liz/tilde-oauth
1
0
Fork 0
Code Issues 6 Pull Requests Projects Releases Wiki Activity

SSH Key Uploading

Browse Source
This commit is contained in:
Elizabeth Cray
2022-05-07 23:45:13 +00:00
parent 54c9523f22
commit 00d5256f43
4 changed files with 102 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
auth/index.php
View File

@@ -154,9 +154,11 @@ if (isset($_REQUEST["act"])){
echo "hidden";
}?>>
<button class="col keyButton" onclick="generateSSH('<?php echo $UserName; ?>', '<?php echo $UserId; ?>', '<?php echo $AuthToken; ?>')">Generate</button>
<button class="col keyButton" onclick="uploadSSH()">Upload</button>
<button class="col keyButton" onclick="testSwal()">Test Popup</button>
<input id="keyfile" type="file" style="display: none;"/>
<button class="col keyButton" onclick="uploadSSH('<?php echo $UserId; ?>', '<?php echo $AuthToken; ?>' )">Upload</button>
<button class="col keyButton debug" onclick="testSwal()">Test Popup</button>
<form id="uploadForm" enctype="multipart/form-data">
<input id="keyfile" type="file" style="display: none;"/>
</form>
</div>
<div class="row copyright">
<!-- TODO: Make this file PHP and make the canary dependent on /etc/ttyserver/canary -->

8
auth/setKey.php
View File

@@ -30,6 +30,10 @@ function validateUsername($username){
return (preg_match("/^([a-zA-Z0-9_.]+)$/", $username) == 1);
}
function validatePublicKey($key){
return (preg_match("/^(ssh-rsa AAAAB3NzaC1yc2|ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNT|ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzOD|ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1Mj|ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|ssh-dss AAAAB3NzaC1kc3)[0-9A-Za-z+\/]+[=]{0,3}( .*)?$/", $key) == 1);
}
if (checkParameters(array("pubkey", "userId", "authToken"))){
error("Missing parameters");
}
@@ -38,6 +42,10 @@ $userToken = $_POST["authToken"];
$userId = $_POST["userId"];
$pubkey = $_POST["pubkey"];
if(!validatePublicKey($pubkey)){
error("Invalid public key");
}
$request = curl_init();
curl_setopt($request, CURLOPT_URL, "https://hackers.town/api/v1/accounts/verify_credentials");
curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);