admin login working

7 files changed, 200 insertions, 101 deletions

diff --git a/go.mod b/go.mod
index 9ad275c..e07b19b 100644
--- a/go.mod
+++ b/go.mod
@@ -5,6 +5,7 @@ go 1.15
 require (
 	github.com/gofiber/fiber/v2 v2.20.2
 	github.com/gofiber/template v1.6.18
+	github.com/gofrs/uuid v4.2.0+incompatible
 	github.com/gomodule/redigo v2.0.0+incompatible
 	github.com/lib/pq v1.9.0
 	github.com/simia-tech/crypt v0.5.0
diff --git a/go.sum b/go.sum
index fe9140e..be333e7 100644
--- a/go.sum
+++ b/go.sum
@@ -90,6 +90,8 @@ github.com/gofiber/fiber/v2 v2.20.2 h1:dqizbjO1pCmH6K+b+kBk7TCJK4rmgjJXvX8/MZDbK
 github.com/gofiber/fiber/v2 v2.20.2/go.mod h1:/LdZHMUXZvTTo7gU4+b1hclqCAdoQphNQ9bi9gutPyI=
 github.com/gofiber/template v1.6.18 h1:nrDaRKJWS1vyuMLqijbiP+ryT2CIFYOr+jZnPmVf0Io=
 github.com/gofiber/template v1.6.18/go.mod h1:HfYYaUgBhj9nMknxczh3U2LtZ88Avd1IPThD3GTUtd8=
+github.com/gofrs/uuid v4.2.0+incompatible h1:yyYWMnhkhrKwwr8gAOcOCYxOOscHgDS9yZgBrnJfGa0=
+github.com/gofrs/uuid v4.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
diff --git a/main.go b/main.go
index c83ba10..ec1e61f 100644
--- a/main.go
+++ b/main.go
@@ -56,9 +56,9 @@ func main() {
 	app.Get("/followers", routes.Followers)
 
 	// Admin routes
-	app.Get("/verify", routes.AdminVerify)
-	app.Get("/auth", routes.AdminAuth)
-	app.Get("/"+config.Key+"/", routes.AdminIndex)
+	app.Post("/verify", routes.AdminVerify)
+	app.Post("/auth", routes.AdminAuth)
+	app.All("/"+config.Key+"/", routes.AdminIndex)
 	app.Get("/"+config.Key+"/addboard", routes.AdminAddBoard)
 	app.Get("/"+config.Key+"/postnews", routes.AdminPostNews)
 	app.Get("/"+config.Key+"/newsdelete", routes.AdminNewsDelete)
diff --git a/routes/admin.go b/routes/admin.go
index a2f7cd2..a6978f4 100644
--- a/routes/admin.go
+++ b/routes/admin.go
@@ -1,26 +1,113 @@
 package routes
 
 import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"time"
+
+	"github.com/FChannel0/FChannel-Server/activitypub"
 	"github.com/FChannel0/FChannel-Server/config"
 	"github.com/FChannel0/FChannel-Server/db"
 	"github.com/FChannel0/FChannel-Server/util"
 	"github.com/FChannel0/FChannel-Server/webfinger"
 	"github.com/gofiber/fiber/v2"
+	"github.com/gofrs/uuid"
 )
 
-func AdminVerify(c *fiber.Ctx) error {
-	// STUB
+func AdminVerify(ctx *fiber.Ctx) error {
+	identifier := ctx.FormValue("id")
+	code := ctx.FormValue("code")
+
+	var verify db.Verify
+	verify.Identifier = identifier
+	verify.Code = code
+
+	j, _ := json.Marshal(&verify)
 
-	return c.SendString("admin verify")
+	req, err := http.NewRequest("POST", config.Domain+"/auth", bytes.NewBuffer(j))
+
+	if err != nil {
+		log.Println("error making verify req")
+		return err
+	}
+
+	req.Header.Set("Content-Type", config.ActivityStreams)
+
+	resp, err := http.DefaultClient.Do(req)
+
+	if err != nil {
+		log.Println("error getting verify resp")
+		return err
+	}
+
+	defer resp.Body.Close()
+
+	rBody, _ := ioutil.ReadAll(resp.Body)
+
+	body := string(rBody)
+
+	if resp.StatusCode != 200 {
+		return ctx.Redirect("/"+config.Key, http.StatusPermanentRedirect)
+	}
+
+	//TODO remove redis dependency
+	sessionToken, _ := uuid.NewV4()
+
+	_, err = db.Cache.Do("SETEX", sessionToken, "86400", body+"|"+verify.Code)
+	if err != nil {
+		return ctx.Redirect("/"+config.Key, http.StatusPermanentRedirect)
+	}
+
+	ctx.Cookie(&fiber.Cookie{
+		Name:    "session_token",
+		Value:   sessionToken.String(),
+		Expires: time.Now().UTC().Add(60 * 60 * 48 * time.Second),
+	})
+
+	return ctx.Redirect("/", http.StatusSeeOther)
 }
 
-func AdminAuth(c *fiber.Ctx) error {
-	// STUB
+// TODO remove this route it is mostly unneeded
+func AdminAuth(ctx *fiber.Ctx) error {
+	var verify db.Verify
+
+	err := json.Unmarshal(ctx.Body(), &verify)
+
+	if err != nil {
+		log.Println("error get verify from json")
+		return err
+	}
 
-	return c.SendString("admin auth")
+	v, _ := db.GetVerificationByCode(verify.Code)
+
+	if v.Identifier == verify.Identifier {
+		_, err := ctx.Write([]byte(v.Board))
+		return err
+	}
+
+	ctx.Response().Header.SetStatusCode(http.StatusBadRequest)
+	_, err = ctx.Write([]byte(""))
+
+	return err
 }
 
 func AdminIndex(ctx *fiber.Ctx) error {
+	fmt.Println("admin index")
+	id, _ := db.GetPasswordFromSession(ctx)
+	actor, _ := webfinger.GetActorFromPath(ctx.Path(), "/"+config.Key+"/")
+
+	if actor.Id == "" {
+		actor, _ = activitypub.GetActorByNameFromDB(config.Domain)
+	}
+
+	if id == "" || (id != actor.Id && id != config.Domain) {
+		return ctx.Render("verify", fiber.Map{})
+	}
+
 	actor, err := webfinger.GetActor(config.Domain)
 
 	if err != nil {
diff --git a/views/css/themes/default.css b/views/css/themes/default.css
index 98edc29..529563a 100644
--- a/views/css/themes/default.css
+++ b/views/css/themes/default.css
@@ -1,97 +1,97 @@
 a, a:link, a:visited, a:hover, a:active {
-	text-decoration: none
+  text-decoration: none
 }
 
 a:link, a:visited,  a:active {
-	color: black;
+  color: black;
 }
 
 a:hover {
-	color: #de0808;
+  color: #de0808;
 }
 
 body {
-	background-color: #eef2fe;
-	color: black;
+  background-color: #eef2fe;
+  color: black;
 }
 
 body.nsfw {
-	background-color: #ffffee;
-	color: #820404
+  background-color: #ffffee;
+  color: #820404
 }
 
 h1, h2, h3, h4, h5, h6 {
-	color: #af0a0f;
+  color: #af0a0f;
 }
 
 .popup-box {
-	border: 4px solid #d3caf0;
-	background-color: #eff5ff;
+  border: 4px solid #d3caf0;
+  background-color: #eff5ff;
 }
 
 .nsfw .popup-box {
-	border: 4px solid #f0e2d9;
-	background-color: #f9f9e0;
+  border: 4px solid #f0e2d9;
+  background-color: #f9f9e0;
 }
 
 .box {
-	background-color: #eff5ff;
+  background-color: #eff5ff;
 }
 
 .nsfw .box {
-	background-color: #f9f9e0;
+  background-color: #f9f9e0;
 }
 
 .box-alt {
-	background-color: #d3caf0;
+  background-color: #d3caf0;
 }
 
 .nsfw .box-alt {
-	background-color: #f0e2d9;
+  background-color: #f0e2d9;
 }
 
 
 .quote {
-	color: #789922;
+  color: #789922;
 }
 
 .post {
-	background-color: #d5daf0;
+  background-color: #d5daf0;
 }
 
 .nsfw .post {
-	background-color: #f0e0d6;
+  background-color: #f0e0d6;
 }
 
 :target > div > .post {
-	background-color: #d6bad0;
+  background-color: #d6bad0;
 }
 
 .nsfw :target > div > .post {
-	background-color: #f0c0b0;
+  background-color: #f0c0b0;
 }
 
 .title {
-	color: #0f0c5d;
+  color: #0f0c5d;
 }
 
 .name, .tripcode {
-	color: #117743;
+  color: #117743;
 }
 
 a.reply {
-	color: #af0a0f;
-	text-decoration: 1px underline;
+  color: #af0a0f;
+  text-decoration: 1px underline;
 }
 
 .replyLink {
-	color: #000080;
-	font-size: 0.8em;
+  color: #000080;
+  font-size: 0.8em;
 }
 
 #newpostbtn {
-	text-align: center;
-	margin-top: 80px;
+  text-align: center;
+  margin-top: 80px;
 }
 
 #postForm {
@@ -126,44 +126,44 @@ a.reply {
 }
 
 #reply-comment {
-	min-width: 300px;
-	width: 396px;
-	height: 200px;
+  min-width: 300px;
+  width: 396px;
+  height: 200px;
 }
 
 #reply-name {
-	width: 75%;
-	float: left;
+  width: 75%;
+  float: left;
 }
 
 #reply-options {
-	width: 25%;
-	float: right;
+  width: 25%;
+  float: right;
 }
 
 #reply-header {
-	display: inline-block;
-	width: 100%;
-	cursor: move;
+  display: inline-block;
+  width: 100%;
+  cursor: move;
 }
 
 #postForm #captcha {
-	display: block;
-	width: 100%;
+  display: block;
+  width: 100%;
 }
 
 .popup-box {
-	position: fixed;
-	min-width: 300px;
-	width: min-content;
-	z-index: 9;
-	display: block;
+  position: fixed;
+  min-width: 300px;
+  width: min-content;
+  z-index: 9;
+  display: block;
 }
 
 /* TODO: rename */
 .box2 {
-	border: 4px solid #f0e2d9;
-	background-color: #f9f9e0;
+  border: 4px solid #f0e2d9;
+  background-color: #f9f9e0;
 }
 
 .newsbox {
@@ -189,61 +189,69 @@ a.reply {
 }
 
 #stopTablePost {
-	float: right;
-	display: none;
+  float: right;
+  display: none;
 }
 
 #boardGrid {
-	display: grid;
-	grid-auto-columns: 1fr;
-	border: 4px solid #820404;
-	background-color: #f9f9e0;
+  display: grid;
+  grid-auto-columns: 1fr;
+  border: 4px solid #820404;
+  background-color: #f9f9e0;
 }
 
 #boardGridHeader {
-	border-bottom: 2px solid #820404;
-	display: inline-grid;
+  border-bottom: 2px solid #820404;
+  display: inline-grid;
 }
 
 .boardGridCell {
-	white-space: nowrap;
-	display: inline-grid;
-	text-align: left;
-	padding: 5px;
-	border-top: 2px solid #820404;
-	border-left: 2px solid #820404;
+  white-space: nowrap;
+  display: inline-grid;
+  text-align: left;
+  padding: 5px;
+  border-top: 2px solid #820404;
+  border-left: 2px solid #820404;
 }
 
 /* these may or may not work. my CSS is poor so i just kinda did stuff until it worked. */
 .boardGridCell:nth-child(-n+4) {
-	border-top: none;
+  border-top: none;
 }
 
 .boardGridCell:nth-child(3n+2) {
-	border-left: none;
+  border-left: none;
 }
 
 #threadfooter {
-	width: 100%;
-	table-layout: fixed;
-	border-collapse: collapse;
+  width: 100%;
+  table-layout: fixed;
+  border-collapse: collapse;
 }
 
 #threadfooter td {
-	padding: 0;
-	margin: 0;
+  padding: 0;
+  margin: 0;
 }
 
 #threadfooter #threadStats {
-	float: right;
+  float: right;
+}
+
+#boardlinks {
+    float: left;
 }
 
 #navlinks, #boardlinks {
-	padding: 0;
-	margin: 0;
+  padding: 0;
+  margin: 0;
 }
 
 #navlinks > li,
 #boardlinks > li {
-	display: inline;
+  display: inline;
+}
+
+#manageboard {
+    float: right;
 }
diff --git a/views/layouts/main.html b/views/layouts/main.html
index 74b86e4..5bc2ead 100644
--- a/views/layouts/main.html
+++ b/views/layouts/main.html
@@ -37,27 +37,28 @@
     {{ end }}
   </head>
   <body {{ if not .page.Board.Restricted }}class="nsfw"{{ end }} onload="applyTheme()">
-    <ul id="boardlinks">
-      {{ $l := len .page.Boards }}
-      <li>[<a href="/">Home</a>]</li>
-      {{range $i, $e := .page.Boards}}
-      {{ if eq (sub $l 1) 0 }}
-      <li>[ <a href="{{.Location}}">{{$e.Name}} </a>]</li>
-      {{ else if eq $i 0 }}
-      <li>[<a href="{{.Location}}">{{$e.Name}} </a>/</li>
-      {{ else if eq $i (sub $l 1) }}
-      <li><a href="{{.Location}}">{{$e.Name}}</a>]</li>
-      {{ else }}
-      <li><a href="{{.Location}}">{{$e.Name}} </a>/</li>
+    <div style="padding-bottom:5px;">
+      <ul id="boardlinks">
+        {{ $l := len .page.Boards }}
+        <li>[<a href="/">Home</a>]</li>
+        {{range $i, $e := .page.Boards}}
+        {{ if eq (sub $l 1) 0 }}
+        <li>[ <a href="{{.Location}}">{{$e.Name}} </a>]</li>
+        {{ else if eq $i 0 }}
+        <li>[<a href="{{.Location}}">{{$e.Name}} </a>/</li>
+        {{ else if eq $i (sub $l 1) }}
+        <li><a href="{{.Location}}">{{$e.Name}}</a>]</li>
+        {{ else }}
+        <li><a href="{{.Location}}">{{$e.Name}} </a>/</li>
+        {{ end }}
+        {{ end }}
+      </ul>
+      {{ if .page.Board.ModCred }}
+      {{ if eq .page.Board.ModCred .page.Board.Domain .page.Board.Actor.Id }}
+      <span id="manageboard">[<a href="/{{ .page.Key }}/{{ .page.Board.Name }}">Manage Board</a>]</span>
       {{ end }}
       {{ end }}
-    </ul>
-    {{ if .page.Board.ModCred }}
-    {{ if eq .page.Board.ModCred .page.Board.Domain .page.Board.Actor.Id }}
-    <span style="float: right;">[<a href="/{{ .page.Key }}/{{ .page.Board.Name }}">Manage Board</a>]</span>
-    {{ end }}
-    {{ end }}
-
+    </div>
     {{ embed }}
   </body>
 </html>
diff --git a/static/verify.html b/views/verify.html
index fb3fb3d..fb3fb3d 100644
--- a/static/verify.html
+++ b/views/verify.html