publapi/pages/signup.go

package pages

import (
	"encoding/json"
	"io"
	"net/http"
	"net/url"
	"os"
	"strings"

	log "log/slog"

	"github.com/ProjectSegfault/publapi/utils"
	"github.com/containrrr/shoutrrr"
	"github.com/gofiber/fiber/v2"
)

type formValues struct {
	Username        string
	Email           string
	SshPublicKey    string
	IPAddress       string
	CaptchaResponse string
}

type CaptchaResponse struct {
	Success bool `json:"success"`
}

func CaptchaCheck(response string, secret string) bool {
	// Check the captcha validation.
	params := url.Values{}
	params.Add("response", response)
	params.Add("secret", secret)
	body := strings.NewReader(params.Encode())

	req, err := http.NewRequest("POST", "https://hcaptcha.com/siteverify", body)
	if err != nil {
		log.Error("couldn't make request to hCaptcha verification API", log.Any("err", err))
		return false
	}

	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")

	resp, err := http.DefaultClient.Do(req)
	if err != nil {
		log.Error("couldn't do request to hCaptcha verification API", log.Any("err", err))
		return false
	}
	defer resp.Body.Close()

	bod, err := io.ReadAll(resp.Body)
	if err != nil {
		log.Error("couldn't read response body", log.Any("err", err))
		return false
	}
	sb := string(bod)

	captchaResponse := CaptchaResponse{}
	err = json.Unmarshal([]byte(sb), &captchaResponse)
	if err != nil {
		log.Error("couldn't unmarshal hCaptcha response into a CaptchaResponse struct", log.Any("err", err))
	}

	return captchaResponse.Success
}

// SignupPage is the signup page handler
func SignupPage(c *fiber.Ctx) error {
	SignupIP, SignupIPExists := os.LookupEnv("PUBLAPI_SIGNUP_IP")
	if SignupIPExists {
		if c.IP() != SignupIP {
			log.Info("Request made from invalid IP: ", c.IP())
			return c.SendStatus(fiber.StatusForbidden)
		}
	}

	formValues := formValues{
		Username:        c.FormValue("username"),
		Email:           c.FormValue("email"),
		SshPublicKey:    c.FormValue("ssh"),
		IPAddress:       c.FormValue("ip"),
		CaptchaResponse: c.FormValue("h-captcha-response"),
	}

	if formValues.CaptchaResponse == "" {
		return c.SendStatus(fiber.StatusBadRequest)
	}

	if formValues.Username == "" || formValues.Email == "" || formValues.SshPublicKey == "" || formValues.IPAddress == "" {
		log.Error("username, email, ssh and ip must be filled", formValues.Username, formValues.Email, formValues.SshPublicKey, formValues.IPAddress)
		return c.SendStatus(fiber.StatusBadRequest)
	}
	raid, ok := os.LookupEnv("PUBLAPI_RAID_MODE")
	if !ok || raid == "1" {
		log.Warn(
			"PUBLAPI_RAID_MODE is on, accepting every request as OK and not doing anything...\n User info: ",
			formValues.Username,
			" ",
			formValues.Email,
			" ",
			formValues.IPAddress,
			" ",
		)
		return c.SendStatus(fiber.StatusOK)
	}

	// get captcha secret
	captchaSecret, _ := os.LookupEnv("PUBLAPI_CAPTCHA_SECRET")

	if !CaptchaCheck(formValues.CaptchaResponse, captchaSecret) {
		log.Error("Captcha validation failed")
		return c.JSON(fiber.Map{
			"username": formValues.Username,
			"message":  "Sorry, but the captcha validation failed. Please try again.",
			"status":   c.Response().StatusCode(),
		})
	} else {
		// Check if user already exists
		// We'll check the home folder and see if the username folder exists.
		_, err := os.Stat("/home/" + formValues.Username)
		if err == nil {
			log.Error("User already exists : ", formValues.Username)
			return c.JSON(fiber.Map{
				"username": formValues.Username,
				"message":  "User already exists. Please choose a different username.",
				"status":   c.Response().StatusCode(),
			})
		}

		// create user file

		f, err := os.Create("/var/publapi/users/" + formValues.Username + ".sh")
		if err != nil {
			log.Error("Error creating user file", err)
			return c.SendStatus(fiber.StatusInternalServerError)
		}
		defer f.Close()
		chmoderr := os.Chmod("/var/publapi/users/"+formValues.Username+".sh", 0700)
		if chmoderr != nil {
			UserError("couldn't chmod users script with permissions 0700", formValues.Username, chmoderr)
		}
		bashScript := strings.ReplaceAll(utils.BashScript, "{{sshkey}}", formValues.SshPublicKey)
		bashScript = strings.ReplaceAll(bashScript, "{{email}}", formValues.Email)
		bashScript = strings.ReplaceAll(bashScript, "{{username}}", formValues.Username)
		// write to file
		_, err = f.WriteString(bashScript)
		if err != nil {
			log.Error("Error writing to user file", err)
			return c.SendStatus(fiber.StatusInternalServerError)
		}

		log.Info(
			"Registration request for " + formValues.Username + " has been submitted by the frontend and has been written to /var/publapi/users/" + formValues.Username + ".sh",
		)

		// send notification to user that their reg request was sent

		// err = shoutrrr.Send(os.Getenv("PUBLAPI_EMAIL_SHOUTRRRURL")+email, "Hello "+username+",\nYour registration request has been sent.\nIt will take a maximum of 48 hours for the request to be processed.\nThank you for being part of the Project Segfault Pubnix.")
		// if err != nil {
		// 	log.Error("Error sending email to user", err)
		// 	return c.SendStatus(fiber.StatusInternalServerError)
		// }

		// send notification to admins

		shoutrrrUrl := os.Getenv("PUBLAPI_NOTIFY_SHOUTRRRURL") + os.Getenv("PUBLAPI_NOTIFY_ROOMS")
		err = shoutrrr.Send(
			shoutrrrUrl,
			"New user signup! Please review /var/publapi/users/"+formValues.Username+".sh to approve or deny the user. IP: "+formValues.IPAddress+" Email: "+formValues.Email,
		)
		if err != nil {
			log.Error("error sending notification to admins", log.Any("err", err))
			//return c.SendStatus(fiber.StatusInternalServerError)
		}
		return c.JSON(fiber.Map{
			"username": formValues.Username,
			"message":  "User created! Please allow us 24 hours or more to review your account.",
			"status":   c.Response().StatusCode(),
		})
	}
}