From 1e666c760d7521830404d1216eac00de9228dd19 Mon Sep 17 00:00:00 2001 From: foreverpyrite Date: Tue, 2 Dec 2025 20:46:09 -0500 Subject: [PATCH] Added DNS yap and fixed password "hash" Some silly goober left in the Cg=== from the terminal when he ran `echo "password" | base64`. Cute little terminal escape characters. --- README.md | 28 ++++++++++++++++++++++++---- main-doc.py | 2 +- main.py | 2 +- 3 files changed, 26 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index fb10b91..d351008 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ This is a super duper simple web server written in Python (ew) that was done primarily to showcase the difference between HTTP and HTTPS. `main-doc.py` is a heavily documented, entire yap-sesh dedicated version of `main.py` that tries to explain the code line-by-line. It assumes you have a little knowledge of the underlying syntax of the language, and outside of the `ServerThread` class, is more focused on HTTP servers and networking than the program specifics. - +`website/account.html` also has some brief insight into some basic HTML, but nothing much. ## Running the Program Ideally, you can run the program on Linux or Windows, and streamline the dependency process with [uv](https://docs.astral.sh/uv/). @@ -12,10 +12,18 @@ Note that the servers bind to the default, well known ports for HTTP (80) and HT This can be problematic as you sometimes need permissions in order to bind to these ports. When I do the demonstration, I temporarily disable the Linux kernel's restriction to only allow root user to bind to ports below 1024 with `sudo sysctl net.ipv4.ip_unprivileged_port_start=0`. This way, the restrictive behavior is reverted on restart. -##### Bypassing Port restriction -You can edit the constants in `main.py` to set the HTTP_PORT and HTTPS_PORT to something like 8080 and 4443 respectively. +This way, when I visit http://sniphbank.com, the web browser resolves 'sniphbank.com' to `127.0.0.1`, and connects to +`127.0.0.1:80`, where the server is listening. +This is the way that all 'websites' work, except the records are usually stored on a DNS server somewhere else, and we use Cloudflare's (`1.1.1.1-3`) or Google's (`8.8.8.8` and `8.8.4.4`) DNS resolver to resolve something like `google.com` to it's actual IP address. +Since, at least without registering the domain, we aren't able to store the records on a server that a big name Nameserver will look at or respect, we just store the record locally, so our local host can resolve it. + +##### Bypassing Port restriction +On Windows using Podman, you will need to run `wsl -d podman-machine-default sudo sysctl net.ipv4.ip_unprivileged_port_start=80` if you want the container to be able to listen on the defaults. + +You can edit the constants in `main.py` by setting the HTTP_PORT and HTTPS_PORT to something like 8080 and 4443 respectively. + If you have Podman/Docker, you can change the contents of `docker-compose.yml` to be like this instead: ```yaml # Example for unprivileged: @@ -23,7 +31,6 @@ If you have Podman/Docker, you can change the contents of `docker-compose.yml` t # - 127.0.0.1:4443:443 ``` - Then when you visit it in the web browser, you have to add the port number, Ex: "http://127.0.0.1:8080" and "https://127.0.0.1:4443" @@ -76,6 +83,18 @@ git clone https://git.foreverpyrite.com/ForeverPyrite/sniph-bank && cd sniph-ban docker compose up -d ``` +### I went to sniphbank.com and got an error? +This is because sniphbank.com is not a real website, and isn't a registered domain. + +I was able to do this by altering the `/etc/hosts` file (or `C:\Windows\System32\drivers\etc\hosts` on Windows) to automatically resolve the domain 'sniphbank.com' to a loopback IPv4 address, `127.0.0.1` + +The following snippet is an example of the file on Windows +```hosts +# localhost name resolution is handled within DNS itself. +127.0.0.1 localhost sniphbank.com +# ::1 localhost +``` + ## Why is the repo so large? I still have the `tailwindcss` binary in the `website/css/` directory. I could've got rid of it or put it in .gitignore or ignored it locally or something but nah. @@ -87,3 +106,4 @@ But you have to be on 64-bit AMD Linux/WSL. Otherwise you gotta download your ow ## Contact me. ForeverPyrite. I use Discord btw. +Feel free to talk to me about whatever (preferably computer and/or networking related.) diff --git a/main-doc.py b/main-doc.py index 260159c..3489ceb 100644 --- a/main-doc.py +++ b/main-doc.py @@ -114,7 +114,7 @@ def login(): # code (or in a real case, a database) would be able to easily reverse this to get the genuine # password. # The point of this here is to showcase that password is in plaintext until it gets to the server. - if base64_encode(password).decode() != "Z29GQUxDT05TMTIzCg==": + if base64_encode(password).decode() != "Z29GQUxDT05TMTIz": # Likewise if the password doesn't match, we return a similar response. return Response("Incorrect password", HTTPStatus.UNAUTHORIZED) diff --git a/main.py b/main.py index bb16f05..395f13c 100644 --- a/main.py +++ b/main.py @@ -35,7 +35,7 @@ def login(): if user != "ronniej": return Response("User not found", HTTPStatus.UNAUTHORIZED) - if base64_encode(password).decode() != "Z29GQUxDT05TMTIzCg==": + if base64_encode(password).decode() != "Z29GQUxDT05TMTIz": return Response("Incorrect password", HTTPStatus.UNAUTHORIZED) return send_file("./website/account.html")