diff --git a/auth/index.php b/auth/index.php
index b51e970..33bee80 100644
--- a/auth/index.php
+++ b/auth/index.php
@@ -154,9 +154,11 @@ if (isset($_REQUEST["act"])){
echo "hidden";
}?>>
-
-
-
+
+
+
diff --git a/auth/setKey.php b/auth/setKey.php
index dca7aeb..b93f052 100644
--- a/auth/setKey.php
+++ b/auth/setKey.php
@@ -30,6 +30,10 @@ function validateUsername($username){
return (preg_match("/^([a-zA-Z0-9_.]+)$/", $username) == 1);
}
+function validatePublicKey($key){
+ return (preg_match("/^(ssh-rsa AAAAB3NzaC1yc2|ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNT|ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzOD|ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1Mj|ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|ssh-dss AAAAB3NzaC1kc3)[0-9A-Za-z+\/]+[=]{0,3}( .*)?$/", $key) == 1);
+}
+
if (checkParameters(array("pubkey", "userId", "authToken"))){
error("Missing parameters");
}
@@ -38,6 +42,10 @@ $userToken = $_POST["authToken"];
$userId = $_POST["userId"];
$pubkey = $_POST["pubkey"];
+if(!validatePublicKey($pubkey)){
+ error("Invalid public key");
+}
+
$request = curl_init();
curl_setopt($request, CURLOPT_URL, "https://hackers.town/api/v1/accounts/verify_credentials");
curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);
diff --git a/index.js b/index.js
index 66425fb..4ba8e26 100644
--- a/index.js
+++ b/index.js
@@ -1,5 +1,5 @@
-const DEBUG = false;
-var isMobile = false; //initiate as false
+const DEBUG = true;
+var isMobile = false;
const dbp = (msg) => {
if(DEBUG){
@@ -7,9 +7,16 @@ const dbp = (msg) => {
}
};
+const dbd = (msg) => {
+ if(DEBUG){
+ console.dir(msg);
+ }
+};
+
const SwalConfig = {
color: "#79F257",
background: "#022601",
+ buttonsStyling: false,
}
const isOverflown = ({ clientHeight, scrollHeight }) => scrollHeight > clientHeight
@@ -24,26 +31,22 @@ const setCookie = (cname, cvalue, exdays) => {
const resizeText = ({ element, elements, minSize = 10, maxSize = 512, step = 1, unit = 'px' }) => {
dbp("Resize");
(elements || [element]).forEach(el => {
- let i = minSize
- let overflow = false
-
- const parent = el.parentNode
-
+ let i = minSize;
+ let overflow = false;
+ const parent = el.parentNode;
while (!overflow && i < maxSize) {
- el.style.fontSize = `${i}${unit}`
- overflow = isOverflown(parent)
-
- if (!overflow) i += step
+ el.style.fontSize = `${i}${unit}`;
+ overflow = isOverflown(parent);
+ if (!overflow) i += step;
}
-
// revert to last state where no overflow happened
- el.style.fontSize = `${i - step}${unit}`
- })
+ el.style.fontSize = `${i - step}${unit}`;
+ });
}
const saveFile = (name, type, data) => {
if (data !== null && navigator.msSaveBlob)
- return navigator.msSaveBlob(new Blob([data], { type: type }), name);
+ return navigator.msSaveBlob(new Blob([data], { type: type }), name);
var a = $("
");
var url = window.URL.createObjectURL(new Blob([data], {type: type}));
a.attr("href", url);
@@ -57,7 +60,6 @@ const saveFile = (name, type, data) => {
const disableNonDesktopElements = () => {
var disableElements = document.getElementsByClassName("desktopOnly");
for(var i=0; i< disableElements.length; i++){
- // disableElements.item(i).style.display = "none";
var gutter = disableElements.item(i);
gutter.classList.remove("col-4");
gutter.classList.add("col-1");
@@ -68,13 +70,11 @@ const disableNonDesktopElements = () => {
content.classList.add("col-10");
var te = document.getElementById("resizer");
window.fitText(te);
-
var buttons = document.getElementsByClassName("keyButton");
for(var i=0; i
{
@@ -87,10 +87,38 @@ const failMsg = (msg) => {
}, 1000);
}
+const validatePubKey = (key) => {
+ return /^(ssh-rsa AAAAB3NzaC1yc2|ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNT|ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzOD|ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1Mj|ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|ssh-dss AAAAB3NzaC1kc3)[0-9A-Za-z+\/]+[=]{0,3}( .*)?$/.test(key);
+}
+
+const sendSSH = (key, id, token) => {
+ var payload = {
+ pubkey: key,
+ userId: id,
+ authToken: token
+ };
+ $.post("https://tty.hackers.town/auth/setKey.php", payload, (response) => {
+ dbp(response);
+ if(response.status){
+ Swal.fire({
+ ...SwalConfig,
+ title: "Success!",
+ text: "Your key has been uploaded to the server."
+ });
+ }else{
+ Swal.fire({
+ ...SwalConfig,
+ title: "Failed!",
+ text: response.error
+ });
+ }
+ }).fail(() => {
+ dbp("Failed");
+ });
+}
const generateSSH = async (name, id, token) => {
dbp("Generate Key");
- // debugger;
generateKeyPair("RSASSA-PKCS1-v1_5", 4096, "namehere")
.then((keys) => {
var KeyExport = new JSZip();
@@ -100,33 +128,10 @@ const generateSSH = async (name, id, token) => {
.then((content) => {
saveFile("HackersTownTTY-"+name+".zip", "application/zip", content);
});
- var payload = {
- pubkey: keys[1],
- userId: id,
- authToken: token
- };
- $.post("https://tty.hackers.town/auth/setKey.php", payload, (response) => {
- dbp(response);
- // debugger;
- if(response.status){
- Swal.fire({
- ...SwalConfig,
- title: "Success!",
- });
- }else{
- Swal.fire({
- ...SwalConfig,
- title: "Failed!",
- text: response.error
- });
- }
- }).fail(() => {
- dbp("Failed");
- });
+ sendSSH(keys[1], id, token);
}).catch((err) => {
dbp(err);
});
-
}
const testSwal = () => {
@@ -136,18 +141,31 @@ const testSwal = () => {
});
}
-const uploadSSH = () => {
+const uploadSSH = (id, token) => {
//request local file
- // $("#keyfiie").trigger("click");
var kf = document.getElementById("keyfile");
kf.onchange = function(e) {
// File selected
-
+ var file = e.target.files[0];
+ if(file){
+ dbd(file);
+ var reader = new FileReader();
+ reader.readAsText(file, "UTF-8");
+ reader.onload = function (evt) {
+ var pubkey = evt.target.result;
+ if(validatePubKey(pubkey)){
+ sendSSH(pubkey, id, token);
+ }else{
+ failMsg("Invalid key");
+ }
+ }
+ reader.onerror = function (evt) {
+ failMsg("Unable to load Keyfile");
+ }
+
+ }
}
kf.click();
- dbp("Nextttt");
-
- //upload file
}
const beginOauth = () => {
@@ -155,7 +173,7 @@ const beginOauth = () => {
$.ajax({
url: "https://tty.hackers.town/auth?act=id"
}).then((data) => {
- // console.table(data);
+ dbd(table);
if(data.id){
var redirect = "https://hackers.town/oauth/authorize?"+
"response_type=code&client_id="+data.id+"&redirect_uri="+
@@ -201,4 +219,12 @@ $(() => {
if(!isRetry){
console.log("%cWelcome Hacker!", "color: #ff0000; font-size: 7em; font-style: italic; font-family: 'Times New Roman', Times, serif;");
}
+
+ // Enable Extra Debug Stuff
+ if(DEBUG){
+ dbp("Debug Mode Enabled");
+ $('.debug').each((i,e)=>{
+ e.style.display = "unset";
+ });
+ }
});
\ No newline at end of file
diff --git a/style.css b/style.css
index 7e08551..ce817b6 100644
--- a/style.css
+++ b/style.css
@@ -73,4 +73,17 @@ span {
.swal2-modal {
border: 2px solid #79F257;
+}
+
+.debug {
+ display: none;
+}
+
+.swal2-confirm, .swal2-deny, .swal2-cancel {
+ border: 1px solid #79F257;
+ background-color: #377326;
+ color: #79F257;
+ border-radius: 3px;
+ padding: 8px;
+ min-width: 100px;
}
\ No newline at end of file