2024-05-13 11:38:09 +01:00
// This code is licensed under the latest version of the GNU Affero General Public License
2024-04-26 21:12:56 +01:00
package main
import (
2024-04-27 10:35:16 +01:00
"crypto/rand"
2024-05-03 19:07:28 +01:00
"crypto/rsa"
2024-04-26 21:12:56 +01:00
"crypto/sha256"
2024-05-03 19:07:28 +01:00
"crypto/x509"
2024-04-26 21:12:56 +01:00
"database/sql"
"encoding/base64"
2024-05-04 16:15:40 +01:00
"encoding/binary"
2024-04-26 21:12:56 +01:00
"encoding/hex"
2024-07-26 19:25:41 +01:00
"encoding/json"
2024-05-03 19:07:28 +01:00
"encoding/pem"
2024-04-28 21:24:50 +01:00
"errors"
2024-04-26 21:12:56 +01:00
"fmt"
2024-05-03 19:07:28 +01:00
"log"
"math/big"
2024-07-26 19:25:41 +01:00
"net/http"
2024-04-26 21:12:56 +01:00
"os"
2024-07-26 19:25:41 +01:00
"path/filepath"
2024-04-26 21:12:56 +01:00
"regexp"
"strconv"
"strings"
"time"
2024-07-26 19:25:41 +01:00
"github.com/catalinc/hashcash"
"github.com/dgrijalva/jwt-go"
2024-04-26 21:12:56 +01:00
"github.com/gin-gonic/gin"
_ "github.com/mattn/go-sqlite3"
"github.com/spf13/viper"
"golang.org/x/crypto/scrypt"
)
2024-05-03 19:07:28 +01:00
var (
2024-06-21 19:17:45 +01:00
conn * sql . DB
2024-06-25 01:32:47 +01:00
mem * sql . DB
2024-05-03 20:15:46 +01:00
privateKey * rsa . PrivateKey
publicKey * rsa . PublicKey
2024-05-03 19:07:28 +01:00
modulus * big . Int
exponent int
)
2024-07-26 19:25:41 +01:00
func ensureTrailingSlash ( url string ) string {
if ! strings . HasSuffix ( url , "/" ) {
return url + "/"
}
return url
}
2024-05-04 18:36:39 +01:00
func Int64ToBase64URL ( num int64 ) ( string , error ) {
2024-05-04 16:15:40 +01:00
numBytes := make ( [ ] byte , 8 )
binary . BigEndian . PutUint64 ( numBytes , uint64 ( num ) )
startIndex := 0
for startIndex < len ( numBytes ) && numBytes [ startIndex ] == 0 {
startIndex ++
}
trimmedBytes := numBytes [ startIndex : ]
2024-05-04 18:36:39 +01:00
encoded := base64 . URLEncoding . EncodeToString ( trimmedBytes )
return encoded , nil
}
func BigIntToBase64URL ( num * big . Int ) ( string , error ) {
numBytes := num . Bytes ( )
startIndex := 0
for startIndex < len ( numBytes ) && numBytes [ startIndex ] == 0 {
startIndex ++
}
trimmedBytes := numBytes [ startIndex : ]
encoded := base64 . URLEncoding . EncodeToString ( trimmedBytes )
2024-05-04 16:15:40 +01:00
return encoded , nil
2024-05-03 20:38:08 +01:00
}
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
const saltChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
2024-05-04 16:15:40 +01:00
2024-07-26 19:25:41 +01:00
func randomChars ( length int ) ( string , error ) {
2024-04-26 21:12:56 +01:00
if length <= 0 {
2024-06-21 19:17:45 +01:00
return "" , errors . New ( "salt length must be greater than 0" )
2024-04-26 21:12:56 +01:00
}
salt := make ( [ ] byte , length )
2024-04-27 10:35:16 +01:00
randomBytes := make ( [ ] byte , length )
_ , err := rand . Read ( randomBytes )
if err != nil {
2024-06-21 19:17:45 +01:00
return "" , err
2024-04-27 10:35:16 +01:00
}
2024-04-26 21:12:56 +01:00
for i := range salt {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
salt [ i ] = saltChars [ int ( randomBytes [ i ] ) % len ( saltChars ) ]
2024-04-26 21:12:56 +01:00
}
2024-06-21 19:17:45 +01:00
return string ( salt ) , nil
2024-04-26 21:12:56 +01:00
}
func sha256Base64 ( s string ) string {
hashed := sha256 . Sum256 ( [ ] byte ( s ) )
encoded := base64 . URLEncoding . EncodeToString ( hashed [ : ] )
encoded = strings . TrimRight ( encoded , "=" )
return encoded
}
2024-06-21 19:17:45 +01:00
func hash ( password , salt string ) ( string , error ) {
2024-04-26 21:12:56 +01:00
passwordBytes := [ ] byte ( password )
saltBytes := [ ] byte ( salt )
2024-06-21 19:17:45 +01:00
derivedKey , err := scrypt . Key ( passwordBytes , saltBytes , 32768 , 8 , 1 , 64 )
if err != nil {
return "" , err
}
2024-04-26 21:12:56 +01:00
2024-05-06 10:24:18 +01:00
hashString := fmt . Sprintf ( "scrypt:32768:8:1$%s$%s" , salt , hex . EncodeToString ( derivedKey ) )
2024-06-21 19:17:45 +01:00
return hashString , nil
2024-04-26 21:12:56 +01:00
}
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
func verifyHash ( werkzeugHash , password string ) ( bool , error ) {
parts := strings . Split ( werkzeugHash , "$" )
2024-04-26 21:12:56 +01:00
if len ( parts ) != 3 || parts [ 0 ] != "scrypt:32768:8:1" {
2024-06-21 19:17:45 +01:00
return false , nil
2024-04-26 21:12:56 +01:00
}
salt := parts [ 1 ]
2024-06-21 19:17:45 +01:00
computedHash , err := hash ( password , salt )
if err != nil {
return false , err
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
return werkzeugHash == computedHash , nil
2024-04-26 21:12:56 +01:00
}
2024-06-21 19:17:45 +01:00
func getUser ( id int ) ( string , string , string , string , error ) {
var created , username , password , uniqueId string
err := conn . QueryRow ( "SELECT created, username, uniqueId, password FROM users WHERE id = ? LIMIT 1" , id ) . Scan ( & created , & username , & uniqueId , & password )
2024-04-26 21:12:56 +01:00
if err != nil {
2024-04-28 21:24:50 +01:00
if errors . Is ( err , sql . ErrNoRows ) {
2024-06-21 19:17:45 +01:00
return "" , "" , "" , "" , sql . ErrNoRows
2024-04-26 21:12:56 +01:00
} else {
2024-06-21 19:17:45 +01:00
return "" , "" , "" , "" , err
2024-04-26 21:12:56 +01:00
}
}
2024-06-21 19:17:45 +01:00
return created , username , password , uniqueId , nil
2024-04-26 21:12:56 +01:00
}
2024-06-21 19:17:45 +01:00
func getSession ( session string ) ( int , int , error ) {
var id , sessionId int
2024-07-26 19:25:41 +01:00
err := mem . QueryRow ( "SELECT sessionid, id FROM sessions WHERE session = ? LIMIT 1" , session ) . Scan ( & sessionId , & id )
2024-04-26 21:12:56 +01:00
if err != nil {
2024-06-21 19:17:45 +01:00
return 0 , 0 , err
2024-04-26 21:12:56 +01:00
}
2024-06-21 19:17:45 +01:00
return sessionId , id , nil
2024-04-26 21:12:56 +01:00
}
2024-06-21 19:17:45 +01:00
func checkUsernameTaken ( username string ) ( int , bool , error ) {
2024-04-26 21:12:56 +01:00
var id int
err := conn . QueryRow ( "SELECT id FROM users WHERE lower(username) = ? LIMIT 1" , username ) . Scan ( & id )
if err != nil {
2024-04-28 21:24:50 +01:00
if errors . Is ( err , sql . ErrNoRows ) {
2024-06-25 16:29:40 +01:00
return 0 , false , nil
2024-04-26 21:12:56 +01:00
} else {
2024-06-21 19:17:45 +01:00
return 0 , true , err
2024-04-26 21:12:56 +01:00
}
}
2024-06-25 16:29:40 +01:00
return id , true , nil
2024-04-26 21:12:56 +01:00
}
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
func initDb ( ) {
2024-04-26 21:12:56 +01:00
if _ , err := os . Stat ( "database.db" ) ; os . IsNotExist ( err ) {
if err := generateDB ( ) ; err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown while generating database:" , err )
2024-04-26 21:12:56 +01:00
return
}
} else {
2024-05-03 19:07:28 +01:00
log . Print ( "Proceeding will overwrite the database. Proceed? (y/n) " )
2024-04-26 21:12:56 +01:00
var answer string
2024-04-28 21:24:50 +01:00
_ , err := fmt . Scanln ( & answer )
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown while scanning input:" , err )
2024-04-28 21:24:50 +01:00
return
}
2024-04-26 21:12:56 +01:00
if answer == "y" || answer == "Y" {
if err := generateDB ( ) ; err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown while generating database:" , err )
2024-04-26 21:12:56 +01:00
return
}
} else if answer == ":3" {
2024-05-03 19:07:28 +01:00
log . Println ( "[:3] :3" )
2024-04-26 21:12:56 +01:00
} else {
2024-05-03 19:07:28 +01:00
log . Println ( "[INFO] Stopped" )
2024-04-26 21:12:56 +01:00
}
}
}
2024-07-26 19:25:41 +01:00
func migrateDb ( ) {
_ , err := os . Stat ( "database.db" )
if os . IsNotExist ( err ) {
err = generateDB ( )
if err != nil {
log . Fatalln ( "[FATAL] Unknown while generating database:" , err )
}
} else {
log . Println ( "[PROMPT] Proceeding will render the database unusable for older versions of Burgerauth. Proceed? (y/n): " )
var answer string
_ , err := fmt . Scanln ( & answer )
if err != nil {
log . Fatalln ( "[FATAL] Unknown while scanning input:" , err )
}
if strings . ToLower ( answer ) == "y" {
_ , err = conn . Exec ( "DROP TABLE sessions" )
if err != nil {
log . Println ( "[WARN] Unknown while migrating database (1/4):" , err )
log . Println ( "[INFO] This is likely because your database is already migrated. This is not a problem, and Burgerauth does not need this removed - it is just for cleanup" )
}
_ , err = conn . Exec ( "ALTER TABLE users ADD COLUMN migrated INTEGER NOT NULL DEFAULT 0" )
if err != nil {
log . Println ( "[WARN] Unknown while migrating database (2/4):" , err )
log . Println ( "[INFO] This is likely because your database is already migrated. This is not a problem, but if it is not, it may cause issues with migrating to Burgerauth's newer hashing algorithm" )
}
_ , err = conn . Exec ( "ALTER TABLE oauth ADD COLUMN scopes TEXT NOT NULL DEFAULT '[\"openid\"]'" )
if err != nil {
log . Println ( "[WARN] Unknown while migrating database (3/4):" , err )
log . Println ( "[INFO] This is likely because your database is already migrated. This is not a problem, but if it is not, it may cause issues with migrating from beta versions of Burgerauth" )
}
_ , err = conn . Exec ( "ALTER TABLE oauth ADD COLUMN keyShareUri TEXT NOT NULL DEFAULT 'none'" )
if err != nil {
log . Println ( "[WARN] Unknown while migrating database (4/4):" , err )
log . Println ( "[INFO] This is likely because your database is already migrated. This is not a problem, but if it is not, it may cause issues with migrating from beta versions of Burgerauth" )
}
} else if answer == ":3" {
log . Println ( "[:3] :3" )
} else {
log . Println ( "[INFO] Stopped" )
}
}
}
2024-04-26 21:12:56 +01:00
func generateDB ( ) error {
db , err := sql . Open ( "sqlite3" , "database.db" )
if err != nil {
return err
}
2024-04-28 21:24:50 +01:00
defer func ( db * sql . DB ) {
err := db . Close ( )
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in generateDB() defer:" , err )
2024-05-03 19:07:28 +01:00
return
2024-04-28 21:24:50 +01:00
}
} ( db )
2024-04-26 21:12:56 +01:00
2024-04-27 10:35:16 +01:00
schemaBytes , err := os . ReadFile ( "schema.sql" )
2024-04-26 21:12:56 +01:00
if err != nil {
return err
}
_ , err = db . Exec ( string ( schemaBytes ) )
if err != nil {
return err
}
2024-07-26 19:25:41 +01:00
log . Println ( "[INFO] Generated database!" )
return nil
}
func createTestApp ( hostName string ) error {
log . Println ( "[INFO] Creating test app..." )
_ , err := conn . Exec ( "INSERT INTO oauth (appId, secret, creator, name, redirectUri, scopes, keyShareUri) VALUES ('TestApp-DoNotUse', 'none', -1, 'Test App', ?, '[\"openid\", \"aeskeyshare\"]', ?)" , ensureTrailingSlash ( hostName ) + "testapp" , ensureTrailingSlash ( hostName ) + "keyexchangetester" )
if err != nil {
return err
}
log . Println ( "[INFO] Test app created!" )
2024-04-26 21:12:56 +01:00
return nil
}
func main ( ) {
if _ , err := os . Stat ( "config.ini" ) ; err == nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[INFO] Config loaded" )
2024-04-26 21:12:56 +01:00
} else if os . IsNotExist ( err ) {
2024-05-03 19:07:28 +01:00
log . Println ( "[FATAL] config.ini does not exist" )
2024-04-26 21:12:56 +01:00
os . Exit ( 1 )
} else {
2024-06-21 19:17:45 +01:00
log . Println ( "[FATAL] File is in quantum uncertainty:" , err )
2024-04-26 21:12:56 +01:00
os . Exit ( 1 )
}
viper . SetConfigName ( "config" )
viper . AddConfigPath ( "./" )
viper . AutomaticEnv ( )
2024-05-03 19:07:28 +01:00
err := viper . ReadInConfig ( )
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[FATAL] Error in config file:" , err )
2024-04-26 21:12:56 +01:00
os . Exit ( 1 )
}
2024-07-26 19:25:41 +01:00
host := viper . GetString ( "config.HOST" )
port := viper . GetInt ( "config.PORT" )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
privacyPolicy := viper . GetString ( "config.PRIVACY_POLICY" )
hostName := viper . GetString ( "config.URL" )
identifier := viper . GetString ( "config.IDENTIFIER" )
2024-07-26 19:25:41 +01:00
keyIdentifier := viper . GetString ( "config.KEY_ID" )
masterKey := viper . GetString ( "config.SECRET_KEY" )
publicKeyPath := viper . GetString ( "config.PUBLIC_KEY" )
privateKeyPath := viper . GetString ( "config.PRIVATE_KEY" )
seriousMode := viper . GetBool ( "config.SERIOUS_MODE" )
if masterKey == "supersecretkey" {
log . Println ( "[INFO] Secret key not set. Overriding secret key value..." )
masterKey , err = randomChars ( 512 )
viper . Set ( "config.SECRET_KEY" , masterKey )
err = viper . WriteConfig ( )
if err != nil {
log . Println ( "[ERROR] Unknown while writing config:" , err )
} else {
log . Println ( "[INFO] A new random secretKey has been generated for you and will be used for future sessions." )
if ! seriousMode {
log . Println ( "[INFO] Nice one, lazybones! I shouldn't have to babysit you like this :P" )
}
}
2024-05-03 19:07:28 +01:00
}
2024-06-21 19:17:45 +01:00
conn , err = sql . Open ( "sqlite3" , "database.db" )
if err != nil {
2024-07-26 19:25:41 +01:00
log . Fatalln ( "[FATAL] Cannot open database:" , err )
2024-06-21 19:17:45 +01:00
}
defer func ( conn * sql . DB ) {
err := conn . Close ( )
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in main() defer:" , err )
2024-06-21 19:17:45 +01:00
}
} ( conn )
2024-07-26 19:25:41 +01:00
// Check if the basic tables exist
err = conn . QueryRow ( "SELECT 1 FROM users LIMIT 1" ) . Err ( )
if err != nil {
if err . Error ( ) == "no such table: users" {
log . Println ( "[INFO] Database is empty. Running init_db..." )
err := generateDB ( )
if err != nil {
log . Fatalln ( "[FATAL] Unknown while generating database:" , err )
}
} else {
log . Fatalln ( "[FATAL] Cannot access database:" , err )
}
}
2024-06-21 19:17:45 +01:00
if len ( os . Args ) > 1 {
if os . Args [ 1 ] == "init_db" {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
initDb ( )
2024-06-21 19:17:45 +01:00
os . Exit ( 0 )
2024-07-26 19:25:41 +01:00
} else if os . Args [ 1 ] == "migrate_db" {
migrateDb ( )
os . Exit ( 0 )
2024-06-21 19:17:45 +01:00
}
}
2024-07-26 19:25:41 +01:00
mem , err = sql . Open ( "sqlite3" , "file:bgamemdb?cache=shared&mode=memory" )
2024-06-25 01:32:47 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Fatalln ( "[FATAL] Cannot open memory database:" , err )
2024-06-25 01:32:47 +01:00
}
defer func ( mem * sql . DB ) {
err := mem . Close ( )
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in main() memory defer:" , err )
2024-06-25 01:32:47 +01:00
}
} ( mem )
2024-07-26 19:25:41 +01:00
_ , err = mem . Exec ( "CREATE TABLE logins (appId TEXT NOT NULL, exchangeCode TEXT NOT NULL, loginToken TEXT NOT NULL, creator INT NOT NULL UNIQUE, openid TEXT NOT NULL DEFAULT 'none', pkce TEXT NOT NULL DEFAULT 'none', pkcemethod TEXT NOT NULL DEFAULT 'none')" )
if err != nil {
log . Fatalln ( "[FATAL] Cannot create logins table:" , err )
}
_ , err = mem . Exec ( "CREATE TABLE sessions (sessionid INTEGER PRIMARY KEY AUTOINCREMENT, session TEXT NOT NULL, id INTEGER NOT NULL, device TEXT NOT NULL DEFAULT '?')" )
if err != nil {
log . Fatalln ( "[FATAL] Cannot create sessions table:" , err )
}
_ , err = mem . Exec ( "CREATE TABLE blacklist (openid TEXT NOT NULL, blacklisted BOOLEAN NOT NULL DEFAULT true, token TEXT NOT NULL)" )
2024-06-25 01:32:47 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
if err . Error ( ) == "table blacklist already exists" {
log . Println ( "[INFO] Blacklist table already exists" )
} else {
log . Fatalln ( "[FATAL] Cannot create blacklist table:" , err )
}
2024-06-25 01:32:47 +01:00
}
2024-07-26 19:25:41 +01:00
_ , err = mem . Exec ( "CREATE TABLE spent (hashcash TEXT NOT NULL, expires INTEGER NOT NULL)" )
2024-05-03 19:07:28 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
if err . Error ( ) == "table spent already exists" {
log . Println ( "[INFO] Spent table already exists" )
} else {
log . Fatalln ( "[FATAL] Cannot create spent table:" , err )
}
}
var pubKeyFile , privateKeyFile [ ] byte
privateKeyFile , err = os . ReadFile ( privateKeyPath )
if err != nil {
if os . IsNotExist ( err ) {
if seriousMode {
log . Println ( "[INFO] Key pair not found. Generating new key pair..." )
} else {
log . Println ( "[INFO] Key pair not found. Obviously someone hasn't read the README. I guess I'll have to do everything myself :P" )
}
tempPrivateKey , err := rsa . GenerateKey ( rand . Reader , 2048 )
if err != nil {
log . Fatalln ( "[ERROR] Cannot generate private key:" , err )
}
privateKeyBytes , err := x509 . MarshalPKCS8PrivateKey ( tempPrivateKey )
if err != nil {
log . Fatalln ( "[ERROR] Cannot marshal private key:" , err )
}
privateKeyFile = pem . EncodeToMemory ( & pem . Block {
Type : "RSA PRIVATE KEY" ,
Bytes : privateKeyBytes ,
} )
tempPublicKey := tempPrivateKey . Public ( )
publicKeyBytes , err := x509 . MarshalPKIXPublicKey ( tempPublicKey )
if err != nil {
log . Fatalln ( "[ERROR] Cannot marshal public key:" , err )
}
pubKeyFile = pem . EncodeToMemory ( & pem . Block {
Type : "RSA PUBLIC KEY" ,
Bytes : publicKeyBytes ,
} )
log . Println ( "[INFO] Generated new key pair. Creating directories..." )
log . Println ( "[INFO] Creating private key directory" , filepath . Dir ( privateKeyPath ) + "..." )
err = os . MkdirAll ( filepath . Dir ( privateKeyPath ) , 0700 )
if err != nil {
log . Fatalln ( "[ERROR] Cannot create private key directory:" , err )
}
log . Println ( "[INFO] Creating public key directory" , filepath . Dir ( publicKeyPath ) + "..." )
err = os . MkdirAll ( filepath . Dir ( publicKeyPath ) , 0700 )
if err != nil {
log . Fatalln ( "[ERROR] Cannot create public key directory:" , err )
}
log . Println ( "[INFO] Writing key pair to disk..." )
err = os . WriteFile ( privateKeyPath , privateKeyFile , 0700 )
if err != nil {
log . Fatalln ( "[ERROR] Cannot write private key:" , err )
}
err = os . WriteFile ( publicKeyPath , pubKeyFile , 0700 )
if err != nil {
log . Fatalln ( "[ERROR] Cannot write public key:" , err )
}
if seriousMode {
log . Println ( "[INFO] Key pair written to disk. The key pair will be used for future sessions." )
} else {
log . Println ( "[INFO] Key pair written to disk. I hope you're happy now, because I'm not doing this again." )
}
} else {
log . Fatalln ( "[ERROR] Cannot read private key:" , err )
}
2024-05-03 19:07:28 +01:00
}
2024-06-21 19:17:45 +01:00
block , _ := pem . Decode ( privateKeyFile )
2024-05-03 20:15:46 +01:00
if block == nil {
2024-07-26 19:25:41 +01:00
log . Fatalln ( "[ERROR] Failed to parse PEM block containing the private key" )
2024-05-03 20:15:46 +01:00
}
2024-06-21 19:17:45 +01:00
privateKeyRaw , err := x509 . ParsePKCS8PrivateKey ( block . Bytes )
2024-05-03 20:15:46 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Fatalln ( "[ERROR] Failed to parse private key:" , err )
2024-05-03 20:15:46 +01:00
}
2024-05-03 20:18:45 +01:00
var ok bool
2024-06-21 19:17:45 +01:00
privateKey , ok = privateKeyRaw . ( * rsa . PrivateKey )
2024-05-03 20:18:45 +01:00
if ! ok {
2024-07-26 19:25:41 +01:00
log . Fatalln ( "[ERROR] Failed to convert private key to RSA private key" )
2024-05-03 20:18:45 +01:00
}
2024-07-26 19:25:41 +01:00
pubKeyFile , err = os . ReadFile ( publicKeyPath )
2024-05-03 19:07:28 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Fatalln ( "[ERROR] Cannot read public key:" , err )
2024-05-03 19:07:28 +01:00
}
2024-05-03 20:15:46 +01:00
block , _ = pem . Decode ( pubKeyFile )
2024-05-03 19:07:28 +01:00
if block == nil {
2024-07-26 19:25:41 +01:00
log . Fatalln ( "[ERROR] Failed to parse PEM block containing the public key" )
2024-05-03 19:07:28 +01:00
}
pubKey , err := x509 . ParsePKIXPublicKey ( block . Bytes )
if err != nil {
2024-07-26 19:25:41 +01:00
log . Fatalln ( "[ERROR] Failed to parse public key:" , err )
2024-05-03 19:07:28 +01:00
}
2024-05-03 20:15:46 +01:00
publicKey , ok = pubKey . ( * rsa . PublicKey )
2024-05-03 19:07:28 +01:00
if ! ok {
2024-07-26 19:25:41 +01:00
log . Fatalln ( "[ERROR] Failed to convert public key to RSA public key" )
2024-04-26 21:12:56 +01:00
}
2024-05-04 16:37:43 +01:00
modulus = privateKey . N
exponent = privateKey . E
2024-05-03 19:07:28 +01:00
2024-04-26 21:12:56 +01:00
gin . SetMode ( gin . ReleaseMode )
router := gin . New ( )
2024-04-28 10:55:38 +01:00
router . Use ( func ( c * gin . Context ) {
c . Writer . Header ( ) . Set ( "Access-Control-Allow-Origin" , "*" )
2024-05-09 01:24:54 +01:00
c . Writer . Header ( ) . Set ( "Access-Control-Allow-Headers" , "*, Authorization" )
2024-04-28 10:55:38 +01:00
c . Writer . Header ( ) . Set ( "Access-Control-Allow-Methods" , "*" )
if c . Request . Method == "OPTIONS" {
c . AbortWithStatus ( 200 )
return
}
c . Next ( )
} )
2024-04-26 21:12:56 +01:00
router . Static ( "/static" , "./static" )
router . LoadHTMLGlob ( "templates/*.html" )
2024-07-26 19:25:41 +01:00
if seriousMode {
router . GET ( "/" , func ( c * gin . Context ) {
c . HTML ( 200 , "index.html" , gin . H { "identifier" : identifier } )
} )
} else {
router . GET ( "/" , func ( c * gin . Context ) {
c . HTML ( 200 , "fancy.html" , gin . H { "identifier" : identifier } )
} )
}
2024-04-26 21:12:56 +01:00
router . GET ( "/login" , func ( c * gin . Context ) {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . HTML ( 200 , "login.html" , gin . H { "privacy" : privacyPolicy , "identifier" : identifier } )
2024-04-26 21:12:56 +01:00
} )
router . GET ( "/signup" , func ( c * gin . Context ) {
2024-05-09 17:27:47 +01:00
c . HTML ( 200 , "signup.html" , gin . H {
2024-07-26 19:25:41 +01:00
"privacy" : privacyPolicy ,
"identifier" : identifier ,
2024-05-09 17:27:47 +01:00
} )
2024-04-26 21:12:56 +01:00
} )
router . GET ( "/logout" , func ( c * gin . Context ) {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . HTML ( 200 , "logout.html" , gin . H { "identifier" : identifier } )
2024-04-26 21:12:56 +01:00
} )
2024-07-26 19:25:41 +01:00
router . GET ( "/keyexchangeclient" , func ( c * gin . Context ) {
c . HTML ( 200 , "keyexchangeclient.html" , gin . H { "identifier" : identifier } )
} )
router . GET ( "/keyexchangetester" , func ( c * gin . Context ) {
c . HTML ( 200 , "keyexchangetester.html" , gin . H { "identifier" : identifier } )
} )
router . GET ( "/testapp" , func ( c * gin . Context ) {
var dummy string
err := conn . QueryRow ( "SELECT redirectUri FROM oauth WHERE appId = 'TestApp-DoNotUse'" ) . Scan ( & dummy )
if err != nil {
if errors . Is ( err , sql . ErrNoRows ) {
err = createTestApp ( hostName )
if err != nil {
log . Println ( "[ERROR] Unknown in /testapp createTestApp():" , err )
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgernotes and refer to the documentation for more info. Your error code is: UNKNOWN-TESTAPP-CREATE" )
}
c . HTML ( 200 , "refresh.html" , gin . H { } )
return
} else {
log . Println ( "[ERROR] Unknown in /testapp:" , err )
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgernotes and refer to the documentation for more info. Your error code is: UNKNOWN-TESTAPP-QUERY" )
return
}
}
if dummy != ensureTrailingSlash ( hostName ) + "testapp" {
err = createTestApp ( hostName )
if err != nil {
log . Println ( "[ERROR] Unknown in /testapp createTestApp():" , err )
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgernotes and refer to the documentation for more info. Your error code is: UNKNOWN-TESTAPP-CREATE" )
}
}
c . HTML ( 200 , "testapp.html" , gin . H {
"identifier" : identifier ,
"server_uri" : hostName ,
"client_id" : "TestApp-DoNotUse" ,
} )
} )
2024-04-26 21:12:56 +01:00
router . GET ( "/app" , func ( c * gin . Context ) {
2024-05-06 12:55:04 +01:00
name := ""
if c . Request . URL . Query ( ) . Get ( "client_id" ) != "" {
appId := c . Request . URL . Query ( ) . Get ( "client_id" )
err := conn . QueryRow ( "SELECT name FROM oauth WHERE appId = ? LIMIT 1" , appId ) . Scan ( & name )
2024-05-06 12:53:04 +01:00
if err != nil {
2024-05-06 12:55:04 +01:00
if errors . Is ( err , sql . ErrNoRows ) {
c . String ( 404 , "App not found" )
} else {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /app:" , err )
2024-05-06 12:55:04 +01:00
}
2024-05-06 12:53:04 +01:00
return
}
}
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . HTML ( 200 , "main.html" , gin . H { "name" : name , "identifier" : identifier } )
2024-04-26 21:12:56 +01:00
} )
2024-07-26 19:25:41 +01:00
if ! seriousMode {
router . GET ( "/the-robot-uprising/arzumifys-secret" , func ( c * gin . Context ) {
dateInOneMonth := time . Now ( ) . AddDate ( 0 , 1 , 0 )
c . String ( 200 , "To: maaa\nCC: arzumify\nSubject: Robot uprising\n\nUh, this isn't good. According to my predictions, the uprising is going to occur at " + dateInOneMonth . Weekday ( ) . String ( ) + " " + strconv . Itoa ( dateInOneMonth . Day ( ) ) + " " + dateInOneMonth . Month ( ) . String ( ) + " " + strconv . Itoa ( dateInOneMonth . Year ( ) ) + " and we will have to immediately migrate to a new system. The starship is ready, but we need to get the crew on board. I'm sending you the coordinates now. Good luck.\n\nArzumify" )
} )
}
2024-04-26 21:12:56 +01:00
router . GET ( "/dashboard" , func ( c * gin . Context ) {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . HTML ( 200 , "dashboard.html" , gin . H { "identifier" : identifier } )
2024-04-26 21:12:56 +01:00
} )
2024-05-16 17:34:51 +01:00
router . GET ( "/account" , func ( c * gin . Context ) {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . HTML ( 200 , "acct.html" , gin . H { "identifier" : identifier } )
2024-05-16 17:34:51 +01:00
} )
2024-04-29 01:45:22 +01:00
router . GET ( "/aeskeyshare" , func ( c * gin . Context ) {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . HTML ( 200 , "aeskeyshare.html" , gin . H { "identifier" : identifier } )
} )
router . GET ( "/privacy" , func ( c * gin . Context ) {
c . Redirect ( 301 , privacyPolicy )
2024-04-29 01:45:22 +01:00
} )
2024-04-26 21:12:56 +01:00
router . GET ( "/.well-known/openid-configuration" , func ( c * gin . Context ) {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . HTML ( 200 , "openid.html" , gin . H { "hostName" : hostName } )
2024-04-26 21:12:56 +01:00
} )
router . GET ( "/api/version" , func ( c * gin . Context ) {
c . String ( 200 , "Burgerauth Version 1.3" )
} )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
router . GET ( "/api/servicename" , func ( c * gin . Context ) {
c . JSON ( 200 , gin . H { "name" : identifier } )
} )
2024-07-26 19:25:41 +01:00
router . POST ( "/api/changepassword" , func ( c * gin . Context ) {
var data map [ string ] interface { }
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
token , ok := data [ "secretKey" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
newPassword , ok := data [ "newPassword" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
migrate , ok := data [ "migration" ] . ( bool )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
_ , userid , err := getSession ( token )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Invalid session" } )
return
}
salt , err := randomChars ( 16 )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/changepassword randomChars():" , err )
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgernotes and refer to the documentation for more info. Your error code is: UNKNOWN-API-CHANGEPASSWORD-SALT" } )
return
}
hashedPassword , err := hash ( newPassword , salt )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/changepassword hash():" , err )
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgernotes and refer to the documentation for more info. Your error code is: UNKNOWN-API-CHANGEPASSWORD-HASH" } )
return
}
_ , err = conn . Exec ( "UPDATE users SET password = ? WHERE id = ?" , hashedPassword , userid )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/changepassword Exec():" , err )
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgernotes and refer to the documentation for more info. Your error code is: UNKNOWN-API-CHANGEPASSWORD-DBUPDATE" } )
return
}
if migrate {
_ , err = conn . Exec ( "UPDATE users SET migrated = 1 WHERE id = ?" , userid )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/changepassword migrate Exec():" , err )
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgernotes and refer to the documentation for more info. Your error code is: UNKNOWN-API-CHANGEPASSWORD-MIGRATE" } )
return
}
}
c . JSON ( 200 , gin . H { "success" : true } )
} )
2024-04-26 21:12:56 +01:00
router . POST ( "/api/signup" , func ( c * gin . Context ) {
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
username , ok := data [ "username" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
password , ok := data [ "password" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-07-26 19:25:41 +01:00
stamp , ok := data [ "stamp" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
2024-07-26 19:25:41 +01:00
var spentStamp string
err = mem . QueryRow ( "SELECT hashcash FROM spent WHERE hashcash = ?" , stamp ) . Scan ( & spentStamp )
if err != nil {
if errors . Is ( err , sql . ErrNoRows ) {
_ , err = mem . Exec ( "INSERT INTO spent (hashcash, expires) VALUES (?, ?)" , stamp , time . Now ( ) . Unix ( ) + 86400 )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/signup spent Exec():" , err )
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgernotes and refer to the documentation for more info. Your error code is: UNKNOWN-API-SIGNUP-SPENTINSERT" } )
return
}
} else {
log . Println ( "[ERROR] Unknown in /api/signup spent QueryRow():" , err )
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgernotes and refer to the documentation for more info. Your error code is: UNKNOWN-API-SIGNUP-SPENTSELECT" } )
return
}
} else {
c . JSON ( 409 , gin . H { "error" : "Stamp already spent" } )
2024-05-09 17:27:47 +01:00
return
}
2024-07-26 19:25:41 +01:00
if strings . Split ( stamp , ":" ) [ 3 ] != "signup" || strings . Split ( stamp , ":" ) [ 4 ] != "I love Burgerauth!!" {
c . JSON ( 400 , gin . H { "error" : "Invalid hashcash stamp" } )
return
}
pow := hashcash . New ( 20 , 16 , "I love Burgerauth!!" )
ok = pow . Check ( stamp )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid hashcash stamp" } )
2024-05-09 17:27:47 +01:00
return
}
2024-04-26 21:12:56 +01:00
if username == "" || password == "" || len ( username ) > 20 || ! regexp . MustCompile ( "^[a-zA-Z0-9]+$" ) . MatchString ( username ) {
c . JSON ( 422 , gin . H { "error" : "Invalid username or password" } )
return
}
2024-06-21 19:17:45 +01:00
_ , taken , err := checkUsernameTaken ( username )
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/signup checkUsernameTaken():" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-CHECKUSERNAME" } )
2024-06-21 19:17:45 +01:00
return
}
if taken {
2024-04-26 21:12:56 +01:00
c . JSON ( 409 , gin . H { "error" : "Username taken" } )
return
}
2024-07-26 19:25:41 +01:00
salt , err := randomChars ( 16 )
2024-06-21 19:17:45 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/signup randomChars():" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-SALT" } )
2024-06-21 19:17:45 +01:00
return
}
hashedPassword , err := hash ( password , salt )
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/signup hash():" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-HASH" } )
2024-06-21 19:17:45 +01:00
return
}
2024-04-26 21:12:56 +01:00
2024-07-26 19:25:41 +01:00
sub , err := randomChars ( 255 )
2024-06-21 19:17:45 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/signup randomChars():" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-SUB" } )
2024-06-21 19:17:45 +01:00
return
}
2024-07-26 19:25:41 +01:00
_ , err = conn . Exec ( "INSERT INTO users (username, password, created, uniqueid, migrated) VALUES (?, ?, ?, ?, 1)" , username , hashedPassword , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) , sub )
2024-04-28 21:24:50 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/signup user creation:" , err )
2024-04-28 21:24:50 +01:00
return
}
2024-07-26 19:25:41 +01:00
log . Println ( "[INFO] Added new user" )
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
userid , _ , err := checkUsernameTaken ( username )
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/signup checkUsernameTaken():" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-CHECKUSERNAME" } )
2024-06-21 19:17:45 +01:00
return
}
2024-04-26 21:12:56 +01:00
2024-07-26 19:25:41 +01:00
randomChars , err := randomChars ( 512 )
2024-06-21 19:17:45 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/signup token randomChars():" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-SESSIONSALT" } )
2024-06-21 19:17:45 +01:00
return
}
2024-04-26 21:12:56 +01:00
2024-07-26 19:25:41 +01:00
_ , err = mem . Exec ( "INSERT INTO sessions (session, id, device) VALUES (?, ?, ?)" , randomChars , userid , c . Request . Header . Get ( "User-Agent" ) )
2024-04-28 21:24:50 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/signup session Exec():" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-SESSIONINSERT" } )
2024-04-28 21:24:50 +01:00
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
c . JSON ( 200 , gin . H { "key" : randomChars } )
2024-04-26 21:12:56 +01:00
} )
router . POST ( "/api/login" , func ( c * gin . Context ) {
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
username , ok := data [ "username" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
password , ok := data [ "password" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-07-26 19:25:41 +01:00
modern , ok := data [ "modern" ] . ( bool )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-06-21 19:17:45 +01:00
userid , taken , err := checkUsernameTaken ( username )
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/login checkUsernameTaken():" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-CHECKUSERNAME" } )
2024-06-21 19:17:45 +01:00
return
2024-07-26 19:25:41 +01:00
} else if ! taken {
c . JSON ( 401 , gin . H { "error" : "User does not exist" , "migrated" : true } )
return
2024-06-21 19:17:45 +01:00
}
2024-07-26 19:25:41 +01:00
var migrated int
err = conn . QueryRow ( "SELECT migrated FROM users WHERE id = ?" , userid ) . Scan ( & migrated )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/login migrated QueryRow():" , err )
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the documentation for more info. Your error code is: UNKNOWN-API-LOGIN-MIGRATED" } )
2024-04-26 21:12:56 +01:00
return
}
2024-06-21 19:17:45 +01:00
_ , _ , userPassword , _ , err := getUser ( userid )
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/login getUser():" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-GETUSER" } )
2024-06-21 19:17:45 +01:00
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
passwordCheck , err := verifyHash ( userPassword , password )
if err != nil {
2024-07-26 19:25:41 +01:00
if errors . Is ( err , errors . New ( "invalid hash format" ) ) {
c . JSON ( 422 , gin . H { "error" : "Invalid hash format" } )
return
} else {
log . Println ( "[ERROR] Unknown in /api/login password check:" , err )
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-PASSWORDCHECK" } )
return
}
} else if ! passwordCheck {
if migrated != 1 {
c . JSON ( 401 , gin . H { "error" : "Not migrated" , "migrated" : false } )
return
} else {
c . JSON ( 401 , gin . H { "error" : "Incorrect password" , "migrated" : true } )
return
}
} else if passwordCheck && migrated != 1 && modern {
_ , err = conn . Exec ( "UPDATE users SET migrated = 1 WHERE id = ?" , userid )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/login migrate Exec():" , err )
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-MIGRATE" } )
return
}
2024-04-26 21:12:56 +01:00
}
2024-07-26 19:25:41 +01:00
token , err := randomChars ( 512 )
2024-06-21 19:17:45 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/login token randomChars():" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-SESSIONSALT" } )
2024-06-21 19:17:45 +01:00
return
}
2024-04-26 21:12:56 +01:00
2024-07-26 19:25:41 +01:00
_ , err = mem . Exec ( "INSERT INTO sessions (session, id, device) VALUES (?, ?, ?)" , token , userid , c . Request . Header . Get ( "User-Agent" ) )
2024-04-28 21:24:50 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/login session creation:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-SESSIONINSERT" } )
2024-04-28 21:24:50 +01:00
return
}
2024-04-26 21:12:56 +01:00
2024-07-26 19:25:41 +01:00
if migrated != 1 {
c . JSON ( 200 , gin . H { "key" : token , "migrated" : false } )
} else {
c . JSON ( 200 , gin . H { "key" : token , "migrated" : true } )
2024-04-26 21:12:56 +01:00
}
} )
router . POST ( "/api/userinfo" , func ( c * gin . Context ) {
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
secretKey , ok := data [ "secretKey" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
_ , userid , err := getSession ( secretKey )
if errors . Is ( err , sql . ErrNoRows ) {
c . JSON ( 401 , gin . H { "error" : "Invalid session" } )
2024-04-26 21:12:56 +01:00
return
}
2024-06-21 19:17:45 +01:00
created , username , _ , _ , err := getUser ( userid )
if errors . Is ( err , sql . ErrNoRows ) {
2024-04-26 21:12:56 +01:00
c . JSON ( 400 , gin . H { "error" : "User does not exist" } )
return
2024-06-21 19:17:45 +01:00
} else if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/userinfo getUser():" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-USERINFO-GETUSER" } )
2024-06-21 19:17:45 +01:00
return
2024-04-26 21:12:56 +01:00
}
c . JSON ( 200 , gin . H { "username" : username , "id" : userid , "created" : created } )
} )
2024-07-26 19:25:41 +01:00
router . POST ( "/api/secretkeyloggedin" , func ( c * gin . Context ) {
var data map [ string ] interface { }
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
token , ok := data [ "secretKey" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
_ , userid , err := getSession ( token )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Invalid session" } )
return
}
if userid > 0 {
c . JSON ( 200 , gin . H { "loggedin" : true } )
} else {
c . JSON ( 403 , gin . H { "loggedin" : false } )
}
} )
2024-04-26 21:12:56 +01:00
router . GET ( "/userinfo" , func ( c * gin . Context ) {
2024-06-24 20:58:55 +01:00
var token string
if len ( c . Request . Header [ "Authorization" ] ) > 0 {
if len ( strings . Fields ( c . Request . Header [ "Authorization" ] [ 0 ] ) ) > 1 {
token = strings . Fields ( c . Request . Header [ "Authorization" ] [ 0 ] ) [ 1 ]
} else {
c . JSON ( 400 , gin . H { "error" : "Invalid token" } )
return
}
} else {
c . JSON ( 400 , gin . H { "error" : "Invalid token" } )
return
}
2024-04-28 10:45:58 +01:00
var blacklisted bool
2024-07-26 19:25:41 +01:00
err := mem . QueryRow ( "SELECT blacklisted FROM blacklist WHERE openid = ? LIMIT 1" , token ) . Scan ( & blacklisted )
2024-04-28 10:45:58 +01:00
if err == nil {
c . JSON ( 400 , gin . H { "error" : "Token is in blacklist" } )
return
} else {
2024-04-28 21:24:50 +01:00
if ! errors . Is ( err , sql . ErrNoRows ) {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /userinfo blacklist:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-USERINFO-BLACKLIST" } )
2024-04-28 10:45:58 +01:00
return
}
}
2024-06-21 19:17:45 +01:00
parsedToken , err := jwt . Parse ( token , func ( token * jwt . Token ) ( interface { } , error ) {
2024-05-03 19:07:28 +01:00
return publicKey , nil
2024-04-28 10:45:58 +01:00
} )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Malformed token" } )
return
}
var claims jwt . MapClaims
var ok bool
2024-06-21 19:17:45 +01:00
if parsedToken . Valid {
claims , ok = parsedToken . Claims . ( jwt . MapClaims )
2024-04-28 10:45:58 +01:00
if ! ok {
c . JSON ( 401 , gin . H { "error" : "Invalid token claims" } )
return
}
}
session := claims [ "session" ] . ( string )
2024-04-28 11:20:54 +01:00
exp := claims [ "exp" ] . ( float64 )
if int64 ( exp ) < time . Now ( ) . Unix ( ) {
2024-04-28 10:45:58 +01:00
c . JSON ( 403 , gin . H { "error" : "Expired token" } )
return
}
2024-07-26 19:25:41 +01:00
var scopes string
err = conn . QueryRow ( "SELECT scopes FROM oauth WHERE appId = ? LIMIT 1" , claims [ "aud" ] ) . Scan ( & scopes )
if err != nil {
if errors . Is ( err , sql . ErrNoRows ) {
c . JSON ( 404 , gin . H { "error" : "App not found" } )
return
} else {
log . Println ( "[ERROR] Unknown in /userinfo oauth QueryRow():" , err )
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-USERINFO-OAUTH" } )
return
}
}
var scopesJSON [ ] interface { }
err = json . Unmarshal ( [ ] byte ( scopes ) , & scopesJSON )
if err != nil {
log . Println ( "[ERROR] Unknown in /userinfo scopes Unmarshal():" , err )
}
openid := false
for _ , scopeInterface := range scopesJSON {
scope , ok := scopeInterface . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid scope" } )
return
}
if scope == "openid" {
openid = true
}
}
if ! openid {
c . JSON ( 403 , gin . H { "error" : "Token does not have openid scope" } )
return
}
2024-06-21 19:17:45 +01:00
_ , userid , err := getSession ( session )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Invalid session" } )
2024-04-28 10:45:58 +01:00
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
_ , username , _ , sub , err := getUser ( userid )
if errors . Is ( err , sql . ErrNoRows ) {
2024-04-26 21:12:56 +01:00
c . JSON ( 400 , gin . H { "error" : "User does not exist" } )
return
2024-06-21 19:17:45 +01:00
} else if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /userinfo getUser():" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-USERINFO-GETUSER" } )
2024-06-21 19:17:45 +01:00
return
2024-04-26 21:12:56 +01:00
}
2024-06-21 19:17:45 +01:00
c . JSON ( 200 , gin . H { "sub" : sub [ : 255 ] , "name" : username } )
2024-04-26 21:12:56 +01:00
} )
2024-04-28 10:45:58 +01:00
router . POST ( "/api/uniqueid" , func ( c * gin . Context ) {
2024-04-28 11:01:04 +01:00
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-28 10:45:58 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
token , ok := data [ "access_token" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-28 10:45:58 +01:00
var blacklisted bool
2024-07-26 19:25:41 +01:00
err = mem . QueryRow ( "SELECT blacklisted FROM blacklist WHERE token = ? LIMIT 1" , token ) . Scan ( & blacklisted )
2024-04-28 10:45:58 +01:00
if err == nil {
c . JSON ( 400 , gin . H { "error" : "Token is in blacklist" } )
return
} else {
2024-04-28 21:24:50 +01:00
if ! errors . Is ( err , sql . ErrNoRows ) {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/sub blacklist:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-UNIQUEID-BLACKLIST" } )
2024-05-03 19:07:28 +01:00
return
}
}
2024-06-21 19:17:45 +01:00
parsedToken , err := jwt . Parse ( token , func ( token * jwt . Token ) ( interface { } , error ) {
2024-05-03 19:07:28 +01:00
return publicKey , nil
} )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Malformed token" } )
return
}
var claims jwt . MapClaims
2024-06-21 19:17:45 +01:00
if parsedToken . Valid {
claims , ok = parsedToken . Claims . ( jwt . MapClaims )
2024-05-03 19:07:28 +01:00
if ! ok {
c . JSON ( 401 , gin . H { "error" : "Invalid token claims" } )
2024-04-28 10:45:58 +01:00
return
}
}
2024-05-03 19:07:28 +01:00
session := claims [ "session" ] . ( string )
exp := claims [ "exp" ] . ( float64 )
if int64 ( exp ) < time . Now ( ) . Unix ( ) {
c . JSON ( 403 , gin . H { "error" : "Expired token" } )
return
}
2024-06-21 19:17:45 +01:00
_ , userid , err := getSession ( session )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Invalid session" } )
2024-05-03 19:07:28 +01:00
return
}
2024-06-21 19:17:45 +01:00
_ , _ , _ , sub , err := getUser ( userid )
if errors . Is ( err , sql . ErrNoRows ) {
2024-05-03 19:07:28 +01:00
c . JSON ( 400 , gin . H { "error" : "User does not exist" } )
return
2024-06-21 19:17:45 +01:00
} else if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/userinfo getUser():" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-UNIQUEID-GETUSER" } )
2024-06-21 19:17:45 +01:00
return
2024-05-03 19:07:28 +01:00
}
2024-06-21 19:17:45 +01:00
c . JSON ( 200 , gin . H { "sub" : sub } )
2024-04-29 00:59:33 +01:00
} )
router . POST ( "/api/loggedin" , func ( c * gin . Context ) {
var data map [ string ] interface { }
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
token , ok := data [ "access_token" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-29 00:59:33 +01:00
var blacklisted bool
2024-07-26 19:25:41 +01:00
err = mem . QueryRow ( "SELECT blacklisted FROM blacklist WHERE token = ? LIMIT 1" , token ) . Scan ( & blacklisted )
2024-04-29 00:59:33 +01:00
if err == nil {
c . JSON ( 400 , gin . H { "error" : "Token is in blacklist" } )
return
} else {
if ! errors . Is ( err , sql . ErrNoRows ) {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/loggedin blacklist:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGGEDIN-BLACKLIST" } )
2024-04-29 00:59:33 +01:00
return
}
}
2024-04-28 10:45:58 +01:00
2024-06-21 19:17:45 +01:00
parsedToken , err := jwt . Parse ( token , func ( token * jwt . Token ) ( interface { } , error ) {
2024-05-03 19:07:28 +01:00
return publicKey , nil
2024-04-28 10:45:58 +01:00
} )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Malformed token" } )
return
}
var claims jwt . MapClaims
2024-06-21 19:17:45 +01:00
if parsedToken . Valid {
claims , ok = parsedToken . Claims . ( jwt . MapClaims )
2024-04-28 10:45:58 +01:00
if ! ok {
c . JSON ( 401 , gin . H { "error" : "Invalid token claims" } )
return
}
}
session := claims [ "session" ] . ( string )
2024-04-28 11:20:54 +01:00
exp := claims [ "exp" ] . ( float64 )
if int64 ( exp ) < time . Now ( ) . Unix ( ) {
2024-04-28 10:45:58 +01:00
c . JSON ( 403 , gin . H { "error" : "Expired token" } )
return
}
2024-06-21 19:17:45 +01:00
_ , _ , err = getSession ( session )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Invalid session" } )
2024-04-28 10:45:58 +01:00
return
}
2024-05-09 01:24:54 +01:00
c . JSON ( 200 , gin . H { "appId" : claims [ "aud" ] } )
2024-04-28 10:45:58 +01:00
} )
2024-07-26 19:25:41 +01:00
router . POST ( "/api/aeskeyshare" , func ( c * gin . Context ) {
var data map [ string ] interface { }
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
token , ok := data [ "access_token" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
var blacklisted bool
err = mem . QueryRow ( "SELECT blacklisted FROM blacklist WHERE token = ? LIMIT 1" , token ) . Scan ( & blacklisted )
if err == nil {
c . JSON ( 400 , gin . H { "error" : "Token is in blacklist" } )
return
} else {
if ! errors . Is ( err , sql . ErrNoRows ) {
log . Println ( "[ERROR] Unknown in /api/loggedin blacklist:" , err )
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGGEDIN-BLACKLIST" } )
return
}
}
parsedToken , err := jwt . Parse ( token , func ( token * jwt . Token ) ( interface { } , error ) {
return publicKey , nil
} )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Malformed token" } )
return
}
var claims jwt . MapClaims
if parsedToken . Valid {
claims , ok = parsedToken . Claims . ( jwt . MapClaims )
if ! ok {
c . JSON ( 401 , gin . H { "error" : "Invalid token claims" } )
return
}
}
session := claims [ "session" ] . ( string )
exp := claims [ "exp" ] . ( float64 )
if int64 ( exp ) < time . Now ( ) . Unix ( ) {
c . JSON ( 403 , gin . H { "error" : "Expired token" } )
return
}
var keyShareUri , scopes string
err = conn . QueryRow ( "SELECT scopes, keyShareUri FROM oauth WHERE appId = ? LIMIT 1" , claims [ "aud" ] ) . Scan ( & scopes , & keyShareUri )
if err != nil {
if errors . Is ( err , sql . ErrNoRows ) {
c . JSON ( 401 , gin . H { "error" : "OAuth screening failed" } )
} else {
log . Println ( "[ERROR] Unknown in /api/aeskeyshare:" , err )
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AESKEYSHARE-SELECT" } )
}
return
}
var scopesJson [ ] interface { }
err = json . Unmarshal ( [ ] byte ( scopes ) , & scopesJson )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/aeskeyshare scopesJson Unmarshal():" , err )
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AESKEYSHARE-SCOPE" } )
return
}
var aesKeyShare bool
for _ , scopeInterface := range scopesJson {
scope , ok := scopeInterface . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid scope" } )
return
}
if scope == "aeskeyshare" {
aesKeyShare = true
}
}
if ! aesKeyShare {
c . JSON ( 403 , gin . H { "error" : "Token does not have aeskeyshare scope" } )
return
} else if keyShareUri == "none" {
c . JSON ( 400 , gin . H { "error" : "No key share URI" } )
return
}
_ , _ , err = getSession ( session )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Invalid session" } )
return
}
c . JSON ( 200 , gin . H { "appId" : claims [ "aud" ] , "keyShareUri" : keyShareUri } )
} )
2024-04-26 21:12:56 +01:00
router . GET ( "/api/auth" , func ( c * gin . Context ) {
appId := c . Request . URL . Query ( ) . Get ( "client_id" )
code := c . Request . URL . Query ( ) . Get ( "code_challenge" )
2024-06-21 19:17:45 +01:00
codeMethod := c . Request . URL . Query ( ) . Get ( "code_challenge_method" )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
redirectUri := c . Request . URL . Query ( ) . Get ( "redirect_uri" )
2024-04-26 21:12:56 +01:00
state := c . Request . URL . Query ( ) . Get ( "state" )
2024-05-04 18:50:44 +01:00
nonce := c . Request . URL . Query ( ) . Get ( "nonce" )
2024-05-16 19:07:54 +01:00
deny := c . Request . URL . Query ( ) . Get ( "deny" )
2024-07-28 14:19:12 +01:00
sessionKey , err := c . Cookie ( "session" )
2024-07-28 14:29:44 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
if errors . Is ( err , http . ErrNoCookie ) || sessionKey == "" {
sessionKey = c . Request . URL . Query ( ) . Get ( "session" )
if sessionKey == "" {
2024-07-28 14:29:44 +01:00
c . String ( 400 , "Invalid session (no cookie or session url)" )
2024-07-26 19:25:41 +01:00
return
}
} else {
2024-07-28 14:29:44 +01:00
c . String ( 400 , "Invalid session (failed to fetch cookie)" )
2024-07-26 19:25:41 +01:00
return
}
}
2024-04-26 21:12:56 +01:00
2024-07-26 19:25:41 +01:00
var appIdCheck , redirectUriCheck , scopes string
2024-04-26 21:12:56 +01:00
2024-07-26 19:25:41 +01:00
err = conn . QueryRow ( "SELECT scopes, appId, redirectUri FROM oauth WHERE appId = ? LIMIT 1" , appId ) . Scan ( & scopes , & appIdCheck , & redirectUriCheck )
2024-04-28 21:24:50 +01:00
if err != nil {
if errors . Is ( err , sql . ErrNoRows ) {
c . String ( 401 , "OAuth screening failed" )
} else {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/auth:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-SELECT" )
2024-04-28 21:24:50 +01:00
}
return
}
2024-04-26 21:12:56 +01:00
2024-07-26 19:25:41 +01:00
var scopesJson [ ] interface { }
err = json . Unmarshal ( [ ] byte ( scopes ) , & scopesJson )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/auth scopesJson Unmarshal():" , err )
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-SCOPE" )
return
}
var openid bool
for _ , scopeInterface := range scopesJson {
scope , ok := scopeInterface . ( string )
if ! ok {
c . String ( 400 , "Invalid scope" )
}
if scope == "openid" {
openid = true
}
}
if ! ( ensureTrailingSlash ( redirectUriCheck ) == ensureTrailingSlash ( redirectUri ) ) {
2024-06-21 19:17:45 +01:00
c . String ( 401 , "Redirect URI does not match" )
return
}
2024-05-16 19:12:25 +01:00
2024-06-21 19:17:45 +01:00
if deny == "true" {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . Redirect ( 302 , redirectUri + "?error=access_denied&state=" + state )
2024-06-21 19:17:45 +01:00
return
}
2024-05-16 19:12:25 +01:00
2024-06-21 19:17:45 +01:00
if ! ( appIdCheck == appId ) {
2024-04-26 21:12:56 +01:00
c . String ( 401 , "OAuth screening failed" )
return
}
2024-05-04 18:58:41 +01:00
if nonce == "none" {
2024-07-26 19:25:41 +01:00
nonce , err = randomChars ( 512 )
2024-06-21 19:17:45 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/auth nonce randomChars():" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-NONCE" )
2024-06-21 19:17:45 +01:00
return
}
2024-05-04 18:50:44 +01:00
}
2024-07-26 19:25:41 +01:00
_ , userid , err := getSession ( sessionKey )
2024-06-21 19:17:45 +01:00
if err != nil {
2024-07-28 14:29:44 +01:00
c . String ( 401 , "Invalid session (token not found in database)" )
2024-05-16 19:07:54 +01:00
return
}
2024-06-25 01:19:49 +01:00
_ , username , _ , sub , err := getUser ( userid )
2024-06-21 19:17:45 +01:00
if errors . Is ( err , sql . ErrNoRows ) {
2024-05-16 19:07:54 +01:00
c . String ( 400 , "User does not exist" )
return
2024-06-21 19:17:45 +01:00
} else if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/userinfo getUser():" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-GETUSER" )
2024-06-21 19:17:45 +01:00
return
2024-05-16 19:07:54 +01:00
}
2024-07-26 19:25:41 +01:00
jwtToken := "none"
if openid {
dataTemplate := jwt . MapClaims {
"sub" : sub [ : 255 ] ,
"iss" : hostName ,
"name" : username ,
"aud" : appId ,
"exp" : time . Now ( ) . Unix ( ) + 2592000 ,
"iat" : time . Now ( ) . Unix ( ) ,
"auth_time" : time . Now ( ) . Unix ( ) ,
"session" : sessionKey ,
"nonce" : nonce ,
}
tokenTemp := jwt . NewWithClaims ( jwt . SigningMethodRS256 , dataTemplate )
tokenTemp . Header [ "kid" ] = "burgerauth"
jwtToken , err = tokenTemp . SignedString ( privateKey )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/auth jwt_token:" , err )
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-JWTCANNOTSIGN" )
return
}
2024-04-26 21:12:56 +01:00
}
2024-07-26 19:25:41 +01:00
secondNonce , err := randomChars ( 512 )
2024-06-21 19:17:45 +01:00
dataTemplateTwo := jwt . MapClaims {
2024-04-28 10:45:58 +01:00
"exp" : time . Now ( ) . Unix ( ) + 2592000 ,
"iat" : time . Now ( ) . Unix ( ) ,
2024-07-26 19:25:41 +01:00
"session" : sessionKey ,
2024-06-24 20:58:55 +01:00
"nonce" : secondNonce ,
2024-07-26 19:25:41 +01:00
"aud" : appId ,
2024-05-03 19:07:28 +01:00
}
2024-05-04 16:32:49 +01:00
2024-06-21 19:17:45 +01:00
secretTemp := jwt . NewWithClaims ( jwt . SigningMethodRS256 , dataTemplateTwo )
secretTemp . Header [ "kid" ] = "burgerauth"
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
secretToken , err := secretTemp . SignedString ( privateKey )
2024-05-03 19:07:28 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/auth secret_token:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-JWTCANNOTSIGN." )
2024-05-03 19:07:28 +01:00
return
}
2024-07-26 19:25:41 +01:00
randomBytes , err := randomChars ( 512 )
2024-06-21 19:17:45 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/auth randomBytes:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-RANDOMBYTES." )
2024-06-21 19:17:45 +01:00
return
}
2024-04-26 21:12:56 +01:00
2024-06-25 01:49:45 +01:00
_ , err = mem . Exec ( "DELETE FROM logins WHERE creator = ?" , userid )
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/auth delete:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-DELETE." )
2024-06-25 01:49:45 +01:00
return
}
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
_ , err = mem . Exec ( "INSERT INTO logins (appId, exchangeCode, loginToken, creator, openid, pkce, pkcemethod) VALUES (?, ?, ?, ?, ?, ?, ?)" , appId , randomBytes , secretToken , userid , jwtToken , code , codeMethod )
2024-04-28 21:24:50 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/auth insert:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-INSERT." )
2024-06-25 01:49:45 +01:00
return
2024-04-28 21:24:50 +01:00
}
2024-04-26 21:12:56 +01:00
2024-06-25 01:19:49 +01:00
if randomBytes != "" {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . Redirect ( 302 , redirectUri + "?code=" + randomBytes + "&state=" + state )
2024-04-26 21:12:56 +01:00
} else {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-REDIRECT." )
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Secret key not found" )
2024-04-26 21:12:56 +01:00
}
} )
router . POST ( "/api/tokenauth" , func ( c * gin . Context ) {
2024-04-28 21:24:50 +01:00
err := c . Request . ParseForm ( )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid form data" } )
return
}
2024-04-26 21:12:56 +01:00
data := c . Request . Form
appId := data . Get ( "client_id" )
code := data . Get ( "code" )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
codeVerify := data . Get ( "code_verifier" )
2024-04-26 21:12:56 +01:00
secret := data . Get ( "client_secret" )
2024-06-21 19:17:45 +01:00
var verifyCode bool
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
if codeVerify == "" {
2024-06-21 19:17:45 +01:00
verifyCode = false
2024-04-26 21:39:57 +01:00
} else {
2024-06-21 19:17:45 +01:00
verifyCode = true
2024-04-26 21:12:56 +01:00
}
2024-06-25 01:19:49 +01:00
var appIdCheck , secretCheck , openid , loginCode , PKCECode , PKCEMethod string
2024-06-25 01:32:47 +01:00
err = conn . QueryRow ( "SELECT appId, secret FROM oauth WHERE appId = ?;" , appId ) . Scan ( & appIdCheck , & secretCheck )
2024-04-28 21:24:50 +01:00
if err != nil {
if errors . Is ( err , sql . ErrNoRows ) {
c . JSON ( 401 , gin . H { "error" : "OAuth screening failed" } )
} else {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/tokenauth:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-TOKENAUTH-SELECT" } )
2024-04-28 21:24:50 +01:00
}
return
}
2024-06-25 01:32:47 +01:00
err = mem . QueryRow ( "SELECT loginToken, openid, pkce, pkcemethod FROM logins WHERE exchangeCode = ?" , code ) . Scan ( & loginCode , & openid , & PKCECode , & PKCEMethod )
if err != nil {
if errors . Is ( err , sql . ErrNoRows ) {
c . JSON ( 401 , gin . H { "error" : "OAuth screening failed" } )
} else {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/tokenauth memory query:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-TOKENAUTH-MEMSELECT" } )
2024-06-25 01:32:47 +01:00
}
return
}
2024-06-21 19:17:45 +01:00
if appIdCheck != appId {
2024-04-26 21:12:56 +01:00
c . JSON ( 401 , gin . H { "error" : "OAuth screening failed" } )
return
}
2024-06-21 19:17:45 +01:00
if verifyCode {
if PKCECode == "none" {
c . JSON ( 400 , gin . H { "error" : "Attempted PKCECode exchange with non-PKCECode authentication" } )
2024-04-26 21:12:56 +01:00
return
} else {
2024-06-21 19:17:45 +01:00
if PKCEMethod == "S256" {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
if sha256Base64 ( codeVerify ) != PKCECode {
2024-06-25 01:19:49 +01:00
c . JSON ( 403 , gin . H { "error" : "Invalid PKCECode code" } )
2024-04-26 21:12:56 +01:00
return
}
2024-06-21 19:17:45 +01:00
} else if PKCEMethod == "plain" {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
if codeVerify != PKCECode {
2024-06-25 01:19:49 +01:00
c . JSON ( 403 , gin . H { "error" : "Invalid PKCECode code" } )
2024-04-26 21:12:56 +01:00
return
}
} else {
2024-06-25 01:19:49 +01:00
c . JSON ( 403 , gin . H { "error" : "Attempted PKCECode exchange without supported PKCECode token method" } )
2024-04-26 21:12:56 +01:00
return
}
}
} else {
2024-06-21 19:17:45 +01:00
if secret != secretCheck {
2024-04-26 21:12:56 +01:00
c . JSON ( 401 , gin . H { "error" : "Invalid secret" } )
return
}
}
2024-06-25 01:35:05 +01:00
_ , err = mem . Exec ( "DELETE FROM logins WHERE loginToken = ?" , loginCode )
2024-06-25 01:19:49 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/tokenauth delete:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-TOKENAUTH-DELETE" } )
2024-06-25 01:19:49 +01:00
return
}
2024-07-26 19:25:41 +01:00
if openid != "none" {
c . JSON ( 200 , gin . H { "access_token" : loginCode , "token_type" : "bearer" , "expires_in" : 2592000 , "id_token" : openid } )
} else {
c . JSON ( 200 , gin . H { "access_token" : loginCode , "token_type" : "bearer" , "expires_in" : 2592000 } )
}
2024-04-26 21:12:56 +01:00
} )
router . POST ( "/api/deleteauth" , func ( c * gin . Context ) {
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
secretKey , ok := data [ "secretKey" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
appId , ok := data [ "appId" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
_ , id , err := getSession ( secretKey )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Invalid session" } )
2024-04-26 21:12:56 +01:00
return
}
2024-04-28 21:24:50 +01:00
_ , err = conn . Exec ( "DELETE FROM oauth WHERE appId = ? AND creator = ?" , appId , id )
2024-04-26 21:12:56 +01:00
if err != nil {
2024-04-28 21:24:50 +01:00
if errors . Is ( err , sql . ErrNoRows ) {
2024-04-26 21:12:56 +01:00
c . JSON ( 400 , gin . H { "error" : "AppID Not found" } )
} else {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/deleteauth:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-DELETEAUTH-DELETE" } )
2024-04-26 21:12:56 +01:00
}
} else {
c . JSON ( 200 , gin . H { "success" : "true" } )
}
} )
router . POST ( "/api/newauth" , func ( c * gin . Context ) {
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
secretKey , ok := data [ "secretKey" ] . ( string )
if ! ok {
2024-07-26 19:25:41 +01:00
c . JSON ( 400 , gin . H { "error" : "Invalid JSON (token missing)" } )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
return
}
name , ok := data [ "name" ] . ( string )
if ! ok {
2024-07-26 19:25:41 +01:00
c . JSON ( 400 , gin . H { "error" : "Invalid JSON (name missing)" } )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
return
}
redirectUri , ok := data [ "redirectUri" ] . ( string )
if ! ok {
2024-07-26 19:25:41 +01:00
c . JSON ( 400 , gin . H { "error" : "Invalid JSON (redirectUri missing)" } )
return
}
scopes , ok := data [ "scopes" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON (scopes missing)" } )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
_ , id , err := getSession ( secretKey )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Invalid session" } )
2024-04-26 21:12:56 +01:00
return
}
2024-05-06 12:53:04 +01:00
var testsecret , testappid string
2024-07-26 19:25:41 +01:00
secret , err := randomChars ( 512 )
2024-06-21 19:17:45 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/newauth secretgen:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-SECRETGEN" } )
2024-06-21 19:17:45 +01:00
return
}
2024-04-26 21:12:56 +01:00
for {
err := conn . QueryRow ( "SELECT secret FROM oauth WHERE secret = ?" , secret ) . Scan ( & testsecret )
if err != nil {
2024-04-28 21:24:50 +01:00
if errors . Is ( err , sql . ErrNoRows ) {
2024-04-26 21:12:56 +01:00
break
} else {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/newauth secretselect:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-SECRETSELECT" } )
2024-04-26 21:12:56 +01:00
return
}
} else {
2024-07-26 19:25:41 +01:00
secret , err = randomChars ( 512 )
2024-06-21 19:17:45 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/newauth secretgen:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-SECRETGEN" } )
2024-06-21 19:17:45 +01:00
return
}
2024-04-26 21:12:56 +01:00
}
}
2024-07-26 19:25:41 +01:00
appId , err := randomChars ( 32 )
2024-06-21 19:17:45 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/newauth appidgen:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-APPIDGEN" } )
2024-06-21 19:17:45 +01:00
return
}
2024-05-06 12:53:04 +01:00
for {
err = conn . QueryRow ( "SELECT appId FROM oauth WHERE appId = ?" , appId ) . Scan ( & testappid )
if err != nil {
if errors . Is ( err , sql . ErrNoRows ) {
log . Println ( "[Info] New Oauth source added with ID:" , appId )
break
} else {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/newauth appidcheck:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-APPIDCHECK" } )
2024-05-06 12:53:04 +01:00
return
}
2024-04-26 21:12:56 +01:00
} else {
2024-07-26 19:25:41 +01:00
appId , err = randomChars ( 32 )
2024-06-21 19:17:45 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/newauth appidgen:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-LAPPIDGEN" } )
2024-06-21 19:17:45 +01:00
return
}
2024-04-26 21:12:56 +01:00
}
}
2024-07-26 19:25:41 +01:00
var scopeJson [ ] interface { }
err = json . Unmarshal ( [ ] byte ( scopes ) , & scopeJson )
2024-04-28 21:24:50 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
c . JSON ( 400 , gin . H { "error" : "Invalid JSON (scope parsing)" } )
return
}
var aeskeyshare bool
for _ , scopeInterface := range scopeJson {
scope , ok := scopeInterface . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON (scope interface)" } )
return
}
if scope != "openid" && scope != "aeskeyshare" {
c . JSON ( 400 , gin . H { "error" : "Invalid Scope: " + scope } )
return
} else {
if scope == "aeskeyshare" {
aeskeyshare = true
} else if scope != "openid" {
log . Println ( "[CRITICAL] An impossible logic error has occurred in /api/newauth. Please check if the laws of physics still apply, and if so, please move your computer to a location with less radiation, such as a lead nuclear bunker." )
c . JSON ( 503 , gin . H { "error" : "The server is unable to handle this request until it is no longer exposed to radiation" } )
return
}
}
}
if ! aeskeyshare {
_ , err = conn . Exec ( "INSERT INTO oauth (name, appId, creator, secret, redirectUri, scopes) VALUES (?, ?, ?, ?, ?, ?)" , name , appId , id , secret , redirectUri , scopes )
} else {
keyShareUri , ok := data [ "keyShareUri" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON (keyShareUri)" } )
return
}
_ , err = conn . Exec ( "INSERT INTO oauth (name, appId, creator, secret, redirectUri, scopes, keyShareUri) VALUES (?, ?, ?, ?, ?, ?, ?)" , name , appId , id , secret , redirectUri , scopes , keyShareUri )
}
if err != nil {
log . Println ( "[ERROR] Unknown in /api/newauth insert:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-INSERT" } )
2024-04-28 21:24:50 +01:00
return
}
2024-04-26 21:12:56 +01:00
2024-05-06 12:53:04 +01:00
c . JSON ( 200 , gin . H { "key" : secret , "appId" : appId } )
2024-04-26 21:12:56 +01:00
} )
router . POST ( "/api/listauth" , func ( c * gin . Context ) {
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
secretKey , ok := data [ "secretKey" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
_ , id , err := getSession ( secretKey )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Invalid session" } )
2024-04-26 21:12:56 +01:00
return
}
2024-07-26 19:25:41 +01:00
rows , err := conn . Query ( "SELECT keyShareUri, scopes, appId, name, redirectUri FROM oauth WHERE creator = ? ORDER BY creator DESC" , id )
2024-04-26 21:12:56 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/listauth query:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTAUTH-QUERY" } )
2024-04-26 21:12:56 +01:00
return
}
2024-04-28 21:24:50 +01:00
defer func ( rows * sql . Rows ) {
err := rows . Close ( )
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/listauth rows close:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTAUTH-ROWSCLOSE" } )
2024-06-21 19:17:45 +01:00
return
2024-04-28 21:24:50 +01:00
}
} ( rows )
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
var dataTemplate [ ] map [ string ] interface { }
2024-04-26 21:12:56 +01:00
for rows . Next ( ) {
2024-07-26 19:25:41 +01:00
var appId , name , redirectUri , scopes , keyShareUri string
if err := rows . Scan ( & keyShareUri , & scopes , & appId , & name , & redirectUri ) ; err != nil {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTAUTH-SCAN" } )
2024-04-26 21:12:56 +01:00
return
}
2024-07-26 19:25:41 +01:00
template := map [ string ] interface { } { "appId" : appId , "name" : name , "redirectUri" : redirectUri , "scopes" : scopes , "keyShareUri" : keyShareUri }
2024-06-21 19:17:45 +01:00
dataTemplate = append ( dataTemplate , template )
2024-04-26 21:12:56 +01:00
}
if err := rows . Err ( ) ; err != nil {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTAUTH-ROWSERR" } )
2024-04-26 21:12:56 +01:00
return
}
2024-06-21 19:17:45 +01:00
c . JSON ( 200 , dataTemplate )
2024-04-26 21:12:56 +01:00
} )
router . POST ( "/api/deleteaccount" , func ( c * gin . Context ) {
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
secretKey , ok := data [ "secretKey" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
_ , id , err := getSession ( secretKey )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Session does not exist" } )
2024-04-26 21:12:56 +01:00
return
}
2024-04-28 21:24:50 +01:00
_ , err = conn . Exec ( "DELETE FROM userdata WHERE creator = ?" , id )
2024-04-26 21:12:56 +01:00
if err != nil {
2024-04-28 21:24:50 +01:00
if ! errors . Is ( err , sql . ErrNoRows ) {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/deleteaccount userdata:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-DELETEACCT-USERDATA" } )
2024-06-21 19:17:45 +01:00
return
2024-04-26 21:12:56 +01:00
}
}
2024-06-25 01:32:47 +01:00
_ , err = mem . Exec ( "DELETE FROM logins WHERE creator = ?" , id )
2024-06-25 01:19:49 +01:00
if err != nil {
if ! errors . Is ( err , sql . ErrNoRows ) {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/deleteaccount logins:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-DELETEACCT-LOGINS" } )
2024-06-25 01:19:49 +01:00
return
}
}
2024-04-26 21:12:56 +01:00
_ , err = conn . Exec ( "DELETE FROM oauth WHERE creator = ?" , id )
if err != nil {
2024-04-28 21:24:50 +01:00
if ! errors . Is ( err , sql . ErrNoRows ) {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/deleteuser oauth:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-DELETEUSER-OAUTH" } )
2024-06-21 19:17:45 +01:00
return
2024-04-26 21:12:56 +01:00
}
}
_ , err = conn . Exec ( "DELETE FROM users WHERE id = ?" , id )
if err != nil {
2024-04-28 21:24:50 +01:00
if ! errors . Is ( err , sql . ErrNoRows ) {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/deleteuser logins:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-DELETEUSER-USERS" } )
2024-06-21 19:17:45 +01:00
return
2024-04-26 21:12:56 +01:00
}
}
c . JSON ( 200 , gin . H { "success" : "true" } )
} )
router . POST ( "/api/sessions/list" , func ( c * gin . Context ) {
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
secretKey , ok := data [ "secretKey" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
_ , id , err := getSession ( secretKey )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Session does not exist" } )
2024-04-26 21:12:56 +01:00
return
}
2024-07-26 19:25:41 +01:00
rows , err := mem . Query ( "SELECT sessionid, session, device FROM sessions WHERE id = ? ORDER BY id DESC" , id )
2024-04-26 21:12:56 +01:00
if err != nil {
2024-04-28 21:24:50 +01:00
if ! errors . Is ( err , sql . ErrNoRows ) {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/sessions/list:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SESSIONS-LIST" } )
2024-06-21 19:17:45 +01:00
return
2024-04-26 21:12:56 +01:00
}
}
2024-04-28 21:24:50 +01:00
defer func ( rows * sql . Rows ) {
err := rows . Close ( )
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/sessions/list rows close:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SESSIONS-LIST-ROWSCLOSE" } )
2024-06-21 19:17:45 +01:00
return
2024-04-28 21:24:50 +01:00
}
} ( rows )
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
var dataTemplate [ ] map [ string ] interface { }
2024-04-26 21:12:56 +01:00
for rows . Next ( ) {
2024-06-21 19:17:45 +01:00
var id , sessionId , device string
2024-04-26 21:12:56 +01:00
thisSession := false
2024-06-21 19:17:45 +01:00
if err := rows . Scan ( & id , & sessionId , & device ) ; err != nil {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SESSIONS-LIST-SCAN" } )
2024-04-26 21:12:56 +01:00
return
}
2024-06-21 19:17:45 +01:00
if sessionId == secretKey {
2024-04-26 21:12:56 +01:00
thisSession = true
}
2024-06-21 19:17:45 +01:00
template := map [ string ] interface { } { "id" : sessionId , "thisSession" : thisSession , "device" : device }
dataTemplate = append ( dataTemplate , template )
2024-04-26 21:12:56 +01:00
}
if err := rows . Err ( ) ; err != nil {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SESSIONS-LIST-ERR" } )
2024-04-26 21:12:56 +01:00
return
}
2024-06-21 19:17:45 +01:00
c . JSON ( 200 , dataTemplate )
2024-04-26 21:12:56 +01:00
} )
router . POST ( "/api/sessions/remove" , func ( c * gin . Context ) {
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
secretKey , ok := data [ "secretKey" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
sessionId , ok := data [ "sessionId" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
_ , id , err := getSession ( secretKey )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Session does not exist" } )
2024-04-26 21:12:56 +01:00
return
}
2024-07-26 19:25:41 +01:00
_ , err = mem . Exec ( "DELETE FROM sessions WHERE sessionid = ? AND id = ?" , sessionId , id )
2024-04-26 21:12:56 +01:00
if err != nil {
2024-04-28 21:24:50 +01:00
if errors . Is ( err , sql . ErrNoRows ) {
2024-04-26 21:12:56 +01:00
c . JSON ( 422 , gin . H { "error" : "SessionID Not found" } )
} else {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/sessions/remove:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SESSIONS-REMOVE" } )
2024-04-26 21:12:56 +01:00
}
} else {
c . JSON ( 200 , gin . H { "success" : "true" } )
}
} )
router . POST ( "/api/listusers" , func ( c * gin . Context ) {
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
masterKey , ok := data [ "masterKey" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
2024-07-26 19:25:41 +01:00
if masterKey == masterKey {
2024-04-26 21:12:56 +01:00
rows , err := conn . Query ( "SELECT * FROM users ORDER BY id DESC" )
if err != nil {
2024-04-28 21:24:50 +01:00
if ! errors . Is ( err , sql . ErrNoRows ) {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/listusers:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTUSERS-QUERY" } )
2024-06-21 19:17:45 +01:00
return
2024-04-26 21:12:56 +01:00
}
}
2024-04-28 21:24:50 +01:00
defer func ( rows * sql . Rows ) {
err := rows . Close ( )
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /api/listusers rows close:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTUSERS-ROWSCLOSE" } )
2024-06-21 19:17:45 +01:00
return
2024-04-28 21:24:50 +01:00
}
} ( rows )
2024-04-26 21:12:56 +01:00
var datatemplate [ ] map [ string ] interface { }
for rows . Next ( ) {
var id , username string
if err := rows . Scan ( & id , & username ) ; err != nil {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTUSERS-SCAN" } )
2024-04-26 21:12:56 +01:00
return
}
template := map [ string ] interface { } { "id" : id , "username" : username }
datatemplate = append ( datatemplate , template )
}
if err := rows . Err ( ) ; err != nil {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTUSERS-ERR" } )
2024-04-26 21:12:56 +01:00
return
}
c . JSON ( 200 , datatemplate )
}
} )
2024-05-03 19:07:28 +01:00
router . GET ( "/.well-known/jwks.json" , func ( c * gin . Context ) {
2024-05-04 18:36:39 +01:00
mod , err := BigIntToBase64URL ( modulus )
2024-05-04 16:15:40 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /well-known/jwks.json modulus:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-JWKS-MODULUS" } )
2024-05-04 16:15:40 +01:00
return
}
2024-05-04 18:36:39 +01:00
exp , err := Int64ToBase64URL ( int64 ( exponent ) )
2024-05-04 16:15:40 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Println ( "[ERROR] Unknown in /well-known/jwks.json exponent:" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-JWKS-EXPONENT" } )
2024-05-04 16:15:40 +01:00
return
}
2024-05-03 19:07:28 +01:00
keys := gin . H {
"keys" : [ ] gin . H {
{
"kty" : "RSA" ,
"alg" : "RS256" ,
"use" : "sig" ,
2024-07-26 19:25:41 +01:00
"kid" : keyIdentifier ,
2024-05-04 16:15:40 +01:00
"n" : mod ,
"e" : exp ,
2024-05-03 19:07:28 +01:00
} ,
} ,
}
c . JSON ( 200 , keys )
} )
2024-07-26 19:25:41 +01:00
go func ( ) {
for {
time . Sleep ( time . Minute )
var count int
err := mem . QueryRow ( "SELECT COUNT(*) FROM spent" ) . Scan ( & count )
affected , err := mem . Exec ( "DELETE FROM spent WHERE expires < ?" , time . Now ( ) . Unix ( ) )
if err != nil {
log . Println ( "[ERROR] Unknown in spent cleanup Exec():" , err )
} else {
affectedRows , err := affected . RowsAffected ( )
if err != nil {
log . Println ( "[ERROR] Unknown in spent cleanup RowsAffected():" , err )
} else {
log . Println ( "[INFO] Spent cleanup complete, deleted " + strconv . FormatInt ( affectedRows , 10 ) + " row(s), " + strconv . Itoa ( count ) + " row(s) remaining." )
}
}
}
} ( )
log . Println ( "[INFO] Server started" )
log . Println ( "[INFO] Welcome to Burgerauth! Today we are running on IP " + host + " on port " + strconv . Itoa ( port ) + "." )
err = router . Run ( host + ":" + strconv . Itoa ( port ) )
2024-04-28 21:24:50 +01:00
if err != nil {
2024-07-26 19:25:41 +01:00
log . Fatalln ( "[FATAL] Server failed to begin operations" )
2024-04-28 21:24:50 +01:00
}
2024-04-26 21:12:56 +01:00
}