diff options
-rw-r--r-- | README.md | 4 | ||||
-rw-r--r-- | config-init | 3 | ||||
-rw-r--r-- | config-init.docker | 3 | ||||
-rw-r--r-- | config/config.go | 2 | ||||
-rw-r--r-- | db/redis.go | 98 | ||||
-rw-r--r-- | db/verification.go | 17 | ||||
-rw-r--r-- | docker-compose.yml | 4 | ||||
-rw-r--r-- | go.mod | 2 | ||||
-rw-r--r-- | go.sum | 4 | ||||
-rw-r--r-- | main.go | 15 | ||||
-rw-r--r-- | routes/admin.go | 11 | ||||
-rw-r--r-- | routes/archive.go | 2 | ||||
-rw-r--r-- | routes/index.go | 2 | ||||
-rw-r--r-- | routes/news.go | 4 | ||||
-rw-r--r-- | routes/outbox.go | 2 | ||||
-rw-r--r-- | routes/post.go | 4 | ||||
-rw-r--r-- | util/key.go | 22 |
17 files changed, 47 insertions, 152 deletions
@@ -33,7 +33,6 @@ and to fix errors reported by `go vet` and make your code better with - Go v1.16+ - PostgreSQL -- Redis - ImageMagick - exiv2 @@ -77,9 +76,6 @@ and to fix errors reported by `go vet` and make your code better with `instancesalt:put your salt string here` Used for secure tripcodes currently. - `redis:redis://localhost` Used for Redis. This should be `redis://localhost` in most cases. - - Currently e-mail is not implemented to do anything special, but the code is in place `emailserver:mail.fchan.xyz` diff --git a/config-init b/config-init index 426e652..99a75f7 100644 --- a/config-init +++ b/config-init @@ -36,6 +36,3 @@ publicindex:false ## add your instance salt here for secure tripcodes instancesalt: - -## connect to this redis server -redis:redis://localhost diff --git a/config-init.docker b/config-init.docker index 6a8b18a..37c5414 100644 --- a/config-init.docker +++ b/config-init.docker @@ -37,6 +37,3 @@ publicindex:false ## add your instance salt here for secure tripcodes instancesalt: - -## we have redis at "redis", so... -redis:redis://redis diff --git a/config/config.go b/config/config.go index 0fba1c1..35b8c26 100644 --- a/config/config.go +++ b/config/config.go @@ -26,7 +26,7 @@ var DBPort, _ = strconv.Atoi(GetConfigValue("dbport", "5432")) var DBUser = GetConfigValue("dbuser", "postgres") var DBPassword = GetConfigValue("dbpass", "password") var DBName = GetConfigValue("dbname", "server") -var Redis = GetConfigValue("redis", "redis://localhost") +var CookieKey = GetConfigValue("cookiekey", "") var ActivityStreams = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"" var AuthReq = []string{"captcha", "email", "passphrase"} var SupportedFiles = []string{"image/gif", "image/jpeg", "image/png", "image/webp", "image/apng", "video/mp4", "video/ogg", "video/webm", "audio/mpeg", "audio/ogg", "audio/wav", "audio/wave", "audio/x-wav"} diff --git a/db/redis.go b/db/redis.go deleted file mode 100644 index 1650b4f..0000000 --- a/db/redis.go +++ /dev/null @@ -1,98 +0,0 @@ -package db - -import ( - "bufio" - "fmt" - "os" - "strings" - - "github.com/FChannel0/FChannel-Server/config" - "github.com/gofiber/fiber/v2" - "github.com/gomodule/redigo/redis" -) - -var Cache redis.Conn - -func InitCache() error { - conn, err := redis.DialURL(config.Redis) - Cache = conn - return err -} - -func CloseCache() error { - return Cache.Close() -} - -func GetClientKey() (string, error) { - file, err := os.Open("clientkey") - if err != nil { - return "", err - } - defer file.Close() - - scanner := bufio.NewScanner(file) - var line string - for scanner.Scan() { - line = fmt.Sprintf("%s", scanner.Text()) - } - - return line, nil -} - -func GetPasswordFromSession(c *fiber.Ctx) (string, string) { - - cookie := c.Cookies("session_token") - - if cookie == "" { - return "", "" - } - - sessionToken := cookie - - response, err := Cache.Do("GET", sessionToken) - - if err != nil { - return "", "" - } - - token := fmt.Sprintf("%s", response) - - parts := strings.Split(token, "|") - - if len(parts) > 1 { - return parts[0], parts[1] - } - - return "", "" -} - -/* TODO: Convert to fiber ctx -func CheckSession(w http.ResponseWriter, r *http.Request) (interface{}, error) { - c, err := r.Cookie("session_token") - - if err != nil { - if err == http.ErrNoCookie { - w.WriteHeader(http.StatusUnauthorized) - return nil, err - } - - w.WriteHeader(http.StatusBadRequest) - return nil, err - } - - sessionToken := c.Value - - response, err := Cache.Do("GET", sessionToken) - - if err != nil { - w.WriteHeader(http.StatusInternalServerError) - return nil, err - } - if response == nil { - w.WriteHeader(http.StatusUnauthorized) - return nil, err - } - - return response, nil - } -*/ diff --git a/db/verification.go b/db/verification.go index 562503d..a178d52 100644 --- a/db/verification.go +++ b/db/verification.go @@ -491,7 +491,7 @@ func Captcha() string { } func HasValidation(ctx *fiber.Ctx, actor activitypub.Actor) bool { - id, _ := GetPassword(ctx) + id, _ := GetPasswordFromSession(ctx) if id == "" || (id != actor.Id && id != config.Domain) { //http.Redirect(w, r, "/", http.StatusSeeOther) @@ -501,19 +501,10 @@ func HasValidation(ctx *fiber.Ctx, actor activitypub.Actor) bool { return true } -func GetPassword(r *fiber.Ctx) (string, string) { - c := r.Cookies("session_token") +func GetPasswordFromSession(r *fiber.Ctx) (string, string) { + cookie := r.Cookies("session_token") - sessionToken := c - - response, err := Cache.Do("GET", sessionToken) - if err != nil { - return "", "" - } - - token := fmt.Sprintf("%s", response) - - parts := strings.Split(token, "|") + parts := strings.Split(cookie, "|") if len(parts) > 1 { return parts[0], parts[1] diff --git a/docker-compose.yml b/docker-compose.yml index 892d598..72fae4c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,9 +9,6 @@ services: POSTGRES_DB: fchan volumes: - ./pgdata:/var/lib/postgresql/data - redis: - image: redis:6.2-alpine - restart: unless-stopped fchan: build: ./ restart: unless-stopped @@ -22,5 +19,4 @@ services: ports: - "3000:3000" links: - - redis - postgres @@ -5,8 +5,6 @@ go 1.15 require ( github.com/gofiber/fiber/v2 v2.20.2 github.com/gofiber/template v1.6.18 - github.com/gofrs/uuid v4.2.0+incompatible - github.com/gomodule/redigo v2.0.0+incompatible github.com/lib/pq v1.9.0 github.com/simia-tech/crypt v0.5.0 golang.org/x/text v0.3.6 @@ -90,8 +90,6 @@ github.com/gofiber/fiber/v2 v2.20.2 h1:dqizbjO1pCmH6K+b+kBk7TCJK4rmgjJXvX8/MZDbK github.com/gofiber/fiber/v2 v2.20.2/go.mod h1:/LdZHMUXZvTTo7gU4+b1hclqCAdoQphNQ9bi9gutPyI= github.com/gofiber/template v1.6.18 h1:nrDaRKJWS1vyuMLqijbiP+ryT2CIFYOr+jZnPmVf0Io= github.com/gofiber/template v1.6.18/go.mod h1:HfYYaUgBhj9nMknxczh3U2LtZ88Avd1IPThD3GTUtd8= -github.com/gofrs/uuid v4.2.0+incompatible h1:yyYWMnhkhrKwwr8gAOcOCYxOOscHgDS9yZgBrnJfGa0= -github.com/gofrs/uuid v4.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -123,8 +121,6 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0= -github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -4,6 +4,7 @@ import ( "fmt" "html/template" "io/ioutil" + "log" "math/rand" "path" "regexp" @@ -18,6 +19,7 @@ import ( "github.com/FChannel0/FChannel-Server/util" "github.com/FChannel0/FChannel-Server/webfinger" "github.com/gofiber/fiber/v2" + "github.com/gofiber/fiber/v2/middleware/encryptcookie" "github.com/gofiber/fiber/v2/middleware/logger" "github.com/gofiber/template/html" @@ -29,7 +31,6 @@ func main() { Init() defer db.Close() - defer db.CloseCache() // Routing and templates template := html.New("./views", ".html") @@ -44,6 +45,16 @@ func main() { app.Use(logger.New()) + cookieKey, err := util.GetCookieKey() + + if err != nil { + log.Println(err) + } + + app.Use(encryptcookie.New(encryptcookie.Config{ + Key: cookieKey, + })) + app.Static("/static", "./views") app.Static("/static", "./static") app.Static("/public", "./public") @@ -111,8 +122,6 @@ func Init() { db.ConnectDB() - db.InitCache() - db.RunDatabaseSchema() go db.MakeCaptchas(100) diff --git a/routes/admin.go b/routes/admin.go index 580b4dd..771cda2 100644 --- a/routes/admin.go +++ b/routes/admin.go @@ -15,7 +15,6 @@ import ( "github.com/FChannel0/FChannel-Server/util" "github.com/FChannel0/FChannel-Server/webfinger" "github.com/gofiber/fiber/v2" - "github.com/gofrs/uuid" ) func AdminVerify(ctx *fiber.Ctx) error { @@ -54,17 +53,9 @@ func AdminVerify(ctx *fiber.Ctx) error { return ctx.Redirect("/"+config.Key, http.StatusPermanentRedirect) } - //TODO remove redis dependency - sessionToken, _ := uuid.NewV4() - - _, err = db.Cache.Do("SETEX", sessionToken, "86400", body+"|"+verify.Code) - if err != nil { - return ctx.Redirect("/"+config.Key, http.StatusPermanentRedirect) - } - ctx.Cookie(&fiber.Cookie{ Name: "session_token", - Value: sessionToken.String(), + Value: body + "|" + verify.Code, Expires: time.Now().UTC().Add(60 * 60 * 48 * time.Second), }) diff --git a/routes/archive.go b/routes/archive.go index 81cad48..746169f 100644 --- a/routes/archive.go +++ b/routes/archive.go @@ -21,7 +21,7 @@ func ArchiveGet(ctx *fiber.Ctx) error { returnData.Board.To = actor.Outbox returnData.Board.Actor = *actor returnData.Board.Summary = actor.Summary - returnData.Board.ModCred, _ = db.GetPassword(ctx) + returnData.Board.ModCred, _ = db.GetPasswordFromSession(ctx) returnData.Board.Domain = config.Domain returnData.Board.Restricted = actor.Restricted returnData.Key = config.Key diff --git a/routes/index.go b/routes/index.go index efa8838..c088379 100644 --- a/routes/index.go +++ b/routes/index.go @@ -42,7 +42,7 @@ func Index(ctx *fiber.Ctx) error { data.Board.Name = "" data.Key = config.Key data.Board.Domain = config.Domain - data.Board.ModCred, _ = db.GetPassword(ctx) + data.Board.ModCred, _ = db.GetPasswordFromSession(ctx) data.Board.Actor = actor data.Board.Post.Actor = actor.Id data.Board.Restricted = actor.Restricted diff --git a/routes/news.go b/routes/news.go index 736b664..bd037c2 100644 --- a/routes/news.go +++ b/routes/news.go @@ -23,7 +23,7 @@ func NewsGet(ctx *fiber.Ctx) error { data.Board.Name = "" data.Key = config.Key data.Board.Domain = config.Domain - data.Board.ModCred, _ = db.GetPassword(ctx) + data.Board.ModCred, _ = db.GetPasswordFromSession(ctx) data.Board.Actor = actor data.Board.Post.Actor = actor.Id data.Board.Restricted = actor.Restricted @@ -55,7 +55,7 @@ func AllNewsGet(ctx *fiber.Ctx) error { data.Board.Name = "" data.Key = config.Key data.Board.Domain = config.Domain - data.Board.ModCred, _ = db.GetPassword(ctx) + data.Board.ModCred, _ = db.GetPasswordFromSession(ctx) data.Board.Actor = actor data.Board.Post.Actor = actor.Id data.Board.Restricted = actor.Restricted diff --git a/routes/outbox.go b/routes/outbox.go index c7ca7b4..62d99c4 100644 --- a/routes/outbox.go +++ b/routes/outbox.go @@ -71,7 +71,7 @@ func OutboxGet(ctx *fiber.Ctx) error { data.Board.InReplyTo = "" data.Board.To = actor.Outbox data.Board.Actor = actor - data.Board.ModCred, _ = db.GetPassword(ctx) + data.Board.ModCred, _ = db.GetPasswordFromSession(ctx) data.Board.Domain = config.Domain data.Board.Restricted = actor.Restricted data.CurrentPage = page diff --git a/routes/post.go b/routes/post.go index 7fa3d7b..7ed9e7d 100644 --- a/routes/post.go +++ b/routes/post.go @@ -80,7 +80,7 @@ func PostGet(ctx *fiber.Ctx) error { data.Board.To = actor.Outbox data.Board.Actor = actor data.Board.Summary = actor.Summary - data.Board.ModCred, _ = db.GetPassword(ctx) + data.Board.ModCred, _ = db.GetPasswordFromSession(ctx) data.Board.Domain = config.Domain data.Board.Restricted = actor.Restricted data.ReturnTo = "feed" @@ -147,7 +147,7 @@ func CatalogGet(ctx *fiber.Ctx) error { data.Board.To = actor.Outbox data.Board.Actor = actor data.Board.Summary = actor.Summary - data.Board.ModCred, _ = db.GetPassword(ctx) + data.Board.ModCred, _ = db.GetPasswordFromSession(ctx) data.Board.Domain = config.Domain data.Board.Restricted = actor.Restricted data.Key = config.Key diff --git a/util/key.go b/util/key.go index 458d7c0..cd8662a 100644 --- a/util/key.go +++ b/util/key.go @@ -4,7 +4,11 @@ import ( "crypto/sha512" "encoding/hex" "math/rand" + "os" "strings" + + "github.com/FChannel0/FChannel-Server/config" + "github.com/gofiber/fiber/v2/middleware/encryptcookie" ) const domain = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ" @@ -34,3 +38,21 @@ func RandomID(size int) string { return newID.String() } + +func GetCookieKey() (string, error) { + if config.CookieKey == "" { + var file *os.File + var err error + + if file, err = os.OpenFile("config/config-init", os.O_APPEND|os.O_WRONLY, 0644); err != nil { + return "", err + } + + defer file.Close() + + config.CookieKey = encryptcookie.GenerateKey() + file.WriteString("cookiekey:" + config.CookieKey) + } + + return config.CookieKey, nil +} |