def create(self, request, pk=None):
if 'name' not in request.session or not request.session[
'authenticated']:
return Response({
'success': False,
}, status=401)
if 'display_name' not in request.data:
return Response({
'message': 'Nie podano nazwy.',
'success': False
},
status=400)
admin = Profile.objects.get(name=request.session['name'])
if 'image' in request.data:
room = Room(admin=admin,
display_name=request.data['display_name'],
image=request.data['image'],
name=base58.random(8))
else:
room = Room(admin=admin,
display_name=request.data['display_name'],
name=base58.random(8))
room.save()
room.participants.set([admin])
data = RoomSerializer(room).data
channel_layer = get_channel_layer()
async_to_sync(channel_layer.group_send)(
f'user-{request.session["name"]}', {
"type": "subscribe.room",
"data": data,
})
return Response({
'success': True,
'room': {
'id': room.id,
'name': room.name
}
})
def create(self, request, pk=None):
# TODO:zmienione id na name
if 'name' not in request.data or request.data['name'] == '':
return Response(
{
'message': 'Uzytkownik nie zostal odnaleziony.',
'success': False
},
status=401)
query = Profile.objects.filter(name=request.data['id'])
#new
if not query.exists():
return Response(
{
'success': False,
'message': 'Uzytkownik nie istnieje.'
},
status=400)
profile = query.get()
for ban in Ban.objects.all():
if ban.is_banned(profile):
return Response(
{
'message': 'Uzytkownik zostal zbanowany',
'success': False
},
status=403)
public_key = RSA.import_key(profile.public_key)
cipher_rsa = PKCS1_OAEP.new(public_key)
session_key = get_random_bytes(32)
auth_key = base58.random(32)
cache.set(profile.name + '|auth_key', auth_key, 60 * 15)
profile.session_key = session_key
# TODO: zaszyfrowany auth_key uzywajac klucza sesji.
auth_key = cipher_rsa.encrypt(session_key)
return Response({
'sessionKey': cipher_rsa.encrypt(session_key),
'authKey': cipher_rsa.encrypt(auth_key),
'success': True,
})
def create(self, request, pk=None):
if 'invite' not in request.data or 'public_key' not in request.data or request.data[
'invite'] == '' or request.data[
'public_key'] == '' or 'hcaptcha' not in request.data or request.data[
'hcaptcha'] == '':
return Response(
{
'success':
False,
'message':
'Pola `hcaptcha`, `public_key` oraz `invite` sa wymagane.'
},
status=400)
if HCAPTCHA_SECRET != "":
request = Request(
'https://hcaptcha.com/siteverify',
urlencode({
'secret': HCAPTCHA_SECRET,
'response': request.data['hcaptcha']
}).encode())
hcaptcha_data = json.loads(urlopen(request).read().decode())
if hcaptcha_data['success'] is False:
return Response(
{
'success': False,
'message': 'Niepoprawna captcha.'
},
status=400)
query = Invite.objects.filter(invite=request.data['invite'])
if not query.exists():
return Response(
{
'success': False,
'message': 'Zaproszenie nie istnieje.'
},
status=400)
invite = query.get()
if Ban.objects.filter(invite=invite).exists():
return Response(
{
'success': False,
'message': 'Zaproszenie jest zablokowane.'
},
status=400)
for profile in Profile.objects.all():
if profile.public_key == request.data['public_key']:
return Response(
{
'success': False,
'message': 'Taki użytkownik już istnieje.'
},
status=403)
name = base58.random(8)
profile = Profile(
invite=invite,
public_key=request.data['public_key'],
name=name,
)
profile.save()
return Response({
'name': name,
'success': True,
})
def get(self, request, pk=None):
id = {
'id': base58.random(8),
}
return Response(id)
def create(self, request, pk=None):
if 'name' not in request.data or request.data['name'] == '':
return Response(
{
'message': 'Uzytkownik nie zostal odnaleziony.',
'success': False
},
status=401)
query = Profile.objects.filter(name=request.data['name'])
if not query.exists():
return Response(
{
'success': False,
'message': 'Uzytkownik nie istnieje.'
},
status=400)
profile = query.get()
for ban in Ban.objects.all():
if ban.is_banned(profile):
return Response(
{
'message': 'Uzytkownik zostal zbanowany',
'success': False
},
status=403)
public_key = RSA.import_key(
f"-----BEGIN PUBLIC KEY-----\n{profile.public_key}\n-----END PUBLIC KEY-----"
)
cipher_rsa = PKCS1_OAEP.new(public_key, SHA512)
session_key = get_random_bytes(32)
enc_session_key = cipher_rsa.encrypt(session_key)
profile.session_key = enc_session_key
auth_key = base58.random(32)
request.session['auth_key'] = auth_key
cipher_aes = AES.new(session_key, AES.MODE_CBC)
ct_auth_key = cipher_aes.encrypt(
pad(auth_key.encode("utf-8"), AES.block_size))
enc_iv = cipher_rsa.encrypt(cipher_aes.iv)
request.session['sessionKey'] = base64.b64encode(session_key).decode(
'utf-8')
request.session['sessionIv'] = base64.b64encode(
cipher_aes.iv).decode('utf-8')
verify_key = get_random_bytes(32)
cipher_verify = AES.new(session_key, AES.MODE_CBC)
request.session['verifyKey'] = base64.b64encode(verify_key).decode(
'utf-8')
request.session['verifyIv'] = base64.b64encode(
cipher_verify.iv).decode('utf-8')
enc_verify_key = cipher_rsa.encrypt(verify_key)
enc_verify_iv = cipher_rsa.encrypt(cipher_verify.iv)
request.session['name'] = request.data['name']
request.session['authenticated'] = False
return Response({
'sessionKey': base64.b64encode(enc_session_key),
'authKey': base64.b64encode(ct_auth_key),
'iv': base64.b64encode(enc_iv),
'verifyKey': base64.b64encode(enc_verify_key),
'verifyIv': base64.b64encode(enc_verify_iv),
'success': True,
})