From: seantywork Date: Mon, 24 Feb 2025 14:26:36 +0000 (+0000) Subject: add: front verification X-Git-Url: https://git.feebdaed.xyz/?a=commitdiff_plain;h=9e6d5e65799f0327e49a0f022978593a6659d823;p=socialize.git add: front verification --- diff --git a/cmd/engine/main.c b/cmd/engine/main.c index 2b0846a..ab682b3 100644 --- a/cmd/engine/main.c +++ b/cmd/engine/main.c @@ -19,11 +19,18 @@ int main(){ pthread_t front_tid; if (pthread_mutex_init(&G_MTX, NULL) != 0) { - printf("mutex init has failed\n"); - return -1; + printf("mutex init has failed\n"); + return -1; } + int result = load_config(); + if(result < 0){ + + printf("failed to load config\n"); + + return -1; + } pthread_create(&front_tid, NULL, (void*)front_listen_and_serve, NULL); sleepms(500); diff --git a/include/socialize/core.h b/include/socialize/core.h index b5297d2..83d1e9e 100644 --- a/include/socialize/core.h +++ b/include/socialize/core.h @@ -125,6 +125,7 @@ #define HTTPS_URL "https://0.0.0.0:3443" #endif +#define FRONT_WEB_ROOT "public" #define IS_BIG_ENDIAN (!*(unsigned char *)&(uint16_t){1}) @@ -177,6 +178,9 @@ struct user { char name[MAX_USER_NAME]; char pass[MAX_USER_PASS]; + int auth; + uint8_t token[MAX_PW_LEN]; + int cid; }; @@ -247,6 +251,7 @@ extern char *s_json_header; extern struct mg_mgr mgr; +extern struct user USER; extern struct CHANNEL_CONTEXT CHAN_CTX[MAX_CONN]; diff --git a/include/socialize/ctl.h b/include/socialize/ctl.h index 7d3bebf..1696bfb 100644 --- a/include/socialize/ctl.h +++ b/include/socialize/ctl.h @@ -14,7 +14,7 @@ int sig_verify(const char* cert_pem, const char* intermediate_pem); int extract_common_name(uint8_t* common_name, const char* cert); -int idpw_verify(char* idpw); +int idpw_verify(char* idpw, char* newid, uint8_t* newtoken); int update_chanctx_from_userinfo(char* id, char* pw); diff --git a/include/socialize/front/front.h b/include/socialize/front/front.h index dd8f029..9b576f2 100644 --- a/include/socialize/front/front.h +++ b/include/socialize/front/front.h @@ -11,6 +11,8 @@ void* front_listen_and_serve(void* varg); +int load_config(); + void sntp_fn(struct mg_connection *c, int ev, void *ev_data); void timer_sntp_fn(void *param); @@ -24,9 +26,9 @@ void front_handler(struct mg_connection *c, struct mg_ws_message *wm); void handle_healtiness_probe(struct mg_connection *c, struct mg_http_message *hm); -int front_authenticate(struct mg_connection* c, struct mg_ws_message *wm, int* initial, char* command, char* data); +int front_access(struct mg_connection* c, struct mg_ws_message *wm, char* command, char* data); -void front_communicate(int chan_idx, char* command, char* data); +void front_communicate(struct mg_connection* c, struct mg_ws_message *wm, char* command, char* data); diff --git a/include/socialize/utils.h b/include/socialize/utils.h index 01b03c0..2f60479 100644 --- a/include/socialize/utils.h +++ b/include/socialize/utils.h @@ -18,8 +18,6 @@ int gen_random_bytestream(uint8_t* bytes, size_t num_bytes); int bin2hex(uint8_t* hexarray, int arrlen, uint8_t* bytearray); - - int get_host_port(char* hostname, int* port, char* addr); diff --git a/public/css/common.css b/public/css/common.css new file mode 100644 index 0000000..f724ced --- /dev/null +++ b/public/css/common.css @@ -0,0 +1,28 @@ +body { + display: flex; + min-height: 100vh; + flex-direction: column; +} + +main { + flex: 1 0 auto; +} + +body { + background: #fff; +} + +.input-field input[type=date]:focus + label, +.input-field input[type=text]:focus + label, +.input-field input[type=email]:focus + label, +.input-field input[type=password]:focus + label { + color: #e91e63; +} + +.input-field input[type=date]:focus, +.input-field input[type=text]:focus, +.input-field input[type=email]:focus, +.input-field input[type=password]:focus { + border-bottom: 2px solid #e91e63; + box-shadow: none; +} \ No newline at end of file diff --git a/public/index.html b/public/index.html new file mode 100644 index 0000000..a33dedb --- /dev/null +++ b/public/index.html @@ -0,0 +1,64 @@ + + + + + + + + + + +
+
+
+
+
+
+ +
+
+
+
+
+ +
+
+ + +
+
+ +
+
+ + +
+
+ +
+
+ +
+
+ + +
+
+
+ +
+
+
+ + + + + + + \ No newline at end of file diff --git a/public/js/common.js b/public/js/common.js new file mode 100644 index 0000000..e69de29 diff --git a/src/ctl.c b/src/ctl.c index 93db0f2..678e362 100644 --- a/src/ctl.c +++ b/src/ctl.c @@ -1,5 +1,5 @@ #include "socialize/ctl.h" - +#include "socialize/utils.h" struct CHANNEL_CONTEXT CHAN_CTX[MAX_CONN]; @@ -129,17 +129,46 @@ int extract_common_name(uint8_t* common_name, const char* cert) { } -int idpw_verify(char* idpw){ +int idpw_verify(char* idpw, char *newid, uint8_t* newtoken){ - int verify = -1; char* token; char* delim = ":"; + int idpwlen = strlen(idpw); + + if(idpwlen > MAX_PW_LEN){ + return -1; + } + uint8_t id[MAX_ID_LEN] = {0}; uint8_t pw[MAX_PW_LEN] = {0}; + int istoken = 1; + + for(int i = 0; i < idpwlen; i++){ + + if(idpw[i] == ':'){ + istoken = 0; + break; + } + + } + + if(istoken == 1){ + + if(strncmp(USER.token, idpw, idpwlen) != 0){ + + return -2; + } else { + + return 1; + } + + + } + token = strtok(idpw, delim); int idx = 0; @@ -169,24 +198,24 @@ int idpw_verify(char* idpw){ return -1; } - int chan_idx = get_chanctx_by_id(id); - if(chan_idx < 0){ + if(strncmp(USER.pass, pw, MAX_PW_LEN) != 0){ - return -2; + return -3; } - if(strncmp(CHAN_CTX[chan_idx].pw, pw, MAX_PW_LEN) != 0){ + memset(idpw, 0, idpwlen); - return -3; + int idlen = strlen(id); - } + strncpy(newid, id, idlen); - int verified_idx = chan_idx; + int arrlen = gen_random_bytestream(newtoken, 64); + bin2hex(newtoken, arrlen, newtoken); - return verified_idx; + return 0; } diff --git a/src/front/front.c b/src/front/front.c index 62ab197..a3ac3a2 100644 --- a/src/front/front.c +++ b/src/front/front.c @@ -3,6 +3,8 @@ #include "socialize/utils.h" +struct user USER; + struct settings s_settings = {true, 1, 57, NULL}; uint64_t s_boot_timestamp = 0; @@ -37,6 +39,67 @@ void timer_sntp_fn(void *param) { // SNTP timer function. Sync up time +int load_config(){ + + char confbuff[MAX_BUFF] = {0}; + + int conflen = read_file_to_buffer(confbuff, MAX_BUFF, "config.json"); + + if(conflen < 0){ + + printf("read config.json failed\n"); + + return -1; + } + + cJSON *conf_json_root = cJSON_Parse(confbuff); + + if (conf_json_root == NULL){ + + printf("error parsing config.json\n"); + + return -1; + + } + + cJSON *conf_json = cJSON_GetObjectItemCaseSensitive(conf_json_root, "users"); + + if(conf_json == NULL){ + + printf("no users\n"); + + return -2; + } + + int ulen = cJSON_GetArraySize(conf_json); + + if(ulen < 1){ + + printf("ulen < 1\n"); + + return -3; + } + + for(int i = 0; i < ulen; i++){ + + cJSON* user = cJSON_GetArrayItem(conf_json, i); + + cJSON* id = cJSON_GetObjectItemCaseSensitive(user, "id"); + + cJSON* pw = cJSON_GetObjectItemCaseSensitive(user, "pw"); + + + strcpy(USER.name, id->valuestring); + + strcpy(USER.pass, pw->valuestring); + + printf("loaded user: %s\n", USER.name); + } + + return 0; + +} + void handle_healtiness_probe(struct mg_connection *c, struct mg_http_message *hm){ @@ -87,11 +150,20 @@ void route(struct mg_connection *c, int ev, void *ev_data) { handle_healtiness_probe(c, hm); - } - - printf("WS UPGRADE!!!!!\n"); + } else if (mg_match(hm->uri, mg_str("/front"), NULL)) { + + printf("WS UPGRADE!!!!!\n"); + + mg_ws_upgrade(c, hm, NULL); + + } else { + + struct mg_http_serve_opts opts = {.root_dir = FRONT_WEB_ROOT}; - mg_ws_upgrade(c, hm, NULL); + mg_http_serve_dir(c, ev_data, &opts); + + } + if(DEBUG_THIS == 1){ @@ -103,9 +175,15 @@ void route(struct mg_connection *c, int ev, void *ev_data) { } else if (ev == MG_EV_WS_MSG) { + struct mg_http_message *hm = (struct mg_http_message *) ev_data; + struct mg_ws_message *wm = (struct mg_ws_message *) ev_data; - front_handler(c, wm); + if (mg_match(hm->uri, mg_str("/front"), NULL)) { + + front_handler(c, wm); + + } } } @@ -141,45 +219,36 @@ void front_handler(struct mg_connection *c, struct mg_ws_message *wm){ char ws_data[WS_MAX_COMMAND_DATA_LEN] = {0}; - cJSON* response = cJSON_CreateObject(); - - pthread_mutex_lock(&G_MTX); - int datalen = 0; - int initial = 0; - + int code = front_access(c, wm, ws_command, ws_data); - int auth_chan_idx = front_authenticate(c, wm, &initial, ws_command, ws_data); + if (code < 0){ - if (auth_chan_idx < 0){ - - pthread_mutex_unlock(&G_MTX); + printf("front auth failed\n"); return; - } - - - if (initial == 1) { - - fmt_logln(LOGFP, "connection authenticated"); + } else if (code < 2){ - pthread_mutex_unlock(&G_MTX); + printf("front auth success\n"); return; } - front_communicate(auth_chan_idx, ws_command, ws_data); + front_communicate(c, wm, ws_command, ws_data); - pthread_mutex_unlock(&G_MTX); } -int front_authenticate(struct mg_connection* c, struct mg_ws_message *wm, int* initial, char* command, char* data){ +int front_access(struct mg_connection* c, struct mg_ws_message *wm, char* command, char* data){ + + + char id[MAX_ID_LEN] = {0}; + uint8_t token[MAX_PW_LEN] = {0}; char ws_buff[MAX_WS_BUFF] = {0}; @@ -191,7 +260,7 @@ int front_authenticate(struct mg_connection* c, struct mg_ws_message *wm, int* i if(wm->data.len > MAX_WS_BUFF){ printf("failed handle ws: data too big\n"); - cJSON_AddItemToObject(response, "status", cJSON_CreateString("fail")); + cJSON_AddItemToObject(response, "status", cJSON_CreateString("failed")); cJSON_AddItemToObject(response, "data", cJSON_CreateString("null")); strcpy(ws_buff, cJSON_Print(response)); @@ -211,7 +280,7 @@ int front_authenticate(struct mg_connection* c, struct mg_ws_message *wm, int* i printf("failed handle ws: data invalid\n"); - cJSON_AddItemToObject(response, "status", cJSON_CreateString("fail")); + cJSON_AddItemToObject(response, "status", cJSON_CreateString("failed")); cJSON_AddItemToObject(response, "data", cJSON_CreateString("null")); strcpy(ws_buff, cJSON_Print(response)); @@ -230,7 +299,7 @@ int front_authenticate(struct mg_connection* c, struct mg_ws_message *wm, int* i printf("failed handle ws: data invalid\n"); - cJSON_AddItemToObject(response, "status", cJSON_CreateString("fail")); + cJSON_AddItemToObject(response, "status", cJSON_CreateString("failed")); cJSON_AddItemToObject(response, "data", cJSON_CreateString("null")); strcpy(ws_buff, cJSON_Print(response)); @@ -244,7 +313,6 @@ int front_authenticate(struct mg_connection* c, struct mg_ws_message *wm, int* i } - printf("command: %s\n", ws_command->valuestring); datalen = strlen(ws_command->valuestring); @@ -253,7 +321,7 @@ int front_authenticate(struct mg_connection* c, struct mg_ws_message *wm, int* i printf("failed handle ws: command too long\n"); - cJSON_AddItemToObject(response, "status", cJSON_CreateString("fail")); + cJSON_AddItemToObject(response, "status", cJSON_CreateString("failed")); cJSON_AddItemToObject(response, "data", cJSON_CreateString("null")); strcpy(ws_buff, cJSON_Print(response)); @@ -272,7 +340,7 @@ int front_authenticate(struct mg_connection* c, struct mg_ws_message *wm, int* i printf("failed handle ws: no data field\n"); - cJSON_AddItemToObject(response, "status", cJSON_CreateString("fail")); + cJSON_AddItemToObject(response, "status", cJSON_CreateString("failed")); cJSON_AddItemToObject(response, "data", cJSON_CreateString("null")); strcpy(ws_buff, cJSON_Print(response)); @@ -291,7 +359,7 @@ int front_authenticate(struct mg_connection* c, struct mg_ws_message *wm, int* i printf("failed handle ws: data len too long\n"); - cJSON_AddItemToObject(response, "status", cJSON_CreateString("fail")); + cJSON_AddItemToObject(response, "status", cJSON_CreateString("failed")); cJSON_AddItemToObject(response, "data", cJSON_CreateString("null")); strcpy(ws_buff, cJSON_Print(response)); @@ -304,73 +372,83 @@ int front_authenticate(struct mg_connection* c, struct mg_ws_message *wm, int* i } - int frontid = (int)c->id; + int cid = (int)c->id; + + if(USER.cid == cid){ + + strcpy(command, ws_command->valuestring); + + strcpy(data, ws_data->valuestring); + + return 2; + } + + int v = idpw_verify(ws_data->valuestring, id, token); - char user_id[MAX_ID_LEN] = {0}; + if(v < 0){ + fmt_logln(LOGFP,"invalid idpw"); + printf("failed handle ws: invalid idpw\n"); + cJSON_AddItemToObject(response, "status", cJSON_CreateString("failed")); + cJSON_AddItemToObject(response, "data", cJSON_CreateString("invalid idpw")); + + strcpy(ws_buff, cJSON_Print(response)); - // TODO: - // simple check + datalen = strlen(ws_buff); - int chan_idx = 0; + mg_ws_send(c, ws_buff, datalen, WEBSOCKET_OP_TEXT); - if (chan_idx < 0){ + return -10; - fmt_logln(LOGFP,"not registered to chan ctx, auth"); + } else { - int v = idpw_verify(ws_data->valuestring); + if(v == 0){ - if(v < 0){ + fmt_logln(LOGFP, "initial auth success"); - fmt_logln(LOGFP,"invalid idpw"); - printf("failed handle ws: invalid idpw\n"); - cJSON_AddItemToObject(response, "status", cJSON_CreateString("fail")); - cJSON_AddItemToObject(response, "data", cJSON_CreateString("invalid idpw")); + printf("handle ws: initial auth success\n"); + cJSON_AddItemToObject(response, "status", cJSON_CreateString("success")); + cJSON_AddItemToObject(response, "data", cJSON_CreateString((char*)token)); strcpy(ws_buff, cJSON_Print(response)); - + datalen = strlen(ws_buff); - + mg_ws_send(c, ws_buff, datalen, WEBSOCKET_OP_TEXT); - return -10; + return 0; } else { - fmt_logln(LOGFP, "auth success"); + fmt_logln(LOGFP, "full auth success"); - - fmt_logln(LOGFP, "initial auth success"); - - printf("handle ws: initial auth success\n"); + printf("handle ws: full auth success\n"); cJSON_AddItemToObject(response, "status", cJSON_CreateString("success")); - cJSON_AddItemToObject(response, "data", cJSON_CreateString("accepted")); + cJSON_AddItemToObject(response, "data", cJSON_CreateString("auth success")); strcpy(ws_buff, cJSON_Print(response)); - + datalen = strlen(ws_buff); - mg_ws_send(c, ws_buff, datalen, WEBSOCKET_OP_TEXT); + int cid = (int)c->id; - *initial = 1; + USER.cid = cid; + + mg_ws_send(c, ws_buff, datalen, WEBSOCKET_OP_TEXT); + return 1; } } - strcpy(command, ws_command->valuestring); - - strcpy(data, ws_data->valuestring); - fmt_logln(LOGFP, "auth success"); - - return chan_idx; + return -100; } -void front_communicate(int chan_idx, char* command, char* data){ +void front_communicate(struct mg_connection* c, struct mg_ws_message *wm, char* command, char* data){ char ws_buff[MAX_WS_BUFF] = {0}; @@ -378,70 +456,17 @@ void front_communicate(int chan_idx, char* command, char* data){ int datalen = 0; - fmt_logln(LOGFP, "incoming front communication to sock"); - - int sockfd = CHAN_CTX[chan_idx].sockfd; + fmt_logln(LOGFP, "incoming front communication"); - if(sockfd == 0){ - - - fmt_logln(LOGFP, "no sock exists for communication"); - - - return; - - } - - - fmt_logln(LOGFP, "sock exists"); - - struct HUB_PACKET hp; - - if (strcmp(command, WS_COMMAND_ROUNDTRIP) == 0) { fmt_logln(LOGFP, "roundtrip"); - memset(hp.header, 0, HUB_HEADER_BYTELEN); - - memset(hp.wbuff, 0, MAX_BUFF); - - hp.ctx_type = CHAN_ISSOCK; - - strcpy(hp.id, CHAN_CTX[chan_idx].id); - - strcpy(hp.header, HUB_HEADER_SENDSOCK); - - datalen = strlen(data); - - hp.body_len = datalen; - - strncpy(hp.wbuff, data, datalen); - - hp.flag = 0; - - ctx_write_packet(&hp); - - if(hp.flag <= 0){ - - fmt_logln(LOGFP, "failed to send to sock"); - - - - return; - } - - fmt_logln(LOGFP, "send to sock"); - - } else { printf("failed handle ws: no such command\n"); - - return; - } return; diff --git a/src/utils.c b/src/utils.c index 7ced140..88b781f 100644 --- a/src/utils.c +++ b/src/utils.c @@ -59,6 +59,7 @@ int gen_random_bytestream(uint8_t* bytes, size_t num_bytes){ int bin2hex(uint8_t* hexarray, int arrlen, uint8_t* bytearray){ int hexlen = 2; + int outstrlen = hexlen * arrlen + 1; @@ -67,20 +68,27 @@ int bin2hex(uint8_t* hexarray, int arrlen, uint8_t* bytearray){ return -1; } - memset(hexarray, 0, outstrlen * sizeof(char)); + uint8_t* tmparr = (uint8_t*)malloc(outstrlen * sizeof(uint8_t)); - unsigned char* ptr = hexarray; + memset(tmparr, 0, outstrlen * sizeof(uint8_t)); + + unsigned char* ptr = tmparr; for(int i = 0 ; i < arrlen; i++){ sprintf(ptr + 2 * i, "%02X", bytearray[i]); } + memset(hexarray, 0, outstrlen * sizeof(char)); + + memcpy(hexarray, tmparr, outstrlen); + + free(tmparr); + return 0; } - int get_host_port(char* hostname, int* port, char* addr){ char addr_cp[MAX_ID_LEN] = {0};