From 02c71eab2f63ad7128ca9b544dbed4e37cb93156 Mon Sep 17 00:00:00 2001 From: Kevin Froman Date: Sat, 29 Jun 2019 15:17:48 -0500 Subject: [PATCH] * fixed fd handler probably * fixed security level in ui redesign * moved client api insertblock to its own blueprint --- onionr/api.py | 69 ++++++----------------- onionr/httpapi/insertblock.py | 63 +++++++++++++++++++++ onionr/static-data/www/private/index.html | 2 +- 3 files changed, 82 insertions(+), 52 deletions(-) create mode 100644 onionr/httpapi/insertblock.py diff --git a/onionr/api.py b/onionr/api.py index 38350e4c..2be268c8 100755 --- a/onionr/api.py +++ b/onionr/api.py @@ -25,7 +25,7 @@ from flask import request, Response, abort, send_from_directory import core import onionrexceptions, onionrcrypto, blockimporter, onionrevents as events, logger, config, onionrblockapi import httpapi -from httpapi import friendsapi, profilesapi, configapi, miscpublicapi +from httpapi import friendsapi, profilesapi, configapi, miscpublicapi, insertblock from onionrservices import httpheaders import onionr from onionrutils import bytesconverter, stringvalidators, epoch, mnemonickeys @@ -33,19 +33,23 @@ from onionrutils import bytesconverter, stringvalidators, epoch, mnemonickeys config.reload() class FDSafeHandler(WSGIHandler): '''Our WSGI handler. Doesn't do much non-default except timeouts''' - def __init__(self, sock, address, server, rfile=None): - self.socket = sock - self.address = address - self.server = server - self.rfile = rfile def handle(self): - while True: - timeout = Timeout(120, exception=Exception) - try: - FDSafeHandler.handle(self) - timeout.start() - except Timeout as ex: - raise + self.timeout = Timeout(120, Exception) + self.timeout.start() + try: + WSGIHandler.handle(self) + except Exception: + self.handle_error() + finally: + self.timeout.close() + + def handle_error(self): + if v is self.timeout: + self.result = [b"Timeout"] + self.start_response("200 OK", []) + self.process_result() + else: + WSGIHandler.handle_error(self) def setBindIP(filePath=''): '''Set a random localhost IP to a specified file (intended for private or public API localhost IPs)''' @@ -209,6 +213,7 @@ class API: app.register_blueprint(friendsapi.friends) app.register_blueprint(profilesapi.profile_BP) app.register_blueprint(configapi.config_BP) + app.register_blueprint(insertblock.ib) httpapi.load_plugin_blueprints(app) @app.before_request @@ -440,44 +445,6 @@ class API: def getHumanReadable(name): return Response(mnemonickeys.get_human_readable_ID(name)) - @app.route('/insertblock', methods=['POST']) - def insertBlock(): - encrypt = False - bData = request.get_json(force=True) - message = bData['message'] - - # Detect if message (block body) is not specified - if type(message) is None: - return 'failure', 406 - - subject = 'temp' - encryptType = '' - sign = True - meta = {} - to = '' - try: - if bData['encrypt']: - to = bData['to'] - encrypt = True - encryptType = 'asym' - except KeyError: - pass - try: - if not bData['sign']: - sign = False - except KeyError: - pass - try: - bType = bData['type'] - except KeyError: - bType = 'bin' - try: - meta = json.loads(bData['meta']) - except KeyError: - pass - threading.Thread(target=self._core.insertBlock, args=(message,), kwargs={'header': bType, 'encryptType': encryptType, 'sign':sign, 'asymPeer': to, 'meta': meta}).start() - return Response('success') - self.httpServer = WSGIServer((self.host, bindPort), app, log=None, handler_class=FDSafeHandler) self.httpServer.serve_forever() diff --git a/onionr/httpapi/insertblock.py b/onionr/httpapi/insertblock.py new file mode 100644 index 00000000..d208bf70 --- /dev/null +++ b/onionr/httpapi/insertblock.py @@ -0,0 +1,63 @@ +''' + Onionr - Private P2P Communication + + Create blocks with the client api server +''' +''' + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +''' +import json, threading +from flask import Blueprint, Response, request +import core + +ib = Blueprint('insertblock', __name__) + +@ib.route('/insertblock', methods=['POST']) +def client_api_insert_block(): + c = core.Core() + encrypt = False + bData = request.get_json(force=True) + message = bData['message'] + + # Detect if message (block body) is not specified + if type(message) is None: + return 'failure', 406 + + subject = 'temp' + encryptType = '' + sign = True + meta = {} + to = '' + try: + if bData['encrypt']: + to = bData['to'] + encrypt = True + encryptType = 'asym' + except KeyError: + pass + try: + if not bData['sign']: + sign = False + except KeyError: + pass + try: + bType = bData['type'] + except KeyError: + bType = 'bin' + try: + meta = json.loads(bData['meta']) + except KeyError: + pass + threading.Thread(target=c.insertBlock, args=(message,), kwargs={'header': bType, 'encryptType': encryptType, 'sign':sign, 'asymPeer': to, 'meta': meta}).start() + return Response('success') \ No newline at end of file diff --git a/onionr/static-data/www/private/index.html b/onionr/static-data/www/private/index.html index 0beefa79..ac46b195 100755 --- a/onionr/static-data/www/private/index.html +++ b/onionr/static-data/www/private/index.html @@ -130,7 +130,7 @@
- Security level here + 🔒 Security level:
🕰️ Uptime: