change relay URL scheme, allow arbitrary relay-phase messages

This commit is contained in:
Brian Warner 2015-03-22 11:45:16 -07:00
parent 55577d9721
commit fd3e4f3508
2 changed files with 51 additions and 47 deletions

View File

@ -37,12 +37,13 @@ class ReceiverWrongPasswordError(WrongPasswordError):
giving both you and the attacker another chance. giving both you and the attacker another chance.
""" """
# relay URLs are:
#
# POST /allocate -> {channel-id: INT} # POST /allocate -> {channel-id: INT}
# these return all messages for CHANNEL-ID= and WHICH= but SIDE!= # these return all messages for CHANNEL-ID= and MSGNUM= but SIDE!= :
# WHICH=(pake,data) # POST /CHANNEL-ID/SIDE/post/MSGNUM {message: STR} -> {messages: [STR..]}
# POST /CHANNEL-ID/SIDE/WHICH/post {message: STR} -> {messages: [STR..]} # POST /CHANNEL-ID/SIDE/poll/MSGNUM -> {messages: [STR..]}
# POST /CHANNEL-ID/SIDE/WHICH/poll -> {messages: [STR..]} # GET /CHANNEL-ID/SIDE/poll/MSGNUM (eventsource) -> STR, STR, ..
# GET /CHANNEL-ID/SIDE/WHICH/poll (eventsource) -> STR, STR, ..
# #
# POST /CHANNEL-ID/SIDE/deallocate -> waiting | deleted # POST /CHANNEL-ID/SIDE/deallocate -> waiting | deleted
@ -86,10 +87,13 @@ class EventSourceFollower:
return self.iter_events().next() return self.iter_events().next()
class Common: class Common:
def url(self, suffix): def url(self, verb, msgnum=None):
return "%s%d/%s/%s" % (self.relay, self.channel_id, self.side, suffix) url = "%s%d/%s/%s" % (self.relay, self.channel_id, self.side, verb)
if msgnum is not None:
url += "/" + msgnum
return url
def get(self, old_msgs, url_suffix): def get(self, old_msgs, verb, msgnum):
# For now, server errors cause the client to fail. TODO: don't. This # For now, server errors cause the client to fail. TODO: don't. This
# will require changing the client to re-post messages when the # will require changing the client to re-post messages when the
# server comes back up. # server comes back up.
@ -105,7 +109,7 @@ class Common:
if remaining < 0: if remaining < 0:
raise Timeout raise Timeout
#time.sleep(self.wait) #time.sleep(self.wait)
f = EventSourceFollower(self.url(url_suffix), remaining) f = EventSourceFollower(self.url(verb, msgnum), remaining)
msgs = [json.loads(f.get_message())["message"]] msgs = [json.loads(f.get_message())["message"]]
f.close() f.close()
return msgs return msgs
@ -119,13 +123,13 @@ class Common:
def _post_pake(self): def _post_pake(self):
msg = self.sp.start() msg = self.sp.start()
post_data = {"message": hexlify(msg).decode("ascii")} post_data = {"message": hexlify(msg).decode("ascii")}
r = requests.post(self.url("pake/post"), data=json.dumps(post_data)) r = requests.post(self.url("post", "pake"), data=json.dumps(post_data))
r.raise_for_status() r.raise_for_status()
other_msgs = r.json()["messages"] other_msgs = r.json()["messages"]
return other_msgs return other_msgs
def _get_pake(self, other_msgs): def _get_pake(self, other_msgs):
msgs = self.get(other_msgs, "pake/poll") msgs = self.get(other_msgs, "poll", "pake")
pake_msg = unhexlify(msgs[0].encode("ascii")) pake_msg = unhexlify(msgs[0].encode("ascii"))
key = self.sp.finish(pake_msg) key = self.sp.finish(pake_msg)
return key return key
@ -138,13 +142,13 @@ class Common:
def _post_data(self, data): def _post_data(self, data):
post_data = json.dumps({"message": hexlify(data).decode("ascii")}) post_data = json.dumps({"message": hexlify(data).decode("ascii")})
r = requests.post(self.url("data/post"), data=post_data) r = requests.post(self.url("post", "data"), data=post_data)
r.raise_for_status() r.raise_for_status()
other_msgs = r.json()["messages"] other_msgs = r.json()["messages"]
return other_msgs return other_msgs
def _get_data(self, other_msgs): def _get_data(self, other_msgs):
msgs = self.get(other_msgs, "data/poll") msgs = self.get(other_msgs, "poll", "data")
data = unhexlify(msgs[0].encode("ascii")) data = unhexlify(msgs[0].encode("ascii"))
return data return data

View File

@ -42,89 +42,89 @@ class EventsProtocol:
# note: no versions of IE (including the current IE11) support EventSource # note: no versions of IE (including the current IE11) support EventSource
# relay URLs are:
#
# POST /allocate -> {channel-id: INT}
# these return all messages for CHANNEL-ID= and MSGNUM= but SIDE!= :
# POST /CHANNEL-ID/SIDE/post/MSGNUM {message: STR} -> {messages: [STR..]}
# POST /CHANNEL-ID/SIDE/poll/MSGNUM -> {messages: [STR..]}
# GET /CHANNEL-ID/SIDE/poll/MSGNUM (eventsource) -> STR, STR, ..
#
# POST /CHANNEL-ID/SIDE/deallocate -> waiting | deleted
class Channel(resource.Resource): class Channel(resource.Resource):
isLeaf = True # I handle /CHANNEL-ID/* isLeaf = True # I handle /CHANNEL-ID/*
valid_which = ["pake", "data"]
# WHICH=(pake,data)
# these return all messages for CHANNEL-ID= and WHICH= but SIDE!=
# POST /CHANNEL-ID/SIDE/WHICH/post {message: STR} -> {messages: [STR..]}
# POST /CHANNEL-ID/SIDE/WHICH/poll -> {messages: [STR..]}
# GET /CHANNEL-ID/SIDE/WHICH/poll (eventsource) -> STR, STR, ..
#
# POST /CHANNEL-ID/SIDE/deallocate -> waiting | deleted
def __init__(self, channel_id, relay): def __init__(self, channel_id, relay):
resource.Resource.__init__(self) resource.Resource.__init__(self)
self.channel_id = channel_id self.channel_id = channel_id
self.relay = relay self.relay = relay
self.expire_at = time.time() + CHANNEL_EXPIRATION_TIME self.expire_at = time.time() + CHANNEL_EXPIRATION_TIME
self.sides = set() self.sides = set()
self.messages = [] # (side, which, str) self.messages = [] # (side, msgnum, str)
self.event_channels = set() # (side, which, ep) self.event_channels = set() # (side, msgnum, ep)
def render_GET(self, request): def render_GET(self, request):
# rest of URL is: SIDE/WHICH/(post|poll) # rest of URL is: SIDE/poll/MSGNUM
their_side = request.postpath[0] their_side = request.postpath[0]
their_which = request.postpath[1] if request.postpath[1] != "poll":
request.setResponseCode(http.BAD_REQUEST, "GET to wrong URL")
return "GET is only for /SIDE/poll/MSGNUM"
their_msgnum = request.postpath[2]
if "text/event-stream" not in (request.getHeader("accept") or ""): if "text/event-stream" not in (request.getHeader("accept") or ""):
request.setResponseCode(http.BAD_REQUEST, "Must use EventSource") request.setResponseCode(http.BAD_REQUEST, "Must use EventSource")
return "Must use EventSource (Content-Type: text/event-stream)" return "Must use EventSource (Content-Type: text/event-stream)"
request.setHeader("content-type", "text/event-stream") request.setHeader("content-type", "text/event-stream")
ep = EventsProtocol(request) ep = EventsProtocol(request)
handle = (their_side, their_which, ep) handle = (their_side, their_msgnum, ep)
self.event_channels.add(handle) self.event_channels.add(handle)
request.notifyFinish().addErrback(self._shutdown, handle) request.notifyFinish().addErrback(self._shutdown, handle)
for (msg_side, msg_which, msg_str) in self.messages: for (msg_side, msg_msgnum, msg_str) in self.messages:
self.message_added(msg_side, msg_which, msg_str, channels=[handle]) self.message_added(msg_side, msg_msgnum, msg_str, channels=[handle])
return server.NOT_DONE_YET return server.NOT_DONE_YET
def _shutdown(self, _, handle): def _shutdown(self, _, handle):
self.event_channels.discard(handle) self.event_channels.discard(handle)
def message_added(self, msg_side, msg_which, msg_str, channels=None): def message_added(self, msg_side, msg_msgnum, msg_str, channels=None):
if channels is None: if channels is None:
channels = self.event_channels channels = self.event_channels
for (their_side, their_which, their_ep) in channels: for (their_side, their_msgnum, their_ep) in channels:
if msg_side != their_side and msg_which == their_which: if msg_side != their_side and msg_msgnum == their_msgnum:
data = json.dumps({ "side": msg_side, "message": msg_str }) data = json.dumps({ "side": msg_side, "message": msg_str })
their_ep.sendEvent(data) their_ep.sendEvent(data)
def render_POST(self, request): def render_POST(self, request):
# rest of URL is: SIDE/WHICH/(post|poll) # rest of URL is: SIDE/(MSGNUM|deallocate)/(post|poll)
side = request.postpath[0] side = request.postpath[0]
self.sides.add(side) self.sides.add(side)
which = request.postpath[1] verb = request.postpath[1]
if which == "deallocate": if verb == "deallocate":
self.sides.remove(side) self.sides.remove(side)
if self.sides: if self.sides:
return "waiting\n" return "waiting\n"
self.relay.free_child(self.channel_id) self.relay.free_child(self.channel_id)
return "deleted\n" return "deleted\n"
if which not in self.valid_which:
request.setResponseCode(http.BAD_REQUEST)
return "bad command, want 'pake' or 'data' or 'deallocate'\n"
verb = request.postpath[2]
if verb not in ("post", "poll"): if verb not in ("post", "poll"):
request.setResponseCode(http.BAD_REQUEST) request.setResponseCode(http.BAD_REQUEST)
return "bad verb, want 'post' or 'poll'\n" return "bad verb, want 'post' or 'poll'\n"
msgnum = request.postpath[2]
other_messages = [] other_messages = []
for (msg_side, msg_which, msg_str) in self.messages: for (msg_side, msg_msgnum, msg_str) in self.messages:
if msg_side != side and msg_which == which: if msg_side != side and msg_msgnum == msgnum:
other_messages.append(msg_str) other_messages.append(msg_str)
if verb == "post": if verb == "post":
data = json.load(request.content) data = json.load(request.content)
self.messages.append( (side, which, data["message"]) ) self.messages.append( (side, msgnum, data["message"]) )
self.message_added(side, which, data["message"]) self.message_added(side, msgnum, data["message"])
request.setHeader("content-type", "application/json; charset=utf-8") request.setHeader("content-type", "application/json; charset=utf-8")
return json.dumps({"messages": other_messages})+"\n" return json.dumps({"messages": other_messages})+"\n"