added loading whitelisted endpoints from plugins
This commit is contained in:
parent
e267bbbead
commit
3c6cbca0ac
@ -1,9 +1,9 @@
|
||||
'''
|
||||
"""
|
||||
Onionr - Private P2P Communication
|
||||
|
||||
This file registers plugin's flask blueprints for the client http server
|
||||
'''
|
||||
'''
|
||||
"""
|
||||
"""
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
@ -16,13 +16,14 @@
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
'''
|
||||
"""
|
||||
import onionrplugins
|
||||
def load_plugin_blueprints(flaskapp, blueprint='flask_blueprint'):
|
||||
'''Iterate enabled plugins and load any http endpoints they have'''
|
||||
|
||||
def load_plugin_blueprints(flaskapp, blueprint: str = 'flask_blueprint'):
|
||||
"""Iterate enabled plugins and load any http endpoints they have"""
|
||||
for plugin in onionrplugins.get_enabled_plugins():
|
||||
plugin = onionrplugins.get_plugin(plugin)
|
||||
try:
|
||||
flaskapp.register_blueprint(getattr(plugin, blueprint))
|
||||
except AttributeError:
|
||||
pass
|
||||
pass
|
||||
|
@ -20,19 +20,18 @@
|
||||
import hmac
|
||||
from flask import Blueprint, request, abort, g
|
||||
from onionrservices import httpheaders
|
||||
from . import pluginwhitelist
|
||||
|
||||
# Be extremely mindful of this. These are endpoints available without a password
|
||||
whitelist_endpoints = ('siteapi.site', 'www', 'staticfiles.onionrhome', 'staticfiles.homedata',
|
||||
'staticfiles.board', 'staticfiles.profiles',
|
||||
'staticfiles.profilesindex',
|
||||
'staticfiles.boardContent', 'staticfiles.sharedContent',
|
||||
'staticfiles.mail', 'staticfiles.mailindex', 'staticfiles.friends', 'staticfiles.friendsindex',
|
||||
'staticfiles.chat', 'staticfiles.chatIndex')
|
||||
whitelist_endpoints = ['www', 'staticfiles.homedata', 'staticfiles.sharedContent',
|
||||
'staticfiles.friends', 'staticfiles.friendsindex', 'siteapi.site', 'staticfiles.onionrhome']
|
||||
|
||||
class ClientAPISecurity:
|
||||
def __init__(self, client_api):
|
||||
client_api_security_bp = Blueprint('clientapisecurity', __name__)
|
||||
self.client_api_security_bp = client_api_security_bp
|
||||
self.client_api = client_api
|
||||
pluginwhitelist.load_plugin_security_whitelist_endpoints(whitelist_endpoints)
|
||||
|
||||
@client_api_security_bp.before_app_request
|
||||
def validate_request():
|
||||
@ -40,6 +39,13 @@ class ClientAPISecurity:
|
||||
# For the purpose of preventing DNS rebinding attacks
|
||||
if request.host != '%s:%s' % (client_api.host, client_api.bindPort):
|
||||
abort(403)
|
||||
|
||||
# Add shared objects
|
||||
try:
|
||||
g.too_many = self.client_api._too_many
|
||||
except KeyError:
|
||||
g.too_many = None
|
||||
|
||||
if request.endpoint in whitelist_endpoints:
|
||||
return
|
||||
try:
|
||||
@ -49,12 +55,6 @@ class ClientAPISecurity:
|
||||
except KeyError:
|
||||
if not hmac.compare_digest(request.form['token'], client_api.clientToken):
|
||||
abort(403)
|
||||
|
||||
# Add shared objects
|
||||
try:
|
||||
g.too_many = self.client_api._too_many
|
||||
except KeyError:
|
||||
g.too_many = None
|
||||
|
||||
@client_api_security_bp.after_app_request
|
||||
def after_req(resp):
|
||||
|
13
onionr/httpapi/security/pluginwhitelist.py
Normal file
13
onionr/httpapi/security/pluginwhitelist.py
Normal file
@ -0,0 +1,13 @@
|
||||
import onionrplugins
|
||||
def load_plugin_security_whitelist_endpoints(whitelist: list):
|
||||
"""Accept a list reference of whitelist endpoints from security/client.py and
|
||||
append plugin's specified endpoints to them by attribute"""
|
||||
for plugin in onionrplugins.get_enabled_plugins():
|
||||
try:
|
||||
plugin = onionrplugins.get_plugin(plugin)
|
||||
except FileNotFoundError:
|
||||
continue
|
||||
try:
|
||||
whitelist.extend(getattr(plugin, "security_whitelist"))
|
||||
except AttributeError:
|
||||
pass
|
@ -31,6 +31,7 @@ sys.path.insert(0, os.path.dirname(os.path.realpath(__file__)))
|
||||
import controlapi, peerserver
|
||||
flask_blueprint = controlapi.flask_blueprint
|
||||
direct_blueprint = peerserver.direct_blueprint
|
||||
security_whitelist = ['staticfiles.chat', 'staticfiles.chatIndex']
|
||||
|
||||
def exit_with_error(text=''):
|
||||
if text != '':
|
||||
|
@ -30,6 +30,7 @@ import deadsimplekv as simplekv
|
||||
sys.path.insert(0, os.path.dirname(os.path.realpath(__file__)))
|
||||
import flowapi # import after path insert
|
||||
flask_blueprint = flowapi.flask_blueprint
|
||||
security_whitelist = ['staticfiles.boardContent', 'staticfiles.board']
|
||||
|
||||
plugin_name = 'flow'
|
||||
PLUGIN_VERSION = '0.0.1'
|
||||
|
@ -36,6 +36,7 @@ PLUGIN_VERSION = '0.0.1'
|
||||
sys.path.insert(0, os.path.dirname(os.path.realpath(__file__)))
|
||||
import sentboxdb, mailapi, loadinbox # import after path insert
|
||||
flask_blueprint = mailapi.flask_blueprint
|
||||
security_whitelist = ['staticfiles.mail', 'staticfiles.mailindex']
|
||||
|
||||
def add_deleted(keyStore, bHash):
|
||||
existing = keyStore.get('deleted_mail')
|
||||
|
Loading…
Reference in New Issue
Block a user