new backend
This commit is contained in:
Flummi
@@ -1,151 +1,131 @@
|
||||
import router from "../router.mjs";
|
||||
import sql from "../sql.mjs";
|
||||
import tpl from "../tpl.mjs";
|
||||
import lib from "../lib.mjs";
|
||||
import util from "util";
|
||||
import crypto from "crypto";
|
||||
import { auth } from "../meddlware.mjs";
|
||||
import { exec } from "child_process";
|
||||
import search from "./inc/search.mjs";
|
||||
|
||||
const scrypt = util.promisify(crypto.scrypt);
|
||||
|
||||
const hash = async str => {
|
||||
const salt = crypto.randomBytes(16).toString("hex");
|
||||
const derivedKey = await scrypt(str, salt, 64);
|
||||
return "$f0ck$" + salt + ":" + derivedKey.toString("hex");
|
||||
};
|
||||
|
||||
const verify = async (str, hash) => {
|
||||
const [ salt, key ] = hash.substring(6).split(":");
|
||||
const keyBuffer = Buffer.from(key, "hex");
|
||||
const derivedKey = await scrypt(str, salt, 64);
|
||||
return crypto.timingSafeEqual(keyBuffer, derivedKey);
|
||||
};
|
||||
|
||||
const createID = () => crypto.randomBytes(16).toString("hex") + Date.now().toString(24);
|
||||
|
||||
router.get(/^\/login(\/)?$/, async (req, res) => {
|
||||
if(req.cookies.session)
|
||||
return res.reply({ body: "du bist schon eingeloggt lol<pre>"+util.inspect(req.session)+"</pre>" });
|
||||
res.reply({
|
||||
body: tpl.render("views/login", {}, req)
|
||||
});
|
||||
});
|
||||
|
||||
router.post(/^\/login(\/)?$/, async (req, res) => {
|
||||
const user = await sql("user").where("login", req.post.username.toLowerCase()).limit(1);
|
||||
if(user.length === 0)
|
||||
return res.reply({ body: "user doesn't exist or wrong password" });
|
||||
if(!(await verify(req.post.password, user[0].password)))
|
||||
return res.reply({ body: "user doesn't exist or wrong password" });
|
||||
const stamp = Date.now() / 1e3;
|
||||
|
||||
const session = lib.md5(createID());
|
||||
await sql("user_sessions").insert({
|
||||
user_id: user[0].id,
|
||||
session: lib.md5(session),
|
||||
browser: req.headers["user-agent"],
|
||||
created_at: stamp,
|
||||
last_used: stamp,
|
||||
last_action: "/login"
|
||||
});
|
||||
|
||||
return res.writeHead(301, {
|
||||
"Cache-Control": "no-cache, public",
|
||||
"Set-Cookie": `session=${session}; Path=/; Expires=Fri, 31 Dec 9999 23:59:59 GMT`,
|
||||
"Location": "/"
|
||||
}).end();
|
||||
});
|
||||
|
||||
router.get(/^\/logout$/, auth, async (req, res) => {
|
||||
const usersession = await sql("user_sessions").where("id", req.session.sess_id);
|
||||
if(usersession.length === 0)
|
||||
return res.reply({ body: "nope 2" });
|
||||
|
||||
await sql("user_sessions").where("id", req.session.sess_id).del();
|
||||
return res.writeHead(301, {
|
||||
"Cache-Control": "no-cache, public",
|
||||
"Set-Cookie": "session=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT",
|
||||
"Location": "/login"
|
||||
}).end();
|
||||
});
|
||||
|
||||
router.get(/^\/login\/pwdgen$/, async (req, res) => {
|
||||
res.reply({
|
||||
body: "<form action=\"/login/pwdgen\" method=\"post\"><input type=\"text\" name=\"pwd\" placeholder=\"pwd\" /><input type=\"submit\" value=\"f0ck it\" /></form>"
|
||||
});
|
||||
});
|
||||
router.post(/^\/login\/pwdgen$/, async (req, res) => {
|
||||
res.reply({
|
||||
body: await hash(req.post.pwd)
|
||||
});
|
||||
});
|
||||
|
||||
router.get(/^\/login\/test$/, async (req, res) => {
|
||||
res.reply({
|
||||
body: "<pre>" + util.inspect(req) + "</pre>"
|
||||
});
|
||||
});
|
||||
|
||||
router.get(/^\/admin(\/)?$/, auth, async (req, res) => { // frontpage
|
||||
const totals = await sql("items")
|
||||
.select(
|
||||
sql.raw("(select count(*) from items) total"),
|
||||
sql.raw("sum(if(ifnull(tags_assign.item_id, 0) = 0, 1, 0)) untagged"),
|
||||
sql.raw("sum(if(ifnull(tags_assign.item_id, 1) = 1, 0, 1)) tagged"))
|
||||
.leftJoin("tags_assign", "tags_assign.item_id", "items.id");
|
||||
|
||||
res.reply({
|
||||
body: tpl.render("views/admin", { totals: totals[0] }, req)
|
||||
});
|
||||
});
|
||||
|
||||
router.get(/^\/admin\/sessions(\/)?$/, auth, async (req, res) => {
|
||||
const rows = await sql("user_sessions")
|
||||
.leftJoin("user", "user.id", "user_sessions.user_id")
|
||||
.select("user_sessions.*", "user.user")
|
||||
.orderBy("user.id");
|
||||
|
||||
const totals = await sql("items")
|
||||
.select(
|
||||
sql.raw("(select count(*) from items) total"),
|
||||
sql.raw("sum(if(ifnull(tags_assign.item_id, 0) = 0, 1, 0)) untagged"),
|
||||
sql.raw("sum(if(ifnull(tags_assign.item_id, 1) = 1, 0, 1)) tagged"))
|
||||
.leftJoin("tags_assign", "tags_assign.item_id", "items.id");
|
||||
|
||||
res.reply({
|
||||
body: tpl.render("views/admin_sessions", {
|
||||
sessions: rows,
|
||||
totals: totals[0]
|
||||
}, req)
|
||||
});
|
||||
});
|
||||
|
||||
router.get(/^\/admin\/test(\/)?$/, auth, async (req, res) => {
|
||||
let ret;
|
||||
const totals = await sql("items")
|
||||
.select(
|
||||
sql.raw("(select count(*) from items) total"),
|
||||
sql.raw("sum(if(ifnull(tags_assign.item_id, 0) = 0, 1, 0)) untagged"),
|
||||
sql.raw("sum(if(ifnull(tags_assign.item_id, 1) = 1, 0, 1)) tagged"))
|
||||
.leftJoin("tags_assign", "tags_assign.item_id", "items.id");
|
||||
|
||||
if(Object.keys(req.url.qs).length > 0) {
|
||||
const tag = req.url.qs.tag;
|
||||
|
||||
const rows = await sql("tags")
|
||||
.select("items.id", "items.username", "tags.tag")
|
||||
.leftJoin("tags_assign", "tags_assign.tag_id", "tags.id")
|
||||
.leftJoin("items", "items.id", "tags_assign.item_id")
|
||||
.where("tags.tag", "regexp", tag);
|
||||
|
||||
ret = search(rows, tag);
|
||||
const auth = async (req, res, next) => {
|
||||
if(!req.session) {
|
||||
return res.reply({
|
||||
code: 401,
|
||||
body: "401 - Unauthorized"
|
||||
});
|
||||
}
|
||||
return next();
|
||||
};
|
||||
|
||||
res.reply({
|
||||
body: tpl.render("views/admin_search", {
|
||||
result: ret,
|
||||
totals: totals[0]
|
||||
}, req)
|
||||
export default (router, tpl) => {
|
||||
|
||||
router.get(/^\/login(\/)?$/, async (req, res) => {
|
||||
if(req.cookies.session)
|
||||
return res.reply({ body: "du bist schon eingeloggt lol" });
|
||||
res.reply({
|
||||
body: tpl.render("login")
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
router.post(/^\/login(\/)?$/, async (req, res) => {
|
||||
const user = await sql("user").where("login", req.post.username.toLowerCase()).limit(1);
|
||||
if(user.length === 0)
|
||||
return res.reply({ body: "user doesn't exist or wrong password" });
|
||||
if(!(await lib.verify(req.post.password, user[0].password)))
|
||||
return res.reply({ body: "user doesn't exist or wrong password" });
|
||||
const stamp = Date.now() / 1e3;
|
||||
|
||||
const session = lib.md5(lib.createID());
|
||||
await sql("user_sessions").insert({
|
||||
user_id: user[0].id,
|
||||
session: lib.md5(session),
|
||||
browser: req.headers["user-agent"],
|
||||
created_at: stamp,
|
||||
last_used: stamp,
|
||||
last_action: "/login"
|
||||
});
|
||||
|
||||
return res.writeHead(301, {
|
||||
"Cache-Control": "no-cache, public",
|
||||
"Set-Cookie": `session=${session}; Path=/; Expires=Fri, 31 Dec 9999 23:59:59 GMT`,
|
||||
"Location": "/"
|
||||
}).end();
|
||||
});
|
||||
|
||||
router.get(/^\/logout$/, auth, async (req, res) => {
|
||||
const usersession = await sql("user_sessions").where("id", req.session.sess_id);
|
||||
if(usersession.length === 0)
|
||||
return res.reply({ body: "nope 2" });
|
||||
|
||||
await sql("user_sessions").where("id", req.session.sess_id).del();
|
||||
return res.writeHead(301, {
|
||||
"Cache-Control": "no-cache, public",
|
||||
"Set-Cookie": "session=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT",
|
||||
"Location": "/"
|
||||
}).end();
|
||||
});
|
||||
|
||||
router.get(/^\/login\/pwdgen$/, async (req, res) => {
|
||||
res.reply({
|
||||
body: "<form action=\"/login/pwdgen\" method=\"post\"><input type=\"text\" name=\"pwd\" placeholder=\"pwd\" /><input type=\"submit\" value=\"f0ck it\" /></form>"
|
||||
});
|
||||
});
|
||||
router.post(/^\/login\/pwdgen$/, async (req, res) => {
|
||||
res.reply({
|
||||
body: await lib.hash(req.post.pwd)
|
||||
});
|
||||
});
|
||||
|
||||
router.get(/^\/admin(\/)?$/, auth, async (req, res) => { // frontpage
|
||||
|
||||
res.reply({
|
||||
body: tpl.render("admin", { totals: await lib.countf0cks(), session: req.session }, req)
|
||||
});
|
||||
});
|
||||
|
||||
router.get(/^\/admin\/sessions(\/)?$/, auth, async (req, res) => {
|
||||
const rows = await sql("user_sessions")
|
||||
.leftJoin("user", "user.id", "user_sessions.user_id")
|
||||
.select("user_sessions.*", "user.user")
|
||||
.orderBy("user.id");
|
||||
|
||||
res.reply({
|
||||
body: tpl.render("admin/sessions", {
|
||||
session: req.session,
|
||||
sessions: rows,
|
||||
totals: await lib.countf0cks()
|
||||
}, req)
|
||||
});
|
||||
});
|
||||
|
||||
router.get(/^\/admin\/test(\/)?$/, auth, async (req, res) => {
|
||||
let ret;
|
||||
if(Object.keys(req.url.qs).length > 0) {
|
||||
const tag = req.url.qs.tag;
|
||||
|
||||
const rows = await sql("tags")
|
||||
.select("items.id", "items.username", "tags.tag")
|
||||
.leftJoin("tags_assign", "tags_assign.tag_id", "tags.id")
|
||||
.leftJoin("items", "items.id", "tags_assign.item_id")
|
||||
.where("tags.tag", "regexp", tag);
|
||||
|
||||
ret = search(rows, tag);
|
||||
}
|
||||
|
||||
res.reply({
|
||||
body: tpl.render("admin/search", {
|
||||
result: ret,
|
||||
totals: await lib.countf0cks(),
|
||||
session: req.session
|
||||
}, req)
|
||||
});
|
||||
});
|
||||
|
||||
router.get(/^\/admin\/log(\/)?$/, auth, async (req, res) => {
|
||||
exec("journalctl -xu f0ck", (err, stdout) => {
|
||||
res.reply({
|
||||
body: tpl.render("admin/log", {
|
||||
log: stdout.split("\n").slice(-500)
|
||||
}, req)
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
return router;
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user