liz/tilde-oauth
liz/tilde-oauth
1
0
Fork 0
Code Issues 6 Pull Requests Projects Releases Wiki Activity

SSH Key Uploading

Browse Source
This commit is contained in:
Elizabeth Cray 2022-05-07 23:45:13 +00:00
parent 54c9523f22
commit 00d5256f43
4 changed files with 102 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
auth/index.php
View File

@ -154,9 +154,11 @@ if (isset($_REQUEST["act"])){
echo "hidden"; echo "hidden";
}?>> }?>>
<button class="col keyButton" onclick="generateSSH('<?php echo $UserName; ?>', '<?php echo $UserId; ?>', '<?php echo $AuthToken; ?>')">Generate</button> <button class="col keyButton" onclick="generateSSH('<?php echo $UserName; ?>', '<?php echo $UserId; ?>', '<?php echo $AuthToken; ?>')">Generate</button>
<button class="col keyButton" onclick="uploadSSH()">Upload</button> <button class="col keyButton" onclick="uploadSSH('<?php echo $UserId; ?>', '<?php echo $AuthToken; ?>' )">Upload</button>
<button class="col keyButton" onclick="testSwal()">Test Popup</button> <button class="col keyButton debug" onclick="testSwal()">Test Popup</button>
<input id="keyfile" type="file" style="display: none;"/> <form id="uploadForm" enctype="multipart/form-data">
<input id="keyfile" type="file" style="display: none;"/>
</form>
</div> </div>
<div class="row copyright"> <div class="row copyright">
<!-- TODO: Make this file PHP and make the canary dependent on /etc/ttyserver/canary --> <!-- TODO: Make this file PHP and make the canary dependent on /etc/ttyserver/canary -->

8
auth/setKey.php
View File

@ -30,6 +30,10 @@ function validateUsername($username){
return (preg_match("/^([a-zA-Z0-9_.]+)$/", $username) == 1); return (preg_match("/^([a-zA-Z0-9_.]+)$/", $username) == 1);
} }
function validatePublicKey($key){
return (preg_match("/^(ssh-rsa AAAAB3NzaC1yc2|ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNT|ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzOD|ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1Mj|ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|ssh-dss AAAAB3NzaC1kc3)[0-9A-Za-z+\/]+[=]{0,3}( .*)?$/", $key) == 1);
}
if (checkParameters(array("pubkey", "userId", "authToken"))){ if (checkParameters(array("pubkey", "userId", "authToken"))){
error("Missing parameters"); error("Missing parameters");
} }
@ -38,6 +42,10 @@ $userToken = $_POST["authToken"];
$userId = $_POST["userId"]; $userId = $_POST["userId"];
$pubkey = $_POST["pubkey"]; $pubkey = $_POST["pubkey"];
if(!validatePublicKey($pubkey)){
error("Invalid public key");
}
$request = curl_init(); $request = curl_init();
curl_setopt($request, CURLOPT_URL, "https://hackers.town/api/v1/accounts/verify_credentials"); curl_setopt($request, CURLOPT_URL, "https://hackers.town/api/v1/accounts/verify_credentials");
curl_setopt($request, CURLOPT_RETURNTRANSFER, 1); curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);

124
index.js
View File

@ -1,5 +1,5 @@
const DEBUG = false; const DEBUG = true;
var isMobile = false; //initiate as false var isMobile = false;
const dbp = (msg) => { const dbp = (msg) => {
if(DEBUG){ if(DEBUG){
@ -7,9 +7,16 @@ const dbp = (msg) => {
} }
}; };
const dbd = (msg) => {
if(DEBUG){
console.dir(msg);
}
};
const SwalConfig = { const SwalConfig = {
color: "#79F257", color: "#79F257",
background: "#022601", background: "#022601",
buttonsStyling: false,
} }
const isOverflown = ({ clientHeight, scrollHeight }) => scrollHeight > clientHeight const isOverflown = ({ clientHeight, scrollHeight }) => scrollHeight > clientHeight
@ -24,26 +31,22 @@ const setCookie = (cname, cvalue, exdays) => {
const resizeText = ({ element, elements, minSize = 10, maxSize = 512, step = 1, unit = 'px' }) => { const resizeText = ({ element, elements, minSize = 10, maxSize = 512, step = 1, unit = 'px' }) => {
dbp("Resize"); dbp("Resize");
(elements || [element]).forEach(el => { (elements || [element]).forEach(el => {
let i = minSize let i = minSize;
let overflow = false let overflow = false;
const parent = el.parentNode;
const parent = el.parentNode
while (!overflow && i < maxSize) { while (!overflow && i < maxSize) {
el.style.fontSize = `${i}${unit}` el.style.fontSize = `${i}${unit}`;
overflow = isOverflown(parent) overflow = isOverflown(parent);
if (!overflow) i += step;
if (!overflow) i += step
} }
// revert to last state where no overflow happened // revert to last state where no overflow happened
el.style.fontSize = `${i - step}${unit}` el.style.fontSize = `${i - step}${unit}`;
}) });
} }
const saveFile = (name, type, data) => { const saveFile = (name, type, data) => {
if (data !== null && navigator.msSaveBlob) if (data !== null && navigator.msSaveBlob)
return navigator.msSaveBlob(new Blob([data], { type: type }), name); return navigator.msSaveBlob(new Blob([data], { type: type }), name);
var a = $("<a style='display: none;'/>"); var a = $("<a style='display: none;'/>");
var url = window.URL.createObjectURL(new Blob([data], {type: type})); var url = window.URL.createObjectURL(new Blob([data], {type: type}));
a.attr("href", url); a.attr("href", url);
@ -57,7 +60,6 @@ const saveFile = (name, type, data) => {
const disableNonDesktopElements = () => { const disableNonDesktopElements = () => {
var disableElements = document.getElementsByClassName("desktopOnly"); var disableElements = document.getElementsByClassName("desktopOnly");
for(var i=0; i< disableElements.length; i++){ for(var i=0; i< disableElements.length; i++){
// disableElements.item(i).style.display = "none";
var gutter = disableElements.item(i); var gutter = disableElements.item(i);
gutter.classList.remove("col-4"); gutter.classList.remove("col-4");
gutter.classList.add("col-1"); gutter.classList.add("col-1");
@ -68,13 +70,11 @@ const disableNonDesktopElements = () => {
content.classList.add("col-10"); content.classList.add("col-10");
var te = document.getElementById("resizer"); var te = document.getElementById("resizer");
window.fitText(te); window.fitText(te);
var buttons = document.getElementsByClassName("keyButton"); var buttons = document.getElementsByClassName("keyButton");
for(var i=0; i<buttons.length; i++){ for(var i=0; i<buttons.length; i++){
var bttn = buttons.item(i); var bttn = buttons.item(i);
bttn.style.height = "15vw"; bttn.style.height = "15vw";
} }
// document.getElementById("bttn").style.height = "15vw";
} }
const failMsg = (msg) => { const failMsg = (msg) => {
@ -87,10 +87,38 @@ const failMsg = (msg) => {
}, 1000); }, 1000);
} }
const validatePubKey = (key) => {
return /^(ssh-rsa AAAAB3NzaC1yc2|ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNT|ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzOD|ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1Mj|ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|ssh-dss AAAAB3NzaC1kc3)[0-9A-Za-z+\/]+[=]{0,3}( .*)?$/.test(key);
}
const sendSSH = (key, id, token) => {
var payload = {
pubkey: key,
userId: id,
authToken: token
};
$.post("https://tty.hackers.town/auth/setKey.php", payload, (response) => {
dbp(response);
if(response.status){
Swal.fire({
...SwalConfig,
title: "Success!",
text: "Your key has been uploaded to the server."
});
}else{
Swal.fire({
...SwalConfig,
title: "Failed!",
text: response.error
});
}
}).fail(() => {
dbp("Failed");
});
}
const generateSSH = async (name, id, token) => { const generateSSH = async (name, id, token) => {
dbp("Generate Key"); dbp("Generate Key");
// debugger;
generateKeyPair("RSASSA-PKCS1-v1_5", 4096, "namehere") generateKeyPair("RSASSA-PKCS1-v1_5", 4096, "namehere")
.then((keys) => { .then((keys) => {
var KeyExport = new JSZip(); var KeyExport = new JSZip();
@ -100,33 +128,10 @@ const generateSSH = async (name, id, token) => {
.then((content) => { .then((content) => {
saveFile("HackersTownTTY-"+name+".zip", "application/zip", content); saveFile("HackersTownTTY-"+name+".zip", "application/zip", content);
}); });
var payload = { sendSSH(keys[1], id, token);
pubkey: keys[1],
userId: id,
authToken: token
};
$.post("https://tty.hackers.town/auth/setKey.php", payload, (response) => {
dbp(response);
// debugger;
if(response.status){
Swal.fire({
...SwalConfig,
title: "Success!",
});
}else{
Swal.fire({
...SwalConfig,
title: "Failed!",
text: response.error
});
}
}).fail(() => {
dbp("Failed");
});
}).catch((err) => { }).catch((err) => {
dbp(err); dbp(err);
}); });
} }
const testSwal = () => { const testSwal = () => {
@ -136,18 +141,31 @@ const testSwal = () => {
}); });
} }
const uploadSSH = () => { const uploadSSH = (id, token) => {
//request local file //request local file
// $("#keyfiie").trigger("click");
var kf = document.getElementById("keyfile"); var kf = document.getElementById("keyfile");
kf.onchange = function(e) { kf.onchange = function(e) {
// File selected // File selected
var file = e.target.files[0];
if(file){
dbd(file);
var reader = new FileReader();
reader.readAsText(file, "UTF-8");
reader.onload = function (evt) {
var pubkey = evt.target.result;
if(validatePubKey(pubkey)){
sendSSH(pubkey, id, token);
}else{
failMsg("Invalid key");
}
}
reader.onerror = function (evt) {
failMsg("Unable to load Keyfile");
}
}
} }
kf.click(); kf.click();
dbp("Nextttt");
//upload file
} }
const beginOauth = () => { const beginOauth = () => {
@ -155,7 +173,7 @@ const beginOauth = () => {
$.ajax({ $.ajax({
url: "https://tty.hackers.town/auth?act=id" url: "https://tty.hackers.town/auth?act=id"
}).then((data) => { }).then((data) => {
// console.table(data); dbd(table);
if(data.id){ if(data.id){
var redirect = "https://hackers.town/oauth/authorize?"+ var redirect = "https://hackers.town/oauth/authorize?"+
"response_type=code&client_id="+data.id+"&redirect_uri="+ "response_type=code&client_id="+data.id+"&redirect_uri="+
@ -201,4 +219,12 @@ $(() => {
if(!isRetry){ if(!isRetry){
console.log("%cWelcome Hacker!", "color: #ff0000; font-size: 7em; font-style: italic; font-family: 'Times New Roman', Times, serif;"); console.log("%cWelcome Hacker!", "color: #ff0000; font-size: 7em; font-style: italic; font-family: 'Times New Roman', Times, serif;");
} }
// Enable Extra Debug Stuff
if(DEBUG){
dbp("Debug Mode Enabled");
$('.debug').each((i,e)=>{
e.style.display = "unset";
});
}
}); });

13
style.css
View File

@ -74,3 +74,16 @@ span {
.swal2-modal { .swal2-modal {
border: 2px solid #79F257; border: 2px solid #79F257;
} }
.debug {
display: none;
}
.swal2-confirm, .swal2-deny, .swal2-cancel {
border: 1px solid #79F257;
background-color: #377326;
color: #79F257;
border-radius: 3px;
padding: 8px;
min-width: 100px;
}