[tor-commits] [bridgedb] 03/04: Support multiple shim tokens

gitolite role git at cupani.torproject.org
Mon Jan 16 12:16:04 UTC 2023 

This is an automated email from the git hooks/post-receive script.

meskio pushed a commit to branch main
in repository bridgedb.

commit 4a11c2b453098f1499d2f196919fa365f6ab62bd
Author: meskio <meskio at torproject.org>
AuthorDate: Thu Dec 15 15:38:01 2022 +0100

    Support multiple shim tokens
---
 bridgedb/configure.py                |  7 +++++--
 bridgedb/distributors/moat/server.py | 12 ++++++------
 bridgedb/test/moat_helpers.py        |  2 +-
 3 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/bridgedb/configure.py b/bridgedb/configure.py
index fd997e0..5447d85 100644
--- a/bridgedb/configure.py
+++ b/bridgedb/configure.py
@@ -165,11 +165,14 @@ def loadConfig(configFile=None, configCls=None):
 
     if os.path.isfile(config.MOAT_SHIM_TOKEN_FILE):
         with open(config.MOAT_SHIM_TOKEN_FILE) as f:
-            setattr(config, "MOAT_SHIM_TOKEN", f.read())
+            tokens = f.read().split("\n")
+            while "" in tokens:
+                tokens.remove("")
+            setattr(config, "MOAT_SHIM_TOKENS", tokens)
         if not os.path.isfile(config.MOAT_DUMMY_BRIDGES_FILE):
             logging.warning("The dummy bridges file '%s' doesn't exist" % (config.MOAT_DUMMY_BRIDGES_FILE,))
     else:
-        config.MOAT_SHIM_TOKEN = None
+        config.MOAT_SHIM_TOKENS = []
         logging.info("No shim-token provided, moat will answer each request with bridge authority bridges.")
 
     return config
diff --git a/bridgedb/distributors/moat/server.py b/bridgedb/distributors/moat/server.py
index fe59b99..303936e 100644
--- a/bridgedb/distributors/moat/server.py
+++ b/bridgedb/distributors/moat/server.py
@@ -493,7 +493,7 @@ class CaptchaCheckResource(CaptchaResource):
     def __init__(self, distributor, schedule, N=1,
                  hmacKey=None, publicKey=None, secretKey=None,
                  useForwardedHeader=True, skipInvalid=False,
-                 shim_token=None):
+                 shim_tokens=None):
         """Create a new resource for checking CAPTCHA solutions and returning
         bridges to a client.
 
@@ -508,7 +508,7 @@ class CaptchaCheckResource(CaptchaResource):
             X-Forwarded-For header instead of the source IP address.
         :param bool skipInvalid: Skip invalid (e.g., loopback, private) addresses
             when parsing the X-Forwarded-For header.
-        :param bytes shim_token: the token that should be included on the header
+        :param bytes shim_tokens: a list of tokens that should be included on the header
             'shim-token' on each request or dummy bridges will be provided.
         """
         CaptchaResource.__init__(self, hmacKey, publicKey, secretKey,
@@ -517,7 +517,7 @@ class CaptchaCheckResource(CaptchaResource):
         self.schedule = schedule
         self.nBridgesToGive = N
         self.useForwardedHeader = useForwardedHeader
-        self.shim_token = shim_token
+        self.shim_tokens = shim_tokens
 
     def createBridgeRequest(self, ip, data):
         """Create an appropriate :class:`MoatBridgeRequest` from the ``data``
@@ -763,7 +763,7 @@ class CaptchaCheckResource(CaptchaResource):
             qrcode = None
             bridgeRequest = self.createBridgeRequest(clientIP, client_data)
             bridges = []
-            dummyBridges = self.shim_token and request.getHeader('shim-token') == self.shim_token
+            dummyBridges = self.shim_tokens and request.getHeader('shim-token') in self.shim_tokens
             bridges = self.getBridges(bridgeRequest, dummyBridges)
             bridgeLines = self.getBridgeLines(bridgeRequest, bridges)
             moatMetrix.recordValidMoatRequest(request)
@@ -837,7 +837,7 @@ def addMoatServer(config, distributor):
     fwdHeaders = config.MOAT_USE_IP_FROM_FORWARDED_HEADER
     numBridges = config.MOAT_BRIDGES_PER_ANSWER
     skipInvalid = config.MOAT_SKIP_LOOPBACK_ADDRESSES
-    shim_token = config.MOAT_SHIM_TOKEN
+    shim_tokens = config.MOAT_SHIM_TOKENS
 
     logging.info("Starting moat servers...")
 
@@ -868,7 +868,7 @@ def addMoatServer(config, distributor):
     check = CaptchaCheckResource(distributor, sched, numBridges,
                                  hmacKey, publicKey, secretKey,
                                  fwdHeaders, skipInvalid,
-                                 shim_token)
+                                 shim_tokens)
 
     moat.putChild(b"fetch", fetch)
     moat.putChild(b"check", check)
diff --git a/bridgedb/test/moat_helpers.py b/bridgedb/test/moat_helpers.py
index 452c207..bfbe863 100644
--- a/bridgedb/test/moat_helpers.py
+++ b/bridgedb/test/moat_helpers.py
@@ -69,7 +69,7 @@ MOAT_N_IP_CLUSTERS = %r
 MOAT_ROTATION_PERIOD = %r
 MOAT_GIMP_CAPTCHA_HMAC_KEYFILE = %r
 MOAT_GIMP_CAPTCHA_RSA_KEYFILE = %r
-MOAT_SHIM_TOKEN = ""
+MOAT_SHIM_TOKENS = ""
 """ % (GIMP_CAPTCHA_DIR,
        SERVER_PUBLIC_FQDN,
        SUPPORTED_TRANSPORTS,

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the tor-commits mailing list