diff options
| -rw-r--r-- | README.md | 4 | ||||
| -rw-r--r-- | config-init | 9 | ||||
| -rw-r--r-- | go.mod | 2 | ||||
| -rw-r--r-- | go.sum | 15 | ||||
| -rw-r--r-- | main.go | 59 | ||||
| -rw-r--r-- | static/faq.html | 2 | ||||
| -rw-r--r-- | tripcode.go | 111 |
7 files changed, 164 insertions, 38 deletions
@@ -68,7 +68,9 @@ Any contributions or suggestions are appreciated. Best way to give immediate fee `torproxy:127.0.0.1:9050` Tor proxy route and port, leave blank if you do not want to support `publicindex:true` Add instance to the public instance index at https://fchan.xyz if you do not want to be added set this value to `false` If you are on the public index and want to be removed get in contact with FChan dev to be removed. - + + `instancesalt:put your salt string here` Used for secure tripcodes currently. + Currently e-mail is not implemented to do anything special, but the code is in place diff --git a/config-init b/config-init index 7e66ae0..eb71163 100644 --- a/config-init +++ b/config-init @@ -24,8 +24,15 @@ emailport: emailaddress: emailpass: +## enter proxy ip and port if you want to have tor connections supported +## 127.0.0.1:9050 default + torproxy: ## Change to true if you want your instance to be added to the public instance index -publicindex:false
\ No newline at end of file +publicindex:false + +## add your instance salt here for secure tripcodes + +instancesalt:
\ No newline at end of file @@ -6,4 +6,6 @@ require ( github.com/gofrs/uuid v4.0.0+incompatible github.com/gomodule/redigo v2.0.0+incompatible github.com/lib/pq v1.9.0 + github.com/simia-tech/crypt v0.5.0 + golang.org/x/text v0.3.6 ) @@ -1,6 +1,21 @@ +github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw= github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0= github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4= github.com/lib/pq v1.9.0 h1:L8nSXQQzAYByakOFMTwpjRoHsMJklur4Gi59b6VivR8= github.com/lib/pq v1.9.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/simia-tech/crypt v0.5.0 h1:Y8xfAGqgd2wW2o4E63WIy9xr9w4jC1tDsOBHGKiqP0s= +github.com/simia-tech/crypt v0.5.0/go.mod h1:DMwvjPTzsiHrjqHVW5HvIbF4vUUzMCYDKVLsPWmLdTo= +github.com/stretchr/testify v1.2.0 h1:LThGCOvhuJic9Gyd1VBCkhyUXmO8vKaBFvBsJ2k03rg= +github.com/stretchr/testify v1.2.0/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +golang.org/x/crypto v0.0.0-20181112202954-3d3f9f413869 h1:kkXA53yGe04D0adEYJwEVQjeBppL01Exg+fnMjfUraU= +golang.org/x/crypto v0.0.0-20181112202954-3d3f9f413869/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/sys v0.0.0-20181116161606-93218def8b18 h1:Wh+XCfg3kNpjhdq2LXrsiOProjtQZKme5XUx7VcxwAw= +golang.org/x/sys v0.0.0-20181116161606-93218def8b18/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1,25 +1,27 @@ package main -import "fmt" -import "strings" -import "strconv" -import "net/http" -import "net/url" -import "database/sql" -import _ "github.com/lib/pq" -import "math/rand" -import "html/template" -import "time" -import "regexp" -import "os/exec" -import "bytes" -import "encoding/json" -import "io/ioutil" -import "mime/multipart" -import "os" -import "bufio" -import "io" -import "github.com/gofrs/uuid" +import ( + "fmt" + "strings" + "strconv" + "net/http" + "net/url" + "database/sql" + _ "github.com/lib/pq" + "math/rand" + "html/template" + "time" + "regexp" + "os/exec" + "bytes" + "encoding/json" + "io/ioutil" + "mime/multipart" + "os" + "bufio" + "io" + "github.com/gofrs/uuid" +) var Port = ":" + GetConfigValue("instanceport") var TP = GetConfigValue("instancetp") @@ -39,6 +41,8 @@ var TorProxy = GetConfigValue("torproxy") //127.0.0.1:9050 var PublicIndexing = strings.ToLower(GetConfigValue("publicindex")) +var Salt = GetConfigValue("instancesalt") + var activitystreams = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"" func main() { @@ -1237,21 +1241,6 @@ func CreateTripCode(input string) string { return code[0] } -func CreateNameTripCode(r *http.Request, db *sql.DB) (string, string) { - input := r.FormValue("name") - re := regexp.MustCompile("#.+") - chunck := re.FindString(input) - ce := regexp.MustCompile(`(?i)#Admin`) - admin := ce.MatchString(chunck) - board, modcred := GetPasswordFromSession(r) - if(admin && HasAuth(db, modcred, board)) { - return re.ReplaceAllString(input, ""), "#Admin" - } else if(chunck != "") { - hash := CreateTripCode(chunck) - return re.ReplaceAllString(input, ""), "!" + hash[42:50] - } - return input, "" -} func GetActorFromPath(db *sql.DB, location string, prefix string) Actor { pattern := fmt.Sprintf("%s([^/\n]+)(/.+)?", prefix) diff --git a/static/faq.html b/static/faq.html index 9851f19..9ce691a 100644 --- a/static/faq.html +++ b/static/faq.html @@ -37,7 +37,7 @@ <p>coming soon(tm).</p> <h4>Server Version</h4> - <p>v0.0.5a</p> + <p>v0.0.5b</p> </div> <div style="width: 500px; margin:0 auto; margin-top: 50px; text-align: center;"> <a href="/">[Home]</a><a href="/static/rules.html">[Rules]</a><a href="/static/faq.html">[FAQ]</a> diff --git a/tripcode.go b/tripcode.go new file mode 100644 index 0000000..7e19cf0 --- /dev/null +++ b/tripcode.go @@ -0,0 +1,111 @@ +package main + +import ( + "golang.org/x/text/encoding/japanese" + "golang.org/x/text/transform" + "github.com/simia-tech/crypt" + "strings" + "bytes" + "regexp" + "database/sql" + _ "github.com/lib/pq" + "net/http" +) + +const SaltTable = "" + + "................................" + + ".............../0123456789ABCDEF" + + "GABCDEFGHIJKLMNOPQRSTUVWXYZabcde" + + "fabcdefghijklmnopqrstuvwxyz....." + + "................................" + + "................................" + + "................................" + + "................................" + + +func TripCode(pass string) string { + + pass = TripCodeConvert(pass) + + var salt [2]rune + + s := []rune(pass + "H..")[1:3] + + for i, r := range s { + salt[i] = rune(SaltTable[r % 256]) + } + + enc, err := crypt.Crypt(pass, "$1$" + string(salt[:])) + + CheckError(err, "crypt broke") + + return enc[len(enc) - 10 : len(enc)] +} + +func TripCodeSecure(pass string) string { + + pass = TripCodeConvert(pass) + + enc, err := crypt.Crypt(pass, "$1$" + Salt) + + CheckError(err, "crypt secure broke") + + return enc[len(enc) - 10 : len(enc)] +} + +func TripCodeConvert(str string) string { + + var s bytes.Buffer + transform.NewWriter(&s, japanese.ShiftJIS.NewEncoder()).Write([]byte(str)) + + re := strings.NewReplacer( + "&", "&", + "\"", """, + "<", "<", + ">", ">", + ) + + return re.Replace(s.String()) +} + +func CreateNameTripCode(r *http.Request, db *sql.DB) (string, string) { + input := r.FormValue("name") + + tripSecure := regexp.MustCompile("##(.+)?") + + if tripSecure.MatchString(input) { + chunck := tripSecure.FindString(input) + chunck = strings.Replace(chunck, "##", "", 1) + + ce := regexp.MustCompile(`(?i)Admin`) + admin := ce.MatchString(chunck) + board, modcred := GetPasswordFromSession(r) + + if(admin && HasAuth(db, modcred, board)) { + return tripSecure.ReplaceAllString(input, ""), "#Admin" + } + + hash := TripCodeSecure(chunck) + return tripSecure.ReplaceAllString(input, ""), "!!" + hash + } + + trip := regexp.MustCompile("#(.+)?") + + if trip.MatchString(input) { + chunck := trip.FindString(input) + chunck = strings.Replace(chunck, "#", "", 1) + + ce := regexp.MustCompile(`(?i)Admin`) + admin := ce.MatchString(chunck) + board, modcred := GetPasswordFromSession(r) + + if(admin && HasAuth(db, modcred, board)) { + return trip.ReplaceAllString(input, ""), "#Admin" + } + + hash := TripCode(chunck) + return trip.ReplaceAllString(input, ""), "!" + hash + } + + return input, "" +} |