mirror of
git://git.psyced.org/git/psyced
synced 2024-08-15 03:25:10 +00:00
fake redirection by iframe...
This commit is contained in:
parent
5c859e6fef
commit
0a7f208a72
6 changed files with 114 additions and 35 deletions
|
@ -1,5 +1,5 @@
|
||||||
// this place is configured in a suitable way for receiving
|
// this place is configured in a suitable way for receiving
|
||||||
// syslog events from the syslog2psyc tool in perlpsyc
|
// tor router events from the remotor tool in perlpsyc
|
||||||
//
|
//
|
||||||
#include <net.h>
|
#include <net.h>
|
||||||
|
|
||||||
|
|
|
@ -24,18 +24,16 @@ varargs http_error(string prot, int code, string comment, string html) {
|
||||||
P2(("hterror(%O,%O,%O,%O) in %O\n", prot,code,comment,html, ME))
|
P2(("hterror(%O,%O,%O,%O) in %O\n", prot,code,comment,html, ME))
|
||||||
#if defined(T)
|
#if defined(T)
|
||||||
// use the textdb if available
|
// use the textdb if available
|
||||||
out = psyctext( T("_PAGES_error",
|
out = psyctext( T("_PAGES_error", "<title>Error [_code]</title><body><h1 id='code'>[_code]</h1><div id='comment'>[_comment]</div>"),
|
||||||
"<html><title id='code'>[_code]</title>\n"
|
|
||||||
"<body><h1 id='comment'>[_comment]</h1></body></html>\n"),
|
|
||||||
([ "_comment": comment, "_code": code ]) );
|
([ "_comment": comment, "_code": code ]) );
|
||||||
#else
|
#else
|
||||||
// use some hardcoded defaults
|
// use some hardcoded defaults
|
||||||
out = "<body text=white bgcolor=black link=green vlink=green>\n";
|
out = "<body text='white' bgcolor='black' link='green' vlink='green'>\n";
|
||||||
if (html) out = sprintf("<title>%s</title>\n%s%s", comment, out, html);
|
if (html) out = sprintf("<title>%s</title>\n%s%s", comment, out, html);
|
||||||
else out = sprintf("\
|
else out = sprintf("\
|
||||||
<title>error %d</title>\n\
|
<title>Error %d</title>\n\
|
||||||
%s\n\
|
%s\n\
|
||||||
<table width=\"100%%\" height=\"90%%\"><tr><th><h1><br>\n\n\
|
<table width=\"100%%\" height=\"90%%\"><tr><th><h1><br/>\n\n\
|
||||||
%s\n\n\
|
%s\n\n\
|
||||||
</h1></th></tr></table>\n\
|
</h1></th></tr></table>\n\
|
||||||
",
|
",
|
||||||
|
|
|
@ -95,12 +95,19 @@ varargs string htredirect(string prot, string target, string comment, int perman
|
||||||
printf("%s %d %s\n%s", HTTP_SVERS,
|
printf("%s %d %s\n%s", HTTP_SVERS,
|
||||||
permanent ? R_MOVED : R_FOUND, comment, htheaders());
|
permanent ? R_MOVED : R_FOUND, comment, htheaders());
|
||||||
}
|
}
|
||||||
|
// this page might actually be visible
|
||||||
|
// if content-disposition: attachment is given
|
||||||
|
// or redirects are otherwise intercepted by plugin
|
||||||
|
// so a proper _PAGES form could be appropriate
|
||||||
printf("\
|
printf("\
|
||||||
Location: %s\n%s\
|
Location: %s\n%s\
|
||||||
\n\
|
\n\
|
||||||
<a href=\"%s\">%s</a>.\n\
|
<title>%s</title>\n\
|
||||||
",
|
<body bgcolor='black' text='white' link='red' vlink='red'>\n\
|
||||||
target, extra, target, comment);
|
%s\n",
|
||||||
|
// exposing the link to end-user may not be intended:
|
||||||
|
// <a href=\"%s\">%s</a>.
|
||||||
|
target, extra, comment, comment);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -18,6 +18,10 @@
|
||||||
#include <status.h>
|
#include <status.h>
|
||||||
#include <uniform.h>
|
#include <uniform.h>
|
||||||
|
|
||||||
|
#ifndef HT_LOGO
|
||||||
|
# define HT_LOGO DEFAULT_HT_LOGO
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef BRAIN
|
#ifdef BRAIN
|
||||||
|
|
||||||
# ifdef SLAVE
|
# ifdef SLAVE
|
||||||
|
@ -610,8 +614,9 @@ htget(prot, query, headers, qs) {
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef CHALLENGE_MATCH
|
#ifdef CHALLENGE_QUESTION // should make media player etc work also w/o challenge FIXME
|
||||||
#include <sys/regexp.h>
|
#include <sys/regexp.h>
|
||||||
|
#include "ht/http.h"
|
||||||
|
|
||||||
#define CHALOG(verb) log_file("CHALLENGE", "%s %s %O A:%O P:%O C:%O\n", \
|
#define CHALOG(verb) log_file("CHALLENGE", "%s %s %O A:%O P:%O C:%O\n", \
|
||||||
MYNICK, verb, query_ip_name(), \
|
MYNICK, verb, query_ip_name(), \
|
||||||
|
@ -619,14 +624,47 @@ htget(prot, query, headers, qs) {
|
||||||
|
|
||||||
// maybe this all belongs into archetype.gen.. chesmo!
|
// maybe this all belongs into archetype.gen.. chesmo!
|
||||||
htget(prot, query, headers, qs, data, noprocess) {
|
htget(prot, query, headers, qs, data, noprocess) {
|
||||||
string item = headers[item] || "/@"+ MYNICK;
|
if (probably_private(this_interactive()) <= PRIVACY_SURVEILLED) {
|
||||||
if (stringp(headers["cookie"]) && regmatch(headers["cookie"],
|
hterror(prot, R_PAYMENTREQ, "To protect against abuse in this nasty world this function needs 'https' instead of 'http'.");
|
||||||
"challenge=complete&answer="+ md5(CHALLENGE_MATCH))) {
|
htnotify(query, headers, "_challenge_disabled_encryption",
|
||||||
|
"[_nick_place] sees no TLS by [_web_on] from [_web_from].");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
string item = "/@"+ MYNICK;
|
||||||
|
if (
|
||||||
|
# ifdef CHALLENGE_AGENT
|
||||||
|
stringp(headers["user-agent"]) &&
|
||||||
|
regmatch(lower_case(headers["user-agent"]), CHALLENGE_AGENT)
|
||||||
|
# else
|
||||||
|
# ifdef CHALLENGE_ACCOUNTS
|
||||||
|
# define CHALLENGE_CHECK CHALLENGE_ACCOUNTS
|
||||||
|
# else
|
||||||
|
# ifdef CHALLENGE_MATCH
|
||||||
|
# define CHALLENGE_CHECK CHALLENGE_MATCH
|
||||||
|
# endif
|
||||||
|
# endif
|
||||||
|
stringp(headers["cookie"]) && regmatch(headers["cookie"],
|
||||||
|
"challenge=complete&answer="+ md5(CHALLENGE_CHECK))
|
||||||
|
# endif
|
||||||
|
) {
|
||||||
CHALOG("completes");
|
CHALOG("completes");
|
||||||
htnotify(query, headers, "_accomplished_web",
|
htnotify(query, headers, "_challenge_accomplished_web",
|
||||||
"Challenge accomplished in [_nick_place] by [_web_on] coming from [_web_from].");
|
"Challenge accomplished in [_nick_place] by [_web_on] coming from [_web_from].");
|
||||||
# ifdef CHALLENGE_REDIRECT
|
# ifdef CHALLENGE_REDIRECT
|
||||||
return htredirect(prot, CHALLENGE_REDIRECT, "There you go", 0, "Set-Cookie: psycplace=\"challenge=done\"; Path="+ item +"; Secure; Max-Age=9\n");
|
# ifdef CHALLENGE_REDIRECT_TITLE
|
||||||
|
# ifdef CHALLENGE_QUESTION
|
||||||
|
htok3(prot, 0, "Set-Cookie: psycplace=\"challenge=done\"; Path="+ item +"; Secure; Max-Age=9\n");
|
||||||
|
# else
|
||||||
|
htok();
|
||||||
|
# endif
|
||||||
|
w("_PAGES_frame_redirect", 0,
|
||||||
|
([ "_uniform_page" : CHALLENGE_REDIRECT,
|
||||||
|
"_title_page" : CHALLENGE_REDIRECT_TITLE,
|
||||||
|
"_nick_place" : MYNICK ]) );
|
||||||
|
return 1;
|
||||||
|
# else
|
||||||
|
return htredirect(prot, CHALLENGE_REDIRECT, "Download or redirect initiated", 0, "Content-Disposition: attachment\nSet-Cookie: psycplace=\"challenge=done\"; Path="+ item +"; Secure; Max-Age=9\n");
|
||||||
|
# endif
|
||||||
# else
|
# else
|
||||||
# ifdef HTGET
|
# ifdef HTGET
|
||||||
// you may want to output a player iframe instead of a redirect...
|
// you may want to output a player iframe instead of a redirect...
|
||||||
|
@ -636,33 +674,66 @@ htget(prot, query, headers, qs, data, noprocess) {
|
||||||
# endif
|
# endif
|
||||||
# endif
|
# endif
|
||||||
}
|
}
|
||||||
if (stringp(query["answer"]) && headers["cookie"] &&
|
# if defined(CHALLENGE_MATCH) || defined(CHALLENGE_ACCOUNTS)
|
||||||
regmatch(headers["cookie"], "challenge=given") &&
|
if (stringp(query["answer"])) {
|
||||||
regmatch(lower_case(query["answer"]), CHALLENGE_MATCH)) {
|
unless (headers["cookie"]) {
|
||||||
// lazy me could have used referer here ;)
|
CHALOG("disabled");
|
||||||
string nu = stringp(query["parameters"]) &&
|
hterror(prot, R_PAYMENTREQ, "To protect against abuse in this nasty world this function needs just temporarily enabled cookies. There are no de-anonymizing purposes involved. Or did you just lowercase my name in the URL?");
|
||||||
strlen(query["parameters"]) ?
|
htnotify(query, headers, "_challenge_disabled_web",
|
||||||
item +"?"+ query["parameters"] : item;
|
"[_nick_place] sees no cookies by [_web_on] from [_web_from].");
|
||||||
CHALOG("reloads");
|
return 1;
|
||||||
htredirect(prot, nu, "Reload, please", 0, "Set-Cookie: psycplace=\"challenge=complete&answer="+ md5(CHALLENGE_MATCH) +"\"; Path="+ item +"; Secure; Max-Age=99\n");
|
}
|
||||||
return 1;
|
string acct;
|
||||||
|
if (regmatch(headers["cookie"], "challenge=given")) {
|
||||||
|
if (query["answer"] &&
|
||||||
|
# ifdef CHALLENGE_ACCOUNTS
|
||||||
|
(acct = CHALLENGE_ACCOUNTS->consult(query["answer"]))
|
||||||
|
# else
|
||||||
|
regmatch(lower_case(query["answer"]), CHALLENGE_MATCH)
|
||||||
|
# endif
|
||||||
|
) {
|
||||||
|
// lazy me could have used referer here ;)
|
||||||
|
string nu = stringp(query["parameters"]) &&
|
||||||
|
strlen(query["parameters"]) &&
|
||||||
|
query["parameters"] != "0" ?
|
||||||
|
item +"?"+ query["parameters"] : item;
|
||||||
|
CHALOG(acct? ("authenticates as "+ acct): "reloads");
|
||||||
|
htredirect(prot, nu, "Reload, please", 0, "Set-Cookie: psycplace=\"challenge=complete&answer="+ md5(CHALLENGE_CHECK) +"\"; Path="+ item +"; Secure; Max-Age=99\n");
|
||||||
|
if (acct) htnotify(query, headers, "_challenge_authenticated_web",
|
||||||
|
"[_web_on] authenticated for [_nick_place] coming from [_web_from].", acct);
|
||||||
|
return 1;
|
||||||
|
} else {
|
||||||
|
CHALOG("fails");
|
||||||
|
htnotify(query, headers, "_challenge_failed_web",
|
||||||
|
"[_nick_place] sees [_web_on] from [_web_from] fail the challenge.");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else
|
||||||
|
# endif
|
||||||
|
{
|
||||||
|
CHALOG("challenges");
|
||||||
|
htnotify(query, headers, "_challenge_presented_web",
|
||||||
|
"[_nick_place] challenges [_web_on] coming from [_web_from].");
|
||||||
|
// (query [_web_query], cookie [_web_cookie]).");
|
||||||
}
|
}
|
||||||
|
// If you have trouble reloading the HTML template
|
||||||
|
// look out for both 'ht' and 'html' textdbs!
|
||||||
sTextPath(query["layout"], query["lang"], "html");
|
sTextPath(query["layout"], query["lang"], "html");
|
||||||
// using a non-psyced cookie here so that you can't construct a
|
// using a non-psyced cookie here so that you can't construct a
|
||||||
// url that allows other people to bypass the challenge.
|
// url that allows other people to bypass the challenge.
|
||||||
// could add a timeout here...
|
|
||||||
htok3(prot, 0, "Set-Cookie: psycplace=\"challenge=given\"; Path="+ item +"; Secure; Max-Age=999\n");
|
htok3(prot, 0, "Set-Cookie: psycplace=\"challenge=given\"; Path="+ item +"; Secure; Max-Age=999\n");
|
||||||
CHALOG("challenges");
|
# ifndef CHALLENGE_REDIRECT_TITLE
|
||||||
|
# define CHALLENGE_REDIRECT_TITLE "Challenge for " MYNICK
|
||||||
|
# endif
|
||||||
w("_PAGES_group_challenge", 0,
|
w("_PAGES_group_challenge", 0,
|
||||||
([ "_challenge" : htquote(CHALLENGE_QUESTION),
|
([ "_challenge" : htquote(CHALLENGE_QUESTION),
|
||||||
// if the user failed the challenge,
|
// if the user failed the challenge,
|
||||||
// we maintain the original qs for next attempt:
|
// we maintain the original qs for next attempt:
|
||||||
"_parameters" : query["parameters"] || qs,
|
"_parameters" : query["parameters"] || qs,
|
||||||
|
"_uniform_logo" : HT_LOGO,
|
||||||
|
"_title_page" : CHALLENGE_REDIRECT_TITLE,
|
||||||
"_nick_place" : MYNICK ]) );
|
"_nick_place" : MYNICK ]) );
|
||||||
// printf("%O vs %O\n", query, headers);
|
// printf("%O vs %O\n", query, headers);
|
||||||
htnotify(query, headers, "_challenged_web",
|
|
||||||
"[_nick_place] challenges [_web_on] coming from [_web_from].");
|
|
||||||
// (query [_web_query], cookie [_web_cookie]).");
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -191,7 +191,7 @@ jabberMsg(XMLNode node) {
|
||||||
// super dirty.. this should all be in textdb
|
// super dirty.. this should all be in textdb
|
||||||
packet = sprintf("<iq type='result' id='%s'>"
|
packet = sprintf("<iq type='result' id='%s'>"
|
||||||
"<query xmlns='jabber:iq:register'/>"
|
"<query xmlns='jabber:iq:register'/>"
|
||||||
"<error code='501>Registration by XMPP not permitted.</error></iq>",
|
"<error code='501'>Registration by XMPP not permitted.</error></iq>",
|
||||||
id);
|
id);
|
||||||
#else
|
#else
|
||||||
packet = sprintf("<iq type='result' id='%s'>"
|
packet = sprintf("<iq type='result' id='%s'>"
|
||||||
|
@ -235,7 +235,10 @@ jabberMsg(XMLNode node) {
|
||||||
// QUIT
|
// QUIT
|
||||||
} else {
|
} else {
|
||||||
#if defined(_flag_disable_unauthenticated_users_XMPP) || defined(_flag_disable_registration_XMPP)
|
#if defined(_flag_disable_unauthenticated_users_XMPP) || defined(_flag_disable_registration_XMPP)
|
||||||
// TODO: generate some error as above
|
emit(sprintf("<iq type='result' id='%s'>"
|
||||||
|
"<query xmlns='jabber:iq:register'/>"
|
||||||
|
"<error code='501'>Registration by XMPP not permitted.</error></iq>",
|
||||||
|
id));
|
||||||
#else
|
#else
|
||||||
user -> vSet("password", t[Cdata]);
|
user -> vSet("password", t[Cdata]);
|
||||||
if (t = helper["/email"]) {
|
if (t = helper["/email"]) {
|
||||||
|
|
|
@ -474,7 +474,7 @@ _request_set_topic(source, mc, data, vars, b) {
|
||||||
|
|
||||||
#if HAS_PORT(HTTP_PORT, HTTP_PATH) || HAS_PORT(HTTPS_PORT, HTTP_PATH)
|
#if HAS_PORT(HTTP_PORT, HTTP_PATH) || HAS_PORT(HTTPS_PORT, HTTP_PATH)
|
||||||
// for GDPR compliance server owners are expected not to log these messages
|
// for GDPR compliance server owners are expected not to log these messages
|
||||||
htnotify(query, headers, mc, fmt) {
|
htnotify(query, headers, mc, fmt, acct) {
|
||||||
if (query["from"] == "") query["from"] = 0;
|
if (query["from"] == "") query["from"] = 0;
|
||||||
if (query["location"] == "") query["location"] = 0;
|
if (query["location"] == "") query["location"] = 0;
|
||||||
|
|
||||||
|
@ -484,7 +484,7 @@ htnotify(query, headers, mc, fmt) {
|
||||||
([ "_web_referrer" : query["from"] || "bookmark",
|
([ "_web_referrer" : query["from"] || "bookmark",
|
||||||
"_web_page" : query["location"] || headers["referer"] || "",
|
"_web_page" : query["location"] || headers["referer"] || "",
|
||||||
"_web_browser" : headers["user-agent"] || "",
|
"_web_browser" : headers["user-agent"] || "",
|
||||||
"_web_on" : query["location"] || headers["referer"] ||
|
"_web_on" : acct || query["location"] || headers["referer"] ||
|
||||||
headers["user-agent"] || "",
|
headers["user-agent"] || "",
|
||||||
"_web_from" : query["from"] ||
|
"_web_from" : query["from"] ||
|
||||||
query_ip_name(this_interactive()) ||
|
query_ip_name(this_interactive()) ||
|
||||||
|
|
Loading…
Reference in a new issue