[feat] nodejs hosting password

server/node/server.cjs

@@ -2,18 +2,26 @@ const express = require('express');
 const app = express();
 const path = require('path');
 const htmlparser = require('node-html-parser');
-const { existsSync, mkdirSync } = require('fs');
+const { existsSync, mkdirSync, readFileSync, writeFileSync } = require('fs');
 const bodyParser = require('body-parser');
 const fs = require('fs/promises')
 
 app.use(express.static(path.join(process.cwd(), 'dist'), {index: false}));
 app.use(bodyParser.json({ limit: 100000000 }));
 
+
+let password = ''
+
 const savePath = path.join(process.cwd(), "save")
 if(!existsSync(savePath)){
     mkdirSync(savePath)
 }
 
+const passwordPath = path.join(process.cwd(), 'save', '__password')
+if(existsSync(passwordPath)){
+    password = readFileSync(passwordPath, 'utf-8')
+}
+
 app.get('/', async (req, res, next) => {
     console.log("connected")
     try {
@@ -62,9 +70,38 @@ app.post('/proxy', async (req, res, next) => {
     res.send(originalBody);
 });
 
+app.get('/api/password', async(req, res)=> {
+    if(password === ''){
+        res.send({status: 'unset'})
+    }
+    else if(req.headers['risu-auth']  === password){
+        res.send({status:'correct'})
+    }
+    else{
+        res.send({status:'incorrect'})
+    }
+})
+
+
+app.post('/api/set_password', async (req, res) => {
+    if(password === ''){
+        password = req.body.password
+        writeFileSync(passwordPath, password, 'utf-8')
+    }
+    res.status(400).send("already set")
+})
+
 app.get('/api/read', async (req, res, next) => {
+    if(req.headers['risu-auth'].trim() !== password.trim()){
+        console.log('incorrect')
+        res.status(400).send({
+            error:'Password Incorrect'
+        });
+        return
+    }
     const filePath = req.headers['file-path'];
     if (!filePath) {
+        console.log('no path')
         res.status(400).send({
             error:'File path required'
         });
@@ -91,6 +128,13 @@ app.get('/api/read', async (req, res, next) => {
 });
 
 app.get('/api/remove', async (req, res, next) => {
+    if(req.headers['risu-auth'].trim() !== password.trim()){
+        console.log('incorrect')
+        res.status(400).send({
+            error:'Password Incorrect'
+        });
+        return
+    }
     const filePath = req.headers['file-path'];
     if (!filePath) {
         res.status(400).send({
@@ -110,6 +154,13 @@ app.get('/api/remove', async (req, res, next) => {
 });
 
 app.get('/api/list', async (req, res, next) => {
+    if(req.headers['risu-auth'].trim() !== password.trim()){
+        console.log('incorrect')
+        res.status(400).send({
+            error:'Password Incorrect'
+        });
+        return
+    }
     try {
         const data = (await fs.readdir(path.join(savePath))).map((v) => {
             return Buffer.from(v, 'hex').toString('utf-8')
@@ -124,6 +175,13 @@ app.get('/api/list', async (req, res, next) => {
 });
 
 app.post('/api/write', async (req, res, next) => {
+    if(req.headers['risu-auth'].trim() !== password.trim()){
+        console.log('incorrect')
+        res.status(400).send({
+            error:'Password Incorrect'
+        });
+        return
+    }
     const filePath = req.headers['file-path'];
     const fileContent = Buffer.from(req.body.content, 'base64');
     if (!filePath || !fileContent) {

src/lang/en.ts

@@ -280,5 +280,7 @@ export const languageEnglish = {
     globalRegexScript: "Global Regex",
     accessibility: "Accessibility",
     sendWithEnter: "Send with Enter Key",
-    clickToEdit: "Click Text to Edit"
+    clickToEdit: "Click Text to Edit",
+    setNodePassword: "Set your password to security",
+    inputNodePassword: "Input your password. if you can't remember, remove save/__password.txt in your server files and restart the server."
 }

src/ts/storage/nodeStorage.ts

@@ -1,6 +1,12 @@
+import { language } from "src/lang"
+import { alertInput } from "../alert"
+
+let auth:string = null
+let authChecked = false
 
 export class NodeStorage{
     async setItem(key:string, value:Uint8Array) {
+        await this.checkAuth()
         const da = await fetch('/api/write', {
             method: "POST",
             body: JSON.stringify({
@@ -8,7 +14,8 @@ export class NodeStorage{
             }),
             headers: {
                 'content-type': 'application/json',
-                'file-path': Buffer.from(key, 'utf-8').toString('hex')
+                'file-path': Buffer.from(key, 'utf-8').toString('hex'),
+                'risu-auth': auth
             }
         })
         if(da.status < 200 || da.status >= 300){
@@ -21,10 +28,12 @@ export class NodeStorage{
 
     }
     async getItem(key:string):Promise<Buffer> {
+        await this.checkAuth()
         const da = await fetch('/api/read', {
             method: "GET",
             headers: {
-                'file-path': Buffer.from(key, 'utf-8').toString('hex')
+                'file-path': Buffer.from(key, 'utf-8').toString('hex'),
+                'risu-auth': auth
             }
         })
         const data = await da.json()
@@ -40,8 +49,12 @@ export class NodeStorage{
         return Buffer.from(data.content, 'base64')
     }
     async keys():Promise<string[]>{
+        await this.checkAuth()
         const da = await fetch('/api/list', {
             method: "GET",
+            headers:{
+                'risu-auth': auth
+            }
         })
         const data = await da.json()
         if(da.status < 200 || da.status >= 300){
@@ -53,10 +66,12 @@ export class NodeStorage{
         return data.content
     }
     async removeItem(key:string){
+        await this.checkAuth()
         const da = await fetch('/api/list', {
             method: "GET",
             headers: {
-                'file-path': Buffer.from(key, 'utf-8').toString('hex')
+                'file-path': Buffer.from(key, 'utf-8').toString('hex'),
+                'risu-auth': auth
             }
         })
         if(da.status < 200 || da.status >= 300){
@@ -68,6 +83,58 @@ export class NodeStorage{
         }
     }
 
+    private async checkAuth(){
+        if(!auth){
+            auth = localStorage.getItem('risuauth')
+        }
+
+        if(!authChecked){
+            const data = await (await fetch('/api/password',{
+                headers: {
+                    'risu-auth': auth ?? ''
+                }
+            })).json()
+
+            if(data.status === 'unset'){
+                const input = await digestPassword(await alertInput(language.setNodePassword))
+                await fetch('/api/set_password',{
+                    method: "POST",
+                    body:JSON.stringify({
+                        password: input 
+                    }),
+                    headers: {
+                        'content-type': 'application/json'
+                    }
+                })
+                auth = input
+                localStorage.setItem('risuauth', auth)
+            }
+            else if(data.status === 'incorrect'){
+                while(true){
+                    const input = await digestPassword(await alertInput(language.inputNodePassword))
+                    const data = await (await fetch('/api/password',{
+                        headers: {
+                            'risu-auth': input ?? ''
+                        }
+                    })).json()
+                    if(data.status !== 'unset'){
+                        auth = input
+                        localStorage.setItem('risuauth', auth)
+                        await this.checkAuth()
+                        break
+                    }
+                }
+            }
+        }
+    }
+
 
     listItem = this.keys
-}
+}
+
+async function digestPassword(message:string) {
+    const encoder = new TextEncoder();
+    const data = encoder.encode(message);
+    const hash = Buffer.from(await crypto.subtle.digest("SHA-256", data)).toString('hex');
+    return hash;
+  }