update handshake and some data

noisecode3 · Nov 13, 2024 · 515f440 · 515f440
1 parent 77a6d00
commit 515f440
Show file tree

Hide file tree

Showing 6 changed files with 108 additions and 33 deletions.
diff --git a/database/.gitignore b/database/.gitignore
@@ -1,5 +1,8 @@
 data.json
 file_info.json
-trle
 __pycache__
+.mypy_cache
 trle.tar.gz
+trle
+trle.sanitized.tar.gz
+trle.sanitized
diff --git a/database/get_trle.sh b/database/get_trle.sh
@@ -12,15 +12,18 @@ else
 fi
 
 # Define the download link
-url="https://mega.nz/file/xXkV3JqJ#1Ejtd9enidYYpV3FRLO5KSzcUg7-_Jg-vNi66RKo8aI"
+url1="https://mega.nz/file/xXkV3JqJ#1Ejtd9enidYYpV3FRLO5KSzcUg7-_Jg-vNi66RKo8aI"
+url2="https://mega.nz/file/kDlEVJiB#eRam4FXZBljrfHaurE3qz56VVi7RxPm-7IxG0aBq-uM"
 
 # Download the file using the available tool
 echo "Using $downloader to download the file..."
-$downloader "$url"
+$downloader "$url1"
+$downloader "$url2"
 
 # Verify the checksum (assuming you want to compare it to the expected checksum)
 echo "Verifying checksum..."
 echo "29e7e89bc11ebe77eafbd1c78ca3f1a7  trle.tar.gz" | md5sum -c -
+echo "7865bf73f09d531fb0ddc6b654d611f5  trle.sanitized.tar.gz" | md5sum -c -
 
 # Extract the tar.gz file
 echo "Extracting the archive..."

diff --git a/database/https.py b/database/https.py
@@ -80,32 +80,35 @@ def validate_url(self, url):
         logging.error("Invalid URL domain: %s", url)
         sys.exit(1)
 
-    def head(self, curl):
+    def head(self, url):
         """Take the curl object to head state, with redirect."""
-        if isinstance(curl, pycurl.Curl):
+        curl = pycurl.Curl()
+        response = ""
+        temp_cert_path = None
+        try:
             buffer = BytesIO()
-            curl.setopt(pycurl.NOBODY, True)
             curl.setopt(pycurl.HEADERFUNCTION, buffer.write)
+            curl.setopt(pycurl.NOBODY, True)
+            curl.setopt(pycurl.URL, url)
             curl.setopt(pycurl.FOLLOWLOCATION, True)
-            temp_cert_path = None
 
             if self.misconfigured_server:
                 if not self.leaf_cert:
                     sys.exit(1)
                 temp_cert_path = REQUEST_HANDLER.set_leaf(curl)
 
-            try:
-                curl.perform()
-            except pycurl.error:
-                print("Error performing request:", pycurl.error)
-            finally:
-                curl.close()
+            curl.perform()
+            response = buffer.getvalue().decode('utf-8')
 
-                if temp_cert_path and os.path.exists(temp_cert_path):
-                    os.remove(temp_cert_path)
+        except pycurl.error:
+            print("Error performing request:", pycurl.error)
+        finally:
+            curl.close()
 
-            return buffer.getvalue().decode('utf-8')
-        return ""
+            if temp_cert_path and os.path.exists(temp_cert_path):
+                os.remove(temp_cert_path)
+
+        return response
 
     def validate_data_type(self, content_type):
         """Limit to used data types."""
@@ -167,6 +170,9 @@ def get_response(self, url, content_type):
         if content_type == 'application/zip':
             return DOWNLOADER.download_file(url)
 
+        if content_type == 'head':
+            return self.head(url)
+
         max_retries = 3
         retries = 0
         curl = None
@@ -180,10 +186,6 @@ def get_response(self, url, content_type):
                 headers_buffer = BytesIO()
                 curl = pycurl.Curl()  # pylint: disable=no-member
                 curl.setopt(pycurl.URL, url)
-
-                if content_type == 'application/zip':
-                    return self.head(curl)
-
                 curl.setopt(pycurl.WRITEHEADER, headers_buffer)
                 curl.setopt(pycurl.WRITEDATA, response_buffer)
 

diff --git a/database/ideas.txt b/database/ideas.txt
@@ -278,3 +278,10 @@ like another user on the computer trying to prank another user :)
 You're home is a dirty place and no one can help what happens there
 but we validate before we open any database there that is has sane
 permissions sanitized data in there.
+
+https://www.trlevel.de/index.php?file-download/1/
+we can get those also so there will be 3 hosts but they use rar
+still the app should support rar also at some point
+
+we need to support this kind of download link also
+https://www.trle.net/levels/levels/2020/0620/BtB
diff --git a/database/sanitize_downloads.py b/database/sanitize_downloads.py
@@ -8,19 +8,37 @@
 import re
 
 
+def check_file_list(data):
+    """Check if there is zip data to prevent crash."""
+    zip_file_list = data.get('zip_files', [])
+    if not isinstance(zip_file_list, list) or not zip_file_list:
+        return False
+    return True
+
+
 def new_input(data, file_path):
     """Take new input"""
+
+    if not check_file_list(data):
+        print(f"{file_path} has no zip file.")
+        return
+
     zip_file = data['zip_files'][0]
     print(zip_file)
-    if input("Do you want to remove the file? y/n: ") == 'y':
+    if input("Do you want to remove the json file? y/n: ").lower() == 'y':
         os.remove(file_path)
         print(f"{file_path} has been removed.")
         return
 
-    zip_file['name'] = input("New name: ")
-    zip_file['size'] = float(input("New size: "))
-    zip_file['md5'] = input("New md5: ")
-    zip_file['url'] = input("New url: ")
+    if input("Do you want to remove the file object? y/n: ").lower() == 'y':
+        del data['zip_files'][0]
+        print("Object has been removed.")
+    else:
+        zip_file['name'] = input("New name: ")
+        zip_file['size'] = float(input("New size: "))
+        zip_file['md5'] = input("New md5: ")
+        zip_file['url'] = input("New url: ")
+
     with open(file_path, mode='w', encoding='utf-8') as json_file:
         json.dump(data, json_file)
 
@@ -41,6 +59,10 @@ def sanitize(data, file_path):
     Exits:
         Exits the program with status 1 if any validation fails.
     """
+    if not check_file_list(data):
+        print(f"{file_path} has no zip file.")
+        return
+
     zip_file = data['zip_files'][0]
     errors = []
 
@@ -65,10 +87,18 @@ def sanitize(data, file_path):
     elif not re.fullmatch(r"^[a-fA-F0-9]{32}$", md5):
         errors.append("The 'md5' attribute is not a valid 32-character hexadecimal MD5 hash.")
 
-    # Validate url
+    # Force save if not https
     url = zip_file.get('url')
+    if 'http://' in url:
+        url = url.replace('http://', 'https://')
+        data['zip_files'][0]['url'] = url
+        with open(file_path, mode='w', encoding='utf-8') as json_file:
+            json.dump(data, json_file)
+
+    # Validate url
     pattern1 = r"^https://trcustoms\.org/api/level_files/\d+/download$"
-    pattern2 = r"^https://www\.trle\.net/levels/levels/\d{4}/\d{4}/[a-zA-Z0-9%-_\.$]+\.zip$"
+    pattern2 = r"^https://www\.trle\.net/levels/levels/\d{4}(/(\d{4})?)?/[a-zA-Z0-9%-_\.$]+\.zip$"
+
     if not url:
         errors.append("The 'url' attribute is missing.")
     elif not re.match(pattern1, url) and not re.match(pattern2, url):

diff --git a/src/Network.cpp b/src/Network.cpp
@@ -24,31 +24,61 @@
 namespace ssl = boost::asio::ssl;
 using tcp = boost::asio::ip::tcp;
 
-std::string get_ssl_certificate(const std::string& host) {
+std::string get_ssl_certificate(const std::string& host)
+{
     boost::asio::io_context io_context;
+
+    // Use SSLv23 context (it's compatible with all versions of SSL/TLS)
     ssl::context ssl_context(ssl::context::sslv23);
 
+    // Restrict supported protocols to TLSv1.3 and TLSv1.2, these are no no
+    ssl_context.set_options(ssl::context::no_sslv2 | ssl::context::no_sslv3);
+    ssl_context.set_options(ssl::context::no_tlsv1 | ssl::context::no_tlsv1_1);
+
+    // Resolver for HTTPS (default port 443)
     tcp::resolver resolver(io_context);
-    tcp::resolver::results_type endpoints = resolver.resolve(host, "https");
+    tcp::resolver::results_type endpoints = resolver.resolve(host, "443");
+
     ssl::stream<tcp::socket> stream(io_context, ssl_context);
     SSL_set_tlsext_host_name(stream.native_handle(), host.c_str());
-    boost::asio::connect(stream.lowest_layer(), endpoints);
-    stream.handshake(ssl::stream_base::client);
 
+    try
+    {
+        boost::asio::connect(stream.lowest_layer(), endpoints);
+        stream.handshake(ssl::stream_base::client);
+    }
+    catch (const boost::system::system_error& e)
+    {
+        std::cerr << "SSL handshake failed: " << e.what() << std::endl;
+        return "";
+    }
+
+    // Get certificate
     X509* cert = SSL_get_peer_certificate(stream.native_handle());
-    if (!cert) {
+    if (!cert)
+    {
         std::cerr << "No certificate found." << std::endl;
         return "";
     }
 
+    // Verify the certificate matches the host
+    if (X509_check_host(cert, host.c_str(), host.length(), 0, nullptr) != 1)
+    {
+        std::cerr << "Hostname verification failed." << std::endl;
+        X509_free(cert);
+        return "";
+    }
+
     BIO* bio = BIO_new(BIO_s_mem());
     PEM_write_bio_X509(bio, cert);
     char* cert_str = nullptr;
     qint64 cert_len = BIO_get_mem_data(bio, &cert_str);
     std::string cert_buffer(cert_str, cert_len);
 
+    // Clean up
     BIO_free(bio);
     X509_free(cert);
+
     return cert_buffer;
 }