# AGPL 3 or any later version # (C) J.Y.Amihud ( Blender Dumbass ) from http.server import BaseHTTPRequestHandler, HTTPServer from subprocess import * import json import os import time import random import datetime import hashlib import urllib.request import urllib.parse import subprocess import os from modules import Set from modules import Render from modules.Common import * class handler(BaseHTTPRequestHandler): def log_message(self, format, *args): if "?" in self.path: self.path = self.path[:self.path.find("?")] q = clr["tbbl"] b = clr["tbbl"] try: if self.newview: b = clr["bold"]+clr["tbrd"] for i in self.parsed: if i != "password": q = q + "[ "+i+" : "+self.parsed[i][0]+" ] " else: q = q + "[ "+i+" : ******* ] " cookie = self.cookie toprint = consoleForm(cookie)+" "+b+"[ "+str(datetime.datetime.now())+" ] "+self.path+" "+q except: cookie = None toprint = consoleForm(cookie)+" "+b+"[ "+str(datetime.datetime.now())+" ] "+self.requestline print(toprint) folder = Set.Folder() filename = folder+"/logs/"+datetime.datetime.now().strftime('%Y-%m-%d')+".log" logfile = open(filename, "ab") logfile.write((toprint+"\n").encode('utf-8')) logfile.close() def do_POST(self): self.path = self.path.replace("/..", "/") self.path = self.path.replace("%27", "'") self.cookie = self.headers.get("Cookie") self.newview = False if self.cookie: self.cookie = self.cookie[-50:] # Failing early to make sure that nobody will # try attacking this part of the server. commands = ["do_edit"] found = False for i in commands: if i in self.path: found = True break if not found: Render.AccessDenied(self) return # Not allowing more than 1 MB for the sake of # network. A full book of Sheiny The Hacker # which was posted on blenderdumbass.org is # only about 160 KB. 1MB should be plenty. length = int(self.headers["Content-Length"]) if length < 1000000: try: text = self.rfile.read(length).decode("utf-8") except: Render.AccessDenied(self) return else: Render.AccessDenied(self) return #parsed_url = urllib.parse.urlparse(text) self.parsed = urllib.parse.parse_qs(text) if self.path[1:].startswith("do_edit"): Render.Publish(self) else: Render.NotFound(self) def do_GET(self): self.path = self.path.replace("/..", "/") self.path = self.path.replace("%27", "'") parsed_url = urllib.parse.urlparse(self.path) self.parsed = urllib.parse.parse_qs(parsed_url.query) self.cookie = self.headers.get("Cookie") if self.cookie: self.cookie = self.cookie[-50:] self.newview = False categories = list(Render.tabs().keys()) if self.path[:self.path.find("?")] == "/" or self.path == "/": Render.MainPage(self) elif self.path[1:] in categories or self.path[1:self.path.find("?")] in categories: url = self.path[1:] if "?" in url: url = url[:url.find("?")] Render.ListPage(self, url) elif self.path[1:].startswith(tuple(categories)): url = self.path[1:] if "?" in url: url = url[:url.find("?")] try: Render.ArticlePage(self, url) except: Render.NotFound(self) elif self.path[1:].startswith("account"): url = self.path[9:] if "?" in url: url = url[:url.find("?")] try: Render.AccountPage(self, url) except: Render.NotFound(self) elif self.path[1:].startswith("login"): Render.LoginPage(self) elif self.path[1:].startswith("editor"): Render.EditorPage(self) elif self.path[1:].startswith("register"): Render.RegisterPage(self) elif self.path[1:].startswith("settings"): Render.SettingsPage(self) elif self.path[1:].startswith("comment"): Render.DoComment(self) elif self.path[1:].startswith("delete_comment"): Render.DeleteComment(self) elif self.path[1:].startswith("update_account"): Render.UpdateAccount(self) elif self.path[1:].startswith("grant_publication_rights"): Render.UpdatePublicationRights(self) elif self.path[1:].startswith("create_invite"): Render.CreateInvite(self) elif self.path[1:].startswith("cancel_invite"): Render.CancelInvite(self) elif self.path[1:].startswith("log_out"): Render.LogOut(self) elif self.path[1:].startswith("do_login"): Render.Login(self) elif self.path[1:].startswith("do_register"): Render.Register(self) elif self.path[1:].startswith("read_notification"): Render.ReadNotification(self) elif self.path.startswith("/graph/"): url = self.path[6:] if "?" in url: url = url[:url.find("?")] Render.Graph(self, url) elif self.path == "/rss": Render.RSS(self) elif self.path.startswith("/pictures/"): try: folder = Set.Folder() f = open(folder+self.path, "rb") f = f.read() Render.headers(self, 200) self.wfile.write(f) except: Render.NotFound(self) elif self.path == "/css": config = Set.Load() filename = config.get("css", "default.css") cssfile = open(filename, "rb") cssfile = cssfile.read() Render.headers(self, 200) self.wfile.write(cssfile) elif self.path.startswith("/icon/"): folder = "icons" icon = folder+"/"+self.path[6:]+".png" f = open(icon, "rb") f = f.read() Render.headers(self, 200) self.wfile.write(f) else: Render.NotFound(self) config = Set.Load() PORT = config.get("port", 8080) serve = HTTPServer(("", PORT), handler) try: serve.serve_forever() except KeyboardInterrupt: print("\nServer Stopped!")