kev
/
Onionr
1
0
Fork 0
Code Issues 24 Pull Requests Projects Releases 2 Wiki Activity

fix formatting in httpapi security

This commit is contained in:
Kevin 2020-06-21 15:48:00 -05:00
parent a24c87c5b0
commit 7d8c3f75e4
2 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/httpapi/security/client.py
View File

@ -1,9 +1,12 @@
'''
Onionr - Private P2P Communication
"""Onionr - Private P2P Communication.
Process incoming requests to the client api server to validate they are legitimate
'''
'''
"""
import hmac
from flask import Blueprint, request, abort, g
from onionrservices import httpheaders
from . import pluginwhitelist
"""
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
@ -16,11 +19,7 @@
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
'''
import hmac
from flask import Blueprint, request, abort, g
from onionrservices import httpheaders
from . import pluginwhitelist
"""
# Be extremely mindful of this. These are endpoints available without a password
whitelist_endpoints = ['www', 'staticfiles.homedata', 'staticfiles.sharedContent',
@ -36,7 +35,7 @@ class ClientAPISecurity:
@client_api_security_bp.before_app_request
def validate_request():
'''Validate request has set password and is the correct hostname'''
"""Validate request has set password and is the correct hostname"""
# For the purpose of preventing DNS rebinding attacks
if request.host != '%s:%s' % (client_api.host, client_api.bindPort):
abort(403)

7
src/httpapi/security/pluginwhitelist.py
View File

@ -1,8 +1,8 @@
"""
Onionr - Private P2P Communication
"""Onionr - Private P2P Communication.
Load web UI client endpoints into the whitelist from plugins
"""
import onionrplugins
"""
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -17,7 +17,8 @@
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
"""
import onionrplugins
def load_plugin_security_whitelist_endpoints(whitelist: list):
"""Accept a list reference of whitelist endpoints from security/client.py and
append plugin's specified endpoints to them by attribute"""