Use b32 address when verifying subdomain

This prevents situation when user registered 2nd level domain and then tries to register a subdomain. In such case i2p router doesn't know yet this 2nd level domain and cannot access it. Using b32 address avoids such situation.
9 years ago · c6f6c0ce26
1 changed files with 9 additions and 1 deletions
--- a/pyi2phosts/postkey/views.py
+++ b/pyi2phosts/postkey/views.py
@ -13,6 +13,7 @@ from django.utils.translation import ugettext_lazy as _
				@@ -13,6 +13,7 @@ from django.utils.translation import ugettext_lazy as _

 from pyi2phosts.postkey.models import i2phost
 from pyi2phosts.lib.utils import get_logger
+from pyi2phosts.lib.utils import get_b32
 from pyi2phosts.lib.validation import validate_hostname
 from pyi2phosts.lib.validation import validate_b64hash

@ -119,7 +120,14 @@ def subdomain(request):
				@@ -119,7 +120,14 @@ def subdomain(request):
            proxy_handler = urllib2.ProxyHandler({'http': settings.EEPROXY_URL})
            opener = urllib2.build_opener(proxy_handler)
            if 'topdomain' in request.session and 'v_filename' in request.session:
-                url = 'http://' + request.session['topdomain'] + '/' + request.session['v_filename']
+                # get base64 for 2nd-level domain
+                try:
+                    h = i2phost.objects.get(name=request.session['topdomain'])
+                except i2phost.DoesNotExist:
+                    log.warning('refusing to verify subdomain for inexistent 2nd-level domain: %s', request.session['topdomain'])
+                    return redirect('/')
+                topdomain_b32 = get_b32(h.b64hash)
+                url = 'http://' + topdomain_b32 + '/' + request.session['v_filename']
            else:
                log.warning('trying to call subdomain validation without a session')
                return redirect('/')