Fixing up tunnel

2025-03-12 04:58:34 +03:00 · 2024-01-16 17:18:58 +01:00 · 2024-01-16 17:18:58 +01:00 · 63a3469c91
commit 63a3469c91
parent 009df1f4cb
3 changed files with 19 additions and 16 deletions
--- a/server/src/uds/core/consts/system.py
+++ b/server/src/uds/core/consts/system.py
@ -71,4 +71,13 @@ SHORT_CACHE_TIMEOUT: typing.Final[int] = DEFAULT_CACHE_TIMEOUT // 3  # 1 minute

 DEFAULT_REQUEST_TIMEOUT: typing.Final[int] = 20  # In seconds
 DEFAULT_CONNECT_TIMEOUT: typing.Final[int] = 4   # In seconds
-DEFAULT_WAIT_TIME: typing.Final[int] = 8  # seconds
+DEFAULT_WAIT_TIME: typing.Final[int] = 8  # seconds
+
+# Tickets related
+DEFAULT_TICKET_VALIDITY_TIME: typing.Final[int] = 60  # 1 minute
+MAX_TICKET_VALIDITY_TIME: typing.Final[int] = 60 * 60 * 24 * 7  # 1 week
+TUNNEL_TICKET_VALIDITY_TIME: typing.Final[int] = 60 * 60 * 24 * 7  # 1 week
+
+TICKET_SECURED_ONWER = '#SECURE#'  # Just a "different" owner. If used anywhere, it's not important (will not fail), but weird enough
+# Note that the tunnel ticket will be the owner + the ticket itself, so it will be 48 chars long (Secured or not)
+TICKET_LENGTH = 40  # Ticket length must much the length of the ticket length on tunnel server!!! (take care with previous note)
--- a/server/src/uds/models/ticket_store.py
+++ b/server/src/uds/models/ticket_store.py
@ -39,25 +39,19 @@ from django.db import models
 from uds.core.managers.crypto import CryptoManager

 from .uuid_model import UUIDModel
-from ..core.util.model import sql_datetime
+from uds.core.util.model import sql_datetime
+from uds.core import consts

 from .user import User
 from .user_service import UserService

 logger = logging.getLogger(__name__)

-SECURED = '#SECURE#'  # Just a "different" owner. If used anywhere, it's not important (will not fail), but weird enough
-# Note that the tunnel ticket will be the owner + the ticket itself, so it will be 48 chars long (Secured or not)
-TICKET_LENGTH = 40  # Ticket length must much the length of the ticket length on tunnel server!!! (take care with previous note)
-
-
 class TicketStore(UUIDModel):
    """
    Tickets storing on DB
    """

-    DEFAULT_VALIDITY = 60
-    MAX_VALIDITY = 60 * 60 * 12
    # Cleanup will purge all elements that have been created MAX_VALIDITY ago

    owner = models.CharField(null=True, blank=True, default=None, max_length=8)
@ -82,12 +76,12 @@ class TicketStore(UUIDModel):

    @staticmethod
    def generate_uuid() -> str:
-        return CryptoManager().random_string(TICKET_LENGTH).lower()  # Temporary fix lower() for compat with 3.0
+        return CryptoManager().random_string(consts.system.TICKET_LENGTH).lower()  # Temporary fix lower() for compat with 3.0

    @staticmethod
    def create(
        data: typing.Any,
-        validity: int = DEFAULT_VALIDITY,
+        validity: int = consts.system.DEFAULT_TICKET_VALIDITY_TIME,
        owner: typing.Optional[str] = None,
        secure: bool = False,
    ) -> str:
@ -108,7 +102,7 @@ class TicketStore(UUIDModel):
            if not owner:
                raise ValueError('Tried to use a secure ticket without owner')
            data = CryptoManager().aes_crypt(data, owner.encode())
-            owner = SECURED  # So data is REALLY encrypted, because key used to encrypt is sustituted by SECURED on DB
+            owner = consts.system.TICKET_SECURED_ONWER  # So data is REALLY encrypted, because key used to encrypt is sustituted by SECURED on DB

        return TicketStore.objects.create(
            uuid=TicketStore.generate_uuid(),
@ -134,7 +128,7 @@ class TicketStore(UUIDModel):
                # So, if this is a secure ticket, we must use the SECURED value
                # And use the real "owner" as key to encrypt/decrypt
                key = owner.encode()
-                owner = SECURED
+                owner = consts.system.TICKET_SECURED_ONWER

            t = TicketStore.objects.get(uuid=uuid, owner=owner)
            validity = datetime.timedelta(seconds=t.validity)
@ -290,13 +284,13 @@ class TicketStore(UUIDModel):
                seconds=v.validity + 600
            ):  # Delete only really old tickets. Avoid "revalidate" issues
                v.delete()
-        cleanSince = now - datetime.timedelta(seconds=TicketStore.MAX_VALIDITY)
+        cleanSince = now - datetime.timedelta(seconds=consts.system.MAX_TICKET_VALIDITY_TIME)
        # Also remove too long tickets, even if they are not  (12 hours is the default)
        TicketStore.objects.filter(stamp__lt=cleanSince).delete()

    def __str__(self) -> str:
        # Tickets are generated by us, so we know they are safe
-        data = pickle.loads(self.data) if self.owner != SECURED else '{Secure Ticket}'  # nosec
+        data = pickle.loads(self.data) if self.owner != consts.system.TICKET_SECURED_ONWER else '{Secure Ticket}'  # nosec

        return (
            f'Ticket id: {self.uuid}, Owner: {self.owner}, Stamp: {self.stamp}, '
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 1b12c71ca5ff5035890e2321543b6a916d89c327
+Subproject commit 1e7828cb8cc357594f19166add37c18c4930833d