From e9bf9fd222a22565ebc13e1d903b006563f86204 Mon Sep 17 00:00:00 2001
From: Elizabeth Cray <liz@cray.lgbt>
Date: Sat, 7 May 2022 08:02:58 +0000
Subject: [PATCH] Popups and Niceties

---
 auth/index.php  |  34 +++++++++++++----
 auth/setKey.php |  70 +++++++++++++++++++++++++++++++++++
 favicon.ico     | Bin 0 -> 1676 bytes
 index.html      |   8 ++--
 index.js        |  95 +++++++++++++++++++++++++++++++++++++++++-------
 style.css       |   4 ++
 6 files changed, 185 insertions(+), 26 deletions(-)
 create mode 100644 auth/setKey.php
 create mode 100644 favicon.ico

diff --git a/auth/index.php b/auth/index.php
index 2117b1a..b51e970 100644
--- a/auth/index.php
+++ b/auth/index.php
@@ -24,19 +24,20 @@ if (isset($_REQUEST["act"])){
         <meta charset="utf-8">
         <base href="/auth"/>
         <meta name="viewport" content="width=device-width, initial-scale=1">
-        <!-- Stylesheets -->
-        <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
-        <link href="/style.css" rel="stylesheet"/>
         <!-- Javascript -->
         <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=" crossorigin="anonymous"></script>
         <script src="https://code.jquery.com/color/jquery.color.plus-names-2.1.2.min.js"></script>
         <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p" crossorigin="anonymous"></script>
         <script src="https://cdn.jsdelivr.net/npm/jszip@3.9.1/dist/jszip.min.js" integrity="sha256-aSPPIlJfSHQ5T7wunbPcp7tM0rlq5dHoUGeN8O5odMg=" crossorigin="anonymous"></script>
+        <script src="https://cdn.jsdelivr.net/npm/sweetalert2@11.4.10/dist/sweetalert2.all.min.js" integrity="sha256-YX0M+vWkN+Xjq3t0RBoP6rENNiYm4CN2k33WefMkn+E=" crossorigin="anonymous"></script>
         <script src="/base64url.js"></script>
         <script src="/ssh-util.js"></script>
         <script src="/keygen.js"></script>
         <script src="/fittext.js"></script>
         <script src="/index.js"></script>
+        <!-- Stylesheets -->
+        <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
+        <link href="/style.css" rel="stylesheet"/>
     </Head>
     <Body>
         <div class="row">
@@ -52,6 +53,7 @@ if (isset($_REQUEST["act"])){
                     $AuthToken = "";
                     $UserName = "";
                     $ErrorDesc = "";
+                    $UserId = "";
                     $request = curl_init();
                     curl_setopt($request, CURLOPT_POST, 1);
                     curl_setopt($request, CURLOPT_URL, "https://hackers.town/oauth/token");
@@ -82,6 +84,7 @@ if (isset($_REQUEST["act"])){
                             // Congrats!
                             $AuthToken = $Auth->access_token;
                             $UserName = $User->display_name;
+                            $UserId = $User->id;
                         }else{
                             // invalid auth
                             $AuthToken = "BadUser";
@@ -89,8 +92,23 @@ if (isset($_REQUEST["act"])){
                         }
                     }else{
                         // invalid auth
-                        $AuthToken = "BadOauth";
-                        $ErrorDesc = "Invalid OAuth";
+                        if(isset($_COOKIE["oa_retries"])){
+                            $retries = $_COOKIE["oa_retries"];
+                            if($retries >= 3){
+                                $AuthToken = "BadUser";
+                                $ErrorDesc = "Invalid OAuth";
+                                setcookie("oa_retries", 0, time()+3600);
+                            }else{
+                                $retries++;
+                                setcookie("oa_retries", $retries, time()+3600);
+                                $AuthToken = "BadOauthRetry";
+                                $ErrorDesc = "Invalid OAuth Retry";
+                            }
+                        }else{
+                            $AuthToken = "BadOauth";
+                            $ErrorDesc = "Invalid OAuth Retry";
+                            setcookie("oa_retries", 1, time()+3600);
+                        }
                     }
 
                     // revoke token after usage
@@ -106,7 +124,7 @@ if (isset($_REQUEST["act"])){
                     <span>
                         try again
                     </span>
-                    <div class="message">
+                    <div id="ErrorResult" class="message">
                         <?php echo $ErrorDesc; ?>
                     </div>
                 </div><div class="row button"<?php if(strpos($AuthToken, "Bad") === false){
@@ -135,8 +153,10 @@ if (isset($_REQUEST["act"])){
                 <div class="row button" <?php if(strpos($AuthToken, "Bad") !== false){
                     echo "hidden";
                 }?>>
-                    <button class="col keyButton" onclick="generateSSH('<?php echo $UserName; ?>')">Generate</button>
+                    <button class="col keyButton" onclick="generateSSH('<?php echo $UserName; ?>', '<?php echo $UserId; ?>', '<?php echo $AuthToken; ?>')">Generate</button>
                     <button class="col keyButton" onclick="uploadSSH()">Upload</button>
+                    <button class="col keyButton" onclick="testSwal()">Test Popup</button>
+                    <input id="keyfile" type="file" style="display: none;"/>
                 </div>
                 <div class="row copyright">
                     <!-- TODO: Make this file PHP and make the canary dependent on /etc/ttyserver/canary -->
diff --git a/auth/setKey.php b/auth/setKey.php
new file mode 100644
index 0000000..dca7aeb
--- /dev/null
+++ b/auth/setKey.php
@@ -0,0 +1,70 @@
+<?php
+// Create an account and apply SSH key
+$config = json_decode(file_get_contents("/var/www/usergen/config.json", true));
+
+function checkParameters($parameterArray){
+    $error = false;
+    foreach($parameterArray as $parameter){
+        if(!isset($_POST[$parameter])){
+            $error = true;
+        }
+    }
+    return $error;
+}
+
+function apiResult($result){
+    header('Content-type: application/json');
+    echo json_encode($result);
+    exit();
+}
+
+function success(){
+    apiResult(array("status" => true));
+}
+
+function error($error){
+    apiResult(array("status" => false, "error" => $error));
+}
+
+function validateUsername($username){
+    return (preg_match("/^([a-zA-Z0-9_.]+)$/", $username) == 1);
+}
+
+if (checkParameters(array("pubkey", "userId", "authToken"))){
+    error("Missing parameters");
+}
+
+$userToken = $_POST["authToken"];
+$userId = $_POST["userId"];
+$pubkey = $_POST["pubkey"];
+
+$request = curl_init();
+curl_setopt($request, CURLOPT_URL, "https://hackers.town/api/v1/accounts/verify_credentials");
+curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);
+curl_setopt($request, CURLOPT_HTTPHEADER, array(
+    "Authorization: Bearer ".$userToken
+));
+$response = curl_exec($request);
+curl_close($request);
+$User = json_decode($response);
+// Check User
+if($User->id != $userId){
+    error("User Mismatch");
+}
+if(!validateUsername($User->username)){
+    error("Invalid Username");
+}
+// Create temporary pubkey holding file
+$TempFileName = "/tmp/mkuser/".uniqid("ssh-", true).".pub";
+if(!file_put_contents($TempFileName, $pubkey."\n")){
+    error("Key Addition Failed: Temp");
+}
+// Run User Generation Tool
+// TODO: Replace with custom Rust PHP Extension
+$UserGenCode = shell_exec("/etc/ttyserver/bin/mkuser.tmp \"".$User->username."\" \"".$TempFileName."\" 2>&1; echo $?");
+if($UserGenCode != "0"){
+    error("Key Addition Failed: MK-".$UserGenCode);
+}
+success();
+
+?>
\ No newline at end of file
diff --git a/favicon.ico b/favicon.ico
new file mode 100644
index 0000000000000000000000000000000000000000..9e9c738201ce739423ba38580563b866b20fb75f
GIT binary patch
literal 1676
zcmV;726Op|P)<h;3K|Lk000e1NJLTq001BW001Be1^@s6b9#F800009a7bBm001r{
z001r{0eGc9b^rhdK1oDDR9M61mu*m#*A>Tq_t|Gz7I1l4Bv?UFql-XIX%gD#WTJ#l
zYD$_oQ-VnVO~jXGI+?ua*q4~LAL4Y<X~)DF(RMPnh-CR7jW3-^{ZJ<{O$V7&(-=ue
zhcOVBh=9ww?6Ps$(+_)xUEo>C^h-YUo_S_po^${A+;h+QpL3On@O2J@uX&gkKfRc+
z#%36!{?W{d(FsajrQ@yNY^~YTzsDQ<G-hIB5(PwnF<=7709-&CU?!m|U=o|L)QG-(
z`^%3s(C|(VJ=n0#GC=iS>`fS;4E%mS6S))ITzQjv>U)PWhn5riAGenV#s1>Y+MI1A
z5h8>vfNXU?uOpZqB<KhdObc>j(G5IB9$IMG@%E43ZsMO7z-xf-1FL~M00F+R(3^z7
zU?3;<aBR4i+U@}c0Ei`tIwr@a^aY`S0(|(=w)AbeF}`d(Z5HS+fE?hjz*V3K_yO<<
z&|>Wf$0v@P2UZ+#6;U)X!UzhL@VcFZ*sxJdF-JN2+IWM-;yZybunV{X)B_&?&jQ~7
z8mtY7G)C+lbnGvrkSNh<9x$#Emq7-}A`36xr6*6H+&;_oReI;Y2b{o5`t!H?{T`qk
zD6z2M9GpIJy4j0&nG+{hxWZK}rUy^lO*nAlW*56!dC~&pPM}MF{}Si~?gRdmr1O!E
zkINSGo8kD-@gtA(`04@*h!BY%L69JR{1i}t7w-cXUb(Oap9O#b{zP!`7w!5pNjg!$
zo+2Zz!KJ;I?m5P>2MZ}AK!6Y-)CoC34mpGgQx~Z71+oJRtmfNx*ogUKh*#oyF4ntL
z*A#L*HM?f`Gp@E}w-q{ZGR7E2h!A<?;l;Z%u)}(B0Ch%T-eV@bF>}lVv)n|TRWl||
z{~6jIx~-GW-MQovCJg7~9BtAzkBh`KbmB3l|F&<ki`ild^JeH3A!fTN=0m2;!cffq
z?*rtZ9Lzo?r=Ux^SSRb+sI*X=@hFtoo9trz!4OvH|JNYuuoBx3ZFA0_dR8H8Wo^4p
ze6Uyc-a*F<g(`$!BP>U7SO7eRa0p=;qBbj0)yjGy2f`wRUn1N&<J}v`AvyFdl|Pc-
zH|!o>lAtYMKadUN1E+v2;A7x#It8nM#&`-ULqR#nL5cH%scE`Y7p;eYQB7Pw)5T1W
z^x^b=Gt<nxJiKst30IPG{0*QQcn$amuo!p{*bZFRsdhPTto&VIrGAGdtE)gO@R{b0
zTAi*plcKQz^31%;oRpKf{OcCyRf4b^p&ns1LK(tNg!M^5`V)j#5j+TYBh(_ih_Lb&
zxLrtxbhwR5Dz7(GHoVA>QsiGPPywvdY`72z5#MzlumM;O9067U9^he3%c(FQfelp~
zepO28h-#O1CYhvpw0S7vj?AA@^5_Z&@Tfk!5#WY4XbsSzjk!-BTMm$`8<l*ZJqhbS
znn8h#;f#^D+;8REuwg`rQbrli=RLoLm-K|jIIHo3uK6DWw*lYPJF{zAcIj$Z2HXu4
zYr`t^oNsHoZUUas*gu7B?rqI3T=?+C`vC_IvdH2op6cpTeN}7%?gebXyE+Tr1G<wM
zk|%+Kz#`x~!0sd$mjmC^Mpo-==mCzx;%kfF-*4Z4*BE1j31cV}VZ!8+%X2)}$YJ2m
z!27@!;C0~Dq{Yz&4QQHuPZy!hGpgb~T`8M@OTYo(6?oeIbfX(LlT6~oiD6>mz(GI#
z+|T{JHJfV=Q=z+?Sc)K83KRl9-HMIq^h`Bc;sIK{t@=m}H9dn2l1V1%q@&Kt*{MFQ
zh$8yv%UFMDeIQyMwWS1H32f3qIu6_p?46@Q{g7B^MQ64LPw;a-$Iv$d;|t<4#1P$d
zvw#Jmy0W?#Xu1VhPdu1d0z3w^&9V4KXs&49wTe~2UV4cTA*@BUO6&A`O$JV!Y#rY^
z;B)zkQXT_3<s2zG;-oQuY`*VJ*P9Cs48|Cn-jvQ`x&V|=!V{TKY~puw?Ckp7i}M@U
z=-RkBN|Xy+V1NPolSFk&r^S8Epo9{(vh_@NW%pWolG-x$6)z>RctNWCcjdeL*mrL~
z{lqNXX`0jSR7?e=AT-k0bpHJLKSqb5W`f7QvH>=;(2Ukozdha<DeM*vqx!$U9sd`p
WFN6f(U;ViN0000<MNUMnLSTY6a3IP6

literal 0
HcmV?d00001

diff --git a/index.html b/index.html
index e7d7b20..de8b18b 100644
--- a/index.html
+++ b/index.html
@@ -4,17 +4,15 @@
         <meta charset="utf-8">
         <base href="/"/>
         <meta name="viewport" content="width=device-width, initial-scale=1">
-        <!-- Stylesheets -->
-        <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
-        <link href="/style.css" rel="stylesheet"/>
         <!-- Javascript -->
         <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=" crossorigin="anonymous"></script>
         <script src="https://code.jquery.com/color/jquery.color.plus-names-2.1.2.min.js"></script>
         <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p" crossorigin="anonymous"></script>
         <script src="/fittext.js"></script>
-        <script src="https://livejs.com/live.js"></script>
-
         <script src="/index.js"></script>
+        <!-- Stylesheets -->
+        <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
+        <link href="/style.css" rel="stylesheet"/>
     </Head>
     <Body>
         <div class="row">
diff --git a/index.js b/index.js
index cc6e4b5..b96f9f4 100644
--- a/index.js
+++ b/index.js
@@ -5,8 +5,20 @@ const dbp = (msg) => {
   console.log(msg);
 };
 
+const SwalConfig = {
+  color: "#79F257",
+  background: "#022601",
+}
+
 const isOverflown = ({ clientHeight, scrollHeight }) => scrollHeight > clientHeight
 
+const setCookie = (cname, cvalue, exdays) => {
+  const d = new Date();
+  d.setTime(d.getTime() + (exdays*24*60*60*1000));
+  let expires = "expires="+ d.toUTCString();
+  document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/auth";
+}
+
 const resizeText = ({ element, elements, minSize = 10, maxSize = 512, step = 1, unit = 'px' }) => {
   dbp("Resize");
   (elements || [element]).forEach(el => {
@@ -63,29 +75,77 @@ const disableNonDesktopElements = () => {
   // document.getElementById("bttn").style.height = "15vw";
 }
 
-const generateSSH = async (name) => {
+const failMsg = (msg) => {
+  $("#resizer").html(msg);
+  $("#resizer").css("color", "#400112");
+  $("#resizer").css("background-color", "#79F257");
+  $("#resizer").animate({
+    color: "#79F257",
+    backgroundColor: "#022601"
+  }, 1000);
+}
+
+
+const generateSSH = async (name, id, token) => {
   dbp("Generate Key");
+  // debugger;
   generateKeyPair("RSASSA-PKCS1-v1_5", 4096, "namehere")
     .then((keys) => {
-      console.dir(keys);
-      // saveFile("ssh_key.pem", "text/plain", keys[0]);
-      // saveFile("ssh_key.pub", "text/plain", keys[1]);
       var KeyExport = new JSZip();
       KeyExport.file("HackersTownTTY-"+name, keys[0]);
       KeyExport.file("HackersTownTTY-"+name+".pub", keys[1]);
       KeyExport.generateAsync({type:"blob"})
         .then((content) => {
           saveFile("HackersTownTTY-"+name+".zip", "application/zip", content);
-          // saveAs(content, "HackersTownTTY-"+name+".zip");
-       });
+      });
+      var payload = {
+        pubkey: keys[1],
+        userId: id,
+        authToken: token
+      };
+      $.post("https://tty.hackers.town/auth/setKey.php", payload, (response) => {
+        console.log(response);
+        // debugger;
+        if(response.status){
+          Swal.fire({
+            ...SwalConfig,
+            title: "Success!",
+          });
+        }else{
+          Swal.fire({
+            ...SwalConfig,
+            title: "Failed!",
+            text: response.error
+          });
+        } 
+      }).fail(() => {
+        console.log("Failed");
+      });
     }).catch((err) => {
       console.log(err);
     });
   
 }
 
-const uploadSSH = () => {
+const testSwal = () => {
+  Swal.fire({
+    ...SwalConfig,
+    title: "Success!",
+  });
+}
 
+const uploadSSH = () => {
+  //request local file
+  // $("#keyfiie").trigger("click");
+  var kf = document.getElementById("keyfile");
+  kf.onchange = function(e) {
+    // File selected
+
+  }
+  kf.click();
+  dbp("Nextttt");
+
+  //upload file
 }
 
 const beginOauth = () => {
@@ -99,16 +159,14 @@ const beginOauth = () => {
         "response_type=code&client_id="+data.id+"&redirect_uri="+
         "https://tty.hackers.town/auth&scope=read:accounts";
       dbp(redirect);
+      dbp(window.location.pathname);
+      if(window.location.pathname.includes("auth")){
+        setCookie("oa_retries", 0, 0.1);
+      }
       window.location.href = redirect;
     }else{
       // Auth Failed
-      $("#resizer").html("AUTH FAILED");
-      $("#resizer").css("color", "#400112");
-      $("#resizer").css("background-color", "#79F257");
-      $("#resizer").animate({
-        color: "#79F257",
-        backgroundColor: "#022601"
-      }, 1000);
+      failMsg("AUTH FAILED");
     }
   });
 }
@@ -126,4 +184,13 @@ $(() => {
     dbp("Is Mobile 👍🏻");
     disableNonDesktopElements();
   }
+  // Auto Retry
+  if(window.location.pathname.includes("auth")){
+    var ErrorMsg = document.getElementById("ErrorResult");
+    dbp(typeof ErrorMsg);
+    if(typeof ErrorMsg !== 'undefined' && ErrorMsg.innerText.includes("Retry")){
+      dbp("attempt retry");
+      beginOauth();
+    }
+  }
 });
\ No newline at end of file
diff --git a/style.css b/style.css
index 7684c83..7e08551 100644
--- a/style.css
+++ b/style.css
@@ -69,4 +69,8 @@ span {
 
 .keyButton {
     margin: 1px;
+}
+
+.swal2-modal {
+    border: 2px solid #79F257;
 }
\ No newline at end of file