github-personal/databunker
1
0
Fork 0
mirror of https://github.com/outbackdingo/databunker.git synced 2026-01-27 18:18:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adding captcha support

Browse Source
This commit is contained in:
root
2020-10-30 00:34:51 +00:00
parent 33360722c2
commit 0dbbc5278b
4 changed files with 288 additions and 274 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/bunker.go
View File

@@ -181,7 +181,7 @@ func (e mainEnv) setupRouter() *httprouter.Router {
router.DELETE("/v1/user/:mode/:address", e.userDelete)
router.PUT("/v1/user/:mode/:address", e.userChange)
router.GET("/v1/prelogin/:mode/:address", e.userPrelogin)
router.GET("/v1/prelogin/:mode/:address/:code/:captcha", e.userPrelogin)
router.GET("/v1/login/:mode/:address/:tmp", e.userLogin)
router.POST("/v1/sharedrecord/token/:token", e.newSharedRecord)

20
src/captcha.go
View File

@@ -10,32 +10,20 @@ import (
"image/png"
"crypto/aes"
"crypto/cipher"
"encoding/base64"
"encoding/hex"
"github.com/julienschmidt/httprouter"
"github.com/gobuffalo/packr"
"github.com/afocus/captcha"
)
var (
comic []byte
captchaKey = make([]byte, 16)
regexCaptcha = regexp.MustCompile("^([a-zA-Z0-9]+):([0-9]+)$")
)
func (e mainEnv) genCaptcha(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
code, err := generateCaptcha()
if err != nil {
returnError(w, r, err.Error(), 405, err, nil)
return
}
finalJSON := fmt.Sprintf(`{"status":"ok","code":"%s"}`, code)
w.Header().Set("Content-Type", "application/json; charset=utf-8")
w.WriteHeader(200)
w.Write([]byte(finalJSON))
}
func (e mainEnv) showCaptcha(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
log.Printf("Starting showCaptcha fn")
code := ps.ByName("code")
if len(code) == 0 {
err := errors.New("Bad code")
@@ -93,7 +81,7 @@ func generateCaptcha() (string, error) {
return "", err
}
ciphertext := aesgcm.Seal(nil, nonce, []byte(plaintext), nil)
result := base64.StdEncoding.EncodeToString(ciphertext)
result := hex.EncodeToString(ciphertext)
log.Printf("Encoded captcha: %s", result)
//log.Printf("ciphertext : %s", result)
return result, nil
@@ -103,7 +91,7 @@ func decryptCaptcha(data string) (string, error) {
if len(data) > 100 {
return "", errors.New("Ciphertext too long")
}
ciphertext, err := base64.StdEncoding.DecodeString(data)
ciphertext, err := hex.DecodeString(data)
if err != nil {
return "", err
}

9
src/users_api.go
View File

@@ -292,11 +292,20 @@ func (e mainEnv) userDelete(w http.ResponseWriter, r *http.Request, ps httproute
}
func (e mainEnv) userPrelogin(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
captcha := ps.ByName("captcha")
code := ps.ByName("code")
address := ps.ByName("address")
mode := ps.ByName("mode")
event := audit("user prelogin by "+mode, address, mode, address)
defer func() { event.submit(e.db) }()
code0, err := decryptCaptcha(captcha)
if err != nil || code0 != code {
w.Header().Set("Content-Type", "application/json; charset=utf-8")
w.WriteHeader(200)
fmt.Fprintf(w, `{"status":"error","result":"captcha-error"}`)
return
}
if mode != "phone" && mode != "email" {
returnError(w, r, "bad mode", 405, nil, event)
return

531
ui/index.html
View File

@@ -19,263 +19,280 @@ if (conf["custom_css_link"]) {
</head>
<body>
<div class="container col-md-6 pY-100">
<script>
conf = loadUIConfiguration();
if (conf["LogoLink"]) {
document.write("<center><div class='col-6'><img class='logo img-responsive' src='"+conf["LogoLink"]+"'></div></center>" );
}
</script>
<div class="row">
<div class="bigblock">
<h4>Find my data</h4>
<p>Select login method and enter login details:</p>
<form id="loginform">
<div class="form-group">
<select onchange="changemethod(this);" class="custom-select" required id="keymethod">
<option value="Admin">Admin Token</option>
<option value="Record">Record Token</option>
<option selected value="Email">Email</option>
<option value="Phone">Phone</option>
</select>
</div>
<div class="form-group" id="email-conf-form" style="display:none;">
<p>We might send your email using 3rd party service. Check the <b>Privacy policy</b> bellow.</p>
<div class="form-check">
<input type="checkbox" class="form-check-input" onclick="hidealert();" id="emailchk">
<label class="form-check-label" for="emailchk">Confirm to allow sending access code using 3rd party service.</label>
</div>
</div>
<div class="form-group" id="sms-conf-form" style="display:none;">
<p>We might send you SMS using 3rd party service. Check the <b>Privacy policy</b> bellow.</p>
<div class="form-check">
<input type="checkbox" class="form-check-input" onclick="hidealert();" id="smschk">
<label class="form-check-label" for="smschk">Confirm to allow sending access code using 3rd party service.</label>
</div>
</div>
<div id="confalert" class="alert alert-warning" role="alert" style="display:none;">
We can not send you access code!
</div>
<div id="badformat" class="alert alert-warning" role="alert" style="display:none;">
Bad input value!
</div>
<div id="notfound" class="alert alert-warning" role="alert" style="display:none;">
User not found
</div>
<div class="form-group">
<input id="loginvalue" type="login" autocomplete="off" class="form-control" onclick="hidebadformat();"
placeholder="Enter token...">
</div>
<div class="form-group">
<div class="peers ai-c jc-sb fxw-nw">
<div class="peer"></div>
<div class="peer"><button onclick="return submitbtn();"
class="btn btn-primary">Login</button></div>
</div>
</div>
</form>
<div id="loading" style="display:none;">
<center><img src="/site/loading.gif" /></center>
</div>
</div>
</div>
<script>displayFooterLinks();</script>
</div>
<div class="container col-md-6 pY-100">
<script>
var lookupTimer;
var lookupCount;
function lookupUser(url) {
if (lookupCount > 0) {
// try to login with user again
var xhr10 = new XMLHttpRequest();
xhr10.open('GET', url);
xhr10.onload = function () {
if (xhr10.status === 200) {
document.location = "/site/login.html";
}
}
xhr10.send();
lookupCount = lookupCount - 1;
} else {
clearTimeout(lookupTimer);
var loading = document.getElementById('loading');
loading.style.display = "none";
var notfound = document.getElementById('notfound');
notfound.style.display = "block";
}
}
function isUUID(uuid) {
let s = "" + uuid;
s = s.match('^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$');
if (s === null) {
return false;
}
return true;
}
function hidealert() {
var confalert = document.getElementById('confalert');
confalert.style.display = "none";
var badformat = document.getElementById('badformat');
badformat.style.display = "none";
}
function hidebadformat() {
var badformat = document.getElementById('badformat');
var notfound = document.getElementById('notfound');
badformat.style.display = "none";
notfound.style.display = "none";
}
function changemethod(obj) {
var value = obj.value;
if (!value) {
return false;
}
changemethoddo(value);
}
function changemethoddo(value) {
var element = document.getElementById('loginvalue');
var smsform = document.getElementById('sms-conf-form');
var emailform = document.getElementById('email-conf-form');
var smschk = document.getElementById('smschk');
var emailchk = document.getElementById('emailchk');
var confalert = document.getElementById('confalert');
var badformat = document.getElementById('badformat');
var loading = document.getElementById('loading');
var notfound = document.getElementById('notfound');
if (!element || !smsform || !emailform ||
!smschk || !emailchk || !confalert ||
!badformat || !loading) {
return false;
}
badformat.style.display = "none";
notfound.style.display = "none";
smschk.checked = false;
emailchk.checked = false;
value = value.toLowerCase();
valueDisplay = value;
if (valueDisplay === "admin") {
valueDisplay = "admin token";
}
var key = element.placeholder = "Enter " + valueDisplay + "...";
confalert.style.display = "none";
if (value == "email") {
smsform.style.display = "none";
emailform.style.display = "block";
} else if (value == "phone") {
smsform.style.display = "block";
emailform.style.display = "none";
} else {
smsform.style.display = "none";
emailform.style.display = "none";
}
}
function submitbtn() {
var element = document.getElementById('loginvalue')
var smschk = document.getElementById('smschk');
var emailchk = document.getElementById('emailchk');
var confalert = document.getElementById('confalert');
var keymethod = document.getElementById('keymethod');
var badformat = document.getElementById('badformat');
if (!element || !smschk || !emailchk || !confalert || !keymethod) {
return false;
}
var key = element.value;
if (!key) {
return false;
}
var kkk = keymethod.options[keymethod.selectedIndex].value;
if ((kkk == "Email" && emailchk.checked == false) ||
(kkk == "Phone" && smschk.checked == false)) {
confalert.style.display = "block";
return false;
}
if (kkk == "Record" && isUUID(key) == true) {
var xhr = new XMLHttpRequest();
xhr.open('GET', "/v1/get/" + key);
xhr.onload = function () {
if (xhr.status === 200) {
var data = JSON.parse(xhr.responseText);
if (data && data.status && data.status == "ok") {
window.localStorage.setItem('record', key);
window.localStorage.setItem('type', data.type);
if (data.data) {
document.location = "/site/display-data.html";
} else {
document.location = "/site/admin-events.html";
}
}
}
};
xhr.send();
} else if (kkk == "Admin" && (key == "DEMO" || isUUID(key) == true)) {
var xhr = new XMLHttpRequest();
xhr.open('GET', "/v1/userapps");
xhr.setRequestHeader("X-Bunker-Token", key)
xhr.setRequestHeader("Content-type", "application/json");
xhr.onload = function () {
if (xhr.status === 200) {
var data = JSON.parse(xhr.responseText);
if (data && data.status && data.status == "ok") {
window.localStorage.setItem('xtoken', key);
window.localStorage.setItem('type', data.type);
document.location = "/site/admin-view-requests.html";
}
}
};
xhr.send();
} else if (kkk == "Email" && key.indexOf('@') > 0) {
window.localStorage.setItem('login', key);
var xhr0 = new XMLHttpRequest();
xhr0.open('POST', "/v1/agreement/core-send-email-on-login/email/" + encodeURI(key) + "");
xhr0.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
xhr0.onload = function () {
if (xhr0.status === 200) {
var xhr = new XMLHttpRequest();
var url = "/v1/prelogin/email/" + encodeURI(key)
xhr.open('GET', url);
xhr.onload = function () {
if (xhr.status === 200) {
document.location = "/site/login.html";
} else /* if (conf["MagicLookup"]) */ {
//error
var loading = document.getElementById('loading');
loading.style.display = "block";
lookupCount = 5;
lookupTimer = setInterval(lookupUser, 2500, url);
}
}
xhr.send();
}
}
xhr0.send();
} else if (kkk == "Phone") {
window.localStorage.setItem('login', key);
var xhr0 = new XMLHttpRequest();
xhr0.open('POST', "/v1/agreement/core-send-sms-on-login/phone/" + encodeURI(key) + "");
xhr0.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
xhr0.onload = function () {
if (xhr0.status === 200) {
var xhr = new XMLHttpRequest();
xhr.open('GET', "/v1/prelogin/phone/" + encodeURI(key));
xhr.onload = function () {
if (xhr.status === 200) {
document.location = "/site/login.html";
}
}
xhr.send();
}
}
xhr0.send();
} else {
badformat.style.display = "block";
}
return false;
}
(function() {
changemethoddo('Email');
})();
conf = loadUIConfiguration();
if (conf["LogoLink"]) {
document.write("<center><div class='col-6'><img class='logo img-responsive' src='"+conf["LogoLink"]+"'></div></center>" );
}
</script>
<div class="row">
<div class="bigblock">
<h4>Find my data</h4>
<p>Select login method and enter login details:</p>
<form id="loginform">
<div class="form-group">
<select onchange="changemethod(this);" class="custom-select" required id="keymethod">
<option value="Admin">Admin Token</option>
<option value="Record">Record Token</option>
<option selected value="Email">Email</option>
<option value="Phone">Phone</option>
</select>
</div>
<div class="form-group" id="email-conf-form" style="display:none;">
<p>We might send your email using 3rd party service. Check the <b>Privacy policy</b> bellow.</p>
<div class="form-check">
<input type="checkbox" class="form-check-input" onclick="hidealert();" id="emailchk">
<label class="form-check-label" for="emailchk">Confirm to allow sending access code using 3rd party service.</label>
</div>
</div>
<div class="form-group" id="sms-conf-form" style="display:none;">
<p>We might send you SMS using 3rd party service. Check the <b>Privacy policy</b> bellow.</p>
<div class="form-check">
<input type="checkbox" class="form-check-input" onclick="hidealert();" id="smschk">
<label class="form-check-label" for="smschk">Confirm to allow sending access code using 3rd party service.</label>
</div>
</div>
<div id="errmsg" class="alert alert-warning" role="alert" style="display:none;"></div>
<div class="form-group">
<input id="loginvalue" type="login" autocomplete="off" class="form-control" onclick="hidealert();"
placeholder="Enter token...">
</div>
<div id="captcha-form">
<img src="/v1/captcha/%CAPTCHAURL%" />
<input id="captchavalue" type="login" autocomplete="off" class="form-control" onclick="hidealert();"
style="float: right; width: 50%; margin-top: 12px;" placeholder="Enter captcha">
</div>
<div class="form-group">
<div class="peers ai-c jc-sb fxw-nw">
<div class="peer"></div>
<div class="peer"><button onclick="return submitbtn();"
class="btn btn-primary">Login</button></div>
</div>
</div>
</form>
<div id="loading" style="display:none;">
<center><img src="/site/loading.gif" /></center>
</div>
</div>
</div>
<script>displayFooterLinks();</script>
</div>
<script>
var lookupTimer;
var lookupCount;
function lookupUser(url) {
if (lookupCount > 0) {
// try to login with user again
var xhr10 = new XMLHttpRequest();
xhr10.open('GET', url);
xhr10.onload = function () {
if (xhr10.status === 200) {
var data = JSON.parse(xhr.responseText);
if (data.status == "error" && data.result && data.result == "captcha-error") {
showalert("Captcha error. Refresh the page and try again.");
} else if (data.status == "ok") {
document.location = "/site/login.html";
return;
}
}
}
xhr10.send();
lookupCount = lookupCount - 1;
} else {
clearTimeout(lookupTimer);
var loading = document.getElementById('loading');
loading.style.display = "none";
showalert("Failed to find user record. User might be deleted.");
}
}
function isUUID(uuid) {
let s = "" + uuid;
s = s.match('^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$');
if (s === null) {
return false;
}
return true;
}
function showalert(msg) {
var errmsg = document.getElementById('errmsg');
errmsg.style.display = "block"
errmsg.innerHTML = msg;
}
function hidealert() {
var errmsg = document.getElementById('errmsg');
errmsg.style.display = "none";
errmsg.innerHTML = "";
}
function changemethod(obj) {
var value = obj.value;
if (!value) {
return false;
}
changemethodnow(value);
}
function changemethodnow(value) {
var login = document.getElementById('loginvalue');
var smsform = document.getElementById('sms-conf-form');
var emailform = document.getElementById('email-conf-form');
var captchaform = document.getElementById('captcha-form');
var smschk = document.getElementById('smschk');
var emailchk = document.getElementById('emailchk');
var loading = document.getElementById('loading');
if (!login || !smsform || !emailform ||
!smschk || !emailchk || !loading) {
return false;
}
hidealert();
smschk.checked = false;
emailchk.checked = false;
value = value.toLowerCase();
valueDisplay = value;
if (valueDisplay === "admin") {
valueDisplay = "admin token";
}
var key = login.placeholder = "Enter " + valueDisplay + "...";
if (value == "email") {
smsform.style.display = "none";
emailform.style.display = "block";
captchaform.style.display = "block";
} else if (value == "phone") {
smsform.style.display = "block";
emailform.style.display = "none";
captchaform.style.display = "block";
} else {
smsform.style.display = "none";
emailform.style.display = "none";
captchaform.style.display = "none";
}
}
function submitbtn() {
var login = document.getElementById('loginvalue');
var captcha = document.getElementById('captchavalue');
var smschk = document.getElementById('smschk');
var emailchk = document.getElementById('emailchk');
var keymethod = document.getElementById('keymethod');
if (!login || !smschk || !emailchk || !keymethod) {
return false;
}
var key = login.value;
if (!key) {
return false;
}
code = captcha.value;
var captcha0 = "%CAPTCHAURL%";
var kkk = keymethod.options[keymethod.selectedIndex].value;
if ((kkk == "Email" && emailchk.checked == false) ||
(kkk == "Phone" && smschk.checked == false)) {
showalert("We can not send you access code without your consent.");
return false;
}
if ((kkk == "Email" || kkk == "Phone") && !code){
showalert("Captcha code is missing");
return false;
}
if (kkk == "Record" && isUUID(key) == true) {
var xhr = new XMLHttpRequest();
xhr.open('GET', "/v1/get/" + key);
xhr.onload = function () {
if (xhr.status === 200) {
var data = JSON.parse(xhr.responseText);
if (data && data.status && data.status == "ok") {
window.localStorage.setItem('record', key);
window.localStorage.setItem('type', data.type);
if (data.data) {
document.location = "/site/display-data.html";
} else {
document.location = "/site/admin-events.html";
}
}
}
};
xhr.send();
} else if (kkk == "Admin" && (key == "DEMO" || isUUID(key) == true)) {
var xhr = new XMLHttpRequest();
xhr.open('GET', "/v1/userapps");
xhr.setRequestHeader("X-Bunker-Token", key)
xhr.setRequestHeader("Content-type", "application/json");
xhr.onload = function () {
if (xhr.status === 200) {
var data = JSON.parse(xhr.responseText);
if (data && data.status && data.status == "ok") {
window.localStorage.setItem('xtoken', key);
window.localStorage.setItem('type', data.type);
document.location = "/site/admin-view-requests.html";
}
}
};
xhr.send();
} else if (kkk == "Email" && key.indexOf('@') > 0) {
window.localStorage.setItem('login', key);
var xhr0 = new XMLHttpRequest();
xhr0.open('POST', "/v1/agreement/core-send-email-on-login/email/" + encodeURI(key) + "");
xhr0.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
xhr0.onload = function () {
if (xhr0.status === 200) {
var xhr = new XMLHttpRequest();
var url = "/v1/prelogin/email/" + encodeURI(key) + "/" + code + "/" + captcha0;
xhr.open('GET', url);
xhr.onload = function () {
if (xhr.status === 200) {
var data = JSON.parse(xhr.responseText);
if (data.status == "error" && data.result && data.result == "captcha-error") {
showalert("Captcha error. Refresh the page and try again.");
return;
} else if (data.status == "ok") {
document.location = "/site/login.html";
return;
}
}
// lets wait for the results
var loading = document.getElementById('loading');
loading.style.display = "block";
lookupCount = 6;
lookupTimer = setInterval(lookupUser, 2500, url);
}
xhr.send();
}
}
xhr0.send();
} else if (kkk == "Phone") {
window.localStorage.setItem('login', key);
var xhr0 = new XMLHttpRequest();
xhr0.open('POST', "/v1/agreement/core-send-sms-on-login/phone/" + encodeURI(key) + "");
xhr0.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
xhr0.onload = function () {
if (xhr0.status === 200) {
var xhr = new XMLHttpRequest();
xhr.open('GET', "/v1/prelogin/phone/" + encodeURI(key) + "/" + code + "/" + captcha0);
xhr.onload = function () {
if (xhr.status === 200) {
var data = JSON.parse(xhr.responseText);
if (data.status == "error" && data.result && data.result == "captcha-error") {
showalert("Captcha error. Refresh the page and try again.");
return;
} else if (data.status == "ok") {
document.location = "/site/login.html";
return;
}
}
}
xhr.send();
}
}
xhr0.send();
} else {
if (kkk == "Email" && key.indexOf('@') == -1) {
showalert("Bad email address format");
} else {
showalert("Bad input value!");
}
}
return false;
}
(function() {
changemethodnow('Email');
})();
</script>
</body>