def create(self, request, pk=None): if 'name' not in request.session or not request.session[ 'authenticated']: return Response({ 'success': False, }, status=401) if 'display_name' not in request.data: return Response({ 'message': 'Nie podano nazwy.', 'success': False }, status=400) admin = Profile.objects.get(name=request.session['name']) if 'image' in request.data: room = Room(admin=admin, display_name=request.data['display_name'], image=request.data['image'], name=base58.random(8)) else: room = Room(admin=admin, display_name=request.data['display_name'], name=base58.random(8)) room.save() room.participants.set([admin]) data = RoomSerializer(room).data channel_layer = get_channel_layer() async_to_sync(channel_layer.group_send)( f'user-{request.session["name"]}', { "type": "subscribe.room", "data": data, }) return Response({ 'success': True, 'room': { 'id': room.id, 'name': room.name } })
def create(self, request, pk=None): # TODO:zmienione id na name if 'name' not in request.data or request.data['name'] == '': return Response( { 'message': 'Uzytkownik nie zostal odnaleziony.', 'success': False }, status=401) query = Profile.objects.filter(name=request.data['id']) #new if not query.exists(): return Response( { 'success': False, 'message': 'Uzytkownik nie istnieje.' }, status=400) profile = query.get() for ban in Ban.objects.all(): if ban.is_banned(profile): return Response( { 'message': 'Uzytkownik zostal zbanowany', 'success': False }, status=403) public_key = RSA.import_key(profile.public_key) cipher_rsa = PKCS1_OAEP.new(public_key) session_key = get_random_bytes(32) auth_key = base58.random(32) cache.set(profile.name + '|auth_key', auth_key, 60 * 15) profile.session_key = session_key # TODO: zaszyfrowany auth_key uzywajac klucza sesji. auth_key = cipher_rsa.encrypt(session_key) return Response({ 'sessionKey': cipher_rsa.encrypt(session_key), 'authKey': cipher_rsa.encrypt(auth_key), 'success': True, })
def create(self, request, pk=None): if 'invite' not in request.data or 'public_key' not in request.data or request.data[ 'invite'] == '' or request.data[ 'public_key'] == '' or 'hcaptcha' not in request.data or request.data[ 'hcaptcha'] == '': return Response( { 'success': False, 'message': 'Pola `hcaptcha`, `public_key` oraz `invite` sa wymagane.' }, status=400) if HCAPTCHA_SECRET != "": request = Request( 'https://hcaptcha.com/siteverify', urlencode({ 'secret': HCAPTCHA_SECRET, 'response': request.data['hcaptcha'] }).encode()) hcaptcha_data = json.loads(urlopen(request).read().decode()) if hcaptcha_data['success'] is False: return Response( { 'success': False, 'message': 'Niepoprawna captcha.' }, status=400) query = Invite.objects.filter(invite=request.data['invite']) if not query.exists(): return Response( { 'success': False, 'message': 'Zaproszenie nie istnieje.' }, status=400) invite = query.get() if Ban.objects.filter(invite=invite).exists(): return Response( { 'success': False, 'message': 'Zaproszenie jest zablokowane.' }, status=400) for profile in Profile.objects.all(): if profile.public_key == request.data['public_key']: return Response( { 'success': False, 'message': 'Taki użytkownik już istnieje.' }, status=403) name = base58.random(8) profile = Profile( invite=invite, public_key=request.data['public_key'], name=name, ) profile.save() return Response({ 'name': name, 'success': True, })
def get(self, request, pk=None): id = { 'id': base58.random(8), } return Response(id)
def create(self, request, pk=None): if 'name' not in request.data or request.data['name'] == '': return Response( { 'message': 'Uzytkownik nie zostal odnaleziony.', 'success': False }, status=401) query = Profile.objects.filter(name=request.data['name']) if not query.exists(): return Response( { 'success': False, 'message': 'Uzytkownik nie istnieje.' }, status=400) profile = query.get() for ban in Ban.objects.all(): if ban.is_banned(profile): return Response( { 'message': 'Uzytkownik zostal zbanowany', 'success': False }, status=403) public_key = RSA.import_key( f"-----BEGIN PUBLIC KEY-----\n{profile.public_key}\n-----END PUBLIC KEY-----" ) cipher_rsa = PKCS1_OAEP.new(public_key, SHA512) session_key = get_random_bytes(32) enc_session_key = cipher_rsa.encrypt(session_key) profile.session_key = enc_session_key auth_key = base58.random(32) request.session['auth_key'] = auth_key cipher_aes = AES.new(session_key, AES.MODE_CBC) ct_auth_key = cipher_aes.encrypt( pad(auth_key.encode("utf-8"), AES.block_size)) enc_iv = cipher_rsa.encrypt(cipher_aes.iv) request.session['sessionKey'] = base64.b64encode(session_key).decode( 'utf-8') request.session['sessionIv'] = base64.b64encode( cipher_aes.iv).decode('utf-8') verify_key = get_random_bytes(32) cipher_verify = AES.new(session_key, AES.MODE_CBC) request.session['verifyKey'] = base64.b64encode(verify_key).decode( 'utf-8') request.session['verifyIv'] = base64.b64encode( cipher_verify.iv).decode('utf-8') enc_verify_key = cipher_rsa.encrypt(verify_key) enc_verify_iv = cipher_rsa.encrypt(cipher_verify.iv) request.session['name'] = request.data['name'] request.session['authenticated'] = False return Response({ 'sessionKey': base64.b64encode(enc_session_key), 'authKey': base64.b64encode(ct_auth_key), 'iv': base64.b64encode(enc_iv), 'verifyKey': base64.b64encode(enc_verify_key), 'verifyIv': base64.b64encode(enc_verify_iv), 'success': True, })