def get_row_by_license_key(license_key: str) -> tuple:
user_row = []
# if not exist:
# make file "KIGK3122.sql"
# conn = sqlite3.connect("KIGK3122.sql")
conn = sqlite3.connect(cfg.g_user_db_path)
cursor = conn.cursor()
try:
row = cfg.g_db_full_row
column_name = cfg.g_db_license_key
table_name = cfg.g_db_table_name
request = "SELECT %s FROM %s WHERE %s = '%s'" % (
row, table_name, column_name, license_key)
cursor.execute(request)
user_row = cursor.fetchone()
logger.debug(user_row)
except sqlite3.DatabaseError as err:
logger.error(license_key)
logger.error(err)
time.sleep(cfg.g_error_sleep_sec)
conn.close()
if user_row == None:
user_row = []
return user_row
def do_GET(self):
logger.debug("GET - %s : %r", self.client_address[0], self.path)
try:
request_target, request_identifier, request_params = loadUrl(
self.path
)
if request_target in Domain.query_handler:
func = Domain.query_handler[request_target]
response_data = func(
data=None,
identifier=request_identifier,
param=request_params,
)
self.responseJson(code=200, data=response_data)
else:
logger.debug(
f"{request_target} not in {Domain.query_handler.keys()}"
)
raise Exception("Not found!")
except Exception as e:
self.session.rollback()
logger.exception(e)
self.responseJson(
code=500,
data={
"status": 500,
"message": str(e),
"data": getattr(e, "data", {}),
},
)
def processingRequest(data_bytes: str, ip="127.0.0.1") -> bytes:
response = cfg.g_empty_response
for attempts in range(cfg.g_max_attempts):
try:
"""
Receive the encrypted data
"""
data = data_bytes.decode('ascii')
if data[-1] != cfg.separateSymbol:
data = decrypt_data(data)
logger.info(data)
data = data.lower()
data_list = data.split(cfg.separateSymbol)
# check for hacker
if len(data_list) < 3:
logger.warning([data_bytes, ip])
logger.warning(cfg.g_user_state_hacker)
remember_hacker()
break
# Empty license key
if not len(data_list[1]):
return cfg.g_byte_empty_response
request = data_list[0]
license_key = data_list[1]
hwid = data_list[2]
version = data_list[3]
if check_version(version):
response = get_response_by_user_data(request, license_key, hwid, ip)
else:
logger.warning([data_bytes, ip])
logger.warning(cfg.g_user_state_outdated_version)
response = cfg.g_user_state_outdated_version
except Exception as e:
args = e.args
data = data_bytes.decode('ascii')
user_metadata = data + cfg.separateSymbol + ip
logger.error(user_metadata)
logger.error(args)
time.sleep(cfg.g_error_sleep_sec)
else:
break
# debug
#response = "Update your application!"
# debug
"""
Send the encrypted data
"""
logger.debug("RESPONSE: " + response)
response = encrypt_data(response)
return bytes(response, encoding = 'ascii')
def loadUrl(path) -> (str, int, dict):
request = urlparse.urlparse(path)
request_paths = request.path.split("/")
request_target = request_paths[1]
request_identifier = (
int(request_paths[2]) if len(request_paths) > 2 else -1
)
request_params = parse_qs(unquote(request.query))
logger.debug("param %r", request_params)
return request_target, request_identifier, request_params
def handle_read(self):
for attempt in range(cfg.g_max_attempts):
try:
data = self.recv(cfg.g_count_of_received_symbols)
if len(data) > 1:
logger.debug(data)
response = request_handler.processingRequest(data)
self.send(response + b'\0')
except Exception as err:
logger.error(err)
time.sleep(cfg.g_error_sleep_sec)
else:
break
def do_POST(self):
logger.debug("POST - %s : %r", self.client_address[0], self.path)
try:
request_target, request_identifier, request_params = loadUrl(
self.path
)
if request_target in Domain.command_handler:
request_data = loadData(self)
logger.debug("/COMMAND/ param %s", request_data)
func = Domain.command_handler[request_target]
response_data = func(
data=request_data,
identifier=request_identifier,
param=request_params,
)
self.responseJson(code=200, data=response_data)
else:
logger.debug(
f"{request_target} not in {Domain.command_handler.keys()}"
)
raise Exception("Not found!")
self.session.commit()
except Exception as e:
logger.exception(e)
self.responseJson(
code=500,
data={
"status": 500,
"message": str(e),
"data": getattr(e, "data", {}),
},
)
def handle_accept(self):
pair = self.accept()
if pair is not None:
sock, addr = pair
logger.debug('conn ' + str(addr))
handler = EchoHandler(sock)
def get_user_state(request: str, license_key: str, hwid: str, ip: str) -> str:
# THE MAIN CHECK FOR THE SQL INJECTION
# Check for hacking the input data
if not (check_for_resolved_symbol(
license_key, cfg.g_resolved_symbols_for_key,
cfg.g_max_license_key_len) and check_for_resolved_symbol(
hwid, cfg.g_resolved_symbols_for_hwid,
cfg.g_max_license_hwid_len)):
logger.critical("SQL_INJECTION")
return cfg.g_user_state_hacker
# Parsing the SQL row
user_row = get_row_by_license_key(license_key)
if len(user_row) == 0:
logger.critical("g_user_state_wrong_license_key")
return cfg.g_user_state_wrong_license_key
# Check for the coder mistake
if len(user_row) < cfg.db_rows.ROWS_COUNT:
logger.critical("INVALID ROW COUNT")
return cfg.g_user_state_undefined
id_db = int(user_row[int(cfg.db_rows.ID)])
hwid_db = str(user_row[cfg.db_rows.HWID])
validity_days_db = int(user_row[cfg.db_rows.VALIDITY_DAYS])
expiration_date = user_row[cfg.db_rows.EXPIRATION_DATE]
subscribe_type = user_row[cfg.db_rows.SUBSCRIBE_TYPE]
current_date = datetime.datetime.now()
logger.debug(user_row)
# Check hwid
if hwid_db == 'None':
# Add hwid user to db
expiration_date = current_date + datetime.timedelta(
days=validity_days_db)
activate_user_by_id(id_db, hwid, expiration_date)
expiration_date = str(expiration_date)
logger.warning("ADD_NEW_USER")
# Continue to check the parameters
elif hwid != hwid_db:
logger.critical("g_user_state_other_pc")
return cfg.g_user_state_other_pc
# HWID in db
# Check the expiration date
expiration_date_obj = datetime.datetime.strptime(expiration_date,
'%Y-%m-%d %H:%M:%S.%f')
if current_date > expiration_date_obj:
logger.critical("g_user_state_outdated_license_key")
return cfg.g_user_state_outdated_license_key
# Check for available subscribe_type existing
if subscribe_type != None:
current_type = cfg.subcribe_types.get(subscribe_type)
if current_type == None:
logger.critical("Subscribe type DOESN'T exist")
return cfg.g_state_coder_error
# Check the subscribe_type
if current_type.get(request) != None:
return cfg.g_user_state_ok
else:
logger.critical("g_user_state_other_subscribe_type")
return cfg.g_user_state_other_subscribe_type
return cfg.g_user_state_ok
def wrapRegisterQuery(func):
logger.debug("/QUERY/ %r", query_name)
cls.query_handler[query_name] = func
def wrapRegisterCommand(func):
logger.debug("/COMMAND/ %r", command_name)
Domain.command_handler[command_name] = func
