SSH Key Uploading
This commit is contained in:
@@ -154,9 +154,11 @@ if (isset($_REQUEST["act"])){
|
||||
echo "hidden";
|
||||
}?>>
|
||||
<button class="col keyButton" onclick="generateSSH('<?php echo $UserName; ?>', '<?php echo $UserId; ?>', '<?php echo $AuthToken; ?>')">Generate</button>
|
||||
<button class="col keyButton" onclick="uploadSSH()">Upload</button>
|
||||
<button class="col keyButton" onclick="testSwal()">Test Popup</button>
|
||||
<input id="keyfile" type="file" style="display: none;"/>
|
||||
<button class="col keyButton" onclick="uploadSSH('<?php echo $UserId; ?>', '<?php echo $AuthToken; ?>' )">Upload</button>
|
||||
<button class="col keyButton debug" onclick="testSwal()">Test Popup</button>
|
||||
<form id="uploadForm" enctype="multipart/form-data">
|
||||
<input id="keyfile" type="file" style="display: none;"/>
|
||||
</form>
|
||||
</div>
|
||||
<div class="row copyright">
|
||||
<!-- TODO: Make this file PHP and make the canary dependent on /etc/ttyserver/canary -->
|
||||
|
@@ -30,6 +30,10 @@ function validateUsername($username){
|
||||
return (preg_match("/^([a-zA-Z0-9_.]+)$/", $username) == 1);
|
||||
}
|
||||
|
||||
function validatePublicKey($key){
|
||||
return (preg_match("/^(ssh-rsa AAAAB3NzaC1yc2|ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNT|ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzOD|ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1Mj|ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|ssh-dss AAAAB3NzaC1kc3)[0-9A-Za-z+\/]+[=]{0,3}( .*)?$/", $key) == 1);
|
||||
}
|
||||
|
||||
if (checkParameters(array("pubkey", "userId", "authToken"))){
|
||||
error("Missing parameters");
|
||||
}
|
||||
@@ -38,6 +42,10 @@ $userToken = $_POST["authToken"];
|
||||
$userId = $_POST["userId"];
|
||||
$pubkey = $_POST["pubkey"];
|
||||
|
||||
if(!validatePublicKey($pubkey)){
|
||||
error("Invalid public key");
|
||||
}
|
||||
|
||||
$request = curl_init();
|
||||
curl_setopt($request, CURLOPT_URL, "https://hackers.town/api/v1/accounts/verify_credentials");
|
||||
curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);
|
||||
|
Reference in New Issue
Block a user