def get_row_by_license_key(license_key: str) -> tuple: user_row = [] # if not exist: # make file "KIGK3122.sql" # conn = sqlite3.connect("KIGK3122.sql") conn = sqlite3.connect(cfg.g_user_db_path) cursor = conn.cursor() try: row = cfg.g_db_full_row column_name = cfg.g_db_license_key table_name = cfg.g_db_table_name request = "SELECT %s FROM %s WHERE %s = '%s'" % ( row, table_name, column_name, license_key) cursor.execute(request) user_row = cursor.fetchone() logger.debug(user_row) except sqlite3.DatabaseError as err: logger.error(license_key) logger.error(err) time.sleep(cfg.g_error_sleep_sec) conn.close() if user_row == None: user_row = [] return user_row
def do_GET(self): logger.debug("GET - %s : %r", self.client_address[0], self.path) try: request_target, request_identifier, request_params = loadUrl( self.path ) if request_target in Domain.query_handler: func = Domain.query_handler[request_target] response_data = func( data=None, identifier=request_identifier, param=request_params, ) self.responseJson(code=200, data=response_data) else: logger.debug( f"{request_target} not in {Domain.query_handler.keys()}" ) raise Exception("Not found!") except Exception as e: self.session.rollback() logger.exception(e) self.responseJson( code=500, data={ "status": 500, "message": str(e), "data": getattr(e, "data", {}), }, )
def processingRequest(data_bytes: str, ip="127.0.0.1") -> bytes: response = cfg.g_empty_response for attempts in range(cfg.g_max_attempts): try: """ Receive the encrypted data """ data = data_bytes.decode('ascii') if data[-1] != cfg.separateSymbol: data = decrypt_data(data) logger.info(data) data = data.lower() data_list = data.split(cfg.separateSymbol) # check for hacker if len(data_list) < 3: logger.warning([data_bytes, ip]) logger.warning(cfg.g_user_state_hacker) remember_hacker() break # Empty license key if not len(data_list[1]): return cfg.g_byte_empty_response request = data_list[0] license_key = data_list[1] hwid = data_list[2] version = data_list[3] if check_version(version): response = get_response_by_user_data(request, license_key, hwid, ip) else: logger.warning([data_bytes, ip]) logger.warning(cfg.g_user_state_outdated_version) response = cfg.g_user_state_outdated_version except Exception as e: args = e.args data = data_bytes.decode('ascii') user_metadata = data + cfg.separateSymbol + ip logger.error(user_metadata) logger.error(args) time.sleep(cfg.g_error_sleep_sec) else: break # debug #response = "Update your application!" # debug """ Send the encrypted data """ logger.debug("RESPONSE: " + response) response = encrypt_data(response) return bytes(response, encoding = 'ascii')
def loadUrl(path) -> (str, int, dict): request = urlparse.urlparse(path) request_paths = request.path.split("/") request_target = request_paths[1] request_identifier = ( int(request_paths[2]) if len(request_paths) > 2 else -1 ) request_params = parse_qs(unquote(request.query)) logger.debug("param %r", request_params) return request_target, request_identifier, request_params
def handle_read(self): for attempt in range(cfg.g_max_attempts): try: data = self.recv(cfg.g_count_of_received_symbols) if len(data) > 1: logger.debug(data) response = request_handler.processingRequest(data) self.send(response + b'\0') except Exception as err: logger.error(err) time.sleep(cfg.g_error_sleep_sec) else: break
def do_POST(self): logger.debug("POST - %s : %r", self.client_address[0], self.path) try: request_target, request_identifier, request_params = loadUrl( self.path ) if request_target in Domain.command_handler: request_data = loadData(self) logger.debug("/COMMAND/ param %s", request_data) func = Domain.command_handler[request_target] response_data = func( data=request_data, identifier=request_identifier, param=request_params, ) self.responseJson(code=200, data=response_data) else: logger.debug( f"{request_target} not in {Domain.command_handler.keys()}" ) raise Exception("Not found!") self.session.commit() except Exception as e: logger.exception(e) self.responseJson( code=500, data={ "status": 500, "message": str(e), "data": getattr(e, "data", {}), }, )
def handle_accept(self): pair = self.accept() if pair is not None: sock, addr = pair logger.debug('conn ' + str(addr)) handler = EchoHandler(sock)
def get_user_state(request: str, license_key: str, hwid: str, ip: str) -> str: # THE MAIN CHECK FOR THE SQL INJECTION # Check for hacking the input data if not (check_for_resolved_symbol( license_key, cfg.g_resolved_symbols_for_key, cfg.g_max_license_key_len) and check_for_resolved_symbol( hwid, cfg.g_resolved_symbols_for_hwid, cfg.g_max_license_hwid_len)): logger.critical("SQL_INJECTION") return cfg.g_user_state_hacker # Parsing the SQL row user_row = get_row_by_license_key(license_key) if len(user_row) == 0: logger.critical("g_user_state_wrong_license_key") return cfg.g_user_state_wrong_license_key # Check for the coder mistake if len(user_row) < cfg.db_rows.ROWS_COUNT: logger.critical("INVALID ROW COUNT") return cfg.g_user_state_undefined id_db = int(user_row[int(cfg.db_rows.ID)]) hwid_db = str(user_row[cfg.db_rows.HWID]) validity_days_db = int(user_row[cfg.db_rows.VALIDITY_DAYS]) expiration_date = user_row[cfg.db_rows.EXPIRATION_DATE] subscribe_type = user_row[cfg.db_rows.SUBSCRIBE_TYPE] current_date = datetime.datetime.now() logger.debug(user_row) # Check hwid if hwid_db == 'None': # Add hwid user to db expiration_date = current_date + datetime.timedelta( days=validity_days_db) activate_user_by_id(id_db, hwid, expiration_date) expiration_date = str(expiration_date) logger.warning("ADD_NEW_USER") # Continue to check the parameters elif hwid != hwid_db: logger.critical("g_user_state_other_pc") return cfg.g_user_state_other_pc # HWID in db # Check the expiration date expiration_date_obj = datetime.datetime.strptime(expiration_date, '%Y-%m-%d %H:%M:%S.%f') if current_date > expiration_date_obj: logger.critical("g_user_state_outdated_license_key") return cfg.g_user_state_outdated_license_key # Check for available subscribe_type existing if subscribe_type != None: current_type = cfg.subcribe_types.get(subscribe_type) if current_type == None: logger.critical("Subscribe type DOESN'T exist") return cfg.g_state_coder_error # Check the subscribe_type if current_type.get(request) != None: return cfg.g_user_state_ok else: logger.critical("g_user_state_other_subscribe_type") return cfg.g_user_state_other_subscribe_type return cfg.g_user_state_ok
def wrapRegisterQuery(func): logger.debug("/QUERY/ %r", query_name) cls.query_handler[query_name] = func
def wrapRegisterCommand(func): logger.debug("/COMMAND/ %r", command_name) Domain.command_handler[command_name] = func