admin stuff
This commit is contained in:
Flummi
98
src/inc/routes/admin.mjs
Normal file
98
src/inc/routes/admin.mjs
Normal file
@ -0,0 +1,98 @@
|
||||
import router from "../router.mjs";
|
||||
import sql from "../sql.mjs";
|
||||
import tpl from "../tpl.mjs";
|
||||
import lib from "../lib.mjs";
|
||||
import util from "util";
|
||||
import crypto from "crypto";
|
||||
import cfg from "../../../config.json";
|
||||
|
||||
const scrypt = util.promisify(crypto.scrypt);
|
||||
|
||||
const hash = async str => {
|
||||
const salt = crypto.randomBytes(16).toString("hex");
|
||||
const derivedKey = await scrypt(str, salt, 64);
|
||||
return "$f0ck$" + salt + ":" + derivedKey.toString("hex");
|
||||
};
|
||||
|
||||
const verify = async (str, hash) => {
|
||||
const [ salt, key ] = hash.substring(6).split(":");
|
||||
const keyBuffer = Buffer.from(key, "hex");
|
||||
const derivedKey = await scrypt(str, salt, 64);
|
||||
return crypto.timingSafeEqual(keyBuffer, derivedKey);
|
||||
};
|
||||
|
||||
const createID = () => crypto.randomBytes(16).toString("hex") + Date.now().toString(24);
|
||||
|
||||
router.get(/^\/login(\/)?$/, async (req, res) => {
|
||||
if(req.cookies.session)
|
||||
return res.reply({ body: "du bist schon eingeloggt lol<pre>"+util.inspect(req.session)+"</pre>" });
|
||||
res.reply({
|
||||
body: tpl.render("views/login", {}, req)
|
||||
});
|
||||
});
|
||||
|
||||
router.post(/^\/login(\/)?$/, async (req, res) => {
|
||||
const user = await sql("user").where("login", req.post.username.toLowerCase()).limit(1);
|
||||
if(user.length === 0)
|
||||
return res.reply({ body: "user doesn't exist or wrong password" });
|
||||
if(!(await verify(req.post.password, user[0].password)))
|
||||
return res.reply({ body: "user doesn't exist or wrong password" });
|
||||
const stamp = Date.now() / 1e3;
|
||||
|
||||
const session = lib.md5(createID());
|
||||
await sql("user_sessions").insert({
|
||||
user_id: user[0].id,
|
||||
session: lib.md5(session),
|
||||
browser: req.headers["user-agent"],
|
||||
created_at: stamp,
|
||||
last_used: stamp
|
||||
});
|
||||
|
||||
return res.writeHead(301, {
|
||||
"Cache-Control": "no-cache, public",
|
||||
"Set-Cookie": `session=${session}; Path=/`,
|
||||
"Location": "/"
|
||||
}).end();
|
||||
});
|
||||
|
||||
router.get(/^\/logout$/, async (req, res) => {
|
||||
if(!req.session)
|
||||
return res.redirect("/");
|
||||
|
||||
const usersession = await sql("user_sessions").where("id", req.session.sess_id);
|
||||
if(usersession.length === 0)
|
||||
return res.reply({ body: "nope 2" });
|
||||
|
||||
await sql("user_sessions").where("id", req.session.sess_id).del();
|
||||
return res.writeHead(301, {
|
||||
"Cache-Control": "no-cache, public",
|
||||
"Set-Cookie": "session=; Path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT",
|
||||
"Location": "/login"
|
||||
}).end();
|
||||
});
|
||||
|
||||
router.get(/^\/login\/pwdgen$/, async (req, res) => {
|
||||
res.reply({
|
||||
body: "<form action=\"/login/pwdgen\" method=\"post\"><input type=\"text\" name=\"pwd\" placeholder=\"pwd\" /><input type=\"submit\" value=\"f0ck it\" /></form>"
|
||||
});
|
||||
});
|
||||
router.post(/^\/login\/pwdgen$/, async (req, res) => {
|
||||
res.reply({
|
||||
body: await hash(req.post.pwd)
|
||||
});
|
||||
});
|
||||
|
||||
router.get(/^\/login\/test$/, async (req, res) => {
|
||||
res.reply({
|
||||
body: "<pre>" + util.inspect(req) + "</pre>"
|
||||
});
|
||||
});
|
||||
|
||||
router.get(/^\/admin(\/)?$/, async (req, res) => {
|
||||
if(!req.session)
|
||||
return res.redirect("/");
|
||||
|
||||
res.reply({
|
||||
body: tpl.render("views/admin", {}, req)
|
||||
});
|
||||
});
|
||||
@ -47,12 +47,10 @@ router.get(/^\/(audio\/?|image\/?|video\/?)?(p\/\d+)?$/, async (req, res) => {
|
||||
link: `/${tmpmime ? tmpmime + "/" : ""}p/`
|
||||
},
|
||||
last: rows[rows.length - 1].id,
|
||||
filter: tmpmime ? tmpmime : undefined,
|
||||
themes: cfg.websrv.themes,
|
||||
theme: (typeof req.cookies.theme !== "undefined" && cfg.websrv.themes.includes(req.cookies.theme)) ? req.cookies.theme : cfg.websrv.themes[0]
|
||||
filter: tmpmime ? tmpmime : undefined
|
||||
};
|
||||
|
||||
res.reply({ body: tpl.render("views/index", data) });
|
||||
res.reply({ body: tpl.render("views/index", data, req) });
|
||||
});
|
||||
|
||||
router.get(/^\/((audio\/|video\/|image\/)?[0-9]+)$/, async (req, res) => {
|
||||
@ -121,18 +119,13 @@ router.get(/^\/((audio\/|video\/|image\/)?[0-9]+)$/, async (req, res) => {
|
||||
link: `/${tmpmime ? tmpmime + "/" : ""}`
|
||||
},
|
||||
filter: tmpmime ? tmpmime : undefined,
|
||||
themes: cfg.websrv.themes,
|
||||
theme: (typeof req.cookies.theme !== "undefined" && cfg.websrv.themes.includes(req.cookies.theme)) ? req.cookies.theme : cfg.websrv.themes[0],
|
||||
lul: cfg.websrv.phrases[~~(Math.random() * cfg.websrv.phrases.length)]
|
||||
};
|
||||
res.reply({ body: tpl.render("views/item", data) });
|
||||
res.reply({ body: tpl.render("views/item", data, req) });
|
||||
});
|
||||
|
||||
router.get(/^\/(about)$/, (req, res) => {
|
||||
res.reply({
|
||||
body: tpl.render(`views/${req.url.split[0]}`, {
|
||||
themes: cfg.websrv.themes,
|
||||
theme: (typeof req.cookies.theme !== "undefined" && cfg.websrv.themes.includes(req.cookies.theme)) ? req.cookies.theme : cfg.websrv.themes[0]
|
||||
})
|
||||
body: tpl.render(`views/${req.url.split[0]}`, {}, req)
|
||||
});
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user