Index: sitescripts/reports/web/resolveReport.py |
=================================================================== |
new file mode 100644 |
--- /dev/null |
+++ b/sitescripts/reports/web/resolveReport.py |
@@ -0,0 +1,69 @@ |
+# This file is part of the Adblock Plus web scripts, |
+# Copyright (C) 2006-present eyeo GmbH |
+# |
+# Adblock Plus is free software: you can redistribute it and/or modify |
+# it under the terms of the GNU General Public License version 3 as |
+# published by the Free Software Foundation. |
+# |
+# Adblock Plus is distributed in the hope that it will be useful, |
+# but WITHOUT ANY WARRANTY; without even the implied warranty of |
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
+# GNU General Public License for more details. |
+# |
+# You should have received a copy of the GNU General Public License |
+# along with Adblock Plus. If not, see <http://www.gnu.org/licenses/>. |
+ |
+import base64 |
+ |
+from cryptography.hazmat.primitives.ciphers import aead |
+from cryptography.exceptions import InvalidTag |
+ |
+from sitescripts.utils import get_config |
+from sitescripts.web import url_handler |
+ |
+CONF_SECTION = 'reports_anonymization' |
+CONF_KEY_KEY = 'encryption_key' |
+CONF_URL_KEY = 'redirect_url' |
+ |
+ |
+def _decrypt_report_id(guid): |
+ """Decrypt and verify the report id. |
+ |
+ Returns |
+ ------- |
+ str or None |
+ Decrypted id if successfully decrypted, None otherwise. |
+ |
+ """ |
+ config = get_config() |
+ key = base64.b64decode(config.get(CONF_SECTION, CONF_KEY_KEY)) |
+ |
+ # https://cryptography.io/en/latest/hazmat/primitives/aead/ |
+ aes_gcm = aead.AESGCM(key) |
+ |
+ try: |
+ encoded_nonce, encoded_data = guid.split(',', 1) |
+ nonce = base64.b64decode(encoded_nonce) |
+ encypted_data = base64.b64decode(encoded_data) |
+ return aes_gcm.decrypt(nonce, encypted_data, None) |
+ except (ValueError, TypeError, InvalidTag): |
mathias
2017/10/24 14:53:44
Exceptions should get logged (they'll appear in ou
Vasily Kuznetsov
2017/10/24 15:36:58
Done.
|
+ return None |
+ |
+ |
+@url_handler('/resolveReport') |
+def resolve_report(environ, start_response): |
+ """Decrypt report guid and redirect to report URL.""" |
+ config = get_config() |
+ redirect_url_template = config.get(CONF_SECTION, CONF_URL_KEY) |
+ |
+ guid = environ.get('QUERY_STRING', '') |
+ report_id = _decrypt_report_id(guid) |
+ |
+ if report_id is None: |
+ code, message, headers = 404, 'Not Found', [] |
mathias
2017/10/24 14:53:45
Please use httplib.NOT_FOUND. even if (or, for edu
Vasily Kuznetsov
2017/10/24 15:36:57
Done.
|
+ else: |
+ location = redirect_url_template.format(report_id=report_id) |
+ code, message, headers = 302, 'Found', [('Location', location)] |
mathias
2017/10/24 14:53:44
Same here, httplib.FOUND should do the trick.
Vasily Kuznetsov
2017/10/24 15:36:58
Done.
|
+ |
+ start_response('{} {}'.format(code, message), headers) |
mathias
2017/10/24 14:53:44
Why don't you get the message via lookup based on
Vasily Kuznetsov
2017/10/24 15:36:57
Done.
|
+ return [message] |