forked from ProjectSegfault/publapi
Require a captcha on the backend
This commit is contained in:
parent
1025d8a50b
commit
c8ca445bb7
1
go.mod
1
go.mod
@ -5,6 +5,7 @@ go 1.19
|
|||||||
require (
|
require (
|
||||||
github.com/containrrr/shoutrrr v0.6.1
|
github.com/containrrr/shoutrrr v0.6.1
|
||||||
github.com/gofiber/fiber/v2 v2.41.0
|
github.com/gofiber/fiber/v2 v2.41.0
|
||||||
|
github.com/kataras/hcaptcha v0.0.2
|
||||||
github.com/sirupsen/logrus v1.9.0
|
github.com/sirupsen/logrus v1.9.0
|
||||||
github.com/spf13/viper v1.6.3
|
github.com/spf13/viper v1.6.3
|
||||||
)
|
)
|
||||||
|
2
go.sum
2
go.sum
@ -74,6 +74,8 @@ github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/u
|
|||||||
github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
|
github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
|
||||||
github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
|
github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
|
||||||
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
|
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
|
||||||
|
github.com/kataras/hcaptcha v0.0.2 h1:8gPteB5vPD1WvsKv4OcYF+EfntCY7cm7s1b8bB9ai7Y=
|
||||||
|
github.com/kataras/hcaptcha v0.0.2/go.mod h1:Ce7mO5B8q8RKyWWWJt2fczJ3O1vTlX+mZ2DZZOMnfSw=
|
||||||
github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
|
github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
|
||||||
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
|
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
|
||||||
github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQanqjSY=
|
github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQanqjSY=
|
||||||
|
154
pages/signup.go
154
pages/signup.go
@ -1,15 +1,21 @@
|
|||||||
package pages
|
package pages
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
"io/ioutil"
|
||||||
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
"os"
|
||||||
|
"strings"
|
||||||
|
|
||||||
"github.com/ProjectSegfault/publapi/utils"
|
"github.com/ProjectSegfault/publapi/utils"
|
||||||
"github.com/containrrr/shoutrrr"
|
"github.com/containrrr/shoutrrr"
|
||||||
"github.com/gofiber/fiber/v2"
|
"github.com/gofiber/fiber/v2"
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
"os"
|
|
||||||
"strings"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// SignupPage is the signup page handler
|
// SignupPage is the signup page handler
|
||||||
|
|
||||||
func SignupPage(c *fiber.Ctx) error {
|
func SignupPage(c *fiber.Ctx) error {
|
||||||
SignupIP, SignupIPExists := os.LookupEnv("PUBLAPI_SIGNUP_IP")
|
SignupIP, SignupIPExists := os.LookupEnv("PUBLAPI_SIGNUP_IP")
|
||||||
if SignupIPExists == true {
|
if SignupIPExists == true {
|
||||||
@ -22,55 +28,123 @@ func SignupPage(c *fiber.Ctx) error {
|
|||||||
email := c.FormValue("email")
|
email := c.FormValue("email")
|
||||||
ssh := c.FormValue("ssh")
|
ssh := c.FormValue("ssh")
|
||||||
ip := c.FormValue("ip")
|
ip := c.FormValue("ip")
|
||||||
|
captchaResp := c.FormValue("h-captcha-response")
|
||||||
|
|
||||||
|
if captchaResp == "" {
|
||||||
|
log.Error("Nice try, but the registration won't work unless you answer the captcha.")
|
||||||
|
return c.SendStatus(fiber.StatusBadRequest)
|
||||||
|
}
|
||||||
|
|
||||||
if username == "" || email == "" || ssh == "" || ip == "" {
|
if username == "" || email == "" || ssh == "" || ip == "" {
|
||||||
log.Error("username, email, ssh and ip must be filled", username, email, ssh, ip)
|
log.Error("username, email, ssh and ip must be filled", username, email, ssh, ip)
|
||||||
return c.SendStatus(fiber.StatusBadRequest)
|
return c.SendStatus(fiber.StatusBadRequest)
|
||||||
}
|
}
|
||||||
raid, ok := os.LookupEnv("PUBLAPI_RAID_MODE")
|
raid, ok := os.LookupEnv("PUBLAPI_RAID_MODE")
|
||||||
if !ok || raid == "1" {
|
if !ok || raid == "1" {
|
||||||
log.Error("PUBLAPI_RAID_MODE is on accepting every request as OK and not doing anything...\n User info: ", username, email, ip)
|
log.Warn(
|
||||||
|
"PUBLAPI_RAID_MODE is on, accepting every request as OK and not doing anything...\n User info: ",
|
||||||
|
username,
|
||||||
|
" ",
|
||||||
|
email,
|
||||||
|
" ",
|
||||||
|
ip,
|
||||||
|
" ",
|
||||||
|
)
|
||||||
return c.SendStatus(fiber.StatusOK)
|
return c.SendStatus(fiber.StatusOK)
|
||||||
}
|
}
|
||||||
|
|
||||||
// create user file
|
// Check the captcha validation.
|
||||||
f, err := os.Create("/var/publapi/users/" + username + ".sh")
|
|
||||||
|
captchaSecret, ok := os.LookupEnv("PUBLAPI_CAPTCHA_SECRET")
|
||||||
|
|
||||||
|
params := url.Values{}
|
||||||
|
params.Add("response", captchaResp)
|
||||||
|
params.Add("secret", captchaSecret)
|
||||||
|
body := strings.NewReader(params.Encode())
|
||||||
|
|
||||||
|
req, err := http.NewRequest("POST", "https://hcaptcha.com/siteverify", body)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error("Error creating user file", err)
|
// handle err
|
||||||
return c.SendStatus(fiber.StatusInternalServerError)
|
|
||||||
}
|
|
||||||
defer f.Close()
|
|
||||||
chmoderr := os.Chmod("/var/publapi/users/"+username+".sh", 0700)
|
|
||||||
if chmoderr != nil {
|
|
||||||
log.Error(err)
|
|
||||||
}
|
|
||||||
Bashscript := strings.ReplaceAll(utils.Bashscript, "{{sshkey}}", ssh)
|
|
||||||
Bashscript = strings.ReplaceAll(Bashscript, "{{email}}", email)
|
|
||||||
Bashscript = strings.ReplaceAll(Bashscript, "{{username}}", username)
|
|
||||||
// write to file
|
|
||||||
_, err = f.WriteString(Bashscript)
|
|
||||||
if err != nil {
|
|
||||||
log.Error("Error writing to user file", err)
|
|
||||||
return c.SendStatus(fiber.StatusInternalServerError)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Info("Registration request for " + username + " has been submitted by the frontend and has been written to /var/publapi/users/" + username + ".sh")
|
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||||
// send notification to user that their reg request was sent
|
|
||||||
err = shoutrrr.Send(os.Getenv("PUBLAPI_EMAIL_SHOUTRRRURL")+email, "Hello "+username+",\nYour registration request has been sent.\nIt will take a maximum of 48 hours for the request to be processed.\nThank you for being part of the Project Segfault Pubnix.")
|
|
||||||
if err != nil {
|
|
||||||
log.Error("Error sending email to user", err)
|
|
||||||
return c.SendStatus(fiber.StatusInternalServerError)
|
|
||||||
}
|
|
||||||
// send notification to admins
|
|
||||||
shoutrrrUrl := os.Getenv("PUBLAPI_NOTIFY_SHOUTRRRURL") + os.Getenv("PUBLAPI_NOTIFY_ROOMS")
|
|
||||||
err = shoutrrr.Send(shoutrrrUrl, "New user signup! Please review /var/publapi/users/"+username+".sh to approve or deny the user. IP: "+ip+" Email: "+email)
|
|
||||||
if err != nil {
|
|
||||||
log.Error("Error sending notification to admins", err)
|
|
||||||
return c.SendStatus(fiber.StatusInternalServerError)
|
|
||||||
}
|
|
||||||
return c.JSON(fiber.Map{
|
|
||||||
"username": username,
|
|
||||||
"message": "User created! Please allow us 24 hours or more to review your account.",
|
|
||||||
"status": c.Response().StatusCode(),
|
|
||||||
})
|
|
||||||
|
|
||||||
|
resp, err := http.DefaultClient.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
log.Error("Something went wrong fetching the HCatpcha API: ", err)
|
||||||
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
|
|
||||||
|
bod, err := ioutil.ReadAll(resp.Body)
|
||||||
|
if err != nil {
|
||||||
|
log.Error("Error reading captcha response body", err)
|
||||||
|
}
|
||||||
|
sb := string(bod)
|
||||||
|
log.Info("Captcha response: ", sb)
|
||||||
|
|
||||||
|
type CaptchaResponse struct {
|
||||||
|
Success bool `json:"success"`
|
||||||
|
}
|
||||||
|
var captchaResponse CaptchaResponse
|
||||||
|
err = json.Unmarshal([]byte(sb), &captchaResponse)
|
||||||
|
if err != nil {
|
||||||
|
log.Error("Error unmarshalling captcha response", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if captchaResponse.Success == false {
|
||||||
|
log.Error("Captcha validation failed")
|
||||||
|
return c.SendStatus(fiber.StatusBadRequest)
|
||||||
|
} else {
|
||||||
|
|
||||||
|
// create user file
|
||||||
|
|
||||||
|
f, err := os.Create("/var/publapi/users/" + username + ".sh")
|
||||||
|
if err != nil {
|
||||||
|
log.Error("Error creating user file", err)
|
||||||
|
return c.SendStatus(fiber.StatusInternalServerError)
|
||||||
|
}
|
||||||
|
defer f.Close()
|
||||||
|
chmoderr := os.Chmod("/var/publapi/users/"+username+".sh", 0700)
|
||||||
|
if chmoderr != nil {
|
||||||
|
log.Error(err)
|
||||||
|
}
|
||||||
|
Bashscript := strings.ReplaceAll(utils.Bashscript, "{{sshkey}}", ssh)
|
||||||
|
Bashscript = strings.ReplaceAll(Bashscript, "{{email}}", email)
|
||||||
|
Bashscript = strings.ReplaceAll(Bashscript, "{{username}}", username)
|
||||||
|
// write to file
|
||||||
|
_, err = f.WriteString(Bashscript)
|
||||||
|
if err != nil {
|
||||||
|
log.Error("Error writing to user file", err)
|
||||||
|
return c.SendStatus(fiber.StatusInternalServerError)
|
||||||
|
}
|
||||||
|
|
||||||
|
log.Info(
|
||||||
|
"Registration request for " + username + " has been submitted by the frontend and has been written to /var/publapi/users/" + username + ".sh",
|
||||||
|
)
|
||||||
|
|
||||||
|
// send notification to user that their reg request was sent
|
||||||
|
|
||||||
|
// err = shoutrrr.Send(os.Getenv("PUBLAPI_EMAIL_SHOUTRRRURL")+email, "Hello "+username+",\nYour registration request has been sent.\nIt will take a maximum of 48 hours for the request to be processed.\nThank you for being part of the Project Segfault Pubnix.")
|
||||||
|
// if err != nil {
|
||||||
|
// log.Error("Error sending email to user", err)
|
||||||
|
// return c.SendStatus(fiber.StatusInternalServerError)
|
||||||
|
// }
|
||||||
|
|
||||||
|
// send notification to admins
|
||||||
|
|
||||||
|
shoutrrrUrl := os.Getenv("PUBLAPI_NOTIFY_SHOUTRRRURL") + os.Getenv("PUBLAPI_NOTIFY_ROOMS")
|
||||||
|
err = shoutrrr.Send(
|
||||||
|
shoutrrrUrl,
|
||||||
|
"New user signup! Please review /var/publapi/users/"+username+".sh to approve or deny the user. IP: "+ip+" Email: "+email,
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
log.Error("Error sending notification to admins", err)
|
||||||
|
return c.SendStatus(fiber.StatusInternalServerError)
|
||||||
|
}
|
||||||
|
return c.JSON(fiber.Map{
|
||||||
|
"username": username,
|
||||||
|
"message": "User created! Please allow us 24 hours or more to review your account.",
|
||||||
|
"status": c.Response().StatusCode(),
|
||||||
|
})
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,16 +1,19 @@
|
|||||||
package pages
|
package pages
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"github.com/ProjectSegfault/publapi/utils"
|
|
||||||
"github.com/gofiber/fiber/v2"
|
|
||||||
log "github.com/sirupsen/logrus"
|
|
||||||
"github.com/spf13/viper"
|
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"regexp"
|
"regexp"
|
||||||
"runtime"
|
"runtime"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/ProjectSegfault/publapi/utils"
|
||||||
|
"github.com/gofiber/fiber/v2"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
"github.com/spf13/viper"
|
||||||
|
|
||||||
|
"github.com/kataras/hcaptcha"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Userstruct struct {
|
type Userstruct struct {
|
||||||
@ -35,6 +38,14 @@ type Userinfo struct {
|
|||||||
Loc string `json:"loc"`
|
Loc string `json:"loc"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Hcaptcha setup
|
||||||
|
|
||||||
|
var (
|
||||||
|
secretKey string = os.Getenv("PUBLAPI_HCAPTCHA_SECRET")
|
||||||
|
siteKey string = os.Getenv("PUBLAPI_HCAPTCHA_SITE")
|
||||||
|
client = hcaptcha.New(secretKey)
|
||||||
|
)
|
||||||
|
|
||||||
func userdata(username, usersonline, ops string) Userinfo {
|
func userdata(username, usersonline, ops string) Userinfo {
|
||||||
regex := "(^| )" + username + "($| )"
|
regex := "(^| )" + username + "($| )"
|
||||||
isonline, err := regexp.MatchString(string(regex), string(usersonline))
|
isonline, err := regexp.MatchString(string(regex), string(usersonline))
|
||||||
@ -144,7 +155,14 @@ func UsersPage(c *fiber.Ctx) error {
|
|||||||
var userinfostruct []Userinfo
|
var userinfostruct []Userinfo
|
||||||
for i := 0; i < len(usersarr); i++ {
|
for i := 0; i < len(usersarr); i++ {
|
||||||
uname := string(usersarr[i])
|
uname := string(usersarr[i])
|
||||||
userinfostruct = append(userinfostruct, userdata(uname, strings.TrimSuffix(usersonlinededup, "\n"), strings.TrimSuffix(opstr, "\n")))
|
userinfostruct = append(
|
||||||
|
userinfostruct,
|
||||||
|
userdata(
|
||||||
|
uname,
|
||||||
|
strings.TrimSuffix(usersonlinededup, "\n"),
|
||||||
|
strings.TrimSuffix(opstr, "\n"),
|
||||||
|
),
|
||||||
|
)
|
||||||
}
|
}
|
||||||
data := Userstruct{
|
data := Userstruct{
|
||||||
Status: c.Response().StatusCode(),
|
Status: c.Response().StatusCode(),
|
||||||
|
Loading…
Reference in New Issue
Block a user