bruuhuhuh

This commit is contained in:
asyncnomi 2023-01-08 22:18:37 +01:00
parent 69e7960233
commit 3c6e2e3780
3 changed files with 208 additions and 47 deletions

179
index.js
View file

@ -1,8 +1,10 @@
const fastify = require('fastify')({ logger: true })
const fs = require('fs');
const path = require('path')
var LdapAuth = require('ldapauth-fork');
const CryptoJS = require("crypto-js");
// var LdapAuth = require('ldapauth-fork');
var usersBdd = "usersBdd.txt";
var prankPath = "prankdata.txt";
var activityPath = "activitydata.txt";
var treasurePath = "treasuredata.txt";
@ -10,6 +12,8 @@ var goldenUsersPath = "goldenusers.txt";
initFs();
let UsersBDD = JSON.parse(fs.readFileSync(usersBdd));
let PrankData = JSON.parse(fs.readFileSync(prankPath));
let ActivityData = JSON.parse(fs.readFileSync(activityPath));
let TreasureData = JSON.parse(fs.readFileSync(treasurePath));
@ -20,19 +24,19 @@ let TokenDurationSecond = 3600;
let MaxAmountCrepe = 10;
let Supplements = ["nature", "sucre", "nutella", "confiture"];
var ldapConf = JSON.parse(fs.readFileSync("ldap-conf.json"));
var LDAP = new LdapAuth({
url: 'ldap://10.5.0.44',
bindDN: 'cn='+ ldapConf.bindUser +',ou=service-users,dc=ldap,dc=rezo-rm,dc=fr',
bindCredentials: ldapConf.bindPassword,
searchBase: 'dc=ldap,dc=rezo-rm,dc=fr',
searchFilter: '(uid={{username}})',
reconnect: true,
});
LDAP.on('error', function (err) {
console.error('LdapAuth: ', err);
});
ldapConf = null;
// var ldapConf = JSON.parse(fs.readFileSync("ldap-conf.json"));
// var LDAP = new LdapAuth({
// url: 'ldap://10.5.0.44',
// bindDN: 'cn='+ ldapConf.bindUser +',ou=service-users,dc=ldap,dc=rezo-rm,dc=fr',
// bindCredentials: ldapConf.bindPassword,
// searchBase: 'dc=ldap,dc=rezo-rm,dc=fr',
// searchFilter: '(uid={{username}})',
// reconnect: true,
// });
// LDAP.on('error', function (err) {
// console.error('LdapAuth: ', err);
// });
// ldapConf = null;
fastify.addContentTypeParser('application/json', {
parseAs: 'string'
@ -55,31 +59,119 @@ fastify.get('/', async (request, reply) => {
reply.redirect('/index.html')
})
// fastify.post('/login', async (request, reply) => {
// let content = request.body;
// if (content.hasOwnProperty("user")
// && content.hasOwnProperty("password")) {
// let res = await authenticate(content.user, content.password);
// if (res.authState) {
// let now = new Date();
// UsersToken[res.authUser.uid] = {
// token: makeid(64),
// expire: now.setSeconds(now.getSeconds() + TokenDurationSecond)
// }
// return {
// success: true,
// user: {
// uid: res.authUser.uid,
// givenName: res.authUser.givenName,
// isAdmin: AdminUsersUid.includes(res.authUser.uid)
// },
// token: UsersToken[res.authUser.uid].token
// }
// } else {
// return {
// success: false,
// why: "Wrong username or password"
// }
// }
// } else {
// return {
// success: false,
// why: "The username or password is missing"
// }
// }
// })
fastify.post('/login', async (request, reply) => {
let content = request.body;
if (content.hasOwnProperty("user")
&& content.hasOwnProperty("password")) {
let res = await authenticate(content.user, content.password);
if (res.authState) {
if (UsersBDD.hasOwnProperty(content.user) {
var hash;
try {
hash = CryptoJS.SHA512(content.password).toString();
} catch {
return {
success: false,
why: "Wrong username or password"
}
}
if (hash === UsersBDD[content.user].password) {
let now = new Date();
UsersToken[content.user] = {
token: makeid(64),
expire: now.setSeconds(now.getSeconds() + TokenDurationSecond)
}
return {
success: true,
user: {
uid: content.user,
isAdmin: AdminUsersUid.includes(content.user)
},
token: UsersToken[res.authUser.uid].token
}
} else {
return {
success: false,
why: "Wrong username or password"
}
}
}
} else {
return {
success: false,
why: "The username or password is missing"
}
}
})
fastify.post('/register', async (request, reply) => {
let content = request.body;
if (content.hasOwnProperty("user")
&& content.hasOwnProperty("password")) {
if (UsersBDD.hasOwnProperty(content.user) {
return {
success: false,
why: "This user already exists"
}
} else {
var hash;
try {
hash = CryptoJS.SHA512(content.password).toString();
} catch {
return {
success: false,
why: "What are you doing bruh ??"
}
}
UsersBDD[content.user] = {
password: hash
}
saveData(usersBdd, UsersBDD);
let now = new Date();
UsersToken[res.authUser.uid] = {
UsersToken[content.user] = {
token: makeid(64),
expire: now.setSeconds(now.getSeconds() + TokenDurationSecond)
}
return {
success: true,
user: {
uid: res.authUser.uid,
givenName: res.authUser.givenName,
isAdmin: AdminUsersUid.includes(res.authUser.uid)
uid: content.user,
isAdmin: AdminUsersUid.includes(content.user)
},
token: UsersToken[res.authUser.uid].token
}
} else {
return {
success: false,
why: "Wrong username or password"
}
}
} else {
return {
@ -624,23 +716,23 @@ function saveData(path, data) {
fs.writeFileSync(path, JSON.stringify(data));
}
function authenticate(user, pwd) {
return new Promise((resolve, reject) => {
LDAP.authenticate(user, pwd, function(err, user) {
if (user && err == null) {
resolve({
authState: true,
authUser: user
});
} else {
resolve({
authState: false,
authUser: null
});
}
});
})
}
// function authenticate(user, pwd) {
// return new Promise((resolve, reject) => {
// LDAP.authenticate(user, pwd, function(err, user) {
// if (user && err == null) {
// resolve({
// authState: true,
// authUser: user
// });
// } else {
// resolve({
// authState: false,
// authUser: null
// });
// }
// });
// })
// }
function checkAuthetification(content) {
if (content.hasOwnProperty("uid")
@ -716,6 +808,9 @@ function checkManage(content, input, data) {
}
function initFs() {
if (!fs.existsSync(usersBdd)) {
fs.writeFileSync(usersBdd, "{}");
}
if (!fs.existsSync(prankPath)) {
fs.writeFileSync(prankPath, "{}");
}

View file

@ -93,6 +93,7 @@
</div> <!-- end admin page -->
<div class="container" id="login-page" style="display: none;">
<p>Connection</p>
<div class="column-section">
<div id="login-form">
<div class="form-group">
@ -109,6 +110,23 @@
</div>
</div>
</div>
<p>Inscription</p>
<div class="column-section">
<div id="register-form">
<div class="form-group">
<input type="text" class="form-control" placeholder="Nom d'espion" name="login" id="register-user"/>
</div>
<div class="form-group">
<input type="password" class="form-control" placeholder="Mot de passe secret" name="password" id="register-password" />
</div>
<div class="form-group">
<button type="submit" class="btn btn-primary" id="register-button">S'inscrire</button>
</div>
<div class="form-group">
<p id="error-message-register"></p>
</div>
</div>
</div>
<hr/>
<div class="row banner">
<h2>Notice pour l'espion</h2>

View file

@ -15,12 +15,12 @@ function show_page(id, historyPush) {
for(i in page) {
$(page[i]).hide().removeClass("away");
}
$hs = $(history.state).show();
if(!historyPush)
$hs.addClass('away');
$id = $(id).show();
if(!historyPush) {
history.pushState(id, "", "")
@ -77,6 +77,54 @@ $("#login-button").click(function (e) {
});
$("#register-button").click(function (e) {
var data = JSON.stringify({
user: $("#register-user").val(),
password: $("#register-password").val()
});
$("#register-password").val('');
$.ajax({
type: "POST",
url: base_url + "register",
data: data,
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function (data) {
if(data.success) {
localStorage.setItem("token", data.token);
localStorage.setItem("user", data.user.uid);
localStorage.setItem("isAdmin", data.user.isAdmin);
if (data.user.isAdmin) {
show_page('#admin-page');
get_admin("prank");
} else {
show_page('#demande-page');
}
} else {
$('#error-message-register').empty();
t = new TypeIt('#error-message-register', {
speed: 110,
lifeLike: true
})
.type(data.why)
.go();
}
},
error: function(e, status, i) {
$('#error-message-register').empty();
t = new TypeIt('#error-message-register', {
speed: 110,
lifeLike: true
})
.type(status)
.go();
}
});
});
$("#prank-button").click(function () {
if (localStorage.getItem('token')) {
show_page('#demande-page');
@ -563,7 +611,7 @@ function updateDemandes() {
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function (data) {
success: function (data) {
if(data.success) {
$('#demande-list').html('');
let pd = data.prankData;
@ -593,7 +641,7 @@ function updateDemandes() {
uid: localStorage.getItem('user'),
token: localStorage.getItem('token'),
prankUid: pd_uid
}),
contentType: "application/json; charset=utf-8",
dataType: "json",
@ -690,7 +738,7 @@ $(window).on("load", function() {
var time = b[1];
var days = b[0];
var t = time.split(":").map(t => parseInt(t));
t[2] -= 1;
if (t[2] < 0) {
t[2] = 59;