From 43574afcbcda40a9959c0ff42e964b97294b8819 Mon Sep 17 00:00:00 2001
From: Jonathan Flueren <jonathan.flueren@tu-dortmund.de>
Date: Sun, 13 Aug 2023 22:08:35 +0200
Subject: [PATCH] Switch to mac hashes

---
 scanner/upload.py       |  23 +++---
 scanner/wifi_map.yaml   |   2 +-
 website/identities.json |   2 +-
 website/index.php       | 158 ++++++++++++++++++++++++++++++----------
 website/present.json    |   2 +-
 website/update.php      |   2 +-
 6 files changed, 135 insertions(+), 54 deletions(-)

diff --git a/scanner/upload.py b/scanner/upload.py
index f65c803..a1b778b 100644
--- a/scanner/upload.py
+++ b/scanner/upload.py
@@ -7,42 +7,41 @@ import json
 import hmac
 import hashlib
 
-IDENTITIES_PATH = "identities.yaml"
-WEBHOOK_URL = "https://cloud.flueren.eu/public/update.php"
+IDENTITIES_URL = "http://localhost:8080/identities.json"
+WEBHOOK_URL = "http://localhost:8080/update.php"
 WEBHOOK_SECRET = "CHANGE-THIS"
 
+def get_identities():
+    resp = requests.get(IDENTITIES_URL)
+    return resp.json()
+
+
 def parse_wifi_map(map_path):
     # read scan results
     with open(map_path, 'r') as f:
         wifi_map = yaml.safe_load(f)
 
     # read known identities
-    with open(IDENTITIES_PATH, 'r') as f:
-        identities = yaml.safe_load(f)['identities']
+    identities = get_identities()
 
     print("Known identities:")
     for identity in identities:
-        print('mac = {}, name = {}'.format(identity['mac'],identity['name']))
+        print('mac hash = {}, name = {}'.format(identity['mac_hash'],identity['name']))
     
-    devices = set()
     filtered_identities = set()
 
     # filter scan results for known identities
     for ssid in wifi_map:
-        #print('ssid = {}'.format(ssid))
         ssid_node = wifi_map[ssid]
         for bssid in ssid_node:
-            #print('\tbssid = {}'.format(bssid))
             bssid_node = ssid_node[bssid]
             if 'devices' in bssid_node:
                 for device in bssid_node['devices']:
-                    devices |= {device}
-                    #print('\t\tdevice = {}'.format(device))
                     for identity in identities:
-                        if identity['mac'] == device:
+                        mac_hash = hashlib.sha256(device.encode()).hexdigest()
+                        if identity['mac_hash'] == mac_hash:
                             filtered_identities |= {identity['name']}
 
-    #print('\n\nSSID count: {}, Device count: {}'.format(len(wifi_map), len(devices)))
     print('\nFiltered identities:')
     print(filtered_identities)
 
diff --git a/scanner/wifi_map.yaml b/scanner/wifi_map.yaml
index dbe12fe..468fb48 100644
--- a/scanner/wifi_map.yaml
+++ b/scanner/wifi_map.yaml
@@ -5,7 +5,7 @@ TEST_SSID:
     channels:
     - 11
     devices:
-      3c:07:71:15:f1:48:
+      00:00:00:00:00:00:
         bytes: 798
         signal: 1
         vendor: Sony Corporation
diff --git a/website/identities.json b/website/identities.json
index 0637a08..d201437 100644
--- a/website/identities.json
+++ b/website/identities.json
@@ -1 +1 @@
-[]
\ No newline at end of file
+[{"name":"Jon","mac_hash":"38fbdde984330e50c02382e647c576b71f41cc5c45b193d4f3177e6ee8f22a78"},{"name":"BROADCAST","mac_hash":"ef85d972b07fccdd79085ddb4713cd487c3838e128a7c4d11092909675c2022d"}]
\ No newline at end of file
diff --git a/website/index.php b/website/index.php
index 4fccccc..4a101ed 100644
--- a/website/index.php
+++ b/website/index.php
@@ -1,47 +1,92 @@
 <?php
 
+define('IDENTITIES_FILE', 'identities.json');
+define('PRESENT_FILE', 'present.json');
+
 $page_title = 'CZI Presence Detector';
-$present_file = 'present.json';
-$identities_file = 'identities.json';
+$name_pattern = "^([ a-zA-Z'\-]){1,30}$";
+$mac_pattern = "^([0-9A-Fa-f]{2}[:-s]){5}([0-9A-Fa-f]{2})$";
 
-$name_pattern = "^([ \u00c0-\u01ffa-zA-Z'\-]){1,30}$";
-$mac_pattern = '^([0-9A-Fa-f]{2}[:-s]){5}([0-9A-Fa-f]{2})$';
-
-$present = json_decode(file_get_contents($present_file), true);
+$present = json_decode(file_get_contents(PRESENT_FILE), true);
 
 $tz = 'Europe/Berlin';
 $datetime = new DateTime("now", new DateTimeZone($tz));
 $datetime->setTimestamp($present["timestamp"]);
 
-if ($_SERVER['REQUEST_METHOD'] == "POST") {
-	if (
-   preg_match($name_pattern, $_POST['name']) != 1 ||
-   preg_match($mac_pattern, $_POST['mac'] != 1)
-  ) {
-    http_response_code(400);
-    die("Bad data");
-  }
 
-  $name = $_POST['name'];
-  $normalized_mac = str_replace('-', ':', strtolower($_POST['mac']));
+function hash_mac($mac) {
+  $normalized_mac = str_replace('-', ':', strtolower($mac));
   $hashed_mac = hash('sha256', $normalized_mac);
+  return $hashed_mac;
+}
 
-  $identities = json_decode(file_get_contents($identities_file), true);
+function add_identity($name, $mac) {
+  if (
+    preg_match('/' . $name_pattern . '/', $name) != 1 ||
+    preg_match('/' . $mac_pattern . '/', $mac) != 1
+   ) {
+     http_response_code(400);
+     die("Bad data");
+   }
+ 
+   $hashed_mac = hash_mac($mac);
+ 
+   $identities = json_decode(file_get_contents(IDENTITIES_FILE), true);
+ 
+   $url = strtok($_SERVER['REQUEST_URI'], '?');
 
-  foreach ($identities as $identity) {
-    if (
-      $identity['name'] == $name ||
-      $identity['mac_hash'] == $hashed_mac
-    ) {
-      // TODO show error to user
-      die("Duplicate data");
+   foreach ($identities as $identity) {
+     if ($identity['name'] == $name) {
+       header("Location: " . $url . "?dup_name", true, 303);
+       exit();
+     }
+     if ($identity['mac_hash'] == $hashed_mac) {
+       header("Location: " . $url . "?dup_mac", true, 303);
+       exit();
+     }
+   }
+   
+   array_push($identities, array("name" => $name, "mac_hash" => $hashed_mac));
+   file_put_contents(IDENTITIES_FILE, json_encode($identities));
+ 
+   header("Location: " . $url . "?succ", true, 303);
+   exit();
+}
+
+function remove_identity($mac) {
+  if (preg_match('/' . $mac_pattern . '/', $mac) != 1) {
+     http_response_code(400);
+     die("Bad data");
+   }
+
+   $hashed_mac = hash_mac($mac);
+
+   $identities = json_decode(file_get_contents(IDENTITIES_FILE), true);
+
+   $new_identities = array();
+
+   foreach ($identities as $identity) {
+    if ($identity['mac_hash'] != $hashed_mac) {
+      array_push($new_identities, $identity);
     }
-  }
-  
-  // TODO store new identity
 
-  header("Location: /", true, 303);
-	exit();
+   file_put_contents(IDENTITIES_FILE, json_encode($new_identities));
+
+   header("Location: " . strtok($_SERVER['REQUEST_URI'], '?'), true, 303);
+   exit();
+  }
+}
+
+if ($_SERVER['REQUEST_METHOD'] == "POST") {
+  if (
+    isset($_POST['name']) && 
+    isset($_POST['mac'])
+  ) {
+    add_identity($_POST['name'], $_POST['mac']);
+  } 
+  else if (isset($_POST['remove-mac'])) {
+    remove_identity($_POST['remove-mac']);
+  }
 }
 ?>
 
@@ -75,15 +120,52 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
         }
       ?>
     </table>
-    <br><br><br>
-    <div class="card" style="max-width: 30rem;">
-      <div class="card-body">
-        <h5 class="card-title">Neues Gerät tracken</h5>
-      <form method="POST">
-      <input class="form-control" type="text" name="name" pattern="<?php print($name_pattern); ?>" placeholder="Gebe hier deinen Namen ein" value="" /><br>
-      <input class="form-control" type="text" name="mac" pattern="<?php print($mac_pattern); ?>" placeholder="Gebe hier die MAC-Adresse des zu trackenden Gerätes ein" value="" /><br>
-      <button class="btn btn-primary" type="submit">Speichern</button>
-    </form></div></div>
+    <br><br>
+    <?php
+    if ($_SERVER['QUERY_STRING'] == 'dup_name') {
+      ?>
+    <div class="alert alert-danger" role="alert">
+      Name already in use, please choose a different one.
+    </div>
+      <?php
+    } else if ($_SERVER['QUERY_STRING'] == 'dup_mac') {
+      ?>
+    <div class="alert alert-danger" role="alert">
+      MAC already set up, please remove it first to change name.
+    </div>
+      <?php
+    } else if ($_SERVER['QUERY_STRING'] == 'succ') {
+      ?>
+    <div class="alert alert-success" role="alert">
+      Identity successfully saved.
+    </div>
+      <?php
+    }?>
+    <div class="row justify-content-start">
+      <div class="col col-md-4">
+        <div class="card" style="max-width: 30rem;">
+          <div class="card-body">
+            <h5 class="card-title">Neues Gerät tracken</h5>
+            <form method="POST">
+              <input class="form-control" type="text" name="name" pattern="<?php print($name_pattern); ?>" placeholder="Gebe hier deinen Namen ein" value="" /><br>
+              <input class="form-control" type="text" name="mac" pattern="<?php print($mac_pattern); ?>" placeholder="Gebe hier die MAC-Adresse des zu trackenden Gerätes ein" value="" /><br>
+              <button class="btn btn-primary" type="submit">Speichern</button>
+            </form>
+          </div>
+        </div>
+      </div>
+      <div class="col col-md-4">
+        <div class="card" style="max-width: 30rem;">
+          <div class="card-body">
+            <h5 class="card-title">Gerät entfernen</h5>
+            <form method="POST">
+              <input class="form-control" type="text" name="remove-mac" pattern="<?php print($mac_pattern); ?>" placeholder="Gebe hier die MAC-Adresse des zu löschenden Gerätes ein" value="" /><br>
+              <button class="btn btn-primary" type="submit">Entfernen</button>
+            </form>
+          </div>
+        </div>
+      </div>
+    </div>
   </div>
   </body>
 </html>
\ No newline at end of file
diff --git a/website/present.json b/website/present.json
index a2e023a..05b8986 100644
--- a/website/present.json
+++ b/website/present.json
@@ -1 +1 @@
-{"timestamp":1691853251,"names":["BROADCAST"]}
\ No newline at end of file
+{"timestamp":1691957288,"names":["Jon"]}
\ No newline at end of file
diff --git a/website/update.php b/website/update.php
index 3e513a3..4955543 100644
--- a/website/update.php
+++ b/website/update.php
@@ -61,7 +61,7 @@ http_response_code(200);
 
 $present = array(
     "timestamp" => time(),
-    "identities" => $decoded
+    "names" => $decoded
 );
 
 file_put_contents($present_file, json_encode($present));
\ No newline at end of file