signed transfer to local concentrator
parent
21088b390f
commit
34ca730ecd
|
@ -12,15 +12,15 @@ cf=open(configfile,"r")
|
|||
log_conf=json.load(cf)
|
||||
cf.close()
|
||||
|
||||
parameter={"device":socket.gethostname(),"mean_count":5,"ring_length":300,"wait":0.5,"cycle":20,"check_last":5}
|
||||
parameter={"device":socket.gethostname(),"mean_count":5,"ring_length":300,"wait":0.5,"cycle":20,"check_last":5,"gpg_keyid":""}
|
||||
for n in parameter:
|
||||
if n in log_conf:
|
||||
parameter[n]=log_conf[n]
|
||||
|
||||
|
||||
cpu_meas=meas_data(var_name="temperature",ring_length=parameter['ring_length'],device=parameter['device'],sensor="CPU",store_file="/home/pi/log/data_cpu",digits=4,check_last=parameter['check_last'])
|
||||
cpu_meas.set_sql(host="localhost",port=24048,min_wait=60)
|
||||
cpu_meas.set_rsa('@radew')
|
||||
cpu_meas.set_sql(host="localhost",port=8080,min_wait=60)
|
||||
cpu_meas.set_rsa(parameter['gpg_keyid'])
|
||||
requests.post("http://localhost:8080/data/"+str(cpu_meas.json_out['hash']),json=cpu_meas.json_out)
|
||||
|
||||
if "sqlserver" in log_conf:
|
||||
|
|
|
@ -134,7 +134,7 @@ class meas_data:
|
|||
self.bsense=True
|
||||
self.sense_url="https://ingress.opensensemap.org/boxes/%s/%s" % (tsb,tsi)
|
||||
print(self.sense_url)
|
||||
def set_sql(self,host,port=24049,min_wait=5):
|
||||
def set_sql(self,host,port=8080,min_wait=5):
|
||||
th=host
|
||||
self.sqlhost=th
|
||||
self.sqlport=int(port)
|
||||
|
@ -318,7 +318,7 @@ class meas_data:
|
|||
if ((act_time-self.sql_last_transmit)>(self.sql_min_wait*1000)) and (len(self.json_out['payload']['measures'])>0):
|
||||
self.sign()
|
||||
try:
|
||||
self._r=requests.post("http://localhost:8080/data/"+str(self.hash),json=json.dumps(self.sql_out))
|
||||
self._r=requests.post("http://"+self.sqlhost+":"+self.sqlport+"/data/"+str(self.hash),json=json.dumps(self.sql_out))
|
||||
except:
|
||||
self._r={"status_code":404}
|
||||
else:
|
||||
|
@ -347,6 +347,3 @@ class meas_data:
|
|||
print("could not send mqtt")
|
||||
|
||||
|
||||
#test=meas_data("temp",5)
|
||||
#test.set_sql("localhost")
|
||||
#test.set_file_log("/home/ademant/data")
|
||||
|
|
133
pyweb.py
133
pyweb.py
|
@ -1,8 +1,27 @@
|
|||
from bottle import get,post,request,Bottle,run,template
|
||||
import threading,time,json,zlib,gnupg,socket,psutil
|
||||
import threading,time,json,zlib,gnupg,socket,psutil,os,sys
|
||||
from queue import Queue
|
||||
|
||||
|
||||
pathname = os.path.dirname(sys.argv[0])
|
||||
abspath=os.path.abspath(pathname)
|
||||
configfile=abspath+"/config.json"
|
||||
cf=open(configfile,"r")
|
||||
log_conf=json.load(cf)
|
||||
cf.close()
|
||||
|
||||
parameter={"device":socket.gethostname(),"allowed_ip":{"127.0.0.1":"D5DC9E1496C2F51D"},"gpg_keyid":"","server_transfer_wait":60,"server_keyid":"D5DC9E1496C2F51D"}
|
||||
for n in parameter:
|
||||
if n in log_conf:
|
||||
parameter[n]=log_conf[n]
|
||||
if "sqlserver" in log_conf:
|
||||
hostname="banana"
|
||||
if "host" in log_conf['sqlserver']:
|
||||
hostname=log_conf['sqlserver']['host']
|
||||
port=24049
|
||||
if "port" in log_conf['sqlserver']:
|
||||
port=int(log_conf['sqlserver']['port'])
|
||||
|
||||
measdata={}
|
||||
|
||||
_HASH="hash"
|
||||
|
@ -14,10 +33,29 @@ _BEGINMESSAGE="-----BEGIN PGP SIGNED MESSAGE-----"
|
|||
_BEGINHASH="Hash:"
|
||||
|
||||
def sql_insert(q):
|
||||
measdata={}
|
||||
server_last_transmit=0
|
||||
while True:
|
||||
if q.empty():
|
||||
time.sleep(0.1)
|
||||
print("ping"+str(time.time()))
|
||||
# print("ping"+str(time.time()))
|
||||
if (time.time()-server_last_transmit)>parameter['server_transfer_wait']:
|
||||
if len(measdata)==0:
|
||||
server_last_transmit=time.time()-parameter['server_transfer_wait']/2
|
||||
else:
|
||||
json_out={"data":measdata}
|
||||
if ('fingerprint' in servergpgkey) and ('fingerprint' in gpgkey):
|
||||
json_out={"encrypted_data":gpg.encrypt(json.dumps(measdata),servergpgkey['fingerprint'],sign=gpgkey['fingerprint'])}
|
||||
if ('fingerprint' not in servergpgkey) and ('fingerprint' in gpgkey):
|
||||
json_out={"signed_data":gpg.sign(json.dumps(measdata),key=gpgkey['fingerprint'])}
|
||||
try:
|
||||
_r=requests.post("http://"+hostname+":"+port+"/data/"+gpgkey['keyid'],json=json.dumps(self.sql_out))
|
||||
except:
|
||||
_r={"status_code":404}
|
||||
else:
|
||||
if _r.status_code==200:
|
||||
measdata={}
|
||||
server_last_transmit=time.time()
|
||||
else:
|
||||
try:
|
||||
indata=q.get()
|
||||
|
@ -41,54 +79,71 @@ app=Bottle()
|
|||
|
||||
@app.get('/')
|
||||
def approot():
|
||||
print(request.remote_addr in parameter['allowed_ip'])
|
||||
return template('main.tpl',server=socket.gethostname(),cpupercent=psutil.cpu_percent(),measdata=measdata)
|
||||
|
||||
@app.post('/data/<hash_id:int>')
|
||||
def dataimport(hash_id):
|
||||
print(hash_id)
|
||||
timestart=time.time()
|
||||
try:
|
||||
json_in=json.loads(request.json)
|
||||
print(json_in)
|
||||
except:
|
||||
print("no json")
|
||||
else:
|
||||
if _HASH in json_in:
|
||||
if int(json_in[_HASH]) == hash_id:
|
||||
print("correct id")
|
||||
bcorrect=False
|
||||
if _PAYLOAD in json_in:
|
||||
if _MEASURES in json_in[_PAYLOAD]:
|
||||
q.put(json_in,block=False)
|
||||
bcorrect=True
|
||||
if _SIGNEDGPG in json_in:
|
||||
if gpg.verify(json_in[_SIGNEDGPG]):
|
||||
signed_in=json_in[_SIGNEDGPG].split("\n")
|
||||
signed_in[signed_in.index(_BEGINSIGNATURE):]=""
|
||||
del signed_in[signed_in.index(_BEGINMESSAGE)]
|
||||
del signed_in[signed_in.index("")]
|
||||
for h in signed_in:
|
||||
if _BEGINHASH in h:
|
||||
del signed_in[signed_in.index(h)]
|
||||
if len(signed_in)>0:
|
||||
print(time.time()-timestart)
|
||||
q.put(json.loads(signed_in[0]),block=False)
|
||||
else:
|
||||
print("malformed signed packet")
|
||||
print(json_in)
|
||||
else:
|
||||
print("could not verify gpg signature")
|
||||
print(json_in)
|
||||
else:
|
||||
print("wrong id")
|
||||
else:
|
||||
print("json has no hash field")
|
||||
# check if request comes from allowed ip
|
||||
if request.remote_addr in parameter['allowed_ip']:
|
||||
# check, if json is transmitted
|
||||
try:
|
||||
json_in=json.loads(request.json)
|
||||
print(json_in)
|
||||
|
||||
except:
|
||||
print("no json")
|
||||
else:
|
||||
if _HASH in json_in:
|
||||
if int(json_in[_HASH]) == hash_id:
|
||||
print("correct id")
|
||||
bcorrect=False
|
||||
if _PAYLOAD in json_in:
|
||||
if _MEASURES in json_in[_PAYLOAD]:
|
||||
q.put(json_in,block=False)
|
||||
bcorrect=True
|
||||
if _SIGNEDGPG in json_in:
|
||||
# check if signature of data is correct and key is allowed for ip
|
||||
vgpg=gpg.verify(json_in[_SIGNEDGPG])
|
||||
if vgpg.valid and vgpg.key_id in parameter['allowed_ip'][request.remote_addr]:
|
||||
print("correct signature")
|
||||
signed_in=json_in[_SIGNEDGPG].split("\n")
|
||||
signed_in[signed_in.index(_BEGINSIGNATURE):]=""
|
||||
del signed_in[signed_in.index(_BEGINMESSAGE)]
|
||||
del signed_in[signed_in.index("")]
|
||||
for h in signed_in:
|
||||
if _BEGINHASH in h:
|
||||
del signed_in[signed_in.index(h)]
|
||||
if len(signed_in)>0:
|
||||
print(time.time()-timestart)
|
||||
q.put(json.loads(signed_in[0]),block=False)
|
||||
else:
|
||||
print("malformed signed packet")
|
||||
print(json_in)
|
||||
else:
|
||||
print("could not verify gpg signature")
|
||||
print(json_in)
|
||||
else:
|
||||
print("wrong id")
|
||||
else:
|
||||
print("json has no hash field")
|
||||
print(json_in)
|
||||
else:
|
||||
print("not allowed client address")
|
||||
|
||||
|
||||
gpg=gnupg.GPG()
|
||||
try:
|
||||
gpgkey=gpg.list_keys(keys=parameter['gpg_keyid'])[0]
|
||||
except:
|
||||
gpgkey=[]
|
||||
|
||||
try:
|
||||
servergpgkey=gpg.list_keys(keys=parameter['server_keyid'])[0]
|
||||
except:
|
||||
servergpgkey=[]
|
||||
|
||||
q=Queue(maxsize=0)
|
||||
|
||||
sql_worker=threading.Thread(target=sql_insert,args=(q,))
|
||||
|
|
Loading…
Reference in New Issue