diff --git a/auth/index.php b/auth/index.php index b51e970..33bee80 100644 --- a/auth/index.php +++ b/auth/index.php @@ -154,9 +154,11 @@ if (isset($_REQUEST["act"])){ echo "hidden"; }?>> - - - + + +
+ +
diff --git a/auth/setKey.php b/auth/setKey.php index dca7aeb..b93f052 100644 --- a/auth/setKey.php +++ b/auth/setKey.php @@ -30,6 +30,10 @@ function validateUsername($username){ return (preg_match("/^([a-zA-Z0-9_.]+)$/", $username) == 1); } +function validatePublicKey($key){ + return (preg_match("/^(ssh-rsa AAAAB3NzaC1yc2|ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNT|ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzOD|ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1Mj|ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|ssh-dss AAAAB3NzaC1kc3)[0-9A-Za-z+\/]+[=]{0,3}( .*)?$/", $key) == 1); +} + if (checkParameters(array("pubkey", "userId", "authToken"))){ error("Missing parameters"); } @@ -38,6 +42,10 @@ $userToken = $_POST["authToken"]; $userId = $_POST["userId"]; $pubkey = $_POST["pubkey"]; +if(!validatePublicKey($pubkey)){ + error("Invalid public key"); +} + $request = curl_init(); curl_setopt($request, CURLOPT_URL, "https://hackers.town/api/v1/accounts/verify_credentials"); curl_setopt($request, CURLOPT_RETURNTRANSFER, 1); diff --git a/index.js b/index.js index 66425fb..4ba8e26 100644 --- a/index.js +++ b/index.js @@ -1,5 +1,5 @@ -const DEBUG = false; -var isMobile = false; //initiate as false +const DEBUG = true; +var isMobile = false; const dbp = (msg) => { if(DEBUG){ @@ -7,9 +7,16 @@ const dbp = (msg) => { } }; +const dbd = (msg) => { + if(DEBUG){ + console.dir(msg); + } +}; + const SwalConfig = { color: "#79F257", background: "#022601", + buttonsStyling: false, } const isOverflown = ({ clientHeight, scrollHeight }) => scrollHeight > clientHeight @@ -24,26 +31,22 @@ const setCookie = (cname, cvalue, exdays) => { const resizeText = ({ element, elements, minSize = 10, maxSize = 512, step = 1, unit = 'px' }) => { dbp("Resize"); (elements || [element]).forEach(el => { - let i = minSize - let overflow = false - - const parent = el.parentNode - + let i = minSize; + let overflow = false; + const parent = el.parentNode; while (!overflow && i < maxSize) { - el.style.fontSize = `${i}${unit}` - overflow = isOverflown(parent) - - if (!overflow) i += step + el.style.fontSize = `${i}${unit}`; + overflow = isOverflown(parent); + if (!overflow) i += step; } - // revert to last state where no overflow happened - el.style.fontSize = `${i - step}${unit}` - }) + el.style.fontSize = `${i - step}${unit}`; + }); } const saveFile = (name, type, data) => { if (data !== null && navigator.msSaveBlob) - return navigator.msSaveBlob(new Blob([data], { type: type }), name); + return navigator.msSaveBlob(new Blob([data], { type: type }), name); var a = $(""); var url = window.URL.createObjectURL(new Blob([data], {type: type})); a.attr("href", url); @@ -57,7 +60,6 @@ const saveFile = (name, type, data) => { const disableNonDesktopElements = () => { var disableElements = document.getElementsByClassName("desktopOnly"); for(var i=0; i< disableElements.length; i++){ - // disableElements.item(i).style.display = "none"; var gutter = disableElements.item(i); gutter.classList.remove("col-4"); gutter.classList.add("col-1"); @@ -68,13 +70,11 @@ const disableNonDesktopElements = () => { content.classList.add("col-10"); var te = document.getElementById("resizer"); window.fitText(te); - var buttons = document.getElementsByClassName("keyButton"); for(var i=0; i { @@ -87,10 +87,38 @@ const failMsg = (msg) => { }, 1000); } +const validatePubKey = (key) => { + return /^(ssh-rsa AAAAB3NzaC1yc2|ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNT|ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzOD|ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1Mj|ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|ssh-dss AAAAB3NzaC1kc3)[0-9A-Za-z+\/]+[=]{0,3}( .*)?$/.test(key); +} + +const sendSSH = (key, id, token) => { + var payload = { + pubkey: key, + userId: id, + authToken: token + }; + $.post("https://tty.hackers.town/auth/setKey.php", payload, (response) => { + dbp(response); + if(response.status){ + Swal.fire({ + ...SwalConfig, + title: "Success!", + text: "Your key has been uploaded to the server." + }); + }else{ + Swal.fire({ + ...SwalConfig, + title: "Failed!", + text: response.error + }); + } + }).fail(() => { + dbp("Failed"); + }); +} const generateSSH = async (name, id, token) => { dbp("Generate Key"); - // debugger; generateKeyPair("RSASSA-PKCS1-v1_5", 4096, "namehere") .then((keys) => { var KeyExport = new JSZip(); @@ -100,33 +128,10 @@ const generateSSH = async (name, id, token) => { .then((content) => { saveFile("HackersTownTTY-"+name+".zip", "application/zip", content); }); - var payload = { - pubkey: keys[1], - userId: id, - authToken: token - }; - $.post("https://tty.hackers.town/auth/setKey.php", payload, (response) => { - dbp(response); - // debugger; - if(response.status){ - Swal.fire({ - ...SwalConfig, - title: "Success!", - }); - }else{ - Swal.fire({ - ...SwalConfig, - title: "Failed!", - text: response.error - }); - } - }).fail(() => { - dbp("Failed"); - }); + sendSSH(keys[1], id, token); }).catch((err) => { dbp(err); }); - } const testSwal = () => { @@ -136,18 +141,31 @@ const testSwal = () => { }); } -const uploadSSH = () => { +const uploadSSH = (id, token) => { //request local file - // $("#keyfiie").trigger("click"); var kf = document.getElementById("keyfile"); kf.onchange = function(e) { // File selected - + var file = e.target.files[0]; + if(file){ + dbd(file); + var reader = new FileReader(); + reader.readAsText(file, "UTF-8"); + reader.onload = function (evt) { + var pubkey = evt.target.result; + if(validatePubKey(pubkey)){ + sendSSH(pubkey, id, token); + }else{ + failMsg("Invalid key"); + } + } + reader.onerror = function (evt) { + failMsg("Unable to load Keyfile"); + } + + } } kf.click(); - dbp("Nextttt"); - - //upload file } const beginOauth = () => { @@ -155,7 +173,7 @@ const beginOauth = () => { $.ajax({ url: "https://tty.hackers.town/auth?act=id" }).then((data) => { - // console.table(data); + dbd(table); if(data.id){ var redirect = "https://hackers.town/oauth/authorize?"+ "response_type=code&client_id="+data.id+"&redirect_uri="+ @@ -201,4 +219,12 @@ $(() => { if(!isRetry){ console.log("%cWelcome Hacker!", "color: #ff0000; font-size: 7em; font-style: italic; font-family: 'Times New Roman', Times, serif;"); } + + // Enable Extra Debug Stuff + if(DEBUG){ + dbp("Debug Mode Enabled"); + $('.debug').each((i,e)=>{ + e.style.display = "unset"; + }); + } }); \ No newline at end of file diff --git a/style.css b/style.css index 7e08551..ce817b6 100644 --- a/style.css +++ b/style.css @@ -73,4 +73,17 @@ span { .swal2-modal { border: 2px solid #79F257; +} + +.debug { + display: none; +} + +.swal2-confirm, .swal2-deny, .swal2-cancel { + border: 1px solid #79F257; + background-color: #377326; + color: #79F257; + border-radius: 3px; + padding: 8px; + min-width: 100px; } \ No newline at end of file