working changes for new auth

2024-06-23 12:54:57 -07:00
parent 3b61566024
commit 8e769996e1
7 changed files with 121 additions and 75 deletions
--- a/1
+++ b/1
@@ -10,6 +10,7 @@
    }

    handle @staticpaths {
+        respond /favicon.ico 204
        root ./etydFrontend
        file_server
    }
--- a/etydFrontend/_static/etyd.js
+++ b/etydFrontend/_static/etyd.js
@@ -1,11 +1,22 @@
-//Firefox check
 window.onload = function() {
-    document.getElementById('resultfeed').value = "hii :3"
    if (navigator.userAgent.includes("Firefox")) {
-        document.getElementById('resultfeed').value += `\nClipboard functionality does not work on Firefox.`
-        document.getElementById('clipboard1').disabled = true
-        document.getElementById('clipboard2').disabled = true
+        document.getElementById('resultfeed').value += `\nClipboard buttons only work on Firefox >127.`
    }
+
+    // Event listeners can only be added after the page is loaded
+    document.getElementById("actiondropdown").addEventListener("change", function() {
+        if (document.getElementById("actiondropdown").value === "POST") {
+            document.getElementById("randomizationtoggle").disabled = false
+            document.getElementById("valuefield").disabled = false
+        } else if (document.getElementById("actiondropdown").value === "DELETE") {
+            document.getElementById("randomizationtoggle").disabled = true
+            document.getElementById("randomizationtoggle").checked = false
+            randomUrlTick()
+            document.getElementById("valuefield").disabled = true
+        } else {
+            console.error("UI Code Error: Action dropdown event listener function reached impossible state")
+        }
+    })
 }

 function makeRandomHex(amount) {
@@ -19,6 +30,8 @@ function makeRandomHex(amount) {
    return result
 }

+
+
 function randomUrlTick() {
    if (document.getElementById("randomizationtoggle").checked == true) {
        document.getElementById("targetfield").disabled = true
@@ -29,9 +42,9 @@ function randomUrlTick() {
    }
 }

-function buttonCopyResult() {
-    navigator.clipboard.writeText(`${document.location.href}${document.getElementById("urlfield").value}`)
-}
+// function buttonCopyResult() {
+//     navigator.clipboard.writeText(`${document.location.href}${document.getElementById("urlfield").value}`)
+// }

 function buttonFillFromClipboard() {
    navigator.clipboard.readText().then(res => {
@@ -39,9 +52,29 @@ function buttonFillFromClipboard() {
    })
 }

-function postData() {
-    fetch("http://nrdesktop:8081/etydwrite", {
-        method: "POST",
+// Changes the buttons text to OK for 500ms for action feedback
+// "internal" in this context just means not called from the page
+function internalButtonConfirmation(element) {
+    let normalValue = document.getElementById(element).innerHTML
+    document.getElementById(element).innerHTML = "Ok"
+    setTimeout(function() {
+        document.getElementById(element).innerHTML = normalValue
+    }, 500)
+}
+
+function buttonCopyUrl() {
+    navigator.clipboard.writeText(`this doesn't work rn lol`)
+    internalButtonConfirmation("buttonCopyUrl")
+}
+
+function buttonClearLog() {
+    document.getElementById("resultfeed").value = ""
+    internalButtonConfirmation("buttonClearLog")
+}
+
+function submitData() {
+    fetch(`http://nrdesktop:8081/etyd${document.getElementById("targetfield").value}`, {
+        method: document.getElementById("actiondropdown").value,
        mode: "cors",
        headers: {
            "Authorization": document.getElementById("authfield").value
@@ -58,4 +91,3 @@ function postData() {
        document.getElementById("resultfeed").value += `\nError: ${error}`
    })
 }
-
--- a/etydFrontend/_static/index.css
+++ b/etydFrontend/_static/index.css
@@ -11,6 +11,10 @@ body {
    margin-right: 1em;
 }

+.marginbottom1em {
+    margin-bottom: 1em;
+}
+
 .resultfeed {
    height: 100%;
 }
@@ -30,7 +34,8 @@ body {
    input, select, textarea, button {
        background: none;
        color: white;
-        border: 2px solid white;
+        border: 1px solid white;
+        padding: 1px 2px;
    }

    input:disabled, button:disabled {
--- a/etydFrontend/index.html
+++ b/etydFrontend/index.html
@@ -1,3 +1,4 @@
+<!DOCTYPE html>
 <html lang="en">
 <head>
    <meta charset="UTF-8">
@@ -7,66 +8,44 @@
    <title>etyd.cc</title>
 </head>
 <body>
-    <!--Title-->
    <h1>etyd.cc URL Shortener</h1>
-    <hr>

-    <div class="flexbox">
+    <div class="flexbox"> <!--FLEXBOX: [Input Panel] [Log]-->
+
        <div class="marginright1em">
-            <!--Input-->
-            <label for="auth">Authorization:</label><br>
-            <input type="password" id="authfield" data-bwautofill> <label>CTRL+Shift+L to Autofill</label><br>
            
-            <label for="url">URL (API Target):</label><br>
-            <input type="text" id="targetfield"><input type="checkbox" id="randomizationtoggle" onclick="randomUrlTick()"> <label>Random</label><br>
+            <button class="marginbottom1em" id="loginbutton">Logout enstrayed</button>

-            <label for="value">Value (Redirect Target):</label><br>
-            <input type="text" id="valuefield">
-            <button onclick="buttonFillFromClipboard()" id="clipboard1">Clipboard</button><br>
+            <div class="marginbottom1em">
+                <label for="action">I want to </label>
+                <select name="action" id="actiondropdown">
+                    <option value="POST">Add</option>
+                    <option value="DELETE">Delete</option>
+                </select>
+            </div>
        
-            <label for="action">Action:</label><br>
-            <select name="action" id="actiondropdown">
-                <option value="POST">Add</option>
-                <option value="DELETE">Delete</option>
-            </select>
+            <div class="marginbottom1em">
+                <label for="url">etyd.cc/</label>
+                <input type="text" id="targetfield"><input type="checkbox" id="randomizationtoggle" onclick="randomUrlTick()"> <label>Random</label>
+            </div>
        
-            <button onclick="postData()">POST Data</button>
-            <button onclick="buttonCopyResult()"  id="clipboard2">Copy Shortened URL</button>
-            <label id="copyconfirmation" style="display: none;">OK</label><br><br>
+            <div class="marginbottom1em">
+                <label for="value">to go to: </label>
+                <input type="text" id="valuefield" placeholder="https://example.com">
+                <button onclick="buttonFillFromClipboard()" id="clipboard1">Clipboard</button>
+            </div>
+        
+            <div class="marginbottom1em">
+                <button onclick="buttonSubmit()" id="buttonSubmit">Submit</button>
+                <button onclick="buttonCopyUrl()" id="buttonCopyUrl">Copy Shortened URL</button>
+                <button onclick="buttonClearLog()" id="buttonClearLog">Clear Log</button>
+            </div>
        </div>
    
        <div>
            <textarea id="resultfeed" cols="50" class="resultfeed" readonly></textarea>
        </div>
-    </div>

-    
-    <hr>
-
-    <!--Details-->
-
-    <div class="flexbox">
-        <div class="marginright1em">
-            <h2>Instructions</h2>
-            <p>
-                1. Enter your API Key in the 'Authorization' field <br>
-                2. Enter the shortened URL you want to act upon under the 'URL' field<br>
-                3. Enter the URL that the user will be redirected to under the 'Value' field<br>
-                4. Change 'Action' depending if you want to create or delete a URL<br>
-                5. Press 'POST Data' to submit the form to the server
-            </p>
-        </div>
-
-        <div>
-            <h2>Status Code Reference</h2>
-            <p>
-                400: Bad Request - You will see this if you try and delete a non-existent URL<br>
-                401: Unauthorized - Did you enter your API key?<br>
-                409: Conflict - The entered URL already exists, tick 'Random' and try again<br>
-                500: Internal Server Error - If this happens something has gone very wrong<br>
-                502: Bad Gateway - If you see this the backend is down/unreachable by Caddy<br>
-            </p>
-        </div>
    </div>
    

--- a/liberals/auth.js
+++ b/liberals/auth.js
@@ -0,0 +1,36 @@
+const { globalConfig } = require("../index.js")
+
+async function checkToken(token,scope) {
+    return await fetch(`http://${globalConfig.couchdb.host}/auth/sessions`, {
+        headers: {
+            "Authorization": `Basic ${btoa(globalConfig.couchdb.authorization)}`
+        }
+    }).then(fetchRes => {
+
+        // CouchDB should only ever return 200/304 for success so this should work
+        // https://docs.couchdb.org/en/stable/api/document/common.html#get--db-docid
+        if (fetchRes.status !== 200 || fetchRes.status !== 304) { 
+            console.log(`ERROR: auth.js: Database request returned ${fetchRes.status}`)
+            return false
+        } else {
+
+            return fetchRes.json().then(dbRes => { 
+
+                if (dbRes.sessions[token] == undefined) { // If the token is not on the sessions list then reject
+                    return false
+                } else if (dbRes.sessions[token].scopes.includes(scope)) { // If the token is on the seesions list and includes the scope then accept
+                    return true
+                } else { // Otherwise reject
+                    return false
+                }
+
+            })
+        }
+
+    }).catch(error => {
+        console.log("ERROR: auth.js: " + error)
+        return false
+    })
+}
+
+module.exports = {checkToken}
--- a/routes/etyd.js
+++ b/routes/etyd.js
@@ -1,5 +1,5 @@
 const { app, globalConfig } = require("../index.js") // Get globals from index
-const { checkAuthorization } = require("../liberals/authorization.js")
+const { checkToken } = require("../liberals/auth.js")

 app.get("/etyd*", (rreq,rres) => {
    fetch(`http://${globalConfig.couchdb.host}/etyd${rreq.path.replace("/etyd","")}`, {
@@ -30,9 +30,8 @@ app.delete("/etyd*", (rreq,rres) => {
    if (rreq.get("Authorization") === undefined) {
        rres.sendStatus(400)
    } else {
-        checkAuthorization(globalConfig.etyd.authKeysDoc,rreq.get("Authorization")).then(authRes => {
+        checkToken(rreq.get("Authorization"),"etyd").then(authRes => {
            if (authRes === false) {
-                console.log(`${rreq.get("cf-connecting-ip")} DELETE ${rreq.path} returned 401`) // Log unauthorized requests
                rres.sendStatus(401)
            } else if (authRes === true) { // Authorization successful

@@ -82,14 +81,12 @@ app.post("/etyd*", (rreq,rres) => {
    if (rreq.get("Authorization") === undefined) {
        rres.sendStatus(400)
    } else {
-        checkAuthorization(globalConfig.etyd.authKeysDoc,rreq.get("Authorization")).then(authRes => {
+        checkToken(rreq.get("Authorization"),"etyd").then(authRes => {
            if (authRes === false) {
-                console.log(`${rreq.get("cf-connecting-ip")} POST ${rreq.path} returned 401`) // Log unauthorized requests
                rres.sendStatus(401)
            } else if (authRes === true) { // Authorization successful

                if (rreq.body["url"] == undefined) {
-                    console.log(`${rreq.get("cf-connecting-ip")} POST ${rreq.path} returned 400 KEY: ${rreq.get("Authorization")}`)
                    rres.sendStatus(400)
                } else {
                    fetch(`http://${globalConfig.couchdb.host}/etyd${rreq.path.replace("/etyd", "")}`, { 
@@ -106,12 +103,10 @@ app.post("/etyd*", (rreq,rres) => {
    
                        switch(dbRes.status) {
                            case 409:
-                                console.log(`${rreq.get("cf-connecting-ip")} POST ${rreq.path} returned 409 KEY: ${rreq.get("Authorization")}`)
                                rres.sendStatus(409)
                                break;

                            case 201:
-                                console.log(`${rreq.get("cf-connecting-ip")} POST ${rreq.path} returned 200 KEY: ${rreq.get("Authorization")}`)
                                rres.status(200).send(rreq.path.replace("/etyd", ""))
                                break;

@@ -132,5 +127,4 @@ app.post("/etyd*", (rreq,rres) => {

 })

-
 module.exports = {app} // export routes to be imported by index for execution
--- a/routes/mailjet.js
+++ b/routes/mailjet.js
@@ -1,9 +1,9 @@
 const { app, globalConfig } = require("../index.js") // Get globals from index
-const { checkAuthorization } = require("../liberals/authorization.js")
+const { checkToken } = require("../liberals/auth.js")

 app.post("/sendemail", (rreq,rres) => {

-    checkAuthorization(globalConfig.mailjet.authKeysDoc,rreq.get("Authorization")).then(authRes => {
+    checkToken(rreq.get("Authorization"),"mailjet").then(authRes => {
        if (authRes === false) { // If the supplied authorization is invalid or an error occured

            console.log(`${rreq.get("cf-connecting-ip")} POST /sendemail returned 401`) // Log the request
@@ -21,8 +21,7 @@ app.post("/sendemail", (rreq,rres) => {
                    "Messages": [
                        {
                            "From": {
-                                "Email": globalConfig.mailjet.senderAddress,
-                                "Name": globalConfig.mailjet.senderName,
+                                "Email": globalConfig.mailjet.senderAddress
                            },
                            "To": [
                                {