misc work on webui

master
Kevin Froman 2019-09-04 01:20:11 -05:00
parent cf26232d61
commit 170cca9620
14 changed files with 115 additions and 23 deletions

View File

@ -52,9 +52,9 @@ class PublicAPISecurity:
# Network API version
resp.headers['X-API'] = public_api.API_VERSION
# Delete some HTTP headers for Onionr user agents
NON_NETWORK_HEADERS = ('Content-Security-Policy', 'X-Frame-Options',
'X-Content-Type-Options', 'Feature-Policy', 'Clear-Site-Data', 'Referrer-Policy')
if g.is_onionr_client:
del resp.headers['Content-Security-Policy']
del resp.headers['X-Frame-Options']
del resp.headers['X-Content-Type-Options']
for header in NON_NETWORK_HEADERS: del resp.headers[header]
public_api.lastRequest = epoch.get_rounded_epoch(roundS=5)
return resp

View File

@ -118,8 +118,6 @@ class Block:
else:
retData = True
self.decrypted = True
else:
logger.warn('symmetric decryption is not yet supported by this API')
return retData
def verifySig(self):
@ -189,7 +187,7 @@ class Block:
return True
except Exception as e:
logger.warn('Failed to parse block %s.' % self.getHash(), error = e, timestamp = False)
logger.warn('Failed to parse block %s' % self.getHash(), error = e, timestamp = False)
# if block can't be parsed, it's a waste of precious space. Throw it away.
if not self.delete():
@ -213,8 +211,9 @@ class Block:
os.remove(self.getBlockFile())
except TypeError:
pass
removeblock.remove_block(self.getHash())
b_hash = self.getHash()
onionrstorage.deleteBlock(b_hash)
removeblock.remove_block(b_hash)
return True
return False

View File

@ -115,7 +115,7 @@ def insert_block(data, header='txt', sign=False, encryptType='', symKey='', asym
# ensure expire is integer and of sane length
if type(expire) is not type(None):
assert len(str(int(expire))) < 14
assert len(str(int(expire))) < 20
metadata['expire'] = expire
# send block data (and metadata) to POW module to get tokenized block data

View File

@ -17,6 +17,10 @@
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
'''
FEATURE_POLICY = """vibrate; vr; webauthn; usb; sync-xhr; speaker;
picture-in-picture; payment; midi; microphone; magnetometer; gyroscope;
geolocation; fullscreen; encrypted-media; document-domain;
camera; accelerometer; ambient-light-sensor""".replace('\n', '') # have to remove \n for flask
def set_default_onionr_http_headers(flask_response):
'''Response headers'''
flask_response.headers['Content-Security-Policy'] = "default-src 'none'; style-src data: 'unsafe-inline'; img-src data:"
@ -25,4 +29,7 @@ def set_default_onionr_http_headers(flask_response):
flask_response.headers['Server'] = ''
flask_response.headers['Date'] = 'Thu, 1 Jan 1970 00:00:00 GMT' # Clock info is probably useful to attackers. Set to unix epoch.
flask_response.headers['Connection'] = "close"
flask_response.headers['Clear-Site-Data'] = '"cache", "cookies", "storage", "executionContexts"'
flask_response.headers['Feature-Policy'] = FEATURE_POLICY
flask_response.headers['Referrer-Policy'] = 'no-referrer'
return flask_response

View File

@ -57,10 +57,12 @@ def process_block_metadata(blockHash: str):
pass
# Set block expire time if specified
try:
expireTime = myBlock.getHeader('expire')
assert len(str(int(expireTime))) < 20 # test that expire time is an integer of sane length (for epoch)
expireTime = int(myBlock.getHeader('expire'))
assert len(str(expireTime)) < 20 # test that expire time is an integer of sane length (for epoch)
except (AssertionError, ValueError, TypeError) as e:
expireTime = onionrvalues.DEFAULT_EXPIRE + curTime
finally:
expireTime = min(expireTime, curTime + onionrvalues.DEFAULT_EXPIRE)
blockmetadb.update_block_info(blockHash, 'expire', expireTime)
onionrevents.event('processblocks', data = {'block': myBlock, 'type': blockType, 'signer': signer, 'validSig': valid})

View File

@ -94,7 +94,7 @@ function getBlocks(){
}
var feedText = httpGet('/flow/getpostsbyboard/' + ch)
var blockList = feedText.split(',').reverse()
console.log(blockList)
for (i = 0; i < blockList.length; i++){
while (blockList[i].length < 64) blockList[i] = "0" + blockList[i]
if (! requested.includes(blockList[i])){

View File

@ -86,7 +86,7 @@
</div>
<footer class="card-footer">
<a class="card-footer-item">
<input class='button' type='submit' value='Post'>
<input class='button is-primary' type='submit' value='Post'>
</a>
</footer>
</form>

View File

@ -27,8 +27,10 @@ function removeFriend(pubkey){
addForm.onsubmit = function(){
var friend = document.getElementsByName('addKey')[0]
var alias = document.getElementsByName('data')[0]
if (alias.value.toLowerCase() == 'anonymous'){
alert('Anonymous is a reserved name')
if (alias.value.toLowerCase().trim() == 'anonymous'){
PNotify.error({
text: "Anonymous is a reserved alias name"
})
return false
}

View File

@ -9,9 +9,15 @@
Friends
</title>
<link rel='shortcut icon' type='image/ico' href='/shared/images/favicon.ico'>
<link rel='stylesheet' href='/shared/main/PNotifyBrightTheme.css'>
<link rel='stylesheet' href='/shared/main/bulma.min.css'>
<link rel='stylesheet' href='/shared/main/styles-new.css'>
<link rel='stylesheet' href='/friends/style.css'>
<script defer src="/shared/node_modules/pnotify/dist/iife/PNotify.js"></script>
<script defer src="/shared/node_modules/pnotify/dist/iife/PNotifyButtons.js"></script>
<script defer src="/shared/navbar.js"></script>
<script defer src="/shared/misc.js"></script>
<script defer src="/friends/friends.js"></script>
</head>
<body>
@ -102,14 +108,14 @@
<div class="field">
<label class="label">Alias</label>
<p class="control is-expanded">
<input id="" class="input" type="text" name='data' placeholder='Name'>
<input id="" class="input" type="text" name='data' placeholder='Name' required>
</p>
</div>
</div>
</div>
<footer class="card-footer">
<a class="card-footer-item">
<button class="button" type='submit'>Add to list</button>
<button class="button is-success" type='submit'>Add Friend</button>
</a>
</footer>
</div>
@ -151,9 +157,6 @@
</div>
</div>
</template>
<script src='/shared/navbar.js'></script>
<script src='/shared/misc.js'></script>
<script src='/friends/friends.js'></script>
</body>
</html>

View File

@ -13,6 +13,7 @@
<link rel="stylesheet" href="/shared/main/bulma.min.css">
<link rel="stylesheet" href="/shared/main/styles-new.css">
<script defer src='/shared/navbar.js'></script>
<script defer src='/shared/loadabout.js'></script>
<script defer src='/shared/misc.js'></script>
<script defer src='/shared/main/stats.js'></script>
<script defer src='/shared/panel.js'></script>
@ -51,6 +52,9 @@
<a class="navbar-item idLink" href="/board/">Circles</a>
<a class="navbar-item idLink" href="/chat/">Chat</a>
</div>
<div class="navbar-end">
<a class="navbar-item idLink aboutLink">About</a>
</div>
</div>
</nav>
@ -205,6 +209,17 @@
</div>
</div>
<br>
<div class="modal aboutModal">
<div class="modal-background"></div>
<div class="modal-card">
<header class="modal-card-head">
<button class="closeAboutModal delete" aria-label="close"></button>
</header>
<section class="modal-card-body aboutBody">
Loading... <i class="fas fa-spinner fa-spin"></i>
</section>
</div>
</div>
</body>
</html>

View File

@ -0,0 +1,16 @@
<img src="shared/images/onionr-text.png" class="aboutLogo" alt="Onionr">
<p>Onionr is a private decentralized communication network</p>
<br>
<b>Onionr is built with:</b>
<br>
<ul>
<li><a href="https://torproject.org/">Tor</a> - Onionr routes all traffic through Tor by default</li>
<li><a href="https://stem.torproject.org/">Stem</a> - Python library to interact with Tor</li>
<li><a href="https://palletsprojects.com/p/flask/">Flask</a> - Lightweight Python web framework</li>
<li><a href="http://gevent.org">Gevent</a> - For the thread-safe WSGI servers</li>
<li><a href="https://2.python-requests.org/en/master/">Requests</a> - HTTP requests for humans</li>
</ul>

View File

@ -0,0 +1,5 @@
fetch('shared/about.html')
.then(resp=>resp.text())
.then(function(response) {
aboutText = response
})

View File

@ -53,4 +53,9 @@ html {
.navbarLogo{
margin-right: 5px;
color: red;
}
.aboutLogo{
max-width: 25%;
margin-bottom: 1em;
}

View File

@ -112,15 +112,53 @@ if (typeof myPubCopy != "undefined"){
var copyText = document.getElementById("myPub");
copyText.select()
document.execCommand("copy")
if (typeof PNotify != 'undefined'){
PNotify.success({
text: "Copied to clipboard"
})
}
console.log("copied pubkey to clipboard")
}
}
/* For Config toggle on homepage */
var toggle = document.getElementById("configToggle");
var content = document.getElementById("configContent");
var toggle = document.getElementById("configToggle")
var content = document.getElementById("configContent")
if(typeof toggle !== 'undefined' && toggle !== null) {
toggle.addEventListener("click", function() {
content.classList.toggle("show");
})
}
}
var aboutBtns = document.getElementsByClassName('aboutLink')
var aboutModals = document.getElementsByClassName('aboutModal')
var aboutCloseBtns = document.getElementsByClassName('closeAboutModal')
var aboutText = ''
setAbout = function(){
if (aboutText === ''){
setTimeout(function(){setAbout()}, 100)
return
}
let aboutBody = document.getElementsByClassName('aboutBody')
for (i = 0; i < aboutBody.length; i++){
aboutBody[i].innerHTML = aboutText
}
}
for (x = 0; x < aboutBtns.length; x++){
aboutBtns[x].onclick = function(){
for (i = 0; i < aboutModals.length; i++){
aboutModals[i].classList.add('is-active')
}
}
}
for (i = 0; i < aboutCloseBtns.length; i++){
aboutCloseBtns[i].onclick = function(e){
e.target.parentElement.parentElement.parentElement.classList.remove('is-active')
}
}
setAbout()