def members(conn, headers, data, *, method): cookies = parse_cookies(headers['ignored'].get("Cookie", "")) has_valid_token = cookies.get("token", "") in db.database if method == "GET": if not has_valid_token: _, page = server.routes["/403"]["GET"](conn, {}, "") return ({"Status-code": 403, "Reason-phrase": "Forbidden"}, page) error = parse_post(headers['request_uri'].query).get("error", "") with open("root/public/members.html") as members: return ({}, members.read().format(body='<br>'.join( f"<p>{user} -- {hash_}</p>" for hash_, user in db.database.items()), error=error)) elif method == "POST": post = parse_post(data) if 'uname' not in post: return ({ "Status-code": 301, "Location": "/members?error=invalid post data" }, "") post['uname'] = escape(post['uname']) if post['uname'] not in db.database.values(): return ({ "Status-code": 301, "Location": "/members?error=user doesn't exist" }, "") db.remove_user(post['uname']) shutil.rmtree(f"root/users/{conv_uname(post['uname'])}") return ({"Status-code": 301, "Location": "/members"}, "")
def make_reply(conn, headers, data): cookies = parse_cookies(headers['ignored'].get("Cookie", "")) has_valid_token = (token := cookies.get("token", "")) in db.database if not has_valid_token: return ({ "Status-code": 301, "Location": "/?error=you must log-in to chat" }, "") elif 'reply' not in (msg := parse_post(data)): return ({ "Status-code": 301, "Location": "/?error=invalid post parameters" }, "")
def profile(conn, headers, data, *, method): cookies = parse_cookies(headers['ignored'].get("Cookie", "")) has_valid_token = (token := cookies.get("token", "")) in db.database if not has_valid_token: _, page = server.routes["/403"]["GET"](conn, {}, "") return ({"Status-code": 403, "Reason-phrase": "Forbidden"}, page) if method == "GET": username = conv_uname(db.database[token]) messages = [] error = parse_post(headers['request_uri'].query).get("error", "") for file_ in os.listdir(f"root/users/{username}"): if not os.path.isfile(f"root/users/{username}/{file_}"): continue with open(f"root/users/{username}/{file_}") as msg: messages.append(unquote(msg.read())) shutil.move(f"root/users/{username}/{file_}", f"root/users/{username}/seen/{file_}") with open("root/public/profile.html") as profile: return ({}, profile.read().format( username=db.database[token], inbox=f"<h3>{len(messages)} unread messages </h3><hr>" + '<hr>'.join(messages), error=error)) elif method == "POST": post = parse_post(data) if "recipient" not in post or "msg" not in post: return ({ "Status-code": 301, "Location": "/profile?error=invalid input" }, "") post['recipient'] = escape(post['recipient']) post['msg'] = escape(unquote_plus(post['msg'])) if post['recipient'] not in db.database.values(): return ({ "Status-code": 301, "Location": "/profile?error=user doesn't exist" }, "") with open( f"root/users/{conv_uname(post['recipient'])}/{randint(0, 4294967296)}", "w") as msg: msg.write( f"<p style='padding-left:5em'>{post['msg']}</p><br>sent from <i>{db.database[token]}</i>" ) return ({"Status-code": 301, "Location": "/profile"}, "")
def login(conn, headers, data, *, method): cookies = parse_cookies(headers['ignored'].get("Cookie", "")) has_valid_token = cookies.get("token", "") in db.database if method == "GET": error = parse_post(headers['request_uri'].query).get("error", "") with open("root/public/login.html") as login: return ({}, login.read().format( error=error, is_logged="You're already logged in, do you want to <a href='/logout'>logout</a>?" if has_valid_token \ else """<form action="/login" method="post"> <label>Username:</label> <input type="text" id="uname" name="uname"><br> <label>Password:</label> <input type="text" id="pword" name="pword"><br><br> <input type="submit" value="Login"> </form>""" )) elif method == "POST": if has_valid_token: return ({ "Status-code": 301, "Location": "/login?error=already logged in" }, "") post = parse_post(data) if "uname" not in post or "pword" not in post: return ({ "Status-code": 301, "Location": "/login?error=invalid login data" }, "") digest = sha512() digest.update(f"{post['uname']}:{post['pword']}".encode()) if digest.hexdigest() in db.database: return ({ "Status-code": 301, "Set-Cookie": f"token={digest.hexdigest()}", "Location": "/" }, "") return ({ "Status-code": 301, "Location": "/login?error=invalid credentials" }, "")
def register(conn, headers, data, *, method): cookies = parse_cookies(headers['ignored'].get("Cookie", "")) has_valid_token = cookies.get("token", "") in db.database if method == "GET": with open("root/public/register.html") as register: return ({}, register.read().format( is_registered=f"You are already registered<br>" if has_valid_token \ else """<form action="/register" method="post"> <label>Username:</label> <input type="text" id="uname" name="uname"><br> <label>Password:</label> <input type="text" id="pword" name="pword"><br><br> <input type="submit" value="Register"> </form> """, error=parse_post(q)['error'] if (q := headers["request_uri"].query) \ else "" ))
def index(conn, headers, data): cookies = parse_cookies(headers['ignored'].get("Cookie", "")) has_valid_token = (token := cookies.get("token", "")) in db.database error = parse_post(headers['request_uri'].query).get("error", "") unread = 0 if has_valid_token and os.path.exists( f"root/users/{conv_uname(db.database[token])}"): unread = len( os.listdir(f"root/users/{conv_uname(db.database[token])}")) - 1 with open("root/public/index.html") as index: return ({}, index.read().format( if_logged_in_head="<a href='/login'>login</a> - <a href='/register'>register</a>" if not has_valid_token \ else f"logged in as <b>{db.database[token]}</b> - <a href='/logout'>logout</a> - <a href='/profile'>profile ({unread})</a>", if_logged_in_body="" if not has_valid_token \ else "Since you're logged in, do you wanna <a href='/members'>look</a> at the user-list?", timer="""window.onload = function() { var fn = function() { var frameElement = document.getElementById("chat"); frameElement.contentWindow.location.href = frameElement.src + "?_=" + Math.ceil(Math.random() * 10000); }; setInterval (fn, 2500); }""", error=error ))
<input type="text" id="uname" name="uname"><br> <label>Password:</label> <input type="text" id="pword" name="pword"><br><br> <input type="submit" value="Register"> </form> """, error=parse_post(q)['error'] if (q := headers["request_uri"].query) \ else "" )) elif method == "POST": if has_valid_token: return ({ "Status-code": 301, "Location": "/register?error=already logged in" }, "") post = parse_post(data) post['uname'] = escape(post['uname']) if "uname" not in post or "pword" not in post: return ({ "Status-code": 301, "Location": "/register?error=invalid login data" }, "") elif post['uname'] in db.database.values(): return ({ "Status-code": 301, "Location": "/register?error=already existing username" }, "") t = db.add_user(post['uname'], post['pword']) os.mkdir(f"root/users/{conv_uname(post['uname'])}") os.mkdir(f"root/users/{conv_uname(post['uname'])}/seen") print(f"[localhost:{port}] user {post['uname']} registered")