package pages import ( "encoding/json" "io" "net/http" "net/url" "os" "strings" log "log/slog" "github.com/ProjectSegfault/publapi/utils" "github.com/containrrr/shoutrrr" "github.com/gofiber/fiber/v2" ) type formValues struct { Username string Email string SshPublicKey string IPAddress string CaptchaResponse string } type CaptchaResponse struct { Success bool `json:"success"` } func CaptchaCheck(response string, secret string) bool { // Check the captcha validation. params := url.Values{} params.Add("response", response) params.Add("secret", secret) body := strings.NewReader(params.Encode()) req, err := http.NewRequest("POST", "https://hcaptcha.com/siteverify", body) if err != nil { log.Error("couldn't make request to hCaptcha verification API", log.Any("err", err)) return false } req.Header.Set("Content-Type", "application/x-www-form-urlencoded") resp, err := http.DefaultClient.Do(req) if err != nil { log.Error("couldn't do request to hCaptcha verification API", log.Any("err", err)) return false } defer resp.Body.Close() bod, err := io.ReadAll(resp.Body) if err != nil { log.Error("couldn't read response body", log.Any("err", err)) return false } sb := string(bod) captchaResponse := CaptchaResponse{} err = json.Unmarshal([]byte(sb), &captchaResponse) if err != nil { log.Error("couldn't unmarshal hCaptcha response into a CaptchaResponse struct", log.Any("err", err)) } return captchaResponse.Success } // SignupPage is the signup page handler func SignupPage(c *fiber.Ctx) error { SignupIP, SignupIPExists := os.LookupEnv("PUBLAPI_SIGNUP_IP") if SignupIPExists { if c.IP() != SignupIP { log.Info("Request made from invalid IP: ", c.IP()) return c.SendStatus(fiber.StatusForbidden) } } formValues := formValues{ Username: c.FormValue("username"), Email: c.FormValue("email"), SshPublicKey: c.FormValue("ssh"), IPAddress: c.FormValue("ip"), CaptchaResponse: c.FormValue("h-captcha-response"), } if formValues.CaptchaResponse == "" { return c.SendStatus(fiber.StatusBadRequest) } if formValues.Username == "" || formValues.Email == "" || formValues.SshPublicKey == "" || formValues.IPAddress == "" { log.Error("username, email, ssh and ip must be filled", formValues.Username, formValues.Email, formValues.SshPublicKey, formValues.IPAddress) return c.SendStatus(fiber.StatusBadRequest) } raid, ok := os.LookupEnv("PUBLAPI_RAID_MODE") if !ok || raid == "1" { log.Warn( "PUBLAPI_RAID_MODE is on, accepting every request as OK and not doing anything...\n User info: ", formValues.Username, " ", formValues.Email, " ", formValues.IPAddress, " ", ) return c.SendStatus(fiber.StatusOK) } // get captcha secret captchaSecret, _ := os.LookupEnv("PUBLAPI_CAPTCHA_SECRET") if !CaptchaCheck(formValues.CaptchaResponse, captchaSecret) { log.Error("Captcha validation failed") return c.JSON(fiber.Map{ "username": formValues.Username, "message": "Sorry, but the captcha validation failed. Please try again.", "status": c.Response().StatusCode(), }) } else { // Check if user already exists // We'll check the home folder and see if the username folder exists. _, err := os.Stat("/home/" + formValues.Username) if err == nil { log.Error("User already exists : ", formValues.Username) return c.JSON(fiber.Map{ "username": formValues.Username, "message": "User already exists. Please choose a different username.", "status": c.Response().StatusCode(), }) } // create user file f, err := os.Create("/var/publapi/users/" + formValues.Username + ".sh") if err != nil { log.Error("Error creating user file", err) return c.SendStatus(fiber.StatusInternalServerError) } defer f.Close() chmoderr := os.Chmod("/var/publapi/users/"+formValues.Username+".sh", 0700) if chmoderr != nil { UserError("couldn't chmod users script with permissions 0700", formValues.Username, chmoderr) } bashScript := strings.ReplaceAll(utils.BashScript, "{{sshkey}}", formValues.SshPublicKey) bashScript = strings.ReplaceAll(bashScript, "{{email}}", formValues.Email) bashScript = strings.ReplaceAll(bashScript, "{{username}}", formValues.Username) // write to file _, err = f.WriteString(bashScript) if err != nil { log.Error("Error writing to user file", err) return c.SendStatus(fiber.StatusInternalServerError) } log.Info( "Registration request for " + formValues.Username + " has been submitted by the frontend and has been written to /var/publapi/users/" + formValues.Username + ".sh", ) // send notification to user that their reg request was sent // err = shoutrrr.Send(os.Getenv("PUBLAPI_EMAIL_SHOUTRRRURL")+email, "Hello "+username+",\nYour registration request has been sent.\nIt will take a maximum of 48 hours for the request to be processed.\nThank you for being part of the Project Segfault Pubnix.") // if err != nil { // log.Error("Error sending email to user", err) // return c.SendStatus(fiber.StatusInternalServerError) // } // send notification to admins shoutrrrUrl := os.Getenv("PUBLAPI_NOTIFY_SHOUTRRRURL") + os.Getenv("PUBLAPI_NOTIFY_ROOMS") err = shoutrrr.Send( shoutrrrUrl, "New user signup! Please review /var/publapi/users/"+formValues.Username+".sh to approve or deny the user. IP: "+formValues.IPAddress+" Email: "+formValues.Email, ) if err != nil { log.Error("error sending notification to admins", log.Any("err", err)) //return c.SendStatus(fiber.StatusInternalServerError) } return c.JSON(fiber.Map{ "username": formValues.Username, "message": "User created! Please allow us 24 hours or more to review your account.", "status": c.Response().StatusCode(), }) } }