Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix vulnerability and add warning
  • Loading branch information
patrickfuller committed Jul 21, 2022
1 parent bbd53a2 commit bf6af5c
Show file tree
Hide file tree
Showing 8 changed files with 13 additions and 17 deletions.
15 changes: 8 additions & 7 deletions README.md
Expand Up @@ -3,7 +3,9 @@ camp

Another Raspberry Pi camera webserver.

![](img/example.png)
**USE AT YOUR OWN RISK. SEE [#11](https://github.com/patrickfuller/camp/issues/11) FOR MORE.**

![](static/img/example.png)

What it does
============
Expand Down Expand Up @@ -52,11 +54,11 @@ python camp/server.py

Navigate to http://your.r.pi.ip:8000 and check out your webcam.

#### USB Camera
### USB Camera

Use with `python server.py --use-usb`.

#### Password
### Password

![](img/login.png)

Expand All @@ -73,18 +75,17 @@ python -c "import hashlib; import getpass; print(hashlib.sha512(getpass.getpass(
This will prompt you for a password, encrypt it, and save the result in
`password.txt`.

Note that this level of password protection is basic - it's fine for keeping the
occasional stranger out, but won't stand up to targeted hacking.
**Note that this level of password protection is basic.** It's fine for keeping the occasional stranger out but won't stand up to targeted hacking.

#### Run on startup
### Run on startup

It's nice to have your pi start camp whenever it turns on. Let's make that
happen. Type `sudo nano /etc/rc.local` to open this file for editing, and add
the line `nohup python /home/pi/camp/server.py &` before the last line. Note
that you may need to change the path (`/home/pi/camp/server.py`) to point to
the right file.

#### Customization
### Customization

The website consists of `index.html`, `login.html`, and `style.css`. These can be
edited to change the look of camp.
Expand Down
15 changes: 5 additions & 10 deletions server.py
Expand Up @@ -7,7 +7,6 @@
import hashlib
import os
import time
import threading
import webbrowser

try:
Expand Down Expand Up @@ -42,19 +41,14 @@ def get(self):

def post(self):
password = self.get_argument("password", "")
if hashlib.sha512(password).hexdigest() == PASSWORD:
if hashlib.sha512(password.encode()).hexdigest() == PASSWORD:
self.set_secure_cookie(COOKIE_NAME, str(time.time()))
self.redirect("/")
else:
time.sleep(1)
self.redirect(u"/login?error")


class ErrorHandler(tornado.web.RequestHandler):
def get(self):
self.send_error(status_code=403)


class WebSocket(tornado.websocket.WebSocketHandler):

def on_message(self, message):
Expand Down Expand Up @@ -128,9 +122,10 @@ def loop(self):

handlers = [(r"/", IndexHandler), (r"/login", LoginHandler),
(r"/websocket", WebSocket),
(r"/static/password.txt", ErrorHandler),
(r'/static/(.*)', tornado.web.StaticFileHandler, {'path': ROOT})]
application = tornado.web.Application(handlers, cookie_secret=PASSWORD)
(r'/static/(.*)', tornado.web.StaticFileHandler, {'path': os.path.join(ROOT, 'static')})]

secret = base64.b64encode(os.urandom(50)).decode('ascii')
application = tornado.web.Application(handlers, cookie_secret=secret)
application.listen(args.port)

webbrowser.open("http://localhost:%d/" % args.port, new=2)
Expand Down
File renamed without changes.
File renamed without changes.
File renamed without changes
File renamed without changes
File renamed without changes
File renamed without changes.

0 comments on commit bf6af5c

Please sign in to comment.