This is an automated email from the git hooks/post-receive script.
meskio pushed a commit to branch main in repository bridgedb.
commit 4a11c2b453098f1499d2f196919fa365f6ab62bd Author: meskio meskio@torproject.org AuthorDate: Thu Dec 15 15:38:01 2022 +0100
Support multiple shim tokens --- bridgedb/configure.py | 7 +++++-- bridgedb/distributors/moat/server.py | 12 ++++++------ bridgedb/test/moat_helpers.py | 2 +- 3 files changed, 12 insertions(+), 9 deletions(-)
diff --git a/bridgedb/configure.py b/bridgedb/configure.py index fd997e0..5447d85 100644 --- a/bridgedb/configure.py +++ b/bridgedb/configure.py @@ -165,11 +165,14 @@ def loadConfig(configFile=None, configCls=None):
if os.path.isfile(config.MOAT_SHIM_TOKEN_FILE): with open(config.MOAT_SHIM_TOKEN_FILE) as f: - setattr(config, "MOAT_SHIM_TOKEN", f.read()) + tokens = f.read().split("\n") + while "" in tokens: + tokens.remove("") + setattr(config, "MOAT_SHIM_TOKENS", tokens) if not os.path.isfile(config.MOAT_DUMMY_BRIDGES_FILE): logging.warning("The dummy bridges file '%s' doesn't exist" % (config.MOAT_DUMMY_BRIDGES_FILE,)) else: - config.MOAT_SHIM_TOKEN = None + config.MOAT_SHIM_TOKENS = [] logging.info("No shim-token provided, moat will answer each request with bridge authority bridges.")
return config diff --git a/bridgedb/distributors/moat/server.py b/bridgedb/distributors/moat/server.py index fe59b99..303936e 100644 --- a/bridgedb/distributors/moat/server.py +++ b/bridgedb/distributors/moat/server.py @@ -493,7 +493,7 @@ class CaptchaCheckResource(CaptchaResource): def __init__(self, distributor, schedule, N=1, hmacKey=None, publicKey=None, secretKey=None, useForwardedHeader=True, skipInvalid=False, - shim_token=None): + shim_tokens=None): """Create a new resource for checking CAPTCHA solutions and returning bridges to a client.
@@ -508,7 +508,7 @@ class CaptchaCheckResource(CaptchaResource): X-Forwarded-For header instead of the source IP address. :param bool skipInvalid: Skip invalid (e.g., loopback, private) addresses when parsing the X-Forwarded-For header. - :param bytes shim_token: the token that should be included on the header + :param bytes shim_tokens: a list of tokens that should be included on the header 'shim-token' on each request or dummy bridges will be provided. """ CaptchaResource.__init__(self, hmacKey, publicKey, secretKey, @@ -517,7 +517,7 @@ class CaptchaCheckResource(CaptchaResource): self.schedule = schedule self.nBridgesToGive = N self.useForwardedHeader = useForwardedHeader - self.shim_token = shim_token + self.shim_tokens = shim_tokens
def createBridgeRequest(self, ip, data): """Create an appropriate :class:`MoatBridgeRequest` from the ``data`` @@ -763,7 +763,7 @@ class CaptchaCheckResource(CaptchaResource): qrcode = None bridgeRequest = self.createBridgeRequest(clientIP, client_data) bridges = [] - dummyBridges = self.shim_token and request.getHeader('shim-token') == self.shim_token + dummyBridges = self.shim_tokens and request.getHeader('shim-token') in self.shim_tokens bridges = self.getBridges(bridgeRequest, dummyBridges) bridgeLines = self.getBridgeLines(bridgeRequest, bridges) moatMetrix.recordValidMoatRequest(request) @@ -837,7 +837,7 @@ def addMoatServer(config, distributor): fwdHeaders = config.MOAT_USE_IP_FROM_FORWARDED_HEADER numBridges = config.MOAT_BRIDGES_PER_ANSWER skipInvalid = config.MOAT_SKIP_LOOPBACK_ADDRESSES - shim_token = config.MOAT_SHIM_TOKEN + shim_tokens = config.MOAT_SHIM_TOKENS
logging.info("Starting moat servers...")
@@ -868,7 +868,7 @@ def addMoatServer(config, distributor): check = CaptchaCheckResource(distributor, sched, numBridges, hmacKey, publicKey, secretKey, fwdHeaders, skipInvalid, - shim_token) + shim_tokens)
moat.putChild(b"fetch", fetch) moat.putChild(b"check", check) diff --git a/bridgedb/test/moat_helpers.py b/bridgedb/test/moat_helpers.py index 452c207..bfbe863 100644 --- a/bridgedb/test/moat_helpers.py +++ b/bridgedb/test/moat_helpers.py @@ -69,7 +69,7 @@ MOAT_N_IP_CLUSTERS = %r MOAT_ROTATION_PERIOD = %r MOAT_GIMP_CAPTCHA_HMAC_KEYFILE = %r MOAT_GIMP_CAPTCHA_RSA_KEYFILE = %r -MOAT_SHIM_TOKEN = "" +MOAT_SHIM_TOKENS = "" """ % (GIMP_CAPTCHA_DIR, SERVER_PUBLIC_FQDN, SUPPORTED_TRANSPORTS,