phantom/onionshare
1
0
Fork 0
mirror of https://github.com/onionshare/onionshare.git synced 2025-01-10 03:37:28 -03:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'chat-session-handling' of github.com:onionshare/onionshare-ghsa-gjj5-998g-v36v into ros-fixes

Browse source
This commit is contained in:
Micah Lee 2021-11-18 19:15:24 -08:00
commit 5f5b761fcf
No known key found for this signature in database
GPG key ID: 403C2657CD994F73
3 changed files with 62 additions and 61 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
cli/onionshare_cli/mode_settings.py
View file

@ -55,12 +55,8 @@ class ModeSettings:
"disable_text": False, "disable_text": False,
"disable_files": False, "disable_files": False,
}, },
"website": { "website": {"disable_csp": False, "custom_csp": None, "filenames": []},
"disable_csp": False, "chat": {},
"custom_csp": None,
"filenames": []
},
"chat": {"room": "default"},
} }
self._settings = {} self._settings = {}

18
cli/onionshare_cli/resources/static/js/chat.js
View file

@ -11,29 +11,23 @@ $(function () {
// Store current username received from app context // Store current username received from app context
var current_username = $('#username').val(); var current_username = $('#username').val();
// On browser connect, emit a socket event to be added to
// room and assigned random username
socket.on('connect', function () {
socket.emit('joined', {});
});
// Triggered on any status change by any user, such as some // Triggered on any status change by any user, such as some
// user joined, or changed username, or left, etc. // user joined, or changed username, or left, etc.
socket.on('status', function (data) { socket.on('status', function (data) {
addMessageToRoom(data, current_username, 'status'); addMessageToPanel(data, current_username, 'status');
console.log(data, current_username); console.log(data, current_username);
}); });
// Triggered when message is received from a user. Even when sent // Triggered when message is received from a user. Even when sent
// by self, it get triggered after the server sends back the emit. // by self, it get triggered after the server sends back the emit.
socket.on('message', function (data) { socket.on('chat_message', function (data) {
addMessageToRoom(data, current_username, 'chat'); addMessageToPanel(data, current_username, 'chat');
console.log(data, current_username); console.log(data, current_username);
}); });
// Triggered when disconnected either by server stop or timeout // Triggered when disconnected either by server stop or timeout
socket.on('disconnect', function (data) { socket.on('disconnect', function (data) {
addMessageToRoom({ 'msg': 'The chat server is disconnected.' }, current_username, 'status'); addMessageToPanel({ 'msg': 'The chat server is disconnected.' }, current_username, 'status');
}) })
socket.on('connect_error', function (error) { socket.on('connect_error', function (error) {
console.log("error"); console.log("error");
@ -66,7 +60,7 @@ $(function () {
}); });
}); });
var addMessageToRoom = function (data, current_username, messageType) { var addMessageToPanel = function (data, current_username, messageType) {
var scrollDiff = getScrollDiffBefore(); var scrollDiff = getScrollDiffBefore();
if (messageType === 'status') { if (messageType === 'status') {
addStatusMessage(data.msg); addStatusMessage(data.msg);
@ -99,6 +93,8 @@ var updateUsername = function (socket) {
console.log(response); console.log(response);
if (response.success && response.username == username) { if (response.success && response.username == username) {
socket.emit('update_username', { username: username }); socket.emit('update_username', { username: username });
} else {
addStatusMessage("Failed to update username.")
} }
}); });
return username; return username;

97
cli/onionshare_cli/web/chat_mode.py
View file

@ -19,7 +19,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
""" """
from flask import request, render_template, make_response, jsonify, session from flask import request, render_template, make_response, jsonify, session
from flask_socketio import emit, join_room, leave_room from flask_socketio import emit, ConnectionRefusedError
class ChatModeWeb: class ChatModeWeb:
@ -33,7 +33,7 @@ class ChatModeWeb:
self.web = web self.web = web
# This tracks users in the room # This tracks users in the server
self.connected_users = [] self.connected_users = []
# This tracks the history id # This tracks the history id
@ -47,6 +47,13 @@ class ChatModeWeb:
self.define_routes() self.define_routes()
def validate_username(self, username):
return (
username
and username not in self.connected_users
and len(username) < 128
)
def define_routes(self): def define_routes(self):
""" """
The web app routes for chatting The web app routes for chatting
@ -61,7 +68,6 @@ class ChatModeWeb:
if session.get("name") if session.get("name")
else self.common.build_username() else self.common.build_username()
) )
session["room"] = self.web.settings.default_settings["chat"]["room"]
self.web.add_request( self.web.add_request(
request.path, request.path,
{"id": history_id, "status_code": 200}, {"id": history_id, "status_code": 200},
@ -79,11 +85,7 @@ class ChatModeWeb:
def update_session_username(): def update_session_username():
history_id = self.cur_history_id history_id = self.cur_history_id
data = request.get_json() data = request.get_json()
if ( if self.validate_username(data.get("username", "")):
data.get("username", "")
and data.get("username", "") not in self.connected_users
and len(data.get("username", "")) < 128
):
session["name"] = data.get("username", session.get("name")) session["name"] = data.get("username", session.get("name"))
self.web.add_request( self.web.add_request(
request.path, request.path,
@ -111,67 +113,74 @@ class ChatModeWeb:
) )
return r return r
@self.web.socketio.on("joined", namespace="/chat") @self.web.socketio.on("connect", namespace="/chat")
def joined(message): def server_connect():
"""Sent by clients when they enter a room. """Sent by clients when they enter a room.
A status message is broadcast to all people in the room.""" A status message is broadcast to all people in the room."""
self.connected_users.append(session.get("name")) if self.validate_username(session.get("name")):
join_room(session.get("room")) self.connected_users.append(session.get("name"))
emit( emit(
"status", "status",
{ {
"username": session.get("name"), "username": session.get("name"),
"msg": "{} has joined.".format(session.get("name")), "msg": "{} has joined.".format(session.get("name")),
"connected_users": self.connected_users, "connected_users": self.connected_users,
"user": session.get("name"), "user": session.get("name"),
}, },
room=session.get("room"), broadcast=True,
) )
else:
raise ConnectionRefusedError('You are active from another session!')
@self.web.socketio.on("text", namespace="/chat") @self.web.socketio.on("text", namespace="/chat")
def text(message): def text(message):
"""Sent by a client when the user entered a new message. """Sent by a client when the user entered a new message.
The message is sent to all people in the room.""" The message is sent to all people in the server."""
emit( emit(
"message", "chat_message",
{"username": session.get("name"), "msg": message["msg"]}, {"username": session.get("name"), "msg": message["msg"]},
room=session.get("room"), broadcast=True,
) )
@self.web.socketio.on("update_username", namespace="/chat") @self.web.socketio.on("update_username", namespace="/chat")
def update_username(message): def update_username(message):
"""Sent by a client when the user updates their username. """Sent by a client when the user updates their username.
The message is sent to all people in the room.""" The message is sent to all people in the server."""
current_name = session.get("name") current_name = session.get("name")
if message.get("username", ""): if self.validate_username(message.get("username", "")):
session["name"] = message["username"] session["name"] = message["username"]
self.connected_users[ self.connected_users[
self.connected_users.index(current_name) self.connected_users.index(current_name)
] = session.get("name") ] = session.get("name")
emit( emit(
"status", "status",
{ {
"msg": "{} has updated their username to: {}".format( "msg": "{} has updated their username to: {}".format(
current_name, session.get("name") current_name, session.get("name")
), ),
"connected_users": self.connected_users, "connected_users": self.connected_users,
"old_name": current_name, "old_name": current_name,
"new_name": session.get("name"), "new_name": session.get("name"),
}, },
room=session.get("room"), broadcast=True,
) )
else:
emit(
"status",
{"msg": "Failed to update username."},
)
@self.web.socketio.on("disconnect", namespace="/chat") @self.web.socketio.on("disconnect", namespace="/chat")
def disconnect(): def disconnect():
"""Sent by clients when they disconnect from a room. """Sent by clients when they disconnect.
A status message is broadcast to all people in the room.""" A status message is broadcast to all people in the server."""
self.connected_users.remove(session.get("name")) if session.get("name") in self.connected_users:
leave_room(session.get("room")) self.connected_users.remove(session.get("name"))
emit( emit(
"status", "status",
{ {
"msg": "{} has left the room.".format(session.get("name")), "msg": "{} has left the room.".format(session.get("name")),
"connected_users": self.connected_users, "connected_users": self.connected_users,
}, },
room=session.get("room"), broadcast=True,
) )