Browse Source

Cleaning up transport remnants

newtransport
Kevin F 1 week ago
parent
commit
cb647daa85
  1. 1
      src/coredb/keydb/addkeys.py
  2. 2
      src/httpapi/security/__init__.py
  3. 88
      src/httpapi/security/public.py
  4. 40
      src/onionrcommands/keyadders.py
  5. 36
      src/onionrcommands/motdcreator.py
  6. 8
      src/onionrcommands/onionrstatistics.py
  7. 34
      src/onionrcommands/parser/arguments.py
  8. 61
      src/onionrcommands/resettor.py
  9. 31
      src/onionrcommands/togglebootstrap.py
  10. 2
      src/onionrtypes/__init__.py
  11. 3
      src/runtests/__init__.py
  12. 54
      src/runtests/ownnode.py
  13. 30
      src/utils/gethostname.py
  14. 59
      src/utils/gettransports.py
  15. 39
      src/utils/netutils.py
  16. 45
      src/utils/networkmerger.py

1
src/coredb/keydb/addkeys.py

@ -5,7 +5,6 @@ add user keys or transport addresses
import sqlite3
from onionrutils import stringvalidators
from . import listkeys
from utils import gettransports
from .. import dbfiles
import onionrcrypto
from etc import onionrvalues

2
src/httpapi/security/__init__.py

@ -1 +1 @@
from . import client, public
from . import client

88
src/httpapi/security/public.py

@ -1,88 +0,0 @@
"""Onionr - Private P2P Communication.
Process incoming requests to the public api server for certain attacks
"""
from flask import Blueprint, request, abort, g
from httpapi import httpheaders
from onionrutils import epoch
from utils import gettransports
"""
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
"""
class PublicAPISecurity:
def __init__(self, public_api):
public_api_security_bp = Blueprint('publicapisecurity', __name__)
self.public_api_security_bp = public_api_security_bp
@public_api_security_bp.before_app_request
def validate_request():
"""Validate request has the correct hostname"""
# If high security level, deny requests to public
# (HS should be disabled anyway for Tor, but might not be for I2P)
g.is_onionr_client = False
transports = gettransports.get()
if public_api.config.get('general.security_level', default=1) > 0:
abort(403)
if request.host not in transports:
# Abort conn if wrong HTTP hostname, to prevent DNS rebinding
if not public_api.config.get(
'general.allow_public_api_dns_rebinding', False):
abort(403)
public_api.hitCount += 1 # raise hit count for valid requests
try:
if 'onionr' in request.headers['User-Agent'].lower():
g.is_onionr_client = True
else:
g.is_onionr_client = False
except KeyError:
g.is_onionr_client = False
# Add shared objects
try:
g.too_many = public_api._too_many
except KeyError:
g.too_many = None
@public_api_security_bp.after_app_request
def send_headers(resp):
"""Send api, access control headers"""
resp = httpheaders.set_default_onionr_http_headers(resp)
# Network API version
resp.headers['X-API'] = public_api.API_VERSION
resp.headers['Access-Control-Allow-Origin'] = "*"
resp.headers['Access-Control-Allow-Headers'] = "*"
resp.headers['Access-Control-Allow-Methods'] = "POST, GET, OPTIONS"
# Delete some HTTP headers for Onionr user agents
NON_NETWORK_HEADERS = (
'Content-Security-Policy', 'X-Frame-Options',
'X-Content-Type-Options', 'Feature-Policy',
'Clear-Site-Data', 'Referrer-Policy',
'Access-Control-Allow-Origin', 'Access-Control-Allow-Headers',
'Access-Control-Allow-Methods')
# For other nodes, we don't need to waste bits on the above headers
try:
if g.is_onionr_client:
for header in NON_NETWORK_HEADERS:
del resp.headers[header]
else:
del resp.headers['X-API']
except AttributeError:
abort(403)
public_api.lastRequest = epoch.get_rounded_epoch(roundS=5)
return resp

40
src/onionrcommands/keyadders.py

@ -1,40 +0,0 @@
"""Onionr - Private P2P Communication.
add keys (transport and pubkey)
"""
import sys
import logger
from coredb import keydb
"""
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
"""
def add_address():
"""Command to add a peer address from either an arg or stdin."""
try:
newAddress = sys.argv[2]
newAddress = newAddress.replace('http:', '').replace('/', '')
except IndexError:
pass
else:
logger.info("Adding address: " + logger.colors.underline + newAddress,
terminal=True)
if keydb.addkeys.add_address(newAddress):
logger.info("Successfully added address.", terminal=True)
else:
logger.warn("Unable to add address.", terminal=True)
add_address.onionr_help = "Adds a node transport address" # type: ignore

36
src/onionrcommands/motdcreator.py

@ -1,36 +0,0 @@
"""Onionr - Private P2P Communication.
Command to make new network-wide MOTD message. Only network admin can do this
The key is set in onionrvalues
"""
import onionrblocks
"""
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
"""
def motd_creator():
"""Create a new MOTD message for the Onionr network."""
motd = ''
new = ''
print('Enter a new MOTD, quit on a new line:')
while new != 'quit':
new = input() # nosec B323
if new != 'quit':
motd += new
bl = onionrblocks.insert(motd, header='motd', sign=True)
print(f"inserted in {bl}")
motd_creator.onionr_help = "Create a new MOTD for the network" # type: ignore

8
src/onionrcommands/onionrstatistics.py

@ -6,7 +6,7 @@ import os
import logger
from onionrblocks import onionrblacklist
from onionrutils import mnemonickeys
from utils import sizeutils, gethostname, getconsolewidth, identifyhome
from utils import sizeutils, getconsolewidth, identifyhome
from coredb import blockmetadb, keydb
import onionrcrypto
import config
@ -67,8 +67,6 @@ def show_stats():
# count stats
'div2': True,
'Known Peers (nodes)':
str(max(len(keydb.listkeys.list_adders()) - 1, 0)),
'Enabled Plugins':
str(len(config.get('plugins.enabled', list()))) + ' / ' +
str(len(os.listdir(home + 'plugins/'))),
@ -135,7 +133,6 @@ def show_details():
"""
details = {
'Data directory': identifyhome.identify_home(),
'Node Address': gethostname.get_hostname(),
'Public Key': onionrcrypto.pub_key.replace('=', ''),
'Human-readable Public Key': mnemonickeys.get_human_readable_ID()
}
@ -147,8 +144,7 @@ def show_details():
show_details.onionr_help = "Shows relevant information " # type: ignore
show_details.onionr_help += "for your Onionr install: node " # type: ignore
show_details.onionr_help += "address, and active public key." # type: ignore
show_details.onionr_help += "for your Onionr install:"
show_stats.onionr_help = "Shows statistics for your Onionr " # type: ignore
show_stats.onionr_help += "node. Slow if Onionr is not running" # type: ignore

34
src/onionrcommands/parser/arguments.py

@ -4,37 +4,34 @@ Sets CLI arguments for Onionr
"""
from typing import Callable
from .. import onionrstatistics, version, daemonlaunch, keyadders
from .. import onionrstatistics, version, daemonlaunch
from .. import openwebinterface
from .. import banblocks # Command to blacklist a block by its hash
from .. import filecommands # commands to share files with onionr
from .. import exportblocks # commands to export blocks
from .. import pubkeymanager # commands to add or change id
from .. import resettor # cmds to reset the tor data folder/transport keypair
from .. import resetplugins # command to reinstall default plugins
from .. import softreset # command to delete onionr blocks
from .. import restartonionr # command to restart Onionr
from .. import runtimetestcmd # cmd to execute the runtime integration tests
from .. import motdcreator # cmd to generate new Onionr MOTDs
from .. import sitecreator # cmd to create multi-page sites
from .. import togglebootstrap # cmd to toggle bootstrap file usage
from ..listsites import print_site_list # cmd to list list ids
import onionrexceptions
from onionrutils import importnewblocks # func to import new blocks
"""
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
"""
@ -53,7 +50,6 @@ def get_arguments() -> dict:
('start', 'daemon'): daemonlaunch.start,
('stop', 'kill'): daemonlaunch.kill_daemon,
('restart',): restartonionr.restart,
('add-address', 'addaddress', 'addadder'): keyadders.add_address,
('openhome', 'gui', 'openweb',
'open-home', 'open-web'): openwebinterface.open_home,
('get-url', 'url', 'get-web'): openwebinterface.get_url,
@ -69,15 +65,9 @@ def get_arguments() -> dict:
('addid', 'add-id'): pubkeymanager.add_ID,
('changeid', 'change-id'): pubkeymanager.change_ID,
('add-vanity', 'addvanity'): pubkeymanager.add_vanity,
('resettor', 'reset-tor'): resettor.reset_tor,
('resetplugins', 'reset-plugins'): resetplugins.reset,
('reset-tor-node-transport',): resettor.reset_tor_key_pair,
('soft-reset', 'softreset'): softreset.soft_reset,
('toggle-bootstrap', 'togglebootstrap'):
togglebootstrap.toggle_bootstrap_config,
('runtime-test', 'runtimetest'): runtimetestcmd.do_runtime_test,
('makemotd', 'make-motd'): motdcreator.motd_creator
('runtime-test', 'runtimetest'): runtimetestcmd.do_runtime_test
}
return args

61
src/onionrcommands/resettor.py

@ -1,61 +0,0 @@
"""Onionr - Private P2P Communication.
Command to delete the Tor data directory if its safe to do so
"""
import os
import shutil
import logger
from onionrutils import localcommand
from utils import identifyhome
"""
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
"""
def __delete(directory):
tor_dir = '%s/%s/' % (identifyhome.identify_home(), directory)
if os.path.exists(tor_dir):
if localcommand.local_command('/ping') == 'pong!':
logger.warn(
'Cannot delete Tor data while Onionr is running',
terminal=True)
else:
shutil.rmtree(tor_dir)
logger.info('Tor reset', terminal=True)
def reset_tor():
"""Delete tor data directory."""
__delete('tordata')
reset_tor.onionr_help = "Deletes Onionr's Tor data directory. " # type: ignore
reset_tor.onionr_help += "Only do this as a last resort if " # type: ignore
reset_tor.onionr_help += "you have serious Tor issues." # type: ignore
def reset_tor_key_pair():
"""Delete Tor HS key pair for our node."""
__delete('hs')
reset_tor_key_pair.onionr_help = "Delete's your Tor " # type: ignore
reset_tor_key_pair.onionr_help += "node address permanently. " # type: ignore
reset_tor_key_pair.onionr_help += "Note that through " # type: ignore
reset_tor_key_pair.onionr_help += "fingerprinting attackers " # type: ignore
reset_tor_key_pair.onionr_help += "may be able to know that " # type: ignore
reset_tor_key_pair.onionr_help += "your new generated node " # type: ignore
reset_tor_key_pair.onionr_help += "address belongs to " # type: ignore
reset_tor_key_pair.onionr_help += "the same node " # type: ignore
reset_tor_key_pair.onionr_help += "as the deleted one." # type: ignore

31
src/onionrcommands/togglebootstrap.py

@ -1,31 +0,0 @@
"""Onionr - Private P2P Communication.
Toggle the bootstrap configuration
"""
import sys
import config
import logger
"""
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
"""
def toggle_bootstrap_config():
"""Toggles the bootstrap configuration."""
if config.get('general.use_bootstrap_list') is None:
logger.error('No general.bootstrap_list setting found')
sys.exit(3)
flipped: bool = not config.get('general.use_bootstrap_list')
config.set('general.use_bootstrap_list', flipped, savefile=True)

2
src/onionrtypes/__init__.py

@ -3,7 +3,6 @@ from typing import NewType
UserID = NewType('UserID', str)
UserIDSecretKey = NewType('UserIDSecretKey', str)
LANIP = NewType('LANIP', str)
LoopBackIP = NewType('LoopBackIP', str)
DeterministicKeyPassphrase = NewType('DeterministicKeyPassphrase', str)
@ -21,4 +20,3 @@ JSONSerializable = NewType('JSONSerializable', str)
# Do not use for new code
BooleanSuccessState = NewType('BooleanSuccessState', bool)
OnionAddressString = NewType('OnionAddressString', str)

3
src/runtests/__init__.py

@ -9,7 +9,6 @@ import logger
from onionrutils import epoch
from . import uicheck, inserttest, stresstest
from . import ownnode
from .webpasstest import webpass_test
from .osver import test_os_ver_endpoint
from .clearnettor import test_clearnet_tor_request
@ -33,8 +32,6 @@ from .dnsrebindingtest import test_dns_rebinding
RUN_TESTS = [uicheck.check_ui,
inserttest.insert_bin_test,
ownnode.test_tor_adder,
ownnode.test_own_node,
stresstest.stress_test_block_insert,
webpass_test,
test_os_ver_endpoint,

54
src/runtests/ownnode.py

@ -1,54 +0,0 @@
"""Onionr - Private P2P Communication.
Test own Onionr node as it is running
"""
import config
from onionrutils import basicrequests
from utils import identifyhome
from utils import gettransports
import logger
from onionrutils import localcommand
"""
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
"""
def test_own_node(test_manager):
if config.get('general.security_level', 0) > 0 or not config.get('transports.tor', True):
return
socks_port = localcommand.local_command('/gettorsocks')
if config.get('general.security_level', 0) > 0:
return
own_tor_address = gettransports.get()[0]
if 'this is an onionr node' \
not in basicrequests.do_get_request('http://' + own_tor_address,
port=socks_port,
ignoreAPI=True).lower():
logger.warn(f'Own node not reachable in test {own_tor_address}')
raise ValueError
def test_tor_adder(test_manager):
if config.get('general.security_level', 0) > 0 or not config.get('transports.tor', True):
return
with open(identifyhome.identify_home() + 'hs/hostname', 'r') as hs:
hs = hs.read().strip()
if not hs:
logger.error('No Tor node address created yet')
raise ValueError('No Tor node address created yet')
if hs not in gettransports.get():
logger.error('gettransports Tor not same as file: %s %s' %
(hs, gettransports.get()))
raise ValueError('gettransports Tor not same as file')

30
src/utils/gethostname.py

@ -1,30 +0,0 @@
"""Onionr - Private P2P Communication.
Get the node's Tor hostname
"""
from . import identifyhome
import filepaths
"""
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
"""
def get_hostname():
try:
with open(identifyhome.identify_home() + '/hs/hostname', 'r') as hostname:
return hostname.read().strip()
except FileNotFoundError:
return "Not Generated"
except Exception:
return None

59
src/utils/gettransports.py

@ -1,59 +0,0 @@
"""Onionr - Private P2P Communication.
return a list of strings of the user's transport addresses for the main
Onionr protocol
"""
from gevent import time
import filepaths
"""
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
"""
files = []
class _GetTor:
def __init__(self):
self.tor_hs = None
def get(self):
if self.tor_hs is None:
try:
with open(filepaths.tor_hs_address_file, 'r') as \
transport_file:
self.tor_hs = transport_file.read().strip()
if not self.tor_hs:
self.tor_hs = None
except FileNotFoundError:
pass
return self.tor_hs
_tor_getter = _GetTor()
def get():
transports = [_tor_getter.get()]
for file in files:
try:
with open(file, 'r') as transport_file:
transports.append(transport_file.read().strip())
except FileNotFoundError:
pass
else:
break
else:
time.sleep(1)
return list(transports)

39
src/utils/netutils.py

@ -1,39 +0,0 @@
"""Onionr - Private P2P Communication.
NetUtils offers various useful functions to Onionr networking.
"""
from random import SystemRandom
from onionrutils import basicrequests
from .readstatic import read_static
"""
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
"""
def check_network(torPort=0) -> bool:
"""Check if we are connected to the internet (through Tor)."""
success = False
try:
connect_urls = read_static('connect-check.txt').split(',')
SystemRandom().shuffle(connect_urls)
for url in connect_urls:
if basicrequests.do_get_request(
url, port=torPort, ignoreAPI=True) is not False:
success = True
break
except FileNotFoundError:
pass
return success

45
src/utils/networkmerger.py

@ -1,45 +0,0 @@
'''
Onionr - P2P Microblogging Platform & Social network
Merges peer and block lists
'''
'''
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
'''
import logger
from coredb import keydb
import config
from onionrblocks import onionrblacklist
from utils import gettransports
def mergeAdders(newAdderList):
'''
Merge peer adders list to our database
'''
blacklist = onionrblacklist.OnionrBlackList()
retVal = False
if newAdderList != False:
for adder in newAdderList.split(','):
adder = adder.strip()
if not adder in keydb.listkeys.list_adders(randomOrder = False) and not adder in gettransports.get() and not blacklist.inBlacklist(adder):
if keydb.addkeys.add_address(adder):
# Check if we have the maximum amount of allowed stored peers
if config.get('peers.max_stored_peers') > len(keydb.listkeys.list_adders()):
logger.info('Added %s to db.' % adder, timestamp = True)
retVal = True
else:
logger.warn('Reached the maximum amount of peers in the net database as allowed by your config.')
else:
pass
#logger.debug('%s is either our address or already in our DB' % adder)
return retVal
Loading…
Cancel
Save