enstrayed/enstrayedapi
1
0
Fork 0
Code Issues Pull Requests Projects Wiki Activity

working changes for new auth

Browse Source
This commit is contained in:
Enstrayed
2024-06-23 12:54:57 -07:00
parent 3b61566024
commit 8e769996e1
7 changed files with 121 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Caddyfile
View File

@@ -10,6 +10,7 @@
} }
handle @staticpaths { handle @staticpaths {
respond /favicon.ico 204
root ./etydFrontend root ./etydFrontend
file_server file_server
} }

58
etydFrontend/_static/etyd.js
View File

@@ -1,11 +1,22 @@
//Firefox check
window.onload = function() { window.onload = function() {
document.getElementById('resultfeed').value = "hii :3"
if (navigator.userAgent.includes("Firefox")) { if (navigator.userAgent.includes("Firefox")) {
document.getElementById('resultfeed').value += `\nClipboard functionality does not work on Firefox.` document.getElementById('resultfeed').value += `\nClipboard buttons only work on Firefox >127.`
document.getElementById('clipboard1').disabled = true
document.getElementById('clipboard2').disabled = true
} }
// Event listeners can only be added after the page is loaded
document.getElementById("actiondropdown").addEventListener("change", function() {
if (document.getElementById("actiondropdown").value === "POST") {
document.getElementById("randomizationtoggle").disabled = false
document.getElementById("valuefield").disabled = false
} else if (document.getElementById("actiondropdown").value === "DELETE") {
document.getElementById("randomizationtoggle").disabled = true
document.getElementById("randomizationtoggle").checked = false
randomUrlTick()
document.getElementById("valuefield").disabled = true
} else {
console.error("UI Code Error: Action dropdown event listener function reached impossible state")
}
})
} }
function makeRandomHex(amount) { function makeRandomHex(amount) {
@@ -19,6 +30,8 @@ function makeRandomHex(amount) {
return result return result
} }
function randomUrlTick() { function randomUrlTick() {
if (document.getElementById("randomizationtoggle").checked == true) { if (document.getElementById("randomizationtoggle").checked == true) {
document.getElementById("targetfield").disabled = true document.getElementById("targetfield").disabled = true
@@ -29,9 +42,9 @@ function randomUrlTick() {
} }
} }
function buttonCopyResult() { // function buttonCopyResult() {
navigator.clipboard.writeText(`${document.location.href}${document.getElementById("urlfield").value}`) // navigator.clipboard.writeText(`${document.location.href}${document.getElementById("urlfield").value}`)
} // }
function buttonFillFromClipboard() { function buttonFillFromClipboard() {
navigator.clipboard.readText().then(res => { navigator.clipboard.readText().then(res => {
@@ -39,9 +52,29 @@ function buttonFillFromClipboard() {
}) })
} }
function postData() { // Changes the buttons text to OK for 500ms for action feedback
fetch("http://nrdesktop:8081/etydwrite", { // "internal" in this context just means not called from the page
method: "POST", function internalButtonConfirmation(element) {
let normalValue = document.getElementById(element).innerHTML
document.getElementById(element).innerHTML = "Ok"
setTimeout(function() {
document.getElementById(element).innerHTML = normalValue
}, 500)
}
function buttonCopyUrl() {
navigator.clipboard.writeText(`this doesn't work rn lol`)
internalButtonConfirmation("buttonCopyUrl")
}
function buttonClearLog() {
document.getElementById("resultfeed").value = ""
internalButtonConfirmation("buttonClearLog")
}
function submitData() {
fetch(`http://nrdesktop:8081/etyd${document.getElementById("targetfield").value}`, {
method: document.getElementById("actiondropdown").value,
mode: "cors", mode: "cors",
headers: { headers: {
"Authorization": document.getElementById("authfield").value "Authorization": document.getElementById("authfield").value
@@ -57,5 +90,4 @@ function postData() {
}).catch(error => { }).catch(error => {
document.getElementById("resultfeed").value += `\nError: ${error}` document.getElementById("resultfeed").value += `\nError: ${error}`
}) })
} }

7
etydFrontend/_static/index.css
View File

@@ -11,6 +11,10 @@ body {
margin-right: 1em; margin-right: 1em;
} }
.marginbottom1em {
margin-bottom: 1em;
}
.resultfeed { .resultfeed {
height: 100%; height: 100%;
} }
@@ -30,7 +34,8 @@ body {
input, select, textarea, button { input, select, textarea, button {
background: none; background: none;
color: white; color: white;
border: 2px solid white; border: 1px solid white;
padding: 1px 2px;
} }
input:disabled, button:disabled { input:disabled, button:disabled {

75
etydFrontend/index.html
View File

@@ -1,3 +1,4 @@
<!DOCTYPE html>
<html lang="en"> <html lang="en">
<head> <head>
<meta charset="UTF-8"> <meta charset="UTF-8">
@@ -7,66 +8,44 @@
<title>etyd.cc</title> <title>etyd.cc</title>
</head> </head>
<body> <body>
<!--Title-->
<h1>etyd.cc URL Shortener</h1> <h1>etyd.cc URL Shortener</h1>
<hr>
<div class="flexbox"> <div class="flexbox"> <!--FLEXBOX: [Input Panel] [Log]-->
<div class="marginright1em"> <div class="marginright1em">
<!--Input-->
<label for="auth">Authorization:</label><br> <button class="marginbottom1em" id="loginbutton">Logout enstrayed</button>
<input type="password" id="authfield" data-bwautofill> <label>CTRL+Shift+L to Autofill</label><br>
<div class="marginbottom1em">
<label for="action">I want to </label>
<select name="action" id="actiondropdown">
<option value="POST">Add</option>
<option value="DELETE">Delete</option>
</select>
</div>
<label for="url">URL (API Target):</label><br> <div class="marginbottom1em">
<input type="text" id="targetfield"><input type="checkbox" id="randomizationtoggle" onclick="randomUrlTick()"> <label>Random</label><br> <label for="url">etyd.cc/</label>
<input type="text" id="targetfield"><input type="checkbox" id="randomizationtoggle" onclick="randomUrlTick()"> <label>Random</label>
</div>
<label for="value">Value (Redirect Target):</label><br> <div class="marginbottom1em">
<input type="text" id="valuefield"> <label for="value">to go to: </label>
<button onclick="buttonFillFromClipboard()" id="clipboard1">Clipboard</button><br> <input type="text" id="valuefield" placeholder="https://example.com">
<button onclick="buttonFillFromClipboard()" id="clipboard1">Clipboard</button>
</div>
<label for="action">Action:</label><br> <div class="marginbottom1em">
<select name="action" id="actiondropdown"> <button onclick="buttonSubmit()" id="buttonSubmit">Submit</button>
<option value="POST">Add</option> <button onclick="buttonCopyUrl()" id="buttonCopyUrl">Copy Shortened URL</button>
<option value="DELETE">Delete</option> <button onclick="buttonClearLog()" id="buttonClearLog">Clear Log</button>
</select> </div>
<button onclick="postData()">POST Data</button>
<button onclick="buttonCopyResult()" id="clipboard2">Copy Shortened URL</button>
<label id="copyconfirmation" style="display: none;">OK</label><br><br>
</div> </div>
<div> <div>
<textarea id="resultfeed" cols="50" class="resultfeed" readonly></textarea> <textarea id="resultfeed" cols="50" class="resultfeed" readonly></textarea>
</div> </div>
</div>
<hr>
<!--Details-->
<div class="flexbox">
<div class="marginright1em">
<h2>Instructions</h2>
<p>
1. Enter your API Key in the 'Authorization' field <br>
2. Enter the shortened URL you want to act upon under the 'URL' field<br>
3. Enter the URL that the user will be redirected to under the 'Value' field<br>
4. Change 'Action' depending if you want to create or delete a URL<br>
5. Press 'POST Data' to submit the form to the server
</p>
</div>
<div>
<h2>Status Code Reference</h2>
<p>
400: Bad Request - You will see this if you try and delete a non-existent URL<br>
401: Unauthorized - Did you enter your API key?<br>
409: Conflict - The entered URL already exists, tick 'Random' and try again<br>
500: Internal Server Error - If this happens something has gone very wrong<br>
502: Bad Gateway - If you see this the backend is down/unreachable by Caddy<br>
</p>
</div>
</div> </div>

36
liberals/auth.js Normal file
View File

@@ -0,0 +1,36 @@
const { globalConfig } = require("../index.js")
async function checkToken(token,scope) {
return await fetch(`http://${globalConfig.couchdb.host}/auth/sessions`, {
headers: {
"Authorization": `Basic ${btoa(globalConfig.couchdb.authorization)}`
}
}).then(fetchRes => {
// CouchDB should only ever return 200/304 for success so this should work
// https://docs.couchdb.org/en/stable/api/document/common.html#get--db-docid
if (fetchRes.status !== 200 || fetchRes.status !== 304) {
console.log(`ERROR: auth.js: Database request returned ${fetchRes.status}`)
return false
} else {
return fetchRes.json().then(dbRes => {
if (dbRes.sessions[token] == undefined) { // If the token is not on the sessions list then reject
return false
} else if (dbRes.sessions[token].scopes.includes(scope)) { // If the token is on the seesions list and includes the scope then accept
return true
} else { // Otherwise reject
return false
}
})
}
}).catch(error => {
console.log("ERROR: auth.js: " + error)
return false
})
}
module.exports = {checkToken}

12
routes/etyd.js
View File

@@ -1,5 +1,5 @@
const { app, globalConfig } = require("../index.js") // Get globals from index const { app, globalConfig } = require("../index.js") // Get globals from index
const { checkAuthorization } = require("../liberals/authorization.js") const { checkToken } = require("../liberals/auth.js")
app.get("/etyd*", (rreq,rres) => { app.get("/etyd*", (rreq,rres) => {
fetch(`http://${globalConfig.couchdb.host}/etyd${rreq.path.replace("/etyd","")}`, { fetch(`http://${globalConfig.couchdb.host}/etyd${rreq.path.replace("/etyd","")}`, {
@@ -30,9 +30,8 @@ app.delete("/etyd*", (rreq,rres) => {
if (rreq.get("Authorization") === undefined) { if (rreq.get("Authorization") === undefined) {
rres.sendStatus(400) rres.sendStatus(400)
} else { } else {
checkAuthorization(globalConfig.etyd.authKeysDoc,rreq.get("Authorization")).then(authRes => { checkToken(rreq.get("Authorization"),"etyd").then(authRes => {
if (authRes === false) { if (authRes === false) {
console.log(`${rreq.get("cf-connecting-ip")} DELETE ${rreq.path} returned 401`) // Log unauthorized requests
rres.sendStatus(401) rres.sendStatus(401)
} else if (authRes === true) { // Authorization successful } else if (authRes === true) { // Authorization successful
@@ -82,14 +81,12 @@ app.post("/etyd*", (rreq,rres) => {
if (rreq.get("Authorization") === undefined) { if (rreq.get("Authorization") === undefined) {
rres.sendStatus(400) rres.sendStatus(400)
} else { } else {
checkAuthorization(globalConfig.etyd.authKeysDoc,rreq.get("Authorization")).then(authRes => { checkToken(rreq.get("Authorization"),"etyd").then(authRes => {
if (authRes === false) { if (authRes === false) {
console.log(`${rreq.get("cf-connecting-ip")} POST ${rreq.path} returned 401`) // Log unauthorized requests
rres.sendStatus(401) rres.sendStatus(401)
} else if (authRes === true) { // Authorization successful } else if (authRes === true) { // Authorization successful
if (rreq.body["url"] == undefined) { if (rreq.body["url"] == undefined) {
console.log(`${rreq.get("cf-connecting-ip")} POST ${rreq.path} returned 400 KEY: ${rreq.get("Authorization")}`)
rres.sendStatus(400) rres.sendStatus(400)
} else { } else {
fetch(`http://${globalConfig.couchdb.host}/etyd${rreq.path.replace("/etyd", "")}`, { fetch(`http://${globalConfig.couchdb.host}/etyd${rreq.path.replace("/etyd", "")}`, {
@@ -106,12 +103,10 @@ app.post("/etyd*", (rreq,rres) => {
switch(dbRes.status) { switch(dbRes.status) {
case 409: case 409:
console.log(`${rreq.get("cf-connecting-ip")} POST ${rreq.path} returned 409 KEY: ${rreq.get("Authorization")}`)
rres.sendStatus(409) rres.sendStatus(409)
break; break;
case 201: case 201:
console.log(`${rreq.get("cf-connecting-ip")} POST ${rreq.path} returned 200 KEY: ${rreq.get("Authorization")}`)
rres.status(200).send(rreq.path.replace("/etyd", "")) rres.status(200).send(rreq.path.replace("/etyd", ""))
break; break;
@@ -132,5 +127,4 @@ app.post("/etyd*", (rreq,rres) => {
}) })
module.exports = {app} // export routes to be imported by index for execution module.exports = {app} // export routes to be imported by index for execution

7
routes/mailjet.js
View File

@@ -1,9 +1,9 @@
const { app, globalConfig } = require("../index.js") // Get globals from index const { app, globalConfig } = require("../index.js") // Get globals from index
const { checkAuthorization } = require("../liberals/authorization.js") const { checkToken } = require("../liberals/auth.js")
app.post("/sendemail", (rreq,rres) => { app.post("/sendemail", (rreq,rres) => {
checkAuthorization(globalConfig.mailjet.authKeysDoc,rreq.get("Authorization")).then(authRes => { checkToken(rreq.get("Authorization"),"mailjet").then(authRes => {
if (authRes === false) { // If the supplied authorization is invalid or an error occured if (authRes === false) { // If the supplied authorization is invalid or an error occured
console.log(`${rreq.get("cf-connecting-ip")} POST /sendemail returned 401`) // Log the request console.log(`${rreq.get("cf-connecting-ip")} POST /sendemail returned 401`) // Log the request
@@ -21,8 +21,7 @@ app.post("/sendemail", (rreq,rres) => {
"Messages": [ "Messages": [
{ {
"From": { "From": {
"Email": globalConfig.mailjet.senderAddress, "Email": globalConfig.mailjet.senderAddress
"Name": globalConfig.mailjet.senderName,
}, },
"To": [ "To": [
{ {