Added DNS yap and fixed password "hash"
Some silly goober left in the Cg=== from the terminal when he ran `echo "password" | base64`. Cute little terminal escape characters.
This commit is contained in:
foreverpyrite
28
README.md
28
README.md
@@ -2,7 +2,7 @@
|
||||
This is a super duper simple web server written in Python (ew) that was done primarily to showcase the difference between HTTP and HTTPS.
|
||||
|
||||
`main-doc.py` is a heavily documented, entire yap-sesh dedicated version of `main.py` that tries to explain the code line-by-line. It assumes you have a little knowledge of the underlying syntax of the language, and outside of the `ServerThread` class, is more focused on HTTP servers and networking than the program specifics.
|
||||
|
||||
`website/account.html` also has some brief insight into some basic HTML, but nothing much.
|
||||
|
||||
## Running the Program
|
||||
Ideally, you can run the program on Linux or Windows, and streamline the dependency process with [uv](https://docs.astral.sh/uv/).
|
||||
@@ -12,10 +12,18 @@ Note that the servers bind to the default, well known ports for HTTP (80) and HT
|
||||
This can be problematic as you sometimes need permissions in order to bind to these ports.
|
||||
When I do the demonstration, I temporarily disable the Linux kernel's restriction to only allow root user to bind to ports below 1024 with `sudo sysctl net.ipv4.ip_unprivileged_port_start=0`. This way, the restrictive behavior is reverted on restart.
|
||||
|
||||
##### Bypassing Port restriction
|
||||
You can edit the constants in `main.py` to set the HTTP_PORT and HTTPS_PORT to something like 8080 and 4443 respectively.
|
||||
|
||||
|
||||
This way, when I visit http://sniphbank.com, the web browser resolves 'sniphbank.com' to `127.0.0.1`, and connects to
|
||||
`127.0.0.1:80`, where the server is listening.
|
||||
This is the way that all 'websites' work, except the records are usually stored on a DNS server somewhere else, and we use Cloudflare's (`1.1.1.1-3`) or Google's (`8.8.8.8` and `8.8.4.4`) DNS resolver to resolve something like `google.com` to it's actual IP address.
|
||||
Since, at least without registering the domain, we aren't able to store the records on a server that a big name Nameserver will look at or respect, we just store the record locally, so our local host can resolve it.
|
||||
|
||||
##### Bypassing Port restriction
|
||||
On Windows using Podman, you will need to run `wsl -d podman-machine-default sudo sysctl net.ipv4.ip_unprivileged_port_start=80` if you want the container to be able to listen on the defaults.
|
||||
|
||||
You can edit the constants in `main.py` by setting the HTTP_PORT and HTTPS_PORT to something like 8080 and 4443 respectively.
|
||||
|
||||
If you have Podman/Docker, you can change the contents of `docker-compose.yml` to be like this instead:
|
||||
```yaml
|
||||
# Example for unprivileged:
|
||||
@@ -23,7 +31,6 @@ If you have Podman/Docker, you can change the contents of `docker-compose.yml` t
|
||||
# - 127.0.0.1:4443:443
|
||||
```
|
||||
|
||||
|
||||
Then when you visit it in the web browser, you have to add the port number, Ex:
|
||||
"http://127.0.0.1:8080" and "https://127.0.0.1:4443"
|
||||
|
||||
@@ -76,6 +83,18 @@ git clone https://git.foreverpyrite.com/ForeverPyrite/sniph-bank && cd sniph-ban
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
### I went to sniphbank.com and got an error?
|
||||
This is because sniphbank.com is not a real website, and isn't a registered domain.
|
||||
|
||||
I was able to do this by altering the `/etc/hosts` file (or `C:\Windows\System32\drivers\etc\hosts` on Windows) to automatically resolve the domain 'sniphbank.com' to a loopback IPv4 address, `127.0.0.1`
|
||||
|
||||
The following snippet is an example of the file on Windows
|
||||
```hosts
|
||||
# localhost name resolution is handled within DNS itself.
|
||||
127.0.0.1 localhost sniphbank.com
|
||||
# ::1 localhost
|
||||
```
|
||||
|
||||
## Why is the repo so large?
|
||||
I still have the `tailwindcss` binary in the `website/css/` directory.
|
||||
I could've got rid of it or put it in .gitignore or ignored it locally or something but nah.
|
||||
@@ -87,3 +106,4 @@ But you have to be on 64-bit AMD Linux/WSL. Otherwise you gotta download your ow
|
||||
|
||||
## Contact me.
|
||||
ForeverPyrite. I use Discord btw.
|
||||
Feel free to talk to me about whatever (preferably computer and/or networking related.)
|
||||
|
||||
@@ -114,7 +114,7 @@ def login():
|
||||
# code (or in a real case, a database) would be able to easily reverse this to get the genuine
|
||||
# password.
|
||||
# The point of this here is to showcase that password is in plaintext until it gets to the server.
|
||||
if base64_encode(password).decode() != "Z29GQUxDT05TMTIzCg==":
|
||||
if base64_encode(password).decode() != "Z29GQUxDT05TMTIz":
|
||||
# Likewise if the password doesn't match, we return a similar response.
|
||||
return Response("Incorrect password", HTTPStatus.UNAUTHORIZED)
|
||||
|
||||
|
||||
2
main.py
2
main.py
@@ -35,7 +35,7 @@ def login():
|
||||
|
||||
if user != "ronniej":
|
||||
return Response("User not found", HTTPStatus.UNAUTHORIZED)
|
||||
if base64_encode(password).decode() != "Z29GQUxDT05TMTIzCg==":
|
||||
if base64_encode(password).decode() != "Z29GQUxDT05TMTIz":
|
||||
return Response("Incorrect password", HTTPStatus.UNAUTHORIZED)
|
||||
|
||||
return send_file("./website/account.html")
|
||||
|
||||
Reference in New Issue
Block a user