SSH Key Uploading

This commit is contained in:
Elizabeth Cray 2022-05-07 23:45:13 +00:00
parent 54c9523f22
commit 00d5256f43
4 changed files with 102 additions and 53 deletions

View File

@ -154,9 +154,11 @@ if (isset($_REQUEST["act"])){
echo "hidden";
}?>>
<button class="col keyButton" onclick="generateSSH('<?php echo $UserName; ?>', '<?php echo $UserId; ?>', '<?php echo $AuthToken; ?>')">Generate</button>
<button class="col keyButton" onclick="uploadSSH()">Upload</button>
<button class="col keyButton" onclick="testSwal()">Test Popup</button>
<button class="col keyButton" onclick="uploadSSH('<?php echo $UserId; ?>', '<?php echo $AuthToken; ?>' )">Upload</button>
<button class="col keyButton debug" onclick="testSwal()">Test Popup</button>
<form id="uploadForm" enctype="multipart/form-data">
<input id="keyfile" type="file" style="display: none;"/>
</form>
</div>
<div class="row copyright">
<!-- TODO: Make this file PHP and make the canary dependent on /etc/ttyserver/canary -->

View File

@ -30,6 +30,10 @@ function validateUsername($username){
return (preg_match("/^([a-zA-Z0-9_.]+)$/", $username) == 1);
}
function validatePublicKey($key){
return (preg_match("/^(ssh-rsa AAAAB3NzaC1yc2|ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNT|ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzOD|ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1Mj|ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|ssh-dss AAAAB3NzaC1kc3)[0-9A-Za-z+\/]+[=]{0,3}( .*)?$/", $key) == 1);
}
if (checkParameters(array("pubkey", "userId", "authToken"))){
error("Missing parameters");
}
@ -38,6 +42,10 @@ $userToken = $_POST["authToken"];
$userId = $_POST["userId"];
$pubkey = $_POST["pubkey"];
if(!validatePublicKey($pubkey)){
error("Invalid public key");
}
$request = curl_init();
curl_setopt($request, CURLOPT_URL, "https://hackers.town/api/v1/accounts/verify_credentials");
curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);

102
index.js
View File

@ -1,5 +1,5 @@
const DEBUG = false;
var isMobile = false; //initiate as false
const DEBUG = true;
var isMobile = false;
const dbp = (msg) => {
if(DEBUG){
@ -7,9 +7,16 @@ const dbp = (msg) => {
}
};
const dbd = (msg) => {
if(DEBUG){
console.dir(msg);
}
};
const SwalConfig = {
color: "#79F257",
background: "#022601",
buttonsStyling: false,
}
const isOverflown = ({ clientHeight, scrollHeight }) => scrollHeight > clientHeight
@ -24,21 +31,17 @@ const setCookie = (cname, cvalue, exdays) => {
const resizeText = ({ element, elements, minSize = 10, maxSize = 512, step = 1, unit = 'px' }) => {
dbp("Resize");
(elements || [element]).forEach(el => {
let i = minSize
let overflow = false
const parent = el.parentNode
let i = minSize;
let overflow = false;
const parent = el.parentNode;
while (!overflow && i < maxSize) {
el.style.fontSize = `${i}${unit}`
overflow = isOverflown(parent)
if (!overflow) i += step
el.style.fontSize = `${i}${unit}`;
overflow = isOverflown(parent);
if (!overflow) i += step;
}
// revert to last state where no overflow happened
el.style.fontSize = `${i - step}${unit}`
})
el.style.fontSize = `${i - step}${unit}`;
});
}
const saveFile = (name, type, data) => {
@ -57,7 +60,6 @@ const saveFile = (name, type, data) => {
const disableNonDesktopElements = () => {
var disableElements = document.getElementsByClassName("desktopOnly");
for(var i=0; i< disableElements.length; i++){
// disableElements.item(i).style.display = "none";
var gutter = disableElements.item(i);
gutter.classList.remove("col-4");
gutter.classList.add("col-1");
@ -68,13 +70,11 @@ const disableNonDesktopElements = () => {
content.classList.add("col-10");
var te = document.getElementById("resizer");
window.fitText(te);
var buttons = document.getElementsByClassName("keyButton");
for(var i=0; i<buttons.length; i++){
var bttn = buttons.item(i);
bttn.style.height = "15vw";
}
// document.getElementById("bttn").style.height = "15vw";
}
const failMsg = (msg) => {
@ -87,31 +87,23 @@ const failMsg = (msg) => {
}, 1000);
}
const validatePubKey = (key) => {
return /^(ssh-rsa AAAAB3NzaC1yc2|ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNT|ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzOD|ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1Mj|ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|ssh-dss AAAAB3NzaC1kc3)[0-9A-Za-z+\/]+[=]{0,3}( .*)?$/.test(key);
}
const generateSSH = async (name, id, token) => {
dbp("Generate Key");
// debugger;
generateKeyPair("RSASSA-PKCS1-v1_5", 4096, "namehere")
.then((keys) => {
var KeyExport = new JSZip();
KeyExport.file("HackersTownTTY-"+name, keys[0]);
KeyExport.file("HackersTownTTY-"+name+".pub", keys[1]);
KeyExport.generateAsync({type:"blob"})
.then((content) => {
saveFile("HackersTownTTY-"+name+".zip", "application/zip", content);
});
const sendSSH = (key, id, token) => {
var payload = {
pubkey: keys[1],
pubkey: key,
userId: id,
authToken: token
};
$.post("https://tty.hackers.town/auth/setKey.php", payload, (response) => {
dbp(response);
// debugger;
if(response.status){
Swal.fire({
...SwalConfig,
title: "Success!",
text: "Your key has been uploaded to the server."
});
}else{
Swal.fire({
@ -123,10 +115,23 @@ const generateSSH = async (name, id, token) => {
}).fail(() => {
dbp("Failed");
});
}
const generateSSH = async (name, id, token) => {
dbp("Generate Key");
generateKeyPair("RSASSA-PKCS1-v1_5", 4096, "namehere")
.then((keys) => {
var KeyExport = new JSZip();
KeyExport.file("HackersTownTTY-"+name, keys[0]);
KeyExport.file("HackersTownTTY-"+name+".pub", keys[1]);
KeyExport.generateAsync({type:"blob"})
.then((content) => {
saveFile("HackersTownTTY-"+name+".zip", "application/zip", content);
});
sendSSH(keys[1], id, token);
}).catch((err) => {
dbp(err);
});
}
const testSwal = () => {
@ -136,18 +141,31 @@ const testSwal = () => {
});
}
const uploadSSH = () => {
const uploadSSH = (id, token) => {
//request local file
// $("#keyfiie").trigger("click");
var kf = document.getElementById("keyfile");
kf.onchange = function(e) {
// File selected
var file = e.target.files[0];
if(file){
dbd(file);
var reader = new FileReader();
reader.readAsText(file, "UTF-8");
reader.onload = function (evt) {
var pubkey = evt.target.result;
if(validatePubKey(pubkey)){
sendSSH(pubkey, id, token);
}else{
failMsg("Invalid key");
}
}
reader.onerror = function (evt) {
failMsg("Unable to load Keyfile");
}
}
}
kf.click();
dbp("Nextttt");
//upload file
}
const beginOauth = () => {
@ -155,7 +173,7 @@ const beginOauth = () => {
$.ajax({
url: "https://tty.hackers.town/auth?act=id"
}).then((data) => {
// console.table(data);
dbd(table);
if(data.id){
var redirect = "https://hackers.town/oauth/authorize?"+
"response_type=code&client_id="+data.id+"&redirect_uri="+
@ -201,4 +219,12 @@ $(() => {
if(!isRetry){
console.log("%cWelcome Hacker!", "color: #ff0000; font-size: 7em; font-style: italic; font-family: 'Times New Roman', Times, serif;");
}
// Enable Extra Debug Stuff
if(DEBUG){
dbp("Debug Mode Enabled");
$('.debug').each((i,e)=>{
e.style.display = "unset";
});
}
});

View File

@ -74,3 +74,16 @@ span {
.swal2-modal {
border: 2px solid #79F257;
}
.debug {
display: none;
}
.swal2-confirm, .swal2-deny, .swal2-cancel {
border: 1px solid #79F257;
background-color: #377326;
color: #79F257;
border-radius: 3px;
padding: 8px;
min-width: 100px;
}