From 9be672cd85682c865bdeb4463945d1362049d871 Mon Sep 17 00:00:00 2001 From: Marvin Borner Date: Sun, 6 May 2018 13:28:36 +0200 Subject: Extended wormhole and began chat verification --- main/app/sprinkles/admin/routes/wormhole.php | 2 +- .../admin/src/Controller/WormholeController.php | 14 ++++--- .../sprinkles/core/assets/SiteAssets/js/chat.js | 2 +- .../php/Chatserver/src/ChatProcessor.php | 48 +++++++++++++++------- .../templates/pages/abstract/mainsite.html.twig | 1 + 5 files changed, 45 insertions(+), 22 deletions(-) (limited to 'main') diff --git a/main/app/sprinkles/admin/routes/wormhole.php b/main/app/sprinkles/admin/routes/wormhole.php index e4d5bc9..da193ef 100644 --- a/main/app/sprinkles/admin/routes/wormhole.php +++ b/main/app/sprinkles/admin/routes/wormhole.php @@ -3,5 +3,5 @@ * Super admin thingy cause of my current server situation */ $app->group('/wormhole/{access_token}', function () { - $this->get('/verify/{user_id}', 'UserFrosting\Sprinkle\Admin\Controller\WormholeController:verify'); + $this->get('/verify/{user_id}/{session_id}', 'UserFrosting\Sprinkle\Admin\Controller\WormholeController:verify'); }); diff --git a/main/app/sprinkles/admin/src/Controller/WormholeController.php b/main/app/sprinkles/admin/src/Controller/WormholeController.php index 3beed61..958d907 100644 --- a/main/app/sprinkles/admin/src/Controller/WormholeController.php +++ b/main/app/sprinkles/admin/src/Controller/WormholeController.php @@ -22,7 +22,6 @@ use Illuminate\Database\Capsule\Manager as DB; use UserFrosting\Sprinkle\Account\Authenticate\Authenticator; use Illuminate\Filesystem\Filesystem; use Illuminate\Session\FileSessionHandler; -use UserFrosting\Session\Session; /** * Controller class for user-related requests, including listing users, CRUD for users, etc. @@ -40,11 +39,16 @@ class WormholeController extends SimpleController ->where('Key', '=', $access_token) ->exists()) { $user_id = $args['user_id']; - $session = new Session(); - $session->start(); - $response->write($session->all()["account"]["current_user_id"]); + $session_id = $args['session_id']; + $session_file = file_get_contents("../app/sessions/" . $session_id); + $session_user_id = unserialize(substr($session_file, strpos($session_file, "account|") + 8))["current_user_id"]; + if ($session_user_id === $user_id) { + return $response->withStatus(200); + } else { + throw new NotFoundException(); + } } else { - throw new ForbiddenException(); + throw new NotFoundException(); // IT'S A FORBIDDEN EXCEPTION BUT IT'S SECRET! PSSSHT } } } \ No newline at end of file diff --git a/main/app/sprinkles/core/assets/SiteAssets/js/chat.js b/main/app/sprinkles/core/assets/SiteAssets/js/chat.js index ebf549b..f131db1 100644 --- a/main/app/sprinkles/core/assets/SiteAssets/js/chat.js +++ b/main/app/sprinkles/core/assets/SiteAssets/js/chat.js @@ -15,7 +15,7 @@ function InitializeChatServer() { }, 5000); }; ChatSocket.onopen = function () { - ChatSocket.send(JSON.stringify({ClientMessageType: "Verify", Cookie: document.cookie})); + ChatSocket.send(JSON.stringify({ClientMessageType: "Verify", Cookie: document.cookie, UserID: current_user_id})); // CONNECTION SUCCESSFUL! console.log("[WEBSOCKET LOGGER] Chat connection established!"); // GOT MESSAGE diff --git a/main/app/sprinkles/core/assets/SiteAssets/php/Chatserver/src/ChatProcessor.php b/main/app/sprinkles/core/assets/SiteAssets/php/Chatserver/src/ChatProcessor.php index 1385f19..17e85b9 100644 --- a/main/app/sprinkles/core/assets/SiteAssets/php/Chatserver/src/ChatProcessor.php +++ b/main/app/sprinkles/core/assets/SiteAssets/php/Chatserver/src/ChatProcessor.php @@ -37,16 +37,16 @@ class ChatProcessor implements MessageComponentInterface foreach ($this->subscriptions as $id => $channel) { if ($this->subscriptions[$conn->resourceId] == $channel) { $MessageObject = new \stdClass(); - $MessageObject->ServerMessage = true; + $MessageObject->ServerMessage = TRUE; $MessageObject->ServerMessageType = "GroupJoin"; $MessageObject->GroupName = $channel; $MessageObject->Username = $this->connectedUsersNames[$conn->resourceId]; if ($id === $conn->resourceId) { - $MessageObject->WasHimself = true; + $MessageObject->WasHimself = TRUE; } else { - $MessageObject->WasHimself = false; + $MessageObject->WasHimself = FALSE; } - $MessageJson = json_encode($MessageObject, true); + $MessageJson = json_encode($MessageObject, TRUE); $this->users[$id]->send($MessageJson); } } @@ -57,16 +57,16 @@ class ChatProcessor implements MessageComponentInterface foreach ($this->subscriptions as $id => $channel) { if ($channel == $target) { $MessageObject = new \stdClass(); - $MessageObject->ServerMessage = false; + $MessageObject->ServerMessage = FALSE; $MessageObject->GroupName = $channel; $MessageObject->Username = $this->connectedUsersNames[$conn->resourceId]; $MessageObject->Message = htmlspecialchars($data->Message); if ($id === $conn->resourceId) { - $MessageObject->WasHimself = true; + $MessageObject->WasHimself = TRUE; } else { - $MessageObject->WasHimself = false; + $MessageObject->WasHimself = FALSE; } - $MessageJson = json_encode($MessageObject, true); + $MessageJson = json_encode($MessageObject, TRUE); $this->users[$id]->send($MessageJson); } } @@ -78,24 +78,37 @@ class ChatProcessor implements MessageComponentInterface foreach ($this->subscriptions as $id => $channel) { if ($channel == $target) { $MessageObject = new \stdClass(); - $MessageObject->ServerMessage = true; + $MessageObject->ServerMessage = TRUE; $MessageObject->ServerMessageType = "TypingState"; $MessageObject->GroupName = $channel; $MessageObject->Username = $this->connectedUsersNames[$conn->resourceId]; $MessageObject->State = $data->State; if ($id === $conn->resourceId) { - $MessageObject->WasHimself = true; + $MessageObject->WasHimself = TRUE; } else { - $MessageObject->WasHimself = false; + $MessageObject->WasHimself = FALSE; } - $MessageJson = json_encode($MessageObject, true); + $MessageJson = json_encode($MessageObject, TRUE); $this->users[$id]->send($MessageJson); } } } break; case "Verify": - print_r($data); + $headerCookies = explode('; ', $data->Cookie); + $cookies = array(); + foreach ($headerCookies as $headerCookie) { + list($key, $val) = explode('=', $headerCookie, 2); + $cookies[$key] = $val; + } + $UserSessionKey = $cookies["uf4"]; + $AccessToken = file_get_contents("/AccessToken.txt"); // SECRET + $KeyVerifierCode = $this->getHttpCode("https://beam-messenger.de/wormhole/" . $AccessToken . "/verify/" . $data->UserID . "/" . $UserSessionKey); + if ($KeyVerifierCode === 200) { + echo "Access granted"; + } else { + echo "Access denied"; + } break; } } @@ -108,10 +121,10 @@ class ChatProcessor implements MessageComponentInterface foreach ($this->subscriptions as $id => $channel) { if ($channel == $target) { $MessageObject = new \stdClass(); - $MessageObject->ServerMessage = true; + $MessageObject->ServerMessage = TRUE; $MessageObject->ServerMessageType = "UserDisconnect"; $MessageObject->Username = $this->connectedUsersNames[$conn->resourceId]; - $MessageJson = json_encode($MessageObject, true); + $MessageJson = json_encode($MessageObject, TRUE); $this->users[$id]->send($MessageJson); } } @@ -127,4 +140,9 @@ class ChatProcessor implements MessageComponentInterface $conn->close(); } + + public function getHttpCode($domain) { + $headers = get_headers($domain); + return substr($headers[0], 9, 3); + } } \ No newline at end of file diff --git a/main/app/sprinkles/core/templates/pages/abstract/mainsite.html.twig b/main/app/sprinkles/core/templates/pages/abstract/mainsite.html.twig index 0c420e3..1821510 100644 --- a/main/app/sprinkles/core/templates/pages/abstract/mainsite.html.twig +++ b/main/app/sprinkles/core/templates/pages/abstract/mainsite.html.twig @@ -116,6 +116,7 @@ {% endblock %} {% block scripts %} + {# Override this block in a child layout template or page template to override site-level scripts. #} {% block scripts_site %} {{ assets.js('js/main') | raw }} -- cgit v1.2.3