zombieb/galvanic-corrosion
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Embed base images into binary

Browse Source 
Include resource directory
Ran `deno fmt` with 4 space indent, that changed every file (!!!!!)
various changes
This commit is contained in:
zombieb
2025-03-24 19:11:36 -04:00
parent 2207e389c9
commit 49c481aa0e
61 changed files with 2369 additions and 2031 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
src/routes/user.ts
View File

@@ -1,4 +1,4 @@
import { APIUtils, NoBody } from "../apiutils.ts";
import { APIUtils, getSrcIpDefault, NoBody } from "../apiutils.ts";
// @ts-types = "npm:@types/express"
import express from "express";
import { User } from "../data/users.ts";
@@ -10,25 +10,25 @@ const log = new Logging("UserRoute");
const config = Config.getConfig();
export const route = APIUtils.createRouter('/user');
export const route = APIUtils.createRouter("/user");
interface AuthRequestSec {
timestamp: number,
nonce: string,
server_id: string
timestamp: number;
nonce: string;
server_id: string;
}
interface AuthRequestRoot {
client_id: string,
message: AuthRequestSec,
signature: string,
pubkey: string
client_id: string;
message: AuthRequestSec;
signature: string;
pubkey: string;
}
const rateLimit = new APIUtils.RateLimiter(60, 1);
route.router.post('/auth',
route.router.post(
"/auth",
rateLimit.middle(),
express.json(),
APIUtils.checkBodyTypes<AuthRequestRoot>({
@@ -36,72 +36,85 @@ route.router.post('/auth',
message: {
timestamp: 0,
nonce: "asdf",
server_id: "asdf"
server_id: "asdf",
},
signature: "asdf",
pubkey: "asdf"
pubkey: "asdf",
}),
async (rq: express.Request<NoBody, NoBody, AuthRequestRoot>, rs: express.Response) => {
async (
rq: express.Request<NoBody, NoBody, AuthRequestRoot>,
rs: express.Response,
) => {
function authFailed(msg: string) {
rs.json(APIUtils.genericResponseFormat(true, msg));
}
if (rq.body.message.server_id !== config.public.serverId) {
log.w(`Auth request failed (serverId mismatch), config error?\n given ID: '${rq.body.message.server_id}'\n our ID: '${config.public.serverId}'`);
authFailed('Authentication request not intended for this server.');
log.w(
`Auth request failed (serverId mismatch), config error?\n given ID: '${rq.body.message.server_id}'\n our ID: '${config.public.serverId}'`,
);
authFailed("Authentication request not intended for this server.");
return;
}
try {
const verify = crypto.createVerify('SHA256');
const verify = crypto.createVerify("SHA256");
verify.update(JSON.stringify(rq.body.message));
verify.end();
const publicKey = await crypto.subtle.importKey(
"spki",
(Uint8Array.from(atob(rq.body.pubkey), c => c.charCodeAt(0))).buffer,
(Uint8Array.from(atob(rq.body.pubkey), (c) => c.charCodeAt(0)))
.buffer,
{ name: "ECDSA", namedCurve: "P-256" },
false,
["verify"]
["verify"],
);
const messageBytes = new TextEncoder().encode(
JSON.stringify(rq.body.message),
);
const signatureBytes = Uint8Array.from(
atob(rq.body.signature),
(c) => c.charCodeAt(0),
);
const messageBytes = new TextEncoder().encode(JSON.stringify(rq.body.message));
const signatureBytes = Uint8Array.from(atob(rq.body.signature), c => c.charCodeAt(0));
const isValid = await crypto.subtle.verify(
{ name: "ECDSA", hash: "SHA-256" },
publicKey,
signatureBytes.buffer,
messageBytes
messageBytes,
);
if (!isValid) {
log.w(`Auth failed for clientId '${rq.body.client_id}'`);
authFailed('Authentication request failed.');
authFailed("Authentication request failed.");
return;
}
} catch (err) {
log.d(`Error when verifying auth request: ${err}`);
authFailed('Authentication request failed.');
authFailed("Authentication request failed.");
return;
}
let user = new User(rq.body.client_id);
if (!(await user.exists())) {
const obj = await User.init({ client_id: rq.body.client_id, pubkey: rq.body.pubkey });
const obj = await User.init({
client_id: rq.body.client_id,
pubkey: rq.body.pubkey,
});
if (obj == null) {
rs.sendStatus(500);
return;
} else user = obj;
}
if (await user.hasNonce(rq.body.message.nonce)) {
log.w(`Client '${rq.body.client_id}' has already used nonce. Replay attack?`);
authFailed('Authentication request failed.');
if (!(await user.addNonce(rq.body.message.nonce))) {
log.w(
`Client '${rq.body.client_id}' has already used nonce. Replay attack?`,
);
authFailed("Authentication request failed.");
return;
} else user.addNonce(rq.body.message.nonce);
}
user.addAssociatedIp(getSrcIpDefault(rq));
const token = await user.getToken();
rs.json({ token: token });
}
);
},
);