Compare commits
286 Commits
Duncan X Simpson
dependabot-preview[bot]
Kevin F
Victor Angelier CCX
Kevin Froman
546 changed files with 5089 additions and 52249 deletions
@ -1,4 +1,6 @@ |
|||
onionr/data/**/* |
|||
onionr/data |
|||
RUN-WINDOWS.bat |
|||
MY-RUN.sh |
|||
Dockerfile |
|||
.dockerignore |
|||
.git |
|||
|
|||
@ -1 +1 @@ |
|||
PYTHONPATH=./venv/bin/python3.8 |
|||
PYTHONPATH=./venv/bin/python |
|||
@ -1,28 +1,31 @@ |
|||
FROM python |
|||
FROM python:3.7 |
|||
EXPOSE 8080 |
|||
|
|||
USER root |
|||
|
|||
RUN mkdir /app |
|||
WORKDIR /app |
|||
|
|||
#Base settings |
|||
ENV HOME /root |
|||
ENV ONIONR_DOCKER=true |
|||
|
|||
#Install needed packages |
|||
RUN apt update && apt install -y tor locales |
|||
RUN apt-get update && apt-get install -y tor locales |
|||
|
|||
RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \ |
|||
locale-gen |
|||
ENV LANG en_US.UTF-8 |
|||
ENV LANGUAGE en_US:en |
|||
ENV LC_ALL en_US.UTF-8 |
|||
ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 |
|||
|
|||
WORKDIR /srv/ |
|||
ADD ./requirements.txt /srv/requirements.txt |
|||
ADD ./requirements.txt /app/requirements.txt |
|||
RUN pip3 install --require-hashes -r requirements.txt |
|||
|
|||
WORKDIR /root/ |
|||
#Add Onionr source |
|||
COPY . /root/ |
|||
VOLUME /root/data/ |
|||
COPY . /app/ |
|||
|
|||
#Set upstart command |
|||
CMD bash |
|||
VOLUME /app/data/ |
|||
|
|||
#Expose ports |
|||
EXPOSE 8080 |
|||
#Default to running as nonprivileged user |
|||
RUN chmod g=u -R /app |
|||
USER 1000 |
|||
ENV HOME=/app |
|||
|
|||
CMD ["bash", "./run-onionr-node.sh"] |
|||
|
|||
Binary file not shown.
@ -0,0 +1,19 @@ |
|||
# Generating requirements.txt |
|||
|
|||
To generate a requirements.txt file, install pip-tools from pip |
|||
|
|||
Onionr requirements files should have hashes to prevent backdooring by the pypi server. |
|||
|
|||
Put your package versions in requirements.in like normal. Child dependencies are usually not necessary: |
|||
|
|||
``` |
|||
requests==0.1.1 |
|||
flask==0.1.1 |
|||
``` |
|||
|
|||
Then generate the requirements.txt: |
|||
|
|||
`$ pip-compile requirements.in --generate-hashes -o requirements.txt` |
|||
|
|||
|
|||
Your requirements.txt will have hash-pinned requirements of all dependencies and child dependencies. |
|||
@ -0,0 +1,44 @@ |
|||
# Running Onionr tests |
|||
|
|||
Onionr has four types of tests: |
|||
|
|||
* unittests |
|||
* integration tests |
|||
* selenium tests (web tests) |
|||
* runtime-tests |
|||
|
|||
|
|||
## unittests |
|||
|
|||
Onionr uses Python's built in unittest module. These tests are located in tests/ (top level) |
|||
|
|||
Run all tests with `$ make test`, which will also run integration tests. |
|||
|
|||
Please note that one unittest tests if runtime-tests have passed recently. This is simply a forceful reminder to run those tests as well. |
|||
|
|||
You can also run a single unittest in a loop by using the script scripts/run-unit-test-by-name.py |
|||
|
|||
## integration tests |
|||
|
|||
These tests are pretty basic and test on stdout of Onionr commands. |
|||
|
|||
They are also run from `$ make test` |
|||
|
|||
The runtime-tests do most of the actual integration testing. |
|||
|
|||
## selenium tests |
|||
|
|||
These are browser automation tests to test if the UI is working as how it should for a user. |
|||
|
|||
There's only a couple and they're incomplete, so they can be ignored for now (test manually) |
|||
|
|||
## runtime-tests |
|||
|
|||
These are important. They look into the Onionr client Flask app when Onionr daemon is running and test a bunch of things. |
|||
|
|||
If you do it a lot you should make your own Onionr network (disable official bootstrap) |
|||
|
|||
You run this while the daemon is running (probably should make sure onboarding is done), with `$ onionr.sh runtime-test` |
|||
|
|||
It's necessary to do this before running `$ make test` for unittesting |
|||
|
|||
@ -0,0 +1,43 @@ |
|||
# Onionr Security Mechanisms |
|||
|
|||
|
|||
## bigbrother 👁️ |
|||
|
|||
Bigbrother is a cheeky module that uses Python3.8+ sys auditing events to log and/or block certain sensitive events. |
|||
|
|||
It has a little overhead, so one can disable it in config in general.security_auditing |
|||
|
|||
[ChaosWebs.net/blog/preventing-arbitrary-code-execution-in-python38-with-auditing.html](https://chaoswebs.net/blog/preventing-arbitrary-code-execution-in-python38-with-auditing.html) |
|||
|
|||
### Threat model |
|||
|
|||
It is intended to log bugs leaking private file system information, block+log network leaks, and block+log eval-like arbitrary code execution. It is not intended to block malicious browser scripts or malicious Python plugins. It cannot work with subprocesses that do not activate the module. |
|||
|
|||
It's not intended to be bulletproof by any means, but it helps. |
|||
|
|||
### What big brother does |
|||
|
|||
* Disk access checks for disk access outside. Only logs, does not block |
|||
* Network leaks. (Non Tor/LAN) Blocks and logs |
|||
* Arbitrary code execution: logs and blocks non-whitelisted bytecode importing/compiling and subprocesses. |
|||
|
|||
|
|||
## Sybil attacks |
|||
|
|||
As with any decentralized network, sybil nodes could collude to spy or cause mayhem. Due to the gossip nature of Onionr, sybil nodes would have a hard time fully stopping the network. In terms of spying, they could not conclusively prove the origin of messages due to the multiple transport nature of the network and layering behind Tor/etc. |
|||
|
|||
## Tor configuration |
|||
|
|||
When managed by Onionr, Tor has a control port password that gets stored in Onionr config. |
|||
|
|||
Tor is also configured to reject requests to non-onion services, which helps to stop redirect based denial of service attacks. |
|||
|
|||
## Web security |
|||
|
|||
Onionr secures both it's main web APIs with anti-dns-rebinding logic, which validates the host header used in connections to it. This is to prevent exfiltration of data and side channel deanonymization. |
|||
|
|||
Onionr secures the client API with a token that must be passed in most requests, with the exception of static API files. This is to prevent CSRF and side channel deanonymization. |
|||
|
|||
Onionr binds most services to random loopback addresses to reduce all cross-site web attacks, including discovery of Onionr on a computer from a normal website. This is not supported on Mac because Mac does not support non 'typical' loopback addresses. |
|||
|
|||
Onionr has a strict content-security-policy, rejecting all non-localhost requests and denying inline scripts and similar insecure sources. |
|||
@ -0,0 +1,9 @@ |
|||
# Interesting papers related to Onionr development |
|||
|
|||
A paper being listed here is not end-all-be-all endorsement of every detail inside. |
|||
|
|||
* [Epidemic Routing for Partially-Connected Ad Hoc Networks](https://web.archive.org/web/20200208074703/http://issg.cs.duke.edu/epidemic/epidemic.pdf) |
|||
* [Freenet: A distibuted decentralized information storage and retrieval system](https://freenetproject.org/assets/papers/ddisrs.pdf) |
|||
* [Protecting Free Expression Online with Freenet](https://freenetproject.org/assets/papers/ddisrs.pdf) |
|||
* [Bitmessage: A Peer‐to‐Peer Message Authentication and Delivery System](https://archive.org/details/BitmessageWhitepaper/) |
|||
* [MuON: Epidemic based Mutual Anonymity](https://web.archive.org/web/20060901153544/http://www.csl.mtu.edu/cs6461/www/Reading/MuON_ICNP2005.pdf) |
|||
@ -1,13 +1,72 @@ |
|||
<h1 align="center">Onionr Developer Guide</h1> |
|||
|
|||
This page assumes that Onionr is already installed and normal user requirements are setup. |
|||
|
|||
The Onionr development environment is simple. All one really needs is a supported Python version (currently 3.7-3.8 as of writing). |
|||
|
|||
There are additional requirements specified in requirements-dev.txt |
|||
|
|||
Intended to be used from VSCode, there are scripts in scripts/ named enable/disable-dev-config.py. |
|||
**Developers agree to the [CoC](../../CODE_OF_CONDUCT.md) and to contribute new code under GPLv3 or later**. Developers should stick to PEP8 in most cases, and write unittests or integration tests where possible. |
|||
|
|||
## Developer Scripts |
|||
|
|||
run-onionr-node.py can be used to start a node with specific parameters |
|||
|
|||
Intended to be used from VSCode (but could work otherwise), there are scripts in scripts/ named enable/disable-dev-config.py. |
|||
These make modifications to the default config for the purpose of making testing Onionr nodes easier. |
|||
Be sure to disable it again before pushing work. |
|||
|
|||
Generally, one should disable bootstrap list usage when making non trivial changes. This is a config option: general.use_bootstrap_list. |
|||
There are also scripts to generate new tests. |
|||
|
|||
*When adjusting PoW, it will make your node not compatible with the existing network* |
|||
|
|||
Generally, one should disable bootstrap list usage when testing non trivial changes. This is a config option: general.use_bootstrap_list. and can be configured through enable-dev-config.py and run-onionr-node.py |
|||
|
|||
|
|||
# Current state of Onionr [2021-01-14] |
|||
|
|||
Onionr in it's current form is functional, albeit buggy. |
|||
|
|||
|
|||
## Current major components |
|||
|
|||
Onionr runs via two main HTTP gevent servers serving Flask apps. |
|||
|
|||
Dir: apiservers |
|||
|
|||
* 1 Parent app hosts all public API endpoints for the Tor transport. |
|||
* 1 Parent app hosts all UI-related files and endpoints. Some commands and internal modules interact with this API as well |
|||
* The HTTP servers have strict anti-dns-rebinding and CSRF countermeasures, so there is a script to craft requests to the UI-related API in scripts/ |
|||
* Block storage is currently handled via metadata in sqlite (mostly defunct now), and block data storage in a different database. This is in blocks/ in running Onionr daemon data directory |
|||
* cryptography is currently handled in onionrcrypto/ except for ephemeral messages which are handled by onionr |
|||
* Transport clients run from looping threads mostly created in communicator/__init__.py, this includes block lookups and uploading on the Tor transport |
|||
|
|||
## Road map |
|||
|
|||
There are several big ways Onionr will be improved in the next major version: |
|||
|
|||
* Migration to the [new modular block system](https://git.voidnet.tech/kev/onionrblocks) |
|||
* Probability proof of work -> verifiable delay function |
|||
* Friend system built on top of signing proofs (Private networks?) |
|||
* Gossip transport improvements such as with neighbor improvements. See streamfill/ and [simple gossip](https://github.com/onion-sudo/simplegossip) for incomplete experiments |
|||
|
|||
* Finish removing "communicator" |
|||
* I2P transports |
|||
* Gossip |
|||
* Torrents (patch for sha1?) |
|||
* Modular transports |
|||
* Currently transports are just threads coupled together. |
|||
* It would be better if there was a generic way to tell any loaded transport what blocks are wanted and feed back received blocks to the database |
|||
* Migrate to SafeDB for peers and blocks |
|||
* SafeDB wrapper that contacts http endpoint to store if it is running, otherwise directly open DB |
|||
* Separate UI logic from daemon. Refactor code to |
|||
* Improve cryptography |
|||
* Restore phrases or deterministic keys (generate key from password, be very careful) |
|||
* Change identities to be dual keys (ed25519+curve25519) |
|||
* Finish treasurechest |
|||
* Interact via [named pipes](https://en.wikipedia.org/wiki/Named_pipe) |
|||
* Ephemeral key management |
|||
* Encrypt/decrypt/sign/verify functions to keep key out of main memory |
|||
* PGP-like symmetric messages |
|||
|
|||
|
|||
|
|||
@ -0,0 +1,28 @@ |
|||
# Running Onionr in Docker |
|||
|
|||
A Dockerfile is included in the root directory of Onionr. |
|||
|
|||
In Docker version 20.10 (and probably others), there is a strange bug where Onionr must be run with -it or stdout will be garbled and it may hang. |
|||
|
|||
## Clone and build the image |
|||
|
|||
`$ git clone https://git.voidnet.tech/kev/onionr/` |
|||
`$ cd onionr` |
|||
`$ sudo docker build -t onionr .` |
|||
|
|||
|
|||
## Run Onionr |
|||
|
|||
`$ sudo docker run -it -p 8080:8080 onionr` |
|||
|
|||
Onionr will be accessible over any network interface by default, so make sure to either change the entry point bind-address argument or set a firewall rule. |
|||
|
|||
That said, Onionr does protect it's interface by default with a web token, which will be shown in stdout. |
|||
|
|||
**However, anyone who can access the port may be able to see what Onionr sites you have saved and potentially deanonymize your node** |
|||
|
|||
## View the UI |
|||
|
|||
Visit the address and port for the machine Onionr is running on, for example: http://192.168.1.5:8080/#<long-token-taken-from-stdout> |
|||
|
|||
If you want a secure connection to the interface, either use a proxy such as nginx or caddy, or use [SSH tunneling](./vps-cloud-guide.md). |
|||
@ -0,0 +1,24 @@ |
|||
<h1 align="center">Onionr FAQ</h1> |
|||
|
|||
(Most of the FAQ answers apply to planned features and do not reflect in the demo network) |
|||
|
|||
* How does Onionr route messages? |
|||
|
|||
Onionr creates a message with an anti-spam proof (usually). It is then forwarded between nodes using binomial tree broadcast. |
|||
|
|||
The network is structured based on the particular transport being used, for Tor, .onion addresses are used to determine closeness between nodes. |
|||
|
|||
Churn due to connectivity changes or issues, membership changes or malicious activity means nodes need to sometimes look far away for missed messages. |
|||
|
|||
To help with scale, messages can be intelligently deleted or forwarded, for example a mail message can be marked by its recipient at a given point for deletion, or forum posts can be set to expire after a short period or after lack of activity. |
|||
|
|||
|
|||
* Why do you use Python instead of [language]? |
|||
|
|||
I'm very comfortable in Python, and I believe it is a maintainable language if you use it correctly with modern features, also it has many quality libraries useful to the project, like pyncal and stem. Most places in the project are IO bound. |
|||
|
|||
|
|||
* What do you think of bad actors who might use Onionr? |
|||
|
|||
Users should be able to exclude viewing, processing, and hosting content they do not want to. To this end, I want to enable user-configurable filtering based on lists provided by friends, fuzzy hashing, and voting. |
|||
|
|||
@ -1 +0,0 @@ |
|||
<meta http-equiv="refresh" content="0;URL='src/index.html'"> |
|||
@ -1,88 +0,0 @@ |
|||
<!doctype html> |
|||
<html lang="en"> |
|||
<head> |
|||
<meta charset="utf-8"> |
|||
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1" /> |
|||
<meta name="generator" content="pdoc 0.7.4" /> |
|||
<title>src.apiservers API documentation</title> |
|||
<meta name="description" content="Flask WSGI apps for the public and private API servers …" /> |
|||
<link href='https://cdnjs.cloudflare.com/ajax/libs/normalize/8.0.0/normalize.min.css' rel='stylesheet'> |
|||
<link href='https://cdnjs.cloudflare.com/ajax/libs/10up-sanitize.css/8.0.0/sanitize.min.css' rel='stylesheet'> |
|||
<link href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css" rel="stylesheet"> |
|||
<style>.flex{display:flex !important}body{line-height:1.5em}#content{padding:20px}#sidebar{padding:30px;overflow:hidden}.http-server-breadcrumbs{font-size:130%;margin:0 0 15px 0}#footer{font-size:.75em;padding:5px 30px;border-top:1px solid #ddd;text-align:right}#footer p{margin:0 0 0 1em;display:inline-block}#footer p:last-child{margin-right:30px}h1,h2,h3,h4,h5{font-weight:300}h1{font-size:2.5em;line-height:1.1em}h2{font-size:1.75em;margin:1em 0 .50em 0}h3{font-size:1.4em;margin:25px 0 10px 0}h4{margin:0;font-size:105%}a{color:#058;text-decoration:none;transition:color .3s ease-in-out}a:hover{color:#e82}.title code{font-weight:bold}h2[id^="header-"]{margin-top:2em}.ident{color:#900}pre code{background:#f8f8f8;font-size:.8em;line-height:1.4em}code{background:#f2f2f1;padding:1px 4px;overflow-wrap:break-word}h1 code{background:transparent}pre{background:#f8f8f8;border:0;border-top:1px solid #ccc;border-bottom:1px solid #ccc;margin:1em 0;padding:1ex}#http-server-module-list{display:flex;flex-flow:column}#http-server-module-list div{display:flex}#http-server-module-list dt{min-width:10%}#http-server-module-list p{margin-top:0}.toc ul,#index{list-style-type:none;margin:0;padding:0}#index code{background:transparent}#index h3{border-bottom:1px solid #ddd}#index ul{padding:0}#index h4{font-weight:bold}#index h4 + ul{margin-bottom:.6em}@media (min-width:200ex){#index .two-column{column-count:2}}@media (min-width:300ex){#index .two-column{column-count:3}}dl{margin-bottom:2em}dl dl:last-child{margin-bottom:4em}dd{margin:0 0 1em 3em}#header-classes + dl > dd{margin-bottom:3em}dd dd{margin-left:2em}dd p{margin:10px 0}.name{background:#eee;font-weight:bold;font-size:.85em;padding:5px 10px;display:inline-block;min-width:40%}.name:hover{background:#e0e0e0}.name > span:first-child{white-space:nowrap}.name.class > span:nth-child(2){margin-left:.4em}.inherited{color:#999;border-left:5px solid #eee;padding-left:1em}.inheritance em{font-style:normal;font-weight:bold}.desc h2{font-weight:400;font-size:1.25em}.desc h3{font-size:1em}.desc dt code{background:inherit}.source summary,.git-link-div{color:#666;text-align:right;font-weight:400;font-size:.8em;text-transform:uppercase}.source summary > *{white-space:nowrap;cursor:pointer}.git-link{color:inherit;margin-left:1em}.source pre{max-height:500px;overflow:auto;margin:0}.source pre code{font-size:12px;overflow:visible}.hlist{list-style:none}.hlist li{display:inline}.hlist li:after{content:',\2002'}.hlist li:last-child:after{content:none}.hlist .hlist{display:inline;padding-left:1em}img{max-width:100%}.admonition{padding:.1em .5em;margin-bottom:1em}.admonition-title{font-weight:bold}.admonition.note,.admonition.info,.admonition.important{background:#aef}.admonition.todo,.admonition.versionadded,.admonition.tip,.admonition.hint{background:#dfd}.admonition.warning,.admonition.versionchanged,.admonition.deprecated{background:#fd4}.admonition.error,.admonition.danger,.admonition.caution{background:lightpink}</style> |
|||
<style media="screen and (min-width: 700px)">@media screen and (min-width:700px){#sidebar{width:30%}#content{width:70%;max-width:100ch;padding:3em 4em;border-left:1px solid #ddd}pre code{font-size:1em}.item .name{font-size:1em}main{display:flex;flex-direction:row-reverse;justify-content:flex-end}.toc ul ul,#index ul{padding-left:1.5em}.toc > ul > li{margin-top:.5em}}</style> |
|||
<style media="print">@media print{#sidebar h1{page-break-before:always}.source{display:none}}@media print{*{background:transparent !important;color:#000 !important;box-shadow:none !important;text-shadow:none !important}a[href]:after{content:" (" attr(href) ")";font-size:90%}a[href][title]:after{content:none}abbr[title]:after{content:" (" attr(title) ")"}.ir a:after,a[href^="javascript:"]:after,a[href^="#"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100% !important}@page{margin:0.5cm}p,h2,h3{orphans:3;widows:3}h1,h2,h3,h4,h5,h6{page-break-after:avoid}}</style> |
|||
</head> |
|||
<body> |
|||
<main> |
|||
<article id="content"> |
|||
<header> |
|||
<h1 class="title">Module <code>src.apiservers</code></h1> |
|||
</header> |
|||
<section id="section-intro"> |
|||
<p>Flask WSGI apps for the public and private API servers.</p> |
|||
<p>Public is net-facing server meant for other nodes |
|||
Private is meant for controlling and accessing this node</p> |
|||
<details class="source"> |
|||
<summary> |
|||
<span>Expand source code</span> |
|||
</summary> |
|||
<pre><code class="python">"""Flask WSGI apps for the public and private API servers. |
|||
|
|||
Public is net-facing server meant for other nodes |
|||
Private is meant for controlling and accessing this node |
|||
""" |
|||
|
|||
from . import public, private |
|||
|
|||
PublicAPI = public.PublicAPI |
|||
ClientAPI = private.PrivateAPI</code></pre> |
|||
</details> |
|||
</section> |
|||
<section> |
|||
<h2 class="section-title" id="header-submodules">Sub-modules</h2> |
|||
<dl> |
|||
<dt><code class="name"><a title="src.apiservers.private" href="private/index.html">src.apiservers.private</a></code></dt> |
|||
<dd> |
|||
<section class="desc"><p>Onionr - Private P2P Communication …</p></section> |
|||
</dd> |
|||
<dt><code class="name"><a title="src.apiservers.public" href="public/index.html">src.apiservers.public</a></code></dt> |
|||
<dd> |
|||
<section class="desc"><p>Onionr - Private P2P Communication …</p></section> |
|||
</dd> |
|||
</dl> |
|||
</section> |
|||
<section> |
|||
</section> |
|||
<section> |
|||
</section> |
|||
<section> |
|||
</section> |
|||
</article> |
|||
<nav id="sidebar"> |
|||
<h1>Index</h1> |
|||
<div class="toc"> |
|||
<ul></ul> |
|||
</div> |
|||
<ul id="index"> |
|||
<li><h3>Super-module</h3> |
|||
<ul> |
|||
<li><code><a title="src" href="../index.html">src</a></code></li> |
|||
</ul> |
|||
</li> |
|||
<li><h3><a href="#header-submodules">Sub-modules</a></h3> |
|||
<ul> |
|||
<li><code><a title="src.apiservers.private" href="private/index.html">src.apiservers.private</a></code></li> |
|||
<li><code><a title="src.apiservers.public" href="public/index.html">src.apiservers.public</a></code></li> |
|||
</ul> |
|||
</li> |
|||
</ul> |
|||
</nav> |
|||
</main> |
|||
<footer id="footer"> |
|||
<p>Generated by <a href="https://pdoc3.github.io/pdoc"><cite>pdoc</cite> 0.7.4</a>.</p> |
|||
</footer> |
|||
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js"></script> |
|||
<script>hljs.initHighlightingOnLoad()</script> |
|||
</body> |
|||
</html> |
|||
@ -1,411 +0,0 @@ |
|||
<!doctype html> |
|||
<html lang="en"> |
|||
<head> |
|||
<meta charset="utf-8"> |
|||
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1" /> |
|||
<meta name="generator" content="pdoc 0.7.4" /> |
|||
<title>src.apiservers.private API documentation</title> |
|||
<meta name="description" content="Onionr - Private P2P Communication …" /> |
|||
<link href='https://cdnjs.cloudflare.com/ajax/libs/normalize/8.0.0/normalize.min.css' rel='stylesheet'> |
|||
<link href='https://cdnjs.cloudflare.com/ajax/libs/10up-sanitize.css/8.0.0/sanitize.min.css' rel='stylesheet'> |
|||
<link href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css" rel="stylesheet"> |
|||
<style>.flex{display:flex !important}body{line-height:1.5em}#content{padding:20px}#sidebar{padding:30px;overflow:hidden}.http-server-breadcrumbs{font-size:130%;margin:0 0 15px 0}#footer{font-size:.75em;padding:5px 30px;border-top:1px solid #ddd;text-align:right}#footer p{margin:0 0 0 1em;display:inline-block}#footer p:last-child{margin-right:30px}h1,h2,h3,h4,h5{font-weight:300}h1{font-size:2.5em;line-height:1.1em}h2{font-size:1.75em;margin:1em 0 .50em 0}h3{font-size:1.4em;margin:25px 0 10px 0}h4{margin:0;font-size:105%}a{color:#058;text-decoration:none;transition:color .3s ease-in-out}a:hover{color:#e82}.title code{font-weight:bold}h2[id^="header-"]{margin-top:2em}.ident{color:#900}pre code{background:#f8f8f8;font-size:.8em;line-height:1.4em}code{background:#f2f2f1;padding:1px 4px;overflow-wrap:break-word}h1 code{background:transparent}pre{background:#f8f8f8;border:0;border-top:1px solid #ccc;border-bottom:1px solid #ccc;margin:1em 0;padding:1ex}#http-server-module-list{display:flex;flex-flow:column}#http-server-module-list div{display:flex}#http-server-module-list dt{min-width:10%}#http-server-module-list p{margin-top:0}.toc ul,#index{list-style-type:none;margin:0;padding:0}#index code{background:transparent}#index h3{border-bottom:1px solid #ddd}#index ul{padding:0}#index h4{font-weight:bold}#index h4 + ul{margin-bottom:.6em}@media (min-width:200ex){#index .two-column{column-count:2}}@media (min-width:300ex){#index .two-column{column-count:3}}dl{margin-bottom:2em}dl dl:last-child{margin-bottom:4em}dd{margin:0 0 1em 3em}#header-classes + dl > dd{margin-bottom:3em}dd dd{margin-left:2em}dd p{margin:10px 0}.name{background:#eee;font-weight:bold;font-size:.85em;padding:5px 10px;display:inline-block;min-width:40%}.name:hover{background:#e0e0e0}.name > span:first-child{white-space:nowrap}.name.class > span:nth-child(2){margin-left:.4em}.inherited{color:#999;border-left:5px solid #eee;padding-left:1em}.inheritance em{font-style:normal;font-weight:bold}.desc h2{font-weight:400;font-size:1.25em}.desc h3{font-size:1em}.desc dt code{background:inherit}.source summary,.git-link-div{color:#666;text-align:right;font-weight:400;font-size:.8em;text-transform:uppercase}.source summary > *{white-space:nowrap;cursor:pointer}.git-link{color:inherit;margin-left:1em}.source pre{max-height:500px;overflow:auto;margin:0}.source pre code{font-size:12px;overflow:visible}.hlist{list-style:none}.hlist li{display:inline}.hlist li:after{content:',\2002'}.hlist li:last-child:after{content:none}.hlist .hlist{display:inline;padding-left:1em}img{max-width:100%}.admonition{padding:.1em .5em;margin-bottom:1em}.admonition-title{font-weight:bold}.admonition.note,.admonition.info,.admonition.important{background:#aef}.admonition.todo,.admonition.versionadded,.admonition.tip,.admonition.hint{background:#dfd}.admonition.warning,.admonition.versionchanged,.admonition.deprecated{background:#fd4}.admonition.error,.admonition.danger,.admonition.caution{background:lightpink}</style> |
|||
<style media="screen and (min-width: 700px)">@media screen and (min-width:700px){#sidebar{width:30%}#content{width:70%;max-width:100ch;padding:3em 4em;border-left:1px solid #ddd}pre code{font-size:1em}.item .name{font-size:1em}main{display:flex;flex-direction:row-reverse;justify-content:flex-end}.toc ul ul,#index ul{padding-left:1.5em}.toc > ul > li{margin-top:.5em}}</style> |
|||
<style media="print">@media print{#sidebar h1{page-break-before:always}.source{display:none}}@media print{*{background:transparent !important;color:#000 !important;box-shadow:none !important;text-shadow:none !important}a[href]:after{content:" (" attr(href) ")";font-size:90%}a[href][title]:after{content:none}abbr[title]:after{content:" (" attr(title) ")"}.ir a:after,a[href^="javascript:"]:after,a[href^="#"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100% !important}@page{margin:0.5cm}p,h2,h3{orphans:3;widows:3}h1,h2,h3,h4,h5,h6{page-break-after:avoid}}</style> |
|||
</head> |
|||
<body> |
|||
<main> |
|||
<article id="content"> |
|||
<header> |
|||
<h1 class="title">Module <code>src.apiservers.private</code></h1> |
|||
</header> |
|||
<section id="section-intro"> |
|||
<p>Onionr - Private P2P Communication.</p> |
|||
<p>This file handles all incoming http requests to the client, using Flask</p> |
|||
<details class="source"> |
|||
<summary> |
|||
<span>Expand source code</span> |
|||
</summary> |
|||
<pre><code class="python">"""Onionr - Private P2P Communication. |
|||
|
|||
This file handles all incoming http requests to the client, using Flask |
|||
""" |
|||
from typing import Dict |
|||
import hmac |
|||
|
|||
import flask |
|||
from gevent.pywsgi import WSGIServer |
|||
|
|||
from onionrutils import epoch |
|||
import httpapi |
|||
from filepaths import private_API_host_file |
|||
import logger |
|||
|
|||
from etc import waitforsetvar |
|||
from . import register_private_blueprints |
|||
import config |
|||
from .. import public |
|||
""" |
|||
This program is free software: you can redistribute it and/or modify |
|||
it under the terms of the GNU General Public License as published by |
|||
the Free Software Foundation, either version 3 of the License, or |
|||
(at your option) any later version. |
|||
|
|||
This program is distributed in the hope that it will be useful, |
|||
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
GNU General Public License for more details. |
|||
|
|||
You should have received a copy of the GNU General Public License |
|||
along with this program. If not, see <https://www.gnu.org/licenses/>. |
|||
""" |
|||
|
|||
|
|||
class PrivateAPI: |
|||
"""Client HTTP api for controlling onionr and using UI.""" |
|||
|
|||
callbacks: Dict[str, Dict] = {'public': {}, 'private': {}} |
|||
|
|||
def __init__(self): |
|||
"""Initialize the api server, preping variables for later use. |
|||
|
|||
This initialization defines all of the API entry points |
|||
and handlers for the endpoints and errors |
|||
This also saves the used host (random localhost IP address) |
|||
to the data folder in host.txt |
|||
""" |
|||
self.config = config |
|||
|
|||
self.startTime = epoch.get_epoch() |
|||
app = flask.Flask(__name__) |
|||
bind_port = int(config.get('client.client.port', 59496)) |
|||
self.bindPort = bind_port |
|||
|
|||
self.clientToken = config.get('client.webpassword') |
|||
|
|||
self.host = httpapi.apiutils.setbindip.set_bind_IP( |
|||
private_API_host_file) |
|||
logger.info('Running api on %s:%s' % (self.host, self.bindPort)) |
|||
self.httpServer = '' |
|||
|
|||
self.queueResponse = {} |
|||
self.get_block_data = httpapi.apiutils.GetBlockData(self) |
|||
register_private_blueprints.register_private_blueprints(self, app) |
|||
httpapi.load_plugin_blueprints(app) |
|||
self.app = app |
|||
|
|||
def start(self): |
|||
"""Start client gevent API web server with flask client app.""" |
|||
waitforsetvar.wait_for_set_var(self, "_too_many") |
|||
fd_handler = httpapi.fdsafehandler.FDSafeHandler |
|||
self.publicAPI = self._too_many.get( # pylint: disable=E1101 |
|||
public.PublicAPI) |
|||
self.httpServer = WSGIServer((self.host, self.bindPort), |
|||
self.app, log=None, |
|||
handler_class=fd_handler) |
|||
self.httpServer.serve_forever() |
|||
|
|||
def setPublicAPIInstance(self, inst): |
|||
"""Dynamically set public API instance.""" |
|||
self.publicAPI = inst |
|||
|
|||
def validateToken(self, token): |
|||
"""Validate that the client token matches the given token. |
|||
|
|||
Used to prevent CSRF and other attacks. |
|||
""" |
|||
if not self.clientToken: |
|||
logger.error("client password needs to be set") |
|||
return False |
|||
try: |
|||
return hmac.compare_digest(self.clientToken, token) |
|||
except TypeError: |
|||
return False |
|||
|
|||
def getUptime(self) -> int: |
|||
"""Safely wait for uptime to be set and return it.""" |
|||
while True: |
|||
try: |
|||
return epoch.get_epoch() - self.startTime |
|||
except (AttributeError, NameError): |
|||
# Don't error on race condition with startup |
|||
pass |
|||
|
|||
def getBlockData(self, bHash, decrypt=False, raw=False, |
|||
headerOnly=False) -> bytes: |
|||
"""Returns block data bytes.""" |
|||
return self.get_block_data.get_block_data(bHash, |
|||
decrypt=decrypt, |
|||
raw=raw, |
|||
headerOnly=headerOnly)</code></pre> |
|||
</details> |
|||
</section> |
|||
<section> |
|||
<h2 class="section-title" id="header-submodules">Sub-modules</h2> |
|||
<dl> |
|||
<dt><code class="name"><a title="src.apiservers.private.register_private_blueprints" href="register_private_blueprints.html">src.apiservers.private.register_private_blueprints</a></code></dt> |
|||
<dd> |
|||
<section class="desc"><p>Onionr - Private P2P Communication …</p></section> |
|||
</dd> |
|||
</dl> |
|||
</section> |
|||
<section> |
|||
</section> |
|||
<section> |
|||
</section> |
|||
<section> |
|||
<h2 class="section-title" id="header-classes">Classes</h2> |
|||
<dl> |
|||
<dt id="src.apiservers.private.PrivateAPI"><code class="flex name class"> |
|||
<span>class <span class="ident">PrivateAPI</span></span> |
|||