Add better authentication

Closes #5
This commit is contained in:
Samuel Sloniker 2021-07-05 11:21:10 -07:00
parent 44375b4b11
commit a5bae2c0e2
2 changed files with 46 additions and 27 deletions

View File

@ -62,6 +62,9 @@ function setup() {
errorbox.style.display = 'block' errorbox.style.display = 'block'
canvas.style.display = 'none' canvas.style.display = 'none'
} }
ws.onopen = function(e) {
ws.send('pass ' + localStorage.getItem('password'))
}
setInterval(function(){ws.send('ack')}, 3000) setInterval(function(){ws.send('ack')}, 3000)
} }
@ -79,7 +82,7 @@ function release(e) {
y = e.layerY y = e.layerY
w = displayWidth w = displayWidth
length = is_short?false:true length = is_short?false:true
ws.send('touch ' + localStorage.getItem('password') + ' ' + x + ' ' + y + ' ' + w + ' ' + length) ws.send('touch ' + x + ' ' + y + ' ' + w + ' ' + length)
clearTimeout(click_timeout) clearTimeout(click_timeout)
is_short = true is_short = true
} }

View File

@ -74,24 +74,7 @@ class Client:
class HCRAServer(tornado.websocket.WebSocketHandler): class HCRAServer(tornado.websocket.WebSocketHandler):
def open(self): def open(self):
try: self.has_auth = False
self.client = Client(self)
except DisconnectError as e:
self.write_message(str(e))
return
try:
imgname = imgproc.get_full_img()
except Exception as e:
self.write_message('err%noconn%Server failed to capture screenshot')
return
with open(imgname, 'rb') as f:
img = f.read()
os.unlink(imgname)
self.write_message(f'pic%0x0%data:image/jpeg;base64,{base64.b64encode(img).decode("utf-8")}')
self.is_open = True
self.client.ack()
def on_close(self): def on_close(self):
global client global client
@ -102,17 +85,50 @@ class HCRAServer(tornado.websocket.WebSocketHandler):
def on_message(self, message): def on_message(self, message):
action = message.split(' ', 1)[0] action = message.split(' ', 1)[0]
if action == 'ack': if not self.has_auth:
self.client.good = True print(message)
else: print(action)
_, password, x, y, w, is_long = message.split(' ') print(action != 'pass')
if action != 'pass':
self.write_message('err%*mustauth%Authentication required')
self.close()
return
try: try:
ph.verify(config_data['password_argon2'], password) ph.verify(config_data['password_argon2'], message.split(' ', 1)[1])
except argon2.exceptions.VerifyMismatchError:
self.write_message(f'err%*badpass%Incorrect password')
self.close()
return
try:
self.client = Client(self)
except DisconnectError as e:
self.write_message(str(e))
return
try:
imgname = imgproc.get_full_img()
except Exception as e:
self.write_message('err%noconn%Server failed to capture screenshot')
return
with open(imgname, 'rb') as f:
img = f.read()
os.unlink(imgname)
self.write_message(f'pic%0x0%data:image/jpeg;base64,{base64.b64encode(img).decode("utf-8")}')
self.is_open = True
self.client.ack()
self.has_auth = True
else:
if action == 'ack':
self.client.good = True
else:
print(message)
_, x, y, w, is_long = message.split(' ')
x, y, w, is_long = int(x), int(y), int(w), is_long == 'true' x, y, w, is_long = int(x), int(y), int(w), is_long == 'true'
imgproc.touch(x, y, w, is_long) imgproc.touch(x, y, w, is_long)
except argon2.exceptions.VerifyMismatchError:
self.client.send(f'err%*badpass%Incorrect password', 'BADPASS')
self.close()
def check_origin(self, origin): def check_origin(self, origin):
return True return True