Ailur
/
burgerauth
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Added example configuration, updated README.md, updated background image to Public Domain image, updated styles to be in accordance with the New Burgerware Design, fixed pages displaying poorly on phones, fixed server panics being caused by incorrect JSON, made it clear AESKeyShare is not in working order, made the application not hard-code the URL, made the application not hard-code the app name, updated the CAPTCHA module to the newest version and URL, removed crypto-js, removed unneeded broken code left over from Burgernotes, removed unneeded CSS left over from Burgernotes, made page titles consistant, changed some formatting to be using camel instead of snake case, fixed various JS bad-practices, used a really long commit message.

This commit is contained in:
Tracker-Friendly 2024-07-10 18:43:17 +01:00
parent f29a4de59c
commit 9cb2e309de
21 changed files with 425 additions and 2204 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@ -4,7 +4,17 @@ Burgerauth is a free-and-open-source OAuth2/OIDC (or as I've taken to calling it
## Ok, that's great, how do I host my own instance?
First, replace the domains in the source code and templates with your own (a domain is required, not just an IP). Second, copy config.ini.example to config.ini then tweak to your liking. Third, run `go build`, and fourth, run `./burgerauth`. Read ERRORS.md to see how to handle server errors.
First, replace the domains in the source code and templates with your own (a domain is required, not just an IP).
Second, copy config.ini.example to config.ini then tweak to your liking, making sure to point to a valid path for where you are going to generate your RSA keypair.
Third, run `go build`.
Fourth, generate a RSA keypair using
`openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:2048`
`openssl rsa -pubout -in private.pem -out public.pem`
Fifth, run `./burgerauth`. Read ERRORS.md to see how to handle server errors.
## What if I am a developer?
@ -16,4 +26,4 @@ Yes.
## What do you mean "OAuth2 + OIDC"?
OIDC is not a protocol in of itself, but rather an extension on top of a fully working OAuth2 system, made useful by the OAuth2 protocol and JWK token protocol.
OIDC is not a protocol in of itself, but rather an extension on top of a fully working OAuth2 system, made useful by the OAuth2 protocol and JWK token protocol.

18
config.ini.example Normal file
View File

@ -0,0 +1,18 @@
[config]
# This is the IP burgerauth runs on. Leave as default to access outside of your server and use 127.0.0.1 for a reverse-proxy.
HOST = 0.0.0.0
# This is the host burgerauth runs on. Use this for an internal reverse-proxy or change to port 80 to allow HTTP communication (not recommended).
PORT = 8080
# Change this to a random stream of characters, as long as possible. It is used for AES security.
SECRET_KEY = supersecretkey
# Change these to the actual path of your keys. To generate them, view README.md.
PUBLIC_KEY = keys/public.pem
PRIVATE_KEY = keys/private.pem
# This is the URI to the privacy policy. Leave as default to use the default burgerauth policy.
PRIVACY_POLICY = https://concord.hectabit.org/Paperwork/Burgerauth/src/commit/3a58ec33ead87aadd542c5838b3162ed6cedc044/Privacy.md
# This is the URL the server is running on. Change this to your URL. This must be the URL in front of your reverse-proxy, and should not be an IP as to enforce HTTPS.
URL = https://auth.hectabit.org
# This is the name of the program you wish users to see.
IDENTIFIER = Burgerauth
# This is the identifier for your key in JWK. It is ok to set it to a random string of characters.
KEY_ID = burgerauth

2
go.mod
View File

@ -3,7 +3,7 @@ module hectabit.org/burgerauth
go 1.22
require (
centrifuge.hectabit.org/HectaBit/captcha v1.4.4
concord.hectabit.org/HectaBit/captcha v1.4.5
github.com/dgrijalva/jwt-go v3.2.0+incompatible
github.com/gin-contrib/sessions v1.0.1
github.com/gin-gonic/gin v1.9.1

4
go.sum
View File

@ -1,5 +1,5 @@
centrifuge.hectabit.org/HectaBit/captcha v1.4.4 h1:WLGIy4hkwwps8V1j+LFCfdMOrSEmhlEzFqvt9xdW/VY=
centrifuge.hectabit.org/HectaBit/captcha v1.4.4/go.mod h1:QptuIyO9HKPi/rXn6g/c7BOWIlq0hjbVGm6V732EVyo=
concord.hectabit.org/HectaBit/captcha v1.4.5 h1:kMqT0ZUPb/YZr1VDw9L1Dqpe/hzy3Cw7QhCahW6PNdM=
concord.hectabit.org/HectaBit/captcha v1.4.5/go.mod h1:PaJDe3Nrjl2WZOYmkYpefwJ9dMP+BvV+M1VWot4/I04=
github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
github.com/bytedance/sonic v1.10.0-rc/go.mod h1:ElCzW+ufi8qKqNW0FY314xriJhyJhuoJ3gFZdAHF7NM=
github.com/bytedance/sonic v1.11.3 h1:jRN+yEjakWh8aK5FzrciUHG8OFXK+4/KrAX/ysEtHAA=

343
main.go
View File

@ -15,6 +15,7 @@ import (
"encoding/pem"
"errors"
"fmt"
"github.com/dgrijalva/jwt-go"
"log"
"math/big"
"os"
@ -23,8 +24,7 @@ import (
"strings"
"time"
"centrifuge.hectabit.org/HectaBit/captcha"
"github.com/dgrijalva/jwt-go"
"concord.hectabit.org/HectaBit/captcha"
"github.com/gin-contrib/sessions"
"github.com/gin-contrib/sessions/cookie"
"github.com/gin-gonic/gin"
@ -65,7 +65,7 @@ func BigIntToBase64URL(num *big.Int) (string, error) {
return encoded, nil
}
const salt_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
const saltChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
func genSalt(length int) (string, error) {
if length <= 0 {
@ -80,7 +80,7 @@ func genSalt(length int) (string, error) {
}
for i := range salt {
salt[i] = salt_chars[int(randomBytes[i])%len(salt_chars)]
salt[i] = saltChars[int(randomBytes[i])%len(saltChars)]
}
return string(salt), nil
}
@ -105,8 +105,8 @@ func hash(password, salt string) (string, error) {
return hashString, nil
}
func verifyHash(werkzeug_hash, password string) (bool, error) {
parts := strings.Split(werkzeug_hash, "$")
func verifyHash(werkzeugHash, password string) (bool, error) {
parts := strings.Split(werkzeugHash, "$")
if len(parts) != 3 || parts[0] != "scrypt:32768:8:1" {
return false, nil
}
@ -116,7 +116,7 @@ func verifyHash(werkzeug_hash, password string) (bool, error) {
return false, err
}
return werkzeug_hash == computedHash, nil
return werkzeugHash == computedHash, nil
}
func getUser(id int) (string, string, string, string, error) {
@ -156,7 +156,7 @@ func checkUsernameTaken(username string) (int, bool, error) {
return id, true, nil
}
func init_db() {
func initDb() {
if _, err := os.Stat("database.db"); os.IsNotExist(err) {
if err := generateDB(); err != nil {
log.Println("[ERROR] Unknown while generating database at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
@ -231,13 +231,17 @@ func main() {
os.Exit(1)
}
HOST := viper.GetString("config.HOST")
PORT := viper.GetInt("config.PORT")
SECRET_KEY := viper.GetString("config.SECRET_KEY")
PUBLIC_KEY_PATH := viper.GetString("config.PUBLIC_KEY")
PRIVATE_KEY_PATH := viper.GetString("config.PRIVATE_KEY")
Host := viper.GetString("config.HOST")
Port := viper.GetInt("config.PORT")
privacyPolicy := viper.GetString("config.PRIVACY_POLICY")
hostName := viper.GetString("config.URL")
identifier := viper.GetString("config.IDENTIFIER")
keyid := viper.GetString("config.KEY_ID")
SecretKey := viper.GetString("config.SECRET_KEY")
PublicKeyPath := viper.GetString("config.PUBLIC_KEY")
PrivateKeyPath := viper.GetString("config.PRIVATE_KEY")
if SECRET_KEY == "supersecretkey" {
if SecretKey == "supersecretkey" {
log.Println("[WARNING] Secret key not set. Please set the secret key to a non-default value.")
}
@ -254,7 +258,7 @@ func main() {
if len(os.Args) > 1 {
if os.Args[1] == "init_db" {
init_db()
initDb()
os.Exit(0)
}
}
@ -275,7 +279,7 @@ func main() {
log.Fatalln("[FATAL] Cannot create logins table at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
}
privateKeyFile, err := os.ReadFile(PRIVATE_KEY_PATH)
privateKeyFile, err := os.ReadFile(PrivateKeyPath)
if err != nil {
log.Fatal("[ERROR] Cannot read private key:", err)
}
@ -296,7 +300,7 @@ func main() {
log.Fatal("[ERROR] Failed to convert private key to RSA private key")
}
pubKeyFile, err := os.ReadFile(PUBLIC_KEY_PATH)
pubKeyFile, err := os.ReadFile(PublicKeyPath)
if err != nil {
log.Fatal("[ERROR] Cannot read public key:", err)
}
@ -321,7 +325,7 @@ func main() {
gin.SetMode(gin.ReleaseMode)
router := gin.New()
store := cookie.NewStore([]byte(SECRET_KEY))
store := cookie.NewStore([]byte(SecretKey))
router.Use(sessions.Sessions("currentSession", store))
// Enable CORS
@ -348,7 +352,7 @@ func main() {
})
router.GET("/login", func(c *gin.Context) {
c.HTML(200, "login.html", gin.H{})
c.HTML(200, "login.html", gin.H{"privacy": privacyPolicy, "identifier": identifier})
})
router.GET("/signup", func(c *gin.Context) {
@ -356,7 +360,7 @@ func main() {
sessionId, err := genSalt(512)
if err != nil {
fmt.Println("[ERROR] Failed to generate session token at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.String(500, "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-SIGNUP-SESSION-GEN")
c.String(500, "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-SIGNUP-SESSION-GEN")
return
}
session.Options(sessions.Options{
@ -386,11 +390,13 @@ func main() {
c.HTML(200, "signup.html", gin.H{
"captcha_image": base64.StdEncoding.EncodeToString(b64bytes.Bytes()),
"unique_token": sessionId,
"privacy": privacyPolicy,
"identifier": identifier,
})
})
router.GET("/logout", func(c *gin.Context) {
c.HTML(200, "logout.html", gin.H{})
c.HTML(200, "logout.html", gin.H{"identifier": identifier})
})
router.GET("/app", func(c *gin.Context) {
@ -407,29 +413,37 @@ func main() {
return
}
}
c.HTML(200, "main.html", gin.H{"name": name})
c.HTML(200, "main.html", gin.H{"name": name, "identifier": identifier})
})
router.GET("/dashboard", func(c *gin.Context) {
c.HTML(200, "dashboard.html", gin.H{})
c.HTML(200, "dashboard.html", gin.H{"identifier": identifier})
})
router.GET("/account", func(c *gin.Context) {
c.HTML(200, "acct.html", gin.H{})
c.HTML(200, "acct.html", gin.H{"identifier": identifier})
})
router.GET("/aeskeyshare", func(c *gin.Context) {
c.HTML(200, "aeskeyshare.html", gin.H{})
c.HTML(200, "aeskeyshare.html", gin.H{"identifier": identifier})
})
router.GET("/privacy", func(c *gin.Context) {
c.Redirect(301, privacyPolicy)
})
router.GET("/.well-known/openid-configuration", func(c *gin.Context) {
c.HTML(200, "openid.html", gin.H{})
c.HTML(200, "openid.html", gin.H{"hostName": hostName})
})
router.GET("/api/version", func(c *gin.Context) {
c.String(200, "Burgerauth Version 1.3")
})
router.GET("/api/servicename", func(c *gin.Context) {
c.JSON(200, gin.H{"name": identifier})
})
router.POST("/api/signup", func(c *gin.Context) {
var data map[string]interface{}
err := c.ShouldBindJSON(&data)
@ -439,10 +453,20 @@ func main() {
return
}
username := data["username"].(string)
password := data["password"].(string)
username, ok := data["username"].(string)
if !ok {
c.JSON(400, gin.H{"error": "Invalid JSON"})
return
}
password, ok := data["password"].(string)
if !ok {
c.JSON(400, gin.H{"error": "Invalid JSON"})
return
}
if data["unique_token"].(string) != session.Get("unique_token") {
log.Println("yes, it's this error")
log.Println(session.Get("unique_token"), data["unique_token"])
c.JSON(403, gin.H{"error": "Invalid token"})
return
}
@ -459,7 +483,7 @@ func main() {
_, taken, err := checkUsernameTaken(username)
if err != nil {
log.Println("[ERROR] Unknown in /api/signup checkUsernameTaken() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-CHECKUSERNAME"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-CHECKUSERNAME"})
return
}
if taken {
@ -470,20 +494,20 @@ func main() {
salt, err := genSalt(16)
if err != nil {
log.Println("[ERROR] Unknown in /api/signup genSalt() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-SALT"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-SALT"})
return
}
hashedPassword, err := hash(password, salt)
if err != nil {
log.Println("[ERROR] Unknown in /api/signup hash() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-HASH"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-HASH"})
return
}
sub, err := genSalt(255)
if err != nil {
log.Println("[ERROR] Unknown in /api/signup genSalt() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-SUB"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-SUB"})
return
}
_, err = conn.Exec("INSERT INTO users (username, password, created, uniqueid) VALUES (?, ?, ?, ?)", username, hashedPassword, strconv.FormatInt(time.Now().Unix(), 10), sub)
@ -496,21 +520,21 @@ func main() {
userid, _, err := checkUsernameTaken(username)
if err != nil {
log.Println("[ERROR] Unknown in /api/signup checkUsernameTaken() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-CHECKUSERNAME"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-CHECKUSERNAME"})
return
}
randomChars, err := genSalt(512)
if err != nil {
log.Println("[ERROR] Unknown in /api/signup token genSalt() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-SESSIONSALT"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-SESSIONSALT"})
return
}
_, err = conn.Exec("INSERT INTO sessions (session, id, device) VALUES (?, ?, ?)", randomChars, userid, c.Request.Header.Get("User-Agent"))
if err != nil {
log.Println("[ERROR] Unknown in /api/signup session Exec() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-SESSIONINSERT"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SIGNUP-SESSIONINSERT"})
return
}
@ -525,15 +549,30 @@ func main() {
return
}
username := data["username"].(string)
password := data["password"].(string)
passwordChange := data["password"].(string)
newPass := data["password"].(string)
username, ok := data["username"].(string)
if !ok {
c.JSON(400, gin.H{"error": "Invalid JSON"})
return
}
password, ok := data["password"].(string)
if !ok {
c.JSON(400, gin.H{"error": "Invalid JSON"})
return
}
passwordChange, ok := data["password"].(string)
if !ok {
c.JSON(400, gin.H{"error": "Invalid JSON"})
return
}
newPass, ok := data["password"].(string)
if !ok {
c.JSON(400, gin.H{"error": "Invalid JSON"})
return
}
userid, taken, err := checkUsernameTaken(username)
if err != nil {
log.Println("[ERROR] Unknown in /api/login checkUsernameTaken() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-CHECKUSERNAME"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-CHECKUSERNAME"})
return
}
if !taken {
@ -544,14 +583,14 @@ func main() {
_, _, userPassword, _, err := getUser(userid)
if err != nil {
log.Println("[ERROR] Unknown in /api/login getUser() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-GETUSER"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-GETUSER"})
return
}
passwordCheck, err := verifyHash(userPassword, password)
if err != nil {
log.Println("[ERROR] Unknown in /api/login password check at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-PASSWORDCHECK"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-PASSWORDCHECK"})
return
}
if !passwordCheck {
@ -562,14 +601,14 @@ func main() {
randomChars, err := genSalt(512)
if err != nil {
log.Println("[ERROR] Unknown in /api/login token genSalt() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-SESSIONSALT"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-SESSIONSALT"})
return
}
_, err = conn.Exec("INSERT INTO sessions (session, id, device) VALUES (?, ?, ?)", randomChars, userid, c.Request.Header.Get("User-Agent"))
if err != nil {
log.Println("[ERROR] Unknown in /api/login session creation at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-SESSIONINSERT"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-SESSIONINSERT"})
return
}
@ -577,13 +616,13 @@ func main() {
hashPassword, err := hash(newPass, "")
if err != nil {
log.Println("[ERROR] Unknown in /api/login password hash at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-PASSWORDHASH"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-PASSWORDHASH"})
return
}
_, err = conn.Exec("UPDATE users SET password = ? WHERE username = ?", hashPassword, username)
if err != nil {
log.Println("[ERROR] Unknown in /api/login password change at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-PASSWORDCHANGE"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGIN-PASSWORDCHANGE"})
return
}
}
@ -599,7 +638,11 @@ func main() {
return
}
secretKey := data["secretKey"].(string)
secretKey, ok := data["secretKey"].(string)
if !ok {
c.JSON(400, gin.H{"error": "Invalid JSON"})
return
}
_, userid, err := getSession(secretKey)
if errors.Is(err, sql.ErrNoRows) {
@ -613,7 +656,7 @@ func main() {
return
} else if err != nil {
log.Println("[ERROR] Unknown in /api/userinfo getUser() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-USERINFO-GETUSER"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-USERINFO-GETUSER"})
return
}
@ -642,7 +685,7 @@ func main() {
} else {
if !errors.Is(err, sql.ErrNoRows) {
log.Println("[ERROR] Unknown in /userinfo blacklist at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-USERINFO-BLACKLIST"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-USERINFO-BLACKLIST"})
return
}
}
@ -686,7 +729,7 @@ func main() {
return
} else if err != nil {
log.Println("[ERROR] Unknown in /userinfo getUser() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-USERINFO-GETUSER"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-USERINFO-GETUSER"})
return
}
@ -701,7 +744,11 @@ func main() {
return
}
token := data["access_token"].(string)
token, ok := data["access_token"].(string)
if !ok {
c.JSON(400, gin.H{"error": "Invalid JSON"})
return
}
var blacklisted bool
err = conn.QueryRow("SELECT blacklisted FROM blacklist WHERE token = ? LIMIT 1", token).Scan(&blacklisted)
@ -711,7 +758,7 @@ func main() {
} else {
if !errors.Is(err, sql.ErrNoRows) {
log.Println("[ERROR] Unknown in /api/sub blacklist at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-UNIQUEID-BLACKLIST"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-UNIQUEID-BLACKLIST"})
return
}
}
@ -726,8 +773,6 @@ func main() {
}
var claims jwt.MapClaims
var ok bool
if parsedToken.Valid {
claims, ok = parsedToken.Claims.(jwt.MapClaims)
if !ok {
@ -755,7 +800,7 @@ func main() {
return
} else if err != nil {
log.Println("[ERROR] Unknown in /api/userinfo getUser() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-UNIQUEID-GETUSER"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-UNIQUEID-GETUSER"})
return
}
@ -770,7 +815,11 @@ func main() {
return
}
token := data["access_token"].(string)
token, ok := data["access_token"].(string)
if !ok {
c.JSON(400, gin.H{"error": "Invalid JSON"})
return
}
var blacklisted bool
err = conn.QueryRow("SELECT blacklisted FROM blacklist WHERE token = ? LIMIT 1", token).Scan(&blacklisted)
if err == nil {
@ -779,7 +828,7 @@ func main() {
} else {
if !errors.Is(err, sql.ErrNoRows) {
log.Println("[ERROR] Unknown in /api/loggedin blacklist at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGGEDIN-BLACKLIST"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LOGGEDIN-BLACKLIST"})
return
}
}
@ -794,8 +843,6 @@ func main() {
}
var claims jwt.MapClaims
var ok bool
if parsedToken.Valid {
claims, ok = parsedToken.Claims.(jwt.MapClaims)
if !ok {
@ -825,7 +872,7 @@ func main() {
appId := c.Request.URL.Query().Get("client_id")
code := c.Request.URL.Query().Get("code_challenge")
codeMethod := c.Request.URL.Query().Get("code_challenge_method")
redirect_uri := c.Request.URL.Query().Get("redirect_uri")
redirectUri := c.Request.URL.Query().Get("redirect_uri")
state := c.Request.URL.Query().Get("state")
nonce := c.Request.URL.Query().Get("nonce")
deny := c.Request.URL.Query().Get("deny")
@ -839,18 +886,18 @@ func main() {
c.String(401, "OAuth screening failed")
} else {
log.Println("[ERROR] Unknown in /api/auth at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.String(500, "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-SELECT")
c.String(500, "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-SELECT")
}
return
}
if !(redirectUriCheck == redirect_uri) {
if !(redirectUriCheck == redirectUri) {
c.String(401, "Redirect URI does not match")
return
}
if deny == "true" {
c.Redirect(302, redirect_uri+"?error=access_denied&state="+state)
c.Redirect(302, redirectUri+"?error=access_denied&state="+state)
return
}
@ -864,7 +911,7 @@ func main() {
nonce, err = genSalt(512)
if err != nil {
log.Println("[ERROR] Unknown in /api/auth nonce genSalt() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.String(500, "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-NONCE")
c.String(500, "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-NONCE")
return
}
}
@ -881,13 +928,13 @@ func main() {
return
} else if err != nil {
log.Println("[ERROR] Unknown in /api/userinfo getUser() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.String(500, "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-GETUSER")
c.String(500, "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-GETUSER")
return
}
dataTemplate := jwt.MapClaims{
"sub": sub[:255],
"iss": "https://auth.hectabit.org",
"iss": hostName,
"name": username,
"aud": appId,
"exp": time.Now().Unix() + 2592000,
@ -907,47 +954,47 @@ func main() {
tokenTemp := jwt.NewWithClaims(jwt.SigningMethodRS256, dataTemplate)
tokenTemp.Header["kid"] = "burgerauth"
jwt_token, err := tokenTemp.SignedString(privateKey)
jwtToken, err := tokenTemp.SignedString(privateKey)
if err != nil {
log.Println("[ERROR] Unknown in /api/auth jwt_token at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.String(500, "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-JWTCANNOTSIGN")
c.String(500, "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-JWTCANNOTSIGN")
return
}
secretTemp := jwt.NewWithClaims(jwt.SigningMethodRS256, dataTemplateTwo)
secretTemp.Header["kid"] = "burgerauth"
secret_token, err := secretTemp.SignedString(privateKey)
secretToken, err := secretTemp.SignedString(privateKey)
if err != nil {
log.Println("[ERROR] Unknown in /api/auth secret_token at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.String(500, "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-JWTCANNOTSIGN.")
c.String(500, "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-JWTCANNOTSIGN.")
return
}
randomBytes, err := genSalt(512)
if err != nil {
log.Println("[ERROR] Unknown in /api/auth randomBytes at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.String(500, "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-RANDOMBYTES.")
c.String(500, "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-RANDOMBYTES.")
return
}
_, err = mem.Exec("DELETE FROM logins WHERE creator = ?", userid)
if err != nil {
log.Println("[ERROR] Unknown in /api/auth delete at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.String(500, "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-DELETE.")
c.String(500, "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-DELETE.")
return
}
_, err = mem.Exec("INSERT INTO logins (appId, exchangeCode, loginToken, creator, openid, pkce, pkcemethod) VALUES (?, ?, ?, ?, ?, ?, ?)", appId, randomBytes, secret_token, userid, jwt_token, code, codeMethod)
_, err = mem.Exec("INSERT INTO logins (appId, exchangeCode, loginToken, creator, openid, pkce, pkcemethod) VALUES (?, ?, ?, ?, ?, ?, ?)", appId, randomBytes, secretToken, userid, jwtToken, code, codeMethod)
if err != nil {
log.Println("[ERROR] Unknown in /api/auth insert at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.String(500, "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-INSERT.")
c.String(500, "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-INSERT.")
return
}
if randomBytes != "" {
c.Redirect(302, redirect_uri+"?code="+randomBytes+"&state="+state)
c.Redirect(302, redirectUri+"?code="+randomBytes+"&state="+state)
} else {
c.String(500, "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-REDIRECT.")
c.String(500, "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-REDIRECT.")
log.Println("[ERROR] Secret key not found at", strconv.FormatInt(time.Now().Unix(), 10))
}
})
@ -962,11 +1009,11 @@ func main() {
appId := data.Get("client_id")
code := data.Get("code")
code_verify := data.Get("code_verifier")
codeVerify := data.Get("code_verifier")
secret := data.Get("client_secret")
var verifyCode bool
if code_verify == "" {
if codeVerify == "" {
verifyCode = false
} else {
verifyCode = true
@ -980,7 +1027,7 @@ func main() {
c.JSON(401, gin.H{"error": "OAuth screening failed"})
} else {
log.Println("[ERROR] Unknown in /api/tokenauth at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-TOKENAUTH-SELECT"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-TOKENAUTH-SELECT"})
}
return
}
@ -991,7 +1038,7 @@ func main() {
c.JSON(401, gin.H{"error": "OAuth screening failed"})
} else {
log.Println("[ERROR] Unknown in /api/tokenauth memory query at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-TOKENAUTH-MEMSELECT"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-TOKENAUTH-MEMSELECT"})
}
return
}
@ -1006,12 +1053,12 @@ func main() {
return
} else {
if PKCEMethod == "S256" {
if sha256Base64(code_verify) != PKCECode {
if sha256Base64(codeVerify) != PKCECode {
c.JSON(403, gin.H{"error": "Invalid PKCECode code"})
return
}
} else if PKCEMethod == "plain" {
if code_verify != PKCECode {
if codeVerify != PKCECode {
c.JSON(403, gin.H{"error": "Invalid PKCECode code"})
return
}
@ -1030,7 +1077,7 @@ func main() {
_, err = mem.Exec("DELETE FROM logins WHERE loginToken = ?", loginCode)
if err != nil {
log.Println("[ERROR] Unknown in /api/tokenauth delete at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-TOKENAUTH-DELETE"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-TOKENAUTH-DELETE"})
return
}
@ -1045,8 +1092,16 @@ func main() {
return
}
secretKey := data["secretKey"].(string)
appId := data["appId"].(string)
secretKey, ok := data["secretKey"].(string)
if !ok {
c.JSON(400, gin.H{"error": "Invalid JSON"})
return
}
appId, ok := data["appId"].(string)
if !ok {
c.JSON(400, gin.H{"error": "Invalid JSON"})
return
}
_, id, err := getSession(secretKey)
if err != nil {
@ -1060,7 +1115,7 @@ func main() {
c.JSON(400, gin.H{"error": "AppID Not found"})
} else {
log.Println("[ERROR] Unknown in /api/deleteauth at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-DELETEAUTH-DELETE"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-DELETEAUTH-DELETE"})
}
} else {
c.JSON(200, gin.H{"success": "true"})
@ -1075,9 +1130,21 @@ func main() {
return
}
secretKey := data["secretKey"].(string)
name := data["name"].(string)
redirectUri := data["redirectUri"].(string)
secretKey, ok := data["secretKey"].(string)
if !ok {
c.JSON(400, gin.H{"error": "Invalid JSON"})
return
}
name, ok := data["name"].(string)
if !ok {
c.JSON(400, gin.H{"error": "Invalid JSON"})
return
}
redirectUri, ok := data["redirectUri"].(string)
if !ok {
c.JSON(400, gin.H{"error": "Invalid JSON"})
return
}
_, id, err := getSession(secretKey)
if err != nil {
@ -1089,7 +1156,7 @@ func main() {
secret, err := genSalt(512)
if err != nil {
log.Println("[ERROR] Unknown in /api/newauth secretgen at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-SECRETGEN"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-SECRETGEN"})
return
}
for {
@ -1099,14 +1166,14 @@ func main() {
break
} else {
log.Println("[ERROR] Unknown in /api/newauth secretselect at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-SECRETSELECT"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-SECRETSELECT"})
return
}
} else {
secret, err = genSalt(512)
if err != nil {
log.Println("[ERROR] Unknown in /api/newauth secretgen at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-SECRETGEN"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-SECRETGEN"})
return
}
}
@ -1115,7 +1182,7 @@ func main() {
appId, err := genSalt(32)
if err != nil {
log.Println("[ERROR] Unknown in /api/newauth appidgen at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-APPIDGEN"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-APPIDGEN"})
return
}
@ -1127,14 +1194,14 @@ func main() {
break
} else {
log.Println("[ERROR] Unknown in /api/newauth appidcheck at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-APPIDCHECK"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-APPIDCHECK"})
return
}
} else {
appId, err = genSalt(32)
if err != nil {
log.Println("[ERROR] Unknown in /api/newauth appidgen at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-LAPPIDGEN"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-LAPPIDGEN"})
return
}
}
@ -1143,7 +1210,7 @@ func main() {
_, err = conn.Exec("INSERT INTO oauth (name, appId, creator, secret, redirectUri) VALUES (?, ?, ?, ?, ?)", name, appId, id, secret, redirectUri)
if err != nil {
log.Println("[ERROR] Unknown in /api/newauth insert at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-INSERT"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-NEWAUTH-INSERT"})
return
}
@ -1158,7 +1225,11 @@ func main() {
return
}
secretKey := data["secretKey"].(string)
secretKey, ok := data["secretKey"].(string)
if !ok {
c.JSON(400, gin.H{"error": "Invalid JSON"})
return
}
_, id, err := getSession(secretKey)
if err != nil {
@ -1168,14 +1239,14 @@ func main() {
rows, err := conn.Query("SELECT appId, name, rdiruri FROM oauth WHERE creator = ? ORDER BY creator DESC", id)
if err != nil {
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTAUTH-QUERY"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTAUTH-QUERY"})
return
}
defer func(rows *sql.Rows) {
err := rows.Close()
if err != nil {
log.Println("[ERROR] Unknown in /api/listauth rows close at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTAUTH-ROWSCLOSE"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTAUTH-ROWSCLOSE"})
return
}
}(rows)
@ -1184,14 +1255,14 @@ func main() {
for rows.Next() {
var appId, name, redirectUri string
if err := rows.Scan(&appId, &name, &redirectUri); err != nil {
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTAUTH-SCAN"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTAUTH-SCAN"})
return
}
template := map[string]interface{}{"appId": appId, "name": name, "redirectUri": redirectUri}
dataTemplate = append(dataTemplate, template)
}
if err := rows.Err(); err != nil {
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTAUTH-ROWSERR"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTAUTH-ROWSERR"})
return
}
@ -1206,7 +1277,11 @@ func main() {
return
}
secretKey := data["secretKey"].(string)
secretKey, ok := data["secretKey"].(string)
if !ok {
c.JSON(400, gin.H{"error": "Invalid JSON"})
return
}
_, id, err := getSession(secretKey)
if err != nil {
@ -1218,7 +1293,7 @@ func main() {
if err != nil {
if !errors.Is(err, sql.ErrNoRows) {
log.Println("[ERROR] Unknown in /api/deleteaccount userdata at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-DELETEACCT-USERDATA"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-DELETEACCT-USERDATA"})
return
}
}
@ -1227,7 +1302,7 @@ func main() {
if err != nil {
if !errors.Is(err, sql.ErrNoRows) {
log.Println("[ERROR] Unknown in /api/deleteaccount logins at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-DELETEACCT-LOGINS"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-DELETEACCT-LOGINS"})
return
}
}
@ -1236,7 +1311,7 @@ func main() {
if err != nil {
if !errors.Is(err, sql.ErrNoRows) {
log.Println("[ERROR] Unknown in /api/deleteuser oauth at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-DELETEUSER-OAUTH"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-DELETEUSER-OAUTH"})
return
}
}
@ -1245,7 +1320,7 @@ func main() {
if err != nil {
if !errors.Is(err, sql.ErrNoRows) {
log.Println("[ERROR] Unknown in /api/deleteuser logins at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-DELETEUSER-USERS"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-DELETEUSER-USERS"})
return
}
}
@ -1261,7 +1336,11 @@ func main() {
return
}
secretKey := data["secretKey"].(string)
secretKey, ok := data["secretKey"].(string)
if !ok {
c.JSON(400, gin.H{"error": "Invalid JSON"})
return
}
_, id, err := getSession(secretKey)
if err != nil {
@ -1273,7 +1352,7 @@ func main() {
if err != nil {
if !errors.Is(err, sql.ErrNoRows) {
log.Println("[ERROR] Unknown in /api/sessions/list at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SESSIONS-LIST"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SESSIONS-LIST"})
return
}
}
@ -1281,7 +1360,7 @@ func main() {
err := rows.Close()
if err != nil {
log.Println("[ERROR] Unknown in /api/sessions/list rows close at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SESSIONS-LIST-ROWSCLOSE"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SESSIONS-LIST-ROWSCLOSE"})
return
}
}(rows)
@ -1291,7 +1370,7 @@ func main() {
var id, sessionId, device string
thisSession := false
if err := rows.Scan(&id, &sessionId, &device); err != nil {
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SESSIONS-LIST-SCAN"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SESSIONS-LIST-SCAN"})
return
}
if sessionId == secretKey {
@ -1301,7 +1380,7 @@ func main() {
dataTemplate = append(dataTemplate, template)
}
if err := rows.Err(); err != nil {
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SESSIONS-LIST-ERR"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SESSIONS-LIST-ERR"})
return
}
@ -1316,8 +1395,16 @@ func main() {
return
}
secretKey := data["secretKey"].(string)
sessionId := data["sessionId"].(string)
secretKey, ok := data["secretKey"].(string)
if !ok {
c.JSON(400, gin.H{"error": "Invalid JSON"})
return
}
sessionId, ok := data["sessionId"].(string)
if !ok {
c.JSON(400, gin.H{"error": "Invalid JSON"})
return
}
_, id, err := getSession(secretKey)
if err != nil {
@ -1331,7 +1418,7 @@ func main() {
c.JSON(422, gin.H{"error": "SessionID Not found"})
} else {
log.Println("[ERROR] Unknown in /api/sessions/remove at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SESSIONS-REMOVE"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-SESSIONS-REMOVE"})
}
} else {
c.JSON(200, gin.H{"success": "true"})
@ -1346,14 +1433,18 @@ func main() {
return
}
masterKey := data["masterKey"].(string)
masterKey, ok := data["masterKey"].(string)
if !ok {
c.JSON(400, gin.H{"error": "Invalid JSON"})
return
}
if masterKey == SECRET_KEY {
if masterKey == SecretKey {
rows, err := conn.Query("SELECT * FROM users ORDER BY id DESC")
if err != nil {
if !errors.Is(err, sql.ErrNoRows) {
log.Println("[ERROR] Unknown in /api/listusers at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTUSERS-QUERY"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTUSERS-QUERY"})
return
}
}
@ -1361,7 +1452,7 @@ func main() {
err := rows.Close()
if err != nil {
log.Println("[ERROR] Unknown in /api/listusers rows close at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTUSERS-ROWSCLOSE"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTUSERS-ROWSCLOSE"})
return
}
}(rows)
@ -1370,14 +1461,14 @@ func main() {
for rows.Next() {
var id, username string
if err := rows.Scan(&id, &username); err != nil {
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTUSERS-SCAN"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTUSERS-SCAN"})
return
}
template := map[string]interface{}{"id": id, "username": username}
datatemplate = append(datatemplate, template)
}
if err := rows.Err(); err != nil {
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTUSERS-ERR"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-LISTUSERS-ERR"})
return
}
@ -1389,14 +1480,14 @@ func main() {
mod, err := BigIntToBase64URL(modulus)
if err != nil {
log.Println("[ERROR] Unknown in /well-known/jwks.json modulus at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-JWKS-MODULUS"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-JWKS-MODULUS"})
return
}
exp, err := Int64ToBase64URL(int64(exponent))
if err != nil {
log.Println("[ERROR] Unknown in /well-known/jwks.json exponent at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-JWKS-EXPONENT"})
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://concord.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-JWKS-EXPONENT"})
return
}
keys := gin.H{
@ -1405,7 +1496,7 @@ func main() {
"kty": "RSA",
"alg": "RS256",
"use": "sig",
"kid": "burgerauth",
"kid": keyid,
"n": mod,
"e": exp,
},
@ -1416,8 +1507,8 @@ func main() {
})
log.Println("[INFO] Server started at", time.Now().Unix())
log.Println("[INFO] Welcome to Burgerauth! Today we are running on IP " + HOST + " on port " + strconv.Itoa(PORT) + ".")
err = router.Run(HOST + ":" + strconv.Itoa(PORT))
log.Println("[INFO] Welcome to Burgerauth! Today we are running on IP " + Host + " on port " + strconv.Itoa(Port) + ".")
err = router.Run(Host + ":" + strconv.Itoa(Port))
if err != nil {
log.Fatalln("[FATAL] Server failed to begin operations at", time.Now().Unix(), err)
}

101
static/css/style.css
View File

@ -1,23 +1,15 @@
@import url("../fonts/inter.css");
:root {
--contrast: #eee;
--contrast2: #fff;
--invertdm: 0%;
--bar: #f4f4f4;
--editor: #ffffff;
--text-color: #000000;
--editor: #ffffff;
--bar: #f4f4f4;
--border-color: #dadada;
--theme-color: #157efb;
--theme-text-color: #ffffff;
--exit-color: #e9e9e9;
--session-color: #f4f4f4;
--note-button: #ffffff;
--note-button-text-color: #ffffff;
--unselected-note-button-text-color: #000000;
--option-background: #ffffff;
--invert: 100%;
--bottomBarHover: #e4e4e4;
--hover-theme-color: #4990e7;
--nonimporant-theme-color: #4A4A4A;
--hover-nonimportant-theme-color: #595959;
}
/* dark mode */
@ -25,22 +17,10 @@
@media (prefers-color-scheme: dark) {
:root {
--invertdm: 100%;
--contrast: #2d2f21;
--contrast2: #2d2f21;
--bar: #2d2f31;
--editor: #202124;
--text-color: #ffffff;
--editor: #1E1E1E;
--border-color: #393b3d;
--theme-color: #157efb;
--theme-text-color: #ffffff;
--exit-color: #454649;
--session-color: #2d2f31;
--note-button: #202124;
--note-button-text-color: #ffffff;
--unselected-note-button-text-color: #ffffff;
--option-background: #202124;
--invert: 100%;
--bottomBarHover: #e4e4e4;
}
.inoutdiv p {
@ -96,22 +76,57 @@ input {
border-color: var(--border-color);
border-width: 1px;
border-radius: 8px;
min-width: 20px;
}
@media only screen and (max-width: 600px) {
body {
background-color: var(--bar);
}
.inoutdiv {
position: absolute;
top: 0;
left: 0;
right: 0;
border-radius: 0;
min-width: 100%;
min-height: 100%;
transform: none;
padding: 5px;
overflow-y: auto;
overflow-x: auto;
margin: 0;
border: 0;
}
.inoutdiv p {
font-size: 14px;
}
.inoutdiv h2 {
font-size: 21px;
}
.background {
display: none;
}
.inoutdiv input {
width: calc(100% - 32px);
}
}
.inoutdiv button {
background-color: var(--theme-color);
color: white;
padding: 10px;
margin-right: 5px;
padding-left: 20px;
padding-right: 20px;
padding: 10px 20px;
border: none;
border-radius: 8px;
border-radius: 25px;
font-size: 14px;
transition: 0.125s;
}
.inoutdiv img {
min-width: 200px;
max-width: 100%;
border-radius: 20px;
background-color: white;
}
.iframe {
@ -188,7 +203,16 @@ button {
}
button:hover {
background-color: #152efb;
background-color: var(--hover-theme-color);
transition: all 0.3s ease 0s;
}
.unimportant {
var(--nonimporant-theme-color);
}
.unimportant:hover {
background-color: var(--hover-nonimportant-theme-color);
transition: all 0.3s ease 0s;
}
@ -208,7 +232,14 @@ h2 {
z-index: -2;
top: 0;
width: 100%;
min-height: 100%;
height: 100%;
object-fit: cover;
-webkit-user-drag: none;
user-select: none;
-moz-user-select: none;
-webkit-user-select: none;
-ms-user-select: none;
pointer-events: none;
}
.hidden {

BIN
static/img/background.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.7 MiB

29
static/js/aeskeyshare.js
View File

@ -1,28 +1 @@
window.addEventListener("message", function(event) {
const access_token = event.data;
fetch("https://auth.hectabit.org/api/loggedin", {
method: "POST",
body: JSON.stringify({
access_token: access_token
})
})
.then((response) => response)
.then((response) => {
async function doStuff() {
let responseData = await response.json()
if (response.status === 200) {
console.log("Key is valid")
let key = localStorage.getItem("DONOTSHARE-password").concat(responseData["appId"]);
for (let i = 0; i < 128; i++) {
key = await hashwasm.sha3(key)
}
parent.window.postMessage(key, "*")
}
console.log("Alive check!")
}
console.log("Running doStuff")
doStuff();
})
console.log("The script is running!")
});
// To be implemented in the future

1826
static/js/crypto-js.js
View File

File diff suppressed because it is too large Load Diff

2
static/js/dashboard.js
View File

@ -11,7 +11,7 @@ if (remote == null) {
function attempt() {
if (document.getElementById("appidbox").value != "") {
if (document.getElementById("appidbox").value !== "") {
fetch(origin + "/api/newauth", {
method: "POST",
headers: {

103
static/js/login.js
View File

@ -9,12 +9,6 @@ if (localStorage.getItem("DONOTSHARE-password") !== null) {
throw new Error();
}
let remote = localStorage.getItem("homeserverURL")
if (remote == null) {
localStorage.setItem("homeserverURL", "https://auth.hectabit.org")
remote = "https://auth.hectabit.org"
}
let usernameBox = document.getElementById("usernameBox")
let passwordBox = document.getElementById("passwordBox")
let statusBox = document.getElementById("statusBox")
@ -28,20 +22,26 @@ inputNameBox.innerText = "Username:"
let currentInputType = 0
function showInput(inputType) {
if (inputType == 0) {
if (inputType === 0) {
usernameBox.classList.remove("hidden")
passwordBox.classList.add("hidden")
backButton.classList.add("hidden")
inputNameBox.innerText = "Username:"
statusBox.innerText = "Login to your Hectabit account!"
currentInputType = 0
} else if (inputType == 1) {
let serviceName
fetch("/api/servicename")
.then((response) => response.json())
.then((response) => {
serviceName = response["name"]
statusBox.innerText = "Login to your " + serviceName + " account!"
currentInputType = 0
})
} else if (inputType === 1) {
usernameBox.classList.add("hidden")
passwordBox.classList.remove("hidden")
backButton.classList.remove("hidden")
inputNameBox.innerText = "Password:"
currentInputType = 1
} else if (inputType == 2) {
} else if (inputType === 2) {
usernameBox.classList.add("hidden")
passwordBox.classList.add("hidden")
signupButton.classList.add("hidden")
@ -75,9 +75,9 @@ document.addEventListener('DOMContentLoaded', function() {
document.getElementById("homeserver").innerText = "Your homeserver is: " + remote + ". "
});
signupButton.addEventListener("click", (event) => {
signupButton.addEventListener("click", () => {
if (passwordBox.classList.contains("hidden")) {
if (usernameBox.value == "") {
if (usernameBox.value === "") {
statusBox.innerText = "A username is required!"
return
} else {
@ -89,7 +89,7 @@ signupButton.addEventListener("click", (event) => {
let username = usernameBox.value
let password = passwordBox.value
if (password == "") {
if (password === "") {
statusBox.innerText = "A password is required!"
return
}
@ -98,28 +98,15 @@ signupButton.addEventListener("click", (event) => {
showElements(true)
statusBox.innerText = "Signing in..."
async function hashpassold(pass) {
const key = await hashwasm.argon2id({
password: pass,
salt: await hashwasm.sha512(pass),
parallelism: 1,
iterations: 256,
memorySize: 512,
hashLength: 32,
outputType: "encoded"
});
return key
};
async function hashpass(pass) {
let key = pass
for (let i = 0; i < 128; i++) {
key = await hashwasm.sha3(key)
}
return key
};
}
fetch(remote + "/api/login", {
fetch("/api/login", {
method: "POST",
body: JSON.stringify({
username: username,
@ -135,51 +122,17 @@ signupButton.addEventListener("click", (event) => {
.then((response) => {
async function doStuff() {
let responseData = await response.json()
if (response.status == 200) {
if (response.status === 200) {
localStorage.setItem("DONOTSHARE-secretkey", responseData["key"])
localStorage.setItem("DONOTSHARE-password", await hashwasm.sha512(password))
window.location.href = "/app" + window.location.search
}
else if (response.status == 401) {
console.log("Trying oldhash")
fetch(remote + "/api/login", {
method: "POST",
body: JSON.stringify({
username: username,
password: await hashpassold(password),
passwordchange: "yes",
newpass: await hashpass(password)
}),
headers: {
"Content-Type": "application/json; charset=UTF-8"
}
})
.then((response) => response)
.then((response) => {
async function doStuff2() {
let responseData = await response.json()
if (response.status == 200) {
localStorage.setItem("DONOTSHARE-secretkey", responseData["key"])
localStorage.setItem("DONOTSHARE-password", await hashwasm.sha512(password))
window.location.href = "/app" + window.location.search
}
else if (response.status == 401) {
statusBox.innerText = "Wrong username or password..."
showInput(1)
showElements(true)
}
else {
statusBox.innerText = "Something went wrong! (error code: " + response.status + ")"
showInput(1)
showElements(true)
}
}
doStuff2()
});
}
else {
else if (response.status === 401) {
statusBox.innerText = "Wrong username or password..."
showInput(1)
showElements(true)
} else {
statusBox.innerText = "Something went wrong! (error code: " + response.status + ")"
showInput(1)
showElements(true)
@ -192,7 +145,7 @@ signupButton.addEventListener("click", (event) => {
}
});
backButton.addEventListener("click", (event) => {
backButton.addEventListener("click", () => {
showInput(0)
});
@ -201,15 +154,13 @@ showInput(0)
document.getElementById("signuprdirButton").addEventListener("click", function(event) {
event.preventDefault();
var queryString = window.location.search;
var newURL = "/signup" + queryString;
window.location.href = newURL;
const queryString = window.location.search;
window.location.href = "/signup" + queryString;
});
document.getElementById("privacyButton").addEventListener("click", function(event) {
event.preventDefault();
var queryString = window.location.search;
var newURL = "/privacy" + queryString;
window.location.href = newURL;
const queryString = window.location.search;
window.location.href = "/privacy" + queryString;
});

58
static/js/main.js Normal file
View File

@ -0,0 +1,58 @@
let client_id, redirect_uri, response_type, state, code, codemethod, secret_key, expires, nonce;
if (localStorage.getItem("DONOTSHARE-secretkey") === null) {
window.location.replace("/login" + window.location.search)
document.body.innerHTML = "Redirecting..."
throw new Error();
}
document.addEventListener("DOMContentLoaded", function() {
const urlParams = new URLSearchParams(window.location.search);
const statusBox = document.getElementById("statusBox");
// Get URL parameters
if (urlParams.has('client_id')) {
client_id = urlParams.get('client_id')
let name = document.getElementById("passthrough").innerText;
statusBox.textContent = "Would you like to allow " + name + " to access your user information?";
redirect_uri = urlParams.get('redirect_uri');
response_type = urlParams.get('response_type');
} else {
window.location.replace("/dashboard");
document.body.innerHTML = "Redirecting..."
throw new Error();
}
state = urlParams.has('state') ? urlParams.get('state') : "none";
if (urlParams.has('code_challenge')) {
code = urlParams.get('code_challenge');
codemethod = urlParams.get('code_challenge_method');
} else {
code = "none";
codemethod = "none";
}
if (urlParams.has('nonce')) {
nonce = urlParams.get('nonce');
} else {
nonce = "none";
}
// Get DONOTSHARE-secretkey from localStorage
secret_key = localStorage.getItem("DONOTSHARE-secretkey");
const now = new Date();
const expireTime = now.getTime() + (21 * 1000); // 21 seconds from now
expires = new Date(expireTime).toUTCString();
});
function deny() {
document.cookie = "key=" + secret_key + "; expires=" + expires + "; path=/; SameSite=Strict";
// Redirect to the redirect_uri so that an open redirect is not possible
window.location.replace("/api/auth?client_id=" + client_id + "&redirect_uri=" + redirect_uri + "&code_challenge_method=" + codemethod + "&code_challenge=" + code + "&state=" + state + "&nonce=" + nonce + "&deny=true");
}
function oauth() {
document.cookie = "key=" + secret_key + "; expires=" + expires + "; path=/; SameSite=Strict";
window.location.replace("/api/auth?client_id=" + client_id + "&redirect_uri=" + redirect_uri + "&code_challenge_method=" + codemethod + "&code_challenge=" + code + "&state=" + state + "&nonce=" + nonce + "&deny=false");
}

12
static/js/signup.js
View File

@ -9,12 +9,6 @@ if (localStorage.getItem("DONOTSHARE-password") !== null) {
throw new Error();
}
let remote = localStorage.getItem("homeserverURL")
if (remote == null) {
localStorage.setItem("homeserverURL", "https://auth.hectabit.org")
remote = "https://auth.hectabit.org"
}
let usernameBox = document.getElementById("usernameBox")
let passwordBox = document.getElementById("passwordBox")
let statusBox = document.getElementById("statusBox")
@ -35,10 +29,6 @@ function showElements(yesorno) {
}
}
document.addEventListener('DOMContentLoaded', function() {
document.getElementById("homeserver").innerText = "Your homeserver is: " + remote + ". "
});
signupButton.addEventListener("click", () => {
async function doStuff() {
let username = usernameBox.value
@ -78,7 +68,7 @@ signupButton.addEventListener("click", () => {
}
fetch(remote + "/api/signup", {
fetch("/api/signup", {
method: "POST",
body: JSON.stringify({
username: username,

2
templates/acct.html
View File

@ -3,7 +3,7 @@
<head>
<link rel="stylesheet" href="/static/css/style.css" media="">
<script src="/static/js/dashboard.js"></script>
<title>Dashboard</title>
<title>User settings - {{ .identifier }}</title>
</head>
<body style="background-color: transparent;">
<script>

13
templates/aeskeyshare.html
View File

@ -1,12 +1 @@
<!DOCTYPE html>
<html lang="en">
<head>
<title>Burgerauth</title>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<link rel="icon" href="/static/svg/favicon.svg">
<script src="/static/js/hash-wasm.js"></script>
</head>
<p>Sending key...</p>
<script src="/static/js/aeskeyshare.js"></script>
To be implemented

5
templates/dashboard.html
View File

@ -3,11 +3,10 @@
<head>
<link rel="stylesheet" href="/static/css/style.css" media="">
<script src="/static/js/dashboard.js"></script>
<title>Dashboard</title>
<title>Dashboard - {{ .identifier }}</title>
</head>
<body>
<p class="credit">Image by perga (@pergagreen on discord)</p>
<img src="/static/img/background.jpg" class="background" alt="">
<img src="/static/img/background.png" class="background" alt="">
<div style="position: fixed;top: 5px;"><button onclick="document.getElementById('iframe').classList.toggle('hidden');" class="acctbutton">Account</button><iframe id="iframe" src="/account" class="iframe hidden"></iframe></div>
<div class="newoauth">
<h2>Submit a new OAuth2 App</h2>

9
templates/login.html
View File

@ -2,7 +2,7 @@
<html lang="en">
<head>
<title>Login - Burgerauth</title>
<title>Login - {{ .identifier }}</title>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
@ -12,8 +12,7 @@
</head>
<body>
<p class="credit">Image by perga (@pergagreen on discord)</p>
<img src="/static/img/background.jpg" class="background" alt="">
<img src="/static/img/background.png" class="background" alt="">
<div class="inoutdiv">
<h2 class="w300">Login</h2>
<p id="statusBox"></p>
@ -21,11 +20,11 @@
<input id="usernameBox" class="hidden" type="text" placeholder="Enter your username">
<input id="passwordBox" class="hidden" type="password" placeholder="Enter your password">
<button id="signupButton">Next</button>
<button id="backButton" class="hidden">Back</button>
<button id="backButton" class="hidden unimportant">Back</button>
<br>
<br>
<p>Don't have an account? If so, <a href="/signup" id="signuprdirButton">Create one here!</a></p>
<a href="https://centrifuge.hectabit.org/Paperwork/Burgerauth/src/commit/ee82f454e69fef5fdf8b8a005f5759fc17e8d8c9/Privacy.md" id="privacyButton">Privacy &amp; Terms</a>
<a href="{{ .privacy }}" id="privacyButton">Privacy &amp; Terms</a>
</div>
<script type="text/javascript" src="../static/js/login.js"></script>

3
templates/logout.html
View File

@ -2,7 +2,7 @@
<html lang="en">
<head>
<title>Burgerauth</title>
<title>Log out - {{ .identifier }}</title>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<link rel="icon" href="/static/svg/favicon.svg">
@ -11,6 +11,5 @@
<script>
localStorage.removeItem("DONOTSHARE-secretkey")
localStorage.removeItem("DONOTSHARE-password")
localStorage.removeItem("CACHE-username")
window.location.replace("/login")
</script>

66
templates/main.html
View File

@ -1,78 +1,18 @@
<html lang="en">
<head>
<title>Authorize application</title>
<title>Authorize application - {{ .identifier }}</title>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link rel="stylesheet" type="text/css" href="/static/css/style.css" media="">
<script src="/static/js/hash-wasm.js"></script>
<link rel="icon" href="/static/svg/favicon.svg">
<script>
let client_id, redirect_uri, response_type, state, code, codemethod, secret_key, expires, nonce;
if (localStorage.getItem("DONOTSHARE-secretkey") === null) {
window.location.replace("/login" + window.location.search)
document.body.innerHTML = "Redirecting..."
throw new Error();
}
document.addEventListener("DOMContentLoaded", function() {
const urlParams = new URLSearchParams(window.location.search);
const statusBox = document.getElementById("statusBox");
// Get URL parameters
if (urlParams.has('client_id')) {
client_id = urlParams.get('client_id')
let name = document.getElementById("passthrough").innerText;
statusBox.textContent = "Would you like to allow " + name + " to access your user information?";
redirect_uri = urlParams.get('redirect_uri');
response_type = urlParams.get('response_type');
} else {
window.location.replace("/dashboard");
document.body.innerHTML = "Redirecting..."
throw new Error();
}
state = urlParams.has('state') ? urlParams.get('state') : "none";
if (urlParams.has('code_challenge')) {
code = urlParams.get('code_challenge');
codemethod = urlParams.get('code_challenge_method');
} else {
code = "none";
codemethod = "none";
}
if (urlParams.has('nonce')) {
nonce = urlParams.get('nonce');
} else {
nonce = "none";
}
// Get DONOTSHARE-secretkey from localStorage
secret_key = localStorage.getItem("DONOTSHARE-secretkey");
const now = new Date();
const expireTime = now.getTime() + (21 * 1000); // 21 seconds from now
expires = new Date(expireTime).toUTCString();
});
function deny() {
document.cookie = "key=" + secret_key + "; expires=" + expires + "; path=/; SameSite=Strict";
// Redirect to the redirect_uri so that an open redirect is not possible
window.location.replace("/api/auth?client_id=" + client_id + "&redirect_uri=" + redirect_uri + "&code_challenge_method=" + codemethod + "&code_challenge=" + code + "&state=" + state + "&nonce=" + nonce + "&deny=true");
}
function oauth() {
document.cookie = "key=" + secret_key + "; expires=" + expires + "; path=/; SameSite=Strict";
window.location.replace("/api/auth?client_id=" + client_id + "&redirect_uri=" + redirect_uri + "&code_challenge_method=" + codemethod + "&code_challenge=" + code + "&state=" + state + "&nonce=" + nonce + "&deny=false");
}
</script>
<script src="/static/js/main.js"></script>
</head>
<body>
<p id="passthrough" style="display: none;">{{ .name }}</p>
<p class="credit">Image by perga (@pergagreen on discord)</p>
<img src="/static/img/background.jpg" class="background" alt="">
<img src="/static/img/background.png" class="background" alt="">
<div style="position: fixed;top: 5px;"><button onclick="document.getElementById('iframe').classList.toggle('hidden');" class="acctbutton">Account</button><iframe id="iframe" src="/account" class="iframe hidden"></iframe></div>
<div class="inoutdiv">
<h2 class="w300">Authorise Application</h2>

10
templates/openid.html
View File

@ -1,9 +1,9 @@
{
"issuer": "https://auth.hectabit.org",
"authorization_endpoint": "https://auth.hectabit.org/login",
"token_endpoint": "https://auth.hectabit.org/api/tokenauth",
"userinfo_endpoint": "https://auth.hectabit.org/userinfo",
"jwks_uri": "https://auth.hectabit.org/.well-known/jwks.json",
"issuer": "{{ .hostName }}",
"authorization_endpoint": "{{ .hostName }}/login",
"token_endpoint": "{{ .hostName }}/api/tokenauth",
"userinfo_endpoint": "{{ .hostName }}/userinfo",
"jwks_uri": "{{ .hostName }}/.well-known/jwks.json",
"response_types_supported": ["code"],
"subject_types_supported": ["public"]
}

9
templates/signup.html
View File

@ -2,7 +2,7 @@
<html lang="en">
<head>
<title>Signup - Burgerauth</title>
<title>Signup - {{ .identifier }}</title>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
@ -12,12 +12,11 @@
</head>
<body>
<p class="credit">Image by perga (@pergagreen on discord)</p>
<p style="display: none;" id="passthrough">{{ .unique_token }}</p>
<img src="/static/img/background.jpg" class="background" alt="">
<img src="/static/img/background.png" class="background" alt="">
<div class="inoutdiv">
<h2 class="w300">Signup</h2>
<p>Signup for an account</p>
<p>Signup to {{ .identifier }}!</p>
<p id="statusBox"></p>
<input id="usernameBox" type="text" placeholder="Username">
<input id="passwordBox" type="password" placeholder="Password">
@ -27,7 +26,7 @@
<button id="signupButton">Signup</button><br><br>
<p>Already have an account? If so, <a href="/login" id="loginButton">Login</a> instead!</p>
<p>Please note that it's impossible to reset your password, do not forget it!</p>
<a href="https://centrifuge.hectabit.org/Paperwork/Burgerauth/src/commit/ee82f454e69fef5fdf8b8a005f5759fc17e8d8c9/Privacy.md" id="privacyButton">Privacy &amp; Terms</a>
<a href="{{ .privacy }}" id="privacyButton">Privacy &amp; Terms</a>
</div>
<script type="text/javascript" src="../static/js/signup.js"></script>
</body>