From 74f7625516fa58a62a0d8009b179e7159f73d465 Mon Sep 17 00:00:00 2001 From: kwaroran Date: Sun, 28 May 2023 01:33:05 +0900 Subject: [PATCH] [feat] nodejs hosting password --- server/node/server.cjs | 60 +++++++++++++++++++++++++++- src/lang/en.ts | 4 +- src/ts/storage/nodeStorage.ts | 75 +++++++++++++++++++++++++++++++++-- 3 files changed, 133 insertions(+), 6 deletions(-) diff --git a/server/node/server.cjs b/server/node/server.cjs index fcb79b57..54807175 100644 --- a/server/node/server.cjs +++ b/server/node/server.cjs @@ -2,18 +2,26 @@ const express = require('express'); const app = express(); const path = require('path'); const htmlparser = require('node-html-parser'); -const { existsSync, mkdirSync } = require('fs'); +const { existsSync, mkdirSync, readFileSync, writeFileSync } = require('fs'); const bodyParser = require('body-parser'); const fs = require('fs/promises') app.use(express.static(path.join(process.cwd(), 'dist'), {index: false})); app.use(bodyParser.json({ limit: 100000000 })); + +let password = '' + const savePath = path.join(process.cwd(), "save") if(!existsSync(savePath)){ mkdirSync(savePath) } +const passwordPath = path.join(process.cwd(), 'save', '__password') +if(existsSync(passwordPath)){ + password = readFileSync(passwordPath, 'utf-8') +} + app.get('/', async (req, res, next) => { console.log("connected") try { @@ -62,9 +70,38 @@ app.post('/proxy', async (req, res, next) => { res.send(originalBody); }); +app.get('/api/password', async(req, res)=> { + if(password === ''){ + res.send({status: 'unset'}) + } + else if(req.headers['risu-auth'] === password){ + res.send({status:'correct'}) + } + else{ + res.send({status:'incorrect'}) + } +}) + + +app.post('/api/set_password', async (req, res) => { + if(password === ''){ + password = req.body.password + writeFileSync(passwordPath, password, 'utf-8') + } + res.status(400).send("already set") +}) + app.get('/api/read', async (req, res, next) => { + if(req.headers['risu-auth'].trim() !== password.trim()){ + console.log('incorrect') + res.status(400).send({ + error:'Password Incorrect' + }); + return + } const filePath = req.headers['file-path']; if (!filePath) { + console.log('no path') res.status(400).send({ error:'File path required' }); @@ -91,6 +128,13 @@ app.get('/api/read', async (req, res, next) => { }); app.get('/api/remove', async (req, res, next) => { + if(req.headers['risu-auth'].trim() !== password.trim()){ + console.log('incorrect') + res.status(400).send({ + error:'Password Incorrect' + }); + return + } const filePath = req.headers['file-path']; if (!filePath) { res.status(400).send({ @@ -110,6 +154,13 @@ app.get('/api/remove', async (req, res, next) => { }); app.get('/api/list', async (req, res, next) => { + if(req.headers['risu-auth'].trim() !== password.trim()){ + console.log('incorrect') + res.status(400).send({ + error:'Password Incorrect' + }); + return + } try { const data = (await fs.readdir(path.join(savePath))).map((v) => { return Buffer.from(v, 'hex').toString('utf-8') @@ -124,6 +175,13 @@ app.get('/api/list', async (req, res, next) => { }); app.post('/api/write', async (req, res, next) => { + if(req.headers['risu-auth'].trim() !== password.trim()){ + console.log('incorrect') + res.status(400).send({ + error:'Password Incorrect' + }); + return + } const filePath = req.headers['file-path']; const fileContent = Buffer.from(req.body.content, 'base64'); if (!filePath || !fileContent) { diff --git a/src/lang/en.ts b/src/lang/en.ts index e597ed3c..3768db19 100644 --- a/src/lang/en.ts +++ b/src/lang/en.ts @@ -280,5 +280,7 @@ export const languageEnglish = { globalRegexScript: "Global Regex", accessibility: "Accessibility", sendWithEnter: "Send with Enter Key", - clickToEdit: "Click Text to Edit" + clickToEdit: "Click Text to Edit", + setNodePassword: "Set your password to security", + inputNodePassword: "Input your password. if you can't remember, remove save/__password.txt in your server files and restart the server." } \ No newline at end of file diff --git a/src/ts/storage/nodeStorage.ts b/src/ts/storage/nodeStorage.ts index a4734014..8f458006 100644 --- a/src/ts/storage/nodeStorage.ts +++ b/src/ts/storage/nodeStorage.ts @@ -1,6 +1,12 @@ +import { language } from "src/lang" +import { alertInput } from "../alert" + +let auth:string = null +let authChecked = false export class NodeStorage{ async setItem(key:string, value:Uint8Array) { + await this.checkAuth() const da = await fetch('/api/write', { method: "POST", body: JSON.stringify({ @@ -8,7 +14,8 @@ export class NodeStorage{ }), headers: { 'content-type': 'application/json', - 'file-path': Buffer.from(key, 'utf-8').toString('hex') + 'file-path': Buffer.from(key, 'utf-8').toString('hex'), + 'risu-auth': auth } }) if(da.status < 200 || da.status >= 300){ @@ -21,10 +28,12 @@ export class NodeStorage{ } async getItem(key:string):Promise { + await this.checkAuth() const da = await fetch('/api/read', { method: "GET", headers: { - 'file-path': Buffer.from(key, 'utf-8').toString('hex') + 'file-path': Buffer.from(key, 'utf-8').toString('hex'), + 'risu-auth': auth } }) const data = await da.json() @@ -40,8 +49,12 @@ export class NodeStorage{ return Buffer.from(data.content, 'base64') } async keys():Promise{ + await this.checkAuth() const da = await fetch('/api/list', { method: "GET", + headers:{ + 'risu-auth': auth + } }) const data = await da.json() if(da.status < 200 || da.status >= 300){ @@ -53,10 +66,12 @@ export class NodeStorage{ return data.content } async removeItem(key:string){ + await this.checkAuth() const da = await fetch('/api/list', { method: "GET", headers: { - 'file-path': Buffer.from(key, 'utf-8').toString('hex') + 'file-path': Buffer.from(key, 'utf-8').toString('hex'), + 'risu-auth': auth } }) if(da.status < 200 || da.status >= 300){ @@ -68,6 +83,58 @@ export class NodeStorage{ } } + private async checkAuth(){ + if(!auth){ + auth = localStorage.getItem('risuauth') + } + + if(!authChecked){ + const data = await (await fetch('/api/password',{ + headers: { + 'risu-auth': auth ?? '' + } + })).json() + + if(data.status === 'unset'){ + const input = await digestPassword(await alertInput(language.setNodePassword)) + await fetch('/api/set_password',{ + method: "POST", + body:JSON.stringify({ + password: input + }), + headers: { + 'content-type': 'application/json' + } + }) + auth = input + localStorage.setItem('risuauth', auth) + } + else if(data.status === 'incorrect'){ + while(true){ + const input = await digestPassword(await alertInput(language.inputNodePassword)) + const data = await (await fetch('/api/password',{ + headers: { + 'risu-auth': input ?? '' + } + })).json() + if(data.status !== 'unset'){ + auth = input + localStorage.setItem('risuauth', auth) + await this.checkAuth() + break + } + } + } + } + } + listItem = this.keys -} \ No newline at end of file +} + +async function digestPassword(message:string) { + const encoder = new TextEncoder(); + const data = encoder.encode(message); + const hash = Buffer.from(await crypto.subtle.digest("SHA-256", data)).toString('hex'); + return hash; + } \ No newline at end of file