From 1770eeb201540cfc6816bc44f6403c5d121f6232 Mon Sep 17 00:00:00 2001 From: lare Date: Thu, 17 Nov 2022 06:43:43 +0100 Subject: [PATCH] add loading of MNT-data from kverify --- web/backend/kioubit_verify.py | 22 +++++++++----- web/backend/main.py | 56 ++++++++++++++++++++++++++++------- web/frontend/base.html | 9 ++++-- web/frontend/index.html | 2 ++ web/frontend/login.html | 9 +++++- web/frontend/peer.html | 13 ++++++++ web/frontend/static/style.css | 13 +++++++- 7 files changed, 100 insertions(+), 24 deletions(-) create mode 100644 web/frontend/peer.html diff --git a/web/backend/kioubit_verify.py b/web/backend/kioubit_verify.py index 24cb8ec..1f9d3d2 100644 --- a/web/backend/kioubit_verify.py +++ b/web/backend/kioubit_verify.py @@ -1,8 +1,8 @@ #! /usr/bin/env python3 -import base64, os -from OpenSSL.crypto import load_publickey, FILETYPE_PEM, verify, X509 +import base64, os, json, time import OpenSSL +from OpenSSL.crypto import load_publickey, FILETYPE_PEM, verify, X509 PUBKEY_FILE = os.path.dirname(__file__)+"/kioubit-auth-pubkey.pem" @@ -33,12 +33,18 @@ class AuthVerifyer (): verify(self.x509, sig, params, 'sha512') except OpenSSL.crypto.Error: return False, "Signature Failed" - #h = SHA512.new() - #h.update(base64.b64decode(params)) - #print(h.hexdigest()) - #verifier = DSS.new(self.pubkey, 'deterministic-rfc6979') - #valid = verifier.verify(h, base64.b64decode(signature)) - return True, "" + + try: + user_data = json.loads(base64.b64decode(params)) + if (time.time() - user_data["time"] )> 60: + return False, "Signature to old" + except json.decoder.JSONDecodeError: + # we shouldn't get here unless kioubit's service is misbehaving + return False, "invalid JSON" + except KeyError: + return False, "value not found in JSON" + print(user_data) + return True, user_data if __name__ == "__main__": example_com_verifier = AuthVerifyer("example.com") diff --git a/web/backend/main.py b/web/backend/main.py index 296d167..ff80c5f 100644 --- a/web/backend/main.py +++ b/web/backend/main.py @@ -47,7 +47,7 @@ def auth_required(): def wrapper(f): @wraps(f) def decorated(*args, **kwargs): - if not "logged_in" in session: + if not "login" in session: return redirect(f"login?return={request.url}") else: return f(*args, **kwargs) @@ -58,31 +58,65 @@ def auth_required(): kverifyer = kioubit_verify.AuthVerifyer(config["domain"]) @app.route("/api/auth/kverify", methods=["GET", "POST"]) def kioubit_auth(): - params = request.args["params"] - signature = request.args["signature"] - print(base64.b64decode(params)) - return str(kverifyer.verify(params, signature)) + try: + params = request.args["params"] + signature = request.args["signature"] + except KeyError: + return render_template("login.html", session=session,config=config,return_addr=session["return_url"], msg='"params" or "signature" missing') + + success, msg = kverifyer.verify(params, signature) + try: print(base64.b64decode(params)) + except: print("invalid Base64 data provided") + + + if success: + session["user-data"] = msg + session["login"] = msg['mnt'] + return redirect(session["return_url"]) + else: + return render_template("login.html", session=session,config=config,return_addr=session["return_url"], msg=msg) + +@app.route("/logout") +def logout(): + session.clear() + return redirect("/") @app.route("/login",methods=["GET","POST"]) def login(): if request.method == "GET": - session["return_url"] = request.args["return"] - return render_template("login.html", config=config, return_addr=request.args["return"]) + session["return_url"] = request.args["return"] if "return" in request.args else "" + + return render_template("login.html", session=session, config=config, return_addr=session["return_url"]) + elif request.method == "POST": + if config["domain"] == "svc.burble.dn42:8042" and request.form["logincode"] and request.form["logincode"] == "eyJhc24iOjQyNDI0MjMwMzUsImFsbG93ZWQ0IjoiMTcyLjIyLjEyNS4xMjhcLzI2LDE3Mi4yMC4wLjgxXC8zMiIsImFsbG93ZWQ2IjoiZmQ2Mzo1ZDQwOjQ3ZTU6OlwvNDgsZmQ0MjpkNDI6ZDQyOjgxOjpcLzY0IiwibW50IjoiTEFSRS1NTlQifQo=": + print("abc") + user_data = json.loads(base64.b64decode(request.form["logincode"])) + session["login"] = user_data['mnt'] + session["user-data"] = user_data + return redirect(request.args["return"]) - #elif request.method == "POST": @app.route("/peer", methods=["GET","POST"]) @auth_required() def peer(): - return request.args - + if request.method == "GET": + if "node" in request.args and request.args["node"] in config["nodes"]: + return render_template("peer.html", config=config, selected_node=request.args["node"]) + return str(config["nodes"][request.args["node"]]) + else: return render_template("peer.html", session=session,config=config) + elif request.method == "POST": + return "POST /peer" + + else: + return 405 + @app.route("/") def index(): # print(config._config["nodes"]) # for node in config["nodes"].values(): # print (node) - return render_template("index.html", config=config._config) + return render_template("index.html", session=session, config=config._config) def main(): app.static_folder= config["flask-template-dir"]+"/static/" diff --git a/web/frontend/base.html b/web/frontend/base.html index 956236b..ffd4327 100644 --- a/web/frontend/base.html +++ b/web/frontend/base.html @@ -5,11 +5,14 @@ {{config["MNT"]}} Autopeering - + -
{{config["MNT"]}}
-
{% block content %}{% endblock %}
+
{{config["MNT"]}} Autopeering{% if "login" in session %}logout{% else %} login{%endif%}
+
+ {% block content %} + {% endblock %} +