This removes "side" and "msgnum" from the URLs, and puts them in a JSON
request body instead. The server now maintains a simple set of messages
for each channel-id, and isn't responsible for removing duplicates.
The client now fetches all messages, and just ignores everything it sent
itself. This removes the "reflection attack".
Deallocate now returns JSON, for consistency. DB and API use "phase" and
"body" instead of msgnum/message.
This changes the DB schema, so delete the DB before upgrading the server.
The "bytes % bytes" syntax only appeared on py3.5, so don't use it.
Updated travis to expect py3.4 works.
The twisted side is probably even more broken for py3.4 than it is for
py3.5.
* declare transit records and handshake keys are bytes, not str
* declare transit connection hints to be str
* use six.moves.socketserver, six.moves.input for Verifier query
* argparse "--version" writes to stderr on py2, stdout on py3
* avoid xrange(), use subprocess.Popen(universal_newlines=True)
* use modern/portable "next(iter)" instead of "iter.next()"
* use six.moves.input() instead of raw_input()
* tell requests' Response.iter_lines that we want str, not bytes
The main wormhole code is str (unicode in py3, bytes in py2). Most
everything else must be passed as bytes in both py2/py3.
Keep the internal "side" string as a str, to make it easier to merge
with other URL pieces.
Just make up a code like NUMBER-STUFF, and add --code= to the
send-text/send-file command. Also don't use tab-completion on the
codewords part of the receiving side, unless you stuck to the even/odd
PGP wordlist. (tab still works for the channel-id).
This is a proxy for the other client's version, and encourages both
sides to upgrade to the current version each time the server is
upgraded (which will be once per release).
To be useful, both sides must add -v. If the sender uses -v but the
receiver doesn't, the receiver won't show the verification string, so
the sender can't compare it to anything (and must either abort the
transfer or accept it blindly). Maybe the receiver should show the
verification string unconditionally. Maybe the sender should
indicate (in unprotected plaintext, along with the PAKE message) whether
the receiver should show it or not.
Applications should feel free to pass wormhole.const.RENDEZVOUS_RELAY
here, but I figure it should be clear that you're using a public service
that's hosted *somewhere* external.
This fixes the situation where you start the receiver first, then start
the sender, then you hit TAB on the receiver.
This somewhat improves the situation where you start the receiver first,
hit TAB (getting nothing), then start the sender, then hit TAB on the
receiver again. The second TAB will list the channel-ids, but won't
insert the only one as it's supposed to. You must type something (which
you can erase) and then hit TAB again to get a unique channel-id
inserted. But at least you can tell which one to type.
The first TAB runs the completer with readline.get_completion_type()
equal to 9=TAB=try-to-insert. The second (and subsequent) TABs use
63=?=list-matches, and it won't go back to 9 until you type something.
If all the direct hints resulted in timeouts (e.g. they were to bad IP
addresses where connections just hang), the relay connection would fail.
The establish_connection() function had the same TIMEOUT as the
direct-hint connector, so it would give up just before the relay
connection was initiated.
