def decrypt_blob(encrypted_blob, private_key, password=None, encode_type='zip'):
private_key = to_key(private_key, is_public_key=False)
password = to_bytes(password)
pkey = serialization.load_pem_private_key(private_key, password=password, backend=default_backend())
padding_obj = padding.PKCS1v15()
if encode_type == 'zip':
encrypted_blob = zlib.decompress(encrypted_blob)
else:
#Base 64 decode the data
encrypted_blob = base64.b64decode(encrypted_blob)
#In determining the chunk size, determine the private key length used in bytes.
#The data will be in decrypted in chunks
chunk_size = 512
offset = 0
decrypted = b""
#keep loop going as long as we have chunks to decrypt
while offset < len(encrypted_blob):
#The chunk
chunk = encrypted_blob[offset: offset + chunk_size]
#Append the decrypted chunk to the overall decrypted file
decrypted += pkey.decrypt(chunk, padding_obj)
#Increase the offset by chunk size
offset += chunk_size
#return the decompressed decrypted data
decrypted = zlib.decompress(decrypted)
return decrypted
def create_private_public_keys(password=None, is_clean=True, key_size=4096):
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=key_size,
backend=default_backend()
)
public_key = private_key.public_key()
if password:
password = to_bytes(password)
if password:
encryption_algorithm = serialization.BestAvailableEncryption(password)
else:
encryption_algorithm = serialization.NoEncryption()
private_key_bytes = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8, #.TraditionalOpenSSL,
encryption_algorithm=encryption_algorithm,
)
public_key_bytes = public_key.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo,
)
private_key_s = to_unicode(private_key_bytes)
public_key_s = to_unicode(public_key_bytes)
if is_clean:
private_key_s = to_clean_key(private_key_s)
public_key_s = to_clean_key(public_key_s)
return private_key_s, public_key_s
def render_as_static_resource_in_pages_for_farbox_bucket(template_filename):
ext = os.path.splitext(template_filename)[-1].lower()
if ext not in [
'.html', '.htm', '.js', '.css', '.json', '.jpg', '.png', '.scss',
'.less', '.coffee'
]:
return
mime_type = ''
raw_content = ''
pages_configs = get_pages_configs()
if not is_doc_modified(doc=pages_configs, date_field='mtime'):
return get_304_response()
if ext in ['.scss', '.less']:
raw_content = get_template_static_resource_content('.'.join(
[template_filename.rsplit('.')[0], 'css']))
mime_type = 'text/css'
elif ext in ['.coffee']:
raw_content = get_template_static_resource_content('.'.join(
[template_filename.rsplit('.')[0], 'js']))
mime_type = 'application/javascript'
if not raw_content:
raw_content = get_template_static_resource_content(template_filename)
if raw_content:
raw_content = to_bytes(raw_content)
mime_type = mime_type or guess_type(
template_filename) or 'application/octet-stream'
set_context_value_from_request("is_template_resource", True)
file_response = send_file(io.BytesIO(raw_content), mimetype=mime_type)
bucket = get_bucket_in_request_context()
if bucket:
set_304_response_for_doc(response=file_response,
doc=pages_configs,
date_field='mtime')
return file_response
def encrypt_file(in_filepath,
key,
chunk_size=81920,
out_filepath=None,
is_content=False,
fast=True):
if fast:
des_key = get_key_for_des(key)
des = DES.new(des_key, DES.MODE_ECB)
pl = 8
else:
des_key, des_iv = get_key_and_iv_for_des(key)
des = DES3.new(des_key, DES3.MODE_CFB, des_iv)
pl = 16 # part length
if is_content:
raw_content = to_bytes(in_filepath)
in_file = StringIO(raw_content)
else:
if not os.path.isfile(in_filepath):
return ''
else:
in_file = open(in_filepath, 'r')
out_content = b''
if out_filepath:
out_file = open(out_filepath, 'wb')
else:
out_file = None
padded = False
while True:
chunk = in_file.read(chunk_size)
if len(chunk) == 0:
if not padded:
to_pad = chr(pl) * pl
encrypted_chunk = des.encrypt(to_pad)
if out_file:
out_file.write(encrypted_chunk)
else:
out_content += encrypted_chunk
break
elif len(chunk) % pl != 0:
reminder = len(chunk) % pl
to_pad = chr(pl - reminder) * (pl - reminder)
chunk += to_pad
padded = True
encrypted_chunk = des.encrypt(chunk)
if out_file:
out_file.write(encrypted_chunk)
else:
out_content += encrypted_chunk
# at last
in_file.close()
if out_file:
out_file.close()
return out_filepath
else:
return out_content
def decrypt_file(in_filepath,
key,
chunk_size=81920,
out_filepath=None,
is_content=False,
fast=True):
if fast:
des_key = get_key_for_des(key)
des = DES.new(des_key, DES.MODE_ECB)
pl = 8
else:
des_key, des_iv = get_key_and_iv_for_des(key)
des = DES3.new(des_key, DES3.MODE_CFB, des_iv)
pl = 16 # part length
if is_content:
raw_content = to_bytes(in_filepath)
in_file = StringIO(raw_content)
else:
if not os.path.isfile(in_filepath):
return ''
else:
in_file = open(in_filepath, 'r')
out_content = b''
if out_filepath:
out_file = open(out_filepath, 'wb')
else:
out_file = None
chuck_to_write = ''
while True:
chunk = in_file.read(chunk_size)
if len(chunk) == 0:
if chuck_to_write:
pad_length = ord(chuck_to_write[-1])
chuck_to_write = chuck_to_write[:-pad_length]
if chuck_to_write:
if out_file:
out_file.write(chuck_to_write)
else:
out_content += chuck_to_write
break
if chuck_to_write:
if out_file:
out_file.write(chuck_to_write)
else:
out_content += chuck_to_write
chuck_to_write = des.decrypt(chunk)
# at last
in_file.close()
if out_file:
out_file.close()
return out_filepath
else:
return out_content
def do_record_sync_log(self, log):
now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
log = to_bytes('%s %s\n\n' % (now, log))
sync_log_filepath = join(self.root, '.sync/%s_sync.log' % self.app_name_for_sync)
try:
make_sure_path(sync_log_filepath)
with open(sync_log_filepath, 'a') as f:
f.write(log)
except:
pass
def simple_encrypt(key, text):
key = key[:8]
text = to_bytes(text)
des = DES.new(key, DES.MODE_ECB)
reminder = len(text) % 8
if reminder == 0: # pad 8 bytes
text += '\x08' * 8
else:
text += chr(8 - reminder) * (8 - reminder)
return base64.b64encode(des.encrypt(text))
def render_as_static_file_for_farbox_bucket(path):
if not path or path == "/":
path = "index.html"
bucket = get_bucket_in_request_context()
if not bucket:
return
record = get_record_by_path(bucket, path)
if path == "favicon.ico" and not record:
record = get_record_by_path(bucket,
"_direct/favicon.ico") # 兼容 Bitcron
if not record:
return
record_path = get_path_from_record(record)
if record_path and record_path.startswith("/_data/"):
ext = os.path.splitext(record_path)[-1].strip(".").lower()
if ext in ["csv"] and not is_bucket_login(bucket):
return abort(
404, "csv under /_data is not allowed to download directly")
set_context_value_from_request("is_static_file", True)
if record.get('compiled_type') and record.get('compiled_content'):
raw_content = record.get('compiled_content')
content_type = record.get('compiled_type')
raw_content = to_bytes(raw_content)
mimetype = content_type or guess_type(
path) or 'application/octet-stream'
compiled_file_response = send_file(io.BytesIO(to_bytes(raw_content)),
mimetype=mimetype)
return compiled_file_response
else:
# 先对应是否防盗链的逻辑
site_configs = get_bucket_site_configs(bucket)
anti_theft_chain = site_configs.get("anti_theft_chain", True)
if anti_theft_chain and request.path.strip('/') in ['favicon.ico']:
anti_theft_chain = False
if anti_theft_chain and request.referrer:
refer_host = get_host_from_url(request.referrer)
if refer_host != request.host and "." in request.path:
return abort(404, "this url is not allowed for outside")
return storage.get_download_response_for_record(bucket=bucket,
record_data=record,
try_resized_image=True)
def get_sign_content(dict_data, excludes=None):
# for python dict object, 如果 k,v 中的 v 本身是 '', 则不会进行 sign
excludes = excludes or []
dict_data = {
k: v
for k, v in dict_data.items()
if len(str(v)) and k not in excludes
}
sign_content = '&'.join('%s=%s'%(k, v) for k, v in sorted(dict_data.items()))
sign_content = to_bytes(sign_content)
return sign_content
def sign_by_private_key(private_key, content, encode_base64=True, excludes_fields=None):
private_key = to_private_key(private_key)
padding_obj = padding.PSS(
mgf = padding.MGF1(hashes.SHA256()),
salt_length = padding.PSS.MAX_LENGTH
)
if isinstance(content, dict):
content = get_sign_content(content, excludes=excludes_fields)
content = to_bytes(content)
signature = private_key.sign(content, padding_obj, hashes.SHA256())
if encode_base64:
signature = base64.b64encode(signature)
return signature
def to_key(key, is_public_key=False):
key = to_unicode(key)
if is_public_key:
head = '-----BEGIN PUBLIC KEY-----'
tail = '-----END PUBLIC KEY-----'
else:
head = '-----BEGIN PRIVATE KEY-----'
tail = '-----END PRIVATE KEY-----'
if '-----BEGIN ' not in key:
key = head + '\n' + key
if '-----END ' not in key:
key = key.strip() + '\n' + tail + '\n'
key = to_bytes(key)
return key
def insert_into_header(to_insert, html, force=False):
# 插入到 html 页面的头部
if not force and get_no_html_inject_in_request():
return html
if not to_insert:
return html
if isinstance(html, str_type) and isinstance(to_insert, unicode_type):
to_insert = to_bytes(to_insert)
if isinstance(to_insert, string_types):
html = re.sub(r'</head>\s*<body',
'%s\n</head>\n<body' % to_insert,
html,
count=1,
flags=re.I)
return html
def verify_by_public_key(public_key, signature, content, decode_base64=True):
if not public_key or not signature or not content:
return False
public_key = to_public_key(public_key)
if not public_key:
return False
padding_obj = padding.PSS(
mgf = padding.MGF1(hashes.SHA256()),
salt_length = padding.PSS.MAX_LENGTH
)
if decode_base64:
try:
signature = base64.b64decode(signature)
signature = to_bytes(signature)
except:
pass
if isinstance(content, dict):
content = get_sign_content(content)
content = to_bytes(content)
try:
public_key.verify(signature, content, padding_obj, hashes.SHA256())
return True
except:
return False
def insert_into_footer(to_insert, html, force=False):
# 插入到 html 页面的尾部
if not force and get_no_html_inject_in_request():
return html
if not to_insert:
return html
if isinstance(html, str_type) and isinstance(to_insert, unicode_type):
to_insert = to_bytes(to_insert)
if isinstance(to_insert, string_types):
# 会放在</body>之前
if re.search(r'</body>', html, flags=re.I):
html = re.sub(r'</body>\s*\n',
'%s</body>\n' % to_insert,
html,
flags=re.I)
return html
def encrypt_file(in_filepath, key, chunk_size=81920, out_filepath=None, is_content=False):
pl = 32
aes = get_aes(key)
if is_content:
raw_content = to_bytes(in_filepath)
in_file = StringIO(raw_content)
else:
if not os.path.isfile(in_filepath):
return ''
else:
in_file = open(in_filepath, 'r')
out_content = b''
if out_filepath:
out_file = open(out_filepath, 'wb')
else:
out_file = None
padded = False
while True:
chunk = in_file.read(chunk_size)
if len(chunk) == 0:
if not padded:
to_pad = chr(pl) * pl
encrypted_chunk = aes.encrypt(to_pad)
if out_file:
out_file.write(encrypted_chunk)
else:
out_content += encrypted_chunk
break
elif len(chunk) % pl != 0:
reminder = len(chunk) % pl
to_pad = chr(pl - reminder) * (pl - reminder)
chunk += to_pad
padded = True
encrypted_chunk = aes.encrypt(chunk)
if out_file:
out_file.write(encrypted_chunk)
else:
out_content += encrypted_chunk
# at last
in_file.close()
if out_file:
out_file.close()
return out_filepath
else:
return out_content
def get_public_key_from_private_key(private_key, password=None, is_clean=True):
private_key = to_key(private_key, is_public_key=False)
if password:
password = to_bytes(password)
try:
private_key = serialization.load_pem_private_key(private_key, password=password, backend=default_backend())
public_key = private_key.public_key()
public_key_bytes = public_key.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo,
)
public_key_s = to_unicode(public_key_bytes)
if is_clean:
public_key_s = to_clean_key(public_key_s)
return public_key_s
except:
print('failed to get_public_key_from_private_key')
return
def decrypt_file(in_filepath, key, chunk_size=81920, out_filepath=None, is_content=False):
aes = get_aes(key)
if is_content:
raw_content = to_bytes(in_filepath)
in_file = StringIO(raw_content)
else:
if not os.path.isfile(in_filepath):
return ''
else:
in_file = open(in_filepath, 'r')
out_content = b''
if out_filepath:
out_file = open(out_filepath, 'wb')
else:
out_file = None
chuck_to_write = ''
while True:
chunk = in_file.read(chunk_size)
if len(chunk) == 0:
if chuck_to_write:
pad_length = ord(chuck_to_write[-1])
chuck_to_write = chuck_to_write[:-pad_length]
if chuck_to_write:
if out_file:
out_file.write(chuck_to_write)
else:
out_content += chuck_to_write
break
if chuck_to_write:
if out_file:
out_file.write(chuck_to_write)
else:
out_content += chuck_to_write
chuck_to_write = aes.decrypt(chunk)
# at last
in_file.close()
if out_file:
out_file.close()
return out_filepath
else:
return out_content
def encrypt_aes(text, key, encode_type='base64'):
if isinstance(text, dict):
text = json.dumps(text, indent=4)
text = to_bytes(text)
aes = get_aes(key)
reminder = len(text)%BLOCK_SIZE
if reminder == 0: # pad 8 bytes
text += '\x08'*BLOCK_SIZE
else:
text += chr(BLOCK_SIZE-reminder) * (BLOCK_SIZE-reminder)
encrypted = aes.encrypt(text)
if encode_type == 'zip':
encrypted_content = zlib.compress(encrypted)
elif encode_type == 'raw':
encrypted_content = encrypted
else:
#Base 64 encode the encrypted file
encrypted_content = base64.b64encode(encrypted)
return encrypted_content
def encrypt_des(text, key, encode_type='base64'):
key = to_key_for_des(key)
if isinstance(text, dict):
text = json.dumps(text, indent=4)
text = to_bytes(text)
des = DES.new(key, DES.MODE_ECB)
reminder = len(text) % 8
if reminder == 0: # pad 8 bytes
text += '\x08' * 8
else:
text += chr(8 - reminder) * (8 - reminder)
encrypted = des.encrypt(text)
if encode_type == 'zip':
encrypted_content = zlib.compress(encrypted)
else:
#Base 64 encode the encrypted file
encrypted_content = base64.b64encode(encrypted)
return encrypted_content
def get_download_response_for_record(self,
bucket,
record_data,
try_resized_image=False):
# 同步回去的 response
# 如果是 Web 端给普通访客的,则会根据需要自动提供缩略图的逻辑支持
raw_content = record_data.get('raw_content') or record_data.get(
'content') or ''
if raw_content and record_data.get('_zipped'):
try:
raw_content = ungzip_content(raw_content, base64=True)
except:
pass
mime_type = guess_type(record_data.get(
"path", "")) or "application/octet-stream"
if raw_content:
raw_content = to_bytes(raw_content)
return send_file(io.BytesIO(raw_content), mimetype=mime_type)
else:
file_response = self.as_web_response(
bucket, record_data, try_resized_image=try_resized_image)
return file_response # 可能是 None
def encrypt_blob(blob, public_key, encode_type='zip'):
blob = to_bytes(blob)
public_key = to_key(public_key, is_public_key=True)
pkey = serialization.load_pem_public_key(public_key, backend=default_backend())
blob = zlib.compress(blob)
chunk_size = 470 # 470+42=512
offset = 0
end_loop = False
encrypted = b""
padding_obj = padding.PKCS1v15()
while not end_loop and offset < len(blob):
#The chunk
chunk = blob[offset:offset + chunk_size]
#If the data chunk is less then the chunk size, then we need to add
#padding with " ". This indicates the we reached the end of the file
#so we end loop here
if len(chunk) % chunk_size != 0:
end_loop = True
chunk += b" " * (chunk_size - len(chunk))
#Append the encrypted chunk to the overall encrypted file
encrypted += pkey.encrypt(chunk, padding_obj)
#Increase the offset by chunk size
offset += chunk_size
if encode_type == 'zip':
encrypted_content = zlib.compress(encrypted)
else:
#Base 64 encode the encrypted file
encrypted_content = base64.b64encode(encrypted)
return encrypted_content
# coding: utf8
import os
from farbox_bucket.client.dump_template import get_template_info
from farbox_bucket.utils import to_bytes
root = os.path.abspath(os.path.dirname(__file__))
themes_py_file = os.path.join(root, '__init__.py')
templates = {}
for name in os.listdir(root):
folder_path = os.path.join(root, name)
if not os.path.isdir(folder_path):
continue
template_key = name.lower().strip()
template_info = get_template_info(folder_path)
template_info['_theme_key'] = template_key
templates[template_key] = template_info
py_file_content = '#coding: utf8\nthemes = %s' % templates
with open(themes_py_file, 'wb') as f:
f.write(to_bytes(py_file_content))
def to_private_key(private_key, password=None):
private_key = to_key(private_key, is_public_key=False)
if password:
password = to_bytes(password)
private_key = serialization.load_pem_private_key(private_key, password=password, backend=default_backend())
return private_key
