Require a captcha on the backend

This commit is contained in:
Midou 2023-07-10 22:23:29 +01:00
parent 1025d8a50b
commit c8ca445bb7
Signed by untrusted user: midou
GPG Key ID: 1D134A95FE521A7A
4 changed files with 140 additions and 45 deletions

1
go.mod
View File

@ -5,6 +5,7 @@ go 1.19
require ( require (
github.com/containrrr/shoutrrr v0.6.1 github.com/containrrr/shoutrrr v0.6.1
github.com/gofiber/fiber/v2 v2.41.0 github.com/gofiber/fiber/v2 v2.41.0
github.com/kataras/hcaptcha v0.0.2
github.com/sirupsen/logrus v1.9.0 github.com/sirupsen/logrus v1.9.0
github.com/spf13/viper v1.6.3 github.com/spf13/viper v1.6.3
) )

2
go.sum
View File

@ -74,6 +74,8 @@ github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/u
github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
github.com/kataras/hcaptcha v0.0.2 h1:8gPteB5vPD1WvsKv4OcYF+EfntCY7cm7s1b8bB9ai7Y=
github.com/kataras/hcaptcha v0.0.2/go.mod h1:Ce7mO5B8q8RKyWWWJt2fczJ3O1vTlX+mZ2DZZOMnfSw=
github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQanqjSY= github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQanqjSY=

View File

@ -1,15 +1,21 @@
package pages package pages
import ( import (
"encoding/json"
"io/ioutil"
"net/http"
"net/url"
"os"
"strings"
"github.com/ProjectSegfault/publapi/utils" "github.com/ProjectSegfault/publapi/utils"
"github.com/containrrr/shoutrrr" "github.com/containrrr/shoutrrr"
"github.com/gofiber/fiber/v2" "github.com/gofiber/fiber/v2"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
"os"
"strings"
) )
// SignupPage is the signup page handler // SignupPage is the signup page handler
func SignupPage(c *fiber.Ctx) error { func SignupPage(c *fiber.Ctx) error {
SignupIP, SignupIPExists := os.LookupEnv("PUBLAPI_SIGNUP_IP") SignupIP, SignupIPExists := os.LookupEnv("PUBLAPI_SIGNUP_IP")
if SignupIPExists == true { if SignupIPExists == true {
@ -22,55 +28,123 @@ func SignupPage(c *fiber.Ctx) error {
email := c.FormValue("email") email := c.FormValue("email")
ssh := c.FormValue("ssh") ssh := c.FormValue("ssh")
ip := c.FormValue("ip") ip := c.FormValue("ip")
captchaResp := c.FormValue("h-captcha-response")
if captchaResp == "" {
log.Error("Nice try, but the registration won't work unless you answer the captcha.")
return c.SendStatus(fiber.StatusBadRequest)
}
if username == "" || email == "" || ssh == "" || ip == "" { if username == "" || email == "" || ssh == "" || ip == "" {
log.Error("username, email, ssh and ip must be filled", username, email, ssh, ip) log.Error("username, email, ssh and ip must be filled", username, email, ssh, ip)
return c.SendStatus(fiber.StatusBadRequest) return c.SendStatus(fiber.StatusBadRequest)
} }
raid, ok := os.LookupEnv("PUBLAPI_RAID_MODE") raid, ok := os.LookupEnv("PUBLAPI_RAID_MODE")
if !ok || raid == "1" { if !ok || raid == "1" {
log.Error("PUBLAPI_RAID_MODE is on accepting every request as OK and not doing anything...\n User info: ", username, email, ip) log.Warn(
"PUBLAPI_RAID_MODE is on, accepting every request as OK and not doing anything...\n User info: ",
username,
" ",
email,
" ",
ip,
" ",
)
return c.SendStatus(fiber.StatusOK) return c.SendStatus(fiber.StatusOK)
} }
// create user file // Check the captcha validation.
f, err := os.Create("/var/publapi/users/" + username + ".sh")
captchaSecret, ok := os.LookupEnv("PUBLAPI_CAPTCHA_SECRET")
params := url.Values{}
params.Add("response", captchaResp)
params.Add("secret", captchaSecret)
body := strings.NewReader(params.Encode())
req, err := http.NewRequest("POST", "https://hcaptcha.com/siteverify", body)
if err != nil { if err != nil {
log.Error("Error creating user file", err) // handle err
return c.SendStatus(fiber.StatusInternalServerError)
}
defer f.Close()
chmoderr := os.Chmod("/var/publapi/users/"+username+".sh", 0700)
if chmoderr != nil {
log.Error(err)
}
Bashscript := strings.ReplaceAll(utils.Bashscript, "{{sshkey}}", ssh)
Bashscript = strings.ReplaceAll(Bashscript, "{{email}}", email)
Bashscript = strings.ReplaceAll(Bashscript, "{{username}}", username)
// write to file
_, err = f.WriteString(Bashscript)
if err != nil {
log.Error("Error writing to user file", err)
return c.SendStatus(fiber.StatusInternalServerError)
} }
log.Info("Registration request for " + username + " has been submitted by the frontend and has been written to /var/publapi/users/" + username + ".sh") req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
// send notification to user that their reg request was sent
err = shoutrrr.Send(os.Getenv("PUBLAPI_EMAIL_SHOUTRRRURL")+email, "Hello "+username+",\nYour registration request has been sent.\nIt will take a maximum of 48 hours for the request to be processed.\nThank you for being part of the Project Segfault Pubnix.")
if err != nil {
log.Error("Error sending email to user", err)
return c.SendStatus(fiber.StatusInternalServerError)
}
// send notification to admins
shoutrrrUrl := os.Getenv("PUBLAPI_NOTIFY_SHOUTRRRURL") + os.Getenv("PUBLAPI_NOTIFY_ROOMS")
err = shoutrrr.Send(shoutrrrUrl, "New user signup! Please review /var/publapi/users/"+username+".sh to approve or deny the user. IP: "+ip+" Email: "+email)
if err != nil {
log.Error("Error sending notification to admins", err)
return c.SendStatus(fiber.StatusInternalServerError)
}
return c.JSON(fiber.Map{
"username": username,
"message": "User created! Please allow us 24 hours or more to review your account.",
"status": c.Response().StatusCode(),
})
resp, err := http.DefaultClient.Do(req)
if err != nil {
log.Error("Something went wrong fetching the HCatpcha API: ", err)
}
defer resp.Body.Close()
bod, err := ioutil.ReadAll(resp.Body)
if err != nil {
log.Error("Error reading captcha response body", err)
}
sb := string(bod)
log.Info("Captcha response: ", sb)
type CaptchaResponse struct {
Success bool `json:"success"`
}
var captchaResponse CaptchaResponse
err = json.Unmarshal([]byte(sb), &captchaResponse)
if err != nil {
log.Error("Error unmarshalling captcha response", err)
}
if captchaResponse.Success == false {
log.Error("Captcha validation failed")
return c.SendStatus(fiber.StatusBadRequest)
} else {
// create user file
f, err := os.Create("/var/publapi/users/" + username + ".sh")
if err != nil {
log.Error("Error creating user file", err)
return c.SendStatus(fiber.StatusInternalServerError)
}
defer f.Close()
chmoderr := os.Chmod("/var/publapi/users/"+username+".sh", 0700)
if chmoderr != nil {
log.Error(err)
}
Bashscript := strings.ReplaceAll(utils.Bashscript, "{{sshkey}}", ssh)
Bashscript = strings.ReplaceAll(Bashscript, "{{email}}", email)
Bashscript = strings.ReplaceAll(Bashscript, "{{username}}", username)
// write to file
_, err = f.WriteString(Bashscript)
if err != nil {
log.Error("Error writing to user file", err)
return c.SendStatus(fiber.StatusInternalServerError)
}
log.Info(
"Registration request for " + username + " has been submitted by the frontend and has been written to /var/publapi/users/" + username + ".sh",
)
// send notification to user that their reg request was sent
// err = shoutrrr.Send(os.Getenv("PUBLAPI_EMAIL_SHOUTRRRURL")+email, "Hello "+username+",\nYour registration request has been sent.\nIt will take a maximum of 48 hours for the request to be processed.\nThank you for being part of the Project Segfault Pubnix.")
// if err != nil {
// log.Error("Error sending email to user", err)
// return c.SendStatus(fiber.StatusInternalServerError)
// }
// send notification to admins
shoutrrrUrl := os.Getenv("PUBLAPI_NOTIFY_SHOUTRRRURL") + os.Getenv("PUBLAPI_NOTIFY_ROOMS")
err = shoutrrr.Send(
shoutrrrUrl,
"New user signup! Please review /var/publapi/users/"+username+".sh to approve or deny the user. IP: "+ip+" Email: "+email,
)
if err != nil {
log.Error("Error sending notification to admins", err)
return c.SendStatus(fiber.StatusInternalServerError)
}
return c.JSON(fiber.Map{
"username": username,
"message": "User created! Please allow us 24 hours or more to review your account.",
"status": c.Response().StatusCode(),
})
}
} }

View File

@ -1,16 +1,19 @@
package pages package pages
import ( import (
"github.com/ProjectSegfault/publapi/utils"
"github.com/gofiber/fiber/v2"
log "github.com/sirupsen/logrus"
"github.com/spf13/viper"
"os" "os"
"os/exec" "os/exec"
"regexp" "regexp"
"runtime" "runtime"
"strconv" "strconv"
"strings" "strings"
"github.com/ProjectSegfault/publapi/utils"
"github.com/gofiber/fiber/v2"
log "github.com/sirupsen/logrus"
"github.com/spf13/viper"
"github.com/kataras/hcaptcha"
) )
type Userstruct struct { type Userstruct struct {
@ -35,6 +38,14 @@ type Userinfo struct {
Loc string `json:"loc"` Loc string `json:"loc"`
} }
// Hcaptcha setup
var (
secretKey string = os.Getenv("PUBLAPI_HCAPTCHA_SECRET")
siteKey string = os.Getenv("PUBLAPI_HCAPTCHA_SITE")
client = hcaptcha.New(secretKey)
)
func userdata(username, usersonline, ops string) Userinfo { func userdata(username, usersonline, ops string) Userinfo {
regex := "(^| )" + username + "($| )" regex := "(^| )" + username + "($| )"
isonline, err := regexp.MatchString(string(regex), string(usersonline)) isonline, err := regexp.MatchString(string(regex), string(usersonline))
@ -144,7 +155,14 @@ func UsersPage(c *fiber.Ctx) error {
var userinfostruct []Userinfo var userinfostruct []Userinfo
for i := 0; i < len(usersarr); i++ { for i := 0; i < len(usersarr); i++ {
uname := string(usersarr[i]) uname := string(usersarr[i])
userinfostruct = append(userinfostruct, userdata(uname, strings.TrimSuffix(usersonlinededup, "\n"), strings.TrimSuffix(opstr, "\n"))) userinfostruct = append(
userinfostruct,
userdata(
uname,
strings.TrimSuffix(usersonlinededup, "\n"),
strings.TrimSuffix(opstr, "\n"),
),
)
} }
data := Userstruct{ data := Userstruct{
Status: c.Response().StatusCode(), Status: c.Response().StatusCode(),