Merge pull request #11 from NotAProton/main

FastForwardTeam · Dec 6, 2021 · 7f6eb00 · 7f6eb00
2 parents 4fa9b7d + 23db5ad
commit 7f6eb00
Show file tree

Hide file tree

Showing 7 changed files with 65 additions and 14 deletions.
diff --git a/go.mod b/go.mod
@@ -5,7 +5,7 @@ go 1.17
 require (
 	github.com/anyascii/go v0.3.0
 	github.com/go-sql-driver/mysql v1.6.0
-	github.com/golang-jwt/jwt/v4 v4.1.0
+	github.com/golang-jwt/jwt/v4 v4.2.0
 	github.com/google/uuid v1.3.0
-	golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871
+	golang.org/x/crypto v0.0.0-20211202192323-5770296d904e
 )
diff --git a/go.sum b/go.sum
@@ -2,12 +2,12 @@ github.com/anyascii/go v0.3.0 h1:40wlHa2g09xCKMsVTbBPOIN4nU7W+OPjsI+MDk+zhKk=
 github.com/anyascii/go v0.3.0/go.mod h1:HDvbMmSpqJyIe+xtSkHmAYTjc8PzvO3l1Jmgx/IFUPs=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
-github.com/golang-jwt/jwt/v4 v4.1.0 h1:XUgk2Ex5veyVFVeLm0xhusUTQybEbexJXrvPNOKkSY0=
-github.com/golang-jwt/jwt/v4 v4.1.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
+github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU=
+github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871 h1:/pEO3GD/ABYAjuakUS6xSEmmlyVS4kxBNkeA9tLJiTI=
-golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20211202192323-5770296d904e h1:MUP6MR3rJ7Gk9LEia0LP2ytiH6MuCfs7qYz+47jGdD8=
+golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=

diff --git a/src/adminAuth.go b/src/adminAuth.go
@@ -39,7 +39,7 @@ func loadRSAKeys() (*rsa.PrivateKey, *rsa.PublicKey, error) {
 
 	block, _ := pem.Decode([]byte(privPEM))
 	if block == nil {
-		return nil, nil, errors.New("failed to env var containing the private key")
+		return nil, nil, errors.New("failed to parse env var containing the private key")
 	}
 
 	priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
@@ -94,6 +94,10 @@ func genAccessToken(refToken string) (username string, accToken string, err erro
 		return RSApublicKey, nil
 	})
 
+	if err != nil {
+		return "", "", err
+	}
+
 	if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
 		if claims["sub"].(string) != "ref_token" {
 			return claims["aud"].(string), "", errors.New("not refresh token")
@@ -130,14 +134,18 @@ func genAccessToken(refToken string) (username string, accToken string, err erro
 }
 
 // Takes Access token, verifies and parses it, returns username and error
-func pasreAccessToken(accToken string) (username string, err error) {
+func parseAccessToken(accToken string) (username string, err error) {
 	token, err := jwt.Parse(accToken, func(token *jwt.Token) (interface{}, error) {
 		if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
 			return nil, errors.New("Unexpected signing method:" + token.Header["alg"].(string))
 		}
 		return RSApublicKey, nil
 	})
 
+	if err != nil {
+		return "", err
+	}
+
 	if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
 		if claims["sub"].(string) != "acc_token" {
 			return "", errors.New("not access token")

diff --git a/src/adminHandlers.go b/src/adminHandlers.go
@@ -245,7 +245,7 @@ func refTokenHandler(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusBadRequest)
 		return
 	}
-	sanitize(&input.Username, &input.Password)
+	sanitize(&input.Username)
 
 	exists, hashedpassword := dbAdminCredsQuery(input.Username)
 
@@ -330,9 +330,9 @@ func parseAuthHeader(r *http.Request) (username string, ok bool) {
 		return "", false
 	}
 	reqToken = splitToken[1]
-	username, err := pasreAccessToken(reqToken)
+	username, err := parseAccessToken(reqToken)
 	if err != nil {
-		logger.Println(getRequestId(r) + " failed to authenticate [invalid access token in header] ")
+		logger.Println(getRequestId(r) + " failed to authenticate [invalid access token in header] Error: " + err.Error())
 		return "", false
 	}
 	logger.Println(getRequestId(r) + " authenticated as \"" + username + "\" using an access token")

diff --git a/src/sql.go b/src/sql.go
@@ -21,6 +21,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"time"
 
 	_ "github.com/go-sql-driver/mysql"
 )
@@ -37,6 +38,9 @@ func connectDb() {
 	if err != nil {
 		logger.Fatalln(err)
 	}
+	db.SetConnMaxLifetime(time.Minute * 3)
+	db.SetMaxOpenConns(10)
+	db.SetMaxIdleConns(5)
 }
 
 // returns (if exists), (destination if exists), (votedfordeletion 0/1)

diff --git a/src/static/admin/index.html b/src/static/admin/index.html
@@ -15,7 +15,8 @@
     <nav><span id="left-nav"><b>FastForward Admin Panel</b></span> <span id="right-nav"> Logged in as <i><span id="username-span"></span></i><br> <a href="/html/">Change Password</a> </span></nav> <br>
 
   <main>
-    <div id=table></div>
+    <span id="status"></span>
+    <div id="table"></div>
 
   </main>
   <script src="script.js"></script>

diff --git a/src/static/admin/script.js b/src/static/admin/script.js
@@ -57,6 +57,7 @@ function getReported() {
     })
     .then(res => {
       if (res.status == 204) {
+        $('#status').text('')
         $('#table').text('No reported links so far')
     } else {
     res.json()
@@ -66,6 +67,7 @@ function getReported() {
           delete obj.domain
           delete obj.path
       })
+      $('#status').text('')
       makeTable(data)
      })
     }
@@ -74,11 +76,47 @@ function getReported() {
         message: 'Something bad happened ' + error
     }))
 }
-regenTokens()
 setInterval(function(){
     regenTokens()
     }, 870000);
-getReported()
+    if (localStorage.getItem('reftoken') === null) {
+      window.location.replace("login");
+  }
+
+$('#status').text('Loading...')
+
+// If you're seeing this, I am sorry
+fetch(domain+'admin/api/newacctoken', {
+  method: "POST",
+  headers: {
+    'Accept': 'application/json',
+    'Content-Type': 'application/json'
+  },
+  body: JSON.stringify({
+    reftoken: localStorage.getItem('reftoken')
+     })
+  })
+    .then(res => res.json())
+    .then(data => {
+      sessionStorage.setItem('acctoken', data.acctoken);
+      sessionStorage.setItem('username', parseJwt(data.acctoken).aud);
+      $('#username-span').text(sessionStorage.getItem('username'));
+      getReported()
+    })
+    .catch(error => {
+      Swal.fire({
+        toast: true,
+        position: 'top',
+        showConfirmButton: false,
+        title: 'Failed to verify login details',
+        icon: 'error',
+        timer: 2000,
+        timerProgressBar: true,
+        didDestroy: () => {
+          window.location.replace("login");
+      }
+      })
+    })
 var linkTable
 function makeTable(data) {
     linkTable = new gridjs.Grid({