From f388ff86a5ac20d98e57ef93d6312402684df080 Mon Sep 17 00:00:00 2001
From: Arzumify <jliwin98@hectabit.org>
Date: Wed, 15 May 2024 19:45:36 +0100
Subject: [PATCH] Beta migration

---
 main                        |  88 +++++++++++++++++--
 templates/migrate.html      | 151 ++++++++++++++++++++++++++++++++
 templates/migrate.html.save | 169 ++++++++++++++++++++++++++++++++++++
 templates/oauth.html        |  33 ++++++-
 templates/signup.html       |   3 -
 5 files changed, 431 insertions(+), 13 deletions(-)
 create mode 100644 templates/migrate.html
 create mode 100644 templates/migrate.html.save

diff --git a/main b/main
index ec3e571..1bee844 100644
--- a/main
+++ b/main
@@ -109,6 +109,14 @@ def check_username_taken(username):
         return "error"
     return post["id"]
 
+def check_sub_taken(sub):
+    conn = get_db_connection()
+    post = conn.execute("SELECT * FROM users WHERE password = ?",
+                       	(str("OAUTH-" + sub),)).fetchone()
+    conn.close()
+    if post is None:
+        return "error"
+    return post["id"]
 
 def get_session(id):
     conn = get_db_connection()
@@ -387,22 +395,54 @@ async def apilogin():
             "error": "https://http.cat/images/400.jpg"
         }, 400
 
+@app.route("/api/migrate", methods=("GET", "POST"))
+async def migrate():
+    usersession = request.cookies.get("session_DO_NOT_SHARE")
+    if request.method == "POST":
+        data = await request.get_json()
+        sub = data["sub"]
+        password = data["access_token"]
+        userCookie = get_session(usersession)
+        user = get_user(userCookie["id"])
+        if user == "error":
+            return { "error": "User doesn't exist" }, 403
+
+        conn = get_db_connection()
+        subdata = '{"access_token":"' + password + '"}'
+        response = requests.post("https://auth.hectabit.org/api/uniqueid", subdata)
+        if response.status_code == 200:
+            data = response.json()
+            conn.execute("UPDATE users SET password = ? WHERE id = ?",
+                (str("OAUTH-" + data['uniqueid']), user["id"]))
+        else:
+            return {"error": response.json()["error"]}, response.status_code
+        conn.commit()
+        conn.close()
+        return {"success": "true"}, 200
+
 @app.route("/api/oauth", methods=("GET", "POST"))
 async def apioauth():
     if request.method == "POST":
         data = await request.get_json()
         username = data["username"]
+        sub = data["sub"]
         password = data["access_token"]
 
         conn = get_db_connection()
         subdata = '{"access_token":"' + password + '"}'
         response = requests.post("https://auth.hectabit.org/api/loggedin", subdata)
         if response.status_code == 200:
-            userID = check_username_taken(username)
+            userID = check_sub_taken(sub)
             user = get_user(userID)
             if user == "error":
-                conn.execute("INSERT INTO users (username, password, created, htmldescription) VALUES (?, ?, ?, ?)",
-                     (username, "OAUTH2", str(time.time()), ""))
+                userID = check_username_taken(username)
+                user = get_user(userID)
+                if user == "error":
+                    conn.execute("INSERT INTO users (username, password, created, htmldescription) VALUES (?, ?, ?, ?)",
+                         (username, str("OAUTH-" + sub), str(time.time()), ""))
+                else:
+                    if user["password"] != "OAUTH-" + sub:
+                        return {"error": "Migration required or username taken"}, 422
         else:
             return {"error": response.json()["error"]}, response.status_code
 
@@ -497,7 +537,7 @@ async def comment():
             data = await request.get_json()
             uid = data["id"]
             title = data["title"]
-            
+
             userCookie = get_session(usersession)
             user = get_user(userCookie["id"])
 
@@ -553,6 +593,38 @@ async def cdn(filename):
     else:
         return "file doesn't exist!!"
 
+@app.route("/legacysignup", methods=("GET", "POST"))
+async def legacysignup():
+    usersession = request.cookies.get("session_DO_NOT_SHARE")
+    if usersession:
+        return redirect(url_for("main"))
+    if request.method == "POST":
+        requestData = await request.form
+
+        if not check_username_taken(requestData["username"]) == "error":
+            await flash("Username already taken :3")
+            return redirect(url_for("signup"))
+
+        if not requestData["username"].isalnum():
+            await flash("Username must be alphanumeric :3")
+            return redirect(url_for("signup"))
+
+        if not len(requestData["password"]) > int(PASSWORD_REQUIREMENT):
+            await flash("Password must contain at least " + PASSWORD_REQUIREMENT + " characters")
+            return redirect(url_for("signup"))
+
+        hashedpassword = generate_password_hash(requestData["password"])
+
+        conn = get_db_connection()
+        conn.execute("INSERT INTO users (username, password, created, htmldescription) VALUES (?, ?, ?, ?)",
+                     (requestData["username"], hashedpassword, str(time.time()), ""))
+        conn.commit()
+        conn.close()
+
+        return redirect(url_for("login"))
+    else:
+        return await render_template("signup.html")
+
 @app.route("/signup", methods=("GET", "POST"))
 async def signup():
     usersession = request.cookies.get("session_DO_NOT_SHARE")
@@ -602,7 +674,11 @@ async def login():
 
 @app.route("/oauth", methods=("GET", "POST"))
 async def oauth():
-    return await render_template("oauth.html")
+    legacymigrate = request.cookies.get("legacy_migrate")
+    if legacymigrate != "1":
+        return await render_template("oauth.html")
+    else:
+        return await render_template("migrate.html")
 
 @app.route("/settings", methods=("GET", "POST"))
 async def settings():
@@ -673,7 +749,7 @@ async def logout():
     resp = redirect(url_for("main"))
     session = request.cookies.get("session_DO_NOT_SHARE")
     resp.delete_cookie("session_DO_NOT_SHARE")
-
+    resp.delete_cookie("prefuser")
     return resp
 
 @app.errorhandler(500)
diff --git a/templates/migrate.html b/templates/migrate.html
new file mode 100644
index 0000000..46836ba
--- /dev/null
+++ b/templates/migrate.html
@@ -0,0 +1,151 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <link rel="stylesheet" type="text/css" href="/static/css/style.css">
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Login to Burgercat</title>
+</head>
+<body>
+    <div class="accountform">
+        <br>
+        <a href="/">back</a><br><br>
+        <h1 id="text">Migrate to Burgerauth</h1>
+        <button onclick="authorize()">Link a Burgerauth Account</button>
+    </div>
+    
+    <script>
+        function getCookie(name) {
+            var nameEQ = name + "=";
+            var ca = document.cookie.split(';');
+            for (var i = 0; i < ca.length; i++) {
+                var c = ca[i];
+                while (c.charAt(0) === ' ') c = c.substring(1, c.length);
+                if (c.indexOf(nameEQ) === 0) return c.substring(nameEQ.length, c.length);
+            }
+            return null;
+        }
+
+        // Configuration
+        const clientId = 'jT89GqLCqobN3pb6Rgkk0klDyicUbdjY';
+        const redirectUri = 'https://cat.hectabit.org/oauth';
+        const authorizationEndpoint = 'https://auth.hectabit.org/login';
+        const tokenEndpoint = 'https://auth.hectabit.org/api/tokenauth';
+        const userinfoEndpoint = 'https://auth.hectabit.org/userinfo'; // Added userinfo endpoint
+
+        // Generate a random code verifier
+        function generateCodeVerifier() {
+            const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~";
+            const length = 128;
+            return Array.from(crypto.getRandomValues(new Uint8Array(length)))
+                .map((x) => charset[x % charset.length])
+                .join("");
+        }
+
+        // Create a code challenge from the code verifier using SHA-256
+        async function createCodeChallenge(codeVerifier) {
+            const buffer = new TextEncoder().encode(codeVerifier);
+            const hashArrayBuffer = await crypto.subtle.digest('SHA-256', buffer);
+            const hashBase64 = btoa(String.fromCharCode(...new Uint8Array(hashArrayBuffer)))
+                .replace(/=/g, '')
+                .replace(/\+/g, '-')
+                .replace(/\//g, '_');
+            return hashBase64;
+        }
+
+        // Authorization function with PKCE
+        function authorize() {
+            const codeVerifier = generateCodeVerifier();
+            localStorage.setItem('codeVerifier', codeVerifier); // Store code verifier
+            createCodeChallenge(codeVerifier)
+                .then((codeChallenge) => {
+                    const authorizationUrl = `${authorizationEndpoint}?response_type=code&client_id=${clientId}&redirect_uri=${encodeURIComponent(redirectUri)}&code_challenge=${codeChallenge}&code_challenge_method=S256`;
+                    window.location.href = authorizationUrl;
+                })
+                .catch((error) => {
+                    console.error('Error generating code challenge:', error);
+                });
+        }
+
+        // Parse the authorization code from the URL
+        function parseCodeFromUrl() {
+            const urlParams = new URLSearchParams(window.location.search);
+            return urlParams.get('code');
+        }
+
+        // Exchange authorization code for access token
+        async function exchangeCodeForToken(code) {
+            const codeVerifier = localStorage.getItem('codeVerifier'); // Retrieve code verifier
+            const formData = new URLSearchParams();
+            formData.append('client_id', String(clientId));
+            formData.append('code', String(code));
+            formData.append('redirect_uri', String(redirectUri));
+            formData.append('grant_type', 'authorization_code');
+            formData.append('code_verifier', String(codeVerifier));
+
+            const response = await fetch(tokenEndpoint, {
+                method: 'POST',
+                headers: {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                },
+                body: formData
+            });
+
+            const data = await response.json();
+            const accessToken = data.access_token;
+            const idToken = data.id_token;
+
+            // Request userinfo with id_token in bearer format
+            fetch(userinfoEndpoint, {
+                headers: {
+                    "Authorization": `Bearer ${idToken}`
+                }
+            })
+            .then((response) => {
+                async function doStuff() {
+                    if (response.status == 200) {
+                        const userinfoData = await response.json();
+                        console.log("User:", userinfoData.name)
+                        console.log("Sub:", userinfoData.sub);
+                        document.getElementById("text").innerText = "Authenticating, " + userinfoData.name;
+                        fetch("https://cat.hectabit.org/api/migrate", {
+                            method: "POST",
+                            headers: {
+                                "Content-Type": "application/json"
+                            },
+                            body: JSON.stringify({
+                                sub: userinfoData.sub,
+                                access_token: data.access_token
+                            })
+                        })
+                        .then((response) => {
+                            async function doStuff2() {
+                                if (response.status == 200) {
+                                    window.location.replace("/")
+                                } else {
+                                    document.getElementById("text").innerText = "Failed: " + key["error"]
+                                }
+                            }
+                            doStuff2()
+                        });
+                    } else {
+                        document.getElementById("text").innerText = "Authentication failed"
+                    }
+                }
+                doStuff()
+            });
+        }
+
+        // Main function to handle OAuth2 flow
+        async function main() {
+            const code = parseCodeFromUrl();
+            if (code) {
+                await exchangeCodeForToken(code);
+            }
+        }
+
+        // Call the main function on page load
+        main();
+    </script>
+</body>
+</html>
diff --git a/templates/migrate.html.save b/templates/migrate.html.save
new file mode 100644
index 0000000..fa3e846
--- /dev/null
+++ b/templates/migrate.html.save
@@ -0,0 +1,169 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <link rel="stylesheet" type="text/css" href="/static/css/style.css">
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Login to Burgercat</title>
+</head>
+<body>
+    <div class="accountform">
+        <br>
+        <a href="/">back</a><br><br>
+        <h1 id="text">Migration</h1>
+        <button onclick="authorize()">Migrate to Burgerauth Account</button>
+    </div>
+    
+    <script>
+        function getCookie(name) {
+            var nameEQ = name + "=";
+            var ca = document.cookie.split(';');
+            for (var i = 0; i < ca.length; i++) {
+                var c = ca[i];
+                while (c.charAt(0) === ' ') c = c.substring(1, c.length);
+                if (c.indexOf(nameEQ) === 0) return c.substring(nameEQ.length, c.length);
+            }
+            return null;
+        }
+
+        // Configuration
+        const clientId = 'jT89GqLCqobN3pb6Rgkk0klDyicUbdjY';
+        const redirectUri = 'https://cat.hectabit.org/oauth';
+        const authorizationEndpoint = 'https://auth.hectabit.org/login';
+        const tokenEndpoint = 'https://auth.hectabit.org/api/tokenauth';
+        const userinfoEndpoint = 'https://auth.hectabit.org/userinfo'; // Added userinfo endpoint
+
+        // Generate a random code verifier
+        function generateCodeVerifier() {
+            const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~";
+            const length = 128;
+            return Array.from(crypto.getRandomValues(new Uint8Array(length)))
+                .map((x) => charset[x % charset.length])
+                .join("");
+        }
+
+        // Create a code challenge from the code verifier using SHA-256
+        async function createCodeChallenge(codeVerifier) {
+            const buffer = new TextEncoder().encode(codeVerifier);
+            const hashArrayBuffer = await crypto.subtle.digest('SHA-256', buffer);
+            const hashBase64 = btoa(String.fromCharCode(...new Uint8Array(hashArrayBuffer)))
+                .replace(/=/g, '')
+                .replace(/\+/g, '-')
+                .replace(/\//g, '_');
+            return hashBase64;
+        }
+
+
+        function cuser_authorize() {
+            document.cookie = "prefuser" + "=" + window.prompt("Choose your custom username (cannot be longer than 20 characters)") + "; expires=Session" + "; path=/" + "; samesite=Strict";
+            authorize()
+        }
+
+        // Authorization function with PKCE
+        function authorize() {
+            const codeVerifier = generateCodeVerifier();
+            localStorage.setItem('codeVerifier', codeVerifier); // Store code verifier
+            createCodeChallenge(codeVerifier)
+                .then((codeChallenge) => {
+                    const authorizationUrl = `${authorizationEndpoint}?response_type=code&client_id=${clientId}&redirect_uri=${encodeURIComponent(redirectUri)}&code_challenge=${codeChallenge}&code_challenge_method=S256`;
+                    window.location.href = authorizationUrl;
+                })
+                .catch((error) => {
+                    console.error('Error generating code challenge:', error);
+                });
+        }
+
+        // Parse the authorization code from the URL
+        function parseCodeFromUrl() {
+            const urlParams = new URLSearchParams(window.location.search);
+            return urlParams.get('code');
+        }
+
+        // Exchange authorization code for access token
+        async function exchangeCodeForToken(code) {
+            const codeVerifier = localStorage.getItem('codeVerifier'); // Retrieve code verifier
+            const formData = new URLSearchParams();
+            formData.append('client_id', String(clientId));
+            formData.append('code', String(code));
+            formData.append('redirect_uri', String(redirectUri));
+            formData.append('grant_type', 'authorization_code');
+            formData.append('code_verifier', String(codeVerifier));
+
+            const response = await fetch(tokenEndpoint, {
+                method: 'POST',
+                headers: {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                },
+                body: formData
+            });
+
+            const data = await response.json();
+            const accessToken = data.access_token;
+            const idToken = data.id_token;
+
+            // Request userinfo with id_token in bearer format
+            fetch(userinfoEndpoint, {
+                headers: {
+                    "Authorization": `Bearer ${idToken}`
+                }
+            })
+            .then((response) => {
+                async function doStuff() {
+                    if (response.status == 200) {
+                        const userinfoData = await response.json();
+                        console.log("User:", userinfoData.name)
+                        console.log("Sub:", userinfoData.sub);
+                        let preferreduser = userinfoData.name
+                        if (getCookie("prefuser") != "") {
+                            preferreduser = getCookie("prefuser")
+                        }
+                        document.getElementById("text").innerText = "Authenticating, " + userinfoData.name;
+                        fetch("https://cat.hectabit.org/api/migrate", {
+                            method: "POST",
+                            headers: {
+                                "Content-Type": "application/json"
+                            },
+                            body: JSON.stringify({
+                                username: preferreduser,
+                                access_token: data.access_token
+                            })
+                        })
+                        .then((response) => {
+                            async function doStuff2() {
+                                let key = await response.json()
+                                if (response.status == 200) {
+                                    document.cookie = "session_DO_NOT_SHARE" + "=" + (key["key"] || "") + "; expires=Session" + "; path=/" + "; samesite=Strict";
+                                    window.location.replace("/")
+                                } else if (response.status == 422) {
+                                    document.getElementById("text").innerText = "Username taken. Migrate or choose a new custom username!"
+                                } else {
+                                    document.getElementById("text").innerText = "Failed: " + key["error"]
+                                }
+                            }
+                            doStuff2()
+                        });
+                        localStorage.setItem("user", preferreduser)
+                    } else {
+                        document.getElementById("text").innerText = "Authentication failed"
+                    }
+                }
+                doStuff()
+            });
+        }
+
+        // Main function to handle OAuth2 flow
+        async function main() {
+            if (localStorage.getItem("user") !== null) {
+                document.getElementById("text").innerText = "Welcome back, " + localStorage.getItem("user")
+            }
+            const code = parseCodeFromUrl();
+            if (code) {
+                await exchangeCodeForToken(code);
+            }
+        }
+
+        // Call the main function on page load
+        main();
+    </script>
+</body>
+</html>
diff --git a/templates/oauth.html b/templates/oauth.html
index 766f45a..661d1a7 100644
--- a/templates/oauth.html
+++ b/templates/oauth.html
@@ -13,10 +13,23 @@
         <h1 id="text">Login to Burgercat</h1>
         <button onclick="authorize()">Log in with Burgerauth Account</button>
         <br><br>
+        <button onclick="cuser_authorize()">Log in with Burgerauth Account (custom username)</button>
+        <br><br>
         <button onclick="window.location.href = '/login'">Use legacy login</button>
     </div>
     
     <script>
+        function getCookie(name) {
+            var nameEQ = name + "=";
+            var ca = document.cookie.split(';');
+            for (var i = 0; i < ca.length; i++) {
+                var c = ca[i];
+                while (c.charAt(0) === ' ') c = c.substring(1, c.length);
+                if (c.indexOf(nameEQ) === 0) return c.substring(nameEQ.length, c.length);
+            }
+            return null;
+        }
+
         // Configuration
         const clientId = 'jT89GqLCqobN3pb6Rgkk0klDyicUbdjY';
         const redirectUri = 'https://cat.hectabit.org/oauth';
@@ -44,6 +57,12 @@
             return hashBase64;
         }
 
+
+        function cuser_authorize() {
+            document.cookie = "prefuser" + "=" + window.prompt("Choose your custom username (cannot be longer than 20 characters)") + "; expires=Session" + "; path=/" + "; samesite=Strict";
+            authorize()
+        }
+
         // Authorization function with PKCE
         function authorize() {
             const codeVerifier = generateCodeVerifier();
@@ -98,6 +117,10 @@
                         const userinfoData = await response.json();
                         console.log("User:", userinfoData.name)
                         console.log("Sub:", userinfoData.sub);
+                        let preferreduser = userinfoData.name
+                        if (getCookie("prefuser") != "") {
+                            preferreduser = getCookie("prefuser")
+                        }
                         document.getElementById("text").innerText = "Authenticating, " + userinfoData.name;
                         fetch("https://cat.hectabit.org/api/oauth", {
                             method: "POST",
@@ -105,8 +128,9 @@
                                 "Content-Type": "application/json"
                             },
                             body: JSON.stringify({
-                                username: userinfoData.name,
-                                access_token: data.access_token
+                                username: preferreduser,
+                                access_token: data.access_token,
+                                sub: userinfoData.sub
                             })
                         })
                         .then((response) => {
@@ -115,14 +139,15 @@
                                 if (response.status == 200) {
                                     document.cookie = "session_DO_NOT_SHARE" + "=" + (key["key"] || "") + "; expires=Session" + "; path=/" + "; samesite=Strict";
                                     window.location.replace("/")
+                                } else if (response.status == 422) {
+                                    document.getElementById("text").innerText = "Username taken. Migrate or choose a new custom username!"
                                 } else {
                                     document.getElementById("text").innerText = "Failed: " + key["error"]
                                 }
                             }
                             doStuff2()
                         });
-                        localStorage.setItem("user", userinfoData.name)
-                        localStorage.setItem("sub", userinfoData.sub)
+                        localStorage.setItem("user", preferreduser)
                     } else {
                         document.getElementById("text").innerText = "Authentication failed"
                     }
diff --git a/templates/signup.html b/templates/signup.html
index 5548fd5..da2bea9 100644
--- a/templates/signup.html
+++ b/templates/signup.html
@@ -10,9 +10,6 @@
 </head>
 
 <body>
-    <script>
-        window.location.replace("/oauth")
-    </script>
     <form class="accountform" method="post">
         <br>
         <a href="/">back</a>