Compare commits
4 Commits
113bef6582
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| 66ef9e6d0c | |||
| ed48629a61 | |||
| e48cbd396b | |||
| 6c2f8c286b |
3
.gitignore
vendored
3
.gitignore
vendored
@ -16,3 +16,6 @@
|
||||
# vendor/
|
||||
.idea
|
||||
secrets.json
|
||||
test
|
||||
secrets_test.json
|
||||
csrf-key
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
{
|
||||
"createGiteaAccount": false,
|
||||
"port": 8080,
|
||||
"rootUrl": "http://localhost:8080"
|
||||
"rootUrl": "http://localhost:8080",
|
||||
"databaseType": "mysql"
|
||||
}
|
||||
|
||||
6
config_test.json
Normal file
6
config_test.json
Normal file
@ -0,0 +1,6 @@
|
||||
{
|
||||
"createGiteaAccount": false,
|
||||
"port": 8080,
|
||||
"rootUrl": "http://localhost:8080",
|
||||
"databaseType": "sqlite3"
|
||||
}
|
||||
6
go.mod
6
go.mod
@ -5,12 +5,14 @@ go 1.14
|
||||
require (
|
||||
code.gitea.io/sdk/gitea v0.13.2
|
||||
github.com/bwmarrin/discordgo v0.23.2
|
||||
github.com/cornelk/hashmap v1.0.1
|
||||
github.com/dchest/siphash v1.2.2 // indirect
|
||||
github.com/dlclark/regexp2 v1.4.0
|
||||
github.com/go-sql-driver/mysql v1.5.0
|
||||
github.com/golang/protobuf v1.4.3 // indirect
|
||||
github.com/gorilla/csrf v1.7.0
|
||||
github.com/gorilla/mux v1.8.0
|
||||
github.com/gorilla/websocket v1.4.2 // indirect
|
||||
github.com/mattn/go-sqlite3 v1.14.6
|
||||
github.com/mitchellh/mapstructure v1.4.1
|
||||
github.com/zaddok/moodle v0.6.6
|
||||
golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad
|
||||
golang.org/x/net v0.0.0-20210119194325-5f4716e94777 // indirect
|
||||
|
||||
24
go.sum
24
go.sum
@ -6,14 +6,8 @@ github.com/bwmarrin/discordgo v0.23.2 h1:BzrtTktixGHIu9Tt7dEE6diysEF9HWnXeHuoJEt
|
||||
github.com/bwmarrin/discordgo v0.23.2/go.mod h1:c1WtWUGN6nREDmzIpyTp/iD3VYt4Fpx+bVyfBG7JE+M=
|
||||
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
|
||||
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
|
||||
github.com/cornelk/hashmap v1.0.1 h1:RXGcy29hEdLLV8T6aK4s+BAd4tq4+3Hq50N2GoG0uIg=
|
||||
github.com/cornelk/hashmap v1.0.1/go.mod h1:8wbysTUDnwJGrPZ1Iwsou3m+An6sldFrJItjRhfegCw=
|
||||
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/dchest/siphash v1.1.0 h1:1Rs9eTUlZLPBEvV+2sTaM8O0NWn0ppbgqS7p11aWawI=
|
||||
github.com/dchest/siphash v1.1.0/go.mod h1:q+IRvb2gOSrUnYoPqHiyHXS0FOBBOdl6tONBlVnOnt4=
|
||||
github.com/dchest/siphash v1.2.2 h1:9DFz8tQwl9pTVt5iok/9zKyzA1Q6bRGiF3HPiEEVr9I=
|
||||
github.com/dchest/siphash v1.2.2/go.mod h1:q+IRvb2gOSrUnYoPqHiyHXS0FOBBOdl6tONBlVnOnt4=
|
||||
github.com/dlclark/regexp2 v1.4.0 h1:F1rxgk7p4uKjwIQxBs9oAXe5CqrXlCduYEJvrF4u93E=
|
||||
github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
|
||||
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
||||
@ -23,7 +17,6 @@ github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LB
|
||||
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
|
||||
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
|
||||
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/golang/protobuf v1.3.1 h1:YF8+flBXS5eO826T4nzqPrxfhQThhXl0YzfuUPu4SBg=
|
||||
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
|
||||
@ -40,12 +33,23 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
|
||||
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/go-cmp v0.5.0 h1:/QaMHBdZ26BB3SSst0Iwl10Epc+xhTquomWX0oZEB6w=
|
||||
github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/gorilla/websocket v1.4.0 h1:WDFjx/TMzVgy9VdMMQi2K2Emtwi2QcUQsztZ/zLaH/Q=
|
||||
github.com/gorilla/csrf v1.7.0 h1:mMPjV5/3Zd460xCavIkppUdvnl5fPXMpv2uz2Zyg7/Y=
|
||||
github.com/gorilla/csrf v1.7.0/go.mod h1:+a/4tCmqhG6/w4oafeAZ9pEa3/NZOWYVbD9fV0FwIQA=
|
||||
github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
|
||||
github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
|
||||
github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
|
||||
github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
|
||||
github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
|
||||
github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
|
||||
github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
|
||||
github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI=
|
||||
github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
|
||||
github.com/mattn/go-sqlite3 v1.14.6 h1:dNPt6NO46WmLVt2DLNpwczCmdV5boIZ6g/tlDrlRUbg=
|
||||
github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
|
||||
github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxdASFVQag=
|
||||
github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
|
||||
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
|
||||
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
|
||||
@ -54,7 +58,6 @@ github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJy
|
||||
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
||||
github.com/zaddok/moodle v0.6.6 h1:DQqlOIV9aJVm+jjCPRYuntQgeTafutvLwj5dTMhcx/Y=
|
||||
github.com/zaddok/moodle v0.6.6/go.mod h1:wZJLOprT38gE97uCczwUym6iSGzXWDka069e8VwJ9ro=
|
||||
golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16 h1:y6ce7gCWtnH+m3dCjzQ1PCuwl28DDIc3VNnvY29DlIA=
|
||||
golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||
golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad h1:DN0cp81fZ3njFcrLCytUHRSUkqBjfTo4Tx9RJTWs0EY=
|
||||
@ -68,7 +71,6 @@ golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73r
|
||||
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190603091049-60506f45cf65 h1:+rhAzEzT3f4JtomfC371qB+0Ola2caSKcY69NUBZrRQ=
|
||||
golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
|
||||
golang.org/x/net v0.0.0-20210119194325-5f4716e94777 h1:003p0dJM77cxMSyCPFphvZf/Y5/NXf5fzg6ufd1/Oew=
|
||||
golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
||||
@ -96,7 +98,6 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IV
|
||||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
|
||||
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
||||
google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc=
|
||||
google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
|
||||
google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
|
||||
google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
|
||||
@ -112,7 +113,6 @@ google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQ
|
||||
google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
|
||||
google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
|
||||
google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
|
||||
google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM=
|
||||
google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
|
||||
google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
|
||||
google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c=
|
||||
|
||||
@ -18,7 +18,7 @@ func accountApi(w http.ResponseWriter, r *http.Request) {
|
||||
var account accountApiResponse
|
||||
var success bool
|
||||
var usernameInter interface{}
|
||||
usernameInter, success = sessions.GetStringKey(accountKey)
|
||||
usernameInter, success = sessions.Load(accountKey)
|
||||
account.Username = usernameInter.(string)
|
||||
if !success {
|
||||
http.Error(w, "Error 400 invalid session", 400)
|
||||
|
||||
17
src/login.go
17
src/login.go
@ -3,18 +3,18 @@ import (
|
||||
"time"
|
||||
"net/http"
|
||||
"bytes"
|
||||
"github.com/cornelk/hashmap"
|
||||
"sync"
|
||||
)
|
||||
type loginStruct struct {
|
||||
FalsePassword bool
|
||||
}
|
||||
var sessions hashmap.HashMap
|
||||
var sessions sync.Map
|
||||
const sessionName string = "session"
|
||||
const sessionTimeout time.Duration = 10 * 24 * time.Hour
|
||||
func login(w http.ResponseWriter, r *http.Request) {
|
||||
var redirectUrl = r.FormValue("redirecturl")
|
||||
if redirectUrl == "" {
|
||||
redirectUrl = "dash"
|
||||
redirectUrl = "/"
|
||||
}
|
||||
loginStruct := loginStruct{}
|
||||
var login bool = false
|
||||
@ -36,32 +36,31 @@ func login(w http.ResponseWriter, r *http.Request) {
|
||||
cookie := http.Cookie{
|
||||
Name: sessionName,
|
||||
Value: key,
|
||||
Domain: "redstoneunion.de",
|
||||
Expires: time.Now().Add(sessionTimeout),
|
||||
HttpOnly: true,
|
||||
Secure: true,
|
||||
}
|
||||
http.SetCookie(w, &cookie)
|
||||
sessions.Set(key, username)
|
||||
sessions.Store(key, username)
|
||||
go deleteSession(key)
|
||||
http.Redirect(w, r, redirectUrl, http.StatusSeeOther)
|
||||
}
|
||||
}
|
||||
if r.Method == http.MethodGet || !login {
|
||||
runTemplate(w, loginTmpl, loginStruct)
|
||||
runTemplate(r, w, loginTmpl, loginStruct)
|
||||
}
|
||||
}
|
||||
|
||||
func loggedIn(r *http.Request) bool {
|
||||
key, err := r.Cookie(sessionName)
|
||||
cookie, err := r.Cookie(sessionName)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
_, valid := sessions.GetStringKey(key.Value)
|
||||
_, valid := sessions.Load(cookie.Value)
|
||||
return valid
|
||||
}
|
||||
|
||||
func deleteSession(key string) {
|
||||
time.Sleep(sessionTimeout)
|
||||
sessions.Del(key)
|
||||
sessions.Delete(key)
|
||||
}
|
||||
|
||||
47
src/main.go
47
src/main.go
@ -7,6 +7,7 @@ import (
|
||||
"github.com/bwmarrin/discordgo"
|
||||
"github.com/dlclark/regexp2"
|
||||
_ "github.com/go-sql-driver/mysql"
|
||||
_ "github.com/mattn/go-sqlite3"
|
||||
"github.com/zaddok/moodle"
|
||||
"html/template"
|
||||
"io/ioutil"
|
||||
@ -14,6 +15,8 @@ import (
|
||||
"regexp"
|
||||
"code.gitea.io/sdk/gitea"
|
||||
"fmt"
|
||||
"github.com/gorilla/csrf"
|
||||
"github.com/gorilla/mux"
|
||||
)
|
||||
var discord *discordgo.Session
|
||||
var secret secrets_json
|
||||
@ -23,6 +26,8 @@ var giteaClient *gitea.Client
|
||||
var registerTmpl *template.Template
|
||||
var submitTmpl *template.Template
|
||||
var loginTmpl *template.Template
|
||||
var stmtCreateAccount *sql.Stmt
|
||||
var isTest bool
|
||||
type secrets_json struct {
|
||||
DiscordToken string `json:"discordToken"`
|
||||
MysqlIndentify string `json:"mysqlIndentify"`
|
||||
@ -30,17 +35,22 @@ type secrets_json struct {
|
||||
MoodleToken string `json:"moodleToken"`
|
||||
GiteaToken string `json:"giteaToken"`
|
||||
ApiToken string `json:"apiToken"`
|
||||
DiscordTestUser string `json:"discordTestUser"`
|
||||
DiscordTestUserEmail string `json:"discordTestUserEmail"`
|
||||
DiscordTestUserPassword string `json:"discordTestUserpassword"`
|
||||
DiscordBotUserId string `json:"discordBotUserId"`
|
||||
}
|
||||
type config_json struct {
|
||||
CreateGiteaAccount bool `json:"createGiteaAccount"`
|
||||
Port uint16 `json:"port"`
|
||||
RootUrl string `json:"rootUrl"`
|
||||
DatabaseType string `json:"databaseType"`
|
||||
}
|
||||
|
||||
func main() {
|
||||
var err error
|
||||
var jsonfile *os.File
|
||||
jsonfile, err = os.Open("secrets.json")
|
||||
jsonfile, err = os.Open("secrets" + testFilename() + ".json")
|
||||
log(err)
|
||||
var jsondata []byte
|
||||
jsondata, err = ioutil.ReadAll(jsonfile)
|
||||
@ -48,19 +58,23 @@ func main() {
|
||||
err = json.Unmarshal(jsondata, &secret)
|
||||
log(err)
|
||||
jsonfile.Close()
|
||||
jsonfile, err = os.Open("config.json")
|
||||
jsonfile, err = os.Open("config" + testFilename() + ".json")
|
||||
log(err)
|
||||
jsondata, err = ioutil.ReadAll(jsonfile)
|
||||
log(err)
|
||||
err = json.Unmarshal(jsondata, &config)
|
||||
log(err)
|
||||
jsonfile.Close()
|
||||
if(config.DatabaseType != "mysql" && config.DatabaseType != "sqlite3") {
|
||||
fmt.Println("Unknown database type. Use mysql or sqlite3")
|
||||
os.Exit(1)
|
||||
}
|
||||
discordgo.MakeIntent(discordgo.IntentsAll)
|
||||
discord, err = discordgo.New("Bot " + secret.DiscordToken)
|
||||
log(err)
|
||||
err = discord.Open()
|
||||
log(err)
|
||||
db, err = sql.Open("mysql", secret.MysqlIndentify)
|
||||
db, err = sql.Open(config.DatabaseType, secret.MysqlIndentify)
|
||||
log(err)
|
||||
_, err = db.Exec("CREATE TABLE IF NOT EXISTS account(" +
|
||||
"username varchar(40) NOT NULL, " +
|
||||
@ -81,10 +95,27 @@ func main() {
|
||||
remail = regexp2.MustCompile("^(?=.{0,255}$)(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|\"(?:[\\x01-\\x08\\x0b\\x0c\\x0e-\\x1f\\x21\\x23-\\x5b\\x5d-\\x7f]|\\\\[\\x01-\\x09\\x0b\\x0c\\x0e-\\x7f])*\")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\\x01-\\x08\\x0b\\x0c\\x0e-\\x1f\\x21-\\x5a\\x53-\\x7f]|\\\\[\\x01-\\x09\\x0b\\x0c\\x0e-\\x7f])+)\\])$", 0)
|
||||
rusername = regexp.MustCompile("^([[:lower:]]|\\d|_|-|\\.){1,40}$")
|
||||
rpassword = regexp2.MustCompile("^(?=.{8,255}$)(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*\\W).*$", 0)
|
||||
http.HandleFunc("/register", register)
|
||||
http.HandleFunc("/submit", submit)
|
||||
http.HandleFunc("/login", login)
|
||||
http.HandleFunc("/api/accountinfo", accountApi)
|
||||
stmtCreateAccount, err = db.Prepare("INSERT INTO account(username, email, hash, salt, discordUserId) VALUES(?,?,?,?,?)")
|
||||
csrfKeyfile, err := os.Open("csrf-key")
|
||||
log(err)
|
||||
csrfKey, err := ioutil.ReadAll(csrfKeyfile)
|
||||
log(err)
|
||||
csrfKeyfile.Close()
|
||||
csrfHandler := csrf.Protect(csrfKey)
|
||||
router := mux.NewRouter()
|
||||
router.HandleFunc("/register", register)
|
||||
router.HandleFunc("/submit", submit)
|
||||
router.HandleFunc("/login", login)
|
||||
router.HandleFunc("/api/accountinfo", accountApi)
|
||||
|
||||
http.ListenAndServe(":" + fmt.Sprint(config.Port), nil)
|
||||
if(!isTest) {
|
||||
http.ListenAndServe(":" + fmt.Sprint(config.Port), csrfHandler(router))
|
||||
}
|
||||
}
|
||||
|
||||
func testFilename() string {
|
||||
if(isTest) {
|
||||
return "_test"
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
92
src/main_test.go
Normal file
92
src/main_test.go
Normal file
@ -0,0 +1,92 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"testing"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"net/url"
|
||||
"bytes"
|
||||
"strings"
|
||||
"github.com/bwmarrin/discordgo"
|
||||
"github.com/dlclark/regexp2"
|
||||
"html/template"
|
||||
"io"
|
||||
)
|
||||
|
||||
var testPassword = "*#566jgjgJJf"
|
||||
var testUsername = "ausername"
|
||||
var testSession string
|
||||
|
||||
func TestOrder(test *testing.T) {
|
||||
isTest = true
|
||||
main()
|
||||
test.Run("register", testRegister)
|
||||
test.Run("submit", testSubmit)
|
||||
test.Run("login", testLogin)
|
||||
}
|
||||
|
||||
func testSetUsernamePassword(form url.Values) {
|
||||
form.Set("username", testUsername)
|
||||
form.Set("password", testPassword)
|
||||
}
|
||||
|
||||
func testForm(test *testing.T, url string, statusCode int, handler http.HandlerFunc, form url.Values) *http.Response {
|
||||
request := httptest.NewRequest("POST", url, strings.NewReader(form.Encode()))
|
||||
request.Form = form
|
||||
recorder := httptest.NewRecorder()
|
||||
handler.ServeHTTP(recorder, request)
|
||||
if recorder.Code != statusCode {
|
||||
test.Errorf("handler returned wrong status code: got %v want %v", recorder.Code, http.StatusOK)
|
||||
}
|
||||
return recorder.Result()
|
||||
}
|
||||
|
||||
func checkBodyByTemplate(test *testing.T, response *http.Response, template *template.Template, templateData interface{}) {
|
||||
var expectedResponse bytes.Buffer
|
||||
template.Execute(&expectedResponse, templateData)
|
||||
checkBody(test, response, expectedResponse.Bytes())
|
||||
}
|
||||
|
||||
func checkBody(test *testing.T, response *http.Response, expectedResponse []byte) {
|
||||
responseBody, _ := io.ReadAll(response.Body)
|
||||
if !bytes.Equal(expectedResponse, responseBody) {
|
||||
test.Errorf("unexpected body:\n%v", string(responseBody))
|
||||
}
|
||||
}
|
||||
|
||||
func testRegister(test *testing.T) {
|
||||
form := url.Values{}
|
||||
testSetUsernamePassword(form)
|
||||
form.Set("email", "jffg@fv.com")
|
||||
form.Set("discordUser", secret.DiscordTestUser)
|
||||
response := testForm(test, "/register", http.StatusOK, register, form)
|
||||
checkBodyByTemplate(test, response, registerTmpl, registerStruct{Success: true})
|
||||
}
|
||||
|
||||
func testSubmit(test *testing.T) {
|
||||
discordClient, err := discordgo.New()
|
||||
log(err)
|
||||
err = discordClient.Login(secret.DiscordTestUserEmail, secret.DiscordTestUserPassword)
|
||||
log(err)
|
||||
err = discordClient.Open()
|
||||
log(err)
|
||||
channel, err := discordClient.UserChannelCreate(secret.DiscordBotUserId)
|
||||
log(err)
|
||||
msg, err := discordClient.ChannelMessages(channel.ID, 1, "", "", channel.LastMessageID)
|
||||
log(err)
|
||||
re := regexp2.MustCompile(`(?<=\?token\=)[^>]*`, 0)
|
||||
match, _ := re.FindStringMatch(msg[0].Content)
|
||||
if match == nil {
|
||||
test.Error("The submit link was not send")
|
||||
}
|
||||
form := url.Values{}
|
||||
form.Set("token", match.String())
|
||||
response := testForm(test, "/submit", http.StatusOK, submit, form)
|
||||
checkBodyByTemplate(test, response, submitTmpl, submitStruct{Success: true})
|
||||
}
|
||||
|
||||
func testLogin(test *testing.T) {
|
||||
form := url.Values{}
|
||||
testSetUsernamePassword(form)
|
||||
testForm(test, "/login", http.StatusSeeOther, login, form)
|
||||
}
|
||||
@ -8,7 +8,7 @@ import (
|
||||
"github.com/dlclark/regexp2"
|
||||
"code.gitea.io/sdk/gitea"
|
||||
"crypto/rand"
|
||||
"github.com/cornelk/hashmap"
|
||||
"sync"
|
||||
)
|
||||
type account struct {
|
||||
email string
|
||||
@ -24,7 +24,7 @@ type WrongAccount struct {
|
||||
Email bool
|
||||
DiscordUser bool
|
||||
}
|
||||
type registertmpl struct {
|
||||
type registerStruct struct {
|
||||
Success bool
|
||||
WrongAccount WrongAccount
|
||||
AlreadyEsitsInDatabase struct{
|
||||
@ -32,15 +32,17 @@ type registertmpl struct {
|
||||
DiscordUsername bool
|
||||
}
|
||||
}
|
||||
type SubmitStruct struct {
|
||||
type submitStruct struct {
|
||||
Success bool
|
||||
}
|
||||
var cacheAccounts hashmap.HashMap
|
||||
var accountByToken sync.Map
|
||||
var usernameExitsMap sync.Map
|
||||
var discordUserExitsMap sync.Map
|
||||
var rusername *regexp.Regexp
|
||||
var remail *regexp2.Regexp
|
||||
var rpassword *regexp2.Regexp
|
||||
func register(w http.ResponseWriter, r *http.Request) {
|
||||
registerstruct := registertmpl{}
|
||||
registerStruct := registerStruct{}
|
||||
if r.Method == http.MethodPost {
|
||||
var newAccount account
|
||||
var newRbuMember *discordgo.Member
|
||||
@ -54,24 +56,26 @@ func register(w http.ResponseWriter, r *http.Request) {
|
||||
newAccount.discordUsername = split[0]
|
||||
newAccount.discordTag = split[1]
|
||||
}
|
||||
registerstruct.WrongAccount.Email, _ = remail.MatchString(newAccount.email)
|
||||
registerstruct.WrongAccount.Email = !registerstruct.WrongAccount.Email
|
||||
registerstruct.WrongAccount.User = !rusername.MatchString(newAccount.username)
|
||||
registerstruct.WrongAccount.Pass, _ = rpassword.MatchString(newAccount.password)
|
||||
registerstruct.WrongAccount.Pass = !registerstruct.WrongAccount.Pass
|
||||
newRbuMember, registerstruct.WrongAccount.DiscordUser = getRbuMember(newAccount.discordUsername, newAccount.discordTag)
|
||||
registerstruct.WrongAccount.DiscordUser = !registerstruct.WrongAccount.DiscordUser
|
||||
if registerstruct.WrongAccount.DiscordUser {
|
||||
registerStruct.WrongAccount.Email, _ = remail.MatchString(newAccount.email)
|
||||
registerStruct.WrongAccount.Email = !registerStruct.WrongAccount.Email
|
||||
registerStruct.WrongAccount.User = !rusername.MatchString(newAccount.username)
|
||||
registerStruct.WrongAccount.Pass, _ = rpassword.MatchString(newAccount.password)
|
||||
registerStruct.WrongAccount.Pass = !registerStruct.WrongAccount.Pass
|
||||
newRbuMember, registerStruct.WrongAccount.DiscordUser = getRbuMember(newAccount.discordUsername, newAccount.discordTag)
|
||||
registerStruct.WrongAccount.DiscordUser = !registerStruct.WrongAccount.DiscordUser
|
||||
if registerStruct.WrongAccount.DiscordUser {
|
||||
goto registerReturn
|
||||
}
|
||||
newAccount.discordId = newRbuMember.User.ID
|
||||
{
|
||||
var username string
|
||||
registerstruct.AlreadyEsitsInDatabase.Username = db.QueryRow("SELECT username FROM account WHERE username = ?", newAccount.username).Scan(&username) == nil || UsernameExistsInMem(newAccount.username) // check if username exits
|
||||
registerstruct.AlreadyEsitsInDatabase.DiscordUsername = db.QueryRow("SELECT username FROM account WHERE discordUserId = ?", newAccount.discordId).Scan(&username) == nil || discordUsernameExistsInMem(newAccount.discordId)
|
||||
_, usernameExitsInMem := usernameExitsMap.Load(newAccount.username)
|
||||
registerStruct.AlreadyEsitsInDatabase.Username = db.QueryRow("SELECT username FROM account WHERE username = ?", newAccount.username).Scan(&username) == nil || usernameExitsInMem
|
||||
_, discordUserExitsInMem := discordUserExitsMap.Load(newAccount.discordId)
|
||||
registerStruct.AlreadyEsitsInDatabase.DiscordUsername = db.QueryRow("SELECT username FROM account WHERE discordUserId = ?", newAccount.discordId).Scan(&username) == nil || discordUserExitsInMem
|
||||
}
|
||||
registerstruct.Success = !registerstruct.WrongAccount.User && !registerstruct.WrongAccount.Pass && !registerstruct.WrongAccount.Email && !registerstruct.WrongAccount.DiscordUser && !registerstruct.AlreadyEsitsInDatabase.DiscordUsername && !registerstruct.AlreadyEsitsInDatabase.Username
|
||||
if !registerstruct.Success {
|
||||
registerStruct.Success = !registerStruct.WrongAccount.User && !registerStruct.WrongAccount.Pass && !registerStruct.WrongAccount.Email && !registerStruct.WrongAccount.DiscordUser && !registerStruct.AlreadyEsitsInDatabase.DiscordUsername && !registerStruct.AlreadyEsitsInDatabase.Username
|
||||
if !registerStruct.Success {
|
||||
goto registerReturn
|
||||
}
|
||||
token, err := GenerateRandomStringURLSafe(64)
|
||||
@ -80,28 +84,31 @@ func register(w http.ResponseWriter, r *http.Request) {
|
||||
dmChannel, err = discord.UserChannelCreate(newRbuMember.User.ID)
|
||||
log(err)
|
||||
discord.ChannelMessageSend(dmChannel.ID, "Bitte klicke auf den Link, um die Erstellung des Accounts abzuschließen.\n<" + config.RootUrl + "/submit?token=" + token + ">")
|
||||
cacheAccounts.Set(token, newAccount)
|
||||
accountByToken.Store(token, newAccount)
|
||||
usernameExitsMap.Store(newAccount.username, nil)
|
||||
discordUserExitsMap.Store(newAccount.discordId, nil)
|
||||
}
|
||||
registerReturn: runTemplate(w, registerTmpl, registerstruct)
|
||||
registerReturn: runTemplate(r, w, registerTmpl, registerStruct)
|
||||
}
|
||||
func submit(w http.ResponseWriter, r *http.Request) {
|
||||
var err error
|
||||
var submitStruct SubmitStruct
|
||||
var submitStruct submitStruct
|
||||
token := r.FormValue("token")
|
||||
var accInter interface{}
|
||||
accInter, submitStruct.Success = cacheAccounts.GetStringKey(token)
|
||||
accInter, submitStruct.Success = accountByToken.LoadAndDelete(token)
|
||||
if !submitStruct.Success {
|
||||
goto submitReturn
|
||||
}
|
||||
{
|
||||
var account account = accInter.(account)
|
||||
cacheAccounts.Del(token)
|
||||
usernameExitsMap.Delete(account.username)
|
||||
discordUserExitsMap.Delete(account.discordId)
|
||||
salt := make([]byte, 32)
|
||||
_, err = rand.Read(salt)
|
||||
log(err)
|
||||
hash := hashFunc([]byte(account.password), salt)
|
||||
// add user to the database
|
||||
go databaseInsert("INSERT INTO account(username, email, hash, salt, discordUserId)", account.username, account.email, hash, salt, account.discordId)
|
||||
stmtCreateAccount.Exec(account.username, account.email, hash, salt, account.discordId)
|
||||
//_, err = moodle.AddUser(account.username + "wg", account.username, account.email, account.username, account.password)
|
||||
log(err)
|
||||
if config.CreateGiteaAccount {
|
||||
@ -117,7 +124,7 @@ func register(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
}
|
||||
|
||||
submitReturn: runTemplate(w, submitTmpl, submitStruct)
|
||||
submitReturn: runTemplate(r, w, submitTmpl, submitStruct)
|
||||
}
|
||||
func getRbuMember(user string, tag string) (*discordgo.Member, bool) {
|
||||
allUsers, err := discord.GuildMembers(secret.DiscordServerID, "0", 1000)
|
||||
@ -129,26 +136,3 @@ func getRbuMember(user string, tag string) (*discordgo.Member, bool) {
|
||||
}
|
||||
return nil, false
|
||||
}
|
||||
func UsernameExistsInMem(username string) bool {
|
||||
for key := range cacheAccounts.Iter() {
|
||||
var accInter interface{}
|
||||
accInter, _ = cacheAccounts.Get(key)
|
||||
var account account = accInter.(account)
|
||||
if account.username == username {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func discordUsernameExistsInMem(id string) bool {
|
||||
for key := range cacheAccounts.Iter() {
|
||||
var accInter interface{}
|
||||
accInter, _ = cacheAccounts.Get(key)
|
||||
var account account = accInter.(account)
|
||||
if account.discordId == id {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
22
src/util.go
22
src/util.go
@ -3,9 +3,8 @@ import (
|
||||
"golang.org/x/crypto/argon2"
|
||||
"net/http"
|
||||
"html/template"
|
||||
"strings"
|
||||
"context"
|
||||
"time"
|
||||
"github.com/gorilla/csrf"
|
||||
"github.com/mitchellh/mapstructure"
|
||||
)
|
||||
|
||||
func log(err error) {
|
||||
@ -17,18 +16,11 @@ func log(err error) {
|
||||
func hashFunc(password []byte, salt []byte) []byte {
|
||||
return argon2.IDKey(password, salt, 1, 64*1024, 4, 32)
|
||||
}
|
||||
func runTemplate(w http.ResponseWriter, template *template.Template, templateData interface{}) {
|
||||
func runTemplate(r *http.Request, w http.ResponseWriter, template *template.Template, templateData interface{}) {
|
||||
var templateMap map[string]interface{}
|
||||
mapstructure.Decode(templateData, &templateMap)
|
||||
templateMap[csrf.TemplateTag] = csrf.TemplateField(r)
|
||||
w.Header().Set("Content-Type", "text/html")
|
||||
var err error = template.Execute(w, templateData)
|
||||
log(err)
|
||||
}
|
||||
func databaseInsert(query string, values ...interface{}) {
|
||||
query += " VALUES (" + strings.Repeat("?,", len(values) - 1) + "?);"
|
||||
ctx, cancelfunc := context.WithTimeout(context.Background(), 5*time.Second)
|
||||
defer cancelfunc()
|
||||
stmt, err := db.PrepareContext(ctx, query)
|
||||
log(err)
|
||||
defer stmt.Close()
|
||||
_, err = stmt.ExecContext(ctx, values...)
|
||||
var err error = template.Execute(w, templateMap)
|
||||
log(err)
|
||||
}
|
||||
|
||||
@ -64,6 +64,7 @@
|
||||
<input class="responsive" type="text" name="discordUser"><br/>
|
||||
<label class="responsive">Passwort:</label><br/>
|
||||
<input class="responsive" type="password" name="password"><br/>
|
||||
{{ .csrfField }}
|
||||
<input type="submit" name="createAccount" value="Account erstellen"class="btn active responsive">
|
||||
</form>
|
||||
{{end}}
|
||||
|
||||
Reference in New Issue
Block a user