diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
deleted file mode 100644
index 292dfb14..00000000
--- a/.gitlab-ci.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-test:
- script:
- - apt-get update -qy
- - apt-get install -y python3-dev python3-pip tor
- - pip3 install -r requirements.txt
- - make test
\ No newline at end of file
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index 603021b5..00000000
--- a/.travis.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-language: python
-python:
- - "3.6.4"
-# install dependencies
-install:
- - sudo apt install tor
- - pip install -r requirements.txt
-script: make test
diff --git a/onionr-daemon-linux b/onionr-daemon-linux
new file mode 100644
index 00000000..d72ac015
--- /dev/null
+++ b/onionr-daemon-linux
@@ -0,0 +1,2 @@
+#!/usr/bin/sh
+nohup ./run-linux start & disown
diff --git a/onionr/api.py b/onionr/api.py
index f983677d..753afcce 100755
--- a/onionr/api.py
+++ b/onionr/api.py
@@ -17,7 +17,7 @@
You should have received a copy of the GNU General Public License
along with this program. If not, see .
'''
-import flask
+import flask, cgi
from flask import request, Response, abort, send_from_directory
from gevent.pywsgi import WSGIServer
import sys, random, threading, hmac, hashlib, base64, time, math, os, json
@@ -221,7 +221,8 @@ class API:
This initilization defines all of the API entry points and handlers for the endpoints and errors
This also saves the used host (random localhost IP address) to the data folder in host.txt
'''
-
+ # assert isinstance(onionrInst, onionr.Onionr)
+ print(type(onionrInst))
# configure logger and stuff
onionr.Onionr.setupConfig('data/', self = self)
@@ -234,6 +235,8 @@ class API:
bindPort = int(config.get('client.client.port', 59496))
self.bindPort = bindPort
+ self.whitelistEndpoints = ('site', 'www', 'onionrhome', 'board', 'boardContent')
+
self.clientToken = config.get('client.webpassword')
self.timeBypassToken = base64.b16encode(os.urandom(32)).decode()
@@ -249,6 +252,8 @@ class API:
'''Validate request has set password and is the correct hostname'''
if request.host != '%s:%s' % (self.host, self.bindPort):
abort(403)
+ if request.endpoint in self.whitelistEndpoints:
+ return
try:
if not hmac.compare_digest(request.headers['token'], self.clientToken):
abort(403)
@@ -257,7 +262,8 @@ class API:
@app.after_request
def afterReq(resp):
- resp.headers["Content-Security-Policy"] = "default-src 'none'; script-src 'none'; object-src 'none'; style-src data: 'unsafe-inline'; img-src data:; media-src 'none'; frame-src 'none'; font-src 'none'; connect-src 'none'"
+ #resp.headers["Content-Security-Policy"] = "default-src 'none'; script-src 'none'; object-src 'none'; style-src data: 'unsafe-inline'; img-src data:; media-src 'none'; frame-src 'none'; font-src 'none'; connect-src 'none'"
+ resp.headers['Content-Security-Policy'] = "default-src 'none'; script-src 'self'; object-src 'none'; style-src 'self'; img-src 'self'; media-src 'none'; frame-src 'none'; font-src 'none'; connect-src 'self'"
resp.headers['X-Frame-Options'] = 'deny'
resp.headers['X-Content-Type-Options'] = "nosniff"
resp.headers['X-API'] = onionr.API_VERSION
@@ -265,20 +271,54 @@ class API:
resp.headers['Date'] = 'Thu, 1 Jan 1970 00:00:00 GMT' # Clock info is probably useful to attackers. Set to unix epoch.
return resp
+ @app.route('/board/', endpoint='board')
+ def loadBoard():
+ return send_from_directory('static-data/www/board/', "index.html")
+
+ @app.route('/board/', endpoint='boardContent')
+ def boardContent(path):
+ return send_from_directory('static-data/www/board/', path)
+
+ @app.route('/www/', endpoint='www')
+ def wwwPublic(path):
+ if not config.get("www.private.run", True):
+ abort(403)
+ return send_from_directory(config.get('www.private.path', 'static-data/www/private/'), path)
+
@app.route('/ping')
def ping():
return Response("pong!")
- @app.route('/')
+ @app.route('/', endpoint='onionrhome')
def hello():
- return Response("hello client")
+ return Response("Welcome to Onionr")
+
+ @app.route('/getblocksbytype/')
+ def getBlocksByType(name):
+ blocks = self._core.getBlocksByType(name)
+ return Response(','.join(blocks))
+
+ @app.route('/gethtmlsafeblockdata/')
+ def getData(name):
+ resp = ''
+ if self._core._utils.validateHash(name):
+ try:
+ resp = cgi.escape(Block(name).bcontent, quote=True)
+ except TypeError:
+ pass
+ else:
+ abort(404)
+ return Response(resp)
- @app.route('/site/')
- def site():
- bHash = block
+ @app.route('/site/', endpoint='site')
+ def site(name):
+ bHash = name
resp = 'Not Found'
if self._core._utils.validateHash(bHash):
- resp = Block(bHash).bcontent
+ try:
+ resp = Block(bHash).bcontent
+ except TypeError:
+ pass
try:
resp = base64.b64decode(resp)
except:
diff --git a/onionr/onionrcrypto.py b/onionr/onionrcrypto.py
index 0daf6e3e..03da9213 100644
--- a/onionr/onionrcrypto.py
+++ b/onionr/onionrcrypto.py
@@ -268,7 +268,7 @@ class OnionrCrypto:
blockHash = blockHash.decode() # bytes on some versions for some reason
except AttributeError:
pass
-
+
difficulty = onionrproofs.getDifficultyForNewBlock(blockContent, ourBlock=False)
if difficulty < int(config.get('general.minimum_block_pow')):
diff --git a/onionr/onionrproofs.py b/onionr/onionrproofs.py
index 8e3da0a4..f1645a49 100644
--- a/onionr/onionrproofs.py
+++ b/onionr/onionrproofs.py
@@ -57,6 +57,8 @@ def getDifficultyForNewBlock(data, ourBlock=True):
dataSize = len(data.getRaw().encode('utf-8'))
elif isinstance(data, str):
dataSize = len(data.encode('utf-8'))
+ elif isinstance(data, bytes):
+ dataSize = len(data)
elif isinstance(data, int):
dataSize = data
else:
diff --git a/onionr/static-data/default_config.json b/onionr/static-data/default_config.json
index 524ee185..ed9270db 100644
--- a/onionr/static-data/default_config.json
+++ b/onionr/static-data/default_config.json
@@ -2,8 +2,8 @@
"general" : {
"dev_mode" : true,
"display_header" : false,
- "minimum_block_pow": 4,
- "minimum_send_pow": 4,
+ "minimum_block_pow": 3,
+ "minimum_send_pow": 3,
"socket_servers": false,
"security_level": 0,
"max_block_age": 2678400,
@@ -69,7 +69,7 @@
},
"allocations" : {
- "disk" : 2000,
+ "disk" : 100000000,
"net_total" : 1000000000,
"blockCache" : 5000000,
"blockCacheTotal" : 50000000
diff --git a/onionr/static-data/www/board/board.js b/onionr/static-data/www/board/board.js
new file mode 100644
index 00000000..fbdddd51
--- /dev/null
+++ b/onionr/static-data/www/board/board.js
@@ -0,0 +1,32 @@
+webpassword = ''
+requested = {}
+document.getElementById('feed').innerText = 'none :)'
+
+function httpGet(theUrl) {
+ var xmlHttp = new XMLHttpRequest()
+ xmlHttp.open( "GET", theUrl, false ) // false for synchronous request
+ xmlHttp.setRequestHeader('token', webpassword)
+ xmlHttp.send( null )
+ return xmlHttp.responseText
+}
+function appendMessages(msg){
+ document.getElementById('feed').append(msg)
+ document.getElementById('feed').appendChild(document.createElement('br'))
+}
+
+function getBlocks(){
+ var feedText = httpGet('/getblocksbytype/txt')
+ var blockList = feedText.split(',')
+ for (i = 0; i < blockList.length; i++){
+ bl = httpGet('/gethtmlsafeblockdata/' + blockList[i])
+ appendMessages(bl)
+ }
+}
+
+document.getElementById('webpassword').oninput = function(){
+ webpassword = document.getElementById('webpassword').value
+}
+
+document.getElementById('refreshFeed').onclick = function(){
+ getBlocks()
+}
\ No newline at end of file
diff --git a/onionr/static-data/www/board/index.html b/onionr/static-data/www/board/index.html
new file mode 100644
index 00000000..3b1c3426
--- /dev/null
+++ b/onionr/static-data/www/board/index.html
@@ -0,0 +1,16 @@
+
+
+
+
+
+ OnionrBoard
+
+
+
+
Onionr Board
+
+
+
+
+
+
\ No newline at end of file
diff --git a/onionr/static-data/www/board/theme.css b/onionr/static-data/www/board/theme.css
new file mode 100644
index 00000000..e69de29b