renamed onionr dir and bugfixes/linting progress

2019-11-20 04:52:50 -06:00 · 2019-11-20 04:52:50 -06:00 · 720efe4fca
commit 720efe4fca
parent 2b996da17f
226 changed files with 179 additions and 142 deletions
--- a/src/apiservers/README.md
+++ b/src/apiservers/README.md
@ -0,0 +1,9 @@
+# API Servers
+
+Contains the WSGI servers Onionr uses for remote peer communication and local daemon control
+
+## Files
+
+* \_\_init\_\_.py: Exposes the server classes
+* private: Contains the client API (the server used to interact with the local Onionr daemon, and view the web UI)
+* public: Contains the public API (the server used by remote peers to talk to our daemon)
--- a/src/apiservers/init.py
+++ b/src/apiservers/init.py
@ -0,0 +1,3 @@
+from . import public, private
+PublicAPI = public.PublicAPI
+ClientAPI = private.PrivateAPI
--- a/src/apiservers/private/README.md
+++ b/src/apiservers/private/README.md
@ -0,0 +1,8 @@
+# Private API Server
+
+Private API server, used to access the web interface locally and control Onionr
+
+## Files
+
+* \_\_init\_\_.py: Sets up the server and a few misc functions
+* register_private_blueprints.py: Adds in flask blueprints for various sub-APIs
--- a/src/apiservers/private/init.py
+++ b/src/apiservers/private/init.py
@ -0,0 +1,95 @@
+'''
+    Onionr - Private P2P Communication
+
+    This file handles all incoming http requests to the client, using Flask
+'''
+'''
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+'''
+import base64, os, time
+import flask
+from gevent.pywsgi import WSGIServer
+from onionrutils import epoch
+import httpapi, filepaths, logger
+from . import register_private_blueprints
+from etc import waitforsetvar
+import serializeddata, config
+from .. import public
+class PrivateAPI:
+    '''
+        Client HTTP api
+    '''
+
+    callbacks = {'public' : {}, 'private' : {}}
+
+    def __init__(self):
+        '''
+            Initialize the api server, preping variables for later use
+
+            This initialization defines all of the API entry points and handlers for the endpoints and errors
+            This also saves the used host (random localhost IP address) to the data folder in host.txt
+        '''
+        self.config = config
+        self.startTime = epoch.get_epoch()
+        app = flask.Flask(__name__)
+        bindPort = int(config.get('client.client.port', 59496))
+        self.bindPort = bindPort
+
+        self.clientToken = config.get('client.webpassword')
+        self.timeBypassToken = base64.b16encode(os.urandom(32)).decode()
+
+        self.host = httpapi.apiutils.setbindip.set_bind_IP(filepaths.private_API_host_file)
+        logger.info('Running api on %s:%s' % (self.host, self.bindPort))
+        self.httpServer = ''
+
+        self.queueResponse = {}
+        self.get_block_data = httpapi.apiutils.GetBlockData(self)
+        register_private_blueprints.register_private_blueprints(self, app)
+        httpapi.load_plugin_blueprints(app)
+        self.app = app
+    
+    def start(self):
+        waitforsetvar.wait_for_set_var(self, "_too_many")
+        self.publicAPI = self._too_many.get(public.PublicAPI)
+        self.httpServer = WSGIServer((self.host, self.bindPort), self.app, log=None, handler_class=httpapi.fdsafehandler.FDSafeHandler)
+        self.httpServer.serve_forever()
+
+    def setPublicAPIInstance(self, inst):
+        self.publicAPI = inst
+
+    def validateToken(self, token):
+        '''
+            Validate that the client token matches the given token. Used to prevent CSRF and data exfiltration
+        '''
+        if not self.clientToken:
+            logger.error("client password needs to be set")
+            return False
+        try:
+            if not hmac.compare_digest(self.clientToken, token):
+                return False
+            else:
+                return True
+        except TypeError:
+            return False
+
+    def getUptime(self)->int:
+        while True:
+            try:
+                return epoch.get_epoch() - self.startTime
+            except (AttributeError, NameError):
+                # Don't error on race condition with startup
+                pass
+
+    def getBlockData(self, bHash, decrypt=False, raw=False, headerOnly=False):
+        return self.get_block_data.get_block_data(bHash, decrypt=decrypt, raw=raw, headerOnly=headerOnly)
--- a/src/apiservers/private/register_private_blueprints.py
+++ b/src/apiservers/private/register_private_blueprints.py
@ -0,0 +1,39 @@
+'''
+    Onionr - Private P2P Communication
+
+    This file registers blueprints for the private api server
+'''
+'''
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+'''
+import os
+from httpapi import security, friendsapi, profilesapi, configapi, insertblock, miscclientapi, onionrsitesapi, apiutils
+from httpapi import directconnections
+from httpapi import themeapi
+
+def register_private_blueprints(private_api, app):
+    app.register_blueprint(security.client.ClientAPISecurity(private_api).client_api_security_bp)
+    app.register_blueprint(friendsapi.friends)
+    app.register_blueprint(profilesapi.profile_BP)
+    app.register_blueprint(configapi.config_BP)
+    app.register_blueprint(insertblock.ib)
+    app.register_blueprint(miscclientapi.getblocks.client_get_blocks)
+    app.register_blueprint(miscclientapi.endpoints.PrivateEndpoints(private_api).private_endpoints_bp)
+    app.register_blueprint(miscclientapi.motd.bp)
+    app.register_blueprint(onionrsitesapi.site_api)
+    app.register_blueprint(apiutils.shutdown.shutdown_bp)
+    app.register_blueprint(miscclientapi.staticfiles.static_files_bp)
+    app.register_blueprint(directconnections.DirectConnectionManagement(private_api).direct_conn_management_bp)
+    app.register_blueprint(themeapi.theme_blueprint)
+    return app
--- a/src/apiservers/public/init.py
+++ b/src/apiservers/public/init.py
@ -0,0 +1,64 @@
+'''
+    Onionr - Private P2P Communication
+
+    This file handles all incoming http requests to the public api server, using Flask
+'''
+'''
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+'''
+import time
+import threading
+import flask
+from gevent.pywsgi import WSGIServer
+from httpapi import apiutils, security, fdsafehandler, miscpublicapi
+import logger, config, filepaths
+from utils import gettransports
+from etc import onionrvalues, waitforsetvar
+
+def _get_tor_adder(pub_api):
+    transports = []
+    while len(transports) == 0:
+        transports = gettransports.get()
+        time.sleep(0.3)
+    pub_api.torAdder = transports[0]
+
+class PublicAPI:
+    '''
+        The new client api server, isolated from the public api
+    '''
+    def __init__(self):
+        app = flask.Flask('PublicAPI')
+        app.config['MAX_CONTENT_LENGTH'] = 5 * 1024 * 1024
+        self.i2pEnabled = config.get('i2p.host', False)
+        self.hideBlocks = [] # Blocks to be denied sharing
+        self.host = apiutils.setbindip.set_bind_IP(filepaths.public_API_host_file)
+
+        threading.Thread(target=_get_tor_adder, args=[self], daemon=True).start()
+
+        self.torAdder = ""
+        self.bindPort = config.get('client.public.port')
+        self.lastRequest = 0
+        self.hitCount = 0 # total rec requests to public api since server started
+        self.config = config
+        self.API_VERSION = onionrvalues.API_VERSION
+        logger.info('Running public api on %s:%s' % (self.host, self.bindPort))
+
+        app.register_blueprint(security.public.PublicAPISecurity(self).public_api_security_bp)
+        app.register_blueprint(miscpublicapi.endpoints.PublicEndpoints(self).public_endpoints_bp)
+        self.app = app
+
+    def start(self):
+        waitforsetvar.wait_for_set_var(self, "_too_many")
+        self.httpServer = WSGIServer((self.host, self.bindPort), self.app, log=None, handler_class=fdsafehandler.FDSafeHandler)
+        self.httpServer.serve_forever()