From 7d8c3f75e4aa7497f04b4d9a03c6215d30999e80 Mon Sep 17 00:00:00 2001 From: Kevin Date: Sun, 21 Jun 2020 15:48:00 -0500 Subject: [PATCH] fix formatting in httpapi security --- src/httpapi/security/client.py | 21 ++++++++++----------- src/httpapi/security/pluginwhitelist.py | 9 +++++---- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/src/httpapi/security/client.py b/src/httpapi/security/client.py index 92a5587a..77cb5d06 100644 --- a/src/httpapi/security/client.py +++ b/src/httpapi/security/client.py @@ -1,9 +1,12 @@ -''' - Onionr - Private P2P Communication +"""Onionr - Private P2P Communication. - Process incoming requests to the client api server to validate they are legitimate -''' -''' +Process incoming requests to the client api server to validate they are legitimate +""" +import hmac +from flask import Blueprint, request, abort, g +from onionrservices import httpheaders +from . import pluginwhitelist +""" This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or @@ -16,11 +19,7 @@ You should have received a copy of the GNU General Public License along with this program. If not, see . -''' -import hmac -from flask import Blueprint, request, abort, g -from onionrservices import httpheaders -from . import pluginwhitelist +""" # Be extremely mindful of this. These are endpoints available without a password whitelist_endpoints = ['www', 'staticfiles.homedata', 'staticfiles.sharedContent', @@ -36,7 +35,7 @@ class ClientAPISecurity: @client_api_security_bp.before_app_request def validate_request(): - '''Validate request has set password and is the correct hostname''' + """Validate request has set password and is the correct hostname""" # For the purpose of preventing DNS rebinding attacks if request.host != '%s:%s' % (client_api.host, client_api.bindPort): abort(403) diff --git a/src/httpapi/security/pluginwhitelist.py b/src/httpapi/security/pluginwhitelist.py index de6c8baa..ecfa280f 100644 --- a/src/httpapi/security/pluginwhitelist.py +++ b/src/httpapi/security/pluginwhitelist.py @@ -1,8 +1,8 @@ -""" - Onionr - Private P2P Communication +"""Onionr - Private P2P Communication. - Load web UI client endpoints into the whitelist from plugins +Load web UI client endpoints into the whitelist from plugins """ +import onionrplugins """ This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,8 @@ You should have received a copy of the GNU General Public License along with this program. If not, see . """ -import onionrplugins + + def load_plugin_security_whitelist_endpoints(whitelist: list): """Accept a list reference of whitelist endpoints from security/client.py and append plugin's specified endpoints to them by attribute"""