gutting secrets

Lamden · Oct 3, 2017 · a97c421 · a97c421
1 parent 891c096
commit a97c421
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 89 deletions.
diff --git a/api.py b/api.py
@@ -74,56 +74,14 @@ def post(self):
 # GET does not require auth and just downloads packages. no data returns the DHT on IPFS or the whole SQL_Engine thing.
 # POST required last secret. Secret is then flushed so auth is required again before POSTing again
 class PackageRegistry(Resource):
-	def get(self):
-		# checks if the user can create a new package entry
-		# if so, returns a new secret
-		# user then must post the signed package to this endpoint
-		sql = SQL_Engine(DB_NAME)
-
-		if not sql.check_package(request.form['owner'], request.form['package']):
-			# try to pull the users public key
-			query = sql.get_key(request.form['owner'])
-
-			# in doing so, check if the user exists
-			if query == None:
-				return error_payload('Owner does not exist.')
-
-			# construct the user's public key
-			user_public_key = rsa.PublicKey(int(query[0]), int(query[1]))
-
-			# create a new secret
-			secret = random_string(53)
-
-			# sign and store it in the db so no plain text instance exists in the universe
-			server_signed_secret = str(rsa.encrypt(secret.encode('utf8'), KEY[0]))
-			query = sql.set_secret(request.form['owner'], server_signed_secret)
-
-			# sign and send secret to user
-			user_signed_secret = rsa.encrypt(secret.encode('utf8'), user_public_key)
-			return success_payload(str(user_signed_secret), 'Package available to register.')
-
-		else:
-			return error_payload('Package already exists.')
-
 	def post(self):
 		sql = SQL_Engine(DB_NAME)
 
-		payload = {
-			'owner' : request.form['owner'],
-			'package' : request.form['package'],
-			'data' : request.form['data']
-		}
-
-		owner = request.form['owner']
-		package = request.form['package']
-		data = request.form['data']
-		b = sql.get_named_secret(owner)
-		secret = rsa.decrypt(eval(b), KEY[1])
-
 		# data is a python tuple of the templated solidity at index 0 and an example payload at index 1
 		# compilation of this code should return true
 		# if there are errors, don't commit it to the db
 		# otherwise, commit it
+
 		raw_data = decrypt(secret, eval(data))
 		package_data = json.loads(raw_data.decode('utf8'))
 		'''
@@ -134,12 +92,12 @@ def post(self):
 		'''
 
 		# assert that the code compiles with the provided example
-		tsol.compile(StringIO(package_data['tsol']), package_data['example'])
+		tsol.compile(StringIO(request.form['template']), request.form['example'])
 
-		template = pickle.dumps(package_data['tsol'])
-		example = pickle.dumps(package_data['example'])
+		template = pickle.dumps(request.form['template'])
+		example = pickle.dumps(request.form['example'])
 
-		if sql.add_package(owner, package, template, example) == True:
+		if sql.add_package(request.form['owner'], request.form['package'], template, example) == True:
 			return success_payload(None, 'Package successfully uploaded.')
 		return error_payload('Problem uploading package. Try again.')
 
@@ -160,16 +118,6 @@ def get(self):
 api.add_resource(NameRegistry, '/names')
 api.add_resource(PackageRegistry, '/package_registry')
 api.add_resource(Packages, '/packages')
-(pub, priv) = rsa.newkeys(512)
-KEY = (pub, priv)
-
-if not os.path.isfile('./SUPERSECRET'):
-	with open('./SUPERSECRET', 'wb') as f:
-		pickle.dump(KEY, f, pickle.HIGHEST_PROTOCOL)
-
-else:
-	with open('./SUPERSECRET', 'rb') as f:
-		KEY = pickle.load(f)
 
 def main():
 	http_server = WSGIServer(('', 5000), app)

diff --git a/engine.py b/engine.py
@@ -9,28 +9,37 @@ def __init__(self, *args):
 		self.log = logging.getLogger(resource_filename(__name__, __file__))
 
 	def exists(self, query):
+		# returns True or False
 		raise NotImplementedError()
 
 	def check_name(self, name):
+		# returns True or False
 		raise NotImplementedError()
 
 	def add_name(self, name, n, e):
+		# returns True or False
 		raise NotImplementedError()
 
 	def get_package(self, owner, package):
+		'''
+		returns
+		{
+			'template' : str(pickle.loads(query[0])),
+			'example' : str(pickle.loads(query[1]))
+		}
+		'''
 		raise NotImplementedError()
 
 	def check_package(self, owner, package):
+		# returns True or False
 		raise NotImplementedError()
 
 	def get_key(self, name):
 		raise NotImplementedError()
 
-	def set_secret(self, name, secret):
-		raise NotImplementedError()
-
-	def get_named_secret(self, name):
-		raise NotImplementedError()
-
 	def add_package(self, owner, package, template, example):
 		raise NotImplementedError()
+
+	def verify(self, message, name):
+		pass
+		#raise NotImplementedError()
diff --git a/flora.py b/flora.py
@@ -13,9 +13,11 @@
 import tsol
 from simplecrypt import encrypt, decrypt
 import api
+
 API_LOCATION = 'http://127.0.0.1:5000'
 KEY_LOCATION = os.path.expanduser('~/.flora')
 api.main()
+
 def check_package_name_format(name):
 	split_string = name.split('/')
 	if len(split_string) != 2:
@@ -166,40 +168,29 @@ def upload(package_name):
 
 	print('*.tsol and *.json compiled with 0 errors. Proceeding to upload.')
 
-	payload = {
-		'tsol' : open(code_path[0]).read(),
-		'example' : example
-	}
-
+	template = open(code_path[0]).read()
 	owner = split_string[0]
 	package = split_string[1]
 
-	# to replace authorize because you don't need it
-	r = requests.get('{}/package_registry'.format(API_LOCATION), data = {'owner' : owner, 'package' : package})
-
-	# check to see if there was a success (the package is available)
-	print(r.json()['message'])
-	if r.json()['status'] == 'success':
+	# if so, decrypt the secret
+	(pub, priv) = pickle.load(open('{}/.key'.format(KEY_LOCATION), 'rb'))
 
-		# if so, decrypt the secret
-		secret = r.json()['data']
-		(pub, priv) = pickle.load(open('{}/.key'.format(KEY_LOCATION), 'rb'))
-		cipher = rsa.decrypt(eval(secret), priv)
+	print('Encrypting package...')
 
-		print('Encrypting package...')
+
 
-		# sign data
-		payload = json.dumps(payload)
-		message = encrypt(cipher, payload)
+	payload = {
+		'owner' : owner,
+		'package' : package,
+		'template' : template,
+		'example' : example
+	}
 
-		# post data
-		data = message
-		print('Uploading to Flora under {}/{}...'.format(owner, package))
-		r = requests.post('{}/package_registry'.format(API_LOCATION), data = {'owner' : owner, 'package' : package, 'data' : str(data)})
+	# post data
+	print('Uploading to Flora under {}/{}...'.format(owner, package))
+	r = requests.post('{}/package_registry'.format(API_LOCATION), data = payload)
 
-		print(r.json()['message'])
-	else:
-		print(r.json()['message'])
+	print(r.json()['message'])
 
 @cli.command()
 @click.argument('package_name')