Merge branch 'censorship_automatically_attempt_and_reconnect' of https://github.com/mig5/onionshare into mig5-censorship_automatically_attempt_and_reconnect

cli/onionshare_cli/censorship.py

@@ -198,3 +198,65 @@ class CensorshipCircumvention(object):
             return False
 
         return result
+
+    def save_settings(self, settings, bridge_settings):
+        """
+        Checks the bridges and saves them in settings.
+        """
+        bridges_ok = False
+        self.settings = settings
+
+        # @TODO there might be several bridge types recommended.
+        # Should we attempt to iterate over each type if one of them fails to connect?
+        # But if so, how to stop it starting 3 separate Tor connection threads?
+        # for bridges in request_bridges["settings"]:
+        bridges = bridge_settings["settings"][0]["bridges"]
+        self.common.log(
+            "CensorshipCircumvention",
+            "save_settings",
+            f"Obtained bridges: {bridges}",
+        )
+        bridge_strings = bridges["bridge_strings"]
+        bridge_type = bridges["type"]
+        bridge_source = bridges["source"]
+
+        # If the recommended bridge source is to use the built-in
+        # bridges, set that in our settings, as if the user had
+        # selected the built-in bridges for a specific PT themselves.
+        #
+        if bridge_source == "builtin":
+            self.settings.set("bridges_type", "built-in")
+            if bridge_type == "obfs4":
+                self.settings.set("bridges_builtin_pt", "obfs4")
+            if bridge_type == "snowflake":
+                self.settings.set("bridges_builtin_pt", "snowflake")
+            if bridge_type == "meek":
+                self.settings.set("bridges_builtin_pt", "meek-azure")
+            bridges_ok = True
+        else:
+            # Any other type of bridge we can treat as custom.
+            self.settings.set("bridges_type", "custom")
+
+            # Sanity check the bridges provided from the Tor API before saving
+            bridges_checked = self.common.check_bridges_valid(bridge_strings)
+
+            if bridges_checked:
+                self.settings.set("bridges_custom", "\n".join(bridges_checked))
+                bridges_ok = True
+
+        # If we got any good bridges, save them to settings and return.
+        if bridges_ok:
+            self.common.log(
+                "CensorshipCircumvention",
+                "save_settings",
+                "Saving settings with automatically-obtained bridges",
+            )
+            self.settings.save()
+            return True
+        else:
+            self.common.log(
+                "CensorshipCircumvention",
+                "save_settings",
+                "Could not use any of the obtained bridges.",
+            )
+            return False

cli/onionshare_cli/common.py

@@ -28,6 +28,7 @@ import sys
 import threading
 import time
 import shutil
+import re
 from pkg_resources import resource_filename
 
 import colorama
@@ -441,6 +442,40 @@ class Common:
         r = random.SystemRandom()
         return "-".join(r.choice(wordlist) for _ in range(word_count))
 
+    def check_bridges_valid(self, bridges):
+        """
+        Does a regex check against a supplied list of bridges, to make sure they
+        are valid strings depending on the bridge type.
+        """
+        valid_bridges = []
+        self.log("Common", "check_bridges_valid", "Checking bridge syntax")
+        for bridge in bridges:
+            if bridge != "":
+                # Check the syntax of the custom bridge to make sure it looks legitimate
+                ipv4_pattern = re.compile(
+                    "(obfs4\s+)?(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]):([0-9]+)(\s+)([A-Z0-9]+)(.+)$"
+                )
+                ipv6_pattern = re.compile(
+                    "(obfs4\s+)?\[(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\]:[0-9]+\s+[A-Z0-9]+(.+)$"
+                )
+                meek_lite_pattern = re.compile(
+                    "(meek_lite)(\s)+([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+)(\s)+([0-9A-Z]+)(\s)+url=(.+)(\s)+front=(.+)"
+                )
+                snowflake_pattern = re.compile(
+                    "(snowflake)(\s)+([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+)(\s)+([0-9A-Z]+)"
+                )
+                if (
+                    ipv4_pattern.match(bridge)
+                    or ipv6_pattern.match(bridge)
+                    or meek_lite_pattern.match(bridge)
+                    or snowflake_pattern.match(bridge)
+                ):
+                    valid_bridges.append(bridge)
+        if valid_bridges:
+            return valid_bridges
+        else:
+           return False
+
     def is_flatpak(self):
         """
         Returns True if OnionShare is running in a Flatpak sandbox
@@ -453,6 +488,7 @@ class Common:
         """
         return os.environ.get("SNAP_INSTANCE_NAME") == "onionshare"
 
+
     @staticmethod
     def random_string(num_bytes, output_len=None):
         """

cli/onionshare_cli/settings.py

@@ -114,6 +114,7 @@ class Settings(object):
             "persistent_tabs": [],
             "locale": None,  # this gets defined in fill_in_defaults()
             "theme": 0,
+            "censorship_circumvention": False,
         }
         self._settings = {}
         self.fill_in_defaults()