[feat] nodejs hosting password

2023-05-28 01:33:05 +09:00
parent f0dc33d0d0
commit 74f7625516
3 changed files with 133 additions and 6 deletions
--- a/server/node/server.cjs
+++ b/server/node/server.cjs
@@ -2,18 +2,26 @@ const express = require('express');
 const app = express();
 const path = require('path');
 const htmlparser = require('node-html-parser');
-const { existsSync, mkdirSync } = require('fs');
+const { existsSync, mkdirSync, readFileSync, writeFileSync } = require('fs');
 const bodyParser = require('body-parser');
 const fs = require('fs/promises')

 app.use(express.static(path.join(process.cwd(), 'dist'), {index: false}));
 app.use(bodyParser.json({ limit: 100000000 }));

+
+let password = ''
+
 const savePath = path.join(process.cwd(), "save")
 if(!existsSync(savePath)){
    mkdirSync(savePath)
 }

+const passwordPath = path.join(process.cwd(), 'save', '__password')
+if(existsSync(passwordPath)){
+    password = readFileSync(passwordPath, 'utf-8')
+}
+
 app.get('/', async (req, res, next) => {
    console.log("connected")
    try {
@@ -62,9 +70,38 @@ app.post('/proxy', async (req, res, next) => {
    res.send(originalBody);
 });

+app.get('/api/password', async(req, res)=> {
+    if(password === ''){
+        res.send({status: 'unset'})
+    }
+    else if(req.headers['risu-auth']  === password){
+        res.send({status:'correct'})
+    }
+    else{
+        res.send({status:'incorrect'})
+    }
+})
+
+
+app.post('/api/set_password', async (req, res) => {
+    if(password === ''){
+        password = req.body.password
+        writeFileSync(passwordPath, password, 'utf-8')
+    }
+    res.status(400).send("already set")
+})
+
 app.get('/api/read', async (req, res, next) => {
+    if(req.headers['risu-auth'].trim() !== password.trim()){
+        console.log('incorrect')
+        res.status(400).send({
+            error:'Password Incorrect'
+        });
+        return
+    }
    const filePath = req.headers['file-path'];
    if (!filePath) {
+        console.log('no path')
        res.status(400).send({
            error:'File path required'
        });
@@ -91,6 +128,13 @@ app.get('/api/read', async (req, res, next) => {
 });

 app.get('/api/remove', async (req, res, next) => {
+    if(req.headers['risu-auth'].trim() !== password.trim()){
+        console.log('incorrect')
+        res.status(400).send({
+            error:'Password Incorrect'
+        });
+        return
+    }
    const filePath = req.headers['file-path'];
    if (!filePath) {
        res.status(400).send({
@@ -110,6 +154,13 @@ app.get('/api/remove', async (req, res, next) => {
 });

 app.get('/api/list', async (req, res, next) => {
+    if(req.headers['risu-auth'].trim() !== password.trim()){
+        console.log('incorrect')
+        res.status(400).send({
+            error:'Password Incorrect'
+        });
+        return
+    }
    try {
        const data = (await fs.readdir(path.join(savePath))).map((v) => {
            return Buffer.from(v, 'hex').toString('utf-8')
@@ -124,6 +175,13 @@ app.get('/api/list', async (req, res, next) => {
 });

 app.post('/api/write', async (req, res, next) => {
+    if(req.headers['risu-auth'].trim() !== password.trim()){
+        console.log('incorrect')
+        res.status(400).send({
+            error:'Password Incorrect'
+        });
+        return
+    }
    const filePath = req.headers['file-path'];
    const fileContent = Buffer.from(req.body.content, 'base64');
    if (!filePath || !fileContent) {
--- a/src/lang/en.ts
+++ b/src/lang/en.ts
@@ -280,5 +280,7 @@ export const languageEnglish = {
    globalRegexScript: "Global Regex",
    accessibility: "Accessibility",
    sendWithEnter: "Send with Enter Key",
-    clickToEdit: "Click Text to Edit"
+    clickToEdit: "Click Text to Edit",
+    setNodePassword: "Set your password to security",
+    inputNodePassword: "Input your password. if you can't remember, remove save/__password.txt in your server files and restart the server."
 }
--- a/src/ts/storage/nodeStorage.ts
+++ b/src/ts/storage/nodeStorage.ts
@@ -1,6 +1,12 @@
+import { language } from "src/lang"
+import { alertInput } from "../alert"
+
+let auth:string = null
+let authChecked = false

 export class NodeStorage{
    async setItem(key:string, value:Uint8Array) {
+        await this.checkAuth()
        const da = await fetch('/api/write', {
            method: "POST",
            body: JSON.stringify({
@@ -8,7 +14,8 @@ export class NodeStorage{
            }),
            headers: {
                'content-type': 'application/json',
-                'file-path': Buffer.from(key, 'utf-8').toString('hex')
+                'file-path': Buffer.from(key, 'utf-8').toString('hex'),
+                'risu-auth': auth
            }
        })
        if(da.status < 200 || da.status >= 300){
@@ -21,10 +28,12 @@ export class NodeStorage{

    }
    async getItem(key:string):Promise<Buffer> {
+        await this.checkAuth()
        const da = await fetch('/api/read', {
            method: "GET",
            headers: {
-                'file-path': Buffer.from(key, 'utf-8').toString('hex')
+                'file-path': Buffer.from(key, 'utf-8').toString('hex'),
+                'risu-auth': auth
            }
        })
        const data = await da.json()
@@ -40,8 +49,12 @@ export class NodeStorage{
        return Buffer.from(data.content, 'base64')
    }
    async keys():Promise<string[]>{
+        await this.checkAuth()
        const da = await fetch('/api/list', {
            method: "GET",
+            headers:{
+                'risu-auth': auth
+            }
        })
        const data = await da.json()
        if(da.status < 200 || da.status >= 300){
@@ -53,10 +66,12 @@ export class NodeStorage{
        return data.content
    }
    async removeItem(key:string){
+        await this.checkAuth()
        const da = await fetch('/api/list', {
            method: "GET",
            headers: {
-                'file-path': Buffer.from(key, 'utf-8').toString('hex')
+                'file-path': Buffer.from(key, 'utf-8').toString('hex'),
+                'risu-auth': auth
            }
        })
        if(da.status < 200 || da.status >= 300){
@@ -68,6 +83,58 @@ export class NodeStorage{
        }
    }

+    private async checkAuth(){
+        if(!auth){
+            auth = localStorage.getItem('risuauth')
+        }
+
+        if(!authChecked){
+            const data = await (await fetch('/api/password',{
+                headers: {
+                    'risu-auth': auth ?? ''
+                }
+            })).json()
+
+            if(data.status === 'unset'){
+                const input = await digestPassword(await alertInput(language.setNodePassword))
+                await fetch('/api/set_password',{
+                    method: "POST",
+                    body:JSON.stringify({
+                        password: input 
+                    }),
+                    headers: {
+                        'content-type': 'application/json'
+                    }
+                })
+                auth = input
+                localStorage.setItem('risuauth', auth)
+            }
+            else if(data.status === 'incorrect'){
+                while(true){
+                    const input = await digestPassword(await alertInput(language.inputNodePassword))
+                    const data = await (await fetch('/api/password',{
+                        headers: {
+                            'risu-auth': input ?? ''
+                        }
+                    })).json()
+                    if(data.status !== 'unset'){
+                        auth = input
+                        localStorage.setItem('risuauth', auth)
+                        await this.checkAuth()
+                        break
+                    }
+                }
+            }
+        }
+    }
+

    listItem = this.keys
-}
+}
+
+async function digestPassword(message:string) {
+    const encoder = new TextEncoder();
+    const data = encoder.encode(message);
+    const hash = Buffer.from(await crypto.subtle.digest("SHA-256", data)).toString('hex');
+    return hash;
+  }