2024-05-13 11:38:09 +01:00
// This code is licensed under the latest version of the GNU Affero General Public License
2024-04-26 21:12:56 +01:00
package main
import (
2024-05-09 17:27:47 +01:00
"bytes"
2024-04-27 10:35:16 +01:00
"crypto/rand"
2024-05-03 19:07:28 +01:00
"crypto/rsa"
2024-04-26 21:12:56 +01:00
"crypto/sha256"
2024-05-03 19:07:28 +01:00
"crypto/x509"
2024-04-26 21:12:56 +01:00
"database/sql"
"encoding/base64"
2024-05-04 16:15:40 +01:00
"encoding/binary"
2024-04-26 21:12:56 +01:00
"encoding/hex"
2024-05-03 19:07:28 +01:00
"encoding/pem"
2024-04-28 21:24:50 +01:00
"errors"
2024-04-26 21:12:56 +01:00
"fmt"
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
"github.com/dgrijalva/jwt-go"
2024-05-03 19:07:28 +01:00
"log"
"math/big"
2024-04-26 21:12:56 +01:00
"os"
"regexp"
"strconv"
"strings"
"time"
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
"concord.hectabit.org/HectaBit/captcha"
2024-05-09 01:24:54 +01:00
"github.com/gin-contrib/sessions"
"github.com/gin-contrib/sessions/cookie"
2024-04-26 21:12:56 +01:00
"github.com/gin-gonic/gin"
_ "github.com/mattn/go-sqlite3"
"github.com/spf13/viper"
"golang.org/x/crypto/scrypt"
)
2024-05-03 19:07:28 +01:00
var (
2024-06-21 19:17:45 +01:00
conn * sql . DB
2024-06-25 01:32:47 +01:00
mem * sql . DB
2024-05-03 20:15:46 +01:00
privateKey * rsa . PrivateKey
publicKey * rsa . PublicKey
2024-05-03 19:07:28 +01:00
modulus * big . Int
exponent int
)
2024-05-04 18:36:39 +01:00
func Int64ToBase64URL ( num int64 ) ( string , error ) {
2024-05-04 16:15:40 +01:00
numBytes := make ( [ ] byte , 8 )
binary . BigEndian . PutUint64 ( numBytes , uint64 ( num ) )
startIndex := 0
for startIndex < len ( numBytes ) && numBytes [ startIndex ] == 0 {
startIndex ++
}
trimmedBytes := numBytes [ startIndex : ]
2024-05-04 18:36:39 +01:00
encoded := base64 . URLEncoding . EncodeToString ( trimmedBytes )
return encoded , nil
}
func BigIntToBase64URL ( num * big . Int ) ( string , error ) {
numBytes := num . Bytes ( )
startIndex := 0
for startIndex < len ( numBytes ) && numBytes [ startIndex ] == 0 {
startIndex ++
}
trimmedBytes := numBytes [ startIndex : ]
encoded := base64 . URLEncoding . EncodeToString ( trimmedBytes )
2024-05-04 16:15:40 +01:00
return encoded , nil
2024-05-03 20:38:08 +01:00
}
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
const saltChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
2024-05-04 16:15:40 +01:00
2024-06-21 19:17:45 +01:00
func genSalt ( length int ) ( string , error ) {
2024-04-26 21:12:56 +01:00
if length <= 0 {
2024-06-21 19:17:45 +01:00
return "" , errors . New ( "salt length must be greater than 0" )
2024-04-26 21:12:56 +01:00
}
salt := make ( [ ] byte , length )
2024-04-27 10:35:16 +01:00
randomBytes := make ( [ ] byte , length )
_ , err := rand . Read ( randomBytes )
if err != nil {
2024-06-21 19:17:45 +01:00
return "" , err
2024-04-27 10:35:16 +01:00
}
2024-04-26 21:12:56 +01:00
for i := range salt {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
salt [ i ] = saltChars [ int ( randomBytes [ i ] ) % len ( saltChars ) ]
2024-04-26 21:12:56 +01:00
}
2024-06-21 19:17:45 +01:00
return string ( salt ) , nil
2024-04-26 21:12:56 +01:00
}
func sha256Base64 ( s string ) string {
hashed := sha256 . Sum256 ( [ ] byte ( s ) )
encoded := base64 . URLEncoding . EncodeToString ( hashed [ : ] )
encoded = strings . TrimRight ( encoded , "=" )
return encoded
}
2024-06-21 19:17:45 +01:00
func hash ( password , salt string ) ( string , error ) {
2024-04-26 21:12:56 +01:00
passwordBytes := [ ] byte ( password )
saltBytes := [ ] byte ( salt )
2024-06-21 19:17:45 +01:00
derivedKey , err := scrypt . Key ( passwordBytes , saltBytes , 32768 , 8 , 1 , 64 )
if err != nil {
return "" , err
}
2024-04-26 21:12:56 +01:00
2024-05-06 10:24:18 +01:00
hashString := fmt . Sprintf ( "scrypt:32768:8:1$%s$%s" , salt , hex . EncodeToString ( derivedKey ) )
2024-06-21 19:17:45 +01:00
return hashString , nil
2024-04-26 21:12:56 +01:00
}
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
func verifyHash ( werkzeugHash , password string ) ( bool , error ) {
parts := strings . Split ( werkzeugHash , "$" )
2024-04-26 21:12:56 +01:00
if len ( parts ) != 3 || parts [ 0 ] != "scrypt:32768:8:1" {
2024-06-21 19:17:45 +01:00
return false , nil
2024-04-26 21:12:56 +01:00
}
salt := parts [ 1 ]
2024-06-21 19:17:45 +01:00
computedHash , err := hash ( password , salt )
if err != nil {
return false , err
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
return werkzeugHash == computedHash , nil
2024-04-26 21:12:56 +01:00
}
2024-06-21 19:17:45 +01:00
func getUser ( id int ) ( string , string , string , string , error ) {
var created , username , password , uniqueId string
err := conn . QueryRow ( "SELECT created, username, uniqueId, password FROM users WHERE id = ? LIMIT 1" , id ) . Scan ( & created , & username , & uniqueId , & password )
2024-04-26 21:12:56 +01:00
if err != nil {
2024-04-28 21:24:50 +01:00
if errors . Is ( err , sql . ErrNoRows ) {
2024-06-21 19:17:45 +01:00
return "" , "" , "" , "" , sql . ErrNoRows
2024-04-26 21:12:56 +01:00
} else {
2024-06-21 19:17:45 +01:00
return "" , "" , "" , "" , err
2024-04-26 21:12:56 +01:00
}
}
2024-06-21 19:17:45 +01:00
return created , username , password , uniqueId , nil
2024-04-26 21:12:56 +01:00
}
2024-06-21 19:17:45 +01:00
func getSession ( session string ) ( int , int , error ) {
var id , sessionId int
err := conn . QueryRow ( "SELECT sessionid, id FROM sessions WHERE session = ? LIMIT 1" , session ) . Scan ( & sessionId , & id )
2024-04-26 21:12:56 +01:00
if err != nil {
2024-06-21 19:17:45 +01:00
return 0 , 0 , err
2024-04-26 21:12:56 +01:00
}
2024-06-21 19:17:45 +01:00
return sessionId , id , nil
2024-04-26 21:12:56 +01:00
}
2024-06-21 19:17:45 +01:00
func checkUsernameTaken ( username string ) ( int , bool , error ) {
2024-04-26 21:12:56 +01:00
var id int
err := conn . QueryRow ( "SELECT id FROM users WHERE lower(username) = ? LIMIT 1" , username ) . Scan ( & id )
if err != nil {
2024-04-28 21:24:50 +01:00
if errors . Is ( err , sql . ErrNoRows ) {
2024-06-25 16:29:40 +01:00
return 0 , false , nil
2024-04-26 21:12:56 +01:00
} else {
2024-06-21 19:17:45 +01:00
return 0 , true , err
2024-04-26 21:12:56 +01:00
}
}
2024-06-25 16:29:40 +01:00
return id , true , nil
2024-04-26 21:12:56 +01:00
}
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
func initDb ( ) {
2024-04-26 21:12:56 +01:00
if _ , err := os . Stat ( "database.db" ) ; os . IsNotExist ( err ) {
if err := generateDB ( ) ; err != nil {
2024-05-03 19:07:28 +01:00
log . Println ( "[ERROR] Unknown while generating database at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
2024-04-26 21:12:56 +01:00
return
}
} else {
2024-05-03 19:07:28 +01:00
log . Print ( "Proceeding will overwrite the database. Proceed? (y/n) " )
2024-04-26 21:12:56 +01:00
var answer string
2024-04-28 21:24:50 +01:00
_ , err := fmt . Scanln ( & answer )
if err != nil {
2024-05-03 19:07:28 +01:00
log . Println ( "[ERROR] Unknown while scanning input at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
2024-04-28 21:24:50 +01:00
return
}
2024-04-26 21:12:56 +01:00
if answer == "y" || answer == "Y" {
if err := generateDB ( ) ; err != nil {
2024-05-03 19:07:28 +01:00
log . Println ( "[ERROR] Unknown while generating database at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
2024-04-26 21:12:56 +01:00
return
}
} else if answer == ":3" {
2024-05-03 19:07:28 +01:00
log . Println ( "[:3] :3" )
2024-04-26 21:12:56 +01:00
} else {
2024-05-03 19:07:28 +01:00
log . Println ( "[INFO] Stopped" )
2024-04-26 21:12:56 +01:00
}
}
}
func generateDB ( ) error {
db , err := sql . Open ( "sqlite3" , "database.db" )
if err != nil {
return err
}
2024-04-28 21:24:50 +01:00
defer func ( db * sql . DB ) {
err := db . Close ( )
if err != nil {
2024-05-03 19:07:28 +01:00
log . Println ( "[ERROR] Unknown in generateDB() defer at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
return
2024-04-28 21:24:50 +01:00
}
} ( db )
2024-04-26 21:12:56 +01:00
2024-04-27 10:35:16 +01:00
schemaBytes , err := os . ReadFile ( "schema.sql" )
2024-04-26 21:12:56 +01:00
if err != nil {
return err
}
_ , err = db . Exec ( string ( schemaBytes ) )
if err != nil {
return err
}
2024-05-03 19:07:28 +01:00
log . Println ( "[INFO] Generated database" )
2024-04-26 21:12:56 +01:00
return nil
}
func main ( ) {
if _ , err := os . Stat ( "config.ini" ) ; err == nil {
2024-05-03 19:07:28 +01:00
log . Println ( "[INFO] Config loaded at" , time . Now ( ) . Unix ( ) )
2024-04-26 21:12:56 +01:00
} else if os . IsNotExist ( err ) {
2024-05-03 19:07:28 +01:00
log . Println ( "[FATAL] config.ini does not exist" )
2024-04-26 21:12:56 +01:00
os . Exit ( 1 )
} else {
2024-06-21 19:17:45 +01:00
log . Println ( "[FATAL] File is in quantum uncertainty:" , err )
2024-04-26 21:12:56 +01:00
os . Exit ( 1 )
}
viper . SetConfigName ( "config" )
viper . AddConfigPath ( "./" )
viper . AutomaticEnv ( )
2024-05-03 19:07:28 +01:00
err := viper . ReadInConfig ( )
if err != nil {
log . Println ( "[FATAL] Error in config file at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
2024-04-26 21:12:56 +01:00
os . Exit ( 1 )
}
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
Host := viper . GetString ( "config.HOST" )
Port := viper . GetInt ( "config.PORT" )
privacyPolicy := viper . GetString ( "config.PRIVACY_POLICY" )
hostName := viper . GetString ( "config.URL" )
identifier := viper . GetString ( "config.IDENTIFIER" )
keyid := viper . GetString ( "config.KEY_ID" )
SecretKey := viper . GetString ( "config.SECRET_KEY" )
PublicKeyPath := viper . GetString ( "config.PUBLIC_KEY" )
PrivateKeyPath := viper . GetString ( "config.PRIVATE_KEY" )
if SecretKey == "supersecretkey" {
2024-05-03 19:07:28 +01:00
log . Println ( "[WARNING] Secret key not set. Please set the secret key to a non-default value." )
}
2024-06-21 19:17:45 +01:00
conn , err = sql . Open ( "sqlite3" , "database.db" )
if err != nil {
log . Fatalln ( "[FATAL] Cannot open database at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
}
defer func ( conn * sql . DB ) {
err := conn . Close ( )
if err != nil {
log . Println ( "[ERROR] Unknown in main() defer at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
}
} ( conn )
if len ( os . Args ) > 1 {
if os . Args [ 1 ] == "init_db" {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
initDb ( )
2024-06-21 19:17:45 +01:00
os . Exit ( 0 )
}
}
2024-06-25 01:32:47 +01:00
mem , err = sql . Open ( "sqlite3" , ":memory:" )
if err != nil {
log . Fatalln ( "[FATAL] Cannot open memory database at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
}
defer func ( mem * sql . DB ) {
err := mem . Close ( )
if err != nil {
log . Println ( "[ERROR] Unknown in main() memory defer at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
}
} ( mem )
2024-06-25 01:39:51 +01:00
_ , err = mem . Exec ( "CREATE TABLE logins (appId TEXT NOT NULL, exchangeCode TEXT NOT NULL, loginToken TEXT NOT NULL, creator INT NOT NULL UNIQUE, openid TEXT NOT NULL, pkce TEXT NOT NULL DEFAULT 'none', pkcemethod TEXT NOT NULL DEFAULT 'none')" )
2024-06-25 01:32:47 +01:00
if err != nil {
log . Fatalln ( "[FATAL] Cannot create logins table at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
}
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
privateKeyFile , err := os . ReadFile ( PrivateKeyPath )
2024-05-03 19:07:28 +01:00
if err != nil {
log . Fatal ( "[ERROR] Cannot read private key:" , err )
}
2024-06-21 19:17:45 +01:00
block , _ := pem . Decode ( privateKeyFile )
2024-05-03 20:15:46 +01:00
if block == nil {
log . Fatal ( "[ERROR] Failed to parse PEM block containing the private key" )
}
2024-06-21 19:17:45 +01:00
privateKeyRaw , err := x509 . ParsePKCS8PrivateKey ( block . Bytes )
2024-05-03 20:15:46 +01:00
if err != nil {
log . Fatal ( "[ERROR] Failed to parse private key:" , err )
}
2024-05-03 20:18:45 +01:00
var ok bool
2024-06-21 19:17:45 +01:00
privateKey , ok = privateKeyRaw . ( * rsa . PrivateKey )
2024-05-03 20:18:45 +01:00
if ! ok {
log . Fatal ( "[ERROR] Failed to convert private key to RSA private key" )
}
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
pubKeyFile , err := os . ReadFile ( PublicKeyPath )
2024-05-03 19:07:28 +01:00
if err != nil {
log . Fatal ( "[ERROR] Cannot read public key:" , err )
}
2024-05-03 20:15:46 +01:00
block , _ = pem . Decode ( pubKeyFile )
2024-05-03 19:07:28 +01:00
if block == nil {
log . Fatal ( "[ERROR] Failed to parse PEM block containing the public key" )
}
pubKey , err := x509 . ParsePKIXPublicKey ( block . Bytes )
if err != nil {
log . Fatal ( "[ERROR] Failed to parse public key:" , err )
}
2024-05-03 20:15:46 +01:00
publicKey , ok = pubKey . ( * rsa . PublicKey )
2024-05-03 19:07:28 +01:00
if ! ok {
log . Fatal ( "[ERROR] Failed to convert public key to RSA public key" )
2024-04-26 21:12:56 +01:00
}
2024-05-04 16:37:43 +01:00
modulus = privateKey . N
exponent = privateKey . E
2024-05-03 19:07:28 +01:00
2024-04-26 21:12:56 +01:00
gin . SetMode ( gin . ReleaseMode )
router := gin . New ( )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
store := cookie . NewStore ( [ ] byte ( SecretKey ) )
2024-06-21 19:17:45 +01:00
router . Use ( sessions . Sessions ( "currentSession" , store ) )
2024-04-26 21:12:56 +01:00
2024-04-28 10:55:38 +01:00
// Enable CORS
router . Use ( func ( c * gin . Context ) {
c . Writer . Header ( ) . Set ( "Access-Control-Allow-Origin" , "*" )
2024-05-09 01:24:54 +01:00
c . Writer . Header ( ) . Set ( "Access-Control-Allow-Headers" , "*, Authorization" )
2024-04-28 10:55:38 +01:00
c . Writer . Header ( ) . Set ( "Access-Control-Allow-Methods" , "*" )
// Handle preflight requests
if c . Request . Method == "OPTIONS" {
c . AbortWithStatus ( 200 )
return
}
c . Next ( )
} )
2024-04-26 21:12:56 +01:00
router . Static ( "/static" , "./static" )
router . LoadHTMLGlob ( "templates/*.html" )
router . GET ( "/" , func ( c * gin . Context ) {
c . Redirect ( 302 , "/login" )
} )
router . GET ( "/login" , func ( c * gin . Context ) {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . HTML ( 200 , "login.html" , gin . H { "privacy" : privacyPolicy , "identifier" : identifier } )
2024-04-26 21:12:56 +01:00
} )
router . GET ( "/signup" , func ( c * gin . Context ) {
2024-05-09 17:27:47 +01:00
session := sessions . Default ( c )
2024-06-21 19:17:45 +01:00
sessionId , err := genSalt ( 512 )
if err != nil {
fmt . Println ( "[ERROR] Failed to generate session token at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-SIGNUP-SESSION-GEN" )
2024-06-21 19:17:45 +01:00
return
}
2024-05-09 17:27:47 +01:00
session . Options ( sessions . Options {
SameSite : 3 ,
} )
data , err := captcha . New ( 500 , 100 )
if err != nil {
fmt . Println ( "[ERROR] Failed to generate captcha at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
c . String ( 500 , "Failed to generate captcha" )
return
}
session . Set ( "captcha" , data . Text )
2024-06-21 19:17:45 +01:00
session . Set ( "unique_token" , sessionId )
2024-05-09 17:27:47 +01:00
err = session . Save ( )
if err != nil {
fmt . Println ( "[ERROR] Failed to save session in /login at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
c . String ( 500 , "Failed to save session" )
return
}
var b64bytes bytes . Buffer
err = data . WriteImage ( & b64bytes )
if err != nil {
fmt . Println ( "[ERROR] Failed to encode captcha at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
c . String ( 500 , "Failed to encode captcha" )
return
}
c . HTML ( 200 , "signup.html" , gin . H {
"captcha_image" : base64 . StdEncoding . EncodeToString ( b64bytes . Bytes ( ) ) ,
2024-06-21 19:17:45 +01:00
"unique_token" : sessionId ,
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
"privacy" : privacyPolicy ,
"identifier" : identifier ,
2024-05-09 17:27:47 +01:00
} )
2024-04-26 21:12:56 +01:00
} )
router . GET ( "/logout" , func ( c * gin . Context ) {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . HTML ( 200 , "logout.html" , gin . H { "identifier" : identifier } )
2024-04-26 21:12:56 +01:00
} )
router . GET ( "/app" , func ( c * gin . Context ) {
2024-05-06 12:55:04 +01:00
name := ""
if c . Request . URL . Query ( ) . Get ( "client_id" ) != "" {
appId := c . Request . URL . Query ( ) . Get ( "client_id" )
err := conn . QueryRow ( "SELECT name FROM oauth WHERE appId = ? LIMIT 1" , appId ) . Scan ( & name )
2024-05-06 12:53:04 +01:00
if err != nil {
2024-05-06 12:55:04 +01:00
if errors . Is ( err , sql . ErrNoRows ) {
c . String ( 404 , "App not found" )
} else {
log . Println ( "[ERROR] Unknown in /app at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
}
2024-05-06 12:53:04 +01:00
return
}
}
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . HTML ( 200 , "main.html" , gin . H { "name" : name , "identifier" : identifier } )
2024-04-26 21:12:56 +01:00
} )
router . GET ( "/dashboard" , func ( c * gin . Context ) {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . HTML ( 200 , "dashboard.html" , gin . H { "identifier" : identifier } )
2024-04-26 21:12:56 +01:00
} )
2024-05-16 17:34:51 +01:00
router . GET ( "/account" , func ( c * gin . Context ) {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . HTML ( 200 , "acct.html" , gin . H { "identifier" : identifier } )
2024-05-16 17:34:51 +01:00
} )
2024-04-29 01:45:22 +01:00
router . GET ( "/aeskeyshare" , func ( c * gin . Context ) {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . HTML ( 200 , "aeskeyshare.html" , gin . H { "identifier" : identifier } )
} )
router . GET ( "/privacy" , func ( c * gin . Context ) {
c . Redirect ( 301 , privacyPolicy )
2024-04-29 01:45:22 +01:00
} )
2024-04-26 21:12:56 +01:00
router . GET ( "/.well-known/openid-configuration" , func ( c * gin . Context ) {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . HTML ( 200 , "openid.html" , gin . H { "hostName" : hostName } )
2024-04-26 21:12:56 +01:00
} )
router . GET ( "/api/version" , func ( c * gin . Context ) {
c . String ( 200 , "Burgerauth Version 1.3" )
} )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
router . GET ( "/api/servicename" , func ( c * gin . Context ) {
c . JSON ( 200 , gin . H { "name" : identifier } )
} )
2024-04-26 21:12:56 +01:00
router . POST ( "/api/signup" , func ( c * gin . Context ) {
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
2024-05-09 17:27:47 +01:00
session := sessions . Default ( c )
2024-04-28 21:24:50 +01:00
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
username , ok := data [ "username" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
password , ok := data [ "password" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
2024-05-09 17:27:47 +01:00
if data [ "unique_token" ] . ( string ) != session . Get ( "unique_token" ) {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
log . Println ( "yes, it's this error" )
log . Println ( session . Get ( "unique_token" ) , data [ "unique_token" ] )
2024-05-09 17:27:47 +01:00
c . JSON ( 403 , gin . H { "error" : "Invalid token" } )
return
}
if data [ "captcha" ] . ( string ) != session . Get ( "captcha" ) {
c . JSON ( 401 , gin . H { "error" : "Captcha failed" } )
return
}
2024-04-26 21:12:56 +01:00
if username == "" || password == "" || len ( username ) > 20 || ! regexp . MustCompile ( "^[a-zA-Z0-9]+$" ) . MatchString ( username ) {
c . JSON ( 422 , gin . H { "error" : "Invalid username or password" } )
return
}
2024-06-21 19:17:45 +01:00
_ , taken , err := checkUsernameTaken ( username )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/signup checkUsernameTaken() at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-CHECKUSERNAME" } )
2024-06-21 19:17:45 +01:00
return
}
if taken {
2024-04-26 21:12:56 +01:00
c . JSON ( 409 , gin . H { "error" : "Username taken" } )
return
}
2024-06-21 19:17:45 +01:00
salt , err := genSalt ( 16 )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/signup genSalt() at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-SALT" } )
2024-06-21 19:17:45 +01:00
return
}
hashedPassword , err := hash ( password , salt )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/signup hash() at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-HASH" } )
2024-06-21 19:17:45 +01:00
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
sub , err := genSalt ( 255 )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/signup genSalt() at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-SUB" } )
2024-06-21 19:17:45 +01:00
return
}
_ , err = conn . Exec ( "INSERT INTO users (username, password, created, uniqueid) VALUES (?, ?, ?, ?)" , username , hashedPassword , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) , sub )
2024-04-28 21:24:50 +01:00
if err != nil {
2024-05-03 19:07:28 +01:00
log . Println ( "[ERROR] Unknown in /api/signup user creation at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
2024-04-28 21:24:50 +01:00
return
}
2024-05-03 19:07:28 +01:00
log . Println ( "[INFO] Added new user at" , time . Now ( ) . Unix ( ) )
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
userid , _ , err := checkUsernameTaken ( username )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/signup checkUsernameTaken() at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-CHECKUSERNAME" } )
2024-06-21 19:17:45 +01:00
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
randomChars , err := genSalt ( 512 )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/signup token genSalt() at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-SESSIONSALT" } )
2024-06-21 19:17:45 +01:00
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
_ , err = conn . Exec ( "INSERT INTO sessions (session, id, device) VALUES (?, ?, ?)" , randomChars , userid , c . Request . Header . Get ( "User-Agent" ) )
2024-04-28 21:24:50 +01:00
if err != nil {
2024-06-21 19:17:45 +01:00
log . Println ( "[ERROR] Unknown in /api/signup session Exec() at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-SESSIONINSERT" } )
2024-04-28 21:24:50 +01:00
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
c . JSON ( 200 , gin . H { "key" : randomChars } )
2024-04-26 21:12:56 +01:00
} )
router . POST ( "/api/login" , func ( c * gin . Context ) {
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
username , ok := data [ "username" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
password , ok := data [ "password" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
passwordChange , ok := data [ "password" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
newPass , ok := data [ "password" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-06-21 19:17:45 +01:00
userid , taken , err := checkUsernameTaken ( username )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/login checkUsernameTaken() at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-CHECKUSERNAME" } )
2024-06-21 19:17:45 +01:00
return
}
if ! taken {
2024-04-26 21:12:56 +01:00
c . JSON ( 401 , gin . H { "error" : "User does not exist" } )
return
}
2024-06-21 19:17:45 +01:00
_ , _ , userPassword , _ , err := getUser ( userid )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/login getUser() at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-GETUSER" } )
2024-06-21 19:17:45 +01:00
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
passwordCheck , err := verifyHash ( userPassword , password )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/login password check at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-PASSWORDCHECK" } )
2024-06-21 19:17:45 +01:00
return
}
if ! passwordCheck {
2024-04-26 21:12:56 +01:00
c . JSON ( 401 , gin . H { "error" : "Incorrect password" } )
return
}
2024-06-21 19:17:45 +01:00
randomChars , err := genSalt ( 512 )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/login token genSalt() at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-SESSIONSALT" } )
2024-06-21 19:17:45 +01:00
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
_ , err = conn . Exec ( "INSERT INTO sessions (session, id, device) VALUES (?, ?, ?)" , randomChars , userid , c . Request . Header . Get ( "User-Agent" ) )
2024-04-28 21:24:50 +01:00
if err != nil {
2024-05-03 19:07:28 +01:00
log . Println ( "[ERROR] Unknown in /api/login session creation at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-SESSIONINSERT" } )
2024-04-28 21:24:50 +01:00
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
if passwordChange == "yes" {
hashPassword , err := hash ( newPass , "" )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/login password hash at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-PASSWORDHASH" } )
2024-06-21 19:17:45 +01:00
return
}
_ , err = conn . Exec ( "UPDATE users SET password = ? WHERE username = ?" , hashPassword , username )
2024-04-28 21:24:50 +01:00
if err != nil {
2024-05-03 19:07:28 +01:00
log . Println ( "[ERROR] Unknown in /api/login password change at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-PASSWORDCHANGE" } )
2024-04-28 21:24:50 +01:00
return
}
2024-04-26 21:12:56 +01:00
}
2024-06-21 19:17:45 +01:00
c . JSON ( 200 , gin . H { "key" : randomChars } )
2024-04-26 21:12:56 +01:00
} )
router . POST ( "/api/userinfo" , func ( c * gin . Context ) {
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
secretKey , ok := data [ "secretKey" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
_ , userid , err := getSession ( secretKey )
if errors . Is ( err , sql . ErrNoRows ) {
c . JSON ( 401 , gin . H { "error" : "Invalid session" } )
2024-04-26 21:12:56 +01:00
return
}
2024-06-21 19:17:45 +01:00
created , username , _ , _ , err := getUser ( userid )
if errors . Is ( err , sql . ErrNoRows ) {
2024-04-26 21:12:56 +01:00
c . JSON ( 400 , gin . H { "error" : "User does not exist" } )
return
2024-06-21 19:17:45 +01:00
} else if err != nil {
log . Println ( "[ERROR] Unknown in /api/userinfo getUser() at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-USERINFO-GETUSER" } )
2024-06-21 19:17:45 +01:00
return
2024-04-26 21:12:56 +01:00
}
c . JSON ( 200 , gin . H { "username" : username , "id" : userid , "created" : created } )
} )
router . GET ( "/userinfo" , func ( c * gin . Context ) {
2024-06-24 20:58:55 +01:00
var token string
if len ( c . Request . Header [ "Authorization" ] ) > 0 {
if len ( strings . Fields ( c . Request . Header [ "Authorization" ] [ 0 ] ) ) > 1 {
token = strings . Fields ( c . Request . Header [ "Authorization" ] [ 0 ] ) [ 1 ]
} else {
c . JSON ( 400 , gin . H { "error" : "Invalid token" } )
return
}
} else {
c . JSON ( 400 , gin . H { "error" : "Invalid token" } )
return
}
2024-04-28 10:45:58 +01:00
var blacklisted bool
err := conn . QueryRow ( "SELECT blacklisted FROM blacklist WHERE openid = ? LIMIT 1" , token ) . Scan ( & blacklisted )
if err == nil {
c . JSON ( 400 , gin . H { "error" : "Token is in blacklist" } )
return
} else {
2024-04-28 21:24:50 +01:00
if ! errors . Is ( err , sql . ErrNoRows ) {
2024-05-03 19:07:28 +01:00
log . Println ( "[ERROR] Unknown in /userinfo blacklist at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-USERINFO-BLACKLIST" } )
2024-04-28 10:45:58 +01:00
return
}
}
2024-06-21 19:17:45 +01:00
parsedToken , err := jwt . Parse ( token , func ( token * jwt . Token ) ( interface { } , error ) {
2024-05-03 19:07:28 +01:00
return publicKey , nil
2024-04-28 10:45:58 +01:00
} )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Malformed token" } )
return
}
var claims jwt . MapClaims
var ok bool
2024-06-21 19:17:45 +01:00
if parsedToken . Valid {
claims , ok = parsedToken . Claims . ( jwt . MapClaims )
2024-04-28 10:45:58 +01:00
if ! ok {
c . JSON ( 401 , gin . H { "error" : "Invalid token claims" } )
return
}
}
session := claims [ "session" ] . ( string )
2024-04-28 11:20:54 +01:00
exp := claims [ "exp" ] . ( float64 )
if int64 ( exp ) < time . Now ( ) . Unix ( ) {
2024-04-28 10:45:58 +01:00
c . JSON ( 403 , gin . H { "error" : "Expired token" } )
return
}
2024-06-21 19:17:45 +01:00
_ , userid , err := getSession ( session )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Invalid session" } )
2024-04-28 10:45:58 +01:00
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
_ , username , _ , sub , err := getUser ( userid )
if errors . Is ( err , sql . ErrNoRows ) {
2024-04-26 21:12:56 +01:00
c . JSON ( 400 , gin . H { "error" : "User does not exist" } )
return
2024-06-21 19:17:45 +01:00
} else if err != nil {
log . Println ( "[ERROR] Unknown in /userinfo getUser() at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-USERINFO-GETUSER" } )
2024-06-21 19:17:45 +01:00
return
2024-04-26 21:12:56 +01:00
}
2024-06-21 19:17:45 +01:00
c . JSON ( 200 , gin . H { "sub" : sub [ : 255 ] , "name" : username } )
2024-04-26 21:12:56 +01:00
} )
2024-04-28 10:45:58 +01:00
router . POST ( "/api/uniqueid" , func ( c * gin . Context ) {
2024-04-28 11:01:04 +01:00
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-28 10:45:58 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
token , ok := data [ "access_token" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-28 10:45:58 +01:00
var blacklisted bool
2024-04-28 21:24:50 +01:00
err = conn . QueryRow ( "SELECT blacklisted FROM blacklist WHERE token = ? LIMIT 1" , token ) . Scan ( & blacklisted )
2024-04-28 10:45:58 +01:00
if err == nil {
c . JSON ( 400 , gin . H { "error" : "Token is in blacklist" } )
return
} else {
2024-04-28 21:24:50 +01:00
if ! errors . Is ( err , sql . ErrNoRows ) {
2024-06-21 19:17:45 +01:00
log . Println ( "[ERROR] Unknown in /api/sub blacklist at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-UNIQUEID-BLACKLIST" } )
2024-05-03 19:07:28 +01:00
return
}
}
2024-06-21 19:17:45 +01:00
parsedToken , err := jwt . Parse ( token , func ( token * jwt . Token ) ( interface { } , error ) {
2024-05-03 19:07:28 +01:00
return publicKey , nil
} )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Malformed token" } )
return
}
var claims jwt . MapClaims
2024-06-21 19:17:45 +01:00
if parsedToken . Valid {
claims , ok = parsedToken . Claims . ( jwt . MapClaims )
2024-05-03 19:07:28 +01:00
if ! ok {
c . JSON ( 401 , gin . H { "error" : "Invalid token claims" } )
2024-04-28 10:45:58 +01:00
return
}
}
2024-05-03 19:07:28 +01:00
session := claims [ "session" ] . ( string )
exp := claims [ "exp" ] . ( float64 )
if int64 ( exp ) < time . Now ( ) . Unix ( ) {
c . JSON ( 403 , gin . H { "error" : "Expired token" } )
return
}
2024-06-21 19:17:45 +01:00
_ , userid , err := getSession ( session )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Invalid session" } )
2024-05-03 19:07:28 +01:00
return
}
2024-06-21 19:17:45 +01:00
_ , _ , _ , sub , err := getUser ( userid )
if errors . Is ( err , sql . ErrNoRows ) {
2024-05-03 19:07:28 +01:00
c . JSON ( 400 , gin . H { "error" : "User does not exist" } )
return
2024-06-21 19:17:45 +01:00
} else if err != nil {
log . Println ( "[ERROR] Unknown in /api/userinfo getUser() at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-UNIQUEID-GETUSER" } )
2024-06-21 19:17:45 +01:00
return
2024-05-03 19:07:28 +01:00
}
2024-06-21 19:17:45 +01:00
c . JSON ( 200 , gin . H { "sub" : sub } )
2024-04-29 00:59:33 +01:00
} )
router . POST ( "/api/loggedin" , func ( c * gin . Context ) {
var data map [ string ] interface { }
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
token , ok := data [ "access_token" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-29 00:59:33 +01:00
var blacklisted bool
err = conn . QueryRow ( "SELECT blacklisted FROM blacklist WHERE token = ? LIMIT 1" , token ) . Scan ( & blacklisted )
if err == nil {
c . JSON ( 400 , gin . H { "error" : "Token is in blacklist" } )
return
} else {
if ! errors . Is ( err , sql . ErrNoRows ) {
2024-06-21 19:17:45 +01:00
log . Println ( "[ERROR] Unknown in /api/loggedin blacklist at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGGEDIN-BLACKLIST" } )
2024-04-29 00:59:33 +01:00
return
}
}
2024-04-28 10:45:58 +01:00
2024-06-21 19:17:45 +01:00
parsedToken , err := jwt . Parse ( token , func ( token * jwt . Token ) ( interface { } , error ) {
2024-05-03 19:07:28 +01:00
return publicKey , nil
2024-04-28 10:45:58 +01:00
} )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Malformed token" } )
return
}
var claims jwt . MapClaims
2024-06-21 19:17:45 +01:00
if parsedToken . Valid {
claims , ok = parsedToken . Claims . ( jwt . MapClaims )
2024-04-28 10:45:58 +01:00
if ! ok {
c . JSON ( 401 , gin . H { "error" : "Invalid token claims" } )
return
}
}
session := claims [ "session" ] . ( string )
2024-04-28 11:20:54 +01:00
exp := claims [ "exp" ] . ( float64 )
if int64 ( exp ) < time . Now ( ) . Unix ( ) {
2024-04-28 10:45:58 +01:00
c . JSON ( 403 , gin . H { "error" : "Expired token" } )
return
}
2024-06-21 19:17:45 +01:00
_ , _ , err = getSession ( session )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Invalid session" } )
2024-04-28 10:45:58 +01:00
return
}
2024-05-09 01:24:54 +01:00
c . JSON ( 200 , gin . H { "appId" : claims [ "aud" ] } )
2024-04-28 10:45:58 +01:00
} )
2024-04-26 21:12:56 +01:00
router . GET ( "/api/auth" , func ( c * gin . Context ) {
secretKey , _ := c . Cookie ( "key" )
appId := c . Request . URL . Query ( ) . Get ( "client_id" )
code := c . Request . URL . Query ( ) . Get ( "code_challenge" )
2024-06-21 19:17:45 +01:00
codeMethod := c . Request . URL . Query ( ) . Get ( "code_challenge_method" )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
redirectUri := c . Request . URL . Query ( ) . Get ( "redirect_uri" )
2024-04-26 21:12:56 +01:00
state := c . Request . URL . Query ( ) . Get ( "state" )
2024-05-04 18:50:44 +01:00
nonce := c . Request . URL . Query ( ) . Get ( "nonce" )
2024-05-16 19:07:54 +01:00
deny := c . Request . URL . Query ( ) . Get ( "deny" )
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
var appIdCheck , redirectUriCheck string
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
err := conn . QueryRow ( "SELECT appId, rdiruri FROM oauth WHERE appId = ? LIMIT 1" , appId ) . Scan ( & appIdCheck , & redirectUriCheck )
2024-04-28 21:24:50 +01:00
if err != nil {
if errors . Is ( err , sql . ErrNoRows ) {
2024-05-09 01:24:54 +01:00
fmt . Println ( appId )
2024-04-28 21:24:50 +01:00
c . String ( 401 , "OAuth screening failed" )
} else {
2024-05-03 19:07:28 +01:00
log . Println ( "[ERROR] Unknown in /api/auth at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-SELECT" )
2024-04-28 21:24:50 +01:00
}
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
if ! ( redirectUriCheck == redirectUri ) {
2024-06-21 19:17:45 +01:00
c . String ( 401 , "Redirect URI does not match" )
return
}
2024-05-16 19:12:25 +01:00
2024-06-21 19:17:45 +01:00
if deny == "true" {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . Redirect ( 302 , redirectUri + "?error=access_denied&state=" + state )
2024-06-21 19:17:45 +01:00
return
}
2024-05-16 19:12:25 +01:00
2024-06-21 19:17:45 +01:00
if ! ( appIdCheck == appId ) {
fmt . Println ( appIdCheck , appId )
2024-04-26 21:12:56 +01:00
c . String ( 401 , "OAuth screening failed" )
return
}
2024-05-04 18:58:41 +01:00
if nonce == "none" {
2024-06-21 19:17:45 +01:00
nonce , err = genSalt ( 512 )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/auth nonce genSalt() at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-NONCE" )
2024-06-21 19:17:45 +01:00
return
}
2024-05-04 18:50:44 +01:00
}
2024-06-25 01:19:49 +01:00
_ , userid , err := getSession ( secretKey )
2024-06-21 19:17:45 +01:00
if err != nil {
c . String ( 401 , "Invalid session" )
2024-05-16 19:07:54 +01:00
return
}
2024-06-25 01:19:49 +01:00
_ , username , _ , sub , err := getUser ( userid )
2024-06-21 19:17:45 +01:00
if errors . Is ( err , sql . ErrNoRows ) {
2024-05-16 19:07:54 +01:00
c . String ( 400 , "User does not exist" )
return
2024-06-21 19:17:45 +01:00
} else if err != nil {
log . Println ( "[ERROR] Unknown in /api/userinfo getUser() at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-GETUSER" )
2024-06-21 19:17:45 +01:00
return
2024-05-16 19:07:54 +01:00
}
2024-06-21 19:17:45 +01:00
dataTemplate := jwt . MapClaims {
"sub" : sub [ : 255 ] ,
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
"iss" : hostName ,
2024-04-26 21:12:56 +01:00
"name" : username ,
"aud" : appId ,
"exp" : time . Now ( ) . Unix ( ) + 2592000 ,
"iat" : time . Now ( ) . Unix ( ) ,
"auth_time" : time . Now ( ) . Unix ( ) ,
2024-04-28 10:45:58 +01:00
"session" : secretKey ,
2024-05-04 18:50:44 +01:00
"nonce" : nonce ,
2024-04-26 21:12:56 +01:00
}
2024-06-24 20:58:55 +01:00
secondNonce , err := genSalt ( 512 )
2024-06-21 19:17:45 +01:00
dataTemplateTwo := jwt . MapClaims {
2024-04-28 10:45:58 +01:00
"exp" : time . Now ( ) . Unix ( ) + 2592000 ,
"iat" : time . Now ( ) . Unix ( ) ,
"session" : secretKey ,
2024-06-24 20:58:55 +01:00
"nonce" : secondNonce ,
2024-04-26 21:12:56 +01:00
}
2024-06-21 19:17:45 +01:00
tokenTemp := jwt . NewWithClaims ( jwt . SigningMethodRS256 , dataTemplate )
tokenTemp . Header [ "kid" ] = "burgerauth"
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
jwtToken , err := tokenTemp . SignedString ( privateKey )
2024-05-03 19:07:28 +01:00
if err != nil {
2024-06-25 01:19:49 +01:00
log . Println ( "[ERROR] Unknown in /api/auth jwt_token at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-JWTCANNOTSIGN" )
2024-05-03 19:07:28 +01:00
return
}
2024-05-04 16:32:49 +01:00
2024-06-21 19:17:45 +01:00
secretTemp := jwt . NewWithClaims ( jwt . SigningMethodRS256 , dataTemplateTwo )
secretTemp . Header [ "kid" ] = "burgerauth"
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
secretToken , err := secretTemp . SignedString ( privateKey )
2024-05-03 19:07:28 +01:00
if err != nil {
2024-06-25 01:19:49 +01:00
log . Println ( "[ERROR] Unknown in /api/auth secret_token at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-JWTCANNOTSIGN." )
2024-05-03 19:07:28 +01:00
return
}
2024-06-25 01:19:49 +01:00
randomBytes , err := genSalt ( 512 )
2024-06-21 19:17:45 +01:00
if err != nil {
2024-06-25 01:19:49 +01:00
log . Println ( "[ERROR] Unknown in /api/auth randomBytes at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-RANDOMBYTES." )
2024-06-21 19:17:45 +01:00
return
}
2024-04-26 21:12:56 +01:00
2024-06-25 01:49:45 +01:00
_ , err = mem . Exec ( "DELETE FROM logins WHERE creator = ?" , userid )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/auth delete at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-DELETE." )
2024-06-25 01:49:45 +01:00
return
}
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
_ , err = mem . Exec ( "INSERT INTO logins (appId, exchangeCode, loginToken, creator, openid, pkce, pkcemethod) VALUES (?, ?, ?, ?, ?, ?, ?)" , appId , randomBytes , secretToken , userid , jwtToken , code , codeMethod )
2024-04-28 21:24:50 +01:00
if err != nil {
2024-06-25 01:49:45 +01:00
log . Println ( "[ERROR] Unknown in /api/auth insert at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-INSERT." )
2024-06-25 01:49:45 +01:00
return
2024-04-28 21:24:50 +01:00
}
2024-04-26 21:12:56 +01:00
2024-06-25 01:19:49 +01:00
if randomBytes != "" {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . Redirect ( 302 , redirectUri + "?code=" + randomBytes + "&state=" + state )
2024-04-26 21:12:56 +01:00
} else {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . String ( 500 , "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-REDIRECT." )
2024-06-21 19:17:45 +01:00
log . Println ( "[ERROR] Secret key not found at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) )
2024-04-26 21:12:56 +01:00
}
} )
router . POST ( "/api/tokenauth" , func ( c * gin . Context ) {
2024-04-28 21:24:50 +01:00
err := c . Request . ParseForm ( )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid form data" } )
return
}
2024-04-26 21:12:56 +01:00
data := c . Request . Form
appId := data . Get ( "client_id" )
code := data . Get ( "code" )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
codeVerify := data . Get ( "code_verifier" )
2024-04-26 21:12:56 +01:00
secret := data . Get ( "client_secret" )
2024-06-21 19:17:45 +01:00
var verifyCode bool
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
if codeVerify == "" {
2024-06-21 19:17:45 +01:00
verifyCode = false
2024-04-26 21:39:57 +01:00
} else {
2024-06-21 19:17:45 +01:00
verifyCode = true
2024-04-26 21:12:56 +01:00
}
2024-06-25 01:19:49 +01:00
var appIdCheck , secretCheck , openid , loginCode , PKCECode , PKCEMethod string
2024-06-25 01:32:47 +01:00
err = conn . QueryRow ( "SELECT appId, secret FROM oauth WHERE appId = ?;" , appId ) . Scan ( & appIdCheck , & secretCheck )
2024-04-28 21:24:50 +01:00
if err != nil {
if errors . Is ( err , sql . ErrNoRows ) {
c . JSON ( 401 , gin . H { "error" : "OAuth screening failed" } )
} else {
2024-05-03 19:07:28 +01:00
log . Println ( "[ERROR] Unknown in /api/tokenauth at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-TOKENAUTH-SELECT" } )
2024-04-28 21:24:50 +01:00
}
return
}
2024-06-25 01:32:47 +01:00
err = mem . QueryRow ( "SELECT loginToken, openid, pkce, pkcemethod FROM logins WHERE exchangeCode = ?" , code ) . Scan ( & loginCode , & openid , & PKCECode , & PKCEMethod )
if err != nil {
if errors . Is ( err , sql . ErrNoRows ) {
c . JSON ( 401 , gin . H { "error" : "OAuth screening failed" } )
} else {
log . Println ( "[ERROR] Unknown in /api/tokenauth memory query at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-TOKENAUTH-MEMSELECT" } )
2024-06-25 01:32:47 +01:00
}
return
}
2024-06-21 19:17:45 +01:00
if appIdCheck != appId {
2024-04-26 21:12:56 +01:00
c . JSON ( 401 , gin . H { "error" : "OAuth screening failed" } )
return
}
2024-06-21 19:17:45 +01:00
if verifyCode {
if PKCECode == "none" {
c . JSON ( 400 , gin . H { "error" : "Attempted PKCECode exchange with non-PKCECode authentication" } )
2024-04-26 21:12:56 +01:00
return
} else {
2024-06-21 19:17:45 +01:00
if PKCEMethod == "S256" {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
if sha256Base64 ( codeVerify ) != PKCECode {
2024-06-25 01:19:49 +01:00
c . JSON ( 403 , gin . H { "error" : "Invalid PKCECode code" } )
2024-04-26 21:12:56 +01:00
return
}
2024-06-21 19:17:45 +01:00
} else if PKCEMethod == "plain" {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
if codeVerify != PKCECode {
2024-06-25 01:19:49 +01:00
c . JSON ( 403 , gin . H { "error" : "Invalid PKCECode code" } )
2024-04-26 21:12:56 +01:00
return
}
} else {
2024-06-25 01:19:49 +01:00
c . JSON ( 403 , gin . H { "error" : "Attempted PKCECode exchange without supported PKCECode token method" } )
2024-04-26 21:12:56 +01:00
return
}
}
} else {
2024-06-21 19:17:45 +01:00
if secret != secretCheck {
2024-04-26 21:12:56 +01:00
c . JSON ( 401 , gin . H { "error" : "Invalid secret" } )
return
}
}
2024-06-25 01:35:05 +01:00
_ , err = mem . Exec ( "DELETE FROM logins WHERE loginToken = ?" , loginCode )
2024-06-25 01:19:49 +01:00
if err != nil {
log . Println ( "[ERROR] Unknown in /api/tokenauth delete at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-TOKENAUTH-DELETE" } )
2024-06-25 01:19:49 +01:00
return
}
2024-06-25 01:16:41 +01:00
c . JSON ( 200 , gin . H { "access_token" : loginCode , "token_type" : "bearer" , "expires_in" : 2592000 , "id_token" : openid } )
2024-04-26 21:12:56 +01:00
} )
router . POST ( "/api/deleteauth" , func ( c * gin . Context ) {
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
secretKey , ok := data [ "secretKey" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
appId , ok := data [ "appId" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
_ , id , err := getSession ( secretKey )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Invalid session" } )
2024-04-26 21:12:56 +01:00
return
}
2024-04-28 21:24:50 +01:00
_ , err = conn . Exec ( "DELETE FROM oauth WHERE appId = ? AND creator = ?" , appId , id )
2024-04-26 21:12:56 +01:00
if err != nil {
2024-04-28 21:24:50 +01:00
if errors . Is ( err , sql . ErrNoRows ) {
2024-04-26 21:12:56 +01:00
c . JSON ( 400 , gin . H { "error" : "AppID Not found" } )
} else {
2024-05-03 19:07:28 +01:00
log . Println ( "[ERROR] Unknown in /api/deleteauth at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-DELETEAUTH-DELETE" } )
2024-04-26 21:12:56 +01:00
}
} else {
c . JSON ( 200 , gin . H { "success" : "true" } )
}
} )
router . POST ( "/api/newauth" , func ( c * gin . Context ) {
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
secretKey , ok := data [ "secretKey" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
name , ok := data [ "name" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
redirectUri , ok := data [ "redirectUri" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
_ , id , err := getSession ( secretKey )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Invalid session" } )
2024-04-26 21:12:56 +01:00
return
}
2024-05-06 12:53:04 +01:00
var testsecret , testappid string
2024-06-21 19:17:45 +01:00
secret , err := genSalt ( 512 )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/newauth secretgen at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-SECRETGEN" } )
2024-06-21 19:17:45 +01:00
return
}
2024-04-26 21:12:56 +01:00
for {
err := conn . QueryRow ( "SELECT secret FROM oauth WHERE secret = ?" , secret ) . Scan ( & testsecret )
if err != nil {
2024-04-28 21:24:50 +01:00
if errors . Is ( err , sql . ErrNoRows ) {
2024-04-26 21:12:56 +01:00
break
} else {
2024-05-03 19:07:28 +01:00
log . Println ( "[ERROR] Unknown in /api/newauth secretselect at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-SECRETSELECT" } )
2024-04-26 21:12:56 +01:00
return
}
} else {
2024-06-21 19:17:45 +01:00
secret , err = genSalt ( 512 )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/newauth secretgen at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-SECRETGEN" } )
2024-06-21 19:17:45 +01:00
return
}
2024-04-26 21:12:56 +01:00
}
}
2024-06-21 19:17:45 +01:00
appId , err := genSalt ( 32 )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/newauth appidgen at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-APPIDGEN" } )
2024-06-21 19:17:45 +01:00
return
}
2024-05-06 12:53:04 +01:00
for {
err = conn . QueryRow ( "SELECT appId FROM oauth WHERE appId = ?" , appId ) . Scan ( & testappid )
if err != nil {
if errors . Is ( err , sql . ErrNoRows ) {
log . Println ( "[Info] New Oauth source added with ID:" , appId )
break
} else {
log . Println ( "[ERROR] Unknown in /api/newauth appidcheck at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-APPIDCHECK" } )
2024-05-06 12:53:04 +01:00
return
}
2024-04-26 21:12:56 +01:00
} else {
2024-06-21 19:17:45 +01:00
appId , err = genSalt ( 32 )
if err != nil {
log . Println ( "[ERROR] Unknown in /api/newauth appidgen at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-LAPPIDGEN" } )
2024-06-21 19:17:45 +01:00
return
}
2024-04-26 21:12:56 +01:00
}
}
2024-06-21 19:17:45 +01:00
_ , err = conn . Exec ( "INSERT INTO oauth (name, appId, creator, secret, redirectUri) VALUES (?, ?, ?, ?, ?)" , name , appId , id , secret , redirectUri )
2024-04-28 21:24:50 +01:00
if err != nil {
2024-05-03 19:07:28 +01:00
log . Println ( "[ERROR] Unknown in /api/newauth insert at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-INSERT" } )
2024-04-28 21:24:50 +01:00
return
}
2024-04-26 21:12:56 +01:00
2024-05-06 12:53:04 +01:00
c . JSON ( 200 , gin . H { "key" : secret , "appId" : appId } )
2024-04-26 21:12:56 +01:00
} )
router . POST ( "/api/listauth" , func ( c * gin . Context ) {
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
secretKey , ok := data [ "secretKey" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
_ , id , err := getSession ( secretKey )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Invalid session" } )
2024-04-26 21:12:56 +01:00
return
}
2024-05-06 12:53:04 +01:00
rows , err := conn . Query ( "SELECT appId, name, rdiruri FROM oauth WHERE creator = ? ORDER BY creator DESC" , id )
2024-04-26 21:12:56 +01:00
if err != nil {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTAUTH-QUERY" } )
2024-04-26 21:12:56 +01:00
return
}
2024-04-28 21:24:50 +01:00
defer func ( rows * sql . Rows ) {
err := rows . Close ( )
if err != nil {
2024-05-03 19:07:28 +01:00
log . Println ( "[ERROR] Unknown in /api/listauth rows close at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTAUTH-ROWSCLOSE" } )
2024-06-21 19:17:45 +01:00
return
2024-04-28 21:24:50 +01:00
}
} ( rows )
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
var dataTemplate [ ] map [ string ] interface { }
2024-04-26 21:12:56 +01:00
for rows . Next ( ) {
2024-06-21 19:17:45 +01:00
var appId , name , redirectUri string
if err := rows . Scan ( & appId , & name , & redirectUri ) ; err != nil {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTAUTH-SCAN" } )
2024-04-26 21:12:56 +01:00
return
}
2024-06-21 19:17:45 +01:00
template := map [ string ] interface { } { "appId" : appId , "name" : name , "redirectUri" : redirectUri }
dataTemplate = append ( dataTemplate , template )
2024-04-26 21:12:56 +01:00
}
if err := rows . Err ( ) ; err != nil {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTAUTH-ROWSERR" } )
2024-04-26 21:12:56 +01:00
return
}
2024-06-21 19:17:45 +01:00
c . JSON ( 200 , dataTemplate )
2024-04-26 21:12:56 +01:00
} )
router . POST ( "/api/deleteaccount" , func ( c * gin . Context ) {
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
secretKey , ok := data [ "secretKey" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
_ , id , err := getSession ( secretKey )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Session does not exist" } )
2024-04-26 21:12:56 +01:00
return
}
2024-04-28 21:24:50 +01:00
_ , err = conn . Exec ( "DELETE FROM userdata WHERE creator = ?" , id )
2024-04-26 21:12:56 +01:00
if err != nil {
2024-04-28 21:24:50 +01:00
if ! errors . Is ( err , sql . ErrNoRows ) {
2024-06-21 19:17:45 +01:00
log . Println ( "[ERROR] Unknown in /api/deleteaccount userdata at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-DELETEACCT-USERDATA" } )
2024-06-21 19:17:45 +01:00
return
2024-04-26 21:12:56 +01:00
}
}
2024-06-25 01:32:47 +01:00
_ , err = mem . Exec ( "DELETE FROM logins WHERE creator = ?" , id )
2024-06-25 01:19:49 +01:00
if err != nil {
if ! errors . Is ( err , sql . ErrNoRows ) {
log . Println ( "[ERROR] Unknown in /api/deleteaccount logins at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-DELETEACCT-LOGINS" } )
2024-06-25 01:19:49 +01:00
return
}
}
2024-04-26 21:12:56 +01:00
_ , err = conn . Exec ( "DELETE FROM oauth WHERE creator = ?" , id )
if err != nil {
2024-04-28 21:24:50 +01:00
if ! errors . Is ( err , sql . ErrNoRows ) {
2024-05-03 19:07:28 +01:00
log . Println ( "[ERROR] Unknown in /api/deleteuser oauth at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-DELETEUSER-OAUTH" } )
2024-06-21 19:17:45 +01:00
return
2024-04-26 21:12:56 +01:00
}
}
_ , err = conn . Exec ( "DELETE FROM users WHERE id = ?" , id )
if err != nil {
2024-04-28 21:24:50 +01:00
if ! errors . Is ( err , sql . ErrNoRows ) {
2024-06-25 01:19:49 +01:00
log . Println ( "[ERROR] Unknown in /api/deleteuser logins at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-DELETEUSER-USERS" } )
2024-06-21 19:17:45 +01:00
return
2024-04-26 21:12:56 +01:00
}
}
c . JSON ( 200 , gin . H { "success" : "true" } )
} )
router . POST ( "/api/sessions/list" , func ( c * gin . Context ) {
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
secretKey , ok := data [ "secretKey" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
_ , id , err := getSession ( secretKey )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Session does not exist" } )
2024-04-26 21:12:56 +01:00
return
}
rows , err := conn . Query ( "SELECT sessionid, session, device FROM sessions WHERE id = ? ORDER BY id DESC" , id )
if err != nil {
2024-04-28 21:24:50 +01:00
if ! errors . Is ( err , sql . ErrNoRows ) {
2024-05-03 19:07:28 +01:00
log . Println ( "[ERROR] Unknown in /api/sessions/list at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SESSIONS-LIST" } )
2024-06-21 19:17:45 +01:00
return
2024-04-26 21:12:56 +01:00
}
}
2024-04-28 21:24:50 +01:00
defer func ( rows * sql . Rows ) {
err := rows . Close ( )
if err != nil {
2024-05-03 19:07:28 +01:00
log . Println ( "[ERROR] Unknown in /api/sessions/list rows close at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SESSIONS-LIST-ROWSCLOSE" } )
2024-06-21 19:17:45 +01:00
return
2024-04-28 21:24:50 +01:00
}
} ( rows )
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
var dataTemplate [ ] map [ string ] interface { }
2024-04-26 21:12:56 +01:00
for rows . Next ( ) {
2024-06-21 19:17:45 +01:00
var id , sessionId , device string
2024-04-26 21:12:56 +01:00
thisSession := false
2024-06-21 19:17:45 +01:00
if err := rows . Scan ( & id , & sessionId , & device ) ; err != nil {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SESSIONS-LIST-SCAN" } )
2024-04-26 21:12:56 +01:00
return
}
2024-06-21 19:17:45 +01:00
if sessionId == secretKey {
2024-04-26 21:12:56 +01:00
thisSession = true
}
2024-06-21 19:17:45 +01:00
template := map [ string ] interface { } { "id" : sessionId , "thisSession" : thisSession , "device" : device }
dataTemplate = append ( dataTemplate , template )
2024-04-26 21:12:56 +01:00
}
if err := rows . Err ( ) ; err != nil {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SESSIONS-LIST-ERR" } )
2024-04-26 21:12:56 +01:00
return
}
2024-06-21 19:17:45 +01:00
c . JSON ( 200 , dataTemplate )
2024-04-26 21:12:56 +01:00
} )
router . POST ( "/api/sessions/remove" , func ( c * gin . Context ) {
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
secretKey , ok := data [ "secretKey" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
sessionId , ok := data [ "sessionId" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
2024-06-21 19:17:45 +01:00
_ , id , err := getSession ( secretKey )
if err != nil {
c . JSON ( 401 , gin . H { "error" : "Session does not exist" } )
2024-04-26 21:12:56 +01:00
return
}
2024-04-28 21:24:50 +01:00
_ , err = conn . Exec ( "DELETE FROM sessions WHERE sessionid = ? AND id = ?" , sessionId , id )
2024-04-26 21:12:56 +01:00
if err != nil {
2024-04-28 21:24:50 +01:00
if errors . Is ( err , sql . ErrNoRows ) {
2024-04-26 21:12:56 +01:00
c . JSON ( 422 , gin . H { "error" : "SessionID Not found" } )
} else {
2024-05-03 19:07:28 +01:00
log . Println ( "[ERROR] Unknown in /api/sessions/remove at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SESSIONS-REMOVE" } )
2024-04-26 21:12:56 +01:00
}
} else {
c . JSON ( 200 , gin . H { "success" : "true" } )
}
} )
router . POST ( "/api/listusers" , func ( c * gin . Context ) {
var data map [ string ] interface { }
2024-04-28 21:24:50 +01:00
err := c . ShouldBindJSON ( & data )
if err != nil {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
masterKey , ok := data [ "masterKey" ] . ( string )
if ! ok {
c . JSON ( 400 , gin . H { "error" : "Invalid JSON" } )
return
}
2024-04-26 21:12:56 +01:00
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
if masterKey == SecretKey {
2024-04-26 21:12:56 +01:00
rows , err := conn . Query ( "SELECT * FROM users ORDER BY id DESC" )
if err != nil {
2024-04-28 21:24:50 +01:00
if ! errors . Is ( err , sql . ErrNoRows ) {
2024-05-03 19:07:28 +01:00
log . Println ( "[ERROR] Unknown in /api/listusers at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTUSERS-QUERY" } )
2024-06-21 19:17:45 +01:00
return
2024-04-26 21:12:56 +01:00
}
}
2024-04-28 21:24:50 +01:00
defer func ( rows * sql . Rows ) {
err := rows . Close ( )
if err != nil {
2024-05-03 19:07:28 +01:00
log . Println ( "[ERROR] Unknown in /api/listusers rows close at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTUSERS-ROWSCLOSE" } )
2024-06-21 19:17:45 +01:00
return
2024-04-28 21:24:50 +01:00
}
} ( rows )
2024-04-26 21:12:56 +01:00
var datatemplate [ ] map [ string ] interface { }
for rows . Next ( ) {
var id , username string
if err := rows . Scan ( & id , & username ) ; err != nil {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTUSERS-SCAN" } )
2024-04-26 21:12:56 +01:00
return
}
template := map [ string ] interface { } { "id" : id , "username" : username }
datatemplate = append ( datatemplate , template )
}
if err := rows . Err ( ) ; err != nil {
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTUSERS-ERR" } )
2024-04-26 21:12:56 +01:00
return
}
c . JSON ( 200 , datatemplate )
}
} )
2024-05-03 19:07:28 +01:00
router . GET ( "/.well-known/jwks.json" , func ( c * gin . Context ) {
2024-05-04 18:36:39 +01:00
mod , err := BigIntToBase64URL ( modulus )
2024-05-04 16:15:40 +01:00
if err != nil {
log . Println ( "[ERROR] Unknown in /well-known/jwks.json modulus at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-JWKS-MODULUS" } )
2024-05-04 16:15:40 +01:00
return
}
2024-05-04 18:36:39 +01:00
exp , err := Int64ToBase64URL ( int64 ( exponent ) )
2024-05-04 16:15:40 +01:00
if err != nil {
log . Println ( "[ERROR] Unknown in /well-known/jwks.json exponent at" , strconv . FormatInt ( time . Now ( ) . Unix ( ) , 10 ) + ":" , err )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
c . JSON ( 500 , gin . H { "error" : "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-JWKS-EXPONENT" } )
2024-05-04 16:15:40 +01:00
return
}
2024-05-03 19:07:28 +01:00
keys := gin . H {
"keys" : [ ] gin . H {
{
"kty" : "RSA" ,
"alg" : "RS256" ,
"use" : "sig" ,
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
"kid" : keyid ,
2024-05-04 16:15:40 +01:00
"n" : mod ,
"e" : exp ,
2024-05-03 19:07:28 +01:00
} ,
} ,
}
c . JSON ( 200 , keys )
} )
log . Println ( "[INFO] Server started at" , time . Now ( ) . Unix ( ) )
Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.
2024-07-10 18:43:17 +01:00
log . Println ( "[INFO] Welcome to Burgerauth! Today we are running on IP " + Host + " on port " + strconv . Itoa ( Port ) + "." )
err = router . Run ( Host + ":" + strconv . Itoa ( Port ) )
2024-04-28 21:24:50 +01:00
if err != nil {
2024-06-21 19:17:45 +01:00
log . Fatalln ( "[FATAL] Server failed to begin operations at" , time . Now ( ) . Unix ( ) , err )
2024-04-28 21:24:50 +01:00
}
2024-04-26 21:12:56 +01:00
}