started work on base64 transporting

This commit is contained in:
Kevin Froman 2018-04-22 20:43:17 -05:00
parent 4ff6baa279
commit 89f1b11dac
No known key found for this signature in database
GPG Key ID: 0D414D0FE405B63B
5 changed files with 54 additions and 11 deletions

View File

@ -68,6 +68,8 @@ class API:
self.clientToken = config.get('client')['client_hmac'] self.clientToken = config.get('client')['client_hmac']
self.timeBypassToken = base64.b16encode(os.urandom(32)).decode() self.timeBypassToken = base64.b16encode(os.urandom(32)).decode()
self.mimeType = 'text/plain'
with open('data/time-bypass.txt', 'w') as bypass: with open('data/time-bypass.txt', 'w') as bypass:
bypass.write(self.timeBypassToken) bypass.write(self.timeBypassToken)
@ -96,12 +98,17 @@ class API:
def afterReq(resp): def afterReq(resp):
if not self.requestFailed: if not self.requestFailed:
resp.headers['Access-Control-Allow-Origin'] = '*' resp.headers['Access-Control-Allow-Origin'] = '*'
else: #else:
resp.headers['server'] = 'Onionr' # resp.headers['server'] = 'Onionr'
resp.headers['Content-Type'] = 'text/plain' resp.headers['Content-Type'] = self.mimeType
resp.headers["Content-Security-Policy"] = "default-src 'none'" resp.headers["Content-Security-Policy"] = "default-src 'none'; script-src 'none'; object-src 'none'; style-src data: 'unsafe-inline'; img-src data:; media-src 'none'; frame-src 'none'; font-src 'none'; connect-src 'none'"
resp.headers['X-Frame-Options'] = 'deny' resp.headers['X-Frame-Options'] = 'deny'
resp.headers['X-Content-Type-Options'] = "nosniff" resp.headers['X-Content-Type-Options'] = "nosniff"
resp.headers['server'] = 'Onionr'
# reset to text/plain to help prevent browser attacks
if self.mimeType != 'text/plain':
self.mimeType = 'text/plain'
return resp return resp
@ -111,6 +118,11 @@ class API:
timingToken = '' timingToken = ''
else: else:
timingToken = request.args.get('timingToken') timingToken = request.args.get('timingToken')
data = request.args.get('data')
try:
data = data
except:
data = ''
startTime = math.floor(time.time()) startTime = math.floor(time.time())
# we should keep a hash DB of requests (with hmac) to prevent replays # we should keep a hash DB of requests (with hmac) to prevent replays
action = request.args.get('action') action = request.args.get('action')
@ -129,6 +141,15 @@ class API:
resp = Response('pong') resp = Response('pong')
elif action == 'stats': elif action == 'stats':
resp = Response('me_irl') resp = Response('me_irl')
elif action == 'site':
block = data
siteData = self._core.getData(data)
response = 'not found'
if siteData != '' and siteData != False:
self.mimeType = 'text/html'
response = siteData.split('-', 2)[-1]
resp = Response(response)
else: else:
resp = Response('(O_o) Dude what? (invalid command)') resp = Response('(O_o) Dude what? (invalid command)')
endTime = math.floor(time.time()) endTime = math.floor(time.time())
@ -149,7 +170,7 @@ class API:
requestingPeer = request.args.get('myID') requestingPeer = request.args.get('myID')
data = request.args.get('data') data = request.args.get('data')
try: try:
data data = data
except: except:
data = '' data = ''
if action == 'firstConnect': if action == 'firstConnect':
@ -175,7 +196,7 @@ class API:
resp = Response('') resp = Response('')
# setData should be something the communicator initiates, not this api # setData should be something the communicator initiates, not this api
elif action == 'getData': elif action == 'getData':
resp = self._core.getData(data) resp = base64.b64encode(self._core.getData(data))
if resp == False: if resp == False:
abort(404) abort(404)
resp = "" resp = ""

View File

@ -19,7 +19,7 @@ and code to operate as a daemon, getting commands from the command queue databas
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>. along with this program. If not, see <https://www.gnu.org/licenses/>.
''' '''
import sqlite3, requests, hmac, hashlib, time, sys, os, math, logger, urllib.parse, random import sqlite3, requests, hmac, hashlib, time, sys, os, math, logger, urllib.parse, random, base64
import core, onionrutils, onionrcrypto, netcontroller, onionrproofs, btc, config, onionrplugins as plugins import core, onionrutils, onionrcrypto, netcontroller, onionrproofs, btc, config, onionrplugins as plugins
class OnionrCommunicate: class OnionrCommunicate:
@ -239,6 +239,10 @@ class OnionrCommunicate:
for i in peerList: for i in peerList:
hasher = hashlib.sha3_256() hasher = hashlib.sha3_256()
data = self.performGet('getData', i, hash) data = self.performGet('getData', i, hash)
try:
base64.b64decode(data)
except binascii.Error:
data = b''
if data == False or len(data) > 10000000: if data == False or len(data) > 10000000:
continue continue
hasher.update(data.encode()) hasher.update(data.encode())

View File

@ -258,7 +258,7 @@ class Core:
Simply return the data associated to a hash Simply return the data associated to a hash
''' '''
try: try:
dataFile = open(self.blockDataLocation + hash + '.dat') dataFile = open(self.blockDataLocation + hash + '.dat', 'rb')
data = dataFile.read() data = dataFile.read()
dataFile.close() dataFile.close()
except FileNotFoundError: except FileNotFoundError:
@ -281,8 +281,8 @@ class Core:
pass # TODO: properly check if block is already saved elsewhere pass # TODO: properly check if block is already saved elsewhere
#raise Exception("Data is already set for " + dataHash) #raise Exception("Data is already set for " + dataHash)
else: else:
blockFile = open(blockFileName, 'w') blockFile = open(blockFileName, 'wb')
blockFile.write(data.decode()) blockFile.write(data)
blockFile.close() blockFile.close()
conn = sqlite3.connect(self.blockDB) conn = sqlite3.connect(self.blockDB)

View File

@ -175,6 +175,7 @@ class Onionr:
'add-addr': self.addAddress, 'add-addr': self.addAddress,
'addaddr': self.addAddress, 'addaddr': self.addAddress,
'addaddress': self.addAddress, 'addaddress': self.addAddress,
'addfile': self.addFile,
'introduce': self.onionrCore.introduceNode, 'introduce': self.onionrCore.introduceNode,
'connect': self.addAddress 'connect': self.addAddress
@ -196,6 +197,7 @@ class Onionr:
'add-msg': 'Broadcasts a message to the Onionr network', 'add-msg': 'Broadcasts a message to the Onionr network',
'pm': 'Adds a private message to block', 'pm': 'Adds a private message to block',
'get-pms': 'Shows private messages sent to you', 'get-pms': 'Shows private messages sent to you',
'addfile': 'Create an Onionr block from a file',
'introduce': 'Introduce your node to the public Onionr network (DAEMON MUST BE RUNNING)', 'introduce': 'Introduce your node to the public Onionr network (DAEMON MUST BE RUNNING)',
} }
@ -369,7 +371,7 @@ class Onionr:
addedHash = self.onionrCore.setData(messageToAdd) addedHash = self.onionrCore.setData(messageToAdd)
self.onionrCore.addToBlockDB(addedHash, selfInsert=True) self.onionrCore.addToBlockDB(addedHash, selfInsert=True)
self.onionrCore.setBlockType(addedHash, 'txt') self.onionrCore.setBlockType(addedHash, 'txt')
logger.info("inserted your message as block: " + addedHash)
return return
def getPMs(self): def getPMs(self):
@ -556,5 +558,20 @@ class Onionr:
retval = retVal.read() retval = retVal.read()
except FileNotFoundError: except FileNotFoundError:
return retVal return retVal
def addFile(self):
'''command to add a file to the onionr network'''
if len(sys.argv) >= 2:
newFile = sys.argv[2]
logger.info('Attempting to add file...')
try:
with open(newFile, 'r') as new:
new = new.read()
except FileNotFoundError:
logger.warn('That file does not exist. Improper path?')
else:
print(new)
self.onionrCore.insertBlock(new, header='bin')
Onionr() Onionr()

View File

@ -1 +1,2 @@
onionisrgccylxpr.onion onionisrgccylxpr.onion
aaronk3mcmglj6qedwptg62yl3wxxjwba2ucpoobrn7iudcacdxtrfad.onion