Added page authentication

nomadnet/Node.py

@@ -79,7 +79,8 @@ class Node:
         directories = [file for file in os.listdir(base_path) if os.path.isdir(os.path.join(base_path, file)) and file[:1] != "."]
 
         for file in files:
-            self.servedpages.append(base_path+"/"+file)
+            if not file.endswith(".allowed"):
+                self.servedpages.append(base_path+"/"+file)
 
         for directory in directories:
             self.scan_pages(base_path+"/"+directory)
@@ -96,17 +97,63 @@ class Node:
 
     def serve_page(self, path, data, request_id, remote_identity, requested_at):
         RNS.log("Page request "+RNS.prettyhexrep(request_id)+" for: "+str(path), RNS.LOG_VERBOSE)
+
         file_path = path.replace("/page", self.app.pagespath, 1)
-        try:
-            RNS.log("Serving page: "+file_path, RNS.LOG_VERBOSE)
-            if os.access(file_path, os.X_OK):
-                generated = subprocess.run([file_path], stdout=subprocess.PIPE)
-                return generated.stdout
+
+        allowed_path = file_path+".allowed"
+        request_allowed = False
+
+        if os.path.isfile(allowed_path):
+            allowed_list = []
+
+            try:
+                if os.access(allowed_path, os.X_OK):
+                    allowed_result = subprocess.run([allowed_path], stdout=subprocess.PIPE)
+                    allowed_input = allowed_result.stdout
+
+                else:
+                    fh = open(allowed_path, "rb")
+                    allowed_input = fh.read()
+                    fh.close()
+
+                allowed_hash_strs = allowed_input.splitlines()
+
+                for hash_str in allowed_hash_strs:
+                    if len(hash_str) == RNS.Identity.TRUNCATED_HASHLENGTH//8*2:
+                        try:
+                            allowed_hash = bytes.fromhex(hash_str.decode("utf-8"))
+                            allowed_list.append(allowed_hash)
+
+                        except Exception as e:
+                            RNS.log("Could not decode RNS Identity hash from: "+str(hash_str), RNS.LOG_DEBUG)
+                            RNS.log("The contained exception was: "+str(e), RNS.LOG_DEBUG)
+
+            except Exception as e:
+                RNS.log("Error while fetching list of allowed identities for request: "+str(e), RNS.LOG_ERROR)
+
+            if remote_identity.hash in allowed_list:
+                request_allowed = True
             else:
-                fh = open(file_path, "rb")
-                response_data = fh.read()
-                fh.close()
-                return response_data
+                request_allowed = False
+                RNS.log("Denying request, remote identity was not in list of allowed identities", RNS.LOG_VERBOSE)
+
+        else:
+            request_allowed = True
+
+        try:
+            if request_allowed:
+                RNS.log("Serving page: "+file_path, RNS.LOG_VERBOSE)
+                if os.access(file_path, os.X_OK):
+                    generated = subprocess.run([file_path], stdout=subprocess.PIPE)
+                    return generated.stdout
+                else:
+                    fh = open(file_path, "rb")
+                    response_data = fh.read()
+                    fh.close()
+                    return response_data
+            else:
+                RNS.log("Request denied", RNS.LOG_VERBOSE)
+                return DEFAULT_NOTALLOWED.encode("utf-8")
 
         except Exception as e:
             RNS.log("Error occurred while handling request "+RNS.prettyhexrep(request_id)+" for: "+str(path), RNS.LOG_ERROR)
@@ -160,4 +207,9 @@ DEFAULT_INDEX = '''>Default Home Page
 This node is serving pages, but the home page file (index.mu) was not found in the page storage directory. This is an auto-generated placeholder.
 
 If you are the node operator, you can define your own home page by creating a file named `*index.mu`* in the page storage directory.
+'''
+
+DEFAULT_NOTALLOWED = '''>Request Not Allowed
+
+You are not authorised to carry out the request.
 '''