tilde-oauth/auth/index.php

<?php
$config = json_decode(file_get_contents("/var/www/usergen/secret/config.json", true));

require_once("/var/www/usergen/secret/helpers.php");

require_once("/var/www/usergen/secret/oauth.php");

if (isset($_REQUEST["act"])){
    // internal functions such as id request
    switch($_REQUEST["act"]){
        case "id":
            // return OAUTH app ID
            header('Content-type: application/json');
            echo json_encode(array("id" => $config->oauth->key));
            exit();
            break;
        default:
            break;
    }
}else if (isset($_REQUEST["code"])){
    // Mastodon callback (Authorization Code from /oauth/authorize)
    $MastCode = $_REQUEST["code"];
    // var_dump($_REQUEST);
}
?>
<!DOCTYPE html>
<HTML lang="en">
    <Head>
        <Title>HackersTown Server Access</Title>
        <meta charset="utf-8">
        <base href="/auth"/>
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <!-- Javascript -->
        <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=" crossorigin="anonymous"></script>
        <script src="https://code.jquery.com/color/jquery.color.plus-names-2.1.2.min.js"></script>
        <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p" crossorigin="anonymous"></script>
        <script src="https://cdn.jsdelivr.net/npm/jszip@3.9.1/dist/jszip.min.js" integrity="sha256-aSPPIlJfSHQ5T7wunbPcp7tM0rlq5dHoUGeN8O5odMg=" crossorigin="anonymous"></script>
        <script src="https://cdn.jsdelivr.net/npm/sweetalert2@11/dist/sweetalert2.all.min.js" crossorigin="anonymous"></script>
        <script src="/base64url.js"></script>
        <script src="/ssh-util.js"></script>
        <script src="/keygen.js"></script>
        <script src="/fittext.js"></script>
        <script src="/index.js"></script>
        <!-- Stylesheets -->
        <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
        <link href="/style.css" rel="stylesheet"/>
    </Head>
    <Body>
        <div class="row">
            <div class="desktopOnly col-4"></div>
            <div id="content" class="col-4 center">
                <div class="row">
                    <?php if(file_exists("/var/www/usergen/DOMAIN_OVERRIDE")){
                        echo "<a href=\"".file_get_contents("/var/www/usergen/DOMAIN_OVERRIDE")."\">";
                    }else{
                        echo "<a href=\"https://tty.hackers.town\">";
                    }?>
                        <img src="/Assets/HTown.png" class="logo self-align-center mx-auto d-block" alt="Hacker Town logo in ASCII art. Rendered as image to force correct visualization."/>
                    </a>
                </div>
                <?php
                    // Query /oauth/token
                    $Auth = oauthToken($MastCode, $config);
                    if(isset($Auth->token_type)){
                        // Valid Auth?
                        $User = verifyCredentials($Auth->access_token);
                        if (gettype($User) == "object" && isset($User->id)) {
                            // Congrats!
                            $AuthToken = $Auth->access_token;
                            $UserName = $User->display_name;
                            $UserId = $User->id;
                        }else{
                            // invalid auth
                            $AuthToken = "BadUser";
                            $ErrorDesc = "User Not Found";
                        }

                    }else{
                        // invalid auth
                        // TODO: Replace with direct to index logout with error msg
                        if(isset($_COOKIE["oa_retries"])){
                            $retries = $_COOKIE["oa_retries"];
                            if($retries >= 3){
                                $AuthToken = "BadUser";
                                $ErrorDesc = "Invalid OAuth";
                                setcookie("oa_retries", 0, time()+3600);
                            }else{
                                $retries++;
                                setcookie("oa_retries", $retries, time()+3600);
                                $AuthToken = "BadOauthRetry";
                                $ErrorDesc = "Invalid OAuth Retry";
                            }
                        }else{
                            $AuthToken = "BadOauth";
                            $ErrorDesc = "Invalid OAuth Retry";
                            setcookie("oa_retries", 1, time()+3600);
                        }
                    }

                    // revoke token after usage
                ?>
                <div id="usertoken" ><?php echo $AuthToken; ?></div>
                <div class="row"<?php if(strpos($AuthToken, "Bad") === false){
                    echo "hidden";
                }?>>
                    <span>
                        Invalid
                    </span>
                    <span>
                        try again
                    </span>
                    <div id="ErrorResult" class="message">
                        <?php echo $ErrorDesc; ?>
                    </div>
                </div><div class="row button"<?php if(strpos($AuthToken, "Bad") === false){
                    echo "hidden";
                }?>>
                    <button class="col keyButton" onclick="beginOauth()">Retry</button>
                </div>
                <div class="row"<?php if(strpos($AuthToken, "Bad") !== false){
                    echo "hidden";
                }?>>
                    <span>
                        <?php
                            $Welcomes = array("Welcome", "Dobrodošli", "Vitejte", "Welkom", "Tervetuloa", "Willkommen", "Fáilte", "Benvenuto", "Bienvenidos", "Välkommen", "ようこそ");
                            echo $Welcomes[array_rand($Welcomes)];
                        ?>
                    </span>
                    <span id="resizer">
                        <?php echo $UserName; ?>
                    </span>
                    <div class="message">
                        Setup an account SSH key
                    </div>
                </div>
                <div class="row button" <?php if(strpos($AuthToken, "Bad") !== false){
                    echo "hidden";
                }?>>
                    <button class="col keyButton" onclick="generateSSH('<?php echo $UserName; ?>', '<?php echo $UserId; ?>', '<?php echo $AuthToken; ?>')">Generate</button>
                    <button class="col keyButton" onclick="uploadSSH('<?php echo $UserId; ?>', '<?php echo $AuthToken; ?>' )">Upload</button>
                    <button class="col keyButton debug" onclick="testSwal()">Test Popup</button>
                    <form id="uploadForm" enctype="multipart/form-data">
                        <input id="keyfile" type="file" style="display: none;"/>
                    </form>
                </div>
                <?php require("/var/www/usergen/footer.php"); ?>
            </div>
            <div class="desktopOnly col-4"></div>
        </div>
    </Body>
</HTML>
OAuth & SSH Keygen 2022-05-01 20:20:59 +00:00			`<?php`
Move config into secret folder 2023-10-02 00:29:59 +00:00			`$config = json_decode(file_get_contents("/var/www/usergen/secret/config.json", true));`
Split REST API usage out 2023-10-02 03:54:32 +00:00
Helper file and token prep 2023-10-02 04:23:59 +00:00			`require_once("/var/www/usergen/secret/helpers.php");`

			`require_once("/var/www/usergen/secret/oauth.php");`
OAuth & SSH Keygen 2022-05-01 20:20:59 +00:00
			`if (isset($_REQUEST["act"])){`
			`// internal functions such as id request`
			`switch($_REQUEST["act"]){`
			`case "id":`
			`// return OAUTH app ID`
			`header('Content-type: application/json');`
			`echo json_encode(array("id" => $config->oauth->key));`
			`exit();`
			`break;`
			`default:`
			`break;`
			`}`
			`}else if (isset($_REQUEST["code"])){`
Prepare for Login Auth flow shift 2023-10-01 22:54:30 +00:00			`// Mastodon callback (Authorization Code from /oauth/authorize)`
OAuth & SSH Keygen 2022-05-01 20:20:59 +00:00			`$MastCode = $_REQUEST["code"];`
Prepare for Login Auth flow shift 2023-10-01 22:54:30 +00:00			`// var_dump($_REQUEST);`
			`}`
OAuth & SSH Keygen 2022-05-01 20:20:59 +00:00			`?>`
Added display and API for SSH fingerprints 2023-09-29 06:15:06 +00:00			`<!DOCTYPE html>`
OAuth & SSH Keygen 2022-05-01 20:20:59 +00:00			`<HTML lang="en">`
			`<Head>`
			`<Title>HackersTown Server Access</Title>`
			`<meta charset="utf-8">`
			`<base href="/auth"/>`
			`<meta name="viewport" content="width=device-width, initial-scale=1">`
			`<!-- Javascript -->`
			`<script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=" crossorigin="anonymous"></script>`
			`<script src="https://code.jquery.com/color/jquery.color.plus-names-2.1.2.min.js"></script>`
			`<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p" crossorigin="anonymous"></script>`
			`<script src="https://cdn.jsdelivr.net/npm/jszip@3.9.1/dist/jszip.min.js" integrity="sha256-aSPPIlJfSHQ5T7wunbPcp7tM0rlq5dHoUGeN8O5odMg=" crossorigin="anonymous"></script>`
Added display and API for SSH fingerprints 2023-09-29 06:15:06 +00:00			`<script src="https://cdn.jsdelivr.net/npm/sweetalert2@11/dist/sweetalert2.all.min.js" crossorigin="anonymous"></script>`
OAuth & SSH Keygen 2022-05-01 20:20:59 +00:00			`<script src="/base64url.js"></script>`
			`<script src="/ssh-util.js"></script>`
			`<script src="/keygen.js"></script>`
			`<script src="/fittext.js"></script>`
			`<script src="/index.js"></script>`
Popups and Niceties 2022-05-07 08:02:58 +00:00			`<!-- Stylesheets -->`
			`<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">`
			`<link href="/style.css" rel="stylesheet"/>`
OAuth & SSH Keygen 2022-05-01 20:20:59 +00:00			`</Head>`
			`<Body>`
			`<div class="row">`
			`<div class="desktopOnly col-4"></div>`
			`<div id="content" class="col-4 center">`
			`<div class="row">`
Added display and API for SSH fingerprints 2023-09-29 06:15:06 +00:00			`<?php if(file_exists("/var/www/usergen/DOMAIN_OVERRIDE")){`
			`echo "<a href=\"".file_get_contents("/var/www/usergen/DOMAIN_OVERRIDE")."\">";`
			`}else{`
			`echo "<a href=\"https://tty.hackers.town\">";`
			`}?>`
OAuth & SSH Keygen 2022-05-01 20:20:59 +00:00			`<img src="/Assets/HTown.png" class="logo self-align-center mx-auto d-block" alt="Hacker Town logo in ASCII art. Rendered as image to force correct visualization."/>`
			`</a>`
			`</div>`
Added display and API for SSH fingerprints 2023-09-29 06:15:06 +00:00			`<?php`
OAuth & SSH Keygen 2022-05-01 20:20:59 +00:00			`// Query /oauth/token`
Split REST API usage out 2023-10-02 03:54:32 +00:00			`$Auth = oauthToken($MastCode, $config);`
OAuth & SSH Keygen 2022-05-01 20:20:59 +00:00			`if(isset($Auth->token_type)){`
			`// Valid Auth?`
Split REST API usage out 2023-10-02 03:54:32 +00:00			`$User = verifyCredentials($Auth->access_token);`
			`if (gettype($User) == "object" && isset($User->id)) {`
OAuth & SSH Keygen 2022-05-01 20:20:59 +00:00			`// Congrats!`
			`$AuthToken = $Auth->access_token;`
			`$UserName = $User->display_name;`
Popups and Niceties 2022-05-07 08:02:58 +00:00			`$UserId = $User->id;`
OAuth & SSH Keygen 2022-05-01 20:20:59 +00:00			`}else{`
			`// invalid auth`
			`$AuthToken = "BadUser";`
			`$ErrorDesc = "User Not Found";`
			`}`
Split REST API usage out 2023-10-02 03:54:32 +00:00
OAuth & SSH Keygen 2022-05-01 20:20:59 +00:00			`}else{`
			`// invalid auth`
Helper file and token prep 2023-10-02 04:23:59 +00:00			`// TODO: Replace with direct to index logout with error msg`
Popups and Niceties 2022-05-07 08:02:58 +00:00			`if(isset($_COOKIE["oa_retries"])){`
			`$retries = $_COOKIE["oa_retries"];`
			`if($retries >= 3){`
			`$AuthToken = "BadUser";`
			`$ErrorDesc = "Invalid OAuth";`
			`setcookie("oa_retries", 0, time()+3600);`
			`}else{`
			`$retries++;`
			`setcookie("oa_retries", $retries, time()+3600);`
			`$AuthToken = "BadOauthRetry";`
			`$ErrorDesc = "Invalid OAuth Retry";`
			`}`
			`}else{`
			`$AuthToken = "BadOauth";`
			`$ErrorDesc = "Invalid OAuth Retry";`
			`setcookie("oa_retries", 1, time()+3600);`
			`}`
OAuth & SSH Keygen 2022-05-01 20:20:59 +00:00			`}`

			`// revoke token after usage`
			`?>`
Prepare for Login Auth flow shift 2023-10-01 22:54:30 +00:00			`<div id="usertoken" ><?php echo $AuthToken; ?></div>`
OAuth & SSH Keygen 2022-05-01 20:20:59 +00:00			`<div class="row"<?php if(strpos($AuthToken, "Bad") === false){`
			`echo "hidden";`
			`}?>>`
			`<span>`
			`Invalid`
			`</span>`
			`<span>`
			`try again`
			`</span>`
Popups and Niceties 2022-05-07 08:02:58 +00:00			`<div id="ErrorResult" class="message">`
OAuth & SSH Keygen 2022-05-01 20:20:59 +00:00			`<?php echo $ErrorDesc; ?>`
			`</div>`
			`</div><div class="row button"<?php if(strpos($AuthToken, "Bad") === false){`
			`echo "hidden";`
			`}?>>`
			`<button class="col keyButton" onclick="beginOauth()">Retry</button>`
			`</div>`
			`<div class="row"<?php if(strpos($AuthToken, "Bad") !== false){`
			`echo "hidden";`
			`}?>>`
			`<span>`
Added display and API for SSH fingerprints 2023-09-29 06:15:06 +00:00			`<?php`
OAuth & SSH Keygen 2022-05-01 20:20:59 +00:00			`$Welcomes = array("Welcome", "Dobrodošli", "Vitejte", "Welkom", "Tervetuloa", "Willkommen", "Fáilte", "Benvenuto", "Bienvenidos", "Välkommen", "ようこそ");`
			`echo $Welcomes[array_rand($Welcomes)];`
			`?>`
			`</span>`
			`<span id="resizer">`
			`<?php echo $UserName; ?>`
			`</span>`
			`<div class="message">`
			`Setup an account SSH key`
			`</div>`
			`</div>`
			`<div class="row button" <?php if(strpos($AuthToken, "Bad") !== false){`
			`echo "hidden";`
			`}?>>`
Popups and Niceties 2022-05-07 08:02:58 +00:00			`<button class="col keyButton" onclick="generateSSH('<?php echo $UserName; ?>', '<?php echo $UserId; ?>', '<?php echo $AuthToken; ?>')">Generate</button>`
SSH Key Uploading 2022-05-07 23:45:13 +00:00			`<button class="col keyButton" onclick="uploadSSH('<?php echo $UserId; ?>', '<?php echo $AuthToken; ?>' )">Upload</button>`
			`<button class="col keyButton debug" onclick="testSwal()">Test Popup</button>`
			`<form id="uploadForm" enctype="multipart/form-data">`
			`<input id="keyfile" type="file" style="display: none;"/>`
			`</form>`
OAuth & SSH Keygen 2022-05-01 20:20:59 +00:00			`</div>`
Split out footer 2023-10-02 03:56:26 +00:00			`<?php require("/var/www/usergen/footer.php"); ?>`
OAuth & SSH Keygen 2022-05-01 20:20:59 +00:00			`</div>`
			`<div class="desktopOnly col-4"></div>`
			`</div>`
			`</Body>`
Added display and API for SSH fingerprints 2023-09-29 06:15:06 +00:00			`</HTML>`