kev
/
Onionr
1
0
Fork 0
Code Issues 24 Pull Requests Projects Releases 2 Wiki Activity

Added API check in requests

This commit is contained in:
Kevin 2018-10-26 22:29:25 -05:00
parent 3da06339f6
commit c073020b80
4 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
onionr/api.py
View File

@ -22,7 +22,7 @@ from flask import request, Response, abort, send_from_directory
from multiprocessing import Process from multiprocessing import Process
from gevent.pywsgi import WSGIServer from gevent.pywsgi import WSGIServer
import sys, random, threading, hmac, hashlib, base64, time, math, os, json import sys, random, threading, hmac, hashlib, base64, time, math, os, json
from core import Core import core
from onionrblockapi import Block from onionrblockapi import Block
import onionrutils, onionrexceptions, onionrcrypto, blockimporter, onionrevents as events, logger, config import onionrutils, onionrexceptions, onionrcrypto, blockimporter, onionrevents as events, logger, config
@ -69,7 +69,7 @@ class API:
logger.debug('%s not in %s' % (path, mimetypes)) logger.debug('%s not in %s' % (path, mimetypes))
return 'text/plain' return 'text/plain'
def __init__(self, debug): def __init__(self, debug, API_VERSION):
''' '''
Initialize the api server, preping variables for later use Initialize the api server, preping variables for later use
@ -88,7 +88,7 @@ class API:
self.debug = debug self.debug = debug
self._privateDelayTime = 3 self._privateDelayTime = 3
self._core = Core() self._core = core.Core()
self._crypto = onionrcrypto.OnionrCrypto(self._core) self._crypto = onionrcrypto.OnionrCrypto(self._core)
self._utils = onionrutils.OnionrUtils(self._core) self._utils = onionrutils.OnionrUtils(self._core)
app = flask.Flask(__name__) app = flask.Flask(__name__)
@ -133,7 +133,7 @@ class API:
resp.headers["Content-Security-Policy"] = "default-src 'none'; script-src 'none'; object-src 'none'; style-src data: 'unsafe-inline'; img-src data:; media-src 'none'; frame-src 'none'; font-src 'none'; connect-src 'none'" resp.headers["Content-Security-Policy"] = "default-src 'none'; script-src 'none'; object-src 'none'; style-src data: 'unsafe-inline'; img-src data:; media-src 'none'; frame-src 'none'; font-src 'none'; connect-src 'none'"
resp.headers['X-Frame-Options'] = 'deny' resp.headers['X-Frame-Options'] = 'deny'
resp.headers['X-Content-Type-Options'] = "nosniff" resp.headers['X-Content-Type-Options'] = "nosniff"
resp.headers['server'] = 'Onionr' resp.headers['api'] = API_VERSION
# reset to text/plain to help prevent browser attacks # reset to text/plain to help prevent browser attacks
self.mimeType = 'text/plain' self.mimeType = 'text/plain'

5
onionr/onionr.py
View File

@ -30,7 +30,6 @@ import webbrowser
from threading import Thread from threading import Thread
import api, core, config, logger, onionrplugins as plugins, onionrevents as events import api, core, config, logger, onionrplugins as plugins, onionrevents as events
import onionrutils import onionrutils
from onionrutils import OnionrUtils
from netcontroller import NetController from netcontroller import NetController
from onionrblockapi import Block from onionrblockapi import Block
import onionrproofs, onionrexceptions, onionrusers import onionrproofs, onionrexceptions, onionrusers
@ -98,7 +97,7 @@ class Onionr:
logger.set_level(logger.LEVEL_INFO) logger.set_level(logger.LEVEL_INFO)
self.onionrCore = core.Core() self.onionrCore = core.Core()
self.onionrUtils = OnionrUtils(self.onionrCore) self.onionrUtils = onionrutils.OnionrUtils(self.onionrCore)
# Handle commands # Handle commands
@ -636,7 +635,7 @@ class Onionr:
''' '''
communicatorDaemon = './communicator2.py' communicatorDaemon = './communicator2.py'
apiThread = Thread(target=api.API, args=(self.debug,)) apiThread = Thread(target=api.API, args=(self.debug,API_VERSION))
apiThread.start() apiThread.start()
try: try:
time.sleep(3) time.sleep(3)

3
onionr/onionrexceptions.py
View File

@ -65,6 +65,9 @@ class MissingPort(Exception):
class InvalidAddress(Exception): class InvalidAddress(Exception):
pass pass
class InvalidAPIVersion(Exception):
pass
# file exceptions # file exceptions
class DiskAllocationReached(Exception): class DiskAllocationReached(Exception):

6
onionr/onionrutils.py
View File

@ -22,6 +22,7 @@ import getpass, sys, requests, os, socket, hashlib, logger, sqlite3, config, bin
import nacl.signing, nacl.encoding import nacl.signing, nacl.encoding
from onionrblockapi import Block from onionrblockapi import Block
import onionrexceptions import onionrexceptions
from onionr import API_VERSION
from defusedxml import minidom from defusedxml import minidom
import onionrevents import onionrevents
import pgpwords, onionrusers, storagecounter import pgpwords, onionrusers, storagecounter
@ -614,11 +615,16 @@ class OnionrUtils:
try: try:
proxies = {'http': 'socks4a://127.0.0.1:' + str(port), 'https': 'socks4a://127.0.0.1:' + str(port)} proxies = {'http': 'socks4a://127.0.0.1:' + str(port), 'https': 'socks4a://127.0.0.1:' + str(port)}
r = requests.get(url, headers=headers, proxies=proxies, allow_redirects=False, timeout=(15, 30)) r = requests.get(url, headers=headers, proxies=proxies, allow_redirects=False, timeout=(15, 30))
# Check server is using same API version as us
if r.headers['api'] != str(API_VERSION):
raise onionrexceptions.InvalidAPIVersion
retData = r.text retData = r.text
except KeyboardInterrupt: except KeyboardInterrupt:
raise KeyboardInterrupt raise KeyboardInterrupt
except ValueError as e: except ValueError as e:
logger.debug('Failed to make request', error = e) logger.debug('Failed to make request', error = e)
except onionrexceptions.InvalidAPIVersion:
logger.debug("Node is using different API version :(")
except requests.exceptions.RequestException as e: except requests.exceptions.RequestException as e:
if not 'ConnectTimeoutError' in str(e) and not 'Request rejected or failed' in str(e): if not 'ConnectTimeoutError' in str(e) and not 'Request rejected or failed' in str(e):
logger.debug('Error: %s' % str(e)) logger.debug('Error: %s' % str(e))