Added DNS yap and fixed password "hash"
Some silly goober left in the Cg=== from the terminal when he ran `echo "password" | base64`. Cute little terminal escape characters.
This commit is contained in:
foreverpyrite
28
README.md
28
README.md
@@ -2,7 +2,7 @@
|
|||||||
This is a super duper simple web server written in Python (ew) that was done primarily to showcase the difference between HTTP and HTTPS.
|
This is a super duper simple web server written in Python (ew) that was done primarily to showcase the difference between HTTP and HTTPS.
|
||||||
|
|
||||||
`main-doc.py` is a heavily documented, entire yap-sesh dedicated version of `main.py` that tries to explain the code line-by-line. It assumes you have a little knowledge of the underlying syntax of the language, and outside of the `ServerThread` class, is more focused on HTTP servers and networking than the program specifics.
|
`main-doc.py` is a heavily documented, entire yap-sesh dedicated version of `main.py` that tries to explain the code line-by-line. It assumes you have a little knowledge of the underlying syntax of the language, and outside of the `ServerThread` class, is more focused on HTTP servers and networking than the program specifics.
|
||||||
|
`website/account.html` also has some brief insight into some basic HTML, but nothing much.
|
||||||
|
|
||||||
## Running the Program
|
## Running the Program
|
||||||
Ideally, you can run the program on Linux or Windows, and streamline the dependency process with [uv](https://docs.astral.sh/uv/).
|
Ideally, you can run the program on Linux or Windows, and streamline the dependency process with [uv](https://docs.astral.sh/uv/).
|
||||||
@@ -12,10 +12,18 @@ Note that the servers bind to the default, well known ports for HTTP (80) and HT
|
|||||||
This can be problematic as you sometimes need permissions in order to bind to these ports.
|
This can be problematic as you sometimes need permissions in order to bind to these ports.
|
||||||
When I do the demonstration, I temporarily disable the Linux kernel's restriction to only allow root user to bind to ports below 1024 with `sudo sysctl net.ipv4.ip_unprivileged_port_start=0`. This way, the restrictive behavior is reverted on restart.
|
When I do the demonstration, I temporarily disable the Linux kernel's restriction to only allow root user to bind to ports below 1024 with `sudo sysctl net.ipv4.ip_unprivileged_port_start=0`. This way, the restrictive behavior is reverted on restart.
|
||||||
|
|
||||||
##### Bypassing Port restriction
|
|
||||||
You can edit the constants in `main.py` to set the HTTP_PORT and HTTPS_PORT to something like 8080 and 4443 respectively.
|
|
||||||
|
|
||||||
|
|
||||||
|
This way, when I visit http://sniphbank.com, the web browser resolves 'sniphbank.com' to `127.0.0.1`, and connects to
|
||||||
|
`127.0.0.1:80`, where the server is listening.
|
||||||
|
This is the way that all 'websites' work, except the records are usually stored on a DNS server somewhere else, and we use Cloudflare's (`1.1.1.1-3`) or Google's (`8.8.8.8` and `8.8.4.4`) DNS resolver to resolve something like `google.com` to it's actual IP address.
|
||||||
|
Since, at least without registering the domain, we aren't able to store the records on a server that a big name Nameserver will look at or respect, we just store the record locally, so our local host can resolve it.
|
||||||
|
|
||||||
|
##### Bypassing Port restriction
|
||||||
|
On Windows using Podman, you will need to run `wsl -d podman-machine-default sudo sysctl net.ipv4.ip_unprivileged_port_start=80` if you want the container to be able to listen on the defaults.
|
||||||
|
|
||||||
|
You can edit the constants in `main.py` by setting the HTTP_PORT and HTTPS_PORT to something like 8080 and 4443 respectively.
|
||||||
|
|
||||||
If you have Podman/Docker, you can change the contents of `docker-compose.yml` to be like this instead:
|
If you have Podman/Docker, you can change the contents of `docker-compose.yml` to be like this instead:
|
||||||
```yaml
|
```yaml
|
||||||
# Example for unprivileged:
|
# Example for unprivileged:
|
||||||
@@ -23,7 +31,6 @@ If you have Podman/Docker, you can change the contents of `docker-compose.yml` t
|
|||||||
# - 127.0.0.1:4443:443
|
# - 127.0.0.1:4443:443
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
Then when you visit it in the web browser, you have to add the port number, Ex:
|
Then when you visit it in the web browser, you have to add the port number, Ex:
|
||||||
"http://127.0.0.1:8080" and "https://127.0.0.1:4443"
|
"http://127.0.0.1:8080" and "https://127.0.0.1:4443"
|
||||||
|
|
||||||
@@ -76,6 +83,18 @@ git clone https://git.foreverpyrite.com/ForeverPyrite/sniph-bank && cd sniph-ban
|
|||||||
docker compose up -d
|
docker compose up -d
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### I went to sniphbank.com and got an error?
|
||||||
|
This is because sniphbank.com is not a real website, and isn't a registered domain.
|
||||||
|
|
||||||
|
I was able to do this by altering the `/etc/hosts` file (or `C:\Windows\System32\drivers\etc\hosts` on Windows) to automatically resolve the domain 'sniphbank.com' to a loopback IPv4 address, `127.0.0.1`
|
||||||
|
|
||||||
|
The following snippet is an example of the file on Windows
|
||||||
|
```hosts
|
||||||
|
# localhost name resolution is handled within DNS itself.
|
||||||
|
127.0.0.1 localhost sniphbank.com
|
||||||
|
# ::1 localhost
|
||||||
|
```
|
||||||
|
|
||||||
## Why is the repo so large?
|
## Why is the repo so large?
|
||||||
I still have the `tailwindcss` binary in the `website/css/` directory.
|
I still have the `tailwindcss` binary in the `website/css/` directory.
|
||||||
I could've got rid of it or put it in .gitignore or ignored it locally or something but nah.
|
I could've got rid of it or put it in .gitignore or ignored it locally or something but nah.
|
||||||
@@ -87,3 +106,4 @@ But you have to be on 64-bit AMD Linux/WSL. Otherwise you gotta download your ow
|
|||||||
|
|
||||||
## Contact me.
|
## Contact me.
|
||||||
ForeverPyrite. I use Discord btw.
|
ForeverPyrite. I use Discord btw.
|
||||||
|
Feel free to talk to me about whatever (preferably computer and/or networking related.)
|
||||||
|
|||||||
@@ -114,7 +114,7 @@ def login():
|
|||||||
# code (or in a real case, a database) would be able to easily reverse this to get the genuine
|
# code (or in a real case, a database) would be able to easily reverse this to get the genuine
|
||||||
# password.
|
# password.
|
||||||
# The point of this here is to showcase that password is in plaintext until it gets to the server.
|
# The point of this here is to showcase that password is in plaintext until it gets to the server.
|
||||||
if base64_encode(password).decode() != "Z29GQUxDT05TMTIzCg==":
|
if base64_encode(password).decode() != "Z29GQUxDT05TMTIz":
|
||||||
# Likewise if the password doesn't match, we return a similar response.
|
# Likewise if the password doesn't match, we return a similar response.
|
||||||
return Response("Incorrect password", HTTPStatus.UNAUTHORIZED)
|
return Response("Incorrect password", HTTPStatus.UNAUTHORIZED)
|
||||||
|
|
||||||
|
|||||||
2
main.py
2
main.py
@@ -35,7 +35,7 @@ def login():
|
|||||||
|
|
||||||
if user != "ronniej":
|
if user != "ronniej":
|
||||||
return Response("User not found", HTTPStatus.UNAUTHORIZED)
|
return Response("User not found", HTTPStatus.UNAUTHORIZED)
|
||||||
if base64_encode(password).decode() != "Z29GQUxDT05TMTIzCg==":
|
if base64_encode(password).decode() != "Z29GQUxDT05TMTIz":
|
||||||
return Response("Incorrect password", HTTPStatus.UNAUTHORIZED)
|
return Response("Incorrect password", HTTPStatus.UNAUTHORIZED)
|
||||||
|
|
||||||
return send_file("./website/account.html")
|
return send_file("./website/account.html")
|
||||||
|
|||||||
Reference in New Issue
Block a user