liz/tilde-oauth
1
0
Fork 0
Code Issues 6 Pull Requests Projects Releases Wiki Activity

Added display and API for SSH fingerprints

Browse Source
This commit is contained in:
Elizabeth Cray
2023-09-29 02:15:06 -04:00
parent 8649c75eac
commit 89928841bc
10 changed files with 257 additions and 148 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -1,2 +1,4 @@
vendor/
config.json
composer.phar
DOMAIN_OVERRIDE

27
auth/index.php
View File

@@ -18,6 +18,7 @@ if (isset($_REQUEST["act"])){
$MastCode = $_REQUEST["code"];
}
?>
<!DOCTYPE html>
<HTML lang="en">
<Head>
<Title>HackersTown Server Access</Title>
@@ -29,7 +30,7 @@ if (isset($_REQUEST["act"])){
<script src="https://code.jquery.com/color/jquery.color.plus-names-2.1.2.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p" crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/jszip@3.9.1/dist/jszip.min.js" integrity="sha256-aSPPIlJfSHQ5T7wunbPcp7tM0rlq5dHoUGeN8O5odMg=" crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/sweetalert2@11.4.10/dist/sweetalert2.all.min.js" integrity="sha256-YX0M+vWkN+Xjq3t0RBoP6rENNiYm4CN2k33WefMkn+E=" crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/sweetalert2@11/dist/sweetalert2.all.min.js" crossorigin="anonymous"></script>
<script src="/base64url.js"></script>
<script src="/ssh-util.js"></script>
<script src="/keygen.js"></script>
@@ -44,11 +45,15 @@ if (isset($_REQUEST["act"])){
<div class="desktopOnly col-4"></div>
<div id="content" class="col-4 center">
<div class="row">
<a href="https://tty.hackers.town">
<?php if(file_exists("/var/www/usergen/DOMAIN_OVERRIDE")){
echo "<a href=\"".file_get_contents("/var/www/usergen/DOMAIN_OVERRIDE")."\">";
}else{
echo "<a href=\"https://tty.hackers.town\">";
}?>
<img src="/Assets/HTown.png" class="logo self-align-center mx-auto d-block" alt="Hacker Town logo in ASCII art. Rendered as image to force correct visualization."/>
</a>
</div>
<?php
<?php
// Query /oauth/token
$AuthToken = "";
$UserName = "";
@@ -58,8 +63,12 @@ if (isset($_REQUEST["act"])){
curl_setopt($request, CURLOPT_POST, 1);
curl_setopt($request, CURLOPT_URL, "https://hackers.town/oauth/token");
curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);
$reqirectUri = "https://tty.hackers.town/auth";
$options = "grant_type=authorization_code&code=".$MastCode."&client_id=".$config->oauth->key."&client_secret=".$config->oauth->secret."&scope=read:accounts&redirect_uri=".$reqirectUri;
$origin = "https://tty.hackers.town";
if(file_exists("/var/www/usergen/DOMAIN_OVERRIDE")){
$origin = str_replace("\n", "", file_get_contents("/var/www/usergen/DOMAIN_OVERRIDE"));
}
$redirectUri = $origin."/auth";
$options = "grant_type=authorization_code&code=".$MastCode."&client_id=".$config->oauth->key."&client_secret=".$config->oauth->secret."&scope=read:accounts&redirect_uri=".$redirectUri;
curl_setopt($request, CURLOPT_POSTFIELDS, $options);
$response = curl_exec($request);
curl_close($request);
@@ -134,7 +143,7 @@ if (isset($_REQUEST["act"])){
}?>>
<!-- Select to upload public key or generate a new one locally -->
<span>
<?php
<?php
$Welcomes = array("Welcome", "Dobrodošli", "Vitejte", "Welkom", "Tervetuloa", "Willkommen", "Fáilte", "Benvenuto", "Bienvenidos", "Välkommen", "ようこそ");
echo $Welcomes[array_rand($Welcomes)];
?>
@@ -157,16 +166,18 @@ if (isset($_REQUEST["act"])){
</form>
</div>
<div class="row copyright">
<?php
<?php
if (file_exists("/etc/ttyserver/canary")){
echo "Canary";
}
?>
<br>
<button class="footerbutton" onclick="displayFingerprints()">SSH Fingerprints</button>
<br>
<a href="https://git.corrupt.link/liz/tilde-oauth">View Source on Git</a>
</div>
</div>
<div class="desktopOnly col-4"></div>
</div>
</Body>
</HTML>
</HTML>

156
composer.lock generated
View File

@@ -8,22 +8,22 @@
"packages": [
{
"name": "guzzlehttp/guzzle",
"version": "7.4.2",
"version": "7.8.0",
"source": {
"type": "git",
"url": "https://github.com/guzzle/guzzle.git",
"reference": "ac1ec1cd9b5624694c3a40be801d94137afb12b4"
"reference": "1110f66a6530a40fe7aea0378fe608ee2b2248f9"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/guzzle/guzzle/zipball/ac1ec1cd9b5624694c3a40be801d94137afb12b4",
"reference": "ac1ec1cd9b5624694c3a40be801d94137afb12b4",
"url": "https://api.github.com/repos/guzzle/guzzle/zipball/1110f66a6530a40fe7aea0378fe608ee2b2248f9",
"reference": "1110f66a6530a40fe7aea0378fe608ee2b2248f9",
"shasum": ""
},
"require": {
"ext-json": "*",
"guzzlehttp/promises": "^1.5",
"guzzlehttp/psr7": "^1.8.3 || ^2.1",
"guzzlehttp/promises": "^1.5.3 || ^2.0.1",
"guzzlehttp/psr7": "^1.9.1 || ^2.5.1",
"php": "^7.2.5 || ^8.0",
"psr/http-client": "^1.0",
"symfony/deprecation-contracts": "^2.2 || ^3.0"
@@ -32,10 +32,11 @@
"psr/http-client-implementation": "1.0"
},
"require-dev": {
"bamarni/composer-bin-plugin": "^1.4.1",
"bamarni/composer-bin-plugin": "^1.8.1",
"ext-curl": "*",
"php-http/client-integration-tests": "^3.0",
"phpunit/phpunit": "^8.5.5 || ^9.3.5",
"php-http/client-integration-tests": "dev-master#2c025848417c1135031fdf9c728ee53d0a7ceaee as 3.0.999",
"php-http/message-factory": "^1.1",
"phpunit/phpunit": "^8.5.29 || ^9.5.23",
"psr/log": "^1.1 || ^2.0 || ^3.0"
},
"suggest": {
@@ -45,8 +46,9 @@
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "7.4-dev"
"bamarni-bin": {
"bin-links": true,
"forward-command": false
}
},
"autoload": {
@@ -112,7 +114,7 @@
],
"support": {
"issues": "https://github.com/guzzle/guzzle/issues",
"source": "https://github.com/guzzle/guzzle/tree/7.4.2"
"source": "https://github.com/guzzle/guzzle/tree/7.8.0"
},
"funding": [
{
@@ -128,38 +130,37 @@
"type": "tidelift"
}
],
"time": "2022-03-20T14:16:28+00:00"
"time": "2023-08-27T10:20:53+00:00"
},
{
"name": "guzzlehttp/promises",
"version": "1.5.1",
"version": "2.0.1",
"source": {
"type": "git",
"url": "https://github.com/guzzle/promises.git",
"reference": "fe752aedc9fd8fcca3fe7ad05d419d32998a06da"
"reference": "111166291a0f8130081195ac4556a5587d7f1b5d"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/guzzle/promises/zipball/fe752aedc9fd8fcca3fe7ad05d419d32998a06da",
"reference": "fe752aedc9fd8fcca3fe7ad05d419d32998a06da",
"url": "https://api.github.com/repos/guzzle/promises/zipball/111166291a0f8130081195ac4556a5587d7f1b5d",
"reference": "111166291a0f8130081195ac4556a5587d7f1b5d",
"shasum": ""
},
"require": {
"php": ">=5.5"
"php": "^7.2.5 || ^8.0"
},
"require-dev": {
"symfony/phpunit-bridge": "^4.4 || ^5.1"
"bamarni/composer-bin-plugin": "^1.8.1",
"phpunit/phpunit": "^8.5.29 || ^9.5.23"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.5-dev"
"bamarni-bin": {
"bin-links": true,
"forward-command": false
}
},
"autoload": {
"files": [
"src/functions_include.php"
],
"psr-4": {
"GuzzleHttp\\Promise\\": "src/"
}
@@ -196,7 +197,7 @@
],
"support": {
"issues": "https://github.com/guzzle/promises/issues",
"source": "https://github.com/guzzle/promises/tree/1.5.1"
"source": "https://github.com/guzzle/promises/tree/2.0.1"
},
"funding": [
{
@@ -212,26 +213,26 @@
"type": "tidelift"
}
],
"time": "2021-10-22T20:56:57+00:00"
"time": "2023-08-03T15:11:55+00:00"
},
{
"name": "guzzlehttp/psr7",
"version": "2.2.1",
"version": "2.6.1",
"source": {
"type": "git",
"url": "https://github.com/guzzle/psr7.git",
"reference": "c94a94f120803a18554c1805ef2e539f8285f9a2"
"reference": "be45764272e8873c72dbe3d2edcfdfcc3bc9f727"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/guzzle/psr7/zipball/c94a94f120803a18554c1805ef2e539f8285f9a2",
"reference": "c94a94f120803a18554c1805ef2e539f8285f9a2",
"url": "https://api.github.com/repos/guzzle/psr7/zipball/be45764272e8873c72dbe3d2edcfdfcc3bc9f727",
"reference": "be45764272e8873c72dbe3d2edcfdfcc3bc9f727",
"shasum": ""
},
"require": {
"php": "^7.2.5 || ^8.0",
"psr/http-factory": "^1.0",
"psr/http-message": "^1.0",
"psr/http-message": "^1.1 || ^2.0",
"ralouphie/getallheaders": "^3.0"
},
"provide": {
@@ -239,17 +240,18 @@
"psr/http-message-implementation": "1.0"
},
"require-dev": {
"bamarni/composer-bin-plugin": "^1.4.1",
"bamarni/composer-bin-plugin": "^1.8.1",
"http-interop/http-factory-tests": "^0.9",
"phpunit/phpunit": "^8.5.8 || ^9.3.10"
"phpunit/phpunit": "^8.5.29 || ^9.5.23"
},
"suggest": {
"laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "2.2-dev"
"bamarni-bin": {
"bin-links": true,
"forward-command": false
}
},
"autoload": {
@@ -311,7 +313,7 @@
],
"support": {
"issues": "https://github.com/guzzle/psr7/issues",
"source": "https://github.com/guzzle/psr7/tree/2.2.1"
"source": "https://github.com/guzzle/psr7/tree/2.6.1"
},
"funding": [
{
@@ -327,20 +329,20 @@
"type": "tidelift"
}
],
"time": "2022-03-20T21:55:58+00:00"
"time": "2023-08-27T10:13:57+00:00"
},
{
"name": "league/oauth2-client",
"version": "2.6.1",
"version": "2.7.0",
"source": {
"type": "git",
"url": "https://github.com/thephpleague/oauth2-client.git",
"reference": "2334c249907190c132364f5dae0287ab8666aa19"
"reference": "160d6274b03562ebeb55ed18399281d8118b76c8"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/thephpleague/oauth2-client/zipball/2334c249907190c132364f5dae0287ab8666aa19",
"reference": "2334c249907190c132364f5dae0287ab8666aa19",
"url": "https://api.github.com/repos/thephpleague/oauth2-client/zipball/160d6274b03562ebeb55ed18399281d8118b76c8",
"reference": "160d6274b03562ebeb55ed18399281d8118b76c8",
"shasum": ""
},
"require": {
@@ -395,9 +397,9 @@
],
"support": {
"issues": "https://github.com/thephpleague/oauth2-client/issues",
"source": "https://github.com/thephpleague/oauth2-client/tree/2.6.1"
"source": "https://github.com/thephpleague/oauth2-client/tree/2.7.0"
},
"time": "2021-12-22T16:42:49+00:00"
"time": "2023-04-16T18:19:15+00:00"
},
{
"name": "lrf141/oauth2-mastodon",
@@ -512,21 +514,21 @@
},
{
"name": "psr/http-client",
"version": "1.0.1",
"version": "1.0.3",
"source": {
"type": "git",
"url": "https://github.com/php-fig/http-client.git",
"reference": "2dfb5f6c5eff0e91e20e913f8c5452ed95b86621"
"reference": "bb5906edc1c324c9a05aa0873d40117941e5fa90"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/php-fig/http-client/zipball/2dfb5f6c5eff0e91e20e913f8c5452ed95b86621",
"reference": "2dfb5f6c5eff0e91e20e913f8c5452ed95b86621",
"url": "https://api.github.com/repos/php-fig/http-client/zipball/bb5906edc1c324c9a05aa0873d40117941e5fa90",
"reference": "bb5906edc1c324c9a05aa0873d40117941e5fa90",
"shasum": ""
},
"require": {
"php": "^7.0 || ^8.0",
"psr/http-message": "^1.0"
"psr/http-message": "^1.0 || ^2.0"
},
"type": "library",
"extra": {
@@ -546,7 +548,7 @@
"authors": [
{
"name": "PHP-FIG",
"homepage": "http://www.php-fig.org/"
"homepage": "https://www.php-fig.org/"
}
],
"description": "Common interface for HTTP clients",
@@ -558,27 +560,27 @@
"psr-18"
],
"support": {
"source": "https://github.com/php-fig/http-client/tree/master"
"source": "https://github.com/php-fig/http-client"
},
"time": "2020-06-29T06:28:15+00:00"
"time": "2023-09-23T14:17:50+00:00"
},
{
"name": "psr/http-factory",
"version": "1.0.1",
"version": "1.0.2",
"source": {
"type": "git",
"url": "https://github.com/php-fig/http-factory.git",
"reference": "12ac7fcd07e5b077433f5f2bee95b3a771bf61be"
"reference": "e616d01114759c4c489f93b099585439f795fe35"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/php-fig/http-factory/zipball/12ac7fcd07e5b077433f5f2bee95b3a771bf61be",
"reference": "12ac7fcd07e5b077433f5f2bee95b3a771bf61be",
"url": "https://api.github.com/repos/php-fig/http-factory/zipball/e616d01114759c4c489f93b099585439f795fe35",
"reference": "e616d01114759c4c489f93b099585439f795fe35",
"shasum": ""
},
"require": {
"php": ">=7.0.0",
"psr/http-message": "^1.0"
"psr/http-message": "^1.0 || ^2.0"
},
"type": "library",
"extra": {
@@ -598,7 +600,7 @@
"authors": [
{
"name": "PHP-FIG",
"homepage": "http://www.php-fig.org/"
"homepage": "https://www.php-fig.org/"
}
],
"description": "Common interfaces for PSR-7 HTTP message factories",
@@ -613,31 +615,31 @@
"response"
],
"support": {
"source": "https://github.com/php-fig/http-factory/tree/master"
"source": "https://github.com/php-fig/http-factory/tree/1.0.2"
},
"time": "2019-04-30T12:38:16+00:00"
"time": "2023-04-10T20:10:41+00:00"
},
{
"name": "psr/http-message",
"version": "1.0.1",
"version": "2.0",
"source": {
"type": "git",
"url": "https://github.com/php-fig/http-message.git",
"reference": "f6561bf28d520154e4b0ec72be95418abe6d9363"
"reference": "402d35bcb92c70c026d1a6a9883f06b2ead23d71"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/php-fig/http-message/zipball/f6561bf28d520154e4b0ec72be95418abe6d9363",
"reference": "f6561bf28d520154e4b0ec72be95418abe6d9363",
"url": "https://api.github.com/repos/php-fig/http-message/zipball/402d35bcb92c70c026d1a6a9883f06b2ead23d71",
"reference": "402d35bcb92c70c026d1a6a9883f06b2ead23d71",
"shasum": ""
},
"require": {
"php": ">=5.3.0"
"php": "^7.2 || ^8.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.0.x-dev"
"dev-master": "2.0.x-dev"
}
},
"autoload": {
@@ -652,7 +654,7 @@
"authors": [
{
"name": "PHP-FIG",
"homepage": "http://www.php-fig.org/"
"homepage": "https://www.php-fig.org/"
}
],
"description": "Common interface for HTTP messages",
@@ -666,9 +668,9 @@
"response"
],
"support": {
"source": "https://github.com/php-fig/http-message/tree/master"
"source": "https://github.com/php-fig/http-message/tree/2.0"
},
"time": "2016-08-06T14:39:51+00:00"
"time": "2023-04-04T09:54:51+00:00"
},
{
"name": "ralouphie/getallheaders",
@@ -716,25 +718,25 @@
},
{
"name": "symfony/deprecation-contracts",
"version": "v3.0.1",
"version": "v3.3.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/deprecation-contracts.git",
"reference": "26954b3d62a6c5fd0ea8a2a00c0353a14978d05c"
"reference": "7c3aff79d10325257a001fcf92d991f24fc967cf"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/26954b3d62a6c5fd0ea8a2a00c0353a14978d05c",
"reference": "26954b3d62a6c5fd0ea8a2a00c0353a14978d05c",
"url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/7c3aff79d10325257a001fcf92d991f24fc967cf",
"reference": "7c3aff79d10325257a001fcf92d991f24fc967cf",
"shasum": ""
},
"require": {
"php": ">=8.0.2"
"php": ">=8.1"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-main": "3.0-dev"
"dev-main": "3.4-dev"
},
"thanks": {
"name": "symfony/contracts",
@@ -763,7 +765,7 @@
"description": "A generic function and convention to trigger deprecation notices",
"homepage": "https://symfony.com",
"support": {
"source": "https://github.com/symfony/deprecation-contracts/tree/v3.0.1"
"source": "https://github.com/symfony/deprecation-contracts/tree/v3.3.0"
},
"funding": [
{
@@ -779,7 +781,7 @@
"type": "tidelift"
}
],
"time": "2022-01-02T09:55:41+00:00"
"time": "2023-05-23T14:45:45+00:00"
}
],
"packages-dev": [],
@@ -790,5 +792,5 @@
"prefer-lowest": false,
"platform": [],
"platform-dev": [],
"plugin-api-version": "2.3.0"
"plugin-api-version": "2.6.0"
}

3
fingerprint.php Normal file
View File

@@ -0,0 +1,3 @@
<?php
echo shell_exec('/usr/bin/ssh-keyscan localhost 2>/dev/null | /usr/bin/ssh-keygen -lf -');
?>

127
index.js
View File

@@ -1,5 +1,7 @@
var DEBUG = false;
var isMobile = false;
var USE_ORIGIN = "";
// TODO: Add check for DOMAIN_OVERRIDE
const dbp = (msg) => {
if(DEBUG){
@@ -35,7 +37,7 @@ const setCookie = (cname, cvalue, exdays) => {
const d = new Date();
d.setTime(d.getTime() + (exdays*24*60*60*1000));
let expires = "expires="+ d.toUTCString();
document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/auth";
document.cookie = cname + "=" + cvalue + ";" + expires + ";SameSite=Strict;path=/auth";
}
const resizeText = ({ element, elements, minSize = 10, maxSize = 512, step = 1, unit = 'px' }) => {
@@ -107,7 +109,7 @@ const sendSSH = (key, id, token) => {
userId: id,
authToken: token
};
$.post("https://tty.hackers.town/auth/setKey.php", payload, (response) => {
$.post(USE_ORIGIN+"/auth/setKey.php", payload, (response) => {
dbp(response);
if(response.status){
Swal.fire({
@@ -125,7 +127,7 @@ const sendSSH = (key, id, token) => {
}).then(()=>{
window.location.reload();
});
}
}
}).fail((resp) => {
dbp("Failed");
dbd(resp);
@@ -141,6 +143,14 @@ const sendSSH = (key, id, token) => {
const generateSSH = async (name, id, token) => {
dbp("Generate Key");
if (window.location.protocol === "http:") {
Swal.fire({
...SwalConfig,
title: "Error!",
text: "You must use HTTPS to generate keys."
});
return;
}
generateKeyPair("RSASSA-PKCS1-v1_5", 4096, "namehere")
.then((keys) => {
var KeyExport = new JSZip();
@@ -189,7 +199,7 @@ const uploadSSH = (id, token) => {
reader.onerror = function (evt) {
failMsg("Unable to load Keyfile");
}
}
}
kf.click();
@@ -198,13 +208,13 @@ const uploadSSH = (id, token) => {
const beginOauth = () => {
dbp("Auth");
$.ajax({
url: "https://tty.hackers.town/auth?act=id"
url: USE_ORIGIN+"/auth?act=id"
}).then((data) => {
dbd(data);
if(data.id){
var redirect = "https://hackers.town/oauth/authorize?"+
"response_type=code&client_id="+data.id+"&redirect_uri="+
"https://tty.hackers.town/auth&scope=read:accounts";
USE_ORIGIN+"/auth&scope=read:accounts";
dbp(redirect);
dbp(window.location.pathname);
if(window.location.pathname.includes("auth")){
@@ -218,40 +228,79 @@ const beginOauth = () => {
});
}
const displayFingerprints = () => {
// Get SSH Fingerprints and display them
$.get(USE_ORIGIN+"/fingerprint.php", (response) => {
dbp(response);
if (response) {
var html = "<div><table class=\"fingerprintTable\"><tr><th>Bits</th><th>Fingerprint</th><th class=\"text-start\">Algorithm</th></tr>";
response.split("\n").forEach((line) => {
var parts = line.split(" ");
if(parts.length === 4){
html += "<tr><td class=\"fingerprintBit\">"+parts[0]+"</td><td class=\"fingerprintData\">"+parts[1]+"</td><td class=\"fingerprintAlgo\">"+parts[3].replace("(", "").replace(")", "")+"</td></tr>";
}
});
html += "</table></div>";
Swal.fire({
...SwalConfig,
title: "SSH Fingerprints",
html: html
});
} else {
Swal.fire({
...SwalConfig,
title: "Unable to Lookup SSH Fingerprints",
text: response.error
});
}
});
}
// On Page Load...
$(() => {
dbp("Begin Init Content");
// Device Detection
if (/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|ipad|iris|kindle|Android|Silk|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino/i.test(navigator.userAgent) ||
/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i.test(navigator.userAgent.substr(0, 4))) {
isMobile = true;
}
// Adjust for Mobile
if(isMobile){
dbp("Is Mobile 👍🏻");
disableNonDesktopElements();
}
// Auto Retry
var isRetry = false;
if(window.location.pathname.includes("auth")){
var ErrorMsg = document.getElementById("ErrorResult");
dbp(typeof ErrorMsg);
if(typeof ErrorMsg !== 'undefined' && ErrorMsg.innerText.includes("Retry")){
dbp("attempt retry");
isRetry = true;
beginOauth();
}
}
// Console Welcome
if(!isRetry){
console.log("%cWelcome Hacker!", "color: #ff0000; font-size: 7em; font-style: italic; font-family: 'Times New Roman', Times, serif;");
}
// Enable Extra Debug Stuff
if(DEBUG){
dbp("Debug Mode Enabled");
$('.debug').each((i,e)=>{
e.style.display = "unset";
});
}
});
// Override domain
$.get("/DOMAIN_OVERRIDE", function (data) {
if(data){
USE_ORIGIN = data.replaceAll("\n", "");
DEBUG = true;
}else{
USE_ORIGIN = "https://tty.hackers.town";
}
// Device Detection
if (/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|ipad|iris|kindle|Android|Silk|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino/i.test(navigator.userAgent) ||
/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i.test(navigator.userAgent.substr(0, 4))) {
isMobile = true;
}
// Adjust for Mobile
if(isMobile){
dbp("Is Mobile 👍🏻");
disableNonDesktopElements();
}
// Auto Retry
var isRetry = false;
if(window.location.pathname.includes("auth")){
var ErrorMsg = document.getElementById("ErrorResult");
dbp(typeof ErrorMsg);
if(typeof ErrorMsg !== 'undefined' && ErrorMsg.innerText.includes("Retry")){
dbp("attempt retry");
isRetry = true;
// beginOauth();
}
}
// Console Welcome
if(!isRetry){
console.log("%cWelcome Hacker!", "color: #ff0000; font-size: 7em; font-style: italic; font-family: 'Times New Roman', Times, serif;");
}
// Enable Extra Debug Stuff
if(DEBUG){
dbp("Debug Mode Enabled");
$('.debug').each((i,e)=>{
e.style.display = "unset";
});
}
})
});

14
index.php Normal file → Executable file
View File

@@ -1,3 +1,4 @@
<!DOCTYPE html>
<HTML lang="en">
<Head>
<Title>HackersTown Server Access</Title>
@@ -8,6 +9,7 @@
<script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=" crossorigin="anonymous"></script>
<script src="https://code.jquery.com/color/jquery.color.plus-names-2.1.2.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p" crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/sweetalert2@11/dist/sweetalert2.all.min.js" crossorigin="anonymous"></script>
<script src="/fittext.js"></script>
<script src="/index.js"></script>
<!-- Stylesheets -->
@@ -19,7 +21,11 @@
<div class="desktopOnly col-4"></div>
<div id="content" class="col-4 center">
<div class="row">
<a href="https://hackers.town">
<?php if(file_exists("/var/www/usergen/DOMAIN_OVERRIDE")){
echo "<a href=\"".str_replace("\n", "", file_get_contents("/var/www/usergen/DOMAIN_OVERRIDE"))."\">";
}else{
echo "<a href=\"https://hackers.town\">";
}?>
<img src="/Assets/HTown.png" class="logo self-align-center mx-auto d-block" alt="Hacker Town logo in ASCII art. Rendered as image to force correct visualization."/>
</a>
</div>
@@ -32,16 +38,18 @@
<button id="bttn" class="keyButton" onclick="beginOauth()">Create Account</button>
</div>
<div class="row copyright">
<?php
<?php
if (file_exists("/etc/ttyserver/canary")){
echo "Canary";
}
?>
<br>
<button class="footerbutton" onclick="displayFingerprints()">SSH Fingerprints</button>
<br>
<a href="https://git.corrupt.link/liz/tilde-oauth">View Source on Git</a>
</div>
</div>
<div class="desktopOnly col-4"></div>
</div>
</Body>
</HTML>
</HTML>

15
keygen.js
View File

@@ -26,8 +26,7 @@ function arrayBufferToBase64(buffer) {
}
function generateKeyPair(alg, size, name) {
return window.crypto.subtle
.generateKey(
return window.crypto.subtle.generateKey(
{
name: "RSASSA-PKCS1-v1_5",
modulusLength: 2048, // can be 1024, 2048, or 4096
@@ -36,17 +35,11 @@ function generateKeyPair(alg, size, name) {
},
extractable,
["sign", "verify"]
)
.then(key => {
const privateKey = window.crypto.subtle
.exportKey("jwk", key.privateKey)
.then(encodePrivateKey)
.then(wrap)
.then(rsaPrivateKey);
).then(key => {
const privateKey = window.crypto.subtle.exportKey("jwk", key.privateKey).then(encodePrivateKey).then(wrap).then(rsaPrivateKey);
const publicKey = window.crypto.subtle.exportKey("jwk", key.publicKey).then(jwk => encodePublicKey(jwk, name));
return Promise.all([privateKey, publicKey]);
});
}
// module.exports = { arrayBufferToBase64, generateKeyPair };
// module.exports = { arrayBufferToBase64, generateKeyPair };

21
send.php Normal file → Executable file
View File

@@ -8,10 +8,15 @@ $config = json_decode(file_get_contents("config.json", true));
session_start();
$origin = "https://tty.hackers.town";
if(file_exists("/var/www/usergen/DOMAIN_OVERRIDE")){
$origin = str_replace("\n", "", file_get_contents("/var/www/usergen/DOMAIN_OVERRIDE"));
}
$provider = new Mastodon([
'clientId' => $config.oauth.key,
'clientSecret' => $config.oauth.secret,
'redirectUri' => 'https://tty.hackers.town/auth',
'redirectUri' => $origin.'/auth',
'instance' => 'https://hackers.town',
'scope' => 'read:accounts',
]);
@@ -37,17 +42,17 @@ if (!isset($_GET['code'])) {
$token = $provider->getAccessToken('authorization_code', [
'code' => $_GET['code']
]);
// Optional: Now you have a token you can look up a users profile data
try {
$user = $provider->getResourceOwner($token);
echo $user->getName();
} catch(Exception $e) {
exit('Oh dear...');
}
@@ -55,4 +60,4 @@ if (!isset($_GET['code'])) {
echo $token->getToken();
}
?>
?>

37
style.css
View File

@@ -92,4 +92,39 @@ span {
border-radius: 3px;
padding: 8px;
min-width: 100px;
}
}
.swal2-html-container .swal2-popup .swal2-modal .swal2-show {
background-color: #022601;
}
.footerbutton {
background: none;
border: none;
color: inherit;
}
td {
border: 1px solid #3a4c35;
}
td:first-child {
border-left: 2px solid #3a4c35;
}
.fingerprintTable {
width: 100%;
border-collapse: collapse;
}
.fingerprintData {
font-size: x-small;
color: lightblue;
font-family: monospace;
}
.fingerprintAlgo {
text-align: left;
}
.fingerprintBit {
text-align: right;
}

3
tools/mkuser
View File

@@ -17,7 +17,7 @@ if [ "$EUID" -ne 0 ];then
fi
#echo $1 >> $LOGFILE
# If not exists, create new user with
# If not exists, create new user with
if [[ "$1" =~ ^[a-zA-Z0-9][a-zA-Z0-9-]+$ ]]; then
echo "Valid username: \"$1\"" >> $LOGFILE
@@ -27,6 +27,7 @@ if [[ "$1" =~ ^[a-zA-Z0-9][a-zA-Z0-9-]+$ ]]; then
# User Exists
echo "\"$1\" Exists" >> $LOGFILE
else
mkdir -p /htusers
useradd -G webadd -m -b /htusers -s /usr/bin/bash --gid 1004 "$1"
ln -s "/htusers/$1/public_gemini /var/gemini/$1"
echo "Added \"$1\" to the system" >> $LOGFILE