diff --git a/onionr/api.py b/onionr/api.py index 48d0242f..f39604dd 100755 --- a/onionr/api.py +++ b/onionr/api.py @@ -32,11 +32,13 @@ class API: ''' Validate that the client token (hmac) matches the given token ''' - - if not hmac.compare_digest(self.clientToken.strip(), token.strip()): + try: + if not hmac.compare_digest(self.clientToken, token): + return False + else: + return True + except TypeError: return False - else: - return True def __init__(self, debug): ''' @@ -70,7 +72,7 @@ class API: bypass.write(self.timeBypassToken) if not os.environ.get("WERKZEUG_RUN_MAIN") == "true": - logger.debug('Your HMAC token: ' + logger.colors.underline + self.clientToken) + logger.debug('Your web password (KEEP SECRET): ' + logger.colors.underline + self.clientToken) if not debug and not self._developmentMode: hostNums = [random.randint(1, 255), random.randint(1, 255), random.randint(1, 255)] diff --git a/onionr/core.py b/onionr/core.py index b75697af..72525294 100644 --- a/onionr/core.py +++ b/onionr/core.py @@ -87,6 +87,20 @@ class Core: if self._utils.validateID(address): conn = sqlite3.connect(self.addressDB) c = conn.cursor() + # check if address is in database + # this is safe to do because the address is validated above, but we strip some chars here too just in case + address = address.replace('\'', '').replace(';', '').replace('"', '').replace('\\', '') + for i in c.execute("SELECT * FROM adders where address = '" + address + "';"): + try: + if i[0] == address: + logger.warn('Not adding existing address') + conn.close() + return False + except ValueError: + pass + except IndexError: + pass + t = (address, 1) c.execute('INSERT INTO adders (address, type) VALUES(?, ?);', t) conn.commit() diff --git a/onionr/onionr.py b/onionr/onionr.py index 40d324ab..323c3522 100755 --- a/onionr/onionr.py +++ b/onionr/onionr.py @@ -135,8 +135,8 @@ class Onionr: 'reload-plugins': self.reloadPlugin, 'reloadplugins': self.reloadPlugin, - 'listpeers': self.listPeers, - 'list-peers': self.listPeers, + 'listkeys': self.listKeys, + 'list-keys': self.listKeys, 'addmsg': self.addMessage, 'addmessage': self.addMessage, @@ -144,6 +144,9 @@ class Onionr: 'add-message': self.addMessage, 'pm': self.sendEncrypt, + 'getpms': self.getPMs, + 'get-pms': self.getPMs, + 'gui': self.openGUI, 'addpeer': self.addPeer, @@ -168,7 +171,8 @@ class Onionr: 'add-peer': 'Adds a peer (?)', 'add-msg': 'Broadcasts a message to the Onionr network', 'pm': 'Adds a private message to block', - 'gui': 'Opens a graphical interface for Onionr' + 'gui': 'Opens a graphical interface for Onionr', + 'getpms': 'Shows private messages sent to you' } command = '' @@ -277,12 +281,12 @@ class Onionr: gui.OnionrGUI(self.onionrCore) - def listPeers(self): + def listKeys(self): ''' - Displays a list of peers (?) + Displays a list of keys (used to be called peers) (?) ''' - logger.info('Peer list:\n') + logger.info('Public keys in database:\n') for i in self.onionrCore.listPeers(): logger.info(i) @@ -290,7 +294,7 @@ class Onionr: ''' Adds a peer (?) ''' - + try: newPeer = sys.argv[2] except: @@ -332,6 +336,12 @@ class Onionr: self.onionrCore.setBlockType(addedHash, 'txt') return + + def getPMs(self): + ''' + display PMs sent to us + ''' + self.onionrUtils.loadPMs() def enablePlugin(self): ''' diff --git a/onionr/onionrcrypto.py b/onionr/onionrcrypto.py index 251d1502..98bf9230 100644 --- a/onionr/onionrcrypto.py +++ b/onionr/onionrcrypto.py @@ -80,20 +80,20 @@ class OnionrCrypto: retVal = anonBox.encrypt(data.encode(), encoder=encoding) return retVal - def pubKeyDecrypt(self, data, pubkey, anonymous=False, encodedData=False): + def pubKeyDecrypt(self, data, pubkey='', anonymous=False, encodedData=False): '''pubkey decrypt (Curve25519, taken from Ed25519 pubkey)''' - retVal = '' + retVal = False if encodedData: encoding = nacl.encoding.Base64Encoder else: encoding = nacl.encoding.RawEncoder - ownKey = nacl.signing.SigningKey(seed=self.privKey, encoder=nacl.encoding.Base32Encoder()) - if self.privKey != None and not anoymous: + ownKey = nacl.signing.SigningKey(seed=self.privKey, encoder=nacl.encoding.Base32Encoder()).to_curve25519_private_key() + if self.privKey != None and not anonymous: ourBox = nacl.public.Box(ownKey, pubkey) decrypted = ourBox.decrypt(data, encoder=encoding) elif anonymous: anonBox = nacl.public.SealedBox(ownKey) - decrypted = anonBox.decrypt(data.encode(), encoder=encoding) + decrypted = anonBox.decrypt(data, encoder=encoding) return decrypted def symmetricPeerEncrypt(self, data, peer): diff --git a/onionr/onionrutils.py b/onionr/onionrutils.py index 0ac673f8..4c0f2771 100644 --- a/onionr/onionrutils.py +++ b/onionr/onionrutils.py @@ -224,7 +224,7 @@ class OnionrUtils: nacl.signing.SigningKey(seed=key, encoder=nacl.encoding.Base32Encoder) except nacl.exceptions.ValueError: pass - except binascii.Error: + except base64.binascii.Error as err: pass else: retVal = True @@ -274,3 +274,26 @@ class OnionrUtils: retVal = False return retVal + + def loadPMs(self): + ''' + Find, decrypt, and return array of PMs (array of dictionary, {from, text}) + ''' + blocks = self._core.getBlockList().split('\n') + message = '' + sender = '' + for i in blocks: + if len (i) == 0: + continue + with open('data/blocks/' + i + '.dat', 'r') as potentialMessage: + message = potentialMessage.read() + if message.startswith('-pm-'): + try: + message = self._core._crypto.pubKeyDecrypt(message.replace('-pm-', ''), encodedData=True, anonymous=True) + except nacl.exceptions.CryptoError as e: + #logger.debug('Unable to decrypt ' + i) + #logger.debug(str(e)) + pass + else: + logger.info('Recieved message: ' + message.decode()) + return \ No newline at end of file