1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
#!/usr/bin/python
# usage:
# python-console <port> <magic>
import web
import md5
import codeop
import cjson
globs = {}
globs['__builtins__'] = globals()['__builtins__']
locls = {}
compiler = codeop.CommandCompiler()
curr_cmd = ''
def do_chat(txt):
if curr_cmd == '':
curr_cmd = txt
else:
curr_cmd = curr_cmd + '\n' + txt
try:
cmd = compiler(curr_cmd)
if cmd is None:
# The command was incomplete,
# so send back a None, so the
# client can print a '...'
web.output(cjson.encode(None))
else:
# The command was complete,
# so evaluate it!
out = cStringIO.StringIO()
sys.stdout = out
sys.stderr = out
signal.alarm(5)
res = eval(cmd, globs, locls)
signal.alarm(0)
v = (out.getvalue(), res, None)
web.output(json.encode(v))
curr_cmd = ''
except Exception, exc:
v = (None, None, str(exc))
web.output(json.encode(v))
curr_cmd = ''
urls = (
'/', 'index',
'/(.*\.js)', 'jscript',
'/(.*\.css)', 'style',
'/chat', 'chat')
# The global 'magic' is the secret that the client and server share
# which is used to create and md5 digest to authenticate requests.
# It is assigned a real value at startup.
magic = ''
class index:
def GET(self):
inp = web.input()
# Authenticate
digest = md5.new('hello' + magic).digest().encode('hex')
if inp.digest != digest:
web.ctx.status = '401 Unauthorized'
return
# Okay, so the authentication succeeded,
# so all we need to do is send back the static
# HTML for the console app.
web.output(file("index.html", "r").read())
class jscript:
def GET(self, name):
web.output(file(name, "r").read())
class style:
def GET(self, name):
web.output(file(name, "r").read())
class chat:
def POST(self):
inp = web.input()
# Authenticate
digest = md5.new(inp.text + magic).digest().encode('hex')
if inp.digest != digest:
web.ctx.status = '401 Unauthorized'
return
# Okay, so the authentication succeeded,
# so now we have the trivial matter of actually
# executing the python....
web.output(do_chat(inp.text))
if __name__ == "__main__":
# FIXME jail!
magic = sys.argv[2]
web.run(urls, globals())
|