Skip to content

Commit

Permalink
improve allowed site check
Browse files Browse the repository at this point in the history
  • Loading branch information
schorschii committed Apr 6, 2020
1 parent 4767619 commit c45b8fe
Showing 1 changed file with 40 additions and 18 deletions.
58 changes: 40 additions & 18 deletions companion.py
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ def askAllowSite(sitename):
return True; # report success
return False;

async def handleJson(websocket, requestjson):
async def handleJson(websocket, requestjson, allowed):
global FILES
global DOWNLOAD_DIR
global ALLOWED_SITES
Expand All @@ -75,27 +75,46 @@ async def handleJson(websocket, requestjson):
"requestID": requestjson["requestID"],
"type": "authentication-status",
"payload": "ACCEPTED"
}
}
await send(websocket, json.dumps(responsejson))
return True
else:
print("-> REJECTED SITE: " + requestjson["payload"]["payload"]["siteTitle"])
responsejson = {
"requestID": requestjson["requestID"],
"type": "authentication-status",
"payload": "REJECTED"
}
await send(websocket, json.dumps(responsejson))
}
await send(websocket, json.dumps(responsejson))
print("-> Close websocket")
websocket.close()
return False

# cloud hosted
elif(provider == "jwt"):
print("-> ACCEPTED JWT: " + requestjson["payload"]["payload"])
responsejson = {
"requestID": requestjson["requestID"],
"type": "authentication-status",
"payload": "ACCEPTED"
}
await send(websocket, json.dumps(responsejson))

elif(requestjson["type"] == "new-transaction" and requestjson["payload"]["transactionType"] == "file"):
currenSiteOrigin = json.loads(base64ToString(requestjson["payload"]["payload"].split(".")[1]))["confluence_origin"]
if(currenSiteOrigin in ALLOWED_SITES or askAllowSite(currenSiteOrigin)):
print("-> ACCEPTED JWT: " + requestjson["payload"]["payload"])
responsejson = {
"requestID": requestjson["requestID"],
"type": "authentication-status",
"payload": "ACCEPTED"
}
await send(websocket, json.dumps(responsejson))
return True
else:
print("-> REJECTED JWT: " + requestjson["payload"]["payload"])
responsejson = {
"requestID": requestjson["requestID"],
"type": "authentication-status",
"payload": "REJECTED"
}
await send(websocket, json.dumps(responsejson))
print("-> Close websocket")
websocket.close()
return False

elif(allowed and requestjson["type"] == "new-transaction" and requestjson["payload"]["transactionType"] == "file"):
newUuid = str(uuid.uuid4())
print("-> Start new transaction with uuid: "+newUuid)
responsejson = {
Expand All @@ -104,7 +123,7 @@ async def handleJson(websocket, requestjson):
}
await send(websocket, json.dumps(responsejson))

elif(requestjson["type"] == "list-apps"):
elif(allowed and requestjson["type"] == "list-apps"):
responsejson = {
"requestID": requestjson["requestID"],
"payload": [{
Expand All @@ -116,7 +135,7 @@ async def handleJson(websocket, requestjson):
}
await send(websocket, json.dumps(responsejson))

elif(requestjson["type"] == "launch-file-in-app"):
elif(allowed and requestjson["type"] == "launch-file-in-app"):
appId = requestjson["payload"]["applicationID"]
transId = requestjson["transactionID"]
fileUrl = requestjson["payload"]["fileURL"]
Expand Down Expand Up @@ -166,7 +185,7 @@ async def handleJson(websocket, requestjson):
subprocess.call(["xdg-open", filePath])

# upload handler for self-hosted instances
elif(requestjson["type"] == "upload-file-in-app"):
elif(allowed and requestjson["type"] == "upload-file-in-app"):
transId = requestjson["transactionID"]
fileUrl = requestjson["payload"]["uploadUrl"]

Expand Down Expand Up @@ -240,7 +259,7 @@ async def handleJson(websocket, requestjson):
await send(websocket, json.dumps(responsejson))

# upload handler for cloud-hosted instances
elif(requestjson["type"] == "request-upload-token"):
elif(allowed and requestjson["type"] == "request-upload-token"):
# yummy, we got an upload token!
transId = requestjson["transactionID"]
uploadToken = requestjson["payload"]
Expand Down Expand Up @@ -433,10 +452,13 @@ def process_IN_MODIFY(self, event):
self._loop.run_until_complete(task)

async def companionHandler(websocket, path):
allowed = False # indicates if the current connection is authenticated
while(True):
request = await websocket.recv()
print(f"< {request}")
await handleJson( websocket, json.loads(request) )
result = await handleJson( websocket, json.loads(request), allowed )
if(result == True or result == False): # result can also be None - no change in this case
allowed = result

async def send(websocket, response):
await websocket.send(response)
Expand Down

0 comments on commit c45b8fe

Please sign in to comment.