From 33e49bc0b647fb7d6beff4f0bc6252d6e01e5280 Mon Sep 17 00:00:00 2001 From: lare Date: Sun, 20 Nov 2022 10:57:33 +0100 Subject: [PATCH] add "peering-dir", logging, --- web/.gitignore | 2 ++ web/backend/config.sample.json | 1 + web/backend/kioubit_verify.py | 16 ++++----- web/backend/main.py | 65 ++++++++++++++++++++++++++++++---- web/frontend/peerings-new.html | 2 +- web/frontend/peerings.html | 15 ++++---- 6 files changed, 78 insertions(+), 23 deletions(-) create mode 100644 web/.gitignore diff --git a/web/.gitignore b/web/.gitignore new file mode 100644 index 0000000..ddf7c63 --- /dev/null +++ b/web/.gitignore @@ -0,0 +1,2 @@ +venv +backend/peerings/ \ No newline at end of file diff --git a/web/backend/config.sample.json b/web/backend/config.sample.json index 8805f79..b2a9a3d 100644 --- a/web/backend/config.sample.json +++ b/web/backend/config.sample.json @@ -20,6 +20,7 @@ "port": 8042, "domain": "example.org", // domain to use for kioubit verification service "base-dir": "/", //optional:directury for which it is reachable (if behind some sort of reverse proxy) default "/" + "peerings-dir": "/path/to/peering-configs/", // optional; default "$PWD/peerings", directory to save existing peerings to "production": true, //optional, default true; "debug-mode": false, // optional; whethet to enable debugging; default false "flask-secret-key": "", // secret key for session cookies diff --git a/web/backend/kioubit_verify.py b/web/backend/kioubit_verify.py index 1f9d3d2..11fe87c 100644 --- a/web/backend/kioubit_verify.py +++ b/web/backend/kioubit_verify.py @@ -1,6 +1,6 @@ #! /usr/bin/env python3 -import base64, os, json, time +import base64, os, json, time, logging import OpenSSL from OpenSSL.crypto import load_publickey, FILETYPE_PEM, verify, X509 @@ -15,20 +15,20 @@ class AuthVerifyer (): pk_content = "" for line in pk.readlines(): pk_content += line - print(pk_content) + logging.debug(pk_content) pkey = load_publickey(FILETYPE_PEM, pk_content) self.x509 = X509() self.x509.set_pubkey(pkey) - print(self.x509) + logging.debug(self.x509) def verify(self, params, signature): - # print(type(sig)) + # logging.debug(type(sig)) #OpenSSL_verify(self.pubkey, sig #, base64.b64decode(params), "sha512") sig = base64.b64decode(signature) - print(f"sig: {sig}") - print(f"params: {params}") + logging.info(f"sig: {sig}") + logging.info(f"params: {params}") try: verify(self.x509, sig, params, 'sha512') except OpenSSL.crypto.Error: @@ -43,12 +43,12 @@ class AuthVerifyer (): return False, "invalid JSON" except KeyError: return False, "value not found in JSON" - print(user_data) + logging.debug(user_data) return True, user_data if __name__ == "__main__": example_com_verifier = AuthVerifyer("example.com") - print (example_com_verifier.verify( + logging.info (example_com_verifier.verify( params=b"eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI2NjkyNiwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=", signature=b"MIGIAkIBAmwz3sQ1vOkH8+8e0NJ8GsUqKSaazIWmYDp60sshlTo7gCAopZOZ6/+tD6s+oEGM1i5mKGbHgK9ROATQLHxUZecCQgCa2N828uNn76z1Yg63/c7veMVIiK4l1X9TCUepJnJ3mCto+7ogCP+2vQm6GHipSNRF4wnt6tZbir0HZvrqEnRAmA==" ) ) diff --git a/web/backend/main.py b/web/backend/main.py index bdd987a..08ac158 100644 --- a/web/backend/main.py +++ b/web/backend/main.py @@ -1,7 +1,7 @@ #! /usr/bin/env python3 from flask import Flask, Response, redirect, render_template, request, session, abort -import json, os, base64 +import json, os, base64, logging from functools import wraps from ipaddress import ip_address, ip_network import kioubit_verify @@ -16,7 +16,7 @@ class Config (dict): if os.path.exists("./config.json"): self.configfile = "./config.json" elif os.path.exists("/etc/dn42-autopeer/config.json"): self.configfile = "/etc/dn42-autopeer/config,json" else: raise FileNotFoundError("no config file found in ./config.json or /etc/dn42-autopeer/config.json") - self.load_config() + self._load_config() self.keys = self._config.keys #self.__getitem__ = self._config.__getitem__ super().__init__(self) @@ -29,7 +29,8 @@ class Config (dict): super().__delitem__(self,v) def __getitem__(self, k): return self._config[k] - def load_config(self): + + def _load_config(self): with open(self.configfile) as cf: try: self._config = json.load(cf) @@ -43,10 +44,58 @@ class Config (dict): self._config["debug-mode"] = False if not "base-dir" in self._config: self._config["base-dir"] = "/" - print(self._config) + + if not "peerings-data" in self._config: + self._config["peering-data"] = "./peerings" + logging.info(self._config) + +class PeeringManager(dict): + + def __init__(self, peering_dir): + self._peering_dir = peering_dir + + self._load_peerings() + self.keys = self._peerings + + def __contains__(self, o): + return self._peerings.__contains__(o) + + def __getitem__(self, k): + return self._peerings[k] + + def __setitem__(self, k, v): + pass + def __delitem__(self, v): + pass + + def _load_peerings(self): + if not os.path.exists(self._peering_dir): + os.mkdir(self._peering_dir) + if not os.path.exists(f"{self._peering_dir}/peerings.json"): + with open(f"{self._peering_dir}/peerings.json", "x") as p: + json.dump([], p) + with open(f"{self._peering_dir}/peerings.json","r") as p: + self._peerings = json.load(p) + self.peerings = {} + missing_peerings = False + for peering in self._peerings: + if os.path.exists(f"{self._peering_dir}/{peering}.json"): + with open(f"{self._peering_dir}/{peering}.json") as peer_cfg: + self.peerings[peering] = json.load(peer_cfg) + else: + logging.warning(f"peering with id {peering} doesn't exist. removing reference in `{self._peering_dir}/peerings.json`") + self._peerings.remove(peering) + missing_peerings = True + if missing_peerings: + with open(f"{self._peering_dir}/peerings.json","w") as p: + json.dump(self._peerings, p, indent=4) + + def get_peerings_by_mnt(self, mnt): + raise NotImplementedError() + config = Config() - +peerings = PeeringManager(config["peering-dir"]) def auth_required(): def wrapper(f): @wraps(f) @@ -70,8 +119,8 @@ def kioubit_auth(): success, msg = kverifyer.verify(params, signature) - try: print(base64.b64decode(params)) - except: print("invalid Base64 data provided") + try: logging.debug(base64.b64decode(params)) + except: logging.debug("invalid Base64 data provided") if success: @@ -156,9 +205,11 @@ def main(): app.template_folder=config["flask-template-dir"] app.secret_key = config["flask-secret-key"] if "production" in config and config["production"] == False: + logging.getLogger(__name__).setLevel(logging.INFO) app.run(host=config["listen"], port=config["port"], debug=config["debug-mode"], threaded=True) else: from waitress import serve + logging.getLogger(__name__).setLevel(logging.NOTSET) serve(app, host=config["listen"], port=config["port"]) diff --git a/web/frontend/peerings-new.html b/web/frontend/peerings-new.html index 26a236a..ffdba39 100644 --- a/web/frontend/peerings-new.html +++ b/web/frontend/peerings-new.html @@ -2,7 +2,7 @@ {% block content %} -
+