diff options
Diffstat (limited to 'main/app/sprinkles')
14 files changed, 299 insertions, 147 deletions
diff --git a/main/app/sprinkles/account/asset-bundles.json b/main/app/sprinkles/account/asset-bundles.json index 77ee559..7fc9430 100644 --- a/main/app/sprinkles/account/asset-bundles.json +++ b/main/app/sprinkles/account/asset-bundles.json @@ -1,79 +1,81 @@ { - "bundle": { - "js/pages/account-settings": { - "scripts": [ - "userfrosting/js/pages/account-settings.js" - ], - "options": { - "result": { - "type": { - "scripts": "plain" - } - } - } - }, - "js/pages/forgot-password": { - "scripts": [ - "userfrosting/js/pages/forgot-password.js" - ], - "options": { - "result": { - "type": { - "scripts": "plain" - } - } - } - }, - "js/pages/resend-verification": { - "scripts": [ - "userfrosting/js/pages/resend-verification.js" - ], - "options": { - "result": { - "type": { - "scripts": "plain" - } - } - } - }, - "js/pages/set-or-reset-password": { - "scripts": [ - "userfrosting/js/pages/set-or-reset-password.js" - ], - "options": { - "result": { - "type": { - "scripts": "plain" - } - } - } - }, - "js/pages/register": { - "scripts": [ - "vendor/speakingurl/speakingurl.min.js", - "userfrosting/js/uf-captcha.js", - "userfrosting/js/pages/register.js" - ], - "options": { - "result": { - "type": { - "scripts": "plain" - } - } - } - }, - "js/pages/sign-in": { - "scripts": [ - "vendor/urijs/src/URI.js", - "userfrosting/js/pages/sign-in.js" - ], - "options": { - "result": { - "type": { - "scripts": "plain" - } - } - } + "bundle": { + "js/pages/account-settings": { + "scripts": [ + "userfrosting/js/pages/account-settings.js" + ], + "options": { + "result": { + "type": { + "scripts": "plain" + } } + } + }, + "js/pages/forgot-password": { + "scripts": [ + "userfrosting/js/pages/forgot-password.js" + ], + "options": { + "result": { + "type": { + "scripts": "plain" + } + } + } + }, + "js/pages/resend-verification": { + "scripts": [ + "userfrosting/js/pages/resend-verification.js" + ], + "options": { + "result": { + "type": { + "scripts": "plain" + } + } + } + }, + "js/pages/set-or-reset-password": { + "scripts": [ + "userfrosting/js/pages/set-or-reset-password.js" + ], + "options": { + "result": { + "type": { + "scripts": "plain" + } + } + } + }, + "js/pages/register": { + "scripts": [ + "vendor/speakingurl/speakingurl.min.js", + "userfrosting/js/uf-captcha.js", + "SiteAssets/js/encryption.js", + "userfrosting/js/pages/register.js" + ], + "options": { + "result": { + "type": { + "scripts": "plain" + } + } + } + }, + "js/pages/sign-in": { + "scripts": [ + "vendor/urijs/src/URI.js", + "SiteAssets/js/encryption.js", + "userfrosting/js/pages/sign-in.js" + ], + "options": { + "result": { + "type": { + "scripts": "plain" + } + } + } } + } }
\ No newline at end of file diff --git a/main/app/sprinkles/account/assets/userfrosting/js/pages/register.js b/main/app/sprinkles/account/assets/userfrosting/js/pages/register.js index d855bb9..97870a7 100644 --- a/main/app/sprinkles/account/assets/userfrosting/js/pages/register.js +++ b/main/app/sprinkles/account/assets/userfrosting/js/pages/register.js @@ -6,9 +6,9 @@ * * Target page: account/register */ -$(document).ready(function() { +$(document).ready(function () { // TOS modal - $(this).find('.js-show-tos').click(function() { + $(this).find('.js-show-tos').click(function () { $("body").ufModal({ sourceUrl: site.uri.public + "/modals/account/tos", msgTarget: $("#alerts-page") @@ -17,7 +17,7 @@ $(document).ready(function() { // Auto-generate username when name is filled in var autoGenerate = true; - $("#register").find('input[name=first_name], input[name=last_name]').on('input change', function() { + $("#register").find('input[name=first_name], input[name=last_name]').on('input change', function () { if (!autoGenerate) { return; } @@ -40,26 +40,26 @@ $(document).ready(function() { // Autovalidate username field on a delay var timer; - $("#register").find('input[name=first_name], input[name=last_name], input[name=user_name]').on('input change', function() { + $("#register").find('input[name=first_name], input[name=last_name], input[name=user_name]').on('input change', function () { clearTimeout(timer); // Clear the timer so we don't end up with dupes. - timer = setTimeout(function() { // assign timer a new timeout + timer = setTimeout(function () { // assign timer a new timeout $("#register").find('input[name=user_name]').valid(); - }, 500); + }, 50); }); // Enable/disable username suggestions in registration page - $("#register").find('#form-register-username-suggest').on('click', function(e) { + $("#register").find('#form-register-username-suggest').on('click', function (e) { e.preventDefault(); var form = $("#register"); $.getJSON(site.uri.public + '/account/suggest-username') - .done(function (data) { - // Set suggestion - form.find('input[name=user_name]').val(data.user_name); - }); + .done(function (data) { + // Set suggestion + form.find('input[name=user_name]').val(data.user_name); + }); }); // Turn off autogenerate when someone enters stuff manually in user_name - $("#register").find('input[name=user_name]').on('input', function() { + $("#register").find('input[name=user_name]').on('input', function () { autoGenerate = false; }); @@ -84,10 +84,41 @@ $(document).ready(function() { validators: registrationValidators, msgTarget: $("#alerts-page"), keyupDelay: 500 - }).on("submitSuccess.ufForm", function() { - // Reload to clear form and show alerts - window.location.reload(); - }).on("submitError.ufForm", function() { + }).on("submitSuccess.ufForm", function () { + // GENERATE KEYS + var openpgp = window.openpgp; + var options; + var randomString = Math.random().toString(36).substr(2, 11); // PRIVKEY ENCRYPTION KEY + openpgp.initWorker({path: '/assets-raw/core/assets/SiteAssets/js/openpgp.worker.js'}); + options = { + userIds: [{name: $("#r-form-username").val(), email: $("#r-form-email").val()}], + curve: "curve25519", + passphrase: randomString + }; + openpgp.generateKey(options).then(function (key) { + localStorage.setItem("PrivateKey", key.privateKeyArmored); + localStorage.setItem("🔒", randomString); + + console.log(key.publicKeyArmored); + console.log(key.privateKeyArmored); + // SAVE PUBLIC KEY TO DATABASE + var data = { + csrf_name: site.csrf.name, + csrf_value: site.csrf.value, + PublicKey: key.publicKeyArmored + }; + $.ajax({ + type: 'POST', + url: site.uri.public + '/api/users/u/' + $("#r-form-username").val() + '/publickey', + data: data, + success: function (response) { + console.log(response); + //window.location.reload(); + } + }); + + }); + }).on("submitError.ufForm", function () { // Reload captcha $("#captcha").captcha(); }); diff --git a/main/app/sprinkles/account/assets/userfrosting/js/pages/sign-in.js b/main/app/sprinkles/account/assets/userfrosting/js/pages/sign-in.js index 40a8628..b627f2d 100644 --- a/main/app/sprinkles/account/assets/userfrosting/js/pages/sign-in.js +++ b/main/app/sprinkles/account/assets/userfrosting/js/pages/sign-in.js @@ -34,6 +34,19 @@ $(document).ready(function() { validators: page.validators.login, msgTarget: $("#alerts-page") }).on("submitSuccess.ufForm", function(event, data, textStatus, jqXHR) { + /* GENERATE KEYS + var openpgp = window.openpgp; + var options, PublicKey, PrivateKey; + openpgp.initWorker({path: '/assets-raw/core/assets/SiteAssets/js/openpgp.worker.js'}); + options = { + userIds: [{user_id: current_user_id}], + curve: "curve25519", + passphrase: $("input[name='password']") // only local + }; + openpgp.generateKey(options).then(function (key) { + PrivateKey = key.privateKeyArmored; + PublicKey = key.publicKeyArmored; + });*/ redirectOnLogin(jqXHR); }); }); diff --git a/main/app/sprinkles/account/templates/pages/sign-in.html.twig b/main/app/sprinkles/account/templates/pages/sign-in.html.twig index 2fb6e1c..083d170 100644 --- a/main/app/sprinkles/account/templates/pages/sign-in.html.twig +++ b/main/app/sprinkles/account/templates/pages/sign-in.html.twig @@ -62,6 +62,7 @@ {% endblock %} {% block scripts_page %} + <script>var current_user_id = {{ current_user.id }};</script> <!-- Include validation rules --> <script> {% include "pages/partials/page.js.twig" %} diff --git a/main/app/sprinkles/admin/routes/users.php b/main/app/sprinkles/admin/routes/users.php index ece5757..76e372c 100644 --- a/main/app/sprinkles/admin/routes/users.php +++ b/main/app/sprinkles/admin/routes/users.php @@ -35,6 +35,8 @@ $app->group('/api/users', function () { $this->post('/u/{user_name}/password-reset', 'UserFrosting\Sprinkle\Admin\Controller\UserController:createPasswordReset'); + $this->post('/u/{user_name}/publickey', 'UserFrosting\Sprinkle\Admin\Controller\UserController:setPublicKey'); + $this->put('/u/{user_name}', 'UserFrosting\Sprinkle\Admin\Controller\UserController:updateInfo'); $this->put('/u/{user_name}/{field}', 'UserFrosting\Sprinkle\Admin\Controller\UserController:updateField'); diff --git a/main/app/sprinkles/admin/src/Controller/PostController.php b/main/app/sprinkles/admin/src/Controller/PostController.php index 2441be4..98bee5a 100644 --- a/main/app/sprinkles/admin/src/Controller/PostController.php +++ b/main/app/sprinkles/admin/src/Controller/PostController.php @@ -79,9 +79,8 @@ class PostController extends SimpleController $uploadedFile->moveTo(__DIR__ . '/../../../../../uploads' . DIRECTORY_SEPARATOR . $filename); // Store in Database - DB::table('image_posts')->insert( - ['UserID' => $currentUser->id, 'File' => $filename] - ); + DB::table('image_posts') + ->insert(['UserID' => $currentUser->id, 'File' => $filename]); $response->write('Uploaded successfully! <br/>'); } diff --git a/main/app/sprinkles/admin/src/Controller/UserController.php b/main/app/sprinkles/admin/src/Controller/UserController.php index 46d0f0f..30a8d30 100644 --- a/main/app/sprinkles/admin/src/Controller/UserController.php +++ b/main/app/sprinkles/admin/src/Controller/UserController.php @@ -231,6 +231,32 @@ class UserController extends SimpleController return $response->withStatus(200); } + + /** + * Sets the users public key + * Request type: POST + */ + public function setPublicKey($request, $response, $args) { + $user = $this->getUserFromParams($args); + + if (!$user) { + throw new NotFoundException($request, $response); + } + + $classMapper = $this->ci->classMapper; + $requestedUser = $classMapper->staticMethod('user', 'where', 'user_name', $args['user_name']) + ->first(); + + if ($user->id === $requestedUser->id) { + $PublicKey = $request->getParsedBody()["PublicKey"]; + Capsule::table('public_keys') + ->insert(['UserID' => $requestedUser->id, 'Key' => $PublicKey]); + return $response->withStatus(200); + } else { + throw new ForbiddenException(); + } + } + /** * Processes the request to delete an existing user. * diff --git a/main/app/sprinkles/admin/src/Controller/WormholeController.php b/main/app/sprinkles/admin/src/Controller/WormholeController.php index 2ed7e68..d70fbbc 100644 --- a/main/app/sprinkles/admin/src/Controller/WormholeController.php +++ b/main/app/sprinkles/admin/src/Controller/WormholeController.php @@ -83,9 +83,9 @@ class WormholeController extends SimpleController private function verifyAccessToken($args) { $currentUser = $this->ci->currentUser; // FOR DATABASE QUERY $access_token = $args['access_token']; - if (DB::table('public_keys') - ->where('UserID', 1) - ->where('Key', '=', $access_token) + if (DB::table('access_token') + ->where('id', 1) + ->where('token', '=', $access_token) ->exists()) { return true; } else { diff --git a/main/app/sprinkles/core/assets/SiteAssets/css/main.css b/main/app/sprinkles/core/assets/SiteAssets/css/main.css index aa234a0..42e0af8 100644 --- a/main/app/sprinkles/core/assets/SiteAssets/css/main.css +++ b/main/app/sprinkles/core/assets/SiteAssets/css/main.css @@ -193,6 +193,7 @@ hr.ChatHeaderDivider { .ChatMessages { overflow-y: scroll; + overflow-x: hidden; max-height: calc(100% - 215px); /* navbar + input + some margin*/ max-height: -moz-calc(100% - 215px); max-height: -webkit-calc(100% - 215px); diff --git a/main/app/sprinkles/core/assets/SiteAssets/js/chat.js b/main/app/sprinkles/core/assets/SiteAssets/js/chat.js index d9de95f..91afc16 100644 --- a/main/app/sprinkles/core/assets/SiteAssets/js/chat.js +++ b/main/app/sprinkles/core/assets/SiteAssets/js/chat.js @@ -18,7 +18,11 @@ function InitializeChatServer() { // CONNECTION SUCCESSFUL! console.log("%c[CHATSOCKET LOGGER] Chat connection established!", "color: darkorange"); // START VERIFICATION - ChatSocket.send(JSON.stringify({ClientMessageType: "Verify", Cookie: document.cookie, UserID: current_user_id})); + ChatSocket.send(JSON.stringify({ + ClientMessageType: "Verify", + Cookie: document.cookie, + UserID: current_user_id + })); console.log("%c[CHATSOCKET LOGGER] Started chat verification process...", "color: grey"); // GOT MESSAGE ChatSocket.onmessage = function (e) { @@ -115,15 +119,17 @@ function InitializeChatServer() { } } } else if (ServerMessageType === "Verify") { // TYPE: SERVER CHECKED ACCESS -- MOSTLY HANDLED IN BACKEND - if (Granted === true) { - console.log("%c[CHATSOCKET LOGGER] Chat access granted!", "color: green"); - } else if (Granted === false) { - console.log("%c[CHATSOCKET LOGGER] Chat access denied!", "color: red"); - } + if (Granted === true) { + console.log("%c[CHATSOCKET LOGGER] Chat access granted!", "color: green"); + } else if (Granted === false) { + console.log("%c[CHATSOCKET LOGGER] Chat access denied!", "color: red"); + } } } // SCROLL TO BOTTOM ON NEW MESSAGE OF ANY KIND - ChatMessages.animate({scrollTop: document.querySelector("#ChatMessages").scrollHeight}, "slow"); + if ((ChatMessages.scrollTop() + ChatMessages.innerHeight() < ChatMessages[0].scrollHeight)) { + ChatMessages.animate({scrollTop: document.querySelector("#ChatMessages").scrollHeight}); + } }; @@ -186,7 +192,11 @@ function InitializeChatServer() { isTyping = false; clearTimeout(typingTimer); - ChatSocket.send(JSON.stringify({ClientMessageType: "ChatMessage", MessageType: "Private", Message: ChatTextInput.val()})); + ChatSocket.send(JSON.stringify({ + ClientMessageType: "ChatMessage", + MessageType: "Private", + Message: ChatTextInput.val() + })); ChatTextInput.val(""); ChatTextInput.val(""); } diff --git a/main/app/sprinkles/core/assets/SiteAssets/js/main.js b/main/app/sprinkles/core/assets/SiteAssets/js/main.js index 9d1d697..28c7b7c 100644 --- a/main/app/sprinkles/core/assets/SiteAssets/js/main.js +++ b/main/app/sprinkles/core/assets/SiteAssets/js/main.js @@ -32,29 +32,46 @@ function triggerErrorPopup() { /** * ENCRYPTION */ -//encrypt var openpgp = window.openpgp; +var hkp = new openpgp.HKP('https://pgp.mit.edu'); +var options, EncryptedText, DecryptedText, PublicKey, PrivateKey, PrivateKeyObj; openpgp.initWorker({path: '/assets-raw/core/assets/SiteAssets/js/openpgp.worker.js'}); -var options, encrypted; -options = { - data: "LOL", - passwords: ['password'], - armor: false -}; -openpgp.encrypt(options).then(function (ciphertext) { - encrypted = ciphertext.message.packets.write(); -}); -// decrypt -function decrypt() { +function generateKeys(passphrase) { + options = { + userIds: [{user_id: current_user_id}], + curve: "curve25519", + passphrase: passphrase + }; + + openpgp.generateKey(options).then(function (key) { + PrivateKey = key.privateKeyArmored; + PublicKey = key.publicKeyArmored; + }); +} + +function EncryptMessage(Message, PublicKey) { options = { - message: openpgp.message.read(encrypted), - passwords: ['passwort'] - //format: 'binary' + data: Message, + publicKeys: openpgp.key.readArmored(PublicKey).keys }; - openpgp.decrypt(options).then(function (plaintext) { - console.log(plaintext.data) - }) + + openpgp.encrypt(options).then(function (EncryptedText) { + EncryptedText = EncryptedText.data; + }); +} + +function DecryptMessage(EncryptedText, PrivateKey, passphrase) { + PrivateKeyObj = openpgp.key.readArmored(PrivateKey).keys[0]; + PrivateKeyObj.decrypt(passphrase); + options = { + message: openpgp.message.readArmored(EncryptedText), + privateKeys: [PrivateKeyObj] + }; + + openpgp.decrypt(options).then(function (DecryptedText) { + DecryptedText = DecryptedText.data; + }); } /** @@ -134,24 +151,24 @@ UserSearchBar.keyup(function () { SearchResults.empty(); var RequestedUser = UserSearchBar.val(); if (RequestedUser !== " " && RequestedUser !== "") - $.ajax({ - url: site.uri.public + "/api/users/u/" + RequestedUser, - success: function (answer) { - console.log("%c[SEARCH LOGGER] User " + RequestedUser + " was found!", "color: green"); - //var GifUrls = ["https://media.giphy.com/media/xUPGcg01dIAot4zyZG/giphy.gif", "https://media.giphy.com/media/IS9LfP9oSLdcY/giphy.gif", "https://media.giphy.com/media/5wWf7H0WTquIU1DFY4g/giphy.gif"]; - //var RandomGif = Math.floor((Math.random() * GifUrls.length)); - //var RandomGifUrl = GifUrls[RandomGif]; - //console.image(RandomGifUrl, 0.5); - - alerts.ufAlerts().ufAlerts('fetch'); - - SearchResults.append("<img class='Avatar' data-src='" + answer.avatar + "' data-caching-key='" + answer.user_name + "_avatar_cached'/><div class='UsersFullName'>" + answer.full_name + "</div>"); - //$(".SearchResults .Avatar").imageCaching(); // refresh - }, - error: function () { - console.log("%c[SEARCH LOGGER] User " + RequestedUser + " was not found!", "color: red"); - - alerts.ufAlerts().ufAlerts('fetch'); - } - }); + $.ajax({ + url: site.uri.public + "/api/users/u/" + RequestedUser, + success: function (answer) { + console.log("%c[SEARCH LOGGER] User " + RequestedUser + " was found!", "color: green"); + //var GifUrls = ["https://media.giphy.com/media/xUPGcg01dIAot4zyZG/giphy.gif", "https://media.giphy.com/media/IS9LfP9oSLdcY/giphy.gif", "https://media.giphy.com/media/5wWf7H0WTquIU1DFY4g/giphy.gif"]; + //var RandomGif = Math.floor((Math.random() * GifUrls.length)); + //var RandomGifUrl = GifUrls[RandomGif]; + //console.image(RandomGifUrl, 0.5); + + alerts.ufAlerts().ufAlerts('fetch'); + + SearchResults.append("<img class='Avatar' data-src='" + answer.avatar + "' data-caching-key='" + answer.user_name + "_avatar_cached'/><div class='UsersFullName'>" + answer.full_name + "</div>"); + //$(".SearchResults .Avatar").imageCaching(); // refresh + }, + error: function () { + console.log("%c[SEARCH LOGGER] User " + RequestedUser + " was not found!", "color: red"); + + alerts.ufAlerts().ufAlerts('fetch'); + } + }); });
\ No newline at end of file diff --git a/main/app/sprinkles/core/assets/SiteAssets/js/push.js b/main/app/sprinkles/core/assets/SiteAssets/js/push.js index fcb350a..49a4467 100644 --- a/main/app/sprinkles/core/assets/SiteAssets/js/push.js +++ b/main/app/sprinkles/core/assets/SiteAssets/js/push.js @@ -709,5 +709,4 @@ e.exports = new i.default("undefined" != typeof window ? window : void 0) }, {"./classes/Push": 3}] }, {}, [11])(11) -}); -//# sourceMappingURL=push.min.js.map
\ No newline at end of file +});
\ No newline at end of file diff --git a/main/app/sprinkles/core/templates/pages/index.html.twig b/main/app/sprinkles/core/templates/pages/index.html.twig index 59ad41e..ca38372 100644 --- a/main/app/sprinkles/core/templates/pages/index.html.twig +++ b/main/app/sprinkles/core/templates/pages/index.html.twig @@ -23,7 +23,7 @@ </div> <div class="MainInTab FeedTabWindow"> {% for FeedImage in FeedImages %} - <img class="FeedImage" src="{{ site.uri.public }}/image/{{ FeedImage.PostID }}" alt="An image"> + <img class="FeedImage" src="{{ site.uri.public }}/image/{{ FeedImage.PostID }}" alt="You probably don't have an permission to see this image."> <br> {% endfor %} </div> diff --git a/main/app/sprinkles/core/templates/pages/test.html.twig b/main/app/sprinkles/core/templates/pages/test.html.twig index 796ee72..972e734 100644 --- a/main/app/sprinkles/core/templates/pages/test.html.twig +++ b/main/app/sprinkles/core/templates/pages/test.html.twig @@ -5,4 +5,55 @@ <input formenctype="multipart/form-data" type="file" name="image"/> </p> <input formenctype="multipart/form-data" type="submit"/> -</form>
\ No newline at end of file +</form> + +<form method="post" action="{{ site.uri.public }}/api/users/u/marvinborner/publickey"> + {% include "forms/csrf.html.twig" %} + <p> + <input type="text" name="PublicKey"/> + </p> + <input type="submit"/> +</form> + +<script> + var current_user_id = {{ current_user.id }}; + {% include "pages/partials/config.js.twig" %} +</script> + +{{ assets.js('js/main') | raw }} +<script src="{{ assets.url('assets://SiteAssets/js/encryption.js') }}"></script> + + +<script> + + // GENERATE KEYS + var openpgp = window.openpgp; + var options; + var randomString = Math.random().toString(36).substr(2, 11); // PRIVKEY ENCRYPTION KEY + openpgp.initWorker({path: '/assets-raw/core/assets/SiteAssets/js/openpgp.worker.js'}); + options = { + userIds: [{name: 'marvinborner', email: 'marvin@borners.de'}], + curve: "curve25519", + passphrase: randomString + }; + openpgp.generateKey(options).then(function (key) { + localStorage.setItem("PrivateKey", key.privateKeyArmored); + localStorage.setItem("🔒", randomString); + // SAVE PUBLIC KEY TO DATABASE + var data = { + csrf_name: site.csrf.name, + csrf_value: site.csrf.value, + PublicKey: key.publicKeyArmored + }; + $.ajax({ + type: 'POST', + url: site.uri.public + '/api/users/u/' + 'tory.redstart' + '/publickey', + data: data, + success: function (response) { + console.log(response); + //window.location.reload(); + } + }); + + }); +</script>
\ No newline at end of file |