mj-saunders
/
epicyon
forked from indymedia/epicyon
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Retain the authorized header

master
Bob Mottram 2019-07-25 12:18:35 +01:00
parent ca547e7d62
commit 80b644c01f
1 changed files with 69 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
daemon.py
View File

@ -91,10 +91,12 @@ class PubServer(BaseHTTPRequestHandler):
self.send_header('WWW-Authenticate', 'title="Login to Epicyon", Basic realm="epicyon"') self.send_header('WWW-Authenticate', 'title="Login to Epicyon", Basic realm="epicyon"')
self.end_headers() self.end_headers()
def _set_headers(self,fileFormat: str) -> None: def _set_headers(self,fileFormat: str,authHeader: str) -> None:
self.send_response(200) self.send_response(200)
self.send_header('Content-type', fileFormat) self.send_header('Content-type', fileFormat)
self.send_header('Host', self.server.domainFull) self.send_header('Host', self.server.domainFull)
if authHeader:
self.send_header('Authorization', authHeader)
self.end_headers() self.end_headers()
def _404(self) -> None: def _404(self) -> None:
@ -103,7 +105,7 @@ class PubServer(BaseHTTPRequestHandler):
self.end_headers() self.end_headers()
self.wfile.write("<html><head></head><body><h1>404 Not Found</h1></body></html>".encode('utf-8')) self.wfile.write("<html><head></head><body><h1>404 Not Found</h1></body></html>".encode('utf-8'))
def _webfinger(self) -> bool: def _webfinger(self,authHeader: str) -> bool:
if not self.path.startswith('/.well-known'): if not self.path.startswith('/.well-known'):
return False return False
if self.server.debug: if self.server.debug:
@ -114,7 +116,7 @@ class PubServer(BaseHTTPRequestHandler):
if self.path.startswith('/.well-known/host-meta'): if self.path.startswith('/.well-known/host-meta'):
wfResult=webfingerMeta() wfResult=webfingerMeta()
if wfResult: if wfResult:
self._set_headers('application/xrd+xml') self._set_headers('application/xrd+xml',authHeader)
self.wfile.write(wfResult.encode('utf-8')) self.wfile.write(wfResult.encode('utf-8'))
return return
@ -122,7 +124,7 @@ class PubServer(BaseHTTPRequestHandler):
print('DEBUG: WEBFINGER lookup '+self.path+' '+str(self.server.baseDir)) print('DEBUG: WEBFINGER lookup '+self.path+' '+str(self.server.baseDir))
wfResult=webfingerLookup(self.path,self.server.baseDir,self.server.port,self.server.debug) wfResult=webfingerLookup(self.path,self.server.baseDir,self.server.port,self.server.debug)
if wfResult: if wfResult:
self._set_headers('application/jrd+json') self._set_headers('application/jrd+json',authHeader)
self.wfile.write(json.dumps(wfResult).encode('utf-8')) self.wfile.write(json.dumps(wfResult).encode('utf-8'))
else: else:
if self.server.debug: if self.server.debug:
@ -353,13 +355,25 @@ class PubServer(BaseHTTPRequestHandler):
print('DEBUG: GET from '+self.server.baseDir+ \ print('DEBUG: GET from '+self.server.baseDir+ \
' path: '+self.path+' busy: '+ \ ' path: '+self.path+' busy: '+ \
str(self.server.GETbusy)) str(self.server.GETbusy))
# get the auth header as a local variable
authHeader=None
authorized = self._isAuthorized()
if authorized:
authHeader=self.headers['Authorization']
if self.server.debug:
print('Authorized')
else:
if self.server.debug:
print('Not authorized')
# get css # get css
# Note that this comes before the busy flag to avoid conflicts # Note that this comes before the busy flag to avoid conflicts
if self.path.endswith('.css'): if self.path.endswith('.css'):
if os.path.isfile('epicyon-profile.css'): if os.path.isfile('epicyon-profile.css'):
with open('epicyon-profile.css', 'r') as cssfile: with open('epicyon-profile.css', 'r') as cssfile:
css = cssfile.read() css = cssfile.read()
self._set_headers('text/css') self._set_headers('text/css',authHeader)
self.wfile.write(css.encode('utf-8')) self.wfile.write(css.encode('utf-8'))
return return
# image on login screen # image on login screen
@ -367,7 +381,7 @@ class PubServer(BaseHTTPRequestHandler):
mediaFilename= \ mediaFilename= \
self.server.baseDir+'/accounts/login.png' self.server.baseDir+'/accounts/login.png'
if os.path.isfile(mediaFilename): if os.path.isfile(mediaFilename):
self._set_headers('image/png') self._set_headers('image/png',authHeader)
with open(mediaFilename, 'rb') as avFile: with open(mediaFilename, 'rb') as avFile:
mediaBinary = avFile.read() mediaBinary = avFile.read()
self.wfile.write(mediaBinary) self.wfile.write(mediaBinary)
@ -383,11 +397,11 @@ class PubServer(BaseHTTPRequestHandler):
self.server.baseDir+'/media/'+mediaStr self.server.baseDir+'/media/'+mediaStr
if os.path.isfile(mediaFilename): if os.path.isfile(mediaFilename):
if mediaFilename.endswith('.png'): if mediaFilename.endswith('.png'):
self._set_headers('image/png') self._set_headers('image/png',authHeader)
elif mediaFilename.endswith('.jpg'): elif mediaFilename.endswith('.jpg'):
self._set_headers('image/jpeg') self._set_headers('image/jpeg',authHeader)
else: else:
self._set_headers('image/gif') self._set_headers('image/gif',authHeader)
with open(mediaFilename, 'rb') as avFile: with open(mediaFilename, 'rb') as avFile:
mediaBinary = avFile.read() mediaBinary = avFile.read()
self.wfile.write(mediaBinary) self.wfile.write(mediaBinary)
@ -405,11 +419,11 @@ class PubServer(BaseHTTPRequestHandler):
self.server.baseDir+'/sharefiles/'+mediaStr self.server.baseDir+'/sharefiles/'+mediaStr
if os.path.isfile(mediaFilename): if os.path.isfile(mediaFilename):
if mediaFilename.endswith('.png'): if mediaFilename.endswith('.png'):
self._set_headers('image/png') self._set_headers('image/png',authHeader)
elif mediaFilename.endswith('.jpg'): elif mediaFilename.endswith('.jpg'):
self._set_headers('image/jpeg') self._set_headers('image/jpeg',authHeader)
else: else:
self._set_headers('image/gif') self._set_headers('image/gif',authHeader)
with open(mediaFilename, 'rb') as avFile: with open(mediaFilename, 'rb') as avFile:
mediaBinary = avFile.read() mediaBinary = avFile.read()
self.wfile.write(mediaBinary) self.wfile.write(mediaBinary)
@ -432,11 +446,11 @@ class PubServer(BaseHTTPRequestHandler):
self.server.domain+'/'+avatarFile self.server.domain+'/'+avatarFile
if os.path.isfile(avatarFilename): if os.path.isfile(avatarFilename):
if avatarFile.endswith('.png'): if avatarFile.endswith('.png'):
self._set_headers('image/png') self._set_headers('image/png',authHeader)
elif avatarFile.endswith('.jpg'): elif avatarFile.endswith('.jpg'):
self._set_headers('image/jpeg') self._set_headers('image/jpeg',authHeader)
else: else:
self._set_headers('image/gif') self._set_headers('image/gif',authHeader)
with open(avatarFilename, 'rb') as avFile: with open(avatarFilename, 'rb') as avFile:
avBinary = avFile.read() avBinary = avFile.read()
self.wfile.write(avBinary) self.wfile.write(avBinary)
@ -451,6 +465,8 @@ class PubServer(BaseHTTPRequestHandler):
if self.server.debug: if self.server.debug:
print('DEBUG: GET Busy') print('DEBUG: GET Busy')
self.send_response(429) self.send_response(429)
if authorized:
self.send_header('Authorization', authHeader)
self.end_headers() self.end_headers()
return return
self.server.lastGET=currTimeGET self.server.lastGET=currTimeGET
@ -463,7 +479,7 @@ class PubServer(BaseHTTPRequestHandler):
self.server.GETbusy=False self.server.GETbusy=False
return return
# get webfinger endpoint for a person # get webfinger endpoint for a person
if self._webfinger(): if self._webfinger(authHeader):
self.server.GETbusy=False self.server.GETbusy=False
return return
@ -498,14 +514,18 @@ class PubServer(BaseHTTPRequestHandler):
postJsonObject=commentjson.load(fp) postJsonObject=commentjson.load(fp)
# Only authorized viewers get to see likes on posts # Only authorized viewers get to see likes on posts
# Otherwize marketers could gain more social graph info # Otherwize marketers could gain more social graph info
if not self._isAuthorized(): if not authorized:
if postJsonObject.get('likes'): if postJsonObject.get('likes'):
postJsonObject['likes']={} postJsonObject['likes']={}
if 'text/html' in self.headers['Accept']: if 'text/html' in self.headers['Accept']:
self._set_headers('text/html') self._set_headers('text/html',authHeader)
if authorized:
self.send_header('Authorization', authHeader)
self.wfile.write(htmlIndividualPost(postJsonObject).encode('utf-8')) self.wfile.write(htmlIndividualPost(postJsonObject).encode('utf-8'))
else: else:
self._set_headers('application/json') self._set_headers('application/json',authHeader)
if authorized:
self.send_header('Authorization', authHeader)
self.wfile.write(json.dumps(postJsonObject).encode('utf-8')) self.wfile.write(json.dumps(postJsonObject).encode('utf-8'))
self.server.GETbusy=False self.server.GETbusy=False
return return
@ -543,10 +563,10 @@ class PubServer(BaseHTTPRequestHandler):
'totalItems': 0, 'totalItems': 0,
'type': 'OrderedCollection'} 'type': 'OrderedCollection'}
if 'text/html' in self.headers['Accept']: if 'text/html' in self.headers['Accept']:
self._set_headers('text/html') self._set_headers('text/html',authHeader)
self.wfile.write(htmlPostReplies(repliesJson).encode('utf-8')) self.wfile.write(htmlPostReplies(repliesJson).encode('utf-8'))
else: else:
self._set_headers('application/json') self._set_headers('application/json',authHeader)
self.wfile.write(json.dumps(repliesJson).encode('utf-8')) self.wfile.write(json.dumps(repliesJson).encode('utf-8'))
self.server.GETbusy=False self.server.GETbusy=False
return return
@ -559,8 +579,7 @@ class PubServer(BaseHTTPRequestHandler):
], ],
'partOf': self.server.httpPrefix+'://'+domainFull+'/users/'+nickname+'/statuses/'+statusNumber, 'partOf': self.server.httpPrefix+'://'+domainFull+'/users/'+nickname+'/statuses/'+statusNumber,
'type': 'OrderedCollectionPage'} 'type': 'OrderedCollectionPage'}
# some messages could be private, so check authorization state
authorized=self._isAuthorized()
# populate the items list with replies # populate the items list with replies
repliesBoxes=['outbox','inbox'] repliesBoxes=['outbox','inbox']
with open(postRepliesFilename,'r') as repliesFile: with open(postRepliesFilename,'r') as repliesFile:
@ -615,10 +634,10 @@ class PubServer(BaseHTTPRequestHandler):
repliesJson['orderedItems'].append(postJsonObject) repliesJson['orderedItems'].append(postJsonObject)
# send the replies json # send the replies json
if 'text/html' in self.headers['Accept']: if 'text/html' in self.headers['Accept']:
self._set_headers('text/html') self._set_headers('text/html',authHeader)
self.wfile.write(htmlPostReplies(repliesJson).encode('utf-8')) self.wfile.write(htmlPostReplies(repliesJson).encode('utf-8'))
else: else:
self._set_headers('application/json') self._set_headers('application/json',authHeader)
self.wfile.write(json.dumps(repliesJson).encode('utf-8')) self.wfile.write(json.dumps(repliesJson).encode('utf-8'))
self.server.GETbusy=False self.server.GETbusy=False
return return
@ -638,7 +657,7 @@ class PubServer(BaseHTTPRequestHandler):
personLookup(self.server.domain,self.path.replace('/roles',''), \ personLookup(self.server.domain,self.path.replace('/roles',''), \
self.server.baseDir) self.server.baseDir)
if getPerson: if getPerson:
self._set_headers('text/html') self._set_headers('text/html',authHeader)
self.wfile.write(htmlProfile(self.server.baseDir, \ self.wfile.write(htmlProfile(self.server.baseDir, \
self.server.httpPrefix, \ self.server.httpPrefix, \
True, \ True, \
@ -649,7 +668,7 @@ class PubServer(BaseHTTPRequestHandler):
self.server.personCache, \ self.server.personCache, \
actorJson['roles']).encode('utf-8')) actorJson['roles']).encode('utf-8'))
else: else:
self._set_headers('application/json') self._set_headers('application/json',authHeader)
self.wfile.write(json.dumps(actorJson['roles']).encode('utf-8')) self.wfile.write(json.dumps(actorJson['roles']).encode('utf-8'))
self.server.GETbusy=False self.server.GETbusy=False
return return
@ -669,7 +688,7 @@ class PubServer(BaseHTTPRequestHandler):
personLookup(self.server.domain,self.path.replace('/skills',''), \ personLookup(self.server.domain,self.path.replace('/skills',''), \
self.server.baseDir) self.server.baseDir)
if getPerson: if getPerson:
self._set_headers('text/html') self._set_headers('text/html',authHeader)
self.wfile.write(htmlProfile(self.server.baseDir, \ self.wfile.write(htmlProfile(self.server.baseDir, \
self.server.httpPrefix, \ self.server.httpPrefix, \
True, \ True, \
@ -680,7 +699,7 @@ class PubServer(BaseHTTPRequestHandler):
self.server.personCache, \ self.server.personCache, \
actorJson['skills']).encode('utf-8')) actorJson['skills']).encode('utf-8'))
else: else:
self._set_headers('application/json') self._set_headers('application/json',authHeader)
self.wfile.write(json.dumps(actorJson['skills']).encode('utf-8')) self.wfile.write(json.dumps(actorJson['skills']).encode('utf-8'))
self.server.GETbusy=False self.server.GETbusy=False
return return
@ -706,14 +725,14 @@ class PubServer(BaseHTTPRequestHandler):
postJsonObject=commentjson.load(fp) postJsonObject=commentjson.load(fp)
# Only authorized viewers get to see likes on posts # Only authorized viewers get to see likes on posts
# Otherwize marketers could gain more social graph info # Otherwize marketers could gain more social graph info
if not self._isAuthorized(): if not authorized:
if postJsonObject.get('likes'): if postJsonObject.get('likes'):
postJsonObject['likes']={} postJsonObject['likes']={}
if 'text/html' in self.headers['Accept']: if 'text/html' in self.headers['Accept']:
self._set_headers('text/html') self._set_headers('text/html',authHeader)
self.wfile.write(htmlIndividualPost(postJsonObject).encode('utf-8')) self.wfile.write(htmlIndividualPost(postJsonObject).encode('utf-8'))
else: else:
self._set_headers('application/json') self._set_headers('application/json',authHeader)
self.wfile.write(json.dumps(postJsonObject).encode('utf-8')) self.wfile.write(json.dumps(postJsonObject).encode('utf-8'))
self.server.GETbusy=False self.server.GETbusy=False
return return
@ -724,7 +743,7 @@ class PubServer(BaseHTTPRequestHandler):
# get the inbox for a given person # get the inbox for a given person
if self.path.endswith('/inbox'): if self.path.endswith('/inbox'):
if '/users/' in self.path: if '/users/' in self.path:
if self._isAuthorized(): if authorized:
inboxFeed=personBoxJson(self.server.baseDir, \ inboxFeed=personBoxJson(self.server.baseDir, \
self.server.domain, \ self.server.domain, \
self.server.port, \ self.server.port, \
@ -746,7 +765,7 @@ class PubServer(BaseHTTPRequestHandler):
self.server.httpPrefix, \ self.server.httpPrefix, \
maxPostsInFeed, 'inbox', \ maxPostsInFeed, 'inbox', \
True,self.server.ocapAlways) True,self.server.ocapAlways)
self._set_headers('text/html') self._set_headers('text/html',authHeader)
self.wfile.write(htmlInbox(self.server.session, \ self.wfile.write(htmlInbox(self.server.session, \
self.server.baseDir, \ self.server.baseDir, \
self.server.cachedWebfingers, \ self.server.cachedWebfingers, \
@ -755,7 +774,7 @@ class PubServer(BaseHTTPRequestHandler):
self.server.domain, \ self.server.domain, \
inboxFeed).encode('utf-8')) inboxFeed).encode('utf-8'))
else: else:
self._set_headers('application/json') self._set_headers('application/json',authHeader)
self.wfile.write(json.dumps(inboxFeed).encode('utf-8')) self.wfile.write(json.dumps(inboxFeed).encode('utf-8'))
self.server.GETbusy=False self.server.GETbusy=False
return return
@ -775,7 +794,7 @@ class PubServer(BaseHTTPRequestHandler):
self.server.port,self.path, \ self.server.port,self.path, \
self.server.httpPrefix, \ self.server.httpPrefix, \
maxPostsInFeed, 'outbox', \ maxPostsInFeed, 'outbox', \
self._isAuthorized(), \ authorized, \
self.server.ocapAlways) self.server.ocapAlways)
if outboxFeed: if outboxFeed:
if 'text/html' in self.headers['Accept']: if 'text/html' in self.headers['Accept']:
@ -788,10 +807,10 @@ class PubServer(BaseHTTPRequestHandler):
self.server.port,self.path+'?page=1', \ self.server.port,self.path+'?page=1', \
self.server.httpPrefix, \ self.server.httpPrefix, \
maxPostsInFeed, 'outbox', \ maxPostsInFeed, 'outbox', \
self._isAuthorized(), \ authorized, \
self.server.ocapAlways) self.server.ocapAlways)
self._set_headers('text/html') self._set_headers('text/html',authHeader)
self.wfile.write(htmlOutbox(self.server.session, \ self.wfile.write(htmlOutbox(self.server.session, \
self.server.baseDir, \ self.server.baseDir, \
self.server.cachedWebfingers, \ self.server.cachedWebfingers, \
@ -800,11 +819,10 @@ class PubServer(BaseHTTPRequestHandler):
self.server.domain, \ self.server.domain, \
outboxFeed).encode('utf-8')) outboxFeed).encode('utf-8'))
else: else:
self._set_headers('application/json') self._set_headers('application/json',authHeader)
self.wfile.write(json.dumps(outboxFeed).encode('utf-8')) self.wfile.write(json.dumps(outboxFeed).encode('utf-8'))
self.server.GETbusy=False self.server.GETbusy=False
return return
authorized=self._isAuthorized()
shares=getSharesFeedForPerson(self.server.baseDir, \ shares=getSharesFeedForPerson(self.server.baseDir, \
self.server.domain, \ self.server.domain, \
@ -828,7 +846,7 @@ class PubServer(BaseHTTPRequestHandler):
self.server.session= \ self.server.session= \
createSession(self.server.domain,self.server.port,self.server.useTor) createSession(self.server.domain,self.server.port,self.server.useTor)
self._set_headers('text/html') self._set_headers('text/html',authHeader)
self.wfile.write(htmlProfile(self.server.baseDir, \ self.wfile.write(htmlProfile(self.server.baseDir, \
self.server.httpPrefix, \ self.server.httpPrefix, \
authorized, \ authorized, \
@ -841,7 +859,7 @@ class PubServer(BaseHTTPRequestHandler):
self.server.GETbusy=False self.server.GETbusy=False
return return
else: else:
self._set_headers('application/json') self._set_headers('application/json',authHeader)
self.wfile.write(json.dumps(shares).encode('utf-8')) self.wfile.write(json.dumps(shares).encode('utf-8'))
self.server.GETbusy=False self.server.GETbusy=False
return return
@ -867,7 +885,7 @@ class PubServer(BaseHTTPRequestHandler):
self.server.session= \ self.server.session= \
createSession(self.server.domain,self.server.port,self.server.useTor) createSession(self.server.domain,self.server.port,self.server.useTor)
self._set_headers('text/html') self._set_headers('text/html',authHeader)
self.wfile.write(htmlProfile(self.server.baseDir, \ self.wfile.write(htmlProfile(self.server.baseDir, \
self.server.httpPrefix, \ self.server.httpPrefix, \
authorized, \ authorized, \
@ -880,7 +898,7 @@ class PubServer(BaseHTTPRequestHandler):
self.server.GETbusy=False self.server.GETbusy=False
return return
else: else:
self._set_headers('application/json') self._set_headers('application/json',authHeader)
self.wfile.write(json.dumps(following).encode('utf-8')) self.wfile.write(json.dumps(following).encode('utf-8'))
self.server.GETbusy=False self.server.GETbusy=False
return return
@ -904,7 +922,7 @@ class PubServer(BaseHTTPRequestHandler):
print('DEBUG: creating new session') print('DEBUG: creating new session')
self.server.session= \ self.server.session= \
createSession(self.server.domain,self.server.port,self.server.useTor) createSession(self.server.domain,self.server.port,self.server.useTor)
self._set_headers('text/html') self._set_headers('text/html',authheader)
self.wfile.write(htmlProfile(self.server.baseDir, \ self.wfile.write(htmlProfile(self.server.baseDir, \
self.server.httpPrefix, \ self.server.httpPrefix, \
authorized, \ authorized, \
@ -917,7 +935,7 @@ class PubServer(BaseHTTPRequestHandler):
self.server.GETbusy=False self.server.GETbusy=False
return return
else: else:
self._set_headers('application/json') self._set_headers('application/json',authHeader)
self.wfile.write(json.dumps(followers).encode('utf-8')) self.wfile.write(json.dumps(followers).encode('utf-8'))
self.server.GETbusy=False self.server.GETbusy=False
return return
@ -931,7 +949,7 @@ class PubServer(BaseHTTPRequestHandler):
print('DEBUG: creating new session') print('DEBUG: creating new session')
self.server.session= \ self.server.session= \
createSession(self.server.domain,self.server.port,self.server.useTor) createSession(self.server.domain,self.server.port,self.server.useTor)
self._set_headers('text/html') self._set_headers('text/html',authHeader)
self.wfile.write(htmlProfile(self.server.baseDir, \ self.wfile.write(htmlProfile(self.server.baseDir, \
self.server.httpPrefix, \ self.server.httpPrefix, \
authorized, \ authorized, \
@ -941,7 +959,7 @@ class PubServer(BaseHTTPRequestHandler):
self.server.cachedWebfingers, \ self.server.cachedWebfingers, \
self.server.personCache).encode('utf-8')) self.server.personCache).encode('utf-8'))
else: else:
self._set_headers('application/json') self._set_headers('application/json',authHeader)
self.wfile.write(json.dumps(getPerson).encode('utf-8')) self.wfile.write(json.dumps(getPerson).encode('utf-8'))
self.server.GETbusy=False self.server.GETbusy=False
return return
@ -955,7 +973,7 @@ class PubServer(BaseHTTPRequestHandler):
# check that the file exists # check that the file exists
filename=self.server.baseDir+self.path filename=self.server.baseDir+self.path
if os.path.isfile(filename): if os.path.isfile(filename):
self._set_headers('application/json') self._set_headers('application/json',authHeader)
with open(filename, 'r', encoding='utf-8') as File: with open(filename, 'r', encoding='utf-8') as File:
content = File.read() content = File.read()
contentJson=json.loads(content) contentJson=json.loads(content)
@ -967,7 +985,7 @@ class PubServer(BaseHTTPRequestHandler):
self.server.GETbusy=False self.server.GETbusy=False
def do_HEAD(self): def do_HEAD(self):
self._set_headers('application/json') self._set_headers('application/json',None)
def do_POST(self): def do_POST(self):
if self.server.debug: if self.server.debug: