From 0885bf9c6ae1c88d32497e4b67b6ff7999d95e14 Mon Sep 17 00:00:00 2001 From: JandereDev Date: Sun, 23 Jan 2022 14:54:40 +0100 Subject: [PATCH] user authentication thingy --- api/package.json | 2 + api/src/db.ts | 29 +++ api/src/index.ts | 9 +- api/src/middlewares/log.ts | 2 +- api/src/middlewares/updateTokenExpiry.ts | 19 ++ api/src/routes/internal/ws.ts | 29 ++- api/src/routes/login.ts | 67 +++++++ api/src/routes/root.ts | 9 +- api/src/utils.ts | 36 ++++ api/yarn.lock | 221 ++++++++++++++++++++++- bot/src/bot/commands/login.ts | 62 +++++++ bot/src/bot/commands/logout.ts | 64 +++++++ bot/src/bot/modules/api_communication.ts | 67 ++++++- bot/src/struct/PendingLogin.ts | 12 ++ 14 files changed, 615 insertions(+), 13 deletions(-) create mode 100644 api/src/db.ts create mode 100644 api/src/middlewares/updateTokenExpiry.ts create mode 100644 api/src/routes/login.ts create mode 100644 api/src/utils.ts create mode 100644 bot/src/bot/commands/login.ts create mode 100644 bot/src/bot/commands/logout.ts create mode 100644 bot/src/struct/PendingLogin.ts diff --git a/api/package.json b/api/package.json index 81330b0..04c7546 100644 --- a/api/package.json +++ b/api/package.json @@ -14,10 +14,12 @@ "license": "ISC", "dependencies": { "@types/express": "^4.17.13", + "@types/monk": "^6.0.0", "@types/ws": "^8.2.2", "dotenv": "^14.2.0", "express": "^4.17.2", "log75": "^2.2.0", + "monk": "^7.3.4", "ws": "^8.4.2" } } diff --git a/api/src/db.ts b/api/src/db.ts new file mode 100644 index 0000000..124ddcc --- /dev/null +++ b/api/src/db.ts @@ -0,0 +1,29 @@ +import Monk, { IMonkManager } from 'monk'; +import { logger } from '.'; + +export default (): IMonkManager => { + let dburl = getDBUrl(); + let db = Monk(dburl); + return db; +}; + +// Checks if all required env vars were supplied, and returns the mongo db URL +function getDBUrl() { + let env = process.env; + if (env['DB_URL']) return env['DB_URL']; + + if (!env['DB_HOST']) { + logger.error(`Environment variable 'DB_HOST' not set, unable to connect to database`); + logger.error(`Specify either 'DB_URL' or 'DB_HOST', 'DB_USERNAME', 'DB_PASS' and 'DB_NAME'`); + throw 'Missing environment variables'; + } + + // mongodb://username:password@hostname:port/dbname + let dburl = 'mongodb://'; + if (env['DB_USERNAME']) dburl += env['DB_USERNAME']; + if (env['DB_PASS']) dburl += `:${env['DB_PASS']}`; + dburl += `${process.env['DB_USERNAME'] ? '@' : ''}${env['DB_HOST']}`; // DB_HOST is assumed to contain the port + dburl += `/${env['DB_NAME'] ?? 'automod'}`; + + return dburl; +} diff --git a/api/src/index.ts b/api/src/index.ts index b7d64f5..139f5e4 100644 --- a/api/src/index.ts +++ b/api/src/index.ts @@ -1,22 +1,29 @@ import { config } from 'dotenv'; import Express from "express"; import Log75, { LogLevel } from 'log75'; +import buildDBClient from './db'; config(); const PORT = Number(process.env.API_PORT || 9000); const DEBUG = process.env.NODE_ENV != 'production'; +const SESSION_LIFETIME = 1000 * 60 * 60 * 24 * 7; const logger: Log75 = new (Log75 as any).default(DEBUG ? LogLevel.Debug : LogLevel.Standard); +const db = buildDBClient(); const app = Express(); -export { logger, app, PORT } +app.use(Express.json()); + +export { logger, app, db, PORT, SESSION_LIFETIME } (async () => { await Promise.all([ import('./middlewares/log'), + import('./middlewares/updateTokenExpiry'), import('./routes/internal/ws'), import('./routes/root'), + import('./routes/login'), ]); logger.done('All routes and middlewares loaded'); })(); diff --git a/api/src/middlewares/log.ts b/api/src/middlewares/log.ts index a8f6d30..6d912c1 100644 --- a/api/src/middlewares/log.ts +++ b/api/src/middlewares/log.ts @@ -2,6 +2,6 @@ import { Request, Response } from "express"; import { app, logger } from ".."; app.use('*', (req: Request, res: Response, next: () => void) => { - logger.debug(`${req.method} ${req.path}`); + logger.debug(`${req.method} ${req.url}`); next(); }); diff --git a/api/src/middlewares/updateTokenExpiry.ts b/api/src/middlewares/updateTokenExpiry.ts new file mode 100644 index 0000000..35fe74f --- /dev/null +++ b/api/src/middlewares/updateTokenExpiry.ts @@ -0,0 +1,19 @@ +import { Request, Response } from "express"; +import { FindOneResult } from "monk"; +import { app, db, SESSION_LIFETIME } from ".."; + +app.use('*', async (req: Request, res: Response, next: () => void) => { + next(); + + const user = req.header('x-auth-user'); + const token = req.header('x-auth-token'); + + if (!user || !token) return; + + try { + const session: FindOneResult = await db.get('sessions').findOne({ user, token, expires: { $gt: Date.now() } }); + if (session) { + await db.get('sessions').update({ _id: session._id }, { $set: { expires: Date.now() + SESSION_LIFETIME } }); + } + } catch(e) { console.error(e) } +}); diff --git a/api/src/routes/internal/ws.ts b/api/src/routes/internal/ws.ts index 3031c18..b236163 100644 --- a/api/src/routes/internal/ws.ts +++ b/api/src/routes/internal/ws.ts @@ -29,8 +29,12 @@ wsServer.on('connection', (sock) => { }); sock.on('message', (msg) => { + const jsonBody = JSON.parse(msg.toString()); logger.debug(`[WS] [<] ${msg.toString()}`); - botWS.emit('message', JSON.parse(msg.toString())); + botWS.emit('message', jsonBody); + if (jsonBody.data && jsonBody.type) { + botWS.emit(jsonBody.type, jsonBody.data); + } }); }); @@ -61,8 +65,23 @@ function sendBotWS(msg: { [key: string]: any }) { socks.forEach(sock => sock.send(JSON.stringify(msg))); } -botWS.on('message', msg => { - sendBotWS({ amogus: msg }); -}); +type botReqRes = { success: false, error: string, statusCode?: number } | { success: true, [key: string]: any } +function botReq(type: string, data?: { [key: string]: any }): Promise { + return new Promise((resolve, reject) => { + const nonce = `${Date.now()}.${Math.round(Math.random() * 10000000)}`; + if (sockets.length == 0) return resolve({ success: false, error: 'Unable to communicate with bot' }); + sendBotWS({ nonce, type, data }); + botWS.once(`response:${nonce}`, (data: string|Object) => { + try { + const d = typeof data == 'string' ? JSON.parse(data || '{}') : data; + if (d.success == undefined) d.success = true; + if (d.success == false && !d.error) d.error = 'Unknown error'; + resolve(d); + } catch(e) { reject(e) } + }); + }); +} -export { botWS, sendBotWS } +//setInterval(() => botReq('test', { "sus": true }), 1000); + +export { botWS, sendBotWS, botReq } diff --git a/api/src/routes/login.ts b/api/src/routes/login.ts new file mode 100644 index 0000000..647ed45 --- /dev/null +++ b/api/src/routes/login.ts @@ -0,0 +1,67 @@ +import crypto from 'crypto'; +import { app, SESSION_LIFETIME } from '..'; +import { Request, Response } from 'express'; +import { botReq } from './internal/ws'; +import { db } from '..'; +import { FindOneResult } from 'monk'; + +class BeginReqBody { + user: string; +} +class CompleteReqBody { + user: string; + nonce: string; + code: string; +} + +app.post('/login/begin', async (req: Request, res: Response) => { + const body = req.body as BeginReqBody; + if (!body.user || typeof body.user != 'string') return badRequest(res); + + const r = await botReq('requestLogin', { user: body.user.toLowerCase() }); + + if (!r.success) return res.status(r.statusCode ?? 500).send(JSON.stringify({ error: r.error }, null, 4)); + + res.status(200).send({ success: true, nonce: r.nonce, code: r.code }); +}); + +app.post('/login/complete', async (req: Request, res: Response) => { + const body = req.body as CompleteReqBody; + if ((!body.user || typeof body.user != 'string') || + (!body.nonce || typeof body.nonce != 'string') || + (!body.code || typeof body.code != 'string')) return badRequest(res); + + const loginAttempt: FindOneResult = await db.get('pending_logins').findOne({ + code: body.code, + user: body.user, + nonce: body.nonce, + exchanged: false, + invalid: false, + }); + + if (!loginAttempt) return res.status(404).send({ error: 'The provided login info could not be found.' }); + + if (!loginAttempt.confirmed) { + return res.status(400).send({ error: "This code is not yet valid." }); + } + + const sessionToken = crypto.randomBytes(48).toString('base64').replace(/=/g, ''); + + + await Promise.all([ + db.get('sessions').insert({ + user: body.user.toUpperCase(), + token: sessionToken, + nonce: body.nonce, + invalid: false, + expires: Date.now() + SESSION_LIFETIME, + }), + db.get('pending_logins').update({ _id: loginAttempt._id }, { $set: { exchanged: true } }), + ]); + + res.status(200).send({ success: true, user: body.user.toUpperCase(), token: sessionToken }); +}); + +function badRequest(res: Response) { + res.status(400).send(JSON.stringify({ "error": "Invalid request body" }, null, 4)); +} diff --git a/api/src/routes/root.ts b/api/src/routes/root.ts index 40abb62..9707409 100644 --- a/api/src/routes/root.ts +++ b/api/src/routes/root.ts @@ -1,6 +1,11 @@ import { app } from '..'; import { Request, Response } from 'express'; +import { getSessionInfo, isAuthenticated } from '../utils'; -app.get('/', (req: Request, res: Response) => { - res.send({ msg: "yo" }); +app.get('/', async (req: Request, res: Response) => { + const isAuthed = await isAuthenticated(req); + res.send({ + authenticated: isAuthed, + sessionInfo: isAuthed ? await getSessionInfo(req.header('x-auth-user')!, req.header('x-auth-token')!) : {}, + }); }); \ No newline at end of file diff --git a/api/src/utils.ts b/api/src/utils.ts new file mode 100644 index 0000000..4a22b7d --- /dev/null +++ b/api/src/utils.ts @@ -0,0 +1,36 @@ +import { Request } from "express"; +import { FindOneResult } from "monk"; +import { db } from "."; + +class Session { + user: string; + token: string; + nonce: string; + expires: number; + invalid: boolean; +} + +/** + * + * @param req + * @returns false if not authenticated, otherwise the (Revolt) user ID + */ +async function isAuthenticated(req: Request): Promise { + const user = req.header('x-auth-user'); + const token = req.header('x-auth-token'); + + if (!user || !token) return false; + + const info = await getSessionInfo(user, token); + return info.valid ? user : false; +} + +type SessionInfo = { exists: boolean, valid: boolean, nonce?: string } + +async function getSessionInfo(user: string, token: string): Promise { + const session: FindOneResult = await db.get('sessions').findOne({ user, token }); + + return { exists: !!session, valid: !!(session && !session.invalid && session.expires > Date.now()), nonce: session?.nonce } +} + +export { isAuthenticated, getSessionInfo } diff --git a/api/yarn.lock b/api/yarn.lock index a28426a..62d1e3f 100644 --- a/api/yarn.lock +++ b/api/yarn.lock @@ -10,6 +10,13 @@ "@types/connect" "*" "@types/node" "*" +"@types/bson@*": + version "4.2.0" + resolved "https://registry.yarnpkg.com/@types/bson/-/bson-4.2.0.tgz#a2f71e933ff54b2c3bf267b67fa221e295a33337" + integrity sha512-ELCPqAdroMdcuxqwMgUpifQyRoTpyYCNr1V9xKyF40VsBobsj+BbWNRvwGchMgBPGqkw655ypkjj2MEF5ywVwg== + dependencies: + bson "*" + "@types/connect@*": version "3.4.35" resolved "https://registry.yarnpkg.com/@types/connect/-/connect-3.4.35.tgz#5fcf6ae445e4021d1fc2219a4873cc73a3bb2ad1" @@ -41,6 +48,21 @@ resolved "https://registry.yarnpkg.com/@types/mime/-/mime-1.3.2.tgz#93e25bf9ee75fe0fd80b594bc4feb0e862111b5a" integrity sha512-YATxVxgRqNH6nHEIsvg6k2Boc1JHI9ZbH5iWFFv/MTkchz3b1ieGDa5T0a9RznNdI0KhVbdbWSN+KWWrQZRxTw== +"@types/mongodb@^3.5.25": + version "3.6.20" + resolved "https://registry.yarnpkg.com/@types/mongodb/-/mongodb-3.6.20.tgz#b7c5c580644f6364002b649af1c06c3c0454e1d2" + integrity sha512-WcdpPJCakFzcWWD9juKoZbRtQxKIMYF/JIAM4JrNHrMcnJL6/a2NWjXxW7fo9hxboxxkg+icff8d7+WIEvKgYQ== + dependencies: + "@types/bson" "*" + "@types/node" "*" + +"@types/monk@^6.0.0": + version "6.0.0" + resolved "https://registry.yarnpkg.com/@types/monk/-/monk-6.0.0.tgz#236750988e24d92c674529a81b9a296f8bbc3763" + integrity sha512-9qy4Gva0uVgaQsDqlcWD+XOXUmgInPAoxyyoN8uFUTjNFvswyCH1hwpnYuh2MVr60ekZgYiquWEjBYvfYfE1Jw== + dependencies: + monk "*" + "@types/node@*": version "17.0.10" resolved "https://registry.yarnpkg.com/@types/node/-/node-17.0.10.tgz#616f16e9d3a2a3d618136b1be244315d95bd7cab" @@ -89,6 +111,19 @@ array-flatten@1.1.1: resolved "https://registry.yarnpkg.com/array-flatten/-/array-flatten-1.1.1.tgz#9a5f699051b1e7073328f2a008968b64ea2955d2" integrity sha1-ml9pkFGx5wczKPKgCJaLZOopVdI= +base64-js@^1.3.1: + version "1.5.1" + resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.5.1.tgz#1b1b440160a5bf7ad40b650f095963481903930a" + integrity sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA== + +bl@^2.2.1: + version "2.2.1" + resolved "https://registry.yarnpkg.com/bl/-/bl-2.2.1.tgz#8c11a7b730655c5d56898cdc871224f40fd901d5" + integrity sha512-6Pesp1w0DEX1N550i/uGV/TqucVL4AM/pgThFSN/Qq9si1/DF9aIHs1BxD8V/QU0HoeHO6cQRTAuYnLPKq1e4g== + dependencies: + readable-stream "^2.3.5" + safe-buffer "^5.1.1" + body-parser@1.19.1: version "1.19.1" resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.19.1.tgz#1499abbaa9274af3ecc9f6f10396c995943e31d4" @@ -105,6 +140,26 @@ body-parser@1.19.1: raw-body "2.4.2" type-is "~1.6.18" +bson@*: + version "4.6.1" + resolved "https://registry.yarnpkg.com/bson/-/bson-4.6.1.tgz#2b5da517539bb0f7f3ffb54ac70a384ca899641c" + integrity sha512-I1LQ7Hz5zgwR4QquilLNZwbhPw0Apx7i7X9kGMBTsqPdml/03Q9NBtD9nt/19ahjlphktQImrnderxqpzeVDjw== + dependencies: + buffer "^5.6.0" + +bson@^1.1.4: + version "1.1.6" + resolved "https://registry.yarnpkg.com/bson/-/bson-1.1.6.tgz#fb819be9a60cd677e0853aee4ca712a785d6618a" + integrity sha512-EvVNVeGo4tHxwi8L6bPj3y3itEvStdwvvlojVxxbyYfoaxJ6keLgrTuKdyfEAszFK+H3olzBuafE0yoh0D1gdg== + +buffer@^5.6.0: + version "5.7.1" + resolved "https://registry.yarnpkg.com/buffer/-/buffer-5.7.1.tgz#ba62e7c13133053582197160851a8f648e99eed0" + integrity sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ== + dependencies: + base64-js "^1.3.1" + ieee754 "^1.1.13" + bytes@3.1.1: version "3.1.1" resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.1.tgz#3f018291cb4cbad9accb6e6970bca9c8889e879a" @@ -132,6 +187,18 @@ cookie@0.4.1: resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.1.tgz#afd713fe26ebd21ba95ceb61f9a8116e50a537d1" integrity sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA== +core-util-is@~1.0.0: + version "1.0.3" + resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.3.tgz#a6042d3634c2b27e9328f837b965fac83808db85" + integrity sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ== + +debug@*: + version "4.3.3" + resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.3.tgz#04266e0b70a98d4462e6e288e38259213332b664" + integrity sha512-/zxw5+vh1Tfv+4Qn7a5nsbcJKPaSvCDhojn6FEl9vupwK2VCSDtEiEtqr8DFtzYFOdz63LBkxec7DYuc2jon6Q== + dependencies: + ms "2.1.2" + debug@2.6.9: version "2.6.9" resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.9.tgz#5d128515df134ff327e90a4c93f4e077a536341f" @@ -139,6 +206,11 @@ debug@2.6.9: dependencies: ms "2.0.0" +denque@^1.4.1: + version "1.5.1" + resolved "https://registry.yarnpkg.com/denque/-/denque-1.5.1.tgz#07f670e29c9a78f8faecb2566a1e2c11929c5cbf" + integrity sha512-XwE+iZ4D6ZUB7mfYRMb5wByE8L74HCn30FBN7sWnXksWc1LO1bPDl67pBR9o/kC4z/xSNAwkMYcGgqDV3BE3Hw== + depd@~1.1.2: version "1.1.2" resolved "https://registry.yarnpkg.com/depd/-/depd-1.1.2.tgz#9bcd52e14c097763e749b274c4346ed2e560b5a9" @@ -251,7 +323,12 @@ iconv-lite@0.4.24: dependencies: safer-buffer ">= 2.1.2 < 3" -inherits@2.0.4: +ieee754@^1.1.13: + version "1.2.1" + resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.2.1.tgz#8eb7a10a63fff25d15a57b001586d177d1b0d352" + integrity sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA== + +inherits@2.0.4, inherits@~2.0.3: version "2.0.4" resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c" integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ== @@ -261,6 +338,11 @@ ipaddr.js@1.9.1: resolved "https://registry.yarnpkg.com/ipaddr.js/-/ipaddr.js-1.9.1.tgz#bff38543eeb8984825079ff3a2a8e6cbd46781b3" integrity sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g== +isarray@~1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11" + integrity sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE= + log75@^2.2.0: version "2.2.0" resolved "https://registry.yarnpkg.com/log75/-/log75-2.2.0.tgz#2505159b450c3cd1b4e863a837e883a7ecbaa2a1" @@ -273,6 +355,11 @@ media-typer@0.3.0: resolved "https://registry.yarnpkg.com/media-typer/-/media-typer-0.3.0.tgz#8710d7af0aa626f8fffa1ce00168545263255748" integrity sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g= +memory-pager@^1.0.2: + version "1.5.0" + resolved "https://registry.yarnpkg.com/memory-pager/-/memory-pager-1.5.0.tgz#d8751655d22d384682741c972f2c3d6dfa3e66b5" + integrity sha512-ZS4Bp4r/Zoeq6+NLJpP+0Zzm0pR8whtGPf1XExKLJBAczGMnSi3It14OiNCStjQjM6NU1okjQGSxgEZN8eBYKg== + merge-descriptors@1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/merge-descriptors/-/merge-descriptors-1.0.1.tgz#b00aaa556dd8b44568150ec9d1b953f3f90cbb61" @@ -300,11 +387,75 @@ mime@1.6.0: resolved "https://registry.yarnpkg.com/mime/-/mime-1.6.0.tgz#32cd9e5c64553bd58d19a568af452acff04981b1" integrity sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg== +mongodb@^3.2.3: + version "3.7.3" + resolved "https://registry.yarnpkg.com/mongodb/-/mongodb-3.7.3.tgz#b7949cfd0adc4cc7d32d3f2034214d4475f175a5" + integrity sha512-Psm+g3/wHXhjBEktkxXsFMZvd3nemI0r3IPsE0bU+4//PnvNWKkzhZcEsbPcYiWqe8XqXJJEg4Tgtr7Raw67Yw== + dependencies: + bl "^2.2.1" + bson "^1.1.4" + denque "^1.4.1" + optional-require "^1.1.8" + safe-buffer "^5.1.2" + optionalDependencies: + saslprep "^1.0.0" + +monk-middleware-cast-ids@^0.2.1: + version "0.2.1" + resolved "https://registry.yarnpkg.com/monk-middleware-cast-ids/-/monk-middleware-cast-ids-0.2.1.tgz#40c40e5a6cb33ccedc289220943275ee8861c529" + integrity sha1-QMQOWmyzPM7cKJIglDJ17ohhxSk= + +monk-middleware-fields@^0.2.0: + version "0.2.0" + resolved "https://registry.yarnpkg.com/monk-middleware-fields/-/monk-middleware-fields-0.2.0.tgz#ff637af35f5948879ccb2be15a91360911bea6c1" + integrity sha1-/2N6819ZSIecyyvhWpE2CRG+psE= + +monk-middleware-handle-callback@^0.2.0: + version "0.2.2" + resolved "https://registry.yarnpkg.com/monk-middleware-handle-callback/-/monk-middleware-handle-callback-0.2.2.tgz#47de6cc1248726c72a2be0c81bc4e68310c32146" + integrity sha512-5hBynb7asZ2uw9XVze7C3XH0zXT51yFDvYydk/5HnWWzh2NLglDSiKDcX0yLKPHzFgiq+5Z4Laq5fFVnFsmm8w== + +monk-middleware-options@^0.2.1: + version "0.2.1" + resolved "https://registry.yarnpkg.com/monk-middleware-options/-/monk-middleware-options-0.2.1.tgz#58dae1c518d46636ebdff506fadfc773bb442886" + integrity sha1-WNrhxRjUZjbr3/UG+t/Hc7tEKIY= + +monk-middleware-query@^0.2.0: + version "0.2.0" + resolved "https://registry.yarnpkg.com/monk-middleware-query/-/monk-middleware-query-0.2.0.tgz#a926c677d4a5620c62151b0a56d0c0c151675874" + integrity sha1-qSbGd9SlYgxiFRsKVtDAwVFnWHQ= + +monk-middleware-wait-for-connection@^0.2.0: + version "0.2.0" + resolved "https://registry.yarnpkg.com/monk-middleware-wait-for-connection/-/monk-middleware-wait-for-connection-0.2.0.tgz#312958d30e588b57d09754dd7c97b4843316835a" + integrity sha1-MSlY0w5Yi1fQl1TdfJe0hDMWg1o= + +monk@*, monk@^7.3.4: + version "7.3.4" + resolved "https://registry.yarnpkg.com/monk/-/monk-7.3.4.tgz#50ccd7daebb4c16ace58d45b2c28c29112f8a85e" + integrity sha512-PkPNiElwroVyKQj01usyziOvwiKYBUVSq7YU1FB4KFr0J3v0GeXW0TebYsLR4u33WB8JGqPiAcuzDspfdujqQg== + dependencies: + "@types/mongodb" "^3.5.25" + debug "*" + mongodb "^3.2.3" + monk-middleware-cast-ids "^0.2.1" + monk-middleware-fields "^0.2.0" + monk-middleware-handle-callback "^0.2.0" + monk-middleware-options "^0.2.1" + monk-middleware-query "^0.2.0" + monk-middleware-wait-for-connection "^0.2.0" + object-assign "^4.1.1" + ms@2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8" integrity sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g= +ms@2.1.2: + version "2.1.2" + resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009" + integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w== + ms@2.1.3: version "2.1.3" resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.3.tgz#574c8138ce1d2b5861f0b44579dbadd60c6615b2" @@ -315,6 +466,11 @@ negotiator@0.6.2: resolved "https://registry.yarnpkg.com/negotiator/-/negotiator-0.6.2.tgz#feacf7ccf525a77ae9634436a64883ffeca346fb" integrity sha512-hZXc7K2e+PgeI1eDBe/10Ard4ekbfrrqG8Ep+8Jmf4JID2bNg7NvCPOZN+kfF574pFQI7mum2AUqDidoKqcTOw== +object-assign@^4.1.1: + version "4.1.1" + resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863" + integrity sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM= + on-finished@~2.3.0: version "2.3.0" resolved "https://registry.yarnpkg.com/on-finished/-/on-finished-2.3.0.tgz#20f1336481b083cd75337992a16971aa2d906947" @@ -322,6 +478,13 @@ on-finished@~2.3.0: dependencies: ee-first "1.1.1" +optional-require@^1.1.8: + version "1.1.8" + resolved "https://registry.yarnpkg.com/optional-require/-/optional-require-1.1.8.tgz#16364d76261b75d964c482b2406cb824d8ec44b7" + integrity sha512-jq83qaUb0wNg9Krv1c5OQ+58EK+vHde6aBPzLvPPqJm89UQWsvSuFy9X/OSNJnFeSOKo7btE0n8Nl2+nE+z5nA== + dependencies: + require-at "^1.0.6" + parseurl@~1.3.3: version "1.3.3" resolved "https://registry.yarnpkg.com/parseurl/-/parseurl-1.3.3.tgz#9da19e7bee8d12dff0513ed5b76957793bc2e8d4" @@ -332,6 +495,11 @@ path-to-regexp@0.1.7: resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.7.tgz#df604178005f522f15eb4490e7247a1bfaa67f8c" integrity sha1-32BBeABfUi8V60SQ5yR6G/qmf4w= +process-nextick-args@~2.0.0: + version "2.0.1" + resolved "https://registry.yarnpkg.com/process-nextick-args/-/process-nextick-args-2.0.1.tgz#7820d9b16120cc55ca9ae7792680ae7dba6d7fe2" + integrity sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag== + proxy-addr@~2.0.7: version "2.0.7" resolved "https://registry.yarnpkg.com/proxy-addr/-/proxy-addr-2.0.7.tgz#f19fe69ceab311eeb94b42e70e8c2070f9ba1025" @@ -360,16 +528,46 @@ raw-body@2.4.2: iconv-lite "0.4.24" unpipe "1.0.0" -safe-buffer@5.2.1: +readable-stream@^2.3.5: + version "2.3.7" + resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-2.3.7.tgz#1eca1cf711aef814c04f62252a36a62f6cb23b57" + integrity sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw== + dependencies: + core-util-is "~1.0.0" + inherits "~2.0.3" + isarray "~1.0.0" + process-nextick-args "~2.0.0" + safe-buffer "~5.1.1" + string_decoder "~1.1.1" + util-deprecate "~1.0.1" + +require-at@^1.0.6: + version "1.0.6" + resolved "https://registry.yarnpkg.com/require-at/-/require-at-1.0.6.tgz#9eb7e3c5e00727f5a4744070a7f560d4de4f6e6a" + integrity sha512-7i1auJbMUrXEAZCOQ0VNJgmcT2VOKPRl2YGJwgpHpC9CE91Mv4/4UYIUm4chGJaI381ZDq1JUicFii64Hapd8g== + +safe-buffer@5.2.1, safe-buffer@^5.1.1, safe-buffer@^5.1.2: version "5.2.1" resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6" integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ== +safe-buffer@~5.1.0, safe-buffer@~5.1.1: + version "5.1.2" + resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d" + integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g== + "safer-buffer@>= 2.1.2 < 3": version "2.1.2" resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a" integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg== +saslprep@^1.0.0: + version "1.0.3" + resolved "https://registry.yarnpkg.com/saslprep/-/saslprep-1.0.3.tgz#4c02f946b56cf54297e347ba1093e7acac4cf226" + integrity sha512-/MY/PEMbk2SuY5sScONwhUDsV2p77Znkb/q3nSVstq/yQzYJOH/Azh29p9oJLsl3LnQwSvZDKagDGBsBwSooag== + dependencies: + sparse-bitfield "^3.0.3" + send@0.17.2: version "0.17.2" resolved "https://registry.yarnpkg.com/send/-/send-0.17.2.tgz#926622f76601c41808012c8bf1688fe3906f7820" @@ -404,11 +602,25 @@ setprototypeof@1.2.0: resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.2.0.tgz#66c9a24a73f9fc28cbe66b09fed3d33dcaf1b424" integrity sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw== +sparse-bitfield@^3.0.3: + version "3.0.3" + resolved "https://registry.yarnpkg.com/sparse-bitfield/-/sparse-bitfield-3.0.3.tgz#ff4ae6e68656056ba4b3e792ab3334d38273ca11" + integrity sha1-/0rm5oZWBWuks+eSqzM004JzyhE= + dependencies: + memory-pager "^1.0.2" + "statuses@>= 1.5.0 < 2", statuses@~1.5.0: version "1.5.0" resolved "https://registry.yarnpkg.com/statuses/-/statuses-1.5.0.tgz#161c7dac177659fd9811f43771fa99381478628c" integrity sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow= +string_decoder@~1.1.1: + version "1.1.1" + resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-1.1.1.tgz#9cf1611ba62685d7030ae9e4ba34149c3af03fc8" + integrity sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg== + dependencies: + safe-buffer "~5.1.0" + toidentifier@1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.1.tgz#3be34321a88a820ed1bd80dfaa33e479fbb8dd35" @@ -427,6 +639,11 @@ unpipe@1.0.0, unpipe@~1.0.0: resolved "https://registry.yarnpkg.com/unpipe/-/unpipe-1.0.0.tgz#b2bf4ee8514aae6165b4817829d21b2ef49904ec" integrity sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw= +util-deprecate@~1.0.1: + version "1.0.2" + resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf" + integrity sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8= + utils-merge@1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/utils-merge/-/utils-merge-1.0.1.tgz#9f95710f50a267947b2ccc124741c1028427e713" diff --git a/bot/src/bot/commands/login.ts b/bot/src/bot/commands/login.ts new file mode 100644 index 0000000..8491187 --- /dev/null +++ b/bot/src/bot/commands/login.ts @@ -0,0 +1,62 @@ +import { FindOneResult } from "monk"; +import { client } from "../.."; +import Command from "../../struct/Command"; +import MessageCommandContext from "../../struct/MessageCommandContext"; +import PendingLogin from "../../struct/PendingLogin"; +import logger from "../logger"; +import { DEFAULT_PREFIX } from "../modules/command_handler"; + +export default { + name: 'login', + aliases: null, + description: 'Log into the web dashboard', + category: 'misc', + run: async (message: MessageCommandContext, args: string[]) => { + try { + const code = args.shift(); + if (!code) { + return message.reply(`If you're trying to log in, you can access the dashboard ` + + `[here](${process.env.WEB_UI_URL || 'https://automod.janderedev.xyz'}).\n\n` + + `If you already have a code, you can use \`${DEFAULT_PREFIX}login [Code]\`.`); + } + + const login: FindOneResult = await client.db.get('pending_logins').findOne({ + code, + user: message.author_id, + confirmed: false, + exchanged: false, + invalid: false, + expires: { + $gt: Date.now(), + }, + }); + + if (!login) return message.reply(`Unknown code. Make sure you're logged into the correct account.`); + + if (login.requirePhishingConfirmation) { + logger.info(`Showing phishing warning to ${message.author_id}`); + await Promise.all([ + message.reply( + `# If someone told you to run this, stop!\n` + + `This could give an attacker access to all servers you're using AutoMod in.\n` + + `If someone else told you to run this command, **block them and ignore this.**\n\n` + + `Otherwise, if this was you trying to log in from <${process.env.WEB_UI_URL || 'https://automod.janderedev.xyz'}>, \n` + + `you can run this command again to continue.\n` + + `##### You're seeing this because this is the first time you're trying to log in. Stay safe!` + ), + client.db.get('pending_logins').update({ _id: login._id }, { $set: { requirePhishingConfirmation: false } }), + ]); + return; + } + + await Promise.all([ + message.reply(`Successfully logged in.\n\n` + + `If this wasn't you, ~~run \`${DEFAULT_PREFIX}logout ${code}\` immediately~~ pray.`), + client.db.get('pending_logins').update({ _id: login._id }, { $set: { confirmed: true } }), + ]); + } catch(e) { + console.error(e); + message.reply(`An error occurred: ${e}`); + } + } +} as Command; diff --git a/bot/src/bot/commands/logout.ts b/bot/src/bot/commands/logout.ts new file mode 100644 index 0000000..29dcb10 --- /dev/null +++ b/bot/src/bot/commands/logout.ts @@ -0,0 +1,64 @@ +import { FindOneResult, FindResult } from "monk"; +import { client } from "../.."; +import Command from "../../struct/Command"; +import MessageCommandContext from "../../struct/MessageCommandContext"; +import PendingLogin from "../../struct/PendingLogin"; +import { DEFAULT_PREFIX } from "../modules/command_handler"; + +export default { + name: 'logout', + aliases: null, + description: 'Log out of sessions created with /login', + category: 'misc', + run: async (message: MessageCommandContext, args: string[]) => { + try { + const code = args.shift(); + if (!code) { + return message.reply(`### No code provided.\n` + + `You can invalidate a session by using \`${DEFAULT_PREFIX}logout [Code]\`, ` + + `or log out everywhere with \`${DEFAULT_PREFIX}logout ALL\``); + } + + if (code.toLowerCase() == 'all') { + const [ attempts, sessions ]: FindResult[] = await Promise.all([ + client.db.get('pending_logins').find({ user: message.author_id }), + client.db.get('sessions').find({ user: message.author_id }), + ]); + + if (attempts.length == 0 && sessions.length == 0) return message.reply('There are no sessions to invalidate.'); + + await Promise.all([ + client.db.get('pending_logins').update({ _id: { $in: attempts.map(a => a._id) } }, { $set: { invalid: true } }), + client.db.get('sessions').update({ _id: { $in: sessions.map(a => a._id) } }, { $set: { invalid: true } }), + ]); + + message.reply(`Successfully invalidated ${attempts.length} codes and ${sessions.length} sessions.`); + } else { + const loginAttempt: FindOneResult = await client.db.get('pending_logins') + .findOne({ + code: code.toUpperCase(), + user: message.author_id, + }); + + if (!loginAttempt || loginAttempt.invalid) { + return message.reply('That code doesn\'t seem to exist.'); + } + + await client.db.get('pending_logins').update({ _id: loginAttempt._id }, { $set: { invalid: true } }); + + if (loginAttempt.exchanged) { + const session: FindOneResult = await client.db.get('sessions').findOne({ nonce: loginAttempt.nonce }); + if (session) { + await client.db.get('sessions').update({ _id: session._id }, { $set: { invalid: true } }); + return message.reply(`Successfully invalidated code and terminated associated session.`); + } + } + + message.reply(`Successfully invalidated code.`); + } + } catch(e) { + console.error(e); + message.reply(`An error occurred: ${e}`); + } + } +} as Command; diff --git a/bot/src/bot/modules/api_communication.ts b/bot/src/bot/modules/api_communication.ts index 5629351..0ff2679 100644 --- a/bot/src/bot/modules/api_communication.ts +++ b/bot/src/bot/modules/api_communication.ts @@ -4,7 +4,13 @@ import ws from "ws"; import logger from "../logger"; +import crypto from 'crypto'; +import { client as bot } from '../..'; import { EventEmitter } from "events"; +import { parseUser } from "../util"; +import PendingLogin from "../../struct/PendingLogin"; +import { LogLevel } from "log75"; +import { ulid } from "ulid"; const wsEvents = new EventEmitter(); const { API_WS_URL, API_WS_TOKEN } = process.env; @@ -50,7 +56,24 @@ function connect() { client.on('message', (msg) => { logger.debug(`[WS] [<] ${msg.toString('utf8')}`); try { - wsEvents.emit('message', JSON.parse(msg.toString('utf8'))); + const jsonMsg = JSON.parse(msg.toString('utf8')); + wsEvents.emit('message', jsonMsg); + if (jsonMsg['nonce'] && jsonMsg['type']) { + const hasListeners = wsEvents.emit(`req:${jsonMsg.type}`, jsonMsg.data, (res: { [key: string]: any }) => { + wsSend({ nonce: jsonMsg.nonce, type: `response:${jsonMsg.nonce}`, data: res }); + }); + + if (!hasListeners) { + wsSend({ + nonce: jsonMsg.nonce, + type: `response:${jsonMsg.nonce}`, + data: { + success: false, + error: 'No event listeners available for event' + } + }); + } + } } catch(e) { console.error(e) } }); } @@ -65,6 +88,46 @@ function wsSend(data: { [key: string]: any }) { } } -setInterval(() => wsSend({ "among": "us" }), 1000); +wsEvents.on('req:test', (data: any, res: (data: any) => void) => { + res({ received: data }); +}); + +wsEvents.on('req:requestLogin', async (data: any, cb: (data: any) => void) => { + try { + const user = await parseUser(data.user); + if (!user) + return cb({ success: false, statusCode: 404, error: `The specified user could not be found` }); + + let code: string|null = null; + while (!code) { + const c = crypto.randomBytes(8).toString('hex'); + const found = await bot.db.get('pending_logins').find({ code: c, user: user._id, confirmed: false }); + if (found.length > 0) continue; + code = c.substring(0, 8).toUpperCase(); + } + + logger.info(`Attempted login for user ${user._id} with code ${code}`); + + const nonce = ulid(); + + const previousLogins = await bot.db.get('pending_logins').find({ user: user._id, confirmed: true }); + + await bot.db.get('pending_logins').insert({ + code, + expires: Date.now() + (1000 * 60 * 15), // Expires in 15 minutes + user: user._id, + nonce: nonce, + confirmed: false, + requirePhishingConfirmation: previousLogins.length == 0, + exchanged: false, + invalid: false, + } as PendingLogin); + + cb({ success: true, uid: user._id, nonce, code }); + } catch(e) { + console.error(e); + cb({ success: false, error: e }); + } +}); export { wsEvents, wsSend } diff --git a/bot/src/struct/PendingLogin.ts b/bot/src/struct/PendingLogin.ts new file mode 100644 index 0000000..2c85391 --- /dev/null +++ b/bot/src/struct/PendingLogin.ts @@ -0,0 +1,12 @@ +class PendingLogin { + user: string; + code: string; + expires: number; + nonce: string; + confirmed: boolean; + requirePhishingConfirmation: boolean; + exchanged: boolean; + invalid: boolean; +} + +export default PendingLogin;