From 170cca962066f792ff02669c3709f632b9247d4c Mon Sep 17 00:00:00 2001 From: Kevin Froman Date: Wed, 4 Sep 2019 01:20:11 -0500 Subject: [PATCH] misc work on webui --- onionr/httpapi/security/public.py | 6 +-- onionr/onionrblockapi.py | 9 ++-- onionr/onionrblocks/insert.py | 2 +- onionr/onionrservices/httpheaders.py | 7 +++ onionr/onionrutils/blockmetadata/process.py | 6 ++- onionr/static-data/www/board/board.js | 2 +- onionr/static-data/www/board/index.html | 2 +- onionr/static-data/www/friends/friends.js | 6 ++- onionr/static-data/www/friends/index.html | 13 +++--- onionr/static-data/www/private/index.html | 15 +++++++ onionr/static-data/www/shared/about.html | 16 +++++++ onionr/static-data/www/shared/loadabout.js | 5 +++ .../www/shared/main/styles-new.css | 5 +++ onionr/static-data/www/shared/misc.js | 44 +++++++++++++++++-- 14 files changed, 115 insertions(+), 23 deletions(-) create mode 100644 onionr/static-data/www/shared/about.html create mode 100644 onionr/static-data/www/shared/loadabout.js diff --git a/onionr/httpapi/security/public.py b/onionr/httpapi/security/public.py index 3b591504..c0f79dd3 100644 --- a/onionr/httpapi/security/public.py +++ b/onionr/httpapi/security/public.py @@ -52,9 +52,9 @@ class PublicAPISecurity: # Network API version resp.headers['X-API'] = public_api.API_VERSION # Delete some HTTP headers for Onionr user agents + NON_NETWORK_HEADERS = ('Content-Security-Policy', 'X-Frame-Options', + 'X-Content-Type-Options', 'Feature-Policy', 'Clear-Site-Data', 'Referrer-Policy') if g.is_onionr_client: - del resp.headers['Content-Security-Policy'] - del resp.headers['X-Frame-Options'] - del resp.headers['X-Content-Type-Options'] + for header in NON_NETWORK_HEADERS: del resp.headers[header] public_api.lastRequest = epoch.get_rounded_epoch(roundS=5) return resp \ No newline at end of file diff --git a/onionr/onionrblockapi.py b/onionr/onionrblockapi.py index e263805b..1cfd3b31 100755 --- a/onionr/onionrblockapi.py +++ b/onionr/onionrblockapi.py @@ -118,8 +118,6 @@ class Block: else: retData = True self.decrypted = True - else: - logger.warn('symmetric decryption is not yet supported by this API') return retData def verifySig(self): @@ -189,7 +187,7 @@ class Block: return True except Exception as e: - logger.warn('Failed to parse block %s.' % self.getHash(), error = e, timestamp = False) + logger.warn('Failed to parse block %s' % self.getHash(), error = e, timestamp = False) # if block can't be parsed, it's a waste of precious space. Throw it away. if not self.delete(): @@ -213,8 +211,9 @@ class Block: os.remove(self.getBlockFile()) except TypeError: pass - - removeblock.remove_block(self.getHash()) + b_hash = self.getHash() + onionrstorage.deleteBlock(b_hash) + removeblock.remove_block(b_hash) return True return False diff --git a/onionr/onionrblocks/insert.py b/onionr/onionrblocks/insert.py index 22d0e366..c0c23599 100644 --- a/onionr/onionrblocks/insert.py +++ b/onionr/onionrblocks/insert.py @@ -115,7 +115,7 @@ def insert_block(data, header='txt', sign=False, encryptType='', symKey='', asym # ensure expire is integer and of sane length if type(expire) is not type(None): - assert len(str(int(expire))) < 14 + assert len(str(int(expire))) < 20 metadata['expire'] = expire # send block data (and metadata) to POW module to get tokenized block data diff --git a/onionr/onionrservices/httpheaders.py b/onionr/onionrservices/httpheaders.py index 63c4a6ad..5726a276 100755 --- a/onionr/onionrservices/httpheaders.py +++ b/onionr/onionrservices/httpheaders.py @@ -17,6 +17,10 @@ You should have received a copy of the GNU General Public License along with this program. If not, see . ''' +FEATURE_POLICY = """vibrate; vr; webauthn; usb; sync-xhr; speaker; +picture-in-picture; payment; midi; microphone; magnetometer; gyroscope; +geolocation; fullscreen; encrypted-media; document-domain; +camera; accelerometer; ambient-light-sensor""".replace('\n', '') # have to remove \n for flask def set_default_onionr_http_headers(flask_response): '''Response headers''' flask_response.headers['Content-Security-Policy'] = "default-src 'none'; style-src data: 'unsafe-inline'; img-src data:" @@ -25,4 +29,7 @@ def set_default_onionr_http_headers(flask_response): flask_response.headers['Server'] = '' flask_response.headers['Date'] = 'Thu, 1 Jan 1970 00:00:00 GMT' # Clock info is probably useful to attackers. Set to unix epoch. flask_response.headers['Connection'] = "close" + flask_response.headers['Clear-Site-Data'] = '"cache", "cookies", "storage", "executionContexts"' + flask_response.headers['Feature-Policy'] = FEATURE_POLICY + flask_response.headers['Referrer-Policy'] = 'no-referrer' return flask_response \ No newline at end of file diff --git a/onionr/onionrutils/blockmetadata/process.py b/onionr/onionrutils/blockmetadata/process.py index 4ad4991a..be595194 100644 --- a/onionr/onionrutils/blockmetadata/process.py +++ b/onionr/onionrutils/blockmetadata/process.py @@ -57,10 +57,12 @@ def process_block_metadata(blockHash: str): pass # Set block expire time if specified try: - expireTime = myBlock.getHeader('expire') - assert len(str(int(expireTime))) < 20 # test that expire time is an integer of sane length (for epoch) + expireTime = int(myBlock.getHeader('expire')) + assert len(str(expireTime)) < 20 # test that expire time is an integer of sane length (for epoch) except (AssertionError, ValueError, TypeError) as e: expireTime = onionrvalues.DEFAULT_EXPIRE + curTime finally: + expireTime = min(expireTime, curTime + onionrvalues.DEFAULT_EXPIRE) blockmetadb.update_block_info(blockHash, 'expire', expireTime) + onionrevents.event('processblocks', data = {'block': myBlock, 'type': blockType, 'signer': signer, 'validSig': valid}) diff --git a/onionr/static-data/www/board/board.js b/onionr/static-data/www/board/board.js index 0092963c..8520168a 100755 --- a/onionr/static-data/www/board/board.js +++ b/onionr/static-data/www/board/board.js @@ -94,7 +94,7 @@ function getBlocks(){ } var feedText = httpGet('/flow/getpostsbyboard/' + ch) var blockList = feedText.split(',').reverse() - console.log(blockList) + for (i = 0; i < blockList.length; i++){ while (blockList[i].length < 64) blockList[i] = "0" + blockList[i] if (! requested.includes(blockList[i])){ diff --git a/onionr/static-data/www/board/index.html b/onionr/static-data/www/board/index.html index 4c913f3d..f5310add 100755 --- a/onionr/static-data/www/board/index.html +++ b/onionr/static-data/www/board/index.html @@ -86,7 +86,7 @@ diff --git a/onionr/static-data/www/friends/friends.js b/onionr/static-data/www/friends/friends.js index 57c35f64..1b9a2b30 100755 --- a/onionr/static-data/www/friends/friends.js +++ b/onionr/static-data/www/friends/friends.js @@ -27,8 +27,10 @@ function removeFriend(pubkey){ addForm.onsubmit = function(){ var friend = document.getElementsByName('addKey')[0] var alias = document.getElementsByName('data')[0] - if (alias.value.toLowerCase() == 'anonymous'){ - alert('Anonymous is a reserved name') + if (alias.value.toLowerCase().trim() == 'anonymous'){ + PNotify.error({ + text: "Anonymous is a reserved alias name" + }) return false } diff --git a/onionr/static-data/www/friends/index.html b/onionr/static-data/www/friends/index.html index 0769c4ed..661e29ee 100755 --- a/onionr/static-data/www/friends/index.html +++ b/onionr/static-data/www/friends/index.html @@ -9,9 +9,15 @@ Friends + + + + + + @@ -102,14 +108,14 @@

- +

@@ -151,9 +157,6 @@ - - - \ No newline at end of file diff --git a/onionr/static-data/www/private/index.html b/onionr/static-data/www/private/index.html index 06ca219d..6ee7479d 100755 --- a/onionr/static-data/www/private/index.html +++ b/onionr/static-data/www/private/index.html @@ -13,6 +13,7 @@ + @@ -51,6 +52,9 @@ Circles Chat + @@ -205,6 +209,17 @@
+ \ No newline at end of file diff --git a/onionr/static-data/www/shared/about.html b/onionr/static-data/www/shared/about.html new file mode 100644 index 00000000..a82d54ab --- /dev/null +++ b/onionr/static-data/www/shared/about.html @@ -0,0 +1,16 @@ + + +

Onionr is a private decentralized communication network

+ +
+ +Onionr is built with: +
+ diff --git a/onionr/static-data/www/shared/loadabout.js b/onionr/static-data/www/shared/loadabout.js new file mode 100644 index 00000000..4bf26d20 --- /dev/null +++ b/onionr/static-data/www/shared/loadabout.js @@ -0,0 +1,5 @@ +fetch('shared/about.html') + .then(resp=>resp.text()) + .then(function(response) { + aboutText = response + }) \ No newline at end of file diff --git a/onionr/static-data/www/shared/main/styles-new.css b/onionr/static-data/www/shared/main/styles-new.css index b73b3fd6..8d3a8062 100644 --- a/onionr/static-data/www/shared/main/styles-new.css +++ b/onionr/static-data/www/shared/main/styles-new.css @@ -53,4 +53,9 @@ html { .navbarLogo{ margin-right: 5px; color: red; +} + +.aboutLogo{ + max-width: 25%; + margin-bottom: 1em; } \ No newline at end of file diff --git a/onionr/static-data/www/shared/misc.js b/onionr/static-data/www/shared/misc.js index 8f3e16c9..b50b794a 100755 --- a/onionr/static-data/www/shared/misc.js +++ b/onionr/static-data/www/shared/misc.js @@ -112,15 +112,53 @@ if (typeof myPubCopy != "undefined"){ var copyText = document.getElementById("myPub"); copyText.select() document.execCommand("copy") + if (typeof PNotify != 'undefined'){ + PNotify.success({ + text: "Copied to clipboard" + }) + } + console.log("copied pubkey to clipboard") } } /* For Config toggle on homepage */ -var toggle = document.getElementById("configToggle"); -var content = document.getElementById("configContent"); +var toggle = document.getElementById("configToggle") +var content = document.getElementById("configContent") if(typeof toggle !== 'undefined' && toggle !== null) { toggle.addEventListener("click", function() { content.classList.toggle("show"); }) -} \ No newline at end of file +} + +var aboutBtns = document.getElementsByClassName('aboutLink') +var aboutModals = document.getElementsByClassName('aboutModal') +var aboutCloseBtns = document.getElementsByClassName('closeAboutModal') + +var aboutText = '' + +setAbout = function(){ + if (aboutText === ''){ + setTimeout(function(){setAbout()}, 100) + return + } + let aboutBody = document.getElementsByClassName('aboutBody') + for (i = 0; i < aboutBody.length; i++){ + aboutBody[i].innerHTML = aboutText + } +} + +for (x = 0; x < aboutBtns.length; x++){ + aboutBtns[x].onclick = function(){ + for (i = 0; i < aboutModals.length; i++){ + aboutModals[i].classList.add('is-active') + } + } +} +for (i = 0; i < aboutCloseBtns.length; i++){ + aboutCloseBtns[i].onclick = function(e){ + e.target.parentElement.parentElement.parentElement.classList.remove('is-active') + } +} + +setAbout() \ No newline at end of file