Rev903, FeedQuery command only available for ADMIN sites, Show bad files in sidebar, Log unknown messages, Add and check inner_path and site address on sign/verify, Better peer cleanup limit, Log site load times, Testcase for address and inner_path verification, Re-sign testsite with new fields, Fix unnecessary loading screen display when browsing sub-folder with index.html, Fix safari notification width

plugins/Newsfeed/NewsfeedPlugin.py

@@ -12,6 +12,9 @@ class UiWebsocketPlugin(object):
         self.response(to, feeds)
 
     def actionFeedQuery(self, to):
+        if "ADMIN" not in self.site.settings["permissions"]:
+            return self.response(to, "FeedQuery not allowed")
+
         from Site import SiteManager
         rows = []
         for address, site_data in self.user.sites.iteritems():

plugins/Sidebar/SidebarPlugin.py

@@ -254,6 +254,21 @@ class UiWebsocketPlugin(object):
             </li>
         """.format(**locals()))
 
+    def sidebarRenderBadFiles(self, body, site):
+        body.append("""
+            <li>
+             <label>Missing files:</label>
+             <ul class='filelist'>
+        """)
+
+        for bad_file in site.bad_files.keys():
+            body.append("<li class='color-red'>%s</li>" % bad_file)
+
+        body.append("""
+             </ul>
+            </li>
+        """)
+
     def sidebarRenderDbOptions(self, body, site):
         if not site.storage.db:
             return False
@@ -352,6 +367,8 @@ class UiWebsocketPlugin(object):
         has_optional = self.sidebarRenderOptionalFileStats(body, site)
         if has_optional:
             self.sidebarRenderOptionalFileSettings(body, site)
+        if site.bad_files:
+            self.sidebarRenderBadFiles(body, site)
         self.sidebarRenderDbOptions(body, site)
         self.sidebarRenderIdentity(body, site)
 

plugins/Sidebar/media/Sidebar.css

@@ -65,6 +65,9 @@
 .graph-legend b { text-align: right; display: inline-block; width: 50px; float: right; font-weight: normal; }
 .graph-legend li:before { content: '\2022'; font-size: 23px; line-height: 0px; vertical-align: -3px; margin-right: 5px; }
 
+.filelist { font-size: 12px; font-family: monospace; margin: 0px; padding: 0px; list-style-type: none; line-height: 1.5em; }
+.filelist li:before { content: '\2022'; font-size: 11px; line-height: 0px; vertical-align: 0px; margin-right: 5px; color: #FFBE00; }
+
 /* COLORS */
 
 .back-green { background-color: #2ECC71 }

plugins/Sidebar/media/all.css

@@ -119,6 +119,9 @@
 .graph-legend b { text-align: right; display: inline-block; width: 50px; float: right; font-weight: normal; }
 .graph-legend li:before { content: '\2022'; font-size: 23px; line-height: 0px; vertical-align: -3px; margin-right: 5px; }
 
+.filelist { font-size: 12px; font-family: monospace; margin: 0px; padding: 0px; list-style-type: none; line-height: 1.5em; }
+.filelist li:before { content: '\2022'; font-size: 11px; line-height: 0px; vertical-align: 0px; margin-right: 5px; color: #FFBE00; }
+
 /* COLORS */
 
 .back-green { background-color: #2ECC71 }

src/Config.py

@@ -8,7 +8,7 @@ class Config(object):
 
     def __init__(self, argv):
         self.version = "0.3.6"
-        self.rev = 900
+        self.rev = 903
         self.argv = argv
         self.action = None
         self.config_file = "zeronet.conf"

src/Connection/Connection.py

@@ -257,7 +257,8 @@ class Connection(object):
                 self.server.handleRequest(self, message)
         else:  # Old style response, no req_id definied
             if config.debug_socket:
-                self.log("Old style response, waiting: %s" % self.waiting_requests.keys())
+                self.log("Unknown message: %s, waiting: %s" % (message, self.waiting_requests.keys()))
+            if self.waiting_requests:
                 last_req_id = min(self.waiting_requests.keys())  # Get the oldest waiting request and set it true
                 self.waiting_requests[last_req_id].set(message)
                 del self.waiting_requests[last_req_id]  # Remove from waiting request

src/Content/ContentManager.py

@@ -379,10 +379,12 @@ class ContentManager(object):
 
         new_content["modified"] = time.time()  # Add timestamp
         if inner_path == "content.json":
-            new_content["address"] = self.site.address
             new_content["zeronet_version"] = config.version
             new_content["signs_required"] = content.get("signs_required", 1)
 
+        new_content["address"] = self.site.address
+        new_content["inner_path"] = inner_path
+
         # Verify private key
         from Crypt import CryptBitcoin
         self.log.info("Verifying private key...")
@@ -484,6 +486,16 @@ class ContentManager(object):
 
         site_size_limit = self.site.getSizeLimit() * 1024 * 1024
 
+        # Check site address
+        if content.get("address") and content["address"] != self.site.address:
+            self.log.error("%s: Wrong site address: %s != %s" % (inner_path, content["address"], self.site.address))
+            return False
+
+        # Check file inner path
+        if content.get("inner_path") and content["inner_path"] != inner_path:
+            self.log.error("%s: Wrong inner_path: %s" % (inner_path, content["inner_path"]))
+            return False
+
         # Check total site size limit
         if site_size > site_size_limit:
             self.log.error("%s: Site too large %s > %s, aborting task..." % (inner_path, site_size, site_size_limit))

src/Site/Site.py

@@ -777,7 +777,7 @@ class Site(object):
             if time.time() - peer.time_found > 60 * 60 * 4:  # Not found on tracker or via pex in last 4 hour
                 peer.remove()
                 removed += 1
-            if removed > 5:  # Don't remove too much at once
+            if removed > len(peers)*0.1:  # Don't remove too much at once
                 break
 
         if removed:

src/Site/SiteManager.py

@@ -2,6 +2,7 @@ import json
 import logging
 import re
 import os
+import time
 
 from Plugin import PluginManager
 from Config import config
@@ -23,7 +24,9 @@ class SiteManager(object):
         # Load new adresses
         for address in json.load(open("%s/sites.json" % config.data_dir)):
             if address not in self.sites and os.path.isfile("%s/%s/content.json" % (config.data_dir, address)):
+                s = time.time()
                 self.sites[address] = Site(address)
+                logging.debug("Loaded site %s in %.3fs" % (address, time.time()-s))
                 added += 1
             address_found.append(address)
 
@@ -77,8 +80,8 @@ class SiteManager(object):
 
     # Lazy load sites
     def list(self):
-        logging.debug("Loading sites...")
         if self.sites is None:  # Not loaded yet
+            logging.debug("Loading sites...")
             self.load()
         return self.sites
 

src/Test/TestContent.py

@@ -132,3 +132,44 @@ class TestContent:
         file_info_optional = site.content_manager.getFileInfo("data/users/1CjfbrbwtP8Y2QjPy12vpTATkUT7oSiPQ9/peanut-butter-jelly-time.gif")
         assert "sha512" in file_info_optional
         assert file_info_optional["optional"] is True
+
+    def testVerify(self, site):
+        privatekey = "5KUh3PvNm5HUWoCfSUfcYvfQ2g3PrRNJWr6Q9eqdBGu23mtMntv"
+        inner_path = "data/test_include/content.json"
+        data_dict = site.content_manager.contents[inner_path]
+        data = StringIO(json.dumps(data_dict))
+
+        # Re-sign
+        data_dict["signs"] = {
+            "1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT": CryptBitcoin.sign(json.dumps(data_dict, sort_keys=True), privatekey)
+        }
+        assert site.content_manager.verifyFile(inner_path, data, ignore_same=False)
+
+        # Wrong address
+        data_dict["address"] = "Othersite"
+        del data_dict["signs"]
+        data_dict["signs"] = {
+            "1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT": CryptBitcoin.sign(json.dumps(data_dict, sort_keys=True), privatekey)
+        }
+        data = StringIO(json.dumps(data_dict))
+        assert not site.content_manager.verifyFile(inner_path, data, ignore_same=False)
+
+        # Wrong inner_path
+        data_dict["address"] = "1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT"
+        data_dict["inner_path"] = "content.json"
+        del data_dict["signs"]
+        data_dict["signs"] = {
+            "1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT": CryptBitcoin.sign(json.dumps(data_dict, sort_keys=True), privatekey)
+        }
+        data = StringIO(json.dumps(data_dict))
+        assert not site.content_manager.verifyFile(inner_path, data, ignore_same=False)
+
+        # Everything right again
+        data_dict["address"] = "1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT"
+        data_dict["inner_path"] = inner_path
+        del data_dict["signs"]
+        data_dict["signs"] = {
+            "1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT": CryptBitcoin.sign(json.dumps(data_dict, sort_keys=True), privatekey)
+        }
+        data = StringIO(json.dumps(data_dict))
+        assert site.content_manager.verifyFile(inner_path, data, ignore_same=False)

src/Test/testdata/1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT/content.json

@@ -120,17 +120,18 @@
    "signers_required": 1
   }
  },
- "modified": 1447360051.327, 
+ "inner_path": "content.json",
+ "modified": 1455627530.109,
  "optional": "(data/img/zero.*|data/optional.txt)",
  "sign": [
-  56704502697521630823845805057259088854630715424341172278564490141452525844500, 
-  111213707061262926968239474633357178510296590563162180659113023094835495771512
+  56763270038560745436697526128861466167000101701098791135393385088076329237645,
+  46423470772308783254156002360537851856745613551416274134961612754829184383599
  ],
  "signers_sign": "HDNmWJHM2diYln4pkdL+qYOvgE7MdwayzeG+xEUZBgp1HtOjBJS+knDEVQsBkjcOPicDG2it1r6R1eQrmogqSP0=",
  "signs": {
-  "1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT": "G9Q5OVyYWlrvBX/s3AQTwchJr2ZefBwQdQEWyhkBJKsMDLZS6nt7o3hBsxm26FpKaBmpOfGpg2O1MQv6U0nUkiI="
+  "1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT": "G/FMSzye50ajO+23QXkWG1BubOlDGj85qD6U4rg3H4eZNpVhb0o6M+l16HpFka+F/VUg+fYXlaZhLjlLj2tJ4HY="
  },
  "signs_required": 1,
  "title": "ZeroBlog",
- "zeronet_version": "0.3.3"
+ "zeronet_version": "0.3.6"
 }

src/Test/testdata/1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT/data/test_include/content.json

@@ -1,12 +1,14 @@
 {
+ "address": "1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT",
  "files": {
   "data.json": {
    "sha512": "369d4e780cc80504285f13774ca327fe725eed2d813aad229e62356b07365906",
    "size": 505
   }
  },
- "modified": 1443088412.024, 
+ "inner_path": "data/test_include/content.json",
+ "modified": 1455627532.816,
  "signs": {
-  "1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT": "HPpRa/7ic/03aJ6vfz3zt3ezsnkDeaet85HGS3Rm9vCXWGsdOXboMynb/sZcTfPMC1bQ3zLRdUNMqmifKw/gnNg="
+  "1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT": "HO9fdfTZUqwp8j0WfimcopME7Ki7qHWfrTP7VT/jyFGZWkiL3H7wfBZfNYTG2H48foa+O8X3KMZnFcdsUXsEn60="
  }
 }

src/Test/testdata/1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT/data/users/1CjfbrbwtP8Y2QjPy12vpTATkUT7oSiPQ9/content.json

@@ -1,4 +1,5 @@
 {
+ "address": "1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT",
  "cert_auth_type": "web",
  "cert_sign": "HBsTrjTmv+zD1iY93tSci8n9DqdEtYwzxJmRppn4/b+RYktcANGm5tXPOb+Duw3AJcgWDcGUvQVgN1D9QAwIlCw=",
  "cert_user_id": "toruser@zeroid.bit",
@@ -14,9 +15,10 @@
    "size": 1606
   }
  },
- "modified": 1447360055.489, 
+ "inner_path": "data/users/1CjfbrbwtP8Y2QjPy12vpTATkUT7oSiPQ9/content.json",
+ "modified": 1455627534.538,
  "optional": ".*\\.(jpg|png|gif)",
  "signs": {
-  "1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT": "HKdnxBP3KnBM57lsCFtqV2C2k60zWzD9hNVfvbY7uytzvGiFhFaV6VP4qcvhCWTBUnbuVzk3xPNFOctSdUCcoPk="
+  "1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT": "HIZ4xRMkGntdfcAtKdDPAHpuuW/wcufkDtiek0tfH3y8WUoUi3deAnidT9jqogFXyBiB4rzyOpRt9P44BrlVTk4="
  }
 }

src/Test/testdata/1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT/data/users/1J6UrZMkarjVg5ax9W4qThir3BFUikbW6C/content.json

@@ -1,4 +1,5 @@
 {
+ "address": "1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT",
  "cert_auth_type": "web",
  "cert_sign": "HBsTrjTmv+zD1iY93tSci8n9DqdEtYwzxJmRppn4/b+RYktcANGm5tXPOb+Duw3AJcgWDcGUvQVgN1D9QAwIlCw=",
  "cert_user_id": "toruser@zeroid.bit",
@@ -8,8 +9,9 @@
    "size": 168
   }
  },
- "modified": 1447360055.88, 
+ "inner_path": "data/users/1J6UrZMkarjVg5ax9W4qThir3BFUikbW6C/content.json",
+ "modified": 1455627535.065,
  "signs": {
-  "1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT": "G6HTP9PzwOM2Wee+FpXWBEHtj0MM+7qdBYvioW94ehZBjp8hUI1hQE4JGWSGm9ra+LIg5Cf6jPxLa8onQscn5z0="
+  "1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT": "G8u8uWLCcPSFlcEGJEM6LNEOeF+e0SNStXjECd3UKRvSXVB5H4so0RpSCmNxINmN1aLzy3+UTOHO7lvrua1lqzg="
  }
 }

src/Test/testdata/1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT/data/users/content.json

@@ -1,9 +1,11 @@
 {
+ "address": "1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT",
  "files": {},
  "ignore": ".*",
- "modified": 1447360051.802, 
+ "inner_path": "data/users/content.json",
+ "modified": 1455627530.754,
  "signs": {
-  "1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT": "G9Io0btASe4xDPfiCMpP8TwNZ/35BTNlCQqIRpMtXtQjnNEEEJ5H4eFdDma+GMcnzT9SSxmQ07sG8fQL61r2H/o="
+  "1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT": "HN7lUpibow9whR2O1C0reOX847Vs7PqCLuLfycV4cG++YlQ7xOxcYzEI3heSz7NnjVa63YU60mwndvxNEGow3Ag="
  },
  "user_contents": {
   "cert_signers": {

src/Ui/UiRequest.py

@@ -219,6 +219,9 @@ class UiRequest(object):
         if not file_inner_path:
             file_inner_path = "index.html"  # If inner path defaults to index.html
 
+        if file_inner_path.endswith("/"):
+            file_inner_path = file_inner_path + "index.html"
+
         address = re.sub("/.*", "", path.lstrip("/"))
         if self.isProxyRequest() and (not path or "/" in path[1:]):
             file_url = re.sub(".*/", "", inner_path)

src/Ui/media/Wrapper.coffee

@@ -384,7 +384,7 @@ else
 ws_url = proto.ws + ":" + origin.replace(proto.http+":", "") + "/Websocket?wrapper_key=" + window.wrapper_key
 
 
-if window.opener
+if window.opener and window.postmessage_nonce_security == false
 	# Window opener security problem workaround: Open a new window, close this one
 	console.log "Opener present:", window.opener
 	setTimeout ( ->  # Wait 200ms to parent tab closing
@@ -400,6 +400,6 @@ if window.opener
 			window.location.reload()
 			# Opener gone, continue init
 			# window.wrapper = new Wrapper(ws_url)
-	), 100
+	), 150
 else
 	window.wrapper = new Wrapper(ws_url)

src/Ui/media/Wrapper.css

@@ -49,7 +49,7 @@ a { color: black }
 	text-align: center; background-color: #e74c3c; line-height: 45px; vertical-align: bottom; font-size: 40px; color: white;
 }
 .notification .body {
-	max-width: 560px; padding-left: 14px; padding-right: 60px; height: 40px; vertical-align: middle; display: table;
+	padding-left: 14px; padding-right: 60px; height: 40px; vertical-align: middle; display: table;
 	background-color: white; left: 50px; top: 0; position: relative; padding-top: 5px; padding-bottom: 5px;
 }
 .notification.long .body { padding-top: 10px; padding-bottom: 10px }

src/Ui/media/all.css

@@ -54,7 +54,7 @@ a { color: black }
 	text-align: center; background-color: #e74c3c; line-height: 45px; vertical-align: bottom; font-size: 40px; color: white;
 }
 .notification .body {
-	max-width: 560px; padding-left: 14px; padding-right: 60px; height: 40px; vertical-align: middle; display: table;
+	padding-left: 14px; padding-right: 60px; height: 40px; vertical-align: middle; display: table;
 	background-color: white; left: 50px; top: 0; position: relative; padding-top: 5px; padding-bottom: 5px;
 }
 .notification.long .body { padding-top: 10px; padding-bottom: 10px }

src/Ui/media/all.js

@@ -1266,7 +1266,7 @@ jQuery.extend( jQuery.easing,
 
   ws_url = proto.ws + ":" + origin.replace(proto.http + ":", "") + "/Websocket?wrapper_key=" + window.wrapper_key;
 
-  if (window.opener) {
+  if (window.opener && window.postmessage_nonce_security === false) {
     console.log("Opener present:", window.opener);
     setTimeout((function() {
       var elem;
@@ -1281,7 +1281,7 @@ jQuery.extend( jQuery.easing,
       } else {
         return window.location.reload();
       }
-    }), 100);
+    }), 150);
   } else {
     window.wrapper = new Wrapper(ws_url);
   }