indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Option to enforce json signature checks

merge-requests/8/head
Bob Mottram 2021-01-05 10:29:37 +00:00
parent b8a698d887
commit 2c2476f3c0
20 changed files with 96 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
daemon.py
View File

@ -4274,11 +4274,25 @@ class PubServer(BaseHTTPRequestHandler):
actorJson['summary'] = ''
actorChanged = True
# change moderators list
if fields.get('moderators'):
adminNickname = \
getConfigParam(baseDir, 'admin')
if adminNickname:
adminNickname = \
getConfigParam(baseDir, 'admin')
if adminNickname:
# whether to require jsonld signatures
# on all incoming posts
if path.startswith('/users/' +
adminNickname + '/'):
verifyAllSignatures = False
if fields.get('verifyallsignatures'):
if fields['verifyallsignatures'] == 'on':
verifyAllSignatures = True
self.server.verifyAllSignatures = \
verifyAllSignatures
setConfigParam(baseDir, "verifyAllSignatures",
verifyAllSignatures)
# change moderators list
if fields.get('moderators'):
if path.startswith('/users/' +
adminNickname + '/'):
moderatorsFile = \
@ -4334,11 +4348,8 @@ class PubServer(BaseHTTPRequestHandler):
'instance',
'moderator')
# change site editors list
if fields.get('editors'):
adminNickname = \
getConfigParam(baseDir, 'admin')
if adminNickname:
# change site editors list
if fields.get('editors'):
if path.startswith('/users/' +
adminNickname + '/'):
editorsFile = \
@ -13400,7 +13411,8 @@ def loadTokens(baseDir: str, tokensDict: {}, tokensLookup: {}) -> None:
break
def runDaemon(sendThreadsTimeoutMins: int,
def runDaemon(verifyAllSignatures: bool,
sendThreadsTimeoutMins: int,
dormantMonths: int,
maxNewswirePosts: int,
allowLocalNetworkAccess: bool,
@ -13480,6 +13492,9 @@ def runDaemon(sendThreadsTimeoutMins: int,
# maximum number of posts to appear in the newswire on the right column
httpd.maxNewswirePosts = maxNewswirePosts
# whether to require that all incoming posts have valid jsonld signatures
httpd.verifyAllSignatures = verifyAllSignatures
# This counter is used to update the list of blocked domains in memory.
# It helps to avoid touching the disk and so improves flooding resistance
httpd.blocklistUpdateCtr = 0
@ -13749,7 +13764,8 @@ def runDaemon(sendThreadsTimeoutMins: int,
httpd.showPublishedDateOnly,
httpd.maxFollowers,
httpd.allowLocalNetworkAccess,
httpd.peertubeInstances), daemon=True)
httpd.peertubeInstances,
verifyAllSignatures), daemon=True)
print('Creating scheduled post thread')
httpd.thrPostSchedule = \

14
epicyon.py
View File

@ -267,6 +267,12 @@ parser.add_argument("--allowLocalNetworkAccess",
help="Whether to allow access to local network " +
"addresses. This might be useful when deploying in " +
"a mesh network")
parser.add_argument("--verifyAllSignatures",
dest='verifyAllSignatures',
type=str2bool, nargs='?',
const=True, default=False,
help="Whether to require that all incoming " +
"posts have valid jsonld signatures")
parser.add_argument("--noapproval", type=str2bool, nargs='?',
const=True, default=False,
help="Allow followers without approval")
@ -2119,6 +2125,11 @@ allowLocalNetworkAccess = \
if allowLocalNetworkAccess is not None:
args.allowLocalNetworkAccess = bool(allowLocalNetworkAccess)
verifyAllSignatures = \
getConfigParam(baseDir, 'verifyAllSignatures')
if verifyAllSignatures is not None:
args.verifyAllSignatures = bool(verifyAllSignatures)
YTDomain = getConfigParam(baseDir, 'youtubedomain')
if YTDomain:
if '://' in YTDomain:
@ -2132,7 +2143,8 @@ if setTheme(baseDir, themeName, domain, args.allowLocalNetworkAccess):
print('Theme set to ' + themeName)
if __name__ == "__main__":
runDaemon(args.sendThreadsTimeoutMins,
runDaemon(args.verifyAllSignatures,
args.sendThreadsTimeoutMins,
args.dormantMonths,
args.maxNewswirePosts,
args.allowLocalNetworkAccess,

13
inbox.py
View File

@ -2447,7 +2447,8 @@ def runInboxQueue(recentPostsCache: {}, maxRecentPosts: int,
YTReplacementDomain: str,
showPublishedDateOnly: bool,
maxFollowers: int, allowLocalNetworkAccess: bool,
peertubeInstances: []) -> None:
peertubeInstances: [],
verifyAllSignatures: bool) -> None:
"""Processes received items and moves them to the appropriate
directories
"""
@ -2716,6 +2717,16 @@ def runInboxQueue(recentPostsCache: {}, maxRecentPosts: int,
if jwebsig.get('type') and jwebsig.get('signatureValue'):
if jwebsig['type'] == 'RsaSignature2017':
checkJsonSignature = True
if verifyAllSignatures and \
not checkJsonSignature:
print('inbox post does not have a jsonld signature ' + keyId)
if os.path.isfile(queueFilename):
os.remove(queueFilename)
if len(queue) > 0:
queue.pop(0)
continue
if checkJsonSignature:
# use the original json message received, not one which may have
# been modified along the way

12
tests.py
View File

@ -323,8 +323,10 @@ def createServerAlice(path: str, domain: str, port: int,
dormantMonths = 3
sendThreadsTimeoutMins = 30
maxFollowers = 10
verifyAllSignatures = True
print('Server running: Alice')
runDaemon(sendThreadsTimeoutMins,
runDaemon(verifyAllSignatures,
sendThreadsTimeoutMins,
dormantMonths, maxNewswirePosts,
allowLocalNetworkAccess,
2048, False, True, False, False, True, maxFollowers,
@ -420,8 +422,10 @@ def createServerBob(path: str, domain: str, port: int,
dormantMonths = 3
sendThreadsTimeoutMins = 30
maxFollowers = 10
verifyAllSignatures = True
print('Server running: Bob')
runDaemon(sendThreadsTimeoutMins,
runDaemon(verifyAllSignatures,
sendThreadsTimeoutMins,
dormantMonths, maxNewswirePosts,
allowLocalNetworkAccess,
2048, False, True, False, False, True, maxFollowers,
@ -467,8 +471,10 @@ def createServerEve(path: str, domain: str, port: int, federationList: [],
dormantMonths = 3
sendThreadsTimeoutMins = 30
maxFollowers = 10
verifyAllSignatures = True
print('Server running: Eve')
runDaemon(sendThreadsTimeoutMins,
runDaemon(verifyAllSignatures,
sendThreadsTimeoutMins,
dormantMonths, maxNewswirePosts,
allowLocalNetworkAccess,
2048, False, True, False, False, True, maxFollowers,

3
translations/ar.json
View File

@ -350,5 +350,6 @@
"Show Accounts": "إظهار الحسابات",
"Peertube Instances": "مثيلات Peertube",
"Show video previews for the following Peertube sites.": "إظهار معاينات الفيديو لمواقع Peertube التالية.",
"Follows you": "يتبعك"
"Follows you": "يتبعك",
"Verify all signatures": "تحقق من جميع التوقيعات"
}

3
translations/ca.json
View File

@ -350,5 +350,6 @@
"Show Accounts": "Mostra comptes",
"Peertube Instances": "Instàncies de Peertube",
"Show video previews for the following Peertube sites.": "Mostra les previsualitzacions de vídeo dels següents llocs de Peertube.",
"Follows you": "Et segueix"
"Follows you": "Et segueix",
"Verify all signatures": "Verifiqueu totes les signatures"
}

3
translations/cy.json
View File

@ -350,5 +350,6 @@
"Show Accounts": "Dangos Cyfrifon",
"Peertube Instances": "Camau Peertube",
"Show video previews for the following Peertube sites.": "Dangos rhagolygon fideo ar gyfer y safleoedd Peertube canlynol.",
"Follows you": "Yn eich dilyn chi"
"Follows you": "Yn eich dilyn chi",
"Verify all signatures": "Gwirio pob llofnod"
}

3
translations/de.json
View File

@ -350,5 +350,6 @@
"Show Accounts": "Konten anzeigen",
"Peertube Instances": "Peertube-Instanzen",
"Show video previews for the following Peertube sites.": "Zeigen Sie eine Videovorschau für die folgenden Peertube-Websites an.",
"Follows you": "Folgt dir"
"Follows you": "Folgt dir",
"Verify all signatures": "Überprüfen Sie alle Signaturen"
}

3
translations/en.json
View File

@ -350,5 +350,6 @@
"Show Accounts": "Show Accounts",
"Peertube Instances": "Peertube Instances",
"Show video previews for the following Peertube sites.": "Show video previews for the following Peertube sites.",
"Follows you": "Follows you"
"Follows you": "Follows you",
"Verify all signatures": "Verify all signatures"
}

3
translations/es.json
View File

@ -350,5 +350,6 @@
"Show Accounts": "Mostrar cuentas",
"Peertube Instances": "Instancias de Peertube",
"Show video previews for the following Peertube sites.": "Muestre vistas previas de video para los siguientes sitios de Peertube.",
"Follows you": "Te sigue"
"Follows you": "Te sigue",
"Verify all signatures": "Verificar todas las firmas"
}

3
translations/fr.json
View File

@ -350,5 +350,6 @@
"Show Accounts": "Afficher les comptes",
"Peertube Instances": "Instances Peertube",
"Show video previews for the following Peertube sites.": "Afficher des aperçus vidéo pour les sites Peertube suivants.",
"Follows you": "Vous suit"
"Follows you": "Vous suit",
"Verify all signatures": "Vérifier toutes les signatures"
}

3
translations/ga.json
View File

@ -350,5 +350,6 @@
"Show Accounts": "Taispeáin Cuntais",
"Peertube Instances": "Imeachtaí Peertube",
"Show video previews for the following Peertube sites.": "Taispeáin réamhamharcanna físe do na suíomhanna Peertube seo a leanas.",
"Follows you": "Leanann tú"
"Follows you": "Leanann tú",
"Verify all signatures": "Fíoraigh gach síniú"
}

3
translations/hi.json
View File

@ -350,5 +350,6 @@
"Show Accounts": "खाते दिखाएं",
"Peertube Instances": "Peertube उदाहरण",
"Show video previews for the following Peertube sites.": "निम्नलिखित Peertube साइटों के लिए वीडियो पूर्वावलोकन दिखाएं।",
"Follows you": "आपका पीछा करता है"
"Follows you": "आपका पीछा करता है",
"Verify all signatures": "सभी हस्ताक्षर सत्यापित करें"
}

3
translations/it.json
View File

@ -350,5 +350,6 @@
"Show Accounts": "Mostra account",
"Peertube Instances": "Istanze di Peertube",
"Show video previews for the following Peertube sites.": "Mostra le anteprime dei video per i seguenti siti Peertube.",
"Follows you": "Ti segue"
"Follows you": "Ti segue",
"Verify all signatures": "Verifica tutte le firme"
}

3
translations/ja.json
View File

@ -350,5 +350,6 @@
"Show Accounts": "アカウントを表示する",
"Peertube Instances": "Peertubeインスタンス",
"Show video previews for the following Peertube sites.": "次のPeertubeサイトのビデオプレビューを表示します。",
"Follows you": "あなたについていきます"
"Follows you": "あなたについていきます",
"Verify all signatures": "すべての署名を確認する"
}

3
translations/oc.json
View File

@ -346,5 +346,6 @@
"Show Accounts": "Show Accounts",
"Peertube Instances": "Peertube Instances",
"Show video previews for the following Peertube sites.": "Show video previews for the following Peertube sites.",
"Follows you": "Follows you"
"Follows you": "Follows you",
"Verify all signatures": "Verify all signatures"
}

3
translations/pt.json
View File

@ -350,5 +350,6 @@
"Show Accounts": "Mostrar contas",
"Peertube Instances": "Instâncias Peertube",
"Show video previews for the following Peertube sites.": "Mostrar visualizações de vídeo para os seguintes sites Peertube.",
"Follows you": "Segue você"
"Follows you": "Segue você",
"Verify all signatures": "Verifique todas as assinaturas"
}

3
translations/ru.json
View File

@ -350,5 +350,6 @@
"Show Accounts": "Показать счета",
"Peertube Instances": "Экземпляры Peertube",
"Show video previews for the following Peertube sites.": "Показать превью видео для следующих сайтов Peertube.",
"Follows you": "Следует за вами"
"Follows you": "Следует за вами",
"Verify all signatures": "Проверить все подписи"
}

3
translations/zh.json
View File

@ -350,5 +350,6 @@
"Show Accounts": "显示帐户",
"Peertube Instances": "Peertube实例",
"Show video previews for the following Peertube sites.": "显示以下Peertube网站的视频预览。",
"Follows you": "跟着你"
"Follows you": "跟着你",
"Verify all signatures": "验证所有签名"
}

4
webapp_profile.py
View File

@ -1106,6 +1106,10 @@ def htmlEditProfile(cssCache: {}, translate: {}, baseDir: str, path: str,
instanceStr += \
' <input type="file" id="instanceLogo" name="instanceLogo"'
instanceStr += ' accept="' + imageFormats + '">'
instanceStr += \
' <input type="checkbox" class="profilecheckbox" ' + \
'name="verifyallsignatures"> ' + \
translate['Verify all signatures'] + '<br>\n'
instanceStr += '</div>'
moderators = ''