indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Revert "Tidying" 

This reverts commit 3a33110166.
merge-requests/30/head
Bob Mottram 2024-02-01 10:26:54 +00:00
parent 3a33110166
commit 06995af606
1 changed files with 39 additions and 278 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

317
daemon.py
View File

@ -698,46 +698,33 @@ class PubServer(BaseHTTPRequestHandler):
return None return None
def _secure_mode(self, curr_session, proxy_type: str, def _secure_mode(self, curr_session, proxy_type: str,
force: bool, secure_mode: bool, force: bool) -> bool:
debug: bool, headers: {},
federation_list: [],
onion_domain: str,
i2p_domain: str,
session_onion, session_i2p,
base_dir: str,
person_cache: {},
project_version: str,
http_prefix: str,
domain: str,
domain_full: str,
signing_priv_key_pem: str,
path: str) -> bool:
"""http authentication of GET requests for json """http authentication of GET requests for json
aka authorized fetch aka authorized fetch
""" """
if not secure_mode and not force: if not self.server.secure_mode and not force:
return True return True
key_id = signed_get_key_id(headers, debug) key_id = signed_get_key_id(self.headers, self.server.debug)
if not key_id: if not key_id:
if debug: if self.server.debug:
print('AUTH: secure mode, ' + print('AUTH: secure mode, ' +
'failed to obtain key_id from signature') 'failed to obtain key_id from signature')
return False return False
# is the key_id (actor) valid? # is the key_id (actor) valid?
if not url_permitted(key_id, federation_list): if not url_permitted(key_id, self.server.federation_list):
if debug: if self.server.debug:
print('AUTH: Secure mode GET request not permitted: ' + key_id) print('AUTH: Secure mode GET request not permitted: ' + key_id)
return False return False
if onion_domain: if self.server.onion_domain:
if '.onion/' in key_id: if '.onion/' in key_id:
curr_session = session_onion curr_session = self.server.session_onion
proxy_type = 'tor' proxy_type = 'tor'
if i2p_domain: if self.server.i2p_domain:
if '.i2p/' in key_id: if '.i2p/' in key_id:
curr_session = session_i2p curr_session = self.server.session_i2p
proxy_type = 'i2p' proxy_type = 'i2p'
curr_session = \ curr_session = \
@ -748,37 +735,37 @@ class PubServer(BaseHTTPRequestHandler):
# obtain the public key. key_id is the actor # obtain the public key. key_id is the actor
pub_key = \ pub_key = \
get_person_pub_key(base_dir, get_person_pub_key(self.server.base_dir,
curr_session, key_id, curr_session, key_id,
person_cache, debug, self.server.person_cache, self.server.debug,
project_version, self.server.project_version,
http_prefix, self.server.http_prefix,
domain, self.server.domain,
onion_domain, self.server.onion_domain,
i2p_domain, self.server.i2p_domain,
signing_priv_key_pem) self.server.signing_priv_key_pem)
if not pub_key: if not pub_key:
if debug: if self.server.debug:
print('AUTH: secure mode failed to ' + print('AUTH: secure mode failed to ' +
'obtain public key for ' + key_id) 'obtain public key for ' + key_id)
return False return False
# was an error http code returned? # was an error http code returned?
if isinstance(pub_key, dict): if isinstance(pub_key, dict):
if debug: if self.server.debug:
print('AUTH: failed to ' + print('AUTH: failed to ' +
'obtain public key for ' + key_id + 'obtain public key for ' + key_id +
' ' + str(pub_key)) ' ' + str(pub_key))
return False return False
# verify the GET request without any digest # verify the GET request without any digest
if verify_post_headers(http_prefix, if verify_post_headers(self.server.http_prefix,
domain_full, self.server.domain_full,
pub_key, headers, pub_key, self.headers,
path, True, None, '', debug): self.path, True, None, '', self.server.debug):
return True return True
if debug: if self.server.debug:
print('AUTH: secure mode authorization failed for ' + key_id) print('AUTH: secure mode authorization failed for ' + key_id)
return False return False
@ -12460,23 +12447,7 @@ class PubServer(BaseHTTPRequestHandler):
'_GET', '_show_replies_to_post', '_GET', '_show_replies_to_post',
debug) debug)
else: else:
if self._secure_mode(curr_session, proxy_type, False, if self._secure_mode(curr_session, proxy_type, False):
self.server.secure_mode,
self.server.debug,
self.server.headers,
self.server.federation_list,
self.server.onion_domain,
self.server.i2p_domain,
self.server.session_onion,
self.server.session_i2p,
self.server.base_dir,
self.server.person_cache,
self.server.project_version,
self.server.http_prefix,
self.server.domain,
self.server.domain_full,
self.server.signing_priv_key_pem,
self.path):
msg_str = json.dumps(replies_json, ensure_ascii=False) msg_str = json.dumps(replies_json, ensure_ascii=False)
msg_str = convert_domains(calling_domain, msg_str = convert_domains(calling_domain,
referer_domain, referer_domain,
@ -12595,23 +12566,7 @@ class PubServer(BaseHTTPRequestHandler):
'_GET', '_show_replies_to_post', '_GET', '_show_replies_to_post',
debug) debug)
else: else:
if self._secure_mode(curr_session, proxy_type, False, if self._secure_mode(curr_session, proxy_type, False):
self.server.secure_mode,
self.server.debug,
self.server.headers,
self.server.federation_list,
self.server.onion_domain,
self.server.i2p_domain,
self.server.session_onion,
self.server.session_i2p,
self.server.base_dir,
self.server.person_cache,
self.server.project_version,
self.server.http_prefix,
self.server.domain,
self.server.domain_full,
self.server.signing_priv_key_pem,
self.path):
msg_str = json.dumps(replies_json, ensure_ascii=False) msg_str = json.dumps(replies_json, ensure_ascii=False)
msg_str = convert_domains(calling_domain, msg_str = convert_domains(calling_domain,
referer_domain, referer_domain,
@ -12738,23 +12693,7 @@ class PubServer(BaseHTTPRequestHandler):
fitness_performance(getreq_start_time, self.server.fitness, fitness_performance(getreq_start_time, self.server.fitness,
'_GET', '_show_roles', debug) '_GET', '_show_roles', debug)
else: else:
if self._secure_mode(curr_session, proxy_type, False, if self._secure_mode(curr_session, proxy_type, False):
self.server.secure_mode,
self.server.debug,
self.server.headers,
self.server.federation_list,
self.server.onion_domain,
self.server.i2p_domain,
self.server.session_onion,
self.server.session_i2p,
self.server.base_dir,
self.server.person_cache,
self.server.project_version,
self.server.http_prefix,
self.server.domain,
self.server.domain_full,
self.server.signing_priv_key_pem,
self.path):
roles_list = get_actor_roles_list(actor_json) roles_list = get_actor_roles_list(actor_json)
msg_str = json.dumps(roles_list, ensure_ascii=False) msg_str = json.dumps(roles_list, ensure_ascii=False)
msg_str = convert_domains(calling_domain, msg_str = convert_domains(calling_domain,
@ -12894,26 +12833,8 @@ class PubServer(BaseHTTPRequestHandler):
'_GET', '_show_skills', '_GET', '_show_skills',
self.server.debug) self.server.debug)
else: else:
signing_priv_key_pem = \
self.server.signing_priv_key_pem
if self._secure_mode(curr_session, if self._secure_mode(curr_session,
proxy_type, False, proxy_type, False):
self.server.secure_mode,
self.server.debug,
self.server.headers,
self.server.federation_list,
self.server.onion_domain,
self.server.i2p_domain,
self.server.session_onion,
self.server.session_i2p,
self.server.base_dir,
self.server.person_cache,
self.server.project_version,
self.server.http_prefix,
self.server.domain,
self.server.domain_full,
signing_priv_key_pem,
self.path):
actor_skills_list = \ actor_skills_list = \
get_occupation_skills(actor_json) get_occupation_skills(actor_json)
skills = \ skills = \
@ -13360,23 +13281,7 @@ class PubServer(BaseHTTPRequestHandler):
'_GET', '_show_post_from_file', '_GET', '_show_post_from_file',
debug) debug)
else: else:
if self._secure_mode(curr_session, proxy_type, False, if self._secure_mode(curr_session, proxy_type, False):
self.server.secure_mode,
self.server.debug,
self.server.headers,
self.server.federation_list,
self.server.onion_domain,
self.server.i2p_domain,
self.server.session_onion,
self.server.session_i2p,
self.server.base_dir,
self.server.person_cache,
self.server.project_version,
self.server.http_prefix,
self.server.domain,
self.server.domain_full,
self.server.signing_priv_key_pem,
self.path):
if not include_create_wrapper and \ if not include_create_wrapper and \
post_json_object['type'] == 'Create' and \ post_json_object['type'] == 'Create' and \
has_object_dict(post_json_object): has_object_dict(post_json_object):
@ -15349,23 +15254,7 @@ class PubServer(BaseHTTPRequestHandler):
'_GET', '_show_outbox_timeline', '_GET', '_show_outbox_timeline',
debug) debug)
else: else:
if self._secure_mode(curr_session, proxy_type, False, if self._secure_mode(curr_session, proxy_type, False):
self.server.secure_mode,
self.server.debug,
self.server.headers,
self.server.federation_list,
self.server.onion_domain,
self.server.i2p_domain,
self.server.session_onion,
self.server.session_i2p,
self.server.base_dir,
self.server.person_cache,
self.server.project_version,
self.server.http_prefix,
self.server.domain,
self.server.domain_full,
self.server.signing_priv_key_pem,
self.path):
onion_domain = self.server.onion_domain onion_domain = self.server.onion_domain
i2p_domain = self.server.i2p_domain i2p_domain = self.server.i2p_domain
msg_str = json.dumps(outbox_feed, msg_str = json.dumps(outbox_feed,
@ -15686,23 +15575,7 @@ class PubServer(BaseHTTPRequestHandler):
self.server.getreq_busy = False self.server.getreq_busy = False
return True return True
else: else:
if self._secure_mode(curr_session, proxy_type, False, if self._secure_mode(curr_session, proxy_type, False):
self.server.secure_mode,
self.server.debug,
self.server.headers,
self.server.federation_list,
self.server.onion_domain,
self.server.i2p_domain,
self.server.session_onion,
self.server.session_i2p,
self.server.base_dir,
self.server.person_cache,
self.server.project_version,
self.server.http_prefix,
self.server.domain,
self.server.domain_full,
self.server.signing_priv_key_pem,
self.path):
onion_domain = self.server.onion_domain onion_domain = self.server.onion_domain
i2p_domain = self.server.i2p_domain i2p_domain = self.server.i2p_domain
msg_str = json.dumps(shares, msg_str = json.dumps(shares,
@ -15860,23 +15733,7 @@ class PubServer(BaseHTTPRequestHandler):
debug) debug)
return True return True
else: else:
if self._secure_mode(curr_session, proxy_type, False, if self._secure_mode(curr_session, proxy_type, False):
self.server.secure_mode,
self.server.debug,
self.server.headers,
self.server.federation_list,
self.server.onion_domain,
self.server.i2p_domain,
self.server.session_onion,
self.server.session_i2p,
self.server.base_dir,
self.server.person_cache,
self.server.project_version,
self.server.http_prefix,
self.server.domain,
self.server.domain_full,
self.server.signing_priv_key_pem,
self.path):
if '/users/' in path: if '/users/' in path:
nickname = path.split('/users/')[1] nickname = path.split('/users/')[1]
if '/' in nickname: if '/' in nickname:
@ -16033,23 +15890,7 @@ class PubServer(BaseHTTPRequestHandler):
debug) debug)
return True return True
else: else:
if self._secure_mode(curr_session, proxy_type, False, if self._secure_mode(curr_session, proxy_type, False):
self.server.secure_mode,
self.server.debug,
self.server.headers,
self.server.federation_list,
self.server.onion_domain,
self.server.i2p_domain,
self.server.session_onion,
self.server.session_i2p,
self.server.base_dir,
self.server.person_cache,
self.server.project_version,
self.server.http_prefix,
self.server.domain,
self.server.domain_full,
self.server.signing_priv_key_pem,
self.path):
msg_str = json.dumps(following, msg_str = json.dumps(following,
ensure_ascii=False) ensure_ascii=False)
msg_str = convert_domains(calling_domain, msg_str = convert_domains(calling_domain,
@ -16204,23 +16045,7 @@ class PubServer(BaseHTTPRequestHandler):
debug) debug)
return True return True
else: else:
if self._secure_mode(curr_session, proxy_type, False, if self._secure_mode(curr_session, proxy_type, False):
self.server.secure_mode,
self.server.debug,
self.server.headers,
self.server.federation_list,
self.server.onion_domain,
self.server.i2p_domain,
self.server.session_onion,
self.server.session_i2p,
self.server.base_dir,
self.server.person_cache,
self.server.project_version,
self.server.http_prefix,
self.server.domain,
self.server.domain_full,
self.server.signing_priv_key_pem,
self.path):
msg_str = json.dumps(following, msg_str = json.dumps(following,
ensure_ascii=False) ensure_ascii=False)
msg_str = convert_domains(calling_domain, msg_str = convert_domains(calling_domain,
@ -16377,23 +16202,7 @@ class PubServer(BaseHTTPRequestHandler):
debug) debug)
return True return True
else: else:
if self._secure_mode(curr_session, proxy_type, False, if self._secure_mode(curr_session, proxy_type, False):
self.server.secure_mode,
self.server.debug,
self.server.headers,
self.server.federation_list,
self.server.onion_domain,
self.server.i2p_domain,
self.server.session_onion,
self.server.session_i2p,
self.server.base_dir,
self.server.person_cache,
self.server.project_version,
self.server.http_prefix,
self.server.domain,
self.server.domain_full,
self.server.signing_priv_key_pem,
self.path):
if '/users/' in path: if '/users/' in path:
nickname = path.split('/users/')[1] nickname = path.split('/users/')[1]
if '/' in nickname: if '/' in nickname:
@ -16588,23 +16397,7 @@ class PubServer(BaseHTTPRequestHandler):
if self.server.debug: if self.server.debug:
print('DEBUG: html actor sent') print('DEBUG: html actor sent')
else: else:
if self._secure_mode(curr_session, proxy_type, False, if self._secure_mode(curr_session, proxy_type, False):
self.server.secure_mode,
self.server.debug,
self.server.headers,
self.server.federation_list,
self.server.onion_domain,
self.server.i2p_domain,
self.server.session_onion,
self.server.session_i2p,
self.server.base_dir,
self.server.person_cache,
self.server.project_version,
self.server.http_prefix,
self.server.domain,
self.server.domain_full,
self.server.signing_priv_key_pem,
self.path):
accept_str = self.headers['Accept'] accept_str = self.headers['Accept']
msg_str = json.dumps(actor_json, ensure_ascii=False) msg_str = json.dumps(actor_json, ensure_ascii=False)
msg_str = convert_domains(calling_domain, msg_str = convert_domains(calling_domain,
@ -17853,23 +17646,7 @@ class PubServer(BaseHTTPRequestHandler):
print('DEBUG: followers synchronization request ' + print('DEBUG: followers synchronization request ' +
self.path + ' ' + calling_domain) self.path + ' ' + calling_domain)
# check authorized fetch # check authorized fetch
if self._secure_mode(curr_session, proxy_type, False, if self._secure_mode(curr_session, proxy_type, False):
self.server.secure_mode,
self.server.debug,
self.server.headers,
self.server.federation_list,
self.server.onion_domain,
self.server.i2p_domain,
self.server.session_onion,
self.server.session_i2p,
self.server.base_dir,
self.server.person_cache,
self.server.project_version,
self.server.http_prefix,
self.server.domain,
self.server.domain_full,
self.server.signing_priv_key_pem,
self.path):
nickname = get_nickname_from_actor(self.path) nickname = get_nickname_from_actor(self.path)
sync_cache = self.server.followers_sync_cache sync_cache = self.server.followers_sync_cache
sync_json, _ = \ sync_json, _ = \
@ -21777,23 +21554,7 @@ class PubServer(BaseHTTPRequestHandler):
return return
if not self._secure_mode(curr_session, if not self._secure_mode(curr_session,
proxy_type, False, proxy_type, False):
self.server.secure_mode,
self.server.debug,
self.server.headers,
self.server.federation_list,
self.server.onion_domain,
self.server.i2p_domain,
self.server.session_onion,
self.server.session_i2p,
self.server.base_dir,
self.server.person_cache,
self.server.project_version,
self.server.http_prefix,
self.server.domain,
self.server.domain_full,
self.server.signing_priv_key_pem,
self.path):
if self.server.debug: if self.server.debug:
print('WARN: Unauthorized GET') print('WARN: Unauthorized GET')
self._404() self._404()