work on revising api
This commit is contained in:
parent
a20769fb68
commit
a8f8aea35f
592
onionr/api.py
592
onionr/api.py
@ -19,40 +19,16 @@
|
||||
'''
|
||||
import flask
|
||||
from flask import request, Response, abort, send_from_directory
|
||||
from multiprocessing import Process
|
||||
from gevent.pywsgi import WSGIServer
|
||||
import sys, random, threading, hmac, hashlib, base64, time, math, os, json
|
||||
import core
|
||||
from onionrblockapi import Block
|
||||
import onionrutils, onionrexceptions, onionrcrypto, blockimporter, onionrevents as events, logger, config, onionr
|
||||
|
||||
class API:
|
||||
'''
|
||||
Main HTTP API (Flask)
|
||||
'''
|
||||
|
||||
callbacks = {'public' : {}, 'private' : {}}
|
||||
|
||||
def validateToken(self, token):
|
||||
'''
|
||||
Validate that the client token matches the given token
|
||||
'''
|
||||
if len(self.clientToken) == 0:
|
||||
logger.error("client password needs to be set")
|
||||
return False
|
||||
try:
|
||||
if not hmac.compare_digest(self.clientToken, token):
|
||||
return False
|
||||
else:
|
||||
return True
|
||||
except TypeError:
|
||||
return False
|
||||
|
||||
def guessMime(path):
|
||||
'''
|
||||
Guesses the mime type from the input filename
|
||||
'''
|
||||
|
||||
mimetypes = {
|
||||
'html' : 'text/html',
|
||||
'js' : 'application/javascript',
|
||||
@ -67,6 +43,47 @@ class API:
|
||||
|
||||
return 'text/plain'
|
||||
|
||||
def setBindIP(filePath):
|
||||
'''Set a random localhost IP to a specified file (intended for private or public API localhost IPs)'''
|
||||
hostOctets = [str(127), str(random.randint(0x02, 0xFF)), str(random.randint(0x02, 0xFF)), str(random.randint(0x02, 0xFF))]
|
||||
data = '.'.join(hostOctets)
|
||||
|
||||
with open(filePath, 'w') as bindFile:
|
||||
bindFile.write(data)
|
||||
return data
|
||||
|
||||
class PublicAPI:
|
||||
'''
|
||||
The new client api server, isolated from the public api
|
||||
'''
|
||||
def __init__(self, clientAPI):
|
||||
assert isinstance(clientAPI, API)
|
||||
app = flask.Flask('PublicAPI')
|
||||
self.i2pEnabled = config.get('i2p.host', False)
|
||||
self.hideBlocks = [] # Blocks to be denied sharing
|
||||
self.host = setBindIP(clientAPI._core.publicApiHostFile)
|
||||
bindPort = config.get('client.public.port')
|
||||
|
||||
@app.route('/')
|
||||
def banner():
|
||||
#validateHost('public')
|
||||
try:
|
||||
with open('static-data/index.html', 'r') as html:
|
||||
resp = Response(html.read(), mimetype='text/html')
|
||||
except FileNotFoundError:
|
||||
resp = Response("")
|
||||
return resp
|
||||
clientAPI.setPublicAPIInstance(self)
|
||||
self.httpServer = WSGIServer((self.host, bindPort), app, log=None)
|
||||
self.httpServer.serve_forever()
|
||||
|
||||
class API:
|
||||
'''
|
||||
Client HTTP api
|
||||
'''
|
||||
|
||||
callbacks = {'public' : {}, 'private' : {}}
|
||||
|
||||
def __init__(self, debug, API_VERSION):
|
||||
'''
|
||||
Initialize the api server, preping variables for later use
|
||||
@ -84,520 +101,49 @@ class API:
|
||||
self._crypto = onionrcrypto.OnionrCrypto(self._core)
|
||||
self._utils = onionrutils.OnionrUtils(self._core)
|
||||
app = flask.Flask(__name__)
|
||||
bindPort = int(config.get('client.port', 59496))
|
||||
bindPort = int(config.get('client.client.port', 59496))
|
||||
self.bindPort = bindPort
|
||||
|
||||
self.clientToken = config.get('client.webpassword')
|
||||
self.timeBypassToken = base64.b16encode(os.urandom(32)).decode()
|
||||
|
||||
self.i2pEnabled = config.get('i2p.host', False)
|
||||
|
||||
self.hideBlocks = [] # Blocks to be denied sharing
|
||||
|
||||
with open(self._core.dataDir + 'time-bypass.txt', 'w') as bypass:
|
||||
bypass.write(self.timeBypassToken)
|
||||
|
||||
if not debug and not self._developmentMode:
|
||||
hostOctets = [str(127), str(random.randint(0x02, 0xFF)), str(random.randint(0x02, 0xFF)), str(random.randint(0x02, 0xFF))]
|
||||
self.host = '.'.join(hostOctets)
|
||||
else:
|
||||
self.host = '127.0.0.1'
|
||||
|
||||
with open(self._core.dataDir + 'host.txt', 'w') as file:
|
||||
file.write(self.host)
|
||||
|
||||
@app.before_request
|
||||
def beforeReq():
|
||||
'''
|
||||
Simply define the request as not having yet failed, before every request.
|
||||
'''
|
||||
self.requestFailed = False
|
||||
return
|
||||
|
||||
@app.after_request
|
||||
def afterReq(resp):
|
||||
if not self.requestFailed:
|
||||
resp.headers['Access-Control-Allow-Origin'] = '*'
|
||||
#else:
|
||||
# resp.headers['server'] = 'Onionr'
|
||||
resp.headers["Content-Security-Policy"] = "default-src 'none'; script-src 'none'; object-src 'none'; style-src data: 'unsafe-inline'; img-src data:; media-src 'none'; frame-src 'none'; font-src 'none'; connect-src 'none'"
|
||||
resp.headers['X-Frame-Options'] = 'deny'
|
||||
resp.headers['X-Content-Type-Options'] = "nosniff"
|
||||
resp.headers['X-API'] = API_VERSION
|
||||
resp.headers['Date'] = 'Thu, 1 Jan 1970 00:00:00 GMT' # Clock info is probably useful to attackers. Set to unix epoch.
|
||||
return resp
|
||||
|
||||
@app.route('/site/<path:block>')
|
||||
def site(block):
|
||||
self.validateHost('private')
|
||||
bHash = block
|
||||
resp = 'Not Found'
|
||||
if self._core._utils.validateHash(bHash):
|
||||
resp = Block(bHash).bcontent
|
||||
try:
|
||||
resp = base64.b64decode(resp)
|
||||
except:
|
||||
pass
|
||||
return Response(resp)
|
||||
|
||||
@app.route('/www/private/<path:path>')
|
||||
def www_private(path):
|
||||
startTime = math.floor(time.time())
|
||||
|
||||
if request.args.get('timingToken') is None:
|
||||
timingToken = ''
|
||||
else:
|
||||
timingToken = request.args.get('timingToken')
|
||||
|
||||
if not config.get("www.private.run", True):
|
||||
abort(403)
|
||||
|
||||
self.validateHost('private')
|
||||
|
||||
endTime = math.floor(time.time())
|
||||
elapsed = endTime - startTime
|
||||
|
||||
if not hmac.compare_digest(timingToken, self.timeBypassToken):
|
||||
if (elapsed < self._privateDelayTime) and config.get('www.private.timing_protection', True):
|
||||
time.sleep(self._privateDelayTime - elapsed)
|
||||
|
||||
return send_from_directory(config.get('www.private.path', 'static-data/www/private/'), path)
|
||||
|
||||
@app.route('/www/public/<path:path>')
|
||||
def www_public(path):
|
||||
if not config.get("www.public.run", True):
|
||||
abort(403)
|
||||
|
||||
self.validateHost('public')
|
||||
|
||||
return send_from_directory(config.get('www.public.path', 'static-data/www/public/'), path)
|
||||
|
||||
@app.route('/ui/<path:path>')
|
||||
def ui_private(path):
|
||||
startTime = math.floor(time.time())
|
||||
|
||||
'''
|
||||
if request.args.get('timingToken') is None:
|
||||
timingToken = ''
|
||||
else:
|
||||
timingToken = request.args.get('timingToken')
|
||||
'''
|
||||
|
||||
if not config.get("www.ui.run", True):
|
||||
abort(403)
|
||||
|
||||
if config.get("www.ui.private", True):
|
||||
self.validateHost('private')
|
||||
else:
|
||||
self.validateHost('public')
|
||||
|
||||
'''
|
||||
endTime = math.floor(time.time())
|
||||
elapsed = endTime - startTime
|
||||
|
||||
if not hmac.compare_digest(timingToken, self.timeBypassToken):
|
||||
if elapsed < self._privateDelayTime:
|
||||
time.sleep(self._privateDelayTime - elapsed)
|
||||
'''
|
||||
|
||||
mime = API.guessMime(path)
|
||||
|
||||
logger.debug('Serving %s (mime: %s)' % (path, mime))
|
||||
|
||||
return send_from_directory('static-data/www/ui/dist/', path)
|
||||
|
||||
@app.route('/client/')
|
||||
def private_handler():
|
||||
if request.args.get('timingToken') is None:
|
||||
timingToken = ''
|
||||
else:
|
||||
timingToken = request.args.get('timingToken')
|
||||
data = request.args.get('data')
|
||||
try:
|
||||
data = data
|
||||
except:
|
||||
data = ''
|
||||
startTime = math.floor(time.time())
|
||||
|
||||
action = request.args.get('action')
|
||||
#if not self.debug:
|
||||
token = request.args.get('token')
|
||||
|
||||
if not self.validateToken(token):
|
||||
abort(403)
|
||||
|
||||
events.event('webapi_private', onionr = None, data = {'action' : action, 'data' : data, 'timingToken' : timingToken, 'token' : token})
|
||||
|
||||
self.validateHost('private')
|
||||
if action == 'hello':
|
||||
resp = Response('Hello, World! ' + request.host)
|
||||
elif action == 'getIP':
|
||||
resp = Response(self.host)
|
||||
elif action == 'waitForShare':
|
||||
if self._core._utils.validateHash(data):
|
||||
if data not in self.hideBlocks:
|
||||
self.hideBlocks.append(data)
|
||||
else:
|
||||
self.hideBlocks.remove(data)
|
||||
resp = "success"
|
||||
else:
|
||||
resp = "failed to validate hash"
|
||||
elif action == 'shutdown':
|
||||
# request.environ.get('werkzeug.server.shutdown')()
|
||||
self.http_server.stop()
|
||||
resp = Response('Goodbye')
|
||||
elif action == 'ping':
|
||||
resp = Response('pong')
|
||||
elif action == 'info':
|
||||
resp = Response(json.dumps({'pubkey' : self._core._crypto.pubKey, 'host' : self._core.hsAddress}), mimetype='text/plain')
|
||||
elif action == "insertBlock":
|
||||
response = {'success' : False, 'reason' : 'An unknown error occurred'}
|
||||
|
||||
if not ((data is None) or (len(str(data).strip()) == 0)):
|
||||
try:
|
||||
decoded = json.loads(data)
|
||||
|
||||
block = Block()
|
||||
|
||||
sign = False
|
||||
|
||||
for key in decoded:
|
||||
val = decoded[key]
|
||||
|
||||
key = key.lower()
|
||||
|
||||
if key == 'type':
|
||||
block.setType(val)
|
||||
elif key in ['body', 'content']:
|
||||
block.setContent(val)
|
||||
elif key == 'parent':
|
||||
block.setParent(val)
|
||||
elif key == 'sign':
|
||||
sign = (str(val).lower() == 'true')
|
||||
|
||||
hash = block.save(sign = sign)
|
||||
|
||||
if not hash is False:
|
||||
response['success'] = True
|
||||
response['hash'] = hash
|
||||
response['reason'] = 'Successfully wrote block to file'
|
||||
else:
|
||||
response['reason'] = 'Failed to save the block'
|
||||
except Exception as e:
|
||||
logger.warn('insertBlock api request failed', error = e)
|
||||
logger.debug('Here\'s the request: %s' % data)
|
||||
else:
|
||||
response = {'success' : False, 'reason' : 'Missing `data` parameter.', 'blocks' : {}}
|
||||
|
||||
resp = Response(json.dumps(response))
|
||||
elif action == 'searchBlocks':
|
||||
response = {'success' : False, 'reason' : 'An unknown error occurred', 'blocks' : {}}
|
||||
|
||||
if not ((data is None) or (len(str(data).strip()) == 0)):
|
||||
try:
|
||||
decoded = json.loads(data)
|
||||
|
||||
type = None
|
||||
signer = None
|
||||
signed = None
|
||||
parent = None
|
||||
reverse = False
|
||||
limit = None
|
||||
|
||||
for key in decoded:
|
||||
val = decoded[key]
|
||||
|
||||
key = key.lower()
|
||||
|
||||
if key == 'type':
|
||||
type = str(val)
|
||||
elif key == 'signer':
|
||||
if isinstance(val, list):
|
||||
signer = val
|
||||
else:
|
||||
signer = str(val)
|
||||
elif key == 'signed':
|
||||
signed = (str(val).lower() == 'true')
|
||||
elif key == 'parent':
|
||||
parent = str(val)
|
||||
elif key == 'reverse':
|
||||
reverse = (str(val).lower() == 'true')
|
||||
elif key == 'limit':
|
||||
limit = 10000
|
||||
|
||||
if val is None:
|
||||
val = limit
|
||||
|
||||
limit = min(limit, int(val))
|
||||
|
||||
blockObjects = Block.getBlocks(type = type, signer = signer, signed = signed, parent = parent, reverse = reverse, limit = limit)
|
||||
|
||||
logger.debug('%s results for query %s' % (len(blockObjects), decoded))
|
||||
|
||||
blocks = list()
|
||||
|
||||
for block in blockObjects:
|
||||
blocks.append({
|
||||
'hash' : block.getHash(),
|
||||
'type' : block.getType(),
|
||||
'content' : block.getContent(),
|
||||
'signature' : block.getSignature(),
|
||||
'signedData' : block.getSignedData(),
|
||||
'signed' : block.isSigned(),
|
||||
'valid' : block.isValid(),
|
||||
'date' : (int(block.getDate().strftime("%s")) if not block.getDate() is None else None),
|
||||
'parent' : (block.getParent().getHash() if not block.getParent() is None else None),
|
||||
'metadata' : block.getMetadata(),
|
||||
'header' : block.getHeader()
|
||||
})
|
||||
|
||||
response['success'] = True
|
||||
response['blocks'] = blocks
|
||||
response['reason'] = 'Success'
|
||||
except Exception as e:
|
||||
logger.warn('searchBlock api request failed', error = e)
|
||||
logger.debug('Here\'s the request: %s' % data)
|
||||
else:
|
||||
response = {'success' : False, 'reason' : 'Missing `data` parameter.', 'blocks' : {}}
|
||||
|
||||
resp = Response(json.dumps(response), mimetype='text/plain')
|
||||
|
||||
elif action in API.callbacks['private']:
|
||||
resp = Response(str(getCallback(action, scope = 'private')(request)), mimetype='text/plain')
|
||||
else:
|
||||
resp = Response('invalid command')
|
||||
endTime = math.floor(time.time())
|
||||
elapsed = endTime - startTime
|
||||
|
||||
# if bypass token not used, delay response to prevent timing attacks
|
||||
if not hmac.compare_digest(timingToken, self.timeBypassToken):
|
||||
if elapsed < self._privateDelayTime:
|
||||
time.sleep(self._privateDelayTime - elapsed)
|
||||
|
||||
return resp
|
||||
self.publicAPI = None # gets set when the thread calls our setter... bad hack but kinda necessary with flask
|
||||
threading.Thread(target=PublicAPI, args=(self,)).start()
|
||||
self.host = setBindIP(self._core.privateApiHostFile)
|
||||
logger.info('Running api on %s:%s' % (self.host, self.bindPort))
|
||||
self.httpServer = ''
|
||||
|
||||
@app.route('/')
|
||||
def banner():
|
||||
self.validateHost('public')
|
||||
try:
|
||||
with open('static-data/index.html', 'r') as html:
|
||||
resp = Response(html.read(), mimetype='text/html')
|
||||
except FileNotFoundError:
|
||||
resp = Response("")
|
||||
return resp
|
||||
def hello():
|
||||
return Response("hello client")
|
||||
|
||||
@app.route('/public/upload/', methods=['POST'])
|
||||
def blockUpload():
|
||||
self.validateHost('public')
|
||||
resp = 'failure'
|
||||
@app.route('/shutdown')
|
||||
def shutdown():
|
||||
try:
|
||||
data = request.form['block']
|
||||
except KeyError:
|
||||
logger.warn('No block specified for upload')
|
||||
pass
|
||||
else:
|
||||
if sys.getsizeof(data) < 100000000:
|
||||
try:
|
||||
if blockimporter.importBlockFromData(data, self._core):
|
||||
resp = 'success'
|
||||
else:
|
||||
logger.warn('Error encountered importing uploaded block')
|
||||
except onionrexceptions.BlacklistedBlock:
|
||||
logger.debug('uploaded block is blacklisted')
|
||||
pass
|
||||
|
||||
resp = Response(resp)
|
||||
return resp
|
||||
|
||||
@app.route('/public/announce/', methods=['POST'])
|
||||
def acceptAnnounce():
|
||||
self.validateHost('public')
|
||||
resp = 'failure'
|
||||
powHash = ''
|
||||
randomData = ''
|
||||
newNode = ''
|
||||
ourAdder = self._core.hsAddress.encode()
|
||||
try:
|
||||
newNode = request.form['node'].encode()
|
||||
except KeyError:
|
||||
logger.warn('No block specified for upload')
|
||||
pass
|
||||
else:
|
||||
try:
|
||||
randomData = request.form['random']
|
||||
randomData = base64.b64decode(randomData)
|
||||
except KeyError:
|
||||
logger.warn('No random data specified for upload')
|
||||
else:
|
||||
nodes = newNode + self._core.hsAddress.encode()
|
||||
nodes = self._core._crypto.blake2bHash(nodes)
|
||||
powHash = self._core._crypto.blake2bHash(randomData + nodes)
|
||||
try:
|
||||
powHash = powHash.decode()
|
||||
self.publicAPI.httpServer.stop()
|
||||
self.httpServer.stop()
|
||||
except AttributeError:
|
||||
pass
|
||||
if powHash.startswith('0000'):
|
||||
try:
|
||||
newNode = newNode.decode()
|
||||
except AttributeError:
|
||||
pass
|
||||
if self._core.addAddress(newNode):
|
||||
resp = 'Success'
|
||||
else:
|
||||
logger.warn(newNode.decode() + ' failed to meet POW: ' + powHash)
|
||||
resp = Response(resp)
|
||||
return resp
|
||||
return Response("bye")
|
||||
|
||||
@app.route('/public/')
|
||||
def public_handler():
|
||||
# Public means it is publicly network accessible
|
||||
self.validateHost('public')
|
||||
if config.get('general.security_level') != 0:
|
||||
abort(403)
|
||||
action = request.args.get('action')
|
||||
requestingPeer = request.args.get('myID')
|
||||
data = request.args.get('data')
|
||||
try:
|
||||
data = data
|
||||
except:
|
||||
data = ''
|
||||
self.httpServer = WSGIServer((self.host, bindPort), app, log=None)
|
||||
self.httpServer.serve_forever()
|
||||
|
||||
events.event('webapi_public', onionr = None, data = {'action' : action, 'data' : data, 'requestingPeer' : requestingPeer, 'request' : request})
|
||||
def setPublicAPIInstance(self, inst):
|
||||
assert isinstance(inst, PublicAPI)
|
||||
self.publicAPI = inst
|
||||
|
||||
if action == 'firstConnect':
|
||||
pass
|
||||
elif action == 'ping':
|
||||
resp = Response("pong!")
|
||||
elif action == 'getSymmetric':
|
||||
resp = Response(self._crypto.generateSymmetric())
|
||||
elif action == 'getDBHash':
|
||||
resp = Response(self._utils.getBlockDBHash())
|
||||
elif action == 'getBlockHashes':
|
||||
bList = self._core.getBlockList()
|
||||
for b in self.hideBlocks:
|
||||
if b in bList:
|
||||
bList.remove(b)
|
||||
resp = Response('\n'.join(bList))
|
||||
# setData should be something the communicator initiates, not this api
|
||||
elif action == 'getData':
|
||||
resp = ''
|
||||
if self._utils.validateHash(data):
|
||||
if data not in self.hideBlocks:
|
||||
if os.path.exists(self._core.dataDir + 'blocks/' + data + '.dat'):
|
||||
block = Block(hash=data.encode(), core=self._core)
|
||||
resp = base64.b64encode(block.getRaw().encode()).decode()
|
||||
if len(resp) == 0:
|
||||
abort(404)
|
||||
resp = ""
|
||||
resp = Response(resp)
|
||||
elif action == 'pex':
|
||||
response = ','.join(self._core.listAdders())
|
||||
if len(response) == 0:
|
||||
response = 'none'
|
||||
resp = Response(response)
|
||||
elif action == 'kex':
|
||||
peers = self._core.listPeers(getPow=True)
|
||||
response = ','.join(peers)
|
||||
resp = Response(response)
|
||||
elif action in API.callbacks['public']:
|
||||
resp = Response(str(getCallback(action, scope = 'public')(request)))
|
||||
else:
|
||||
resp = Response("")
|
||||
|
||||
return resp
|
||||
|
||||
@app.errorhandler(404)
|
||||
def notfound(err):
|
||||
self.requestFailed = True
|
||||
resp = Response("")
|
||||
|
||||
return resp
|
||||
|
||||
@app.errorhandler(403)
|
||||
def authFail(err):
|
||||
self.requestFailed = True
|
||||
resp = Response("403")
|
||||
return resp
|
||||
|
||||
@app.errorhandler(401)
|
||||
def clientError(err):
|
||||
self.requestFailed = True
|
||||
resp = Response("Invalid request")
|
||||
|
||||
return resp
|
||||
|
||||
logger.info('Starting client on ' + self.host + ':' + str(bindPort), timestamp=False)
|
||||
|
||||
try:
|
||||
while len(self._core.hsAddress) == 0:
|
||||
self._core.refreshFirstStartVars()
|
||||
time.sleep(0.5)
|
||||
self.http_server = WSGIServer((self.host, bindPort), app, log=None)
|
||||
self.http_server.serve_forever()
|
||||
except KeyboardInterrupt:
|
||||
pass
|
||||
except Exception as e:
|
||||
logger.error(str(e))
|
||||
logger.fatal('Failed to start client on ' + self.host + ':' + str(bindPort) + ', exiting...')
|
||||
|
||||
def validateHost(self, hostType):
|
||||
def validateToken(self, token):
|
||||
'''
|
||||
Validate various features of the request including:
|
||||
|
||||
If private (/client/), is the host header local?
|
||||
If public (/public/), is the host header onion or i2p?
|
||||
|
||||
Was X-Request-With used?
|
||||
Validate that the client token matches the given token
|
||||
'''
|
||||
if self.debug:
|
||||
return
|
||||
# Validate host header, to protect against DNS rebinding attacks
|
||||
host = self.host
|
||||
if hostType == 'private':
|
||||
if not request.host.startswith('127') and not self._utils.checkIsIP(request.host):
|
||||
abort(403)
|
||||
elif hostType == 'public':
|
||||
if not request.host.endswith('onion') and not request.host.endswith('i2p'):
|
||||
abort(403)
|
||||
# Validate x-requested-with, to protect against CSRF/metadata leaks
|
||||
|
||||
if not self.i2pEnabled and request.host.endswith('i2p'):
|
||||
abort(403)
|
||||
|
||||
'''
|
||||
if not self._developmentMode:
|
||||
try:
|
||||
request.headers['X-Requested-With']
|
||||
except:
|
||||
pass
|
||||
# we exit rather than abort to avoid fingerprinting
|
||||
logger.debug('Avoiding fingerprinting, exiting...')
|
||||
#sys.exit(1)
|
||||
'''
|
||||
|
||||
def setCallback(action, callback, scope = 'public'):
|
||||
if not scope in API.callbacks:
|
||||
if len(self.clientToken) == 0:
|
||||
logger.error("client password needs to be set")
|
||||
return False
|
||||
|
||||
API.callbacks[scope][action] = callback
|
||||
|
||||
return True
|
||||
|
||||
def removeCallback(action, scope = 'public'):
|
||||
if (not scope in API.callbacks) or (not action in API.callbacks[scope]):
|
||||
try:
|
||||
if not hmac.compare_digest(self.clientToken, token):
|
||||
return False
|
||||
|
||||
del API.callbacks[scope][action]
|
||||
|
||||
else:
|
||||
return True
|
||||
|
||||
def getCallback(action, scope = 'public'):
|
||||
if (not scope in API.callbacks) or (not action in API.callbacks[scope]):
|
||||
return None
|
||||
|
||||
return API.callbacks[scope][action]
|
||||
|
||||
def getCallbacks(scope = None):
|
||||
if (not scope is None) and (scope in API.callbacks):
|
||||
return API.callbacks[scope]
|
||||
|
||||
return API.callbacks
|
||||
except TypeError:
|
||||
return False
|
@ -30,7 +30,7 @@ def getOpenPort():
|
||||
p = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
p.bind(("127.0.0.1",0))
|
||||
p.listen(1)
|
||||
port = s.getsockname()[1]
|
||||
port = p.getsockname()[1]
|
||||
p.close()
|
||||
return port
|
||||
|
||||
@ -43,9 +43,9 @@ def getRandomLocalIP():
|
||||
class APIManager:
|
||||
def __init__(self, coreInst):
|
||||
assert isinstance(coreInst, core.Core)
|
||||
self.core = core
|
||||
self.utils = core._utils
|
||||
self.crypto = core._crypto
|
||||
self.core = coreInst
|
||||
self.utils = coreInst._utils
|
||||
self.crypto = coreInst._crypto
|
||||
|
||||
# if this gets set to true, both the public and private apis will shutdown
|
||||
self.shutdown = False
|
||||
@ -63,12 +63,12 @@ class APIManager:
|
||||
# Make official the IPs and Ports
|
||||
self.publicIP = publicIP
|
||||
self.privateIP = privateIP
|
||||
self.publicPort = getOpenPort()
|
||||
self.privatePort = getOpenPort()
|
||||
self.publicPort = config.get('client.port', 59496)
|
||||
self.privatePort = config.get('client.port', 59496)
|
||||
|
||||
# Run the API servers in new threads
|
||||
self.publicAPI = apipublic.APIPublic()
|
||||
self.privateAPI = apiprivate.privateAPI()
|
||||
self.publicAPI = apipublic.APIPublic(self)
|
||||
self.privateAPI = apiprivate.APIPrivate(self)
|
||||
threading.Thread(target=self.publicAPI.run).start()
|
||||
threading.Thread(target=self.privateAPI.run).start()
|
||||
while not self.shutdown:
|
||||
|
@ -21,11 +21,20 @@ import flask, apimanager
|
||||
from flask import request, Response, abort, send_from_directory
|
||||
from gevent.pywsgi import WSGIServer
|
||||
|
||||
|
||||
class APIPublic:
|
||||
def __init__(self, managerInst):
|
||||
assert isinstance(managerInst, apimanager.APIManager)
|
||||
self.app = flask.Flask(__name__) # The flask application, which recieves data from the greenlet wsgiserver
|
||||
self.httpServer = WSGIServer((managerInst.publicIP, managerInst.publicPort), self.app, log=None)
|
||||
app = flask.Flask(__name__)
|
||||
@app.route('/')
|
||||
def banner():
|
||||
try:
|
||||
with open('static-data/index.html', 'r') as html:
|
||||
resp = Response(html.read(), mimetype='text/html')
|
||||
except FileNotFoundError:
|
||||
resp = Response("")
|
||||
return resp
|
||||
self.httpServer = WSGIServer((managerInst.publicIP, managerInst.publicPort), app)
|
||||
|
||||
def run(self):
|
||||
self.httpServer.serve_forever()
|
||||
|
@ -19,6 +19,8 @@
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
'''
|
||||
import gevent.monkey
|
||||
gevent.monkey.patch_all()
|
||||
import sys, os, core, config, json, requests, time, logger, threading, base64, onionr, uuid
|
||||
import onionrexceptions, onionrpeers, onionrevents as events, onionrplugins as plugins, onionrblockapi as block
|
||||
import onionrdaemontools, onionrsockets, onionrchat, onionr, onionrproofs
|
||||
|
@ -49,6 +49,8 @@ class Core:
|
||||
self.peerDB = self.dataDir + 'peers.db'
|
||||
self.blockDB = self.dataDir + 'blocks.db'
|
||||
self.blockDataLocation = self.dataDir + 'blocks/'
|
||||
self.publicApiHostFile = self.dataDir + 'public-host.txt'
|
||||
self.privateApiHostFile = self.dataDir + 'private-host.txt'
|
||||
self.addressDB = self.dataDir + 'address.db'
|
||||
self.hsAddress = ''
|
||||
self.bootstrapFileLocation = 'static-data/bootstrap-nodes.txt'
|
||||
|
@ -18,10 +18,19 @@
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
'''
|
||||
|
||||
import subprocess, os, random, sys, logger, time, signal, config, base64
|
||||
import subprocess, os, random, sys, logger, time, signal, config, base64, socket
|
||||
from stem.control import Controller
|
||||
from onionrblockapi import Block
|
||||
from dependencies import secrets
|
||||
|
||||
def getOpenPort():
|
||||
# taken from (but modified) https://stackoverflow.com/a/2838309
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
s.bind(("127.0.0.1",0))
|
||||
s.listen(1)
|
||||
port = s.getsockname()[1]
|
||||
s.close()
|
||||
return port
|
||||
class NetController:
|
||||
'''
|
||||
This class handles hidden service setup on Tor and I2P
|
||||
@ -37,7 +46,7 @@ class NetController:
|
||||
|
||||
self.torConfigLocation = self.dataDir + 'torrc'
|
||||
self.readyState = False
|
||||
self.socksPort = random.randint(1024, 65535)
|
||||
self.socksPort = getOpenPort()
|
||||
self.hsPort = hsPort
|
||||
self._torInstnace = ''
|
||||
self.myID = ''
|
||||
@ -78,7 +87,7 @@ class NetController:
|
||||
config.set('tor.controlpassword', plaintext, savefile=True)
|
||||
config.set('tor.socksport', self.socksPort, savefile=True)
|
||||
|
||||
controlPort = random.randint(1025, 65535)
|
||||
controlPort = getOpenPort()
|
||||
|
||||
config.set('tor.controlPort', controlPort, savefile=True)
|
||||
|
||||
|
@ -20,7 +20,8 @@
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
'''
|
||||
|
||||
import gevent.monkey
|
||||
gevent.monkey.patch_all()
|
||||
import sys
|
||||
if sys.version_info[0] == 2 or sys.version_info[1] < 5:
|
||||
print('Error, Onionr requires Python 3.5+')
|
||||
@ -28,8 +29,9 @@ if sys.version_info[0] == 2 or sys.version_info[1] < 5:
|
||||
import os, base64, random, getpass, shutil, subprocess, requests, time, platform, datetime, re, json, getpass, sqlite3
|
||||
import webbrowser
|
||||
from threading import Thread
|
||||
import api, apimanager, core, config, logger, onionrplugins as plugins, onionrevents as events
|
||||
import api, core, config, logger, onionrplugins as plugins, onionrevents as events
|
||||
import onionrutils
|
||||
import netcontroller
|
||||
from netcontroller import NetController
|
||||
from onionrblockapi import Block
|
||||
import onionrproofs, onionrexceptions, onionrusers
|
||||
@ -105,11 +107,12 @@ class Onionr:
|
||||
# Get configuration
|
||||
if type(config.get('client.webpassword')) is type(None):
|
||||
config.set('client.webpassword', base64.b16encode(os.urandom(32)).decode('utf-8'), savefile=True)
|
||||
if type(config.get('client.port')) is type(None):
|
||||
randomPort = 0
|
||||
while randomPort < 1024:
|
||||
randomPort = self.onionrCore._crypto.secrets.randbelow(65535)
|
||||
config.set('client.port', randomPort, savefile=True)
|
||||
if type(config.get('client.client.port')) is type(None):
|
||||
randomPort = netcontroller.getOpenPort()
|
||||
config.set('client.client.port', randomPort, savefile=True)
|
||||
if type(config.get('client.public.port')) is type(None):
|
||||
randomPort = netcontroller.getOpenPort()
|
||||
config.set('client.public.port', randomPort, savefile=True)
|
||||
if type(config.get('client.participate')) is type(None):
|
||||
config.set('client.participate', True, savefile=True)
|
||||
if type(config.get('client.api_version')) is type(None):
|
||||
@ -705,10 +708,6 @@ class Onionr:
|
||||
os.remove('data/.runcheck')
|
||||
|
||||
apiTarget = api.API
|
||||
if config.get('general.use_new_api_server', False):
|
||||
apiTarget = apimanager.APIManager
|
||||
apiThread = Thread(target = apiTarget, args = (self.onionrCore))
|
||||
else:
|
||||
apiThread = Thread(target = apiTarget, args = (self.debug, API_VERSION))
|
||||
apiThread.start()
|
||||
|
||||
@ -722,7 +721,7 @@ class Onionr:
|
||||
apiHost = '127.0.0.1'
|
||||
if apiThread.isAlive():
|
||||
try:
|
||||
with open(self.onionrCore.dataDir + 'host.txt', 'r') as hostFile:
|
||||
with open(self.onionrCore.publicApiHostFile, 'r') as hostFile:
|
||||
apiHost = hostFile.read()
|
||||
except FileNotFoundError:
|
||||
pass
|
||||
@ -730,7 +729,7 @@ class Onionr:
|
||||
|
||||
if self._developmentMode:
|
||||
logger.warn('DEVELOPMENT MODE ENABLED (LESS SECURE)', timestamp = False)
|
||||
net = NetController(config.get('client.port', 59496), apiServerIP=apiHost)
|
||||
net = NetController(config.get('client.public.port', 59497), apiServerIP=apiHost)
|
||||
logger.debug('Tor is starting...')
|
||||
if not net.startTor():
|
||||
self.onionrUtils.localCommand('shutdown')
|
||||
|
@ -160,13 +160,17 @@ class OnionrUtils:
|
||||
self.getTimeBypassToken()
|
||||
# TODO: URL encode parameters, just as an extra measure. May not be needed, but should be added regardless.
|
||||
try:
|
||||
with open(self._core.dataDir + 'host.txt', 'r') as host:
|
||||
with open(self._core.privateApiHostFile, 'r') as host:
|
||||
hostname = host.read()
|
||||
except FileNotFoundError:
|
||||
return False
|
||||
payload = 'http://%s:%s/client/?action=%s&token=%s&timingToken=%s' % (hostname, config.get('client.port'), command, config.get('client.webpassword'), self.timingToken)
|
||||
if data != '':
|
||||
payload += '&data=' + urllib.parse.quote_plus(data)
|
||||
data = '&data=' + urllib.parse.quote_plus(data)
|
||||
payload = 'http://%s:%s/%s%s' % (hostname, config.get('client.client.port'), command, data)
|
||||
logger.info(payload)
|
||||
#payload = 'http://%s:%s/client/?action=%s&token=%s&timingToken=%s' % (hostname, config.get('client.client.port'), command, config.get('client.webpassword'), self.timingToken)
|
||||
#if data != '':
|
||||
# payload += '&data=' + urllib.parse.quote_plus(data)
|
||||
try:
|
||||
retData = requests.get(payload).text
|
||||
except Exception as error:
|
||||
|
@ -7,7 +7,8 @@
|
||||
"socket_servers": false,
|
||||
"security_level": 0,
|
||||
"max_block_age": 2678400,
|
||||
"public_key": ""
|
||||
"public_key": "",
|
||||
"use_new_api_server": false
|
||||
},
|
||||
|
||||
"www" : {
|
||||
|
Loading…
Reference in New Issue
Block a user