work on api with debugging and headers
This commit is contained in:
parent
b6e9e2e002
commit
a2beb5971b
28
api.py
28
api.py
@ -13,8 +13,8 @@
|
|||||||
You should have received a copy of the GNU General Public License
|
You should have received a copy of the GNU General Public License
|
||||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
'''
|
'''
|
||||||
from flask import Flask, request
|
import flask
|
||||||
app = Flask(__name__)
|
from flask import request, Response
|
||||||
import configparser, sys, random
|
import configparser, sys, random
|
||||||
'''
|
'''
|
||||||
Main API
|
Main API
|
||||||
@ -23,6 +23,8 @@ class API:
|
|||||||
|
|
||||||
def __init__(self, config, debug):
|
def __init__(self, config, debug):
|
||||||
self.config = config
|
self.config = config
|
||||||
|
self.debug = debug
|
||||||
|
app = flask.Flask(__name__)
|
||||||
bindPort = int(self.config['CLIENT']['PORT'])
|
bindPort = int(self.config['CLIENT']['PORT'])
|
||||||
clientToken = self.config['CLIENT']['CLIENT HMAC']
|
clientToken = self.config['CLIENT']['CLIENT HMAC']
|
||||||
|
|
||||||
@ -32,10 +34,26 @@ class API:
|
|||||||
else:
|
else:
|
||||||
self.host = '127.0.0.1'
|
self.host = '127.0.0.1'
|
||||||
|
|
||||||
|
@app.after_request
|
||||||
|
def afterReq(resp):
|
||||||
|
resp.headers['Access-Control-Allow-Origin'] = '*'
|
||||||
|
resp.headers['server'] = 'Onionr'
|
||||||
|
resp.headers['content-type'] = 'text/plain'
|
||||||
|
resp.headers["Content-Security-Policy"] = "default-src 'none'"
|
||||||
|
resp.headers['x-frame-options'] = 'deny'
|
||||||
|
return resp
|
||||||
|
|
||||||
@app.route('/client/hello')
|
@app.route('/client/hello')
|
||||||
def hello_world():
|
def hello_world():
|
||||||
self.validateHost()
|
self.validateHost()
|
||||||
return 'Hello, World!' + request.host
|
resp = Response('Hello, World!' + request.host)
|
||||||
|
return resp
|
||||||
|
|
||||||
|
@app.errorhandler(404)
|
||||||
|
def notfound(err):
|
||||||
|
resp = Response("\_(0_0)_/ I got nothin")
|
||||||
|
resp.headers = getHeaders(resp)
|
||||||
|
return resp
|
||||||
|
|
||||||
print('Starting client on ' + self.host + ':' + str(bindPort))
|
print('Starting client on ' + self.host + ':' + str(bindPort))
|
||||||
print('Client token:', clientToken)
|
print('Client token:', clientToken)
|
||||||
@ -43,6 +61,8 @@ class API:
|
|||||||
app.run(host=self.host, port=bindPort, debug=True)
|
app.run(host=self.host, port=bindPort, debug=True)
|
||||||
|
|
||||||
def validateHost(self):
|
def validateHost(self):
|
||||||
|
if self.debug:
|
||||||
|
return
|
||||||
# Validate host header, to protect against DNS rebinding attacks
|
# Validate host header, to protect against DNS rebinding attacks
|
||||||
if request.host != '127.0.0.1:' + str(self.config['CLIENT']['PORT']):
|
if request.host != '127.0.0.1:' + str(self.config['CLIENT']['PORT']):
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
@ -50,4 +70,4 @@ class API:
|
|||||||
try:
|
try:
|
||||||
request.headers['x-requested-with']
|
request.headers['x-requested-with']
|
||||||
except:
|
except:
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
@ -19,13 +19,17 @@ import gui, api
|
|||||||
class Onionr:
|
class Onionr:
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
|
|
||||||
|
# Get configuration and Handle commands
|
||||||
|
|
||||||
self.debug = True # Whole application debugging
|
self.debug = True # Whole application debugging
|
||||||
|
|
||||||
os.chdir(sys.path[0])
|
os.chdir(sys.path[0])
|
||||||
|
# Get configuration
|
||||||
self.config = configparser.ConfigParser()
|
self.config = configparser.ConfigParser()
|
||||||
if os.path.exists('data/config.ini'):
|
if os.path.exists('data/config.ini'):
|
||||||
self.config.read('data/config.ini')
|
self.config.read('data/config.ini')
|
||||||
else:
|
else:
|
||||||
|
# Generate default config
|
||||||
# Hostname should only be set if different from 127.x.x.x. Important for DNS rebinding attack prevention.
|
# Hostname should only be set if different from 127.x.x.x. Important for DNS rebinding attack prevention.
|
||||||
if debug:
|
if debug:
|
||||||
randomPort = 8080
|
randomPort = 8080
|
||||||
|
Loading…
Reference in New Issue
Block a user