def get_ukey_signature_key():
"""
Get a signing key for cookies.
"""
udb = sqlite.KV("udb")
sk_b64 = udb.get("ukey_signature_key")
uksm = udb.get("ukey_signature_month")
now = datetime.datetime.now().date()
this_month = now.strftime("%Y-%m-01")
if uksm != this_month:
sk_b64 = None # Generate a new key.
udb.put("ukey_signature_month", this_month)
if sk_b64 is None or sk_b64 == "":
# New ukey_signature_key:
sk = ecdsa.SigningKey.generate(ecdsa.SECP256k1)
sk_b64 = base64.b64encode(sk.to_string()).decode()
udb.put("ukey_signature_key", sk_b64)
else:
# Reconstruct ukey_signature from base64 encoding:
sk_str = base64.b64decode(sk_b64)
sk = ecdsa.SigningKey.from_string(sk_str, curve=ecdsa.SECP256k1)
return sk
def pot():
if not auth.is_verified():
return auth.unverified_redirect()
content = {}
uid = request.cookies.get("uid")
uid_hash = auth.hash_uid(uid)
udb = sqlite.KV("udb")
pot_gold = udb.get(f"pot_gold_{uid_hash}")
pot_gold = auth.lt_decrypt(pot_gold)
if pot_gold is None or pot_gold == "":
pot_gold = []
else:
pot_gold = json.loads(pot_gold)
content["pot_gold"] = pot_gold
pot_bitcoin = udb.get(f"pot_bitcoin_{uid_hash}")
pot_bitcoin = auth.lt_decrypt(pot_bitcoin)
if pot_bitcoin is None or pot_bitcoin == "":
pot_bitcoin = []
else:
pot_bitcoin = json.loads(pot_bitcoin)
content["pot_bitcoin"] = pot_bitcoin
return make_response(render_template("pot.html", **content))
def post_settings():
if ("uid" not in request.cookies) or ("ukey_token" not in request.cookies):
return make_response(redirect("/login", code=302))
uid = request.cookies.get("uid")
uid_hash = auth.hash_uid(uid)
ukey_token = request.cookies.get("ukey_token")
if not auth.verify_ukey_token(uid, ukey_token):
return make_response(redirect("/login", code=302))
email = request.form.get("email")
benemail_date = request.form.get("benemail_date")
benemails = request.form.get("benemails")
benemail_delay = request.form.get("benemail_delay")
note = request.form.get("note")
settings = {
"email": email,
"benemail_date": benemail_date,
"benemails": benemails,
"benemail_delay": benemail_delay,
"note": note,
}
settings_json = json.dumps(settings)
sdat = auth.lt_encrypt(settings_json)
udb = sqlite.KV("udb")
key = f"usettings_{uid_hash}"
udb.put(key, sdat)
resp = make_response(redirect("/settings", code=302))
return resp
def gen_ukey_token(uid, ukey):
"""
Generate a token based on uid after ukey is checked.
"""
random_sleep()
verify_ukey_chksum(uid, ukey)
uid_hash = hash_uid(uid)
ukey_hash = hash_ukey(ukey)
udb_ukey_hash = sqlite.KV("udb").get(f"ukey_hash_{uid_hash}")
if udb_ukey_hash is None:
verify_ukey_pow(uid, ukey)
sqlite.KV("udb").put(f"ukey_hash_{uid_hash}", ukey_hash)
else:
assert udb_ukey_hash == ukey_hash
sk = get_ukey_signature_key()
ukey_token = sk.sign(uid_hash.encode())
ukey_token_b64 = base64.b64encode(ukey_token).decode()
return ukey_token_b64
def test_hammer(self):
N = 30
try:
started = time.time()
for idx in range(N):
sqlite.KV("test").put(f"key{idx}", idx)
test_result = True
for idx in range(N):
val = sqlite.KV("test").get(f"key{idx}")
test_result = test_result and (val == idx)
if not test_result:
print(idx, val)
elapsed = time.time() - started
if elapsed >= 8:
print("8 second timeout on test sqlite. ;?")
assert False
except Exception as ex:
print(ex)
raise ex
def get_lt_encryption_key():
"""
Get an encryption key for long term storage.
"""
udb = sqlite.KV("udb")
ltek = udb.get("lt_encryption_key")
if ltek is None or ltek == "":
ltek = secrets.token_hex(32)
udb.put("lt_encryption_key", ltek)
return hash_ekey(ltek)
def new_gold():
if not auth.is_verified():
return auth.unverified_redirect()
uid = request.cookies.get("uid")
uid_hash = auth.hash_uid(uid)
datebin = request.args.get("datebin")
grams = request.args.get("grams")
source = request.args.get("source")
latitude = request.args.get("latitude")
longitude = request.args.get("longitude")
cost_usd = request.args.get("cost_usd")
local_key = request.args.get("local_key")
note = request.args.get("note")
udb = sqlite.KV("udb")
key = f"pot_gold_{uid_hash}"
pot_json = udb.get(key)
if pot_json in {None, ""}:
gold_pot = []
else:
pot_json = auth.lt_decrypt(pot_json)
gold_pot = json.loads(pot_json)
gold_pot += [{
"datebin": datebin,
"grams": grams,
"source": source,
"latitude": latitude,
"longitude": longitude,
"cost_usd": cost_usd,
"local_key": local_key,
"note": note,
}]
gold_pot = sort_pot(gold_pot)
pot_json = json.dumps(gold_pot)
pot_json = auth.lt_encrypt(pot_json)
udb.put(key, pot_json)
resp = make_response(redirect("/pot", code=302))
return resp
def new_bitcoin():
if not auth.is_verified():
return auth.unverified_redirect()
uid = request.cookies.get("uid")
uid_hash = auth.hash_uid(uid)
datebin = request.args.get("datebin")
sats = request.args.get("sats")
source = request.args.get("source")
pub_key = request.args.get("pub_key")
priv_key = request.args.get("priv_key")
cost_usd = request.args.get("cost_usd")
local_key = request.args.get("local_key")
note = request.args.get("note")
udb = sqlite.KV("udb")
key = f"pot_bitcoin_{uid_hash}"
pot_json = udb.get(key)
if pot_json in {None, ""}:
bitcoin_pot = []
else:
pot_json = auth.lt_decrypt(pot_json)
bitcoin_pot = json.loads(pot_json)
bitcoin_pot += [{
"datebin": datebin,
"sats": sats,
"source": source,
"pub_key": pub_key,
"priv_key": priv_key,
"cost_usd": cost_usd,
"local_key": local_key,
"note": note,
}]
pot_json = json.dumps(bitcoin_pot)
pot_json = auth.lt_encrypt(pot_json)
udb.put(key, pot_json)
resp = make_response(redirect("/pot", code=302))
return resp
def get_settings():
content = {}
if ("uid" not in request.cookies) or ("ukey_token" not in request.cookies):
return make_response(redirect("/login", code=302))
uid = request.cookies.get("uid")
uid_hash = auth.hash_uid(uid)
ukey_token = request.cookies.get("ukey_token")
if not auth.verify_ukey_token(uid, ukey_token):
return make_response(redirect("/login", code=302))
udb = sqlite.KV("udb")
settings = udb.get(f"usettings_{uid_hash}")
settings = auth.lt_decrypt(settings)
if settings is None or settings == "":
settings = {}
else:
settings = json.loads(settings)
content["settings"] = settings
return make_response(render_template("settings.html", **content))