fixed site loader and subdirs
parent
0cce0f4318
commit
1166c9155a
|
@ -64,11 +64,11 @@ def site(name: str)->Response:
|
||||||
abort(404)
|
abort(404)
|
||||||
return Response(resp)
|
return Response(resp)
|
||||||
|
|
||||||
@site_api.route('/site/<name>/<file>', endpoint='siteFile')
|
@site_api.route('/site/<name>/<path:file>', endpoint='siteFile')
|
||||||
def site_file(name: str, file: str)->Response:
|
def site_file(name: str, file: str)->Response:
|
||||||
"""Accept a site 'name', if pubkey then show multi-page site, if hash show single page site"""
|
"""Accept a site 'name', if pubkey then show multi-page site, if hash show single page site"""
|
||||||
resp: str = 'Not Found'
|
resp: str = 'Not Found'
|
||||||
mime_type = 'text/html'
|
mime_type = mimetypes.MimeTypes().guess_type(file)[0]
|
||||||
|
|
||||||
# If necessary convert the name to base32 from mnemonic
|
# If necessary convert the name to base32 from mnemonic
|
||||||
if mnemonickeys.DELIMITER in name:
|
if mnemonickeys.DELIMITER in name:
|
||||||
|
@ -92,4 +92,4 @@ def site_file(name: str, file: str)->Response:
|
||||||
pass
|
pass
|
||||||
if resp == 'Not Found' or not resp:
|
if resp == 'Not Found' or not resp:
|
||||||
abort(404)
|
abort(404)
|
||||||
return Response(resp)
|
return Response(resp, mimetype=mime_type)
|
||||||
|
|
|
@ -49,6 +49,7 @@ class ClientAPISecurity:
|
||||||
|
|
||||||
if request.endpoint in whitelist_endpoints:
|
if request.endpoint in whitelist_endpoints:
|
||||||
return
|
return
|
||||||
|
if request.path.startswith('/site/'): return
|
||||||
try:
|
try:
|
||||||
if not hmac.compare_digest(request.headers['token'], client_api.clientToken):
|
if not hmac.compare_digest(request.headers['token'], client_api.clientToken):
|
||||||
if not hmac.compare_digest(request.form['token'], client_api.clientToken):
|
if not hmac.compare_digest(request.form['token'], client_api.clientToken):
|
||||||
|
@ -61,8 +62,8 @@ class ClientAPISecurity:
|
||||||
def after_req(resp):
|
def after_req(resp):
|
||||||
# Security headers
|
# Security headers
|
||||||
resp = httpheaders.set_default_onionr_http_headers(resp)
|
resp = httpheaders.set_default_onionr_http_headers(resp)
|
||||||
if request.endpoint == 'siteapi.site':
|
if request.endpoint in ('siteapi.site', 'siteapi.siteFile'):
|
||||||
resp.headers['Content-Security-Policy'] = "default-src 'none'; style-src data: 'unsafe-inline'; img-src data:"
|
resp.headers['Content-Security-Policy'] = "default-src 'none'; style-src 'self' data: 'unsafe-inline'; img-src 'self' data:; media-src 'self' data:"
|
||||||
else:
|
else:
|
||||||
resp.headers['Content-Security-Policy'] = "default-src 'none'; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; media-src 'none'; frame-src 'none'; font-src 'self'; connect-src 'self'"
|
resp.headers['Content-Security-Policy'] = "default-src 'none'; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; media-src 'none'; frame-src 'none'; font-src 'self'; connect-src 'self'"
|
||||||
return resp
|
return resp
|
|
@ -9,12 +9,12 @@ function checkHex(str) {
|
||||||
document.getElementById('openSite').onclick = function(){
|
document.getElementById('openSite').onclick = function(){
|
||||||
var hash = document.getElementById('siteViewer').value
|
var hash = document.getElementById('siteViewer').value
|
||||||
if (hash.length == 0){ return }
|
if (hash.length == 0){ return }
|
||||||
if (checkHex(hash) && hash.length >= 50){
|
if (checkHex(hash) && hash.length >= 50 || hash.length == 52 || hash.length == 56){
|
||||||
window.location.href = '/site/' + hash
|
window.location.href = '/site/' + hash
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
PNotify.notice({
|
PNotify.notice({
|
||||||
text: 'Invalid site hash'
|
text: 'Invalid site hash/ID'
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
Loading…
Reference in New Issue