2017-12-26 07:25:29 +00:00
|
|
|
'''
|
|
|
|
|
Onionr - P2P Microblogging Platform & Social network
|
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
|
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
|
'''
|
2017-12-27 05:00:02 +00:00
|
|
|
import flask
|
|
|
|
|
from flask import request, Response
|
2017-12-27 01:13:19 +00:00
|
|
|
import configparser, sys, random
|
|
|
|
|
'''
|
|
|
|
|
Main API
|
|
|
|
|
'''
|
2017-12-26 07:25:29 +00:00
|
|
|
class API:
|
2017-12-27 01:13:19 +00:00
|
|
|
|
|
|
|
|
def __init__(self, config, debug):
|
|
|
|
|
self.config = config
|
2017-12-27 05:00:02 +00:00
|
|
|
self.debug = debug
|
|
|
|
|
app = flask.Flask(__name__)
|
2017-12-27 01:13:19 +00:00
|
|
|
bindPort = int(self.config['CLIENT']['PORT'])
|
|
|
|
|
clientToken = self.config['CLIENT']['CLIENT HMAC']
|
|
|
|
|
|
|
|
|
|
if not debug:
|
|
|
|
|
hostNums = [random.randint(1, 255), random.randint(1, 255), random.randint(1, 255)]
|
|
|
|
|
self.host = '127.' + str(hostNums[0]) + '.' + str(hostNums[1]) + '.' + str(hostNums[2])
|
|
|
|
|
else:
|
|
|
|
|
self.host = '127.0.0.1'
|
|
|
|
|
|
2017-12-27 05:00:02 +00:00
|
|
|
@app.after_request
|
|
|
|
|
def afterReq(resp):
|
|
|
|
|
resp.headers['Access-Control-Allow-Origin'] = '*'
|
|
|
|
|
resp.headers['server'] = 'Onionr'
|
|
|
|
|
resp.headers['content-type'] = 'text/plain'
|
|
|
|
|
resp.headers["Content-Security-Policy"] = "default-src 'none'"
|
|
|
|
|
resp.headers['x-frame-options'] = 'deny'
|
|
|
|
|
return resp
|
|
|
|
|
|
2017-12-27 01:13:19 +00:00
|
|
|
@app.route('/client/hello')
|
|
|
|
|
def hello_world():
|
|
|
|
|
self.validateHost()
|
2017-12-27 05:00:02 +00:00
|
|
|
resp = Response('Hello, World!' + request.host)
|
|
|
|
|
return resp
|
|
|
|
|
|
|
|
|
|
@app.errorhandler(404)
|
|
|
|
|
def notfound(err):
|
|
|
|
|
resp = Response("\_(0_0)_/ I got nothin")
|
|
|
|
|
resp.headers = getHeaders(resp)
|
|
|
|
|
return resp
|
2017-12-27 01:13:19 +00:00
|
|
|
|
|
|
|
|
print('Starting client on ' + self.host + ':' + str(bindPort))
|
|
|
|
|
print('Client token:', clientToken)
|
|
|
|
|
|
|
|
|
|
app.run(host=self.host, port=bindPort, debug=True)
|
|
|
|
|
|
|
|
|
|
def validateHost(self):
|
2017-12-27 05:00:02 +00:00
|
|
|
if self.debug:
|
|
|
|
|
return
|
2017-12-27 01:13:19 +00:00
|
|
|
# Validate host header, to protect against DNS rebinding attacks
|
|
|
|
|
if request.host != '127.0.0.1:' + str(self.config['CLIENT']['PORT']):
|
|
|
|
|
sys.exit(1)
|
|
|
|
|
# Validate x-requested-with, to protect against CSRF/metadata leaks
|
|
|
|
|
try:
|
|
|
|
|
request.headers['x-requested-with']
|
|
|
|
|
except:
|
2017-12-27 05:00:02 +00:00
|
|
|
sys.exit(1)
|
