Onionr/onionr/api.py

'''
    Onionr - P2P Anonymous Storage Network

    This file handles all incoming http requests to the client, using Flask
'''
'''
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <https://www.gnu.org/licenses/>.
'''
import flask
from flask import request, Response, abort, send_from_directory
from gevent.pywsgi import WSGIServer
import sys, random, threading, hmac, hashlib, base64, time, math, os, json
import core
from onionrblockapi import Block
import onionrutils, onionrexceptions, onionrcrypto, blockimporter, onionrevents as events, logger, config, onionr

def guessMime(path):
    '''
        Guesses the mime type from the input filename
    '''
    mimetypes = {
        'html' : 'text/html',
        'js' : 'application/javascript',
        'css' : 'text/css',
        'png' : 'image/png',
        'jpg' : 'image/jpeg'
    }

    for mimetype in mimetypes:
        if path.endswith('.%s' % mimetype):
            return mimetypes[mimetype]

    return 'text/plain'

def setBindIP(filePath):
    '''Set a random localhost IP to a specified file (intended for private or public API localhost IPs)'''
    hostOctets = [str(127), str(random.randint(0x02, 0xFF)), str(random.randint(0x02, 0xFF)), str(random.randint(0x02, 0xFF))]
    data = '.'.join(hostOctets)

    with open(filePath, 'w') as bindFile:
        bindFile.write(data)
    return data

class PublicAPI:
    '''
        The new client api server, isolated from the public api
    '''
    def __init__(self, clientAPI):
        assert isinstance(clientAPI, API)
        app = flask.Flask('PublicAPI')
        self.i2pEnabled = config.get('i2p.host', False)
        self.hideBlocks = [] # Blocks to be denied sharing
        self.host = setBindIP(clientAPI._core.publicApiHostFile)
        bindPort = config.get('client.public.port')

        @app.route('/')
        def banner():
            #validateHost('public')
            try:
                with open('static-data/index.html', 'r') as html:
                    resp = Response(html.read(), mimetype='text/html')
            except FileNotFoundError:
                resp = Response("")
            return resp
        clientAPI.setPublicAPIInstance(self)
        self.httpServer = WSGIServer((self.host, bindPort), app, log=None)
        self.httpServer.serve_forever()

class API:
    '''
        Client HTTP api
    '''

    callbacks = {'public' : {}, 'private' : {}}

    def __init__(self, debug, API_VERSION):
        '''
            Initialize the api server, preping variables for later use

            This initilization defines all of the API entry points and handlers for the endpoints and errors
            This also saves the used host (random localhost IP address) to the data folder in host.txt
        '''

        # configure logger and stuff
        onionr.Onionr.setupConfig('data/', self = self)

        self.debug = debug
        self._privateDelayTime = 3
        self._core = core.Core()
        self._crypto = onionrcrypto.OnionrCrypto(self._core)
        self._utils = onionrutils.OnionrUtils(self._core)
        app = flask.Flask(__name__)
        bindPort = int(config.get('client.client.port', 59496))
        self.bindPort = bindPort

        self.clientToken = config.get('client.webpassword')
        self.timeBypassToken = base64.b16encode(os.urandom(32)).decode()

        self.publicAPI = None # gets set when the thread calls our setter... bad hack but kinda necessary with flask
        threading.Thread(target=PublicAPI, args=(self,)).start()
        self.host = setBindIP(self._core.privateApiHostFile)
        logger.info('Running api on %s:%s' % (self.host, self.bindPort))
        self.httpServer = ''

        @app.route('/')
        def hello():
            return Response("hello client")
        
        @app.route('/shutdown')
        def shutdown():
            try:
                self.publicAPI.httpServer.stop()
                self.httpServer.stop()
            except AttributeError:
                pass
            return Response("bye")
        
        self.httpServer = WSGIServer((self.host, bindPort), app, log=None)
        self.httpServer.serve_forever()
    
    def setPublicAPIInstance(self, inst):
        assert isinstance(inst, PublicAPI)
        self.publicAPI = inst

    def validateToken(self, token):
        '''
            Validate that the client token matches the given token
        '''
        if len(self.clientToken) == 0:
            logger.error("client password needs to be set")
            return False
        try:
            if not hmac.compare_digest(self.clientToken, token):
                return False
            else:
                return True
        except TypeError:
            return False
initial commit 2017-12-26 07:25:29 +00:00			`'''`
mail plugin usable now 2018-11-04 16:06:24 +00:00			`Onionr - P2P Anonymous Storage Network`
work on adding peers, improved documentation, improved the way the daemon is run, daemon can now be killed from background 2018-01-14 08:48:23 +00:00
			`This file handles all incoming http requests to the client, using Flask`
			`'''`
			`'''`
initial commit 2017-12-26 07:25:29 +00:00			`This program is free software: you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation, either version 3 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program. If not, see <https://www.gnu.org/licenses/>.`
			`'''`
work on api with debugging and headers 2017-12-27 05:00:02 +00:00			`import flask`
added static dir and serving for web ui 2018-07-27 05:48:22 +00:00			`from flask import request, Response, abort, send_from_directory`
use new gevent version to support python 3.7 2018-09-03 15:28:08 +00:00			`from gevent.pywsgi import WSGIServer`
misc updates 2018-08-04 03:47:56 +00:00			`import sys, random, threading, hmac, hashlib, base64, time, math, os, json`
Added API check in requests 2018-10-27 03:29:25 +00:00			`import core`
Update to new Block API 2018-05-19 22:11:51 +00:00			`from onionrblockapi import Block`
Make Onionr more user friendly This commit mostly just made messages more readable, worked on logger, and fixed a few bugs 2018-11-11 03:25:40 +00:00			`import onionrutils, onionrexceptions, onionrcrypto, blockimporter, onionrevents as events, logger, config, onionr`
Update to new Block API 2018-05-19 22:11:51 +00:00
work on revising api 2018-12-18 23:48:17 +00:00			`def guessMime(path):`
Code consistency updates - Improved formatting - Added comments - URL encoded values in netcontroller.performGET - Kept SQL statement case consistency 2018-02-04 03:44:29 +00:00			`'''`
work on revising api 2018-12-18 23:48:17 +00:00			`Guesses the mime type from the input filename`
Code consistency updates - Improved formatting - Added comments - URL encoded values in netcontroller.performGET - Kept SQL statement case consistency 2018-02-04 03:44:29 +00:00			`'''`
work on revising api 2018-12-18 23:48:17 +00:00			`mimetypes = {`
			`'html' : 'text/html',`
			`'js' : 'application/javascript',`
			`'css' : 'text/css',`
			`'png' : 'image/png',`
			`'jpg' : 'image/jpeg'`
			`}`

			`for mimetype in mimetypes:`
			`if path.endswith('.%s' % mimetype):`
			`return mimetypes[mimetype]`

			`return 'text/plain'`

			`def setBindIP(filePath):`
			`'''Set a random localhost IP to a specified file (intended for private or public API localhost IPs)'''`
			`hostOctets = [str(127), str(random.randint(0x02, 0xFF)), str(random.randint(0x02, 0xFF)), str(random.randint(0x02, 0xFF))]`
			`data = '.'.join(hostOctets)`

			`with open(filePath, 'w') as bindFile:`
			`bindFile.write(data)`
			`return data`

			`class PublicAPI:`
			`'''`
			`The new client api server, isolated from the public api`
			`'''`
			`def __init__(self, clientAPI):`
			`assert isinstance(clientAPI, API)`
			`app = flask.Flask('PublicAPI')`
			`self.i2pEnabled = config.get('i2p.host', False)`
			`self.hideBlocks = [] # Blocks to be denied sharing`
			`self.host = setBindIP(clientAPI._core.publicApiHostFile)`
			`bindPort = config.get('client.public.port')`
Add web api callbacks 2018-07-30 00:37:12 +00:00
work on revising api 2018-12-18 23:48:17 +00:00			`@app.route('/')`
			`def banner():`
			`#validateHost('public')`
			`try:`
			`with open('static-data/index.html', 'r') as html:`
			`resp = Response(html.read(), mimetype='text/html')`
			`except FileNotFoundError:`
			`resp = Response("")`
			`return resp`
			`clientAPI.setPublicAPIInstance(self)`
			`self.httpServer = WSGIServer((self.host, bindPort), app, log=None)`
			`self.httpServer.serve_forever()`
Improve UI 2018-08-04 02:52:45 +00:00
work on revising api 2018-12-18 23:48:17 +00:00			`class API:`
			`'''`
			`Client HTTP api`
			`'''`
Improve UI 2018-08-04 02:52:45 +00:00
work on revising api 2018-12-18 23:48:17 +00:00			`callbacks = {'public' : {}, 'private' : {}}`
Improve UI 2018-08-04 02:52:45 +00:00
Added API check in requests 2018-10-27 03:29:25 +00:00			`def __init__(self, debug, API_VERSION):`
Code consistency updates - Improved formatting - Added comments - URL encoded values in netcontroller.performGET - Kept SQL statement case consistency 2018-02-04 03:44:29 +00:00			`'''`
			`Initialize the api server, preping variables for later use`
work on adding peers, improved documentation, improved the way the daemon is run, daemon can now be killed from background 2018-01-14 08:48:23 +00:00
Code consistency updates - Improved formatting - Added comments - URL encoded values in netcontroller.performGET - Kept SQL statement case consistency 2018-02-04 03:44:29 +00:00			`This initilization defines all of the API entry points and handlers for the endpoints and errors`
			`This also saves the used host (random localhost IP address) to the data folder in host.txt`
work on adding peers, improved documentation, improved the way the daemon is run, daemon can now be killed from background 2018-01-14 08:48:23 +00:00			`'''`
Refactor configuration management code 2018-02-23 01:58:36 +00:00
Make Onionr more user friendly This commit mostly just made messages more readable, worked on logger, and fixed a few bugs 2018-11-11 03:25:40 +00:00			`# configure logger and stuff`
			`onionr.Onionr.setupConfig('data/', self = self)`
Add logger 2018-01-26 07:22:48 +00:00
work on api with debugging and headers 2017-12-27 05:00:02 +00:00			`self.debug = debug`
timing attack identity correlation prevention added, python3 test, more fingerprinting prevention, began work on PGP core 2018-01-05 09:16:21 +00:00			`self._privateDelayTime = 3`
Added API check in requests 2018-10-27 03:29:25 +00:00			`self._core = core.Core()`
work on peer encryption 2018-02-07 09:04:58 +00:00			`self._crypto = onionrcrypto.OnionrCrypto(self._core)`
work on exchanging data 2018-01-26 06:28:11 +00:00			`self._utils = onionrutils.OnionrUtils(self._core)`
work on api with debugging and headers 2017-12-27 05:00:02 +00:00			`app = flask.Flask(__name__)`
work on revising api 2018-12-18 23:48:17 +00:00			`bindPort = int(config.get('client.client.port', 59496))`
finished client request validation, started daemon queue, and added unit tests file 2018-01-02 08:43:29 +00:00			`self.bindPort = bindPort`
work on revising api 2018-12-18 23:48:17 +00:00
Merge wot 2018-12-09 17:29:39 +00:00			`self.clientToken = config.get('client.webpassword')`
work on pm and gui improvements & some bug fixes 2018-04-16 02:22:19 +00:00			`self.timeBypassToken = base64.b16encode(os.urandom(32)).decode()`

work on revising api 2018-12-18 23:48:17 +00:00			`self.publicAPI = None # gets set when the thread calls our setter... bad hack but kinda necessary with flask`
			`threading.Thread(target=PublicAPI, args=(self,)).start()`
			`self.host = setBindIP(self._core.privateApiHostFile)`
			`logger.info('Running api on %s:%s' % (self.host, self.bindPort))`
			`self.httpServer = ''`
Fix bug involving runcheck 2018-05-02 06:50:29 +00:00
fixed self issue 2018-04-25 06:56:40 +00:00			`@app.route('/')`
work on revising api 2018-12-18 23:48:17 +00:00			`def hello():`
			`return Response("hello client")`

			`@app.route('/shutdown')`
			`def shutdown():`
+ added reverse block insertion * handle downloading of blocks better when peer goes offline * bumped default disk allocation * added post request util 2018-07-23 07:43:10 +00:00			`try:`
work on revising api 2018-12-18 23:48:17 +00:00			`self.publicAPI.httpServer.stop()`
			`self.httpServer.stop()`
			`except AttributeError:`
+ added reverse block insertion * handle downloading of blocks better when peer goes offline * bumped default disk allocation * added post request util 2018-07-23 07:43:10 +00:00			`pass`
work on revising api 2018-12-18 23:48:17 +00:00			`return Response("bye")`

			`self.httpServer = WSGIServer((self.host, bindPort), app, log=None)`
			`self.httpServer.serve_forever()`

			`def setPublicAPIInstance(self, inst):`
			`assert isinstance(inst, PublicAPI)`
			`self.publicAPI = inst`
Merge I2P Branch (#19) * work on i2p support * work on i2p support * redid socks check * redid socks check * redid socks check * work on i2p and fixed broken block processing * fixed no newline delim on block list in api * fixed no newline delim on block list in api * fixed no newline delim on block list in api * use extend instead of append for blocklist after newline changes 2018-05-19 21:32:21 +00:00
work on revising api 2018-12-18 23:48:17 +00:00			`def validateToken(self, token):`
Merge wot 2018-12-09 17:29:39 +00:00			`'''`
work on revising api 2018-12-18 23:48:17 +00:00			`Validate that the client token matches the given token`
Merge wot 2018-12-09 17:29:39 +00:00			`'''`
work on revising api 2018-12-18 23:48:17 +00:00			`if len(self.clientToken) == 0:`
			`logger.error("client password needs to be set")`
Add web api callbacks 2018-07-30 00:37:12 +00:00			`return False`
work on revising api 2018-12-18 23:48:17 +00:00			`try:`
			`if not hmac.compare_digest(self.clientToken, token):`
			`return False`
			`else:`
			`return True`
			`except TypeError:`
			`return False`