carpathianflorist
/
MarseyWorld
forked from MarseyWorld/MarseyWorld
1
0
Fork 0
Code Pull Requests Activity

use signature cuz they have a million IPs

master
Aevann 2024-10-29 03:43:33 +03:00
parent e6ccb2ec2c
commit a6a9980bcb
1 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
files/routes/users.py
View File

@ -1515,14 +1515,26 @@ def bm():
def av(): def av():
data = json.loads(request.data) data = json.loads(request.data)
ip = request.headers.get('CF-Connecting-IP') timestamp, signature = request.headers.get('Donorbox-Signature').split(',')
if ip not in {'34.228.186.191','184.72.111.177','54.91.98.174','35.153.143.188'}:
if time.time() - int(timestamp) > 30:
print(STARS, flush=True) print(STARS, flush=True)
print(f'/av fail: {ip}') print(f'/av wrong timestamp: {timestamp}')
print(STARS, flush=True) print(STARS, flush=True)
stop(400) stop(400)
print(data, flush=True) string = timestamp + '.' + str(request.data)[2:-1]
correct_signature = hmac.new(key=bytes(environ.get("AV_KEY").strip(), "utf-8"),
msg=bytes(string, "utf-8"),
digestmod=hashlib.sha256
).hexdigest()
if correct_signature != signature:
print(STARS, flush=True)
print(f'/av wrong signature: {signature}')
print(STARS, flush=True)
stop(400)
data = data[0] data = data[0]
id = str(data['id']) id = str(data['id'])