def addnewPubKey(publicKey, privateKey):
username = cherrypy.session['username']
pubkey_hex = publicKey.encode(encoder=nacl.encoding.HexEncoder)
pubkey_hex_str = pubkey_hex.decode('utf-8')
private_key_hex_str = privateKey.encode(
encoder=nacl.encoding.HexEncoder).decode('utf-8')
message_bytes = bytes(pubkey_hex_str + username, encoding='utf-8')
signed = privateKey.sign(message_bytes, encoder=nacl.encoding.HexEncoder)
signature_hex_str = signed.signature.decode('utf-8')
header = http_funcs.getAuthenticationHeader(username,
cherrypy.session['api_key'])
data = loginserver_api.add_pubkey(pubkey_hex_str, username,
signature_hex_str, header)
try:
cherrypy.session['private_key'] = privateKey
cherrypy.session['public_key'] = publicKey
print("ADD PUBKEY SUCESS")
return 0
except Exception as e:
print(e)
print("ADD PUBKEY FAIL")
return 1
def getUserList():
url = "http://cs302.kiwi.land/api/list_users"
headers = http_funcs.getAuthenticationHeader(cherrypy.session['username'],
cherrypy.session['api_key'])
data = loginserver_api.list_users(headers)
return data['users']
def send_private_message(username, message):
#Sends a private message to a user of given username
try:
userinfo = sql_funcs.getUserFromUserList(username)[0]
except:
print("user not found")
return
#Grab pubkey of reciever
signing_key = cherrypy.session['private_key']
receiving_pubkey = nacl.signing.VerifyKey(userinfo[3],
encoder=nacl.encoding.HexEncoder)
receiving_pubkey = receiving_pubkey.to_curve25519_public_key()
box = nacl.public.SealedBox(receiving_pubkey)
encrypted = box.encrypt(bytes(message, 'utf-8'),
encoder=nacl.encoding.HexEncoder)
enc_message = encrypted.decode('utf-8')
loginserver_record = cherrypy.session['loginserver_record']
address = userinfo[1]
url = ''
if (address == SERVER_IP):
url = "http://localhost:10000/api/rx_privatemessage"
else:
url = "http://" + address + "/api/rx_privatemessage"
target_pubkey = userinfo[3]
timestamp = str(time.time())
sig_msg = loginserver_record + target_pubkey + username + enc_message + timestamp
sig_bytes = bytes(sig_msg, encoding='utf-8')
sig_hex = signing_key.sign(sig_bytes, encoder=nacl.encoding.HexEncoder)
signature_hex_str = sig_hex.signature.decode('utf-8')
payload = {
"loginserver_record": loginserver_record,
"target_pubkey": target_pubkey,
"target_username": username,
"encrypted_message": enc_message,
"sender_created_at": timestamp,
"signature": signature_hex_str
}
header = http_funcs.getAuthenticationHeader(cherrypy.session['username'],
cherrypy.session['api_key'])
data = http_funcs.sendJsonRequest(url, payload=payload, header=header)
#Send to my own server in case offline
send_away = Thread(
target=http_funcs.sendJsonRequest,
args=["http://localhost:10000/api/rx_privatemessage", payload, header])
send_away.start()
sql_funcs.addLocalPrivateMessage(cherrypy.session['username'], username,
message, timestamp)
print("Message SENT")
print(data)
return 1
def updateStatus():
onlineUsers = sql_funcs.get_all_client_users()
for user in onlineUsers:
publicKey = user[2]
api_key = user[1]
username = user[0]
status = user[4]
#create HTTP BASIC authorization header
headers = http_funcs.getAuthenticationHeader(username, api_key)
data = loginserver_api.report(LOCATION, str(IP), publicKey, status, headers)
if(data == 1):
sql_funcs.remove_client_user(username)
def setstatus(self, status=None):
if (cherrypy.session.get('username') == None):
raise cherrypy.HTTPRedirect('/login')
statuses = ['online', 'away', 'busy', 'offline']
if (status in statuses):
publicKey = cherrypy.session['public_key']
pubkey_hex = publicKey.encode(encoder=nacl.encoding.HexEncoder)
pubkey_hex_str = pubkey_hex.decode('utf-8')
headers = http_funcs.getAuthenticationHeader(
cherrypy.session['username'], cherrypy.session['api_key'])
sql_funcs.updateStatusforUser(cherrypy.session['username'], status)
raise cherrypy.HTTPRedirect('/account')
def updateUserList():
#Can only do if atleast one user is online
online_users = sql_funcs.get_all_client_users()
if(online_users):
#grab the first user, use credentials to update user list in background
user = online_users[0]
api_key = user[1]
username = user[0]
try:
headers = http_funcs.getAuthenticationHeader(username, api_key)
data = loginserver_api.list_users(headers)
userList = data['users']
sql_funcs.updateUserList(userList)
print("updated user list!")
except Exception as e:
print("userlist update failed")
print(e)
def send_broadcast(message):
privateKey = cherrypy.session['private_key']
timestamp = time.time()
message_bytes = bytes(str(cherrypy.session['loginserver_record']) +
str(message) + str(timestamp),
encoding='utf-8')
signed = privateKey.sign(message_bytes, encoder=nacl.encoding.HexEncoder)
signature_hex_str = signed.signature.decode('utf-8')
#create HTTP BASIC authorization header
headers = http_funcs.getAuthenticationHeader(cherrypy.session['username'],
cherrypy.session['api_key'])
payload = {
"loginserver_record": cherrypy.session['loginserver_record'],
"message": str(message),
"sender_created_at": str(timestamp),
"signature": signature_hex_str
}
#Send to own server so we can reload the page
broadcast_url = "http://" + LOCAL_IP + "/api/rx_broadcast"
http_funcs.sendJsonRequest(broadcast_url, payload, headers)
userList = sql_funcs.getUserList()
#SEnd the broadcast to everybody in the user list
ips = [user[1] for user in userList]
ips = set(ips)
print(ips)
for ip in ips:
if (ip != SERVER_IP):
broadcast_url = "http://" + ip + "/api/rx_broadcast"
print("\nSending Broadcast to: " + ip)
send = Thread(target=http_funcs.sendJsonRequest,
args=[broadcast_url, payload, headers])
send.start()
return 0
def loginReport():
publicKey = cherrypy.session['public_key']
#Turn our public key into a hex eoncoded string
pubkey_hex = publicKey.encode(encoder=nacl.encoding.HexEncoder)
pubkey_hex_str = pubkey_hex.decode('utf-8')
#create HTTP BASIC authorization header
headers = http_funcs.getAuthenticationHeader(cherrypy.session['username'],
cherrypy.session['api_key'])
data = loginserver_api.report(SERVER_LOCATION, SERVER_IP, pubkey_hex_str,
"online", headers)
if (data["response"] == "ok"):
print("\nSuccess reporting !!!\n")
data = loginserver_api.get_loginserver_record(headers)
cherrypy.session['loginserver_record'] = data['loginserver_record']
return 0
else:
print("Failure")
return 1