved formatting - Added comments - URL encoded values in netcontroller.performGET - Kept SQL statement case consistency 2018-02-04 03:44:29 +00:00			`'''`
refactored api servers into module 2019-07-12 07:07:30 +00:00			`self.config = config`
OnionrUtils fully removed (but not fully bug free) flow now uses daemon thread for displaying output 2019-06-25 23:07:35 +00:00			`self.startTime = epoch.get_epoch()`
API reformat 2019-01-08 05:51:39 +00:00			`app = flask.Flask(__name__)`
			`bindPort = int(config.get('client.client.port', 59496))`
			`self.bindPort = bindPort`
Merge I2P Branch (#19) * work on i2p support * work on i2p support * redid socks check * redid socks check * redid socks check * work on i2p and fixed broken block processing * fixed no newline delim on block list in api * fixed no newline delim on block list in api * fixed no newline delim on block list in api * use extend instead of append for blocklist after newline changes 2018-05-19 21:32:21 +00:00
API reformat 2019-01-08 05:51:39 +00:00			`self.clientToken = config.get('client.webpassword')`
			`self.timeBypassToken = base64.b16encode(os.urandom(32)).decode()`
Merge I2P Branch (#19) * work on i2p support * work on i2p support * redid socks check * redid socks check * redid socks check * work on i2p and fixed broken block processing * fixed no newline delim on block list in api * fixed no newline delim on block list in api * fixed no newline delim on block list in api * use extend instead of append for blocklist after newline changes 2018-05-19 21:32:21 +00:00
progress in removing core 2019-07-18 17:40:48 +00:00			`self.host = httpapi.apiutils.setbindip.set_bind_IP(filepaths.private_API_host_file)`
API reformat 2019-01-08 05:51:39 +00:00			`logger.info('Running api on %s:%s' % (self.host, self.bindPort))`
			`self.httpServer = ''`
work on gui, dbstorage, daemon queue responses 2019-01-07 05:50:20 +00:00
			`self.queueResponse = {}`
fixed broken plugin blueprint loading 2019-07-12 22:31:11 +00:00			`self.get_block_data = httpapi.apiutils.GetBlockData(self)`
fixed flask's nonsense with relative dirs 2019-07-12 18:47:50 +00:00			`register_private_blueprints.register_private_blueprints(self, app)`
fixed broken plugin blueprint loading 2019-07-12 22:31:11 +00:00			`httpapi.load_plugin_blueprints(app)`
progress removing onionr.py 2019-08-04 04:52:57 +00:00			`self.app = app`

			`def start(self):`
			`waitforsetvar.wait_for_set_var(self, "_too_many")`
			`self.publicAPI = self._too_many.get(public.PublicAPI)`
			`self.httpServer = WSGIServer((self.host, self.bindPort), self.app, log=None, handler_class=httpapi.fdsafehandler.FDSafeHandler)`
API reformat 2019-01-08 05:51:39 +00:00			`self.httpServer.serve_forever()`
Add web api callbacks 2018-07-30 00:37:12 +00:00
API reformat 2019-01-08 05:51:39 +00:00			`def setPublicAPIInstance(self, inst):`
			`self.publicAPI = inst`
Add web api callbacks 2018-07-30 00:37:12 +00:00
API reformat 2019-01-08 05:51:39 +00:00			`def validateToken(self, token):`
			`'''`
code cleanup, defunct code removal 2019-02-12 05:30:56 +00:00			`Validate that the client token matches the given token. Used to prevent CSRF and data exfiltration`
API reformat 2019-01-08 05:51:39 +00:00			`'''`
added some more readmes 2019-08-07 22:46:57 +00:00			`if not self.clientToken:`
API reformat 2019-01-08 05:51:39 +00:00			`logger.error("client password needs to be set")`
			`return False`
			`try:`
			`if not hmac.compare_digest(self.clientToken, token):`
			`return False`
			`else:`
			`return True`
			`except TypeError:`
			`return False`
work on serialization and communication, misc work on web, run files 2019-01-13 22:20:10 +00:00
added run time test framework 2019-09-26 07:43:03 +00:00			`def getUptime(self)->int:`
improved uploading and fixed announce 2019-01-28 22:49:04 +00:00			`while True:`
			`try:`
OnionrUtils fully removed (but not fully bug free) flow now uses daemon thread for displaying output 2019-06-25 23:07:35 +00:00			`return epoch.get_epoch() - self.startTime`
updated docs and cleaned up api somewhat 2019-04-12 17:14:16 +00:00			`except (AttributeError, NameError):`
improved uploading and fixed announce 2019-01-28 22:49:04 +00:00			`# Don't error on race condition with startup`
moved a couple files, work on mail interface, improvements to web + blockapi for block decryption 2019-02-01 06:38:12 +00:00			`pass`
incomplete work on refactoring client api endpoints 2019-07-01 20:38:55 +00:00
more work on mail 2019-02-04 23:48:21 +00:00			`def getBlockData(self, bHash, decrypt=False, raw=False, headerOnly=False):`
moved dbcreator to onionrsetup 2019-09-23 19:48:35 +00:00			`return self.get_block_data.get_block_data(bHash, decrypt=decrypt, raw=raw, headerOnly=headerOnly)`