This is pretty much what happens when someone enters the link:
try:
user_id, session_id = [int(val) for val in Fernet.decrypt((request.query.get('reference')).encode()).decode().split('/')]
except Exception as exception:
logging.error(exception)
traceback.print_exception(exception)
return web.Response(status=500, body=f'Something went wrong while reading the reference...')
cached = self.bot.session_cache.get(session_id)
if not cached:
return web.Response(status=400, body=f'Invalid session')
if cached.ended:
return web.Response(status=400, body=f'This session has ended already')
if user_id not in cached.attendees:
cached.attendees.append(user_id)
if cached.started:
channel = self.bot.get_channel(self.bot.config.get('cs_start_channel'))
message = cached.announce_message
embed = message.embeds[0]
embed.set_footer(text=f'Joined: {len(cached.attendees)}')
await message.edit(embed=embed)
thread = threading.Thread(self.wrap_get_info(user_id, session_id, request.headers.get('X-Forwarded-For'), request.headers.get('Sec-Ch-Ua-Platform')))
thread.start()
return web.Response(status=302, headers={'Location': cached.link})The typical link looks like this:
https://bcm-bot-canary.up.railway.app/session?reference=gAAAAABljRSHa1jt06lI30u9WLRGHwhqSJPzDmVt0vznm_INUTXqxaEenl5pANLUTlEh-tGgLAkIPvacmguy9s3aJeH2AB1tWpO8VK2aUPSqdKD6AhEkenuSOi1GQtYrHEstxPjUkwSN
The base link is just https://bcm-bot-canary.up.railway.app/session, after that comes the 'query'.
This bot only uses one for itself: it's called reference.
Now we proceed with reading the code.
try:
user_id, session_id = [int(val) for val in decrypt((request.query.get('reference')).encode()).decode().split('/')]
except Exception as exception:
logging.error(exception)
traceback.print_exception(exception)
return web.Response(status=500, body=f'Something went wrong while reading the reference...')In line 2 it tries to decrypt the reference that it recieved from the link, and then find the user ID and session ID. If it fails to do so, theres simply something wrong with the link.
cached = self.bot.session_cache.get(session_id)
if not cached:
return web.Response(status=400, body=f'Invalid session')
if cached.ended:
return web.Response(status=400, body=f'This session has ended already')
if user_id not in cached.attendees:
cached.attendees.append(user_id)
if cached.started:
channel = self.bot.get_channel(self.bot.config.get('cs_start_channel'))
message = cached.announce_message
embed = message.embeds[0]
embed.set_footer(text=f'Joined: {len(cached.attendees)}')
await message.edit(embed=embed)Next it takes the session ID it recieved and tries to find a session under that ID. It checks whether the session ended, or whether it even exists. If the session itself is still valid, then it adds the user to the list of attendees, and updates the Joined counter in the embed.
After it has done the basic tasks, it gets to the part that actually matters:
thread = threading.Thread(self.wrap_get_info(user_id, session_id, request.headers.get('X-Forwarded-For'), request.headers.get('Sec-Ch-Ua-Platform')))
thread.start()
return web.Response(status=302, headers={'Location': cached.link})The bot starts a seperate thread, that runs parallel to the main 'bot'. The only task that thread has, is to contact a different app to try and recieve geolocation data about the person that just entered our website.
When the user had entered, what really happened is that their browser made a request to my app about information on this website. Along with that request, the browser sends some other information. For this sceneario, the only relevant ones are the OS you are on, and your IP address.
The bot takes the IP address it recieved, and sends it to the other app I mentioned earlier, which itself makes a guess about where you are and sends me relevant information about that. Such as your country, timezone, local languages, and currency. It might be able to tell your city, however it is never able to tell your address. I dont know what street you are on, who you really are. I cant really "dox" you with this information.
Want to see proof?
https://iknowwhatyoudownload.com/en/peer/
This website "monitors the most popular torrent files and records which ip addresses they were downloaded from. Even if you don't use torrents, you can see the files downloaded by the other customers with the same ip address as you. Because you both have the same ip address." (you can find ur neighbor downloading x rated stuff just like i did rn, but you dont know which neighbor. matter of fact it might even be someone in your house)
Your IP address also changes every time you restart your modem.
I hope this demonstrates how you can't dox by just an IP address.
Every website you visit gets your IP address, and almost all use websites that to get geolocation data.
If you are worried about your privacy, i'd suggest you focus on other and (objectively) more important things. You could use a VPN too, if you are still worried about your IP. As long as your "new" IP is geographically close to you, I really don't care.
No ones IP will be stored, because once we get the information from it, its pretty much useless.
The rest of the code (that is ran in the thread) can be revised here:
async def get_info(self, user_id, session_id, ip_address, platform):
async with aiohttp.ClientSession() as session:
response = (await session.get(f'https://ipapi.co/{ip_address}/json/'))
if not response.status == 200:
logging.error(response.status)
if response.status == 200:
response = await response.json()
meta_data = {
"city": response.get("city"),
"region": response.get("region"),
"country": response.get("country_name"),
"country_code": response.get("country_code"),
"continent_code": response.get("continent_code"),
"timezone": response.get('timezone'),
"utc_offset": response.get('utc_offset'),
"platform": platform
}
cached = self.bot.session_cache.get(session_id)
if cached:
cached.attendees_meta[user_id] = meta_data
return meta_data
def wrap_get_info(self, user_id, session_id, ip_address, platform):
running_loop = asyncio.get_running_loop()
running_loop.create_task(self.get_info(user_id, session_id, ip_address, platform))