publapi/pages/signup.go

package pages

import (
	"encoding/json"
	"io"
	"net/http"
	"net/url"
	"os"
	"strings"

	"github.com/ProjectSegfault/publapi/utils"
	"github.com/containrrr/shoutrrr"
	"github.com/gofiber/fiber/v2"
	log "github.com/sirupsen/logrus"
)

type formValues struct {
	Username        string
	Email           string
	SshPublicKey    string
	IPAddress       string
	CaptchaResponse string
}

type CaptchaResponse struct {
	Success bool `json:"success"`
}

// SignupPage is the signup page handler
func SignupPage(c *fiber.Ctx) error {
	SignupIP, SignupIPExists := os.LookupEnv("PUBLAPI_SIGNUP_IP")
	if SignupIPExists {
		if c.IP() != SignupIP {
			log.Info("Request made from invalid IP: ", c.IP())
			return c.SendStatus(fiber.StatusForbidden)
		}
	}

	formValues := formValues{
		Username:        c.FormValue("username"),
		Email:           c.FormValue("email"),
		SshPublicKey:    c.FormValue("ssh"),
		IPAddress:       c.FormValue("ip"),
		CaptchaResponse: c.FormValue("h-captcha-response"),
	}

	if formValues.CaptchaResponse == "" {
		log.Error("Nice try, but the registration won't work unless you answer the captcha.")
		return c.SendStatus(fiber.StatusBadRequest)
	}

	if formValues.Username == "" || formValues.Email == "" || formValues.SshPublicKey == "" || formValues.IPAddress == "" {
		log.Error("username, email, ssh and ip must be filled", formValues.Username, formValues.Email, formValues.SshPublicKey, formValues.IPAddress)
		return c.SendStatus(fiber.StatusBadRequest)
	}
	raid, ok := os.LookupEnv("PUBLAPI_RAID_MODE")
	if !ok || raid == "1" {
		log.Warn(
			"PUBLAPI_RAID_MODE is on, accepting every request as OK and not doing anything...\n User info: ",
			formValues.Username,
			" ",
			formValues.Email,
			" ",
			formValues.IPAddress,
			" ",
		)
		return c.SendStatus(fiber.StatusOK)
	}

	// Check the captcha validation.

	captchaSecret, _ := os.LookupEnv("PUBLAPI_CAPTCHA_SECRET")

	params := url.Values{}
	params.Add("response", formValues.CaptchaResponse)
	params.Add("secret", captchaSecret)
	body := strings.NewReader(params.Encode())

	req, err := http.NewRequest("POST", "https://hcaptcha.com/siteverify", body)
	if err != nil {
		// handle err
	}

	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")

	resp, err := http.DefaultClient.Do(req)
	if err != nil {
		log.Error("Something went wrong fetching the HCatpcha API: ", err)
	}
	defer resp.Body.Close()

	bod, err := io.ReadAll(resp.Body)
	if err != nil {
		log.Error("Error reading captcha response body", err)
	}
	sb := string(bod)
	log.Info("Captcha response: ", sb)

	captchaResponse := CaptchaResponse{}
	err = json.Unmarshal([]byte(sb), &captchaResponse)
	if err != nil {
		log.Error("Error unmarshalling captcha response", err)
	}

	if !captchaResponse.Success {
		log.Error("Captcha validation failed")
		return c.JSON(fiber.Map{
			"username": formValues.CaptchaResponse,
			"message":  "Sorry, but the captcha validation failed. Please try again.",
			"status":   c.Response().StatusCode(),
		})
	} else {
		// Check if user already exists
		// We'll check the home folder and see if the username folder exists.
		_, err := os.Stat("/home/" + formValues.Username)
		if err == nil {
			log.Error("User already exists : ", formValues.Username)
			return c.JSON(fiber.Map{
				"username": formValues.Username,
				"message":  "User already exists. Please choose a different username.",
				"status":   c.Response().StatusCode(),
			})
		}

		// create user file

		f, err := os.Create("/var/publapi/users/" + formValues.Username + ".sh")
		if err != nil {
			log.Error("Error creating user file", err)
			return c.SendStatus(fiber.StatusInternalServerError)
		}
		defer f.Close()
		chmoderr := os.Chmod("/var/publapi/users/"+formValues.Username+".sh", 0700)
		if chmoderr != nil {
			log.Error(err)
		}
		bashScript := strings.ReplaceAll(utils.BashScript, "{{sshkey}}", formValues.SshPublicKey)
		bashScript = strings.ReplaceAll(bashScript, "{{email}}", formValues.Email)
		bashScript = strings.ReplaceAll(bashScript, "{{username}}", formValues.Username)
		// write to file
		_, err = f.WriteString(bashScript)
		if err != nil {
			log.Error("Error writing to user file", err)
			return c.SendStatus(fiber.StatusInternalServerError)
		}

		log.Info(
			"Registration request for " + formValues.Username + " has been submitted by the frontend and has been written to /var/publapi/users/" + formValues.Username + ".sh",
		)

		// send notification to user that their reg request was sent

		// err = shoutrrr.Send(os.Getenv("PUBLAPI_EMAIL_SHOUTRRRURL")+email, "Hello "+username+",\nYour registration request has been sent.\nIt will take a maximum of 48 hours for the request to be processed.\nThank you for being part of the Project Segfault Pubnix.")
		// if err != nil {
		// 	log.Error("Error sending email to user", err)
		// 	return c.SendStatus(fiber.StatusInternalServerError)
		// }

		// send notification to admins

		shoutrrrUrl := os.Getenv("PUBLAPI_NOTIFY_SHOUTRRRURL") + os.Getenv("PUBLAPI_NOTIFY_ROOMS")
		err = shoutrrr.Send(
			shoutrrrUrl,
			"New user signup! Please review /var/publapi/users/"+formValues.Username+".sh to approve or deny the user. IP: "+formValues.IPAddress+" Email: "+formValues.Email,
		)
		if err != nil {
			log.Error("Error sending notification to admins", err)
			//return c.SendStatus(fiber.StatusInternalServerError)
		}
		return c.JSON(fiber.Map{
			"username": formValues.Username,
			"message":  "User created! Please allow us 24 hours or more to review your account.",
			"status":   c.Response().StatusCode(),
		})
	}
}
Arya fix it Signed-off-by: Odyssey <odyssey346@disroot.org> 2023-01-07 21:03:51 +05:30			`package pages`

			`import (`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`"encoding/json"`
Add a failsafe if the user is created twice (It just happaned, this is just to prevent further damages.) 2024-02-27 19:35:13 +05:30			`"io"`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`"net/http"`
			`"net/url"`
			`"os"`
			`"strings"`

make signup script a template 2023-01-21 22:19:17 +05:30			`"github.com/ProjectSegfault/publapi/utils"`
Arya fix it Signed-off-by: Odyssey <odyssey346@disroot.org> 2023-01-07 21:03:51 +05:30			`"github.com/containrrr/shoutrrr"`
send user email once registration is sent 2023-02-05 19:00:47 +05:30			`"github.com/gofiber/fiber/v2"`
Switch logger Signed-off-by: Odyssey <odyssey346@disroot.org> 2023-01-07 22:24:04 +05:30			`log "github.com/sirupsen/logrus"`
Arya fix it Signed-off-by: Odyssey <odyssey346@disroot.org> 2023-01-07 21:03:51 +05:30			`)`

Small code cleanups. 2024-09-29 00:20:57 +05:30			`type formValues struct {`
			`Username string`
			`Email string`
			`SshPublicKey string`
			`IPAddress string`
			`CaptchaResponse string`
			`}`

			`type CaptchaResponse struct {`
			Success bool `json:"success"`
			`}`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30
Small code cleanups. 2024-09-29 00:20:57 +05:30			`// SignupPage is the signup page handler`
Arya fix it Signed-off-by: Odyssey <odyssey346@disroot.org> 2023-01-07 21:03:51 +05:30			`func SignupPage(c *fiber.Ctx) error {`
add signup ip support 2023-02-18 15:20:24 +05:30			`SignupIP, SignupIPExists := os.LookupEnv("PUBLAPI_SIGNUP_IP")`
Small code cleanups. 2024-09-29 00:20:57 +05:30			`if SignupIPExists {`
add signup ip support 2023-02-18 15:20:24 +05:30			`if c.IP() != SignupIP {`
			`log.Info("Request made from invalid IP: ", c.IP())`
			`return c.SendStatus(fiber.StatusForbidden)`
			`}`
			`}`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30
Small code cleanups. 2024-09-29 00:20:57 +05:30			`formValues := formValues{`
			`Username: c.FormValue("username"),`
			`Email: c.FormValue("email"),`
			`SshPublicKey: c.FormValue("ssh"),`
			`IPAddress: c.FormValue("ip"),`
			`CaptchaResponse: c.FormValue("h-captcha-response"),`
			`}`

			`if formValues.CaptchaResponse == "" {`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`log.Error("Nice try, but the registration won't work unless you answer the captcha.")`
			`return c.SendStatus(fiber.StatusBadRequest)`
			`}`

Small code cleanups. 2024-09-29 00:20:57 +05:30			`if formValues.Username == "" \|\| formValues.Email == "" \|\| formValues.SshPublicKey == "" \|\| formValues.IPAddress == "" {`
			`log.Error("username, email, ssh and ip must be filled", formValues.Username, formValues.Email, formValues.SshPublicKey, formValues.IPAddress)`
add ssh key value for signup 2023-01-17 20:36:47 +05:30			`return c.SendStatus(fiber.StatusBadRequest)`
			`}`
raid mode 2023-05-27 15:54:23 +05:30			`raid, ok := os.LookupEnv("PUBLAPI_RAID_MODE")`
			`if !ok \|\| raid == "1" {`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`log.Warn(`
			`"PUBLAPI_RAID_MODE is on, accepting every request as OK and not doing anything...\n User info: ",`
Small code cleanups. 2024-09-29 00:20:57 +05:30			`formValues.Username,`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`" ",`
Small code cleanups. 2024-09-29 00:20:57 +05:30			`formValues.Email,`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`" ",`
Small code cleanups. 2024-09-29 00:20:57 +05:30			`formValues.IPAddress,`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`" ",`
			`)`
raid mode 2023-05-27 15:54:23 +05:30			`return c.SendStatus(fiber.StatusOK)`
			`}`
Arya fix it Signed-off-by: Odyssey <odyssey346@disroot.org> 2023-01-07 21:03:51 +05:30
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`// Check the captcha validation.`

Small code cleanups. 2024-09-29 00:20:57 +05:30			`captchaSecret, _ := os.LookupEnv("PUBLAPI_CAPTCHA_SECRET")`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30
			`params := url.Values{}`
Small code cleanups. 2024-09-29 00:20:57 +05:30			`params.Add("response", formValues.CaptchaResponse)`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`params.Add("secret", captchaSecret)`
			`body := strings.NewReader(params.Encode())`

			`req, err := http.NewRequest("POST", "https://hcaptcha.com/siteverify", body)`
Arya fix it Signed-off-by: Odyssey <odyssey346@disroot.org> 2023-01-07 21:03:51 +05:30			`if err != nil {`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`// handle err`
make signup script executable (700) 2023-01-21 14:26:07 +05:30			`}`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30
			`req.Header.Set("Content-Type", "application/x-www-form-urlencoded")`

			`resp, err := http.DefaultClient.Do(req)`
Arya fix it Signed-off-by: Odyssey <odyssey346@disroot.org> 2023-01-07 21:03:51 +05:30			`if err != nil {`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`log.Error("Something went wrong fetching the HCatpcha API: ", err)`
Arya fix it Signed-off-by: Odyssey <odyssey346@disroot.org> 2023-01-07 21:03:51 +05:30			`}`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`defer resp.Body.Close()`
Arya fix it Signed-off-by: Odyssey <odyssey346@disroot.org> 2023-01-07 21:03:51 +05:30
Add a failsafe if the user is created twice (It just happaned, this is just to prevent further damages.) 2024-02-27 19:35:13 +05:30			`bod, err := io.ReadAll(resp.Body)`
send user email once registration is sent 2023-02-05 19:00:47 +05:30			`if err != nil {`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`log.Error("Error reading captcha response body", err)`
send user email once registration is sent 2023-02-05 19:00:47 +05:30			`}`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`sb := string(bod)`
			`log.Info("Captcha response: ", sb)`

Small code cleanups. 2024-09-29 00:20:57 +05:30			`captchaResponse := CaptchaResponse{}`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`err = json.Unmarshal([]byte(sb), &captchaResponse)`
Fix syntax Signed-off-by: Odyssey <odyssey346@disroot.org> 2023-01-07 21:32:06 +05:30			`if err != nil {`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`log.Error("Error unmarshalling captcha response", err)`
Fix syntax Signed-off-by: Odyssey <odyssey346@disroot.org> 2023-01-07 21:32:06 +05:30			`}`
Arya fix it Signed-off-by: Odyssey <odyssey346@disroot.org> 2023-01-07 21:03:51 +05:30
Small code cleanups. 2024-09-29 00:20:57 +05:30			`if !captchaResponse.Success {`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`log.Error("Captcha validation failed")`
Replace the error code with an actual response for the end user. 2023-07-11 03:38:46 +05:30			`return c.JSON(fiber.Map{`
Small code cleanups. 2024-09-29 00:20:57 +05:30			`"username": formValues.CaptchaResponse,`
			`"message": "Sorry, but the captcha validation failed. Please try again.",`
Replace the error code with an actual response for the end user. 2023-07-11 03:38:46 +05:30			`"status": c.Response().StatusCode(),`
			`})`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`} else {`
Add a failsafe if the user is created twice (It just happaned, this is just to prevent further damages.) 2024-02-27 19:35:13 +05:30			`// Check if user already exists`
			`// We'll check the home folder and see if the username folder exists.`
Small code cleanups. 2024-09-29 00:20:57 +05:30			`_, err := os.Stat("/home/" + formValues.Username)`
Add a failsafe if the user is created twice (It just happaned, this is just to prevent further damages.) 2024-02-27 19:35:13 +05:30			`if err == nil {`
Small code cleanups. 2024-09-29 00:20:57 +05:30			`log.Error("User already exists : ", formValues.Username)`
Add a failsafe if the user is created twice (It just happaned, this is just to prevent further damages.) 2024-02-27 19:35:13 +05:30			`return c.JSON(fiber.Map{`
Small code cleanups. 2024-09-29 00:20:57 +05:30			`"username": formValues.Username,`
Reformulate some words to be better looking, also the logs should look better now. 2024-02-27 19:59:50 +05:30			`"message": "User already exists. Please choose a different username.",`
Add a failsafe if the user is created twice (It just happaned, this is just to prevent further damages.) 2024-02-27 19:35:13 +05:30			`"status": c.Response().StatusCode(),`
			`})`
			`}`
Whoops, extra unused bracked got lost in there and made the program fail to compile. 2024-02-27 19:37:27 +05:30
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`// create user file`

Small code cleanups. 2024-09-29 00:20:57 +05:30			`f, err := os.Create("/var/publapi/users/" + formValues.Username + ".sh")`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`if err != nil {`
			`log.Error("Error creating user file", err)`
			`return c.SendStatus(fiber.StatusInternalServerError)`
			`}`
			`defer f.Close()`
Small code cleanups. 2024-09-29 00:20:57 +05:30			`chmoderr := os.Chmod("/var/publapi/users/"+formValues.Username+".sh", 0700)`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`if chmoderr != nil {`
			`log.Error(err)`
			`}`
Small code cleanups. 2024-09-29 00:20:57 +05:30			`bashScript := strings.ReplaceAll(utils.BashScript, "{{sshkey}}", formValues.SshPublicKey)`
			`bashScript = strings.ReplaceAll(bashScript, "{{email}}", formValues.Email)`
			`bashScript = strings.ReplaceAll(bashScript, "{{username}}", formValues.Username)`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`// write to file`
Small code cleanups. 2024-09-29 00:20:57 +05:30			`_, err = f.WriteString(bashScript)`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`if err != nil {`
			`log.Error("Error writing to user file", err)`
			`return c.SendStatus(fiber.StatusInternalServerError)`
			`}`

			`log.Info(`
Small code cleanups. 2024-09-29 00:20:57 +05:30			`"Registration request for " + formValues.Username + " has been submitted by the frontend and has been written to /var/publapi/users/" + formValues.Username + ".sh",`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`)`

			`// send notification to user that their reg request was sent`

i fixed matrix notifs This reverts commit af0022c30d396f58f237c3b19f88e95fce84ca01. 2023-08-13 15:58:34 +05:30			`// err = shoutrrr.Send(os.Getenv("PUBLAPI_EMAIL_SHOUTRRRURL")+email, "Hello "+username+",\nYour registration request has been sent.\nIt will take a maximum of 48 hours for the request to be processed.\nThank you for being part of the Project Segfault Pubnix.")`
			`// if err != nil {`
			`// log.Error("Error sending email to user", err)`
			`// return c.SendStatus(fiber.StatusInternalServerError)`
			`// }`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30
			`// send notification to admins`

i fixed matrix notifs This reverts commit af0022c30d396f58f237c3b19f88e95fce84ca01. 2023-08-13 15:58:34 +05:30			`shoutrrrUrl := os.Getenv("PUBLAPI_NOTIFY_SHOUTRRRURL") + os.Getenv("PUBLAPI_NOTIFY_ROOMS")`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`err = shoutrrr.Send(`
			`shoutrrrUrl,`
Small code cleanups. 2024-09-29 00:20:57 +05:30			`"New user signup! Please review /var/publapi/users/"+formValues.Username+".sh to approve or deny the user. IP: "+formValues.IPAddress+" Email: "+formValues.Email,`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`)`
			`if err != nil {`
			`log.Error("Error sending notification to admins", err)`
dont give error to the user if internal notif fails 2024-05-22 11:16:10 +05:30			`//return c.SendStatus(fiber.StatusInternalServerError)`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`}`
			`return c.JSON(fiber.Map{`
Small code cleanups. 2024-09-29 00:20:57 +05:30			`"username": formValues.Username,`
Require a captcha on the backend 2023-07-11 02:53:29 +05:30			`"message": "User created! Please allow us 24 hours or more to review your account.",`
			`"status": c.Response().StatusCode(),`
			`})`
			`}`
Arya fix it Signed-off-by: Odyssey <odyssey346@disroot.org> 2023-01-07 21:03:51 +05:30			`}`