def ask_to_add(request): """Ask to add a node. Just have to provide the node uri. Note: this is very insecure and subject to spamming, thus this should only be considered a temporary solution.""" print request print request.post uri = request.get_post('uri') print uri uri = hashless(uri) # XXX: BAD API DESIGN!! node = None try: node = Node.objects.get(uri=uri) return HttpResponse('ALREADY EXISTS') # TODO BAD except Node.DoesNotExist: pass node = Node(uri=uri) node.datetime_added = datetime.today() node.is_yet_to_resolve = True node.save() tasks.do_add_node_lookup.delay(uri) return HttpResponse('ACK')
def give_key(request): """ Another node is telling us that they are granting us the ability to make privledged transactions with them. They are giving us a key we must store. (The key must be verified.) """ # TODO: THIS IS TERRIBLE! p = request.POST uri = hashless(p['uri']) key_theirs = p['key'] if 'key' in p else None # Lookup or create node. # TODO: For now assume it exists. Must deal with spam/fraud later. node = None try: node = Node.objects.get(uri=uri) except Node.DoesNotExist: node = Node(uri=uri) node.datetime_added = datetime.today() node.is_yet_to_resolve = True #node.save() # Maybe they want to change their key if node.key_theirs and node.key_theirs_confirmed: node.new_key_theirs = key_theirs node.save() # TODO: Schedule a job to confirm the key return node.key_theirs = key_theirs node.key_theirs_confirmed = False node.new_key_theirs = '' node.save()
def old_add_DEPRECATED(request): """... giving us a key to The other node is asking that we mutually form a connection. This usually means that both endpoints will add each other. 1. NodeA (add)--> NodeB 2. NodeA <---(add) NodeB (Note: this could be maliciously taken advantage of.) FIXME. POSTDATA: * node = uri * key_ours = ... * key_yours = ... """ if not request.method != 'POST': raise Exception, "Not a post..." # TODO: THIS IS TERRIBLE! p = request.POST uri = hashless(p['uri']) key_ours = p['key_theirs'] if 'key_theirs' in p else None key_theirs = p['key_yours'] if 'key_yours' in p else None # Lookup or create node. # TODO: For now assume it exists. Deal with spam later. node = None try: node = Node.objects.get(uri=uri) except Node.DoesNotExist: node = Node(uri=uri) node.datetime_added = datetime.today() node.is_yet_to_resolve = True node.save() #tasks.do_add_node_lookup.delay(form.cleaned_data['uri']) state = node.doorbell_status if state not in ['0', '1', '2', '3']: raise Exception, "Invalid state." # They're asking to add us first if state == '0': node.key_theirs = key_theirs node.generate_key() node.doorbell_status = '2' node.save() return HttpResponse('ACK') # TODO: Acknowledge # They're responding back to our request to add them. if state == '1': if node.key_ours != key_ours: raise Exception, "Key does not match." node.key_theirs = key_theirs node.doorbell_status = 3 node.is_yet_to_resolve = False node.save() return HttpResponse('ACK') # TODO: Acknowledge # Both keys have been generated, but perhaps they're asking to # change them. # TODO pass
def ask_key(request): """ Another node is asking us for a key so they can make priveledged transactions with us. They'll have to verify this with us. """ # TODO: THIS IS TERRIBLE! p = request.POST uri = hashless(p['uri']) #key_theirs = p['key'] if 'key' in p else None # Lookup or create node. # TODO: For now assume it exists. Must deal with spam/fraud later. node = None try: node = Node.objects.get(uri=uri) except Node.DoesNotExist: node = Node(uri=uri) node.datetime_added = datetime.today() node.is_yet_to_resolve = True #node.save() # XXX: We cannot give them the key in this transaction as anyone could # be making it. We'll have to request the node over HTTP. key = Node.generate_key() # Maybe they want a new key if node.key_ours and node.key_ours_confirmed: node.new_key_ours = key node.save() # TODO: Schedule a job to confirm the key return node.key_ours = key node.key_ours_confirmed = False node.new_key_ours = '' node.save()