diff --git a/daemon.py b/daemon.py index a051ed5ea..bbdac83ad 100644 --- a/daemon.py +++ b/daemon.py @@ -320,7 +320,7 @@ class PubServer(BaseHTTPRequestHandler): messageJson,self.server.debug) return True - def _updateInboxQueue(self,nickname: str,messageJson: {}) -> int: + def _updateInboxQueue(self,nickname: str,messageJson: {},postFromWebInterface: bool) -> int: """Update the inbox queue """ # Check if the queue is full @@ -341,6 +341,7 @@ class PubServer(BaseHTTPRequestHandler): self.headers['host'], self.headers['signature'], '/'+self.path.split('/')[-1], + postFromWebInterface, self.server.debug) if queueFilename: # add json to the queue @@ -396,7 +397,18 @@ class PubServer(BaseHTTPRequestHandler): if '/media/' not in self.path and \ '/sharefiles/' not in self.path and \ '/icons/' not in self.path: - if not authorized: + divertToLoginScreen=True + if self.path.startswith('/users/'): + if '/' not in self.path.split('/users/')[1]: + divertToLoginScreen=False + else: + if self.path.endswith('/following') or \ + self.path.endswith('/followers') or \ + self.path.endswith('/skills') or \ + self.path.endswith('/roles') or \ + self.path.endswith('/shares'): + divertToLoginScreen=False + if divertToLoginScreen and not authorized: self.send_response(303) self.send_header('Location', '/login') self.end_headers() @@ -1075,6 +1087,8 @@ class PubServer(BaseHTTPRequestHandler): fields={} filename=None for f in messageFields: + if f=='--': + continue if ' name="' in f: postStr=f.split(' name="',1)[1] if '"' in postStr: @@ -1096,19 +1110,19 @@ class PubServer(BaseHTTPRequestHandler): searchStr=b'Content-Type: image/png' imageLocation=postBytes.find(searchStr) filenameBase=self.server.baseDir+'/accounts/'+nickname+'@'+self.server.domain+'/upload' - if imageLocation: + if imageLocation>-1: filename=filenameBase+'.png' else: searchStr=b'Content-Type: image/jpeg' imageLocation=postBytes.find(searchStr) - if imageLocation: + if imageLocation>-1: filename=filenameBase+'.jpg' else: searchStr=b'Content-Type: image/gif' imageLocation=postBytes.find(searchStr) - if imageLocation: + if imageLocation>-1: filename=filenameBase+'.gif' - if filename and imageLocation: + if filename and imageLocation>-1: # locate the beginning of the image, after any # carriage returns startPos=imageLocation+len(searchStr) @@ -1144,9 +1158,8 @@ class PubServer(BaseHTTPRequestHandler): filename,fields['imageDescription'],True, \ fields['replyTo'], fields['replyTo'],fields['subject']) if messageJson: - queueStatus=self._updateInboxQueue(nickname,messageJson) - if queueStatus==0: - return True + self.postToNickname=nickname + return self._postToOutbox(messageJson) if postType=='newunlisted': messageJson= \ @@ -1158,9 +1171,8 @@ class PubServer(BaseHTTPRequestHandler): filename,fields['imageDescription'],True, \ fields['replyTo'], fields['replyTo'],fields['subject']) if messageJson: - queueStatus=self._updateInboxQueue(nickname,messageJson) - if queueStatus==0: - return True + self.postToNickname=nickname + return self._postToOutbox(messageJson) if postType=='newfollowers': messageJson= \ @@ -1172,9 +1184,8 @@ class PubServer(BaseHTTPRequestHandler): filename,fields['imageDescription'],True, \ fields['replyTo'], fields['replyTo'],fields['subject']) if messageJson: - queueStatus=self._updateInboxQueue(nickname,messageJson) - if queueStatus==0: - return True + self.postToNickname=nickname + return self._postToOutbox(messageJson) if postType=='newdm': messageJson= \ @@ -1184,11 +1195,10 @@ class PubServer(BaseHTTPRequestHandler): self.server.httpPrefix, \ fields['message'],True,False,False, \ filename,fields['imageDescription'],True, \ - fields['replyTo'], fields['replyTo'],fields['subject']) + fields['replyTo'],fields['replyTo'],fields['subject']) if messageJson: - queueStatus=self._updateInboxQueue(nickname,messageJson) - if queueStatus==0: - return True + self.postToNickname=nickname + return self._postToOutbox(messageJson) if postType=='newshare': if not fields.get('itemType'): @@ -1211,11 +1221,10 @@ class PubServer(BaseHTTPRequestHandler): fields['location'], \ fields['duration'], self.server.debug) - # TODO distribute shares to followers if os.path.isfile(filename): os.remove(filename) - return True - + self.postToNickname=nickname + return self._postToOutbox(messageJson) return False def do_POST(self): @@ -1493,7 +1502,7 @@ class PubServer(BaseHTTPRequestHandler): else: self.postToNickname=pathUsersSection.split('/')[0] if self.postToNickname: - queueStatus=self._updateInboxQueue(self.postToNickname,messageJson) + queueStatus=self._updateInboxQueue(self.postToNickname,messageJson,False) if queueStatus==0: self.send_response(200) self.end_headers() @@ -1511,7 +1520,7 @@ class PubServer(BaseHTTPRequestHandler): else: if self.path == '/sharedInbox' or self.path == '/inbox': print('DEBUG: POST to shared inbox') - queueStatus=_updateInboxQueue('inbox',messageJson) + queueStatus=_updateInboxQueue('inbox',messageJson,False) if queueStatus==0: self.send_response(200) self.end_headers() diff --git a/inbox.py b/inbox.py index 058cc896d..e51fc2855 100644 --- a/inbox.py +++ b/inbox.py @@ -157,7 +157,7 @@ def validPublishedDate(published) -> bool: return False return True -def savePostToInboxQueue(baseDir: str,httpPrefix: str,nickname: str, domain: str,postJsonObject: {},host: str,headers: str,postPath: str,debug: bool) -> str: +def savePostToInboxQueue(baseDir: str,httpPrefix: str,nickname: str, domain: str,postJsonObject: {},host: str,headers: str,postPath: str,postFromWebInterface: bool,debug: bool) -> str: """Saves the give json to the inbox queue for the person keyId specifies the actor sending the post """ @@ -221,7 +221,8 @@ def savePostToInboxQueue(baseDir: str,httpPrefix: str,nickname: str, domain: str 'path': postPath, 'post': postJsonObject, 'filename': filename, - 'destination': destination + 'destination': destination, + 'postFromWebInterface': postFromWebInterface } if debug: @@ -1048,6 +1049,8 @@ def runInboxQueue(baseDir: str,httpPrefix: str,sendThreads: [],postLog: [], \ pubKey=None keyId=None for tries in range(8): + if queueJson['postFromWebInterface']: + break keyId=None signatureParams=queueJson['headers'].split(',') for signatureItem in signatureParams: @@ -1071,30 +1074,31 @@ def runInboxQueue(baseDir: str,httpPrefix: str,sendThreads: [],postLog: [], \ print('DEBUG: Retry '+str(tries+1)+' obtaining public key for '+keyId) time.sleep(5) - if not pubKey: - if debug: - print('DEBUG: public key could not be obtained from '+keyId) - os.remove(queueFilename) - queue.pop(0) - continue + if not queueJson['postFromWebInterface']: + if not pubKey: + if debug: + print('DEBUG: public key could not be obtained from '+keyId) + os.remove(queueFilename) + queue.pop(0) + continue - # check the signature - verifyHeaders={ - 'host': queueJson['host'], - 'signature': queueJson['headers'] - } - if not verifyPostHeaders(httpPrefix, \ - pubKey, verifyHeaders, \ - queueJson['path'], False, \ - json.dumps(queueJson['post'])): - if debug: - print('DEBUG: Header signature check failed') - os.remove(queueFilename) - queue.pop(0) - continue + # check the signature + verifyHeaders={ + 'host': queueJson['host'], + 'signature': queueJson['headers'] + } + if not verifyPostHeaders(httpPrefix, \ + pubKey, verifyHeaders, \ + queueJson['path'], False, \ + json.dumps(queueJson['post'])): + if debug: + print('DEBUG: Header signature check failed') + os.remove(queueFilename) + queue.pop(0) + continue - if debug: - print('DEBUG: Signature check success') + if debug: + print('DEBUG: Signature check success') if receiveUndo(session, \ baseDir,httpPrefix,port, \ diff --git a/utils.py b/utils.py index c8a235ec8..a78a3d515 100644 --- a/utils.py +++ b/utils.py @@ -24,7 +24,7 @@ def getStatusNumber() -> (str,str): def createPersonDir(nickname: str,domain: str,baseDir: str,dirname: str) -> str: """Create a directory for a person """ - handle=nickname.lower()+'@'+domain.lower() + handle=nickname+'@'+domain if not os.path.isdir(baseDir+'/accounts/'+handle): os.mkdir(baseDir+'/accounts/'+handle) boxDir=baseDir+'/accounts/'+handle+'/'+dirname