def addnewPubKey(publicKey, privateKey): username = cherrypy.session['username'] pubkey_hex = publicKey.encode(encoder=nacl.encoding.HexEncoder) pubkey_hex_str = pubkey_hex.decode('utf-8') private_key_hex_str = privateKey.encode( encoder=nacl.encoding.HexEncoder).decode('utf-8') message_bytes = bytes(pubkey_hex_str + username, encoding='utf-8') signed = privateKey.sign(message_bytes, encoder=nacl.encoding.HexEncoder) signature_hex_str = signed.signature.decode('utf-8') header = http_funcs.getAuthenticationHeader(username, cherrypy.session['api_key']) data = loginserver_api.add_pubkey(pubkey_hex_str, username, signature_hex_str, header) try: cherrypy.session['private_key'] = privateKey cherrypy.session['public_key'] = publicKey print("ADD PUBKEY SUCESS") return 0 except Exception as e: print(e) print("ADD PUBKEY FAIL") return 1
def getUserList(): url = "http://cs302.kiwi.land/api/list_users" headers = http_funcs.getAuthenticationHeader(cherrypy.session['username'], cherrypy.session['api_key']) data = loginserver_api.list_users(headers) return data['users']
def send_private_message(username, message): #Sends a private message to a user of given username try: userinfo = sql_funcs.getUserFromUserList(username)[0] except: print("user not found") return #Grab pubkey of reciever signing_key = cherrypy.session['private_key'] receiving_pubkey = nacl.signing.VerifyKey(userinfo[3], encoder=nacl.encoding.HexEncoder) receiving_pubkey = receiving_pubkey.to_curve25519_public_key() box = nacl.public.SealedBox(receiving_pubkey) encrypted = box.encrypt(bytes(message, 'utf-8'), encoder=nacl.encoding.HexEncoder) enc_message = encrypted.decode('utf-8') loginserver_record = cherrypy.session['loginserver_record'] address = userinfo[1] url = '' if (address == SERVER_IP): url = "http://localhost:10000/api/rx_privatemessage" else: url = "http://" + address + "/api/rx_privatemessage" target_pubkey = userinfo[3] timestamp = str(time.time()) sig_msg = loginserver_record + target_pubkey + username + enc_message + timestamp sig_bytes = bytes(sig_msg, encoding='utf-8') sig_hex = signing_key.sign(sig_bytes, encoder=nacl.encoding.HexEncoder) signature_hex_str = sig_hex.signature.decode('utf-8') payload = { "loginserver_record": loginserver_record, "target_pubkey": target_pubkey, "target_username": username, "encrypted_message": enc_message, "sender_created_at": timestamp, "signature": signature_hex_str } header = http_funcs.getAuthenticationHeader(cherrypy.session['username'], cherrypy.session['api_key']) data = http_funcs.sendJsonRequest(url, payload=payload, header=header) #Send to my own server in case offline send_away = Thread( target=http_funcs.sendJsonRequest, args=["http://localhost:10000/api/rx_privatemessage", payload, header]) send_away.start() sql_funcs.addLocalPrivateMessage(cherrypy.session['username'], username, message, timestamp) print("Message SENT") print(data) return 1
def updateStatus(): onlineUsers = sql_funcs.get_all_client_users() for user in onlineUsers: publicKey = user[2] api_key = user[1] username = user[0] status = user[4] #create HTTP BASIC authorization header headers = http_funcs.getAuthenticationHeader(username, api_key) data = loginserver_api.report(LOCATION, str(IP), publicKey, status, headers) if(data == 1): sql_funcs.remove_client_user(username)
def setstatus(self, status=None): if (cherrypy.session.get('username') == None): raise cherrypy.HTTPRedirect('/login') statuses = ['online', 'away', 'busy', 'offline'] if (status in statuses): publicKey = cherrypy.session['public_key'] pubkey_hex = publicKey.encode(encoder=nacl.encoding.HexEncoder) pubkey_hex_str = pubkey_hex.decode('utf-8') headers = http_funcs.getAuthenticationHeader( cherrypy.session['username'], cherrypy.session['api_key']) sql_funcs.updateStatusforUser(cherrypy.session['username'], status) raise cherrypy.HTTPRedirect('/account')
def updateUserList(): #Can only do if atleast one user is online online_users = sql_funcs.get_all_client_users() if(online_users): #grab the first user, use credentials to update user list in background user = online_users[0] api_key = user[1] username = user[0] try: headers = http_funcs.getAuthenticationHeader(username, api_key) data = loginserver_api.list_users(headers) userList = data['users'] sql_funcs.updateUserList(userList) print("updated user list!") except Exception as e: print("userlist update failed") print(e)
def send_broadcast(message): privateKey = cherrypy.session['private_key'] timestamp = time.time() message_bytes = bytes(str(cherrypy.session['loginserver_record']) + str(message) + str(timestamp), encoding='utf-8') signed = privateKey.sign(message_bytes, encoder=nacl.encoding.HexEncoder) signature_hex_str = signed.signature.decode('utf-8') #create HTTP BASIC authorization header headers = http_funcs.getAuthenticationHeader(cherrypy.session['username'], cherrypy.session['api_key']) payload = { "loginserver_record": cherrypy.session['loginserver_record'], "message": str(message), "sender_created_at": str(timestamp), "signature": signature_hex_str } #Send to own server so we can reload the page broadcast_url = "http://" + LOCAL_IP + "/api/rx_broadcast" http_funcs.sendJsonRequest(broadcast_url, payload, headers) userList = sql_funcs.getUserList() #SEnd the broadcast to everybody in the user list ips = [user[1] for user in userList] ips = set(ips) print(ips) for ip in ips: if (ip != SERVER_IP): broadcast_url = "http://" + ip + "/api/rx_broadcast" print("\nSending Broadcast to: " + ip) send = Thread(target=http_funcs.sendJsonRequest, args=[broadcast_url, payload, headers]) send.start() return 0
def loginReport(): publicKey = cherrypy.session['public_key'] #Turn our public key into a hex eoncoded string pubkey_hex = publicKey.encode(encoder=nacl.encoding.HexEncoder) pubkey_hex_str = pubkey_hex.decode('utf-8') #create HTTP BASIC authorization header headers = http_funcs.getAuthenticationHeader(cherrypy.session['username'], cherrypy.session['api_key']) data = loginserver_api.report(SERVER_LOCATION, SERVER_IP, pubkey_hex_str, "online", headers) if (data["response"] == "ok"): print("\nSuccess reporting !!!\n") data = loginserver_api.get_loginserver_record(headers) cherrypy.session['loginserver_record'] = data['loginserver_record'] return 0 else: print("Failure") return 1